- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 189ecdb3e112da703ac0699f4ec76aa78122f911 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031002-campsite-railroad-4d13@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 189ecdb3e112da703ac0699f4ec76aa78122f911 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Thu, 27 Feb 2025 14:24:10 -0800 Subject: [PATCH] KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Snapshot the host's DEBUGCTL after disabling IRQs, as perf can toggle debugctl bits from IRQ context, e.g. when enabling/disabling events via smp_call_function_single(). Taking the snapshot (long) before IRQs are disabled could result in KVM effectively clobbering DEBUGCTL due to using a stale snapshot. Cc: stable(a)vger.kernel.org Reviewed-and-tested-by: Ravi Bangoria <ravi.bangoria(a)amd.com> Link: https://lore.kernel.org/r/20250227222411.3490595-6-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 5c6fd0edc41f..12d5f47c1bbe 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4968,7 +4968,6 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) /* Save host pkru register if supported */ vcpu->arch.host_pkru = read_pkru(); - vcpu->arch.host_debugctl = get_debugctlmsr(); /* Apply any externally detected TSC adjustments (due to suspend) */ if (unlikely(vcpu->arch.tsc_offset_adjustment)) { @@ -10969,6 +10968,8 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) set_debugreg(0, 7); } + vcpu->arch.host_debugctl = get_debugctlmsr(); + guest_timing_enter_irqoff(); for (;;) {

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Snapshot the host's DEBUGCTL in common x86" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fb71c795935652fa20eaf9517ca9547f5af99a76 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031034-latitude-stinking-09c1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fb71c795935652fa20eaf9517ca9547f5af99a76 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Thu, 27 Feb 2025 14:24:08 -0800 Subject: [PATCH] KVM: x86: Snapshot the host's DEBUGCTL in common x86 Move KVM's snapshot of DEBUGCTL to kvm_vcpu_arch and take the snapshot in common x86, so that SVM can also use the snapshot. Opportunistically change the field to a u64. While bits 63:32 are reserved on AMD, not mentioned at all in Intel's SDM, and managed as an "unsigned long" by the kernel, DEBUGCTL is an MSR and therefore a 64-bit value. Reviewed-by: Xiaoyao Li <xiaoyao.li(a)intel.com> Cc: stable(a)vger.kernel.org Reviewed-and-tested-by: Ravi Bangoria <ravi.bangoria(a)amd.com> Link: https://lore.kernel.org/r/20250227222411.3490595-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 0b7af5902ff7..32ae3aa50c7e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -780,6 +780,7 @@ struct kvm_vcpu_arch { u32 pkru; u32 hflags; u64 efer; + u64 host_debugctl; u64 apic_base; struct kvm_lapic *apic; /* kernel irqchip context */ bool load_eoi_exitmap_pending; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 6c56d5235f0f..3b92f893b239 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1514,16 +1514,12 @@ void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, */ void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) { - struct vcpu_vmx *vmx = to_vmx(vcpu); - if (vcpu->scheduled_out && !kvm_pause_in_guest(vcpu->kvm)) shrink_ple_window(vcpu); vmx_vcpu_load_vmcs(vcpu, cpu, NULL); vmx_vcpu_pi_load(vcpu, cpu); - - vmx->host_debugctlmsr = get_debugctlmsr(); } void vmx_vcpu_put(struct kvm_vcpu *vcpu) @@ -7458,8 +7454,8 @@ fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) } /* MSR_IA32_DEBUGCTLMSR is zeroed on vmexit. Restore it if needed */ - if (vmx->host_debugctlmsr) - update_debugctlmsr(vmx->host_debugctlmsr); + if (vcpu->arch.host_debugctl) + update_debugctlmsr(vcpu->arch.host_debugctl); #ifndef CONFIG_X86_64 /* diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 8b111ce1087c..951e44dc9d0e 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -340,8 +340,6 @@ struct vcpu_vmx { /* apic deadline value in host tsc */ u64 hv_deadline_tsc; - unsigned long host_debugctlmsr; - /* * Only bits masked by msr_ia32_feature_control_valid_bits can be set in * msr_ia32_feature_control. FEAT_CTL_LOCKED is always included diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 02159c967d29..5c6fd0edc41f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4968,6 +4968,7 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) /* Save host pkru register if supported */ vcpu->arch.host_pkru = read_pkru(); + vcpu->arch.host_debugctl = get_debugctlmsr(); /* Apply any externally detected TSC adjustments (due to suspend) */ if (unlikely(vcpu->arch.tsc_offset_adjustment)) {

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Snapshot the host's DEBUGCTL in common x86" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fb71c795935652fa20eaf9517ca9547f5af99a76 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031034-twister-stash-ba87@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fb71c795935652fa20eaf9517ca9547f5af99a76 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Thu, 27 Feb 2025 14:24:08 -0800 Subject: [PATCH] KVM: x86: Snapshot the host's DEBUGCTL in common x86 Move KVM's snapshot of DEBUGCTL to kvm_vcpu_arch and take the snapshot in common x86, so that SVM can also use the snapshot. Opportunistically change the field to a u64. While bits 63:32 are reserved on AMD, not mentioned at all in Intel's SDM, and managed as an "unsigned long" by the kernel, DEBUGCTL is an MSR and therefore a 64-bit value. Reviewed-by: Xiaoyao Li <xiaoyao.li(a)intel.com> Cc: stable(a)vger.kernel.org Reviewed-and-tested-by: Ravi Bangoria <ravi.bangoria(a)amd.com> Link: https://lore.kernel.org/r/20250227222411.3490595-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 0b7af5902ff7..32ae3aa50c7e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -780,6 +780,7 @@ struct kvm_vcpu_arch { u32 pkru; u32 hflags; u64 efer; + u64 host_debugctl; u64 apic_base; struct kvm_lapic *apic; /* kernel irqchip context */ bool load_eoi_exitmap_pending; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 6c56d5235f0f..3b92f893b239 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1514,16 +1514,12 @@ void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, */ void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) { - struct vcpu_vmx *vmx = to_vmx(vcpu); - if (vcpu->scheduled_out && !kvm_pause_in_guest(vcpu->kvm)) shrink_ple_window(vcpu); vmx_vcpu_load_vmcs(vcpu, cpu, NULL); vmx_vcpu_pi_load(vcpu, cpu); - - vmx->host_debugctlmsr = get_debugctlmsr(); } void vmx_vcpu_put(struct kvm_vcpu *vcpu) @@ -7458,8 +7454,8 @@ fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) } /* MSR_IA32_DEBUGCTLMSR is zeroed on vmexit. Restore it if needed */ - if (vmx->host_debugctlmsr) - update_debugctlmsr(vmx->host_debugctlmsr); + if (vcpu->arch.host_debugctl) + update_debugctlmsr(vcpu->arch.host_debugctl); #ifndef CONFIG_X86_64 /* diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h index 8b111ce1087c..951e44dc9d0e 100644 --- a/arch/x86/kvm/vmx/vmx.h +++ b/arch/x86/kvm/vmx/vmx.h @@ -340,8 +340,6 @@ struct vcpu_vmx { /* apic deadline value in host tsc */ u64 hv_deadline_tsc; - unsigned long host_debugctlmsr; - /* * Only bits masked by msr_ia32_feature_control_valid_bits can be set in * msr_ia32_feature_control. FEAT_CTL_LOCKED is always included diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 02159c967d29..5c6fd0edc41f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4968,6 +4968,7 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) /* Save host pkru register if supported */ vcpu->arch.host_pkru = read_pkru(); + vcpu->arch.host_debugctl = get_debugctlmsr(); /* Apply any externally detected TSC adjustments (due to suspend) */ if (unlikely(vcpu->arch.tsc_offset_adjustment)) {

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x be45bc4eff33d9a7dae84a2150f242a91a617402 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031025-hurry-muster-0e93@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be45bc4eff33d9a7dae84a2150f242a91a617402 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Mon, 24 Feb 2025 08:54:41 -0800 Subject: [PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Enable/disable local IRQs, i.e. set/clear RFLAGS.IF, in the common svm_vcpu_enter_exit() just after/before guest_state_{enter,exit}_irqoff() so that VMRUN is not executed in an STI shadow. AMD CPUs have a quirk (some would say "bug"), where the STI shadow bleeds into the guest's intr_state field if a #VMEXIT occurs during injection of an event, i.e. if the VMRUN doesn't complete before the subsequent #VMEXIT. The spurious "interrupts masked" state is relatively benign, as it only occurs during event injection and is transient. Because KVM is already injecting an event, the guest can't be in HLT, and if KVM is querying IRQ blocking for injection, then KVM would need to force an immediate exit anyways since injecting multiple events is impossible. However, because KVM copies int_state verbatim from vmcb02 to vmcb12, the spurious STI shadow is visible to L1 when running a nested VM, which can trip sanity checks, e.g. in VMware's VMM. Hoist the STI+CLI all the way to C code, as the aforementioned calls to guest_state_{enter,exit}_irqoff() already inform lockdep that IRQs are enabled/disabled, and taking a fault on VMRUN with RFLAGS.IF=1 is already possible. I.e. if there's kernel code that is confused by running with RFLAGS.IF=1, then it's already a problem. In practice, since GIF=0 also blocks NMIs, the only change in exposure to non-KVM code (relative to surrounding VMRUN with STI+CLI) is exception handling code, and except for the kvm_rebooting=1 case, all exception in the core VM-Enter/VM-Exit path are fatal. Use the "raw" variants to enable/disable IRQs to avoid tracing in the "no instrumentation" code; the guest state helpers also take care of tracing IRQ state. Oppurtunstically document why KVM needs to do STI in the first place. Reported-by: Doug Covelli <doug.covelli(a)broadcom.com> Closes: https://lore.kernel.org/all/CADH9ctBs1YPmE4aCfGPNBwA10cA8RuAk2gO7542DjMZgs4… Fixes: f14eec0a3203 ("KVM: SVM: move more vmentry code to assembly") Cc: stable(a)vger.kernel.org Reviewed-by: Jim Mattson <jmattson(a)google.com> Link: https://lore.kernel.org/r/20250224165442.2338294-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a713c803a3a3..0d299f3f921e 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4189,6 +4189,18 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in guest_state_enter_irqoff(); + /* + * Set RFLAGS.IF prior to VMRUN, as the host's RFLAGS.IF at the time of + * VMRUN controls whether or not physical IRQs are masked (KVM always + * runs with V_INTR_MASKING_MASK). Toggle RFLAGS.IF here to avoid the + * temptation to do STI+VMRUN+CLI, as AMD CPUs bleed the STI shadow + * into guest state if delivery of an event during VMRUN triggers a + * #VMEXIT, and the guest_state transitions already tell lockdep that + * IRQs are being enabled/disabled. Note! GIF=0 for the entirety of + * this path, so IRQs aren't actually unmasked while running host code. + */ + raw_local_irq_enable(); + amd_clear_divider(); if (sev_es_guest(vcpu->kvm)) @@ -4197,6 +4209,8 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in else __svm_vcpu_run(svm, spec_ctrl_intercepted); + raw_local_irq_disable(); + guest_state_exit_irqoff(); } diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S index 2ed80aea3bb1..0c61153b275f 100644 --- a/arch/x86/kvm/svm/vmenter.S +++ b/arch/x86/kvm/svm/vmenter.S @@ -170,12 +170,8 @@ SYM_FUNC_START(__svm_vcpu_run) mov VCPU_RDI(%_ASM_DI), %_ASM_DI /* Enter guest mode */ - sti - 3: vmrun %_ASM_AX 4: - cli - /* Pop @svm to RAX while it's the only available register. */ pop %_ASM_AX @@ -340,12 +336,8 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run) mov KVM_VMCB_pa(%rax), %rax /* Enter guest mode */ - sti - 1: vmrun %rax - -2: cli - +2: /* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */ FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x be45bc4eff33d9a7dae84a2150f242a91a617402 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031024-bootleg-parkway-393c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be45bc4eff33d9a7dae84a2150f242a91a617402 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Mon, 24 Feb 2025 08:54:41 -0800 Subject: [PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Enable/disable local IRQs, i.e. set/clear RFLAGS.IF, in the common svm_vcpu_enter_exit() just after/before guest_state_{enter,exit}_irqoff() so that VMRUN is not executed in an STI shadow. AMD CPUs have a quirk (some would say "bug"), where the STI shadow bleeds into the guest's intr_state field if a #VMEXIT occurs during injection of an event, i.e. if the VMRUN doesn't complete before the subsequent #VMEXIT. The spurious "interrupts masked" state is relatively benign, as it only occurs during event injection and is transient. Because KVM is already injecting an event, the guest can't be in HLT, and if KVM is querying IRQ blocking for injection, then KVM would need to force an immediate exit anyways since injecting multiple events is impossible. However, because KVM copies int_state verbatim from vmcb02 to vmcb12, the spurious STI shadow is visible to L1 when running a nested VM, which can trip sanity checks, e.g. in VMware's VMM. Hoist the STI+CLI all the way to C code, as the aforementioned calls to guest_state_{enter,exit}_irqoff() already inform lockdep that IRQs are enabled/disabled, and taking a fault on VMRUN with RFLAGS.IF=1 is already possible. I.e. if there's kernel code that is confused by running with RFLAGS.IF=1, then it's already a problem. In practice, since GIF=0 also blocks NMIs, the only change in exposure to non-KVM code (relative to surrounding VMRUN with STI+CLI) is exception handling code, and except for the kvm_rebooting=1 case, all exception in the core VM-Enter/VM-Exit path are fatal. Use the "raw" variants to enable/disable IRQs to avoid tracing in the "no instrumentation" code; the guest state helpers also take care of tracing IRQ state. Oppurtunstically document why KVM needs to do STI in the first place. Reported-by: Doug Covelli <doug.covelli(a)broadcom.com> Closes: https://lore.kernel.org/all/CADH9ctBs1YPmE4aCfGPNBwA10cA8RuAk2gO7542DjMZgs4… Fixes: f14eec0a3203 ("KVM: SVM: move more vmentry code to assembly") Cc: stable(a)vger.kernel.org Reviewed-by: Jim Mattson <jmattson(a)google.com> Link: https://lore.kernel.org/r/20250224165442.2338294-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a713c803a3a3..0d299f3f921e 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4189,6 +4189,18 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in guest_state_enter_irqoff(); + /* + * Set RFLAGS.IF prior to VMRUN, as the host's RFLAGS.IF at the time of + * VMRUN controls whether or not physical IRQs are masked (KVM always + * runs with V_INTR_MASKING_MASK). Toggle RFLAGS.IF here to avoid the + * temptation to do STI+VMRUN+CLI, as AMD CPUs bleed the STI shadow + * into guest state if delivery of an event during VMRUN triggers a + * #VMEXIT, and the guest_state transitions already tell lockdep that + * IRQs are being enabled/disabled. Note! GIF=0 for the entirety of + * this path, so IRQs aren't actually unmasked while running host code. + */ + raw_local_irq_enable(); + amd_clear_divider(); if (sev_es_guest(vcpu->kvm)) @@ -4197,6 +4209,8 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in else __svm_vcpu_run(svm, spec_ctrl_intercepted); + raw_local_irq_disable(); + guest_state_exit_irqoff(); } diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S index 2ed80aea3bb1..0c61153b275f 100644 --- a/arch/x86/kvm/svm/vmenter.S +++ b/arch/x86/kvm/svm/vmenter.S @@ -170,12 +170,8 @@ SYM_FUNC_START(__svm_vcpu_run) mov VCPU_RDI(%_ASM_DI), %_ASM_DI /* Enter guest mode */ - sti - 3: vmrun %_ASM_AX 4: - cli - /* Pop @svm to RAX while it's the only available register. */ pop %_ASM_AX @@ -340,12 +336,8 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run) mov KVM_VMCB_pa(%rax), %rax /* Enter guest mode */ - sti - 1: vmrun %rax - -2: cli - +2: /* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */ FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x be45bc4eff33d9a7dae84a2150f242a91a617402 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031023-dodge-ungodly-172a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be45bc4eff33d9a7dae84a2150f242a91a617402 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Mon, 24 Feb 2025 08:54:41 -0800 Subject: [PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Enable/disable local IRQs, i.e. set/clear RFLAGS.IF, in the common svm_vcpu_enter_exit() just after/before guest_state_{enter,exit}_irqoff() so that VMRUN is not executed in an STI shadow. AMD CPUs have a quirk (some would say "bug"), where the STI shadow bleeds into the guest's intr_state field if a #VMEXIT occurs during injection of an event, i.e. if the VMRUN doesn't complete before the subsequent #VMEXIT. The spurious "interrupts masked" state is relatively benign, as it only occurs during event injection and is transient. Because KVM is already injecting an event, the guest can't be in HLT, and if KVM is querying IRQ blocking for injection, then KVM would need to force an immediate exit anyways since injecting multiple events is impossible. However, because KVM copies int_state verbatim from vmcb02 to vmcb12, the spurious STI shadow is visible to L1 when running a nested VM, which can trip sanity checks, e.g. in VMware's VMM. Hoist the STI+CLI all the way to C code, as the aforementioned calls to guest_state_{enter,exit}_irqoff() already inform lockdep that IRQs are enabled/disabled, and taking a fault on VMRUN with RFLAGS.IF=1 is already possible. I.e. if there's kernel code that is confused by running with RFLAGS.IF=1, then it's already a problem. In practice, since GIF=0 also blocks NMIs, the only change in exposure to non-KVM code (relative to surrounding VMRUN with STI+CLI) is exception handling code, and except for the kvm_rebooting=1 case, all exception in the core VM-Enter/VM-Exit path are fatal. Use the "raw" variants to enable/disable IRQs to avoid tracing in the "no instrumentation" code; the guest state helpers also take care of tracing IRQ state. Oppurtunstically document why KVM needs to do STI in the first place. Reported-by: Doug Covelli <doug.covelli(a)broadcom.com> Closes: https://lore.kernel.org/all/CADH9ctBs1YPmE4aCfGPNBwA10cA8RuAk2gO7542DjMZgs4… Fixes: f14eec0a3203 ("KVM: SVM: move more vmentry code to assembly") Cc: stable(a)vger.kernel.org Reviewed-by: Jim Mattson <jmattson(a)google.com> Link: https://lore.kernel.org/r/20250224165442.2338294-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a713c803a3a3..0d299f3f921e 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4189,6 +4189,18 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in guest_state_enter_irqoff(); + /* + * Set RFLAGS.IF prior to VMRUN, as the host's RFLAGS.IF at the time of + * VMRUN controls whether or not physical IRQs are masked (KVM always + * runs with V_INTR_MASKING_MASK). Toggle RFLAGS.IF here to avoid the + * temptation to do STI+VMRUN+CLI, as AMD CPUs bleed the STI shadow + * into guest state if delivery of an event during VMRUN triggers a + * #VMEXIT, and the guest_state transitions already tell lockdep that + * IRQs are being enabled/disabled. Note! GIF=0 for the entirety of + * this path, so IRQs aren't actually unmasked while running host code. + */ + raw_local_irq_enable(); + amd_clear_divider(); if (sev_es_guest(vcpu->kvm)) @@ -4197,6 +4209,8 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in else __svm_vcpu_run(svm, spec_ctrl_intercepted); + raw_local_irq_disable(); + guest_state_exit_irqoff(); } diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S index 2ed80aea3bb1..0c61153b275f 100644 --- a/arch/x86/kvm/svm/vmenter.S +++ b/arch/x86/kvm/svm/vmenter.S @@ -170,12 +170,8 @@ SYM_FUNC_START(__svm_vcpu_run) mov VCPU_RDI(%_ASM_DI), %_ASM_DI /* Enter guest mode */ - sti - 3: vmrun %_ASM_AX 4: - cli - /* Pop @svm to RAX while it's the only available register. */ pop %_ASM_AX @@ -340,12 +336,8 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run) mov KVM_VMCB_pa(%rax), %rax /* Enter guest mode */ - sti - 1: vmrun %rax - -2: cli - +2: /* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */ FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x be45bc4eff33d9a7dae84a2150f242a91a617402 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025031022-debunk-winner-e8fe@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be45bc4eff33d9a7dae84a2150f242a91a617402 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Mon, 24 Feb 2025 08:54:41 -0800 Subject: [PATCH] KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Enable/disable local IRQs, i.e. set/clear RFLAGS.IF, in the common svm_vcpu_enter_exit() just after/before guest_state_{enter,exit}_irqoff() so that VMRUN is not executed in an STI shadow. AMD CPUs have a quirk (some would say "bug"), where the STI shadow bleeds into the guest's intr_state field if a #VMEXIT occurs during injection of an event, i.e. if the VMRUN doesn't complete before the subsequent #VMEXIT. The spurious "interrupts masked" state is relatively benign, as it only occurs during event injection and is transient. Because KVM is already injecting an event, the guest can't be in HLT, and if KVM is querying IRQ blocking for injection, then KVM would need to force an immediate exit anyways since injecting multiple events is impossible. However, because KVM copies int_state verbatim from vmcb02 to vmcb12, the spurious STI shadow is visible to L1 when running a nested VM, which can trip sanity checks, e.g. in VMware's VMM. Hoist the STI+CLI all the way to C code, as the aforementioned calls to guest_state_{enter,exit}_irqoff() already inform lockdep that IRQs are enabled/disabled, and taking a fault on VMRUN with RFLAGS.IF=1 is already possible. I.e. if there's kernel code that is confused by running with RFLAGS.IF=1, then it's already a problem. In practice, since GIF=0 also blocks NMIs, the only change in exposure to non-KVM code (relative to surrounding VMRUN with STI+CLI) is exception handling code, and except for the kvm_rebooting=1 case, all exception in the core VM-Enter/VM-Exit path are fatal. Use the "raw" variants to enable/disable IRQs to avoid tracing in the "no instrumentation" code; the guest state helpers also take care of tracing IRQ state. Oppurtunstically document why KVM needs to do STI in the first place. Reported-by: Doug Covelli <doug.covelli(a)broadcom.com> Closes: https://lore.kernel.org/all/CADH9ctBs1YPmE4aCfGPNBwA10cA8RuAk2gO7542DjMZgs4… Fixes: f14eec0a3203 ("KVM: SVM: move more vmentry code to assembly") Cc: stable(a)vger.kernel.org Reviewed-by: Jim Mattson <jmattson(a)google.com> Link: https://lore.kernel.org/r/20250224165442.2338294-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a713c803a3a3..0d299f3f921e 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4189,6 +4189,18 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in guest_state_enter_irqoff(); + /* + * Set RFLAGS.IF prior to VMRUN, as the host's RFLAGS.IF at the time of + * VMRUN controls whether or not physical IRQs are masked (KVM always + * runs with V_INTR_MASKING_MASK). Toggle RFLAGS.IF here to avoid the + * temptation to do STI+VMRUN+CLI, as AMD CPUs bleed the STI shadow + * into guest state if delivery of an event during VMRUN triggers a + * #VMEXIT, and the guest_state transitions already tell lockdep that + * IRQs are being enabled/disabled. Note! GIF=0 for the entirety of + * this path, so IRQs aren't actually unmasked while running host code. + */ + raw_local_irq_enable(); + amd_clear_divider(); if (sev_es_guest(vcpu->kvm)) @@ -4197,6 +4209,8 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_in else __svm_vcpu_run(svm, spec_ctrl_intercepted); + raw_local_irq_disable(); + guest_state_exit_irqoff(); } diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S index 2ed80aea3bb1..0c61153b275f 100644 --- a/arch/x86/kvm/svm/vmenter.S +++ b/arch/x86/kvm/svm/vmenter.S @@ -170,12 +170,8 @@ SYM_FUNC_START(__svm_vcpu_run) mov VCPU_RDI(%_ASM_DI), %_ASM_DI /* Enter guest mode */ - sti - 3: vmrun %_ASM_AX 4: - cli - /* Pop @svm to RAX while it's the only available register. */ pop %_ASM_AX @@ -340,12 +336,8 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run) mov KVM_VMCB_pa(%rax), %rax /* Enter guest mode */ - sti - 1: vmrun %rax - -2: cli - +2: /* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */ FILL_RETURN_BUFFER %rax, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT

3 months, 1 week

1
0
0 0

[PATCH v2 0/2] R-Car CANFD fixes

by Biju Das

This patch series addresses 2 issues 1) Fix typo in pattern properties for R-Car V4M. 2) Fix page entries in the AFL list. v1->v2: * Split fixes patches as separate series. * Added Rb tag from Geert for binding patch. * Added the tag Cc:stable@vger.kernel.org Biju Das (2): dt-bindings: can: renesas,rcar-canfd: Fix typo in pattern properties for R-Car V4M can: rcar_canfd: Fix page entries in the AFL list .../bindings/net/can/renesas,rcar-canfd.yaml | 2 +- drivers/net/can/rcar/rcar_canfd.c | 17 ++++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) -- 2.43.0

3 months, 1 week

4
15
0 0

[PATCH V3] drm/sched: Fix fence reference count leak

by Qianyi Liu

From: qianyi liu <liuqianyi125(a)gmail.com> The last_scheduled fence leaked when an entity was being killed and adding its callback failed. Decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. Cc: stable(a)vger.kernel.org Fixes: 2fdb8a8f07c2 ("drm/scheduler: rework entity flush, kill and fini") Signed-off-by: qianyi liu <liuqianyi125(a)gmail.com> --- v2 -> v3: Rework commit message (Markus) v1 -> v2: Added 'Fixes:' tag and clarified commit message (Philipp and Matthew) --- drivers/gpu/drm/scheduler/sched_entity.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 69bcf0e99d57..1c0c14bcf726 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -259,9 +259,12 @@ static void drm_sched_entity_kill(struct drm_sched_entity *entity) struct drm_sched_fence *s_fence = job->s_fence; dma_fence_get(&s_fence->finished); - if (!prev || dma_fence_add_callback(prev, &job->finish_cb, - drm_sched_entity_kill_jobs_cb)) + if (!prev || + dma_fence_add_callback(prev, &job->finish_cb, + drm_sched_entity_kill_jobs_cb)) { + dma_fence_put(prev); drm_sched_entity_kill_jobs_cb(NULL, &job->finish_cb); + } prev = &s_fence->finished; } -- 2.25.1

3 months, 1 week

2
4
0 0

[PATCH v4 0/2] Allow non-coherent video capture buffers on Rockchip ISP V1

by Mikhail Rudenko

This small series adds support for non-coherent video capture buffers on Rockchip ISP V1. Patch 1 fixes cache management for dmabuf's allocated by dma-contig allocator. Patch 2 allows non-coherent allocations on the rkisp1 capture queue. Some timing measurements are provided in the commit message of patch 2. Signed-off-by: Mikhail Rudenko <mike.rudenko(a)gmail.com> --- Changes in v4: - rebase to media/next - use `direction` instead of `buf->dma_dir` in dma_sync_sgtable_* - Link to v3: https://lore.kernel.org/r/20250128-b4-rkisp-noncoherent-v3-0-baf39c997d2a@g… Changes in v3: - ignore skip_cache_sync_* flags in vb2_dc_dmabuf_ops_{begin,end}_cpu_access - invalidate/flush kernel mappings as appropriate if they exist - use dma_sync_sgtable_* instead of dma_sync_sg_* - Link to v2: https://lore.kernel.org/r/20250115-b4-rkisp-noncoherent-v2-0-0853e1a24012@g… Changes in v2: - Fix vb2_dc_dmabuf_ops_{begin,end}_cpu_access() for non-coherent buffers. - Add cache management timing information to patch 2 commit message. - Link to v1: https://lore.kernel.org/r/20250102-b4-rkisp-noncoherent-v1-1-bba164f7132c@g… --- Mikhail Rudenko (2): media: videobuf2: Fix dmabuf cache sync/flush in dma-contig media: rkisp1: Allow non-coherent video capture buffers .../media/common/videobuf2/videobuf2-dma-contig.c | 22 ++++++++++++++++++++++ .../platform/rockchip/rkisp1/rkisp1-capture.c | 1 + 2 files changed, 23 insertions(+) --- base-commit: b2c4bf0c102084e77ed1b12090d77a76469a6814 change-id: 20241231-b4-rkisp-noncoherent-ad6e7c7a68ba Best regards, -- Mikhail Rudenko <mike.rudenko(a)gmail.com>

3 months, 1 week

3
6
0 0

[PATCH 1/1] mcb: fix a double free bug in chameleon_parse_gdd()

by Johannes Thumshirn

From: Haoxiang Li <haoxiang_li2024(a)163.com> In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails. Fixes: 3764e82e5150 ("drivers: Introduce MEN Chameleon Bus") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> Signed-off-by: Johannes Thumshirn <jth(a)kernel.org> --- drivers/mcb/mcb-parse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mcb/mcb-parse.c b/drivers/mcb/mcb-parse.c index 02a680c73979..bf0d7d58c8b0 100644 --- a/drivers/mcb/mcb-parse.c +++ b/drivers/mcb/mcb-parse.c @@ -96,7 +96,7 @@ static int chameleon_parse_gdd(struct mcb_bus *bus, ret = mcb_device_register(bus, mdev); if (ret < 0) - goto err; + return ret; return 0; -- 2.43.0

3 months, 1 week

1
0
0 0

Re: Patch "fs/pipe: Read pipe->{head,tail} atomically outside pipe->mutex" has been added to the 5.10-stable tree

by Linus Torvalds

Note that this was a real fix, but the fix only matters if commit aaec5a95d596 ("pipe_read: don't wake up the writer if the pipe is still full") is in the tree. Now, the bug was pre-existing, and *maybe* it could be hit without that commit aaec5a95d596, but nobody has ever reported it, so it's very very unlikely. Also, this fix then had some fall-out, and while I think you've queued all the fallout fixes too, I think it might be a good idea to wait for more reports from the development tree before considering these for stable. Put another way: this fix caused some pain. It might not be worth back-porting to stable at all, and if it is, it might be worth waiting to see that there's no other fallout. Linus On Sun, 9 Mar 2025 at 09:52, Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > fs/pipe: Read pipe->{head,tail} atomically outside pipe->mutex

3 months, 1 week

2
1
0 0

[PATCH 5.15] sched: sch_cake: add bounds checks to host bulk flow fairness counts

by Hagar Hemdan

From: Toke Høiland-Jørgensen <toke(a)redhat.com> [ Upstream commit 737d4d91d35b5f7fa5bb442651472277318b0bfd ] Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out of bounds memory access. To avoid any such logic errors causing out of bounds memory accesses, this commit factors out all accesses to the per-host bulk flow counters to a series of helpers that perform bounds-checking before any increments and decrements. This also has the benefit of improving readability by moving the conditional checks for the flow mode into these helpers, instead of having them spread out throughout the code (which was the cause of the original logic error). As part of this change, the flow quantum calculation is consolidated into a helper function, which means that the dithering applied to the ost load scaling is now applied both in the DRR rotation and when a sparse flow's quantum is first initiated. The only user-visible effect of this is that the maximum packet size that can be sent while a flow stays sparse will now vary with +/- one byte in some cases. This should not make a noticeable difference in practice, and thus it's not worth complicating the code to preserve the old behaviour. Fixes: 546ea84d07e3 ("sched: sch_cake: fix bulk flow accounting logic for host fairness") Reported-by: syzbot+f63600d288bfb7057424(a)syzkaller.appspotmail.com Signed-off-by: Toke Høiland-Jørgensen <toke(a)redhat.com> Acked-by: Dave Taht <dave.taht(a)gmail.com> Link: https://patch.msgid.link/20250107120105.70685-1-toke@redhat.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [Hagar: needed contextual fixes due to missing commit 7e3cf0843fe5] Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- net/sched/sch_cake.c | 140 +++++++++++++++++++++++-------------------- 1 file changed, 75 insertions(+), 65 deletions(-) diff --git a/net/sched/sch_cake.c b/net/sched/sch_cake.c index 8d9c0b98a747..d9535129f4e9 100644 --- a/net/sched/sch_cake.c +++ b/net/sched/sch_cake.c @@ -643,6 +643,63 @@ static bool cake_ddst(int flow_mode) return (flow_mode & CAKE_FLOW_DUAL_DST) == CAKE_FLOW_DUAL_DST; } +static void cake_dec_srchost_bulk_flow_count(struct cake_tin_data *q, + struct cake_flow *flow, + int flow_mode) +{ + if (likely(cake_dsrc(flow_mode) && + q->hosts[flow->srchost].srchost_bulk_flow_count)) + q->hosts[flow->srchost].srchost_bulk_flow_count--; +} + +static void cake_inc_srchost_bulk_flow_count(struct cake_tin_data *q, + struct cake_flow *flow, + int flow_mode) +{ + if (likely(cake_dsrc(flow_mode) && + q->hosts[flow->srchost].srchost_bulk_flow_count < CAKE_QUEUES)) + q->hosts[flow->srchost].srchost_bulk_flow_count++; +} + +static void cake_dec_dsthost_bulk_flow_count(struct cake_tin_data *q, + struct cake_flow *flow, + int flow_mode) +{ + if (likely(cake_ddst(flow_mode) && + q->hosts[flow->dsthost].dsthost_bulk_flow_count)) + q->hosts[flow->dsthost].dsthost_bulk_flow_count--; +} + +static void cake_inc_dsthost_bulk_flow_count(struct cake_tin_data *q, + struct cake_flow *flow, + int flow_mode) +{ + if (likely(cake_ddst(flow_mode) && + q->hosts[flow->dsthost].dsthost_bulk_flow_count < CAKE_QUEUES)) + q->hosts[flow->dsthost].dsthost_bulk_flow_count++; +} + +static u16 cake_get_flow_quantum(struct cake_tin_data *q, + struct cake_flow *flow, + int flow_mode) +{ + u16 host_load = 1; + + if (cake_dsrc(flow_mode)) + host_load = max(host_load, + q->hosts[flow->srchost].srchost_bulk_flow_count); + + if (cake_ddst(flow_mode)) + host_load = max(host_load, + q->hosts[flow->dsthost].dsthost_bulk_flow_count); + + /* The shifted prandom_u32() is a way to apply dithering to avoid + * accumulating roundoff errors + */ + return (q->flow_quantum * quantum_div[host_load] + + (prandom_u32() >> 16)) >> 16; +} + static u32 cake_hash(struct cake_tin_data *q, const struct sk_buff *skb, int flow_mode, u16 flow_override, u16 host_override) { @@ -789,10 +846,8 @@ static u32 cake_hash(struct cake_tin_data *q, const struct sk_buff *skb, allocate_dst = cake_ddst(flow_mode); if (q->flows[outer_hash + k].set == CAKE_SET_BULK) { - if (allocate_src) - q->hosts[q->flows[reduced_hash].srchost].srchost_bulk_flow_count--; - if (allocate_dst) - q->hosts[q->flows[reduced_hash].dsthost].dsthost_bulk_flow_count--; + cake_dec_srchost_bulk_flow_count(q, &q->flows[outer_hash + k], flow_mode); + cake_dec_dsthost_bulk_flow_count(q, &q->flows[outer_hash + k], flow_mode); } found: /* reserve queue for future packets in same flow */ @@ -817,9 +872,10 @@ static u32 cake_hash(struct cake_tin_data *q, const struct sk_buff *skb, q->hosts[outer_hash + k].srchost_tag = srchost_hash; found_src: srchost_idx = outer_hash + k; - if (q->flows[reduced_hash].set == CAKE_SET_BULK) - q->hosts[srchost_idx].srchost_bulk_flow_count++; q->flows[reduced_hash].srchost = srchost_idx; + + if (q->flows[reduced_hash].set == CAKE_SET_BULK) + cake_inc_srchost_bulk_flow_count(q, &q->flows[reduced_hash], flow_mode); } if (allocate_dst) { @@ -840,9 +896,10 @@ static u32 cake_hash(struct cake_tin_data *q, const struct sk_buff *skb, q->hosts[outer_hash + k].dsthost_tag = dsthost_hash; found_dst: dsthost_idx = outer_hash + k; - if (q->flows[reduced_hash].set == CAKE_SET_BULK) - q->hosts[dsthost_idx].dsthost_bulk_flow_count++; q->flows[reduced_hash].dsthost = dsthost_idx; + + if (q->flows[reduced_hash].set == CAKE_SET_BULK) + cake_inc_dsthost_bulk_flow_count(q, &q->flows[reduced_hash], flow_mode); } } @@ -1855,10 +1912,6 @@ static s32 cake_enqueue(struct sk_buff *skb, struct Qdisc *sch, /* flowchain */ if (!flow->set || flow->set == CAKE_SET_DECAYING) { - struct cake_host *srchost = &b->hosts[flow->srchost]; - struct cake_host *dsthost = &b->hosts[flow->dsthost]; - u16 host_load = 1; - if (!flow->set) { list_add_tail(&flow->flowchain, &b->new_flows); } else { @@ -1868,18 +1921,8 @@ static s32 cake_enqueue(struct sk_buff *skb, struct Qdisc *sch, flow->set = CAKE_SET_SPARSE; b->sparse_flow_count++; - if (cake_dsrc(q->flow_mode)) - host_load = max(host_load, srchost->srchost_bulk_flow_count); - - if (cake_ddst(q->flow_mode)) - host_load = max(host_load, dsthost->dsthost_bulk_flow_count); - - flow->deficit = (b->flow_quantum * - quantum_div[host_load]) >> 16; + flow->deficit = cake_get_flow_quantum(b, flow, q->flow_mode); } else if (flow->set == CAKE_SET_SPARSE_WAIT) { - struct cake_host *srchost = &b->hosts[flow->srchost]; - struct cake_host *dsthost = &b->hosts[flow->dsthost]; - /* this flow was empty, accounted as a sparse flow, but actually * in the bulk rotation. */ @@ -1887,12 +1930,8 @@ static s32 cake_enqueue(struct sk_buff *skb, struct Qdisc *sch, b->sparse_flow_count--; b->bulk_flow_count++; - if (cake_dsrc(q->flow_mode)) - srchost->srchost_bulk_flow_count++; - - if (cake_ddst(q->flow_mode)) - dsthost->dsthost_bulk_flow_count++; - + cake_inc_srchost_bulk_flow_count(b, flow, q->flow_mode); + cake_inc_dsthost_bulk_flow_count(b, flow, q->flow_mode); } if (q->buffer_used > q->buffer_max_used) @@ -1949,13 +1988,11 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) { struct cake_sched_data *q = qdisc_priv(sch); struct cake_tin_data *b = &q->tins[q->cur_tin]; - struct cake_host *srchost, *dsthost; ktime_t now = ktime_get(); struct cake_flow *flow; struct list_head *head; bool first_flow = true; struct sk_buff *skb; - u16 host_load; u64 delay; u32 len; @@ -2055,11 +2092,6 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) q->cur_flow = flow - b->flows; first_flow = false; - /* triple isolation (modified DRR++) */ - srchost = &b->hosts[flow->srchost]; - dsthost = &b->hosts[flow->dsthost]; - host_load = 1; - /* flow isolation (DRR++) */ if (flow->deficit <= 0) { /* Keep all flows with deficits out of the sparse and decaying @@ -2071,11 +2103,8 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) b->sparse_flow_count--; b->bulk_flow_count++; - if (cake_dsrc(q->flow_mode)) - srchost->srchost_bulk_flow_count++; - - if (cake_ddst(q->flow_mode)) - dsthost->dsthost_bulk_flow_count++; + cake_inc_srchost_bulk_flow_count(b, flow, q->flow_mode); + cake_inc_dsthost_bulk_flow_count(b, flow, q->flow_mode); flow->set = CAKE_SET_BULK; } else { @@ -2087,19 +2116,7 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) } } - if (cake_dsrc(q->flow_mode)) - host_load = max(host_load, srchost->srchost_bulk_flow_count); - - if (cake_ddst(q->flow_mode)) - host_load = max(host_load, dsthost->dsthost_bulk_flow_count); - - WARN_ON(host_load > CAKE_QUEUES); - - /* The shifted prandom_u32() is a way to apply dithering to - * avoid accumulating roundoff errors - */ - flow->deficit += (b->flow_quantum * quantum_div[host_load] + - (prandom_u32() >> 16)) >> 16; + flow->deficit += cake_get_flow_quantum(b, flow, q->flow_mode); list_move_tail(&flow->flowchain, &b->old_flows); goto retry; @@ -2123,11 +2140,8 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) if (flow->set == CAKE_SET_BULK) { b->bulk_flow_count--; - if (cake_dsrc(q->flow_mode)) - srchost->srchost_bulk_flow_count--; - - if (cake_ddst(q->flow_mode)) - dsthost->dsthost_bulk_flow_count--; + cake_dec_srchost_bulk_flow_count(b, flow, q->flow_mode); + cake_dec_dsthost_bulk_flow_count(b, flow, q->flow_mode); b->decaying_flow_count++; } else if (flow->set == CAKE_SET_SPARSE || @@ -2145,12 +2159,8 @@ static struct sk_buff *cake_dequeue(struct Qdisc *sch) else if (flow->set == CAKE_SET_BULK) { b->bulk_flow_count--; - if (cake_dsrc(q->flow_mode)) - srchost->srchost_bulk_flow_count--; - - if (cake_ddst(q->flow_mode)) - dsthost->dsthost_bulk_flow_count--; - + cake_dec_srchost_bulk_flow_count(b, flow, q->flow_mode); + cake_dec_dsthost_bulk_flow_count(b, flow, q->flow_mode); } else b->decaying_flow_count--; -- 2.47.1

3 months, 1 week

3
6
0 0

[PATCH v4] sched/topology: Enable topology_span_sane check only for debug builds

by Naman Jain

From: Saurabh Sengar <ssengar(a)linux.microsoft.com> On a x86 system under test with 1780 CPUs, topology_span_sane() takes around 8 seconds cumulatively for all the iterations. It is an expensive operation which does the sanity of non-NUMA topology masks. CPU topology is not something which changes very frequently hence make this check optional for the systems where the topology is trusted and need faster bootup. Restrict this to sched_verbose kernel cmdline option so that this penalty can be avoided for the systems who want to avoid it. Cc: stable(a)vger.kernel.org Fixes: ccf74128d66c ("sched/topology: Assert non-NUMA topology masks don't (partially) overlap") Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Co-developed-by: Naman Jain <namjain(a)linux.microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> Tested-by: K Prateek Nayak <kprateek.nayak(a)amd.com> --- Changes since v3: https://lore.kernel.org/all/20250203114738.3109-1-namjain@linux.microsoft.c… - Minor typo correction in comment - Added Tested-by tag from Prateek for x86 Changes since v2: https://lore.kernel.org/all/1731922777-7121-1-git-send-email-ssengar@linux.… - Use sched_debug() instead of using sched_debug_verbose variable directly (addressing Prateek's comment) Changes since v1: https://lore.kernel.org/all/1729619853-2597-1-git-send-email-ssengar@linux.… - Use kernel cmdline param instead of compile time flag. Adding a link to the other patch which is under review. https://lore.kernel.org/lkml/20241031200431.182443-1-steve.wahl@hpe.com/ Above patch tries to optimize the topology sanity check, whereas this patch makes it optional. We believe both patches can coexist, as even with optimization, there will still be some performance overhead for this check. --- kernel/sched/topology.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/kernel/sched/topology.c b/kernel/sched/topology.c index c49aea8c1025..666f0a18cc6c 100644 --- a/kernel/sched/topology.c +++ b/kernel/sched/topology.c @@ -2359,6 +2359,13 @@ static bool topology_span_sane(struct sched_domain_topology_level *tl, { int i = cpu + 1; + /* Skip the topology sanity check for non-debug, as it is a time-consuming operation */ + if (!sched_debug()) { + pr_info_once("%s: Skipping topology span sanity check. Use `sched_verbose` boot parameter to enable it.\n", + __func__); + return true; + } + /* NUMA levels are allowed to overlap */ if (tl->flags & SDTL_OVERLAP) return true; -- 2.34.1

3 months, 1 week

3
4
0 0

[PATCH] lib/buildid: Handle memfd_secret() files in build_id_parse()

by Chen Linxuan

Backport of a similar change from commit 5ac9b4e935df ("lib/buildid: Handle memfd_secret() files in build_id_parse()") to address an issue where accessing secret memfd contents through build_id_parse() would trigger faults. Original report and repro can be found in [0]. [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/ This repro will cause BUG: unable to handle kernel paging request in build_id_parse in 5.15/6.1/6.6. Some other discussions can be found in [1]. [1] https://lore.kernel.org/bpf/20241104175256.2327164-1-jolsa@kernel.org/T/#u Cc: stable(a)vger.kernel.org Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event") Signed-off-by: Chen Linxuan <chenlinxuan(a)deepin.org> --- lib/buildid.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/buildid.c b/lib/buildid.c index 9fc46366597e..b78d119ed1f7 100644 --- a/lib/buildid.c +++ b/lib/buildid.c @@ -157,6 +157,12 @@ int build_id_parse(struct vm_area_struct *vma, unsigned char *build_id, if (!vma->vm_file) return -EINVAL; +#ifdef CONFIG_SECRETMEM + /* reject secretmem folios created with memfd_secret() */ + if (vma->vm_file->f_mapping->a_ops == &secretmem_aops) + return -EFAULT; +#endif + page = find_get_page(vma->vm_file->f_mapping, 0); if (!page) return -EFAULT; /* page not mapped */ -- 2.48.1

3 months, 1 week

4
4
0 0

[PATCH 5.4] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 5.4 s/ATOM_GRACEMONT/ALDERLAKE_N/ added microcode matching to INTEL_MATCH() and invlpg_miss_ids ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 086b274fa60f..b3bed9a9f78d 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -211,33 +211,39 @@ static void __init probe_page_size_mask(void) } } -#define INTEL_MATCH(_model) { .vendor = X86_VENDOR_INTEL, \ - .family = 6, \ - .model = _model, \ - } +#define INTEL_MATCH(_model, ucode) { .vendor = X86_VENDOR_INTEL, \ + .family = 6, \ + .model = _model, \ + .driver_data = ucode, \ + } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - INTEL_MATCH(INTEL_FAM6_ALDERLAKE ), - INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L ), - INTEL_MATCH(INTEL_FAM6_ALDERLAKE_N ), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE ), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S), + INTEL_MATCH(INTEL_FAM6_ALDERLAKE, 0x2e), + INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L, 0x42c), + INTEL_MATCH(INTEL_FAM6_ALDERLAKE_N, 0x11), + INTEL_MATCH(INTEL_FAM6_RAPTORLAKE, 0x118), + INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P, 0x4117), + INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: 856a224845f949243d6719165c88a70e4b473ec4 change-id: 20250308-clear-pcid-5-4-cc78be4ffaaf Best regards, -- Thanks, Pawan

3 months, 1 week

2
1
0 0

[PATCH 6.6] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 6.6 ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 6215dfa23578..71d29dd7ad76 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -262,28 +262,33 @@ static void __init probe_page_size_mask(void) } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0), - X86_MATCH_INTEL_FAM6_MODEL(ATOM_GRACEMONT, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0x2e), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0x42c), + X86_MATCH_INTEL_FAM6_MODEL(ATOM_GRACEMONT, 0x11), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0x118), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0x4117), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: 568e253c3e3bdfecf5a4d65ccc8fc971c6c4b31f change-id: 20250307-clear-pcid-6-6-ce51baab3b5b Best regards, -- Thanks, Pawan

3 months, 1 week

2
1
0 0

[PATCH v2 6.1] mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM

by Alexey Panov

From: David Hildenbrand <david(a)redhat.com> commit 091c1dd2d4df6edd1beebe0e5863d4034ade9572 upstream. We currently assume that there is at least one VMA in a MM, which isn't true. So we might end up having find_vma() return NULL, to then de-reference NULL. So properly handle find_vma() returning NULL. This fixes the report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline] RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194 Code: ... RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000 RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044 RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1 R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003 R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8 FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709 __do_sys_migrate_pages mm/mempolicy.c:1727 [inline] __se_sys_migrate_pages mm/mempolicy.c:1723 [inline] __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [akpm(a)linux-foundation.org: add unlikely()] Link: https://lkml.kernel.org/r/20241120201151.9518-1-david@redhat.com Fixes: 39743889aaf7 ("[PATCH] Swap Migration V5: sys_migrate_pages interface") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: syzbot+3511625422f7aa637f0d(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/lkml/673d2696.050a0220.3c9d61.012f.GAE@google.com/T/ Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reviewed-by: Christoph Lameter <cl(a)linux.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> [ Alexey: mmap_read_lock is not used in this context, so mmap_read_unlock is removed. Synchronization is provided by an external context in do_migrate_pages(). ] Signed-off-by: Alexey Panov <apanov(a)astralinux.ru> --- v2: Clarify mmap_lock context in changes summary. Fix braces for a single statement block. Rearrange the changes with a comment and VM_BUG_ON to look more consistent with upstream. mm/mempolicy.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 399d8cb48813..f60ff4727f46 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1062,13 +1062,17 @@ static int migrate_to_node(struct mm_struct *mm, int source, int dest, nodes_clear(nmask); node_set(source, nmask); + VM_BUG_ON(!(flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))); + + vma = find_vma(mm, 0); + if (unlikely(!vma)) + return 0; + /* * This does not "check" the range but isolates all pages that * need migration. Between passing in the full user address * space range and MPOL_MF_DISCONTIG_OK, this call can not fail. */ - vma = find_vma(mm, 0); - VM_BUG_ON(!(flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))); queue_pages_range(mm, vma->vm_start, mm->task_size, &nmask, flags | MPOL_MF_DISCONTIG_OK, &pagelist); -- 2.30.2

3 months, 1 week

2
1
0 0

[PATCH v2 5.10/5.15] mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM

by Alexey Panov

From: David Hildenbrand <david(a)redhat.com> commit 091c1dd2d4df6edd1beebe0e5863d4034ade9572 upstream. We currently assume that there is at least one VMA in a MM, which isn't true. So we might end up having find_vma() return NULL, to then de-reference NULL. So properly handle find_vma() returning NULL. This fixes the report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline] RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194 Code: ... RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000 RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044 RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1 R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003 R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8 FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709 __do_sys_migrate_pages mm/mempolicy.c:1727 [inline] __se_sys_migrate_pages mm/mempolicy.c:1723 [inline] __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [akpm(a)linux-foundation.org: add unlikely()] Link: https://lkml.kernel.org/r/20241120201151.9518-1-david@redhat.com Fixes: 39743889aaf7 ("[PATCH] Swap Migration V5: sys_migrate_pages interface") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: syzbot+3511625422f7aa637f0d(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/lkml/673d2696.050a0220.3c9d61.012f.GAE@google.com/T/ Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reviewed-by: Christoph Lameter <cl(a)linux.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> [ Alexey: mmap_read_lock is not used in this context, so mmap_read_unlock is removed. Synchronization is provided by an external context in do_migrate_pages(). find_vma(mm, 0) is the same as mm->mmap. ] Signed-off-by: Alexey Panov <apanov(a)astralinux.ru> --- v2: Clarify mmap_lock context in changes summary. Fix braces for a single statement block. Rearrange the changes with a comment and VM_BUG_ON to look more consistent with upstream. mm/mempolicy.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 6c98585f20df..db94aec0ea17 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1067,6 +1067,7 @@ static int migrate_to_node(struct mm_struct *mm, int source, int dest, int flags) { nodemask_t nmask; + struct vm_area_struct *vma; LIST_HEAD(pagelist); int err = 0; struct migration_target_control mtc = { @@ -1077,13 +1078,18 @@ static int migrate_to_node(struct mm_struct *mm, int source, int dest, nodes_clear(nmask); node_set(source, nmask); + VM_BUG_ON(!(flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))); + + vma = find_vma(mm, 0); + if (unlikely(!vma)) + return 0; + /* * This does not "check" the range but isolates all pages that * need migration. Between passing in the full user address * space range and MPOL_MF_DISCONTIG_OK, this call can not fail. */ - VM_BUG_ON(!(flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))); - queue_pages_range(mm, mm->mmap->vm_start, mm->task_size, &nmask, + queue_pages_range(mm, vma->vm_start, mm->task_size, &nmask, flags | MPOL_MF_DISCONTIG_OK, &pagelist); if (!list_empty(&pagelist)) { -- 2.30.2

3 months, 1 week

2
1
0 0

[PATCH 6.12/6.13] loongarch: Use ASM_REACHABLE

by Huacai Chen

From: Peter Zijlstra <peterz(a)infradead.org> commit 624bde3465f660e54a7cd4c1efc3e536349fead5 upstream. annotate_reachable() is unreliable since the compiler is free to place random code inbetween two consecutive asm() statements. This removes the last and only annotate_reachable() user. Backport to solve a build error since relevant commits have already been backported. Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Josh Poimboeuf <jpoimboe(a)kernel.org> Link: https://lore.kernel.org/r/20241128094312.133437051@infradead.org Closes: https://lore.kernel.org/loongarch/20250307214943.372210-1-ojeda@kernel.org/ Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/include/asm/bug.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/arch/loongarch/include/asm/bug.h b/arch/loongarch/include/asm/bug.h index 08388876ade4..561ac1bf79e2 100644 --- a/arch/loongarch/include/asm/bug.h +++ b/arch/loongarch/include/asm/bug.h @@ -4,6 +4,7 @@ #include <asm/break.h> #include <linux/stringify.h> +#include <linux/objtool.h> #ifndef CONFIG_DEBUG_BUGVERBOSE #define _BUGVERBOSE_LOCATION(file, line) @@ -33,25 +34,25 @@ #define ASM_BUG_FLAGS(flags) \ __BUG_ENTRY(flags) \ - break BRK_BUG + break BRK_BUG; #define ASM_BUG() ASM_BUG_FLAGS(0) -#define __BUG_FLAGS(flags) \ - asm_inline volatile (__stringify(ASM_BUG_FLAGS(flags))); +#define __BUG_FLAGS(flags, extra) \ + asm_inline volatile (__stringify(ASM_BUG_FLAGS(flags)) \ + extra); #define __WARN_FLAGS(flags) \ do { \ instrumentation_begin(); \ - __BUG_FLAGS(BUGFLAG_WARNING|(flags)); \ - annotate_reachable(); \ + __BUG_FLAGS(BUGFLAG_WARNING|(flags), ASM_REACHABLE); \ instrumentation_end(); \ } while (0) #define BUG() \ do { \ instrumentation_begin(); \ - __BUG_FLAGS(0); \ + __BUG_FLAGS(0, ""); \ unreachable(); \ } while (0) -- 2.47.1

3 months, 1 week

3
2
0 0

[PATCH 5.15] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 5.15 s/ATOM_GRACEMONT/ALDERLAKE_N/ ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 5953c7482016..1110f6dda352 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -264,28 +264,33 @@ static void __init probe_page_size_mask(void) } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0x2e), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0x42c), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0x11), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0x118), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0x4117), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: c16c81c81336c0912eb3542194f16215c0a40037 change-id: 20250307-clear-pcid-5-15-e9740c3b5649 Best regards, -- Thanks, Pawan

3 months, 1 week

2
1
0 0

[PATCH 6.12] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 6.12 ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index eb503f53c319..101725c149c4 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -263,28 +263,33 @@ static void __init probe_page_size_mask(void) } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - X86_MATCH_VFM(INTEL_ALDERLAKE, 0), - X86_MATCH_VFM(INTEL_ALDERLAKE_L, 0), - X86_MATCH_VFM(INTEL_ATOM_GRACEMONT, 0), - X86_MATCH_VFM(INTEL_RAPTORLAKE, 0), - X86_MATCH_VFM(INTEL_RAPTORLAKE_P, 0), - X86_MATCH_VFM(INTEL_RAPTORLAKE_S, 0), + X86_MATCH_VFM(INTEL_ALDERLAKE, 0x2e), + X86_MATCH_VFM(INTEL_ALDERLAKE_L, 0x42c), + X86_MATCH_VFM(INTEL_ATOM_GRACEMONT, 0x11), + X86_MATCH_VFM(INTEL_RAPTORLAKE, 0x118), + X86_MATCH_VFM(INTEL_RAPTORLAKE_P, 0x4117), + X86_MATCH_VFM(INTEL_RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: 105a31925e2d17b766cebcff5d173f469e7b9e52 change-id: 20250307-clear-pcid-6-12-f3e4c84c7206 Best regards, -- Pawan

3 months, 1 week

2
1
0 0

[PATCH 5.10] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 5.10 s/ATOM_GRACEMONT/ALDERLAKE_N/ ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 17f1a89e26fc..d4b6ca0221a7 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -258,28 +258,33 @@ static void __init probe_page_size_mask(void) } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0x2e), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0x42c), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0x11), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0x118), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0x4117), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: f0a53361993a94f602df6f35e78149ad2ac12c89 change-id: 20250307-clear-pcid-5-10-64f4287b45c7 Best regards, -- Thanks, Pawan

3 months, 1 week

2
1
0 0

[PATCH linux-6.12.y] selftests/bpf: Clean up open-coded gettid syscall invocations

by Alan Maguire

From: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Availability of the gettid definition across glibc versions supported by BPF selftests is not certain. Currently, all users in the tree open-code syscall to gettid. Convert them to a common macro definition. Reviewed-by: Jiri Olsa <jolsa(a)kernel.org> Signed-off-by: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Link: https://lore.kernel.org/r/20241104171959.2938862-3-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> (cherry picked from commit 0e2fb011a0ba8e2258ce776fdf89fbd589c2a3a6) This backport is needed to build BPF selftests successfully for linux-6.12.y, as when currently building BPF selftests, the following error is seen: TEST-OBJ [test_progs] raw_tp_null.test.o prog_tests/raw_tp_null.c: In function ‘test_raw_tp_null’: prog_tests/raw_tp_null.c:15:26: error: implicit declaration of function ‘sys_gettid’; did you mean ‘gettid’? [-Werror=implicit-function-declaration] 15 | skel->bss->tid = sys_gettid(); | ^~~~~~~~~~ | gettid cc1: all warnings being treated as errors Fixes: abd30e947f70 ("selftests/bpf: Add tests for raw_tp null handling") Reported-by: Colm Harrington <colm.harrington(a)oracle.com> Signed-off-by: Alan Maguire <alan.maguire(a)oracle.com> Conflicts: tools/testing/selftests/bpf/prog_tests/task_local_storage.c Conflicts were due to new unrelated context in the upstream version. --- tools/testing/selftests/bpf/benchs/bench_trigger.c | 3 ++- tools/testing/selftests/bpf/bpf_util.h | 9 +++++++++ .../testing/selftests/bpf/map_tests/task_storage_map.c | 3 ++- tools/testing/selftests/bpf/prog_tests/bpf_cookie.c | 2 +- tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 6 +++--- .../selftests/bpf/prog_tests/cgrp_local_storage.c | 10 +++++----- tools/testing/selftests/bpf/prog_tests/core_reloc.c | 2 +- tools/testing/selftests/bpf/prog_tests/linked_funcs.c | 2 +- .../selftests/bpf/prog_tests/ns_current_pid_tgid.c | 2 +- tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c | 4 ++-- .../selftests/bpf/prog_tests/task_local_storage.c | 8 ++++---- .../selftests/bpf/prog_tests/uprobe_multi_test.c | 2 +- 12 files changed, 32 insertions(+), 21 deletions(-) diff --git a/tools/testing/selftests/bpf/benchs/bench_trigger.c b/tools/testing/selftests/bpf/benchs/bench_trigger.c index 2ed0ef6f21ee..32e9f194d449 100644 --- a/tools/testing/selftests/bpf/benchs/bench_trigger.c +++ b/tools/testing/selftests/bpf/benchs/bench_trigger.c @@ -4,6 +4,7 @@ #include <argp.h> #include <unistd.h> #include <stdint.h> +#include "bpf_util.h" #include "bench.h" #include "trigger_bench.skel.h" #include "trace_helpers.h" @@ -72,7 +73,7 @@ static __always_inline void inc_counter(struct counter *counters) unsigned slot; if (unlikely(tid == 0)) - tid = syscall(SYS_gettid); + tid = sys_gettid(); /* multiplicative hashing, it's fast */ slot = 2654435769U * tid; diff --git a/tools/testing/selftests/bpf/bpf_util.h b/tools/testing/selftests/bpf/bpf_util.h index 10587a29b967..feff92219e21 100644 --- a/tools/testing/selftests/bpf/bpf_util.h +++ b/tools/testing/selftests/bpf/bpf_util.h @@ -6,6 +6,7 @@ #include <stdlib.h> #include <string.h> #include <errno.h> +#include <syscall.h> #include <bpf/libbpf.h> /* libbpf_num_possible_cpus */ static inline unsigned int bpf_num_possible_cpus(void) @@ -59,4 +60,12 @@ static inline void bpf_strlcpy(char *dst, const char *src, size_t sz) (offsetof(TYPE, MEMBER) + sizeof_field(TYPE, MEMBER)) #endif +/* Availability of gettid across glibc versions is hit-and-miss, therefore + * fallback to syscall in this macro and use it everywhere. + */ +#ifndef sys_gettid +#define sys_gettid() syscall(SYS_gettid) +#endif + + #endif /* __BPF_UTIL__ */ diff --git a/tools/testing/selftests/bpf/map_tests/task_storage_map.c b/tools/testing/selftests/bpf/map_tests/task_storage_map.c index 7d050364efca..62971dbf2996 100644 --- a/tools/testing/selftests/bpf/map_tests/task_storage_map.c +++ b/tools/testing/selftests/bpf/map_tests/task_storage_map.c @@ -12,6 +12,7 @@ #include <bpf/bpf.h> #include <bpf/libbpf.h> +#include "bpf_util.h" #include "test_maps.h" #include "task_local_storage_helpers.h" #include "read_bpf_task_storage_busy.skel.h" @@ -115,7 +116,7 @@ void test_task_storage_map_stress_lookup(void) CHECK(err, "attach", "error %d\n", err); /* Trigger program */ - syscall(SYS_gettid); + sys_gettid(); skel->bss->pid = 0; CHECK(skel->bss->busy != 0, "bad bpf_task_storage_busy", "got %d\n", skel->bss->busy); diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c b/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c index 070c52c312e5..6befa870434b 100644 --- a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c +++ b/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c @@ -690,7 +690,7 @@ void test_bpf_cookie(void) if (!ASSERT_OK_PTR(skel, "skel_open")) return; - skel->bss->my_tid = syscall(SYS_gettid); + skel->bss->my_tid = sys_gettid(); if (test__start_subtest("kprobe")) kprobe_subtest(skel); diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_iter.c b/tools/testing/selftests/bpf/prog_tests/bpf_iter.c index 9006549a1294..b8e1224cfd19 100644 --- a/tools/testing/selftests/bpf/prog_tests/bpf_iter.c +++ b/tools/testing/selftests/bpf/prog_tests/bpf_iter.c @@ -226,7 +226,7 @@ static void test_task_common_nocheck(struct bpf_iter_attach_opts *opts, ASSERT_OK(pthread_create(&thread_id, NULL, &do_nothing_wait, NULL), "pthread_create"); - skel->bss->tid = syscall(SYS_gettid); + skel->bss->tid = sys_gettid(); do_dummy_read_opts(skel->progs.dump_task, opts); @@ -255,10 +255,10 @@ static void *run_test_task_tid(void *arg) union bpf_iter_link_info linfo; int num_unknown_tid, num_known_tid; - ASSERT_NEQ(getpid(), syscall(SYS_gettid), "check_new_thread_id"); + ASSERT_NEQ(getpid(), sys_gettid(), "check_new_thread_id"); memset(&linfo, 0, sizeof(linfo)); - linfo.task.tid = syscall(SYS_gettid); + linfo.task.tid = sys_gettid(); opts.link_info = &linfo; opts.link_info_len = sizeof(linfo); test_task_common(&opts, 0, 1); diff --git a/tools/testing/selftests/bpf/prog_tests/cgrp_local_storage.c b/tools/testing/selftests/bpf/prog_tests/cgrp_local_storage.c index 747761572098..9015e2c2ab12 100644 --- a/tools/testing/selftests/bpf/prog_tests/cgrp_local_storage.c +++ b/tools/testing/selftests/bpf/prog_tests/cgrp_local_storage.c @@ -63,14 +63,14 @@ static void test_tp_btf(int cgroup_fd) if (!ASSERT_OK(err, "map_delete_elem")) goto out; - skel->bss->target_pid = syscall(SYS_gettid); + skel->bss->target_pid = sys_gettid(); err = cgrp_ls_tp_btf__attach(skel); if (!ASSERT_OK(err, "skel_attach")) goto out; - syscall(SYS_gettid); - syscall(SYS_gettid); + sys_gettid(); + sys_gettid(); skel->bss->target_pid = 0; @@ -154,7 +154,7 @@ static void test_recursion(int cgroup_fd) goto out; /* trigger sys_enter, make sure it does not cause deadlock */ - syscall(SYS_gettid); + sys_gettid(); out: cgrp_ls_recursion__destroy(skel); @@ -224,7 +224,7 @@ static void test_yes_rcu_lock(__u64 cgroup_id) return; CGROUP_MODE_SET(skel); - skel->bss->target_pid = syscall(SYS_gettid); + skel->bss->target_pid = sys_gettid(); bpf_program__set_autoload(skel->progs.yes_rcu_lock, true); err = cgrp_ls_sleepable__load(skel); diff --git a/tools/testing/selftests/bpf/prog_tests/core_reloc.c b/tools/testing/selftests/bpf/prog_tests/core_reloc.c index 26019313e1fc..1c682550e0e7 100644 --- a/tools/testing/selftests/bpf/prog_tests/core_reloc.c +++ b/tools/testing/selftests/bpf/prog_tests/core_reloc.c @@ -1010,7 +1010,7 @@ static void run_core_reloc_tests(bool use_btfgen) struct data *data; void *mmap_data = NULL; - my_pid_tgid = getpid() | ((uint64_t)syscall(SYS_gettid) << 32); + my_pid_tgid = getpid() | ((uint64_t)sys_gettid() << 32); for (i = 0; i < ARRAY_SIZE(test_cases); i++) { char btf_file[] = "/tmp/core_reloc.btf.XXXXXX"; diff --git a/tools/testing/selftests/bpf/prog_tests/linked_funcs.c b/tools/testing/selftests/bpf/prog_tests/linked_funcs.c index cad664546912..fa639b021f7e 100644 --- a/tools/testing/selftests/bpf/prog_tests/linked_funcs.c +++ b/tools/testing/selftests/bpf/prog_tests/linked_funcs.c @@ -20,7 +20,7 @@ void test_linked_funcs(void) bpf_program__set_autoload(skel->progs.handler1, true); bpf_program__set_autoload(skel->progs.handler2, true); - skel->rodata->my_tid = syscall(SYS_gettid); + skel->rodata->my_tid = sys_gettid(); skel->bss->syscall_id = SYS_getpgid; err = linked_funcs__load(skel); diff --git a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c index c29787e092d6..761ce24bce38 100644 --- a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c +++ b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c @@ -23,7 +23,7 @@ static int get_pid_tgid(pid_t *pid, pid_t *tgid, struct stat st; int err; - *pid = syscall(SYS_gettid); + *pid = sys_gettid(); *tgid = getpid(); err = stat("/proc/self/ns/pid", &st); diff --git a/tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c b/tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c index a1f7e7378a64..ebe0c12b5536 100644 --- a/tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c +++ b/tools/testing/selftests/bpf/prog_tests/rcu_read_lock.c @@ -21,7 +21,7 @@ static void test_success(void) if (!ASSERT_OK_PTR(skel, "skel_open")) return; - skel->bss->target_pid = syscall(SYS_gettid); + skel->bss->target_pid = sys_gettid(); bpf_program__set_autoload(skel->progs.get_cgroup_id, true); bpf_program__set_autoload(skel->progs.task_succ, true); @@ -58,7 +58,7 @@ static void test_rcuptr_acquire(void) if (!ASSERT_OK_PTR(skel, "skel_open")) return; - skel->bss->target_pid = syscall(SYS_gettid); + skel->bss->target_pid = sys_gettid(); bpf_program__set_autoload(skel->progs.task_acquire, true); err = rcu_read_lock__load(skel); diff --git a/tools/testing/selftests/bpf/prog_tests/task_local_storage.c b/tools/testing/selftests/bpf/prog_tests/task_local_storage.c index c33c05161a9e..0d42ce00166f 100644 --- a/tools/testing/selftests/bpf/prog_tests/task_local_storage.c +++ b/tools/testing/selftests/bpf/prog_tests/task_local_storage.c @@ -23,14 +23,14 @@ static void test_sys_enter_exit(void) if (!ASSERT_OK_PTR(skel, "skel_open_and_load")) return; - skel->bss->target_pid = syscall(SYS_gettid); + skel->bss->target_pid = sys_gettid(); err = task_local_storage__attach(skel); if (!ASSERT_OK(err, "skel_attach")) goto out; - syscall(SYS_gettid); - syscall(SYS_gettid); + sys_gettid(); + sys_gettid(); /* 3x syscalls: 1x attach and 2x gettid */ ASSERT_EQ(skel->bss->enter_cnt, 3, "enter_cnt"); @@ -99,7 +99,7 @@ static void test_recursion(void) /* trigger sys_enter, make sure it does not cause deadlock */ skel->bss->test_pid = getpid(); - syscall(SYS_gettid); + sys_gettid(); skel->bss->test_pid = 0; task_ls_recursion__detach(skel); diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c index c1ac813ff9ba..02a484b22aa6 100644 --- a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c +++ b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c @@ -125,7 +125,7 @@ static void *child_thread(void *ctx) struct child *child = ctx; int c = 0, err; - child->tid = syscall(SYS_gettid); + child->tid = sys_gettid(); /* let parent know we are ready */ err = write(child->c2p[1], &c, 1); -- 2.43.5

3 months, 1 week

2
1
0 0

[PATCH stable v5.4 v2 0/3] Missing overflow changes

by Florian Fainelli

This patch series backports the minimum set of changes in order to fix this warning that popped up with >= 5.4.284 stable kernels: In file included from ./include/linux/mm.h:29, from ./include/linux/pagemap.h:8, from ./include/linux/buffer_head.h:14, from fs/udf/udfdecl.h:12, from fs/udf/super.c:41: fs/udf/super.c: In function 'udf_fill_partdesc_info': ./include/linux/overflow.h:70:15: warning: comparison of distinct pointer types lacks a cast (void) (&__a == &__b); \ ^~ fs/udf/super.c:1162:7: note: in expansion of macro 'check_add_overflow' if (check_add_overflow(map->s_partition_len, ^~~~~~~~~~~~~~~~~~ Changes in v2: - added missing upstream commit ID to the last patch in the series Kees Cook (2): overflow: Add __must_check attribute to check_*() helpers overflow: Allow mixed type arguments Keith Busch (1): overflow: Correct check_shl_overflow() comment include/linux/overflow.h | 101 +++++++++++++++++++++++---------------- 1 file changed, 60 insertions(+), 41 deletions(-) -- 2.34.1

3 months, 1 week

2
6
0 0

[PATCH 6.1] x86/mm: Don't disable PCID when INVLPG has been fixed by microcode

by Pawan Gupta

From: Xi Ruoyao <xry111(a)xry111.site> commit f24f669d03f884a6ef95cca84317d0f329e93961 upstream. Per the "Processor Specification Update" documentations referred by the intel-microcode-20240312 release note, this microcode release has fixed the issue for all affected models. So don't disable PCID if the microcode is new enough. The precise minimum microcode revision fixing the issue was provided by Pawan Intel. [ dhansen: comment and changelog tweaks ] [ pawan: backported to 6.1 s/ATOM_GRACEMONT/ALDERLAKE_N/ ] Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/all/168436059559.404.13934972543631851306.tip-bot2@… Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/release… Link: https://cdrdv2.intel.com/v1/dl/getContent/740518 # RPL042, rev. 13 Link: https://cdrdv2.intel.com/v1/dl/getContent/682436 # ADL063, rev. 24 Link: https://lore.kernel.org/all/20240325231300.qrltbzf6twm43ftb@desk/ Link: https://lore.kernel.org/all/20240522020625.69418-1-xry111%40xry111.site --- arch/x86/mm/init.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index ed861ef33f80..ab697ee64528 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -263,28 +263,33 @@ static void __init probe_page_size_mask(void) } /* - * INVLPG may not properly flush Global entries - * on these CPUs when PCIDs are enabled. + * INVLPG may not properly flush Global entries on + * these CPUs. New microcode fixes the issue. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0), - X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0), - X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0x2e), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0x42c), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, 0x11), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0x118), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0x4117), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0x2e), {} }; static void setup_pcid(void) { + const struct x86_cpu_id *invlpg_miss_match; + if (!IS_ENABLED(CONFIG_X86_64)) return; if (!boot_cpu_has(X86_FEATURE_PCID)) return; - if (x86_match_cpu(invlpg_miss_ids)) { + invlpg_miss_match = x86_match_cpu(invlpg_miss_ids); + + if (invlpg_miss_match && + boot_cpu_data.microcode < invlpg_miss_match->driver_data) { pr_info("Incomplete global flushes, disabling PCID"); setup_clear_cpu_cap(X86_FEATURE_PCID); return; --- base-commit: 6ae7ac5c4251b139da4b672fe4157f2089a9d922 change-id: 20250307-clear-pcid-6-1-3f7b1af35cb2 Best regards, -- Thanks, Pawan

3 months, 1 week

2
1
0 0

[PATCH 1/2] virt: sev-guest: Allocate request data dynamically

by Alexey Kardashevskiy

From: Nikunj A Dadhania <nikunj(a)amd.com> Commit ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") narrowed the command mutex scope to snp_send_guest_request. However, GET_REPORT, GET_DERIVED_KEY, and GET_EXT_REPORT share the req structure in snp_guest_dev. Without the mutex protection, concurrent requests can overwrite each other's data. Fix it by dynamically allocating the request structure. Fixes: ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") Cc: stable(a)vger.kernel.org Reported-by: andreas.stuehrk(a)yaxi.tech Closes: https://github.com/AMDESE/AMDSEV/issues/265 Signed-off-by: Nikunj A Dadhania <nikunj(a)amd.com> --- drivers/virt/coco/sev-guest/sev-guest.c | 24 ++++++++++++-------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index ddec5677e247..4699fdc9ed44 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -39,12 +39,6 @@ struct snp_guest_dev { struct miscdevice misc; struct snp_msg_desc *msg_desc; - - union { - struct snp_report_req report; - struct snp_derived_key_req derived_key; - struct snp_ext_report_req ext_report; - } req; }; /* @@ -72,7 +66,7 @@ struct snp_req_resp { static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { - struct snp_report_req *report_req = &snp_dev->req.report; + struct snp_report_req *report_req __free(kfree) = NULL; struct snp_msg_desc *mdesc = snp_dev->msg_desc; struct snp_report_resp *report_resp; struct snp_guest_req req = {}; @@ -81,6 +75,10 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io if (!arg->req_data || !arg->resp_data) return -EINVAL; + report_req = kzalloc(sizeof(*report_req), GFP_KERNEL_ACCOUNT); + if (!report_req) + return -ENOMEM; + if (copy_from_user(report_req, (void __user *)arg->req_data, sizeof(*report_req))) return -EFAULT; @@ -117,7 +115,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { - struct snp_derived_key_req *derived_key_req = &snp_dev->req.derived_key; + struct snp_derived_key_req *derived_key_req __free(kfree) = NULL; struct snp_derived_key_resp derived_key_resp = {0}; struct snp_msg_desc *mdesc = snp_dev->msg_desc; struct snp_guest_req req = {}; @@ -137,6 +135,10 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque if (sizeof(buf) < resp_len) return -ENOMEM; + derived_key_req = kzalloc(sizeof(*derived_key_req), GFP_KERNEL_ACCOUNT); + if (!derived_key_req) + return -ENOMEM; + if (copy_from_user(derived_key_req, (void __user *)arg->req_data, sizeof(*derived_key_req))) return -EFAULT; @@ -169,7 +171,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques struct snp_req_resp *io) { - struct snp_ext_report_req *report_req = &snp_dev->req.ext_report; + struct snp_ext_report_req *report_req __free(kfree) = NULL; struct snp_msg_desc *mdesc = snp_dev->msg_desc; struct snp_report_resp *report_resp; struct snp_guest_req req = {}; @@ -179,6 +181,10 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) return -EINVAL; + report_req = kzalloc(sizeof(*report_req), GFP_KERNEL_ACCOUNT); + if (!report_req) + return -ENOMEM; + if (copy_from_sockptr(report_req, io->req_data, sizeof(*report_req))) return -EFAULT; -- 2.47.1

3 months, 1 week

3
3
0 0

[PATCH 5.15.y] fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super

by Miguel García

3 months, 1 week

2
1
0 0

[PATCH 5.10] crypto: hisilicon/qm - inject error before stopping queue

by Xiangyu Chen

From: Weili Qian <qianweili(a)huawei.com> commit b04f06fc0243600665b3b50253869533b7938468 upstream. The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. Currently, the qm error is injected after stopping queue, memory may be released immediately after stopping queue, causing the device to access the released memory. Therefore, error is injected to close master ooo before stopping queue to ensure that the device does not access the released memory. Fixes: 6c6dd5802c2d ("crypto: hisilicon/qm - add controller reset interface") Signed-off-by: Weili Qian <qianweili(a)huawei.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the code compile on arm64 toolchain --- drivers/crypto/hisilicon/qm.c | 46 +++++++++++++++++------------------ 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c index 530f23116d7c..8988ee714ce1 100644 --- a/drivers/crypto/hisilicon/qm.c +++ b/drivers/crypto/hisilicon/qm.c @@ -3354,6 +3354,27 @@ static int qm_set_vf_mse(struct hisi_qm *qm, bool set) return -ETIMEDOUT; } +static void qm_dev_ecc_mbit_handle(struct hisi_qm *qm) +{ + u32 nfe_enb = 0; + + if (!qm->err_status.is_dev_ecc_mbit && + qm->err_status.is_qm_ecc_mbit && + qm->err_ini->close_axi_master_ooo) { + + qm->err_ini->close_axi_master_ooo(qm); + + } else if (qm->err_status.is_dev_ecc_mbit && + !qm->err_status.is_qm_ecc_mbit && + !qm->err_ini->close_axi_master_ooo) { + + nfe_enb = readl(qm->io_base + QM_RAS_NFE_ENABLE); + writel(nfe_enb & QM_RAS_NFE_MBIT_DISABLE, + qm->io_base + QM_RAS_NFE_ENABLE); + writel(QM_ECC_MBIT, qm->io_base + QM_ABNORMAL_INT_SET); + } +} + static int qm_set_msi(struct hisi_qm *qm, bool set) { struct pci_dev *pdev = qm->pdev; @@ -3433,6 +3454,8 @@ static int qm_controller_reset_prepare(struct hisi_qm *qm) return ret; } + qm_dev_ecc_mbit_handle(qm); + if (qm->vfs_num) { ret = qm_vf_reset_prepare(qm, QM_SOFT_RESET); if (ret) { @@ -3450,27 +3473,6 @@ static int qm_controller_reset_prepare(struct hisi_qm *qm) return 0; } -static void qm_dev_ecc_mbit_handle(struct hisi_qm *qm) -{ - u32 nfe_enb = 0; - - if (!qm->err_status.is_dev_ecc_mbit && - qm->err_status.is_qm_ecc_mbit && - qm->err_ini->close_axi_master_ooo) { - - qm->err_ini->close_axi_master_ooo(qm); - - } else if (qm->err_status.is_dev_ecc_mbit && - !qm->err_status.is_qm_ecc_mbit && - !qm->err_ini->close_axi_master_ooo) { - - nfe_enb = readl(qm->io_base + QM_RAS_NFE_ENABLE); - writel(nfe_enb & QM_RAS_NFE_MBIT_DISABLE, - qm->io_base + QM_RAS_NFE_ENABLE); - writel(QM_ECC_MBIT, qm->io_base + QM_ABNORMAL_INT_SET); - } -} - static int qm_soft_reset(struct hisi_qm *qm) { struct pci_dev *pdev = qm->pdev; @@ -3496,8 +3498,6 @@ static int qm_soft_reset(struct hisi_qm *qm) return ret; } - qm_dev_ecc_mbit_handle(qm); - /* OOO register set and check */ writel(ACC_MASTER_GLOBAL_CTRL_SHUTDOWN, qm->io_base + ACC_MASTER_GLOBAL_CTRL); -- 2.25.1

3 months, 1 week

2
1
0 0

[PATCH v2 6.6] mm/mempolicy: fix unbalanced unlock in backported VMA check

by Alexey Panov

No upstream commit exists for this commit. The issue was introduced with backporting upstream commit 091c1dd2d4df ("mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM"). The backport incorrectly added unlock logic to a path where mmap_lock was provided by external context in do_migrate_pages(), creating lock imbalance when no VMAs are found. This fixes the report: WARNING: bad unlock balance detected! 6.6.79 #1 Not tainted ------------------------------------- repro/9655 is trying to release lock (&mm->mmap_lock) at: [<ffffffff81daa36f>] mmap_read_unlock include/linux/mmap_lock.h:173 [inline] [<ffffffff81daa36f>] do_migrate_pages+0x59f/0x700 mm/mempolicy.c:1196 but there are no more locks to release! other info that might help us debug this: no locks held by repro/9655. stack backtrace: CPU: 1 PID: 9655 Comm: a Not tainted 6.6.79 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd5/0x1b0 lib/dump_stack.c:106 __lock_release kernel/locking/lockdep.c:5431 [inline] lock_release+0x4b1/0x680 kernel/locking/lockdep.c:5774 up_read+0x12/0x20 kernel/locking/rwsem.c:1615 mmap_read_unlock include/linux/mmap_lock.h:173 [inline] do_migrate_pages+0x59f/0x700 mm/mempolicy.c:1196 kernel_migrate_pages+0x59b/0x780 mm/mempolicy.c:1665 __do_sys_migrate_pages mm/mempolicy.c:1684 [inline] __se_sys_migrate_pages mm/mempolicy.c:1680 [inline] __x64_sys_migrate_pages+0x92/0xf0 mm/mempolicy.c:1680 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x34/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: a13b2b9b0b0b ("mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM") Signed-off-by: Alexey Panov <apanov(a)astralinux.ru> --- v2: Clarify mmap_lock context in commit description. Fix braces for a single statement block. Add empty line after VM_BUG_ON to look more consistent with upstream. mm/mempolicy.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 94c74c594d10..d2855507d2e9 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1070,11 +1070,10 @@ static long migrate_to_node(struct mm_struct *mm, int source, int dest, node_set(source, nmask); VM_BUG_ON(!(flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL))); + vma = find_vma(mm, 0); - if (unlikely(!vma)) { - mmap_read_unlock(mm); + if (unlikely(!vma)) return 0; - } /* * This does not migrate the range, but isolates all pages that -- 2.30.2

3 months, 1 week

2
1
0 0

[PATCH 6.1 000/176] 6.1.130-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.130 release. There are 176 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 07 Mar 2025 17:44:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.130-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.130-rc1 Fullway Wang <fullwaywang(a)outlook.com> media: mtk-vcodec: potential null pointer deference in SCP Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check the inode number is not the invalid value of zero Jiaxun Yang <jiaxun.yang(a)flygoat.com> mm/memory: Use exception ip to search exception tables Jiaxun Yang <jiaxun.yang(a)flygoat.com> ptrace: Introduce exception_ip arch hook Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: fixed integer types and null check locations Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() David Howells <dhowells(a)redhat.com> mm: Don't pin ZERO_PAGE in pin_user_pages() Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Guillaume Nault <gnault(a)redhat.com> ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert ip_route_input() to dscp_t. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert icmp_route_lookup() to dscp_t. Ido Schimmel <idosch(a)nvidia.com> ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Pass full DS field to ip_route_input() Peilin He <he.peilin(a)zte.com.cn> net/ipv4: add tracepoint for icmp_send Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> afs: Make it possible to find the volumes that are using a server Colin Ian King <colin.i.king(a)gmail.com> afs: remove variable nr_servers Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix AH static rate parsing Or Har-Toov <ohartoov(a)nvidia.com> IB/core: Add support for XDR link speed Leon Romanovsky <leon(a)kernel.org> RDMA/mlx5: Reduce QP table exposure Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx: Calling qp event handler in workqueue context Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Stephen Brennan <stephen.s.brennan(a)oracle.com> SUNRPC: convert RPC_TASK_* constants to enum Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix the recovery flow of the UMR QP Shay Drory <shayd(a)nvidia.com> RDMA/mlx5: Implement mkeys management via LIFO queue Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Add work to remove temporary entries from the cache Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Cache all user cacheable mkeys on dereg MR flow Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Introduce mlx5r_cache_rb_key Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Change the cache structure to an RB-tree Aharon Landau <aharonl(a)nvidia.com> RDMA/mlx5: Remove implicit ODP cache entry Aharon Landau <aharonl(a)nvidia.com> RDMA/mlx5: Don't keep umrable 'page_shift' in cache entries Xin Long <lucien.xin(a)gmail.com> netfilter: allow exp not to be removed in nf_ct_find_expectation Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Fix wrong register value written to MR Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Avoid overwriting delay register settings Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix bfqq uaf in bfq_limit_depth() Paolo Valente <paolo.valente(a)linaro.org> block, bfq: split sync bfq_queues on a per-actuator basis Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Jiayuan Chen <mrpre(a)163.com> bpf: Fix wrong copied_seq calculation Jiayuan Chen <mrpre(a)163.com> strparser: Add read_sock callback Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> drm/rcar-du: dsi: Fix PHY lock bit check Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Fix race condition while handling interrupt registers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Add simple K2G manual reset Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add stat for tx direct vs tx batched Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Introduce send sub-crq direct Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Return error code on TX scrq flush fail Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s/mm: Move __real_pte stubs into hash-4k.h John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Roy Luo <royluo(a)google.com> usb: gadget: core: flush gadget workqueue after device removal Roy Luo <royluo(a)google.com> USB: gadget: core: create sysfs link between udc and gadget Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Refactor iterators Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Yang Yingliang <yangyingliang(a)huawei.com> media: Switch to use dev_err_probe() helper Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> soc/mediatek: mtk-devapc: Convert to platform remove callback returning void Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled() Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Eddie James <eajames(a)linux.ibm.com> tpm: Use managed allocation for bios event log Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: trim addresses to 8 digits Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Douglas Gilbert <dgilbert(a)interlog.com> scsi: core: Handle depopulation and restoration in progress Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Add dummy clock ops Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Support downloading board id specific NVM for WCN7850 Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Yang Yingliang <yangyingliang(a)huawei.com> spi: atmel-quadspi: switch to use modern name Tudor Ambarus <tudor.ambarus(a)microchip.com> spi: atmel-quadspi: Add support for configuring CS timing Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Carlos Galo <carlosgalo(a)google.com> mm: update mark_victim tracepoints fields Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: add 'sync_size' into struct md_bitmap_stats Yu Kuai <yukuai3(a)huawei.com> md/md-cluster: fix spares warnings for __le64 Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() Yu Kuai <yukuai3(a)huawei.com> md: simplify md_seq_ops Yu Kuai <yukuai3(a)huawei.com> md: factor out a helper from mddev_put() Yu Kuai <yukuai3(a)huawei.com> md: use separate work_struct for md_start_sync() Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings ------------- Diffstat: Documentation/core-api/pin_user_pages.rst | 6 + Documentation/networking/strparser.rst | 9 +- Makefile | 4 +- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 4 +- arch/arm64/include/asm/mman.h | 9 +- arch/mips/include/asm/ptrace.h | 2 + arch/mips/kernel/ptrace.c | 7 + arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 + arch/powerpc/include/asm/book3s/64/pgtable.h | 26 - arch/powerpc/lib/code-patching.c | 2 +- arch/riscv/include/asm/futex.h | 2 +- arch/x86/Kconfig | 3 +- arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/bugs.c | 20 +- arch/x86/kernel/cpu/cyrix.c | 4 +- block/bfq-cgroup.c | 97 +-- block/bfq-iosched.c | 195 ++++-- block/bfq-iosched.h | 51 +- drivers/bluetooth/btqca.c | 110 ++- drivers/char/tpm/eventlog/acpi.c | 16 +- drivers/char/tpm/eventlog/efi.c | 13 +- drivers/char/tpm/eventlog/of.c | 3 +- drivers/char/tpm/tpm-chip.c | 1 - drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mediatek/clk-mtk.c | 16 + drivers/clk/mediatek/clk-mtk.h | 19 + drivers/edac/qcom_edac.c | 4 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 +- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 +- drivers/gpu/drm/i915/display/intel_display.c | 18 + drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/rcar-du/rcar_mipi_dsi.c | 2 +- drivers/gpu/drm/rcar-du/rcar_mipi_dsi_regs.h | 1 - drivers/gpu/drm/tidss/tidss_dispc.c | 22 +- drivers/gpu/drm/tidss/tidss_irq.c | 2 + drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/core/sysfs.c | 4 + drivers/infiniband/core/uverbs_std_types_device.c | 3 +- drivers/infiniband/core/verbs.c | 3 + drivers/infiniband/hw/mlx4/main.c | 8 + drivers/infiniband/hw/mlx4/mlx4_ib.h | 3 + drivers/infiniband/hw/mlx4/qp.c | 121 +++- drivers/infiniband/hw/mlx5/ah.c | 3 +- drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/main.c | 7 + drivers/infiniband/hw/mlx5/mlx5_ib.h | 60 +- drivers/infiniband/hw/mlx5/mr.c | 742 ++++++++++++++------- drivers/infiniband/hw/mlx5/odp.c | 40 +- drivers/infiniband/hw/mlx5/qp.c | 129 ++-- drivers/infiniband/hw/mlx5/qp.h | 14 +- drivers/infiniband/hw/mlx5/qpc.c | 3 +- drivers/infiniband/hw/mlx5/umr.c | 87 ++- drivers/md/md-bitmap.c | 34 +- drivers/md/md-bitmap.h | 9 +- drivers/md/md-cluster.c | 34 +- drivers/md/md.c | 171 +++-- drivers/md/md.h | 5 +- drivers/media/cec/platform/stm32/stm32-cec.c | 9 +- drivers/media/i2c/ad5820.c | 18 +- drivers/media/i2c/imx274.c | 5 +- drivers/media/i2c/tc358743.c | 9 +- drivers/media/platform/mediatek/mdp/mtk_mdp_comp.c | 5 +- .../platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 + .../mediatek/vcodec/vdec/vdec_h264_req_multi_if.c | 9 +- .../media/platform/samsung/exynos4-is/media-dev.c | 4 +- drivers/media/platform/st/stm32/stm32-dcmi.c | 27 +- drivers/media/platform/ti/omap3isp/isp.c | 3 +- drivers/media/platform/xilinx/xilinx-csi2rxss.c | 8 +- drivers/media/rc/gpio-ir-recv.c | 10 +- drivers/media/rc/gpio-ir-tx.c | 9 +- drivers/media/rc/ir-rx51.c | 9 +- drivers/media/usb/uvc/uvc_ctrl.c | 99 ++- drivers/media/usb/uvc/uvc_driver.c | 35 +- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +- drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 100 ++- drivers/net/ethernet/ibm/ibmvnic.c | 85 ++- drivers/net/ethernet/ibm/ibmvnic.h | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx4/qp.c | 14 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/ipvlan/ipvlan_core.c | 24 +- drivers/net/loopback.c | 14 + drivers/net/usb/gl620a.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/power/supply/da9150-fg.c | 4 +- drivers/scsi/scsi_lib.c | 22 +- drivers/scsi/sd.c | 4 + drivers/soc/mediatek/mtk-devapc.c | 36 +- drivers/spi/atmel-quadspi.c | 172 +++-- drivers/tee/optee/supp.c | 35 +- drivers/usb/gadget/function/f_midi.c | 2 +- drivers/usb/gadget/udc/core.c | 11 +- fs/afs/cell.c | 1 + fs/afs/internal.h | 23 +- fs/afs/server.c | 1 + fs/afs/server_list.c | 114 +++- fs/afs/vl_alias.c | 2 +- fs/afs/volume.c | 40 +- fs/overlayfs/copy_up.c | 2 +- fs/smb/client/smb2ops.c | 4 + fs/squashfs/inode.c | 5 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/mlx4/qp.h | 1 + include/linux/mlx5/driver.h | 10 - include/linux/mm.h | 26 +- include/linux/netdevice.h | 2 + include/linux/ptrace.h | 4 + include/linux/skmsg.h | 2 + include/linux/sunrpc/sched.h | 17 +- include/net/dst.h | 9 + include/net/ip.h | 5 + include/net/netfilter/nf_conntrack_expect.h | 2 +- include/net/route.h | 5 +- include/net/strparser.h | 2 + include/net/tcp.h | 22 + include/rdma/ib_verbs.h | 4 +- include/trace/events/icmp.h | 67 ++ include/trace/events/oom.h | 36 +- include/trace/events/sunrpc.h | 3 +- include/uapi/rdma/ib_user_ioctl_verbs.h | 3 +- io_uring/net.c | 4 +- kernel/acct.c | 134 ++-- kernel/bpf/syscall.c | 18 +- kernel/events/core.c | 17 +- kernel/events/uprobes.c | 5 + kernel/sched/core.c | 2 +- kernel/trace/ftrace.c | 30 +- kernel/trace/trace_events_hist.c | 34 +- kernel/trace/trace_functions.c | 6 +- mm/gup.c | 31 +- mm/madvise.c | 11 +- mm/memcontrol.c | 7 +- mm/memory.c | 4 +- mm/oom_kill.c | 14 +- net/bluetooth/l2cap_core.c | 9 +- net/bpf/test_run.c | 5 +- net/bridge/br_netfilter_hooks.c | 8 +- net/core/dev.c | 37 +- net/core/drop_monitor.c | 39 +- net/core/flow_dissector.c | 49 +- net/core/gro.c | 1 + net/core/skbuff.c | 2 +- net/core/skmsg.c | 7 + net/core/sysctl_net_core.c | 3 +- net/ipv4/arp.c | 2 +- net/ipv4/icmp.c | 24 +- net/ipv4/ip_options.c | 3 +- net/ipv4/tcp.c | 29 +- net/ipv4/tcp_bpf.c | 36 + net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 8 +- net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/ip6_tunnel.c | 4 +- net/ipv6/rpl_iptunnel.c | 58 +- net/ipv6/seg6_iptunnel.c | 97 ++- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 15 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_expect.c | 4 +- net/netfilter/nft_ct.c | 2 + net/sched/sch_fifo.c | 3 + net/strparser/strparser.c | 11 +- net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 +- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/es8328.c | 15 +- sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sh/rz-ssi.c | 2 + sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + 199 files changed, 3053 insertions(+), 1460 deletions(-)

3 months, 1 week

9
184
0 0

[PATCH] ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model

by Thomas Mizrahi

The internal microphone on the Lenovo ThinkPad E16 model requires a quirk entry to work properly. This was fixed in a previous patch (linked below), but depending on the specific variant of the model, the product name may be "21M5" or "21M6". The following patch fixed this issue for the 21M5 variant: https://lore.kernel.org/all/20240725065442.9293-1-tiwai@suse.de/ This patch adds support for the microphone on the 21M6 variant. Link: https://github.com/ramaureirac/thinkpad-e14-linux/issues/31 Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Mizrahi <thomasmizra(a)gmail.com> --- I recently acquired a ThinkPad E16 Gen 2 AMD and could not get the internal microphone working. After some research, I discovered this issue. Since my machine is a 21M6 variant, the required quirk was not applied by the existing patch. After applying this patch and testing on my machine, the microphone was immediately recognized and worked without further issues. sound/soc/amd/yc/acp6x-mach.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c index b16587d8f97a..a7637056972a 100644 --- a/sound/soc/amd/yc/acp6x-mach.c +++ b/sound/soc/amd/yc/acp6x-mach.c @@ -248,6 +248,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = { DMI_MATCH(DMI_PRODUCT_NAME, "21M5"), } }, + { + .driver_data = &acp6x_card, + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "21M6"), + } + }, { .driver_data = &acp6x_card, .matches = { -- 2.48.1

3 months, 1 week

2
1
0 0

Re: [PATCH v1] usb: core: fix pipe creation for get_bMaxPacketSize0

by Alan Stern

On Thu, Mar 06, 2025 at 09:06:23PM +0000, Colin Evans wrote: > > Please try collecting a usbmon trace for bus 2 showing the problem. > > Ideally the trace should show what happens from system boot-up, but > > there's no way to do that. Instead, you can do this (the first command > > below disables the bus, the second starts the usbmon trace, and the > > third re-enables the bus): > > > > echo 0 >/sys/bus/usb/devices/usb2/bConfigurationValue > > cat /sys/kernel/debug/usb/usbmon/2u >usbmon.txt & > > echo 1 >/sys/bus/usb/devices/usb2/bConfigurationValue > > > > Then after enough time has passed for the errors to show up, kill the > > "cat" process and post the resulting trace file. (Note: If your > > keyboard is attached to bus 2, you won't be able to use it to issue the > > second and third commands. You could use a network login, or put the > > commands into a shell file and run them that way.) > > > > In fact, you should do this twice: The second time, run it on machine 2 > > with the powered hub plugged in to suppress the errors. > > > > Alan Stern > > Happy to try this, but as it stands there is no such file, or file-like > thing, on my machine- > > # ls /sys/kernel/debug/usb/usbmon/2u > ls: cannot access '/sys/kernel/debug/usb/usbmon/2u': No such file or > directory > > # find /sys/kernel/debug/usb -name "2u" > # > > # ls /sys/kernel/debug/usb > devices ehci ohci uhci uvcvideo xhci > > > It seems something is missing? Ah -- you have to load the usbmon module first: modprobe usbmon Some distributions do this for you automatically. Alan Stern

3 months, 1 week

2
4
0 0

FAILED: patch "[PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c133ec0e5717868c9967fa3df92a55e537b1aead # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030900-slaw-onstage-6b47@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c133ec0e5717868c9967fa3df92a55e537b1aead Mon Sep 17 00:00:00 2001 From: Michal Pecio <michal.pecio(a)gmail.com> Date: Tue, 25 Feb 2025 11:59:27 +0200 Subject: [PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250225095927.2512358-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48)

3 months, 1 week

3
3
0 0

Re: patch "acpi: typec: ucsi: Introduce a ->poll_cci method" added to usb-linus

by Fedor Pchelkin

On Wed, 19. Feb 15:20, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > acpi: typec: ucsi: Introduce a ->poll_cci method > > to my usb git tree which can be found at > git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git > in the usb-linus branch. > > The patch will show up in the next release of the linux-next tree > (usually sometime within the next 24 hours during the week.) > > The patch will hopefully also be merged in Linus's tree for the > next -rc kernel release. > > If you have any questions about this process, please let me know. > > > From 976e7e9bdc7719a023a4ecccd2e3daec9ab20a40 Mon Sep 17 00:00:00 2001 > From: "Christian A. Ehrhardt" <lk(a)c--e.de> > Date: Mon, 17 Feb 2025 13:54:39 +0300 > Subject: acpi: typec: ucsi: Introduce a ->poll_cci method > > For the ACPI backend of UCSI the UCSI "registers" are just a memory copy > of the register values in an opregion. The ACPI implementation in the > BIOS ensures that the opregion contents are synced to the embedded > controller and it ensures that the registers (in particular CCI) are > synced back to the opregion on notifications. While there is an ACPI call > that syncs the actual registers to the opregion there is rarely a need to > do this and on some ACPI implementations it actually breaks in various > interesting ways. > > The only reason to force a sync from the embedded controller is to poll > CCI while notifications are disabled. Only the ucsi core knows if this > is the case and guessing based on the current command is suboptimal, i.e. > leading to the following spurious assertion splat: > > WARNING: CPU: 3 PID: 76 at drivers/usb/typec/ucsi/ucsi.c:1388 ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] > CPU: 3 UID: 0 PID: 76 Comm: kworker/3:0 Not tainted 6.12.11-200.fc41.x86_64 #1 > Hardware name: LENOVO 21D0/LNVNB161216, BIOS J6CN45WW 03/17/2023 > Workqueue: events_long ucsi_init_work [typec_ucsi] > RIP: 0010:ucsi_reset_ppm+0x1b4/0x1c0 [typec_ucsi] > Call Trace: > <TASK> > ucsi_init_work+0x3c/0xac0 [typec_ucsi] > process_one_work+0x179/0x330 > worker_thread+0x252/0x390 > kthread+0xd2/0x100 > ret_from_fork+0x34/0x50 > ret_from_fork_asm+0x1a/0x30 > </TASK> > > Thus introduce a ->poll_cci() method that works like ->read_cci() with an > additional forced sync and document that this should be used when polling > with notifications disabled. For all other backends that presumably don't > have this issue use the same implementation for both methods. > > Fixes: fa48d7e81624 ("usb: typec: ucsi: Do not call ACPI _DSM method for UCSI read operations") > Cc: stable <stable(a)kernel.org> Oh, the stable tag has been mangled here.. I didn't notice this, sorry. Now Cc'ing the appropriate list. Could you apply the patch to stables based on Fixes tag then, please? They are 6.12 and 6.13. Thanks! > Signed-off-by: Christian A. Ehrhardt <lk(a)c--e.de> > Tested-by: Fedor Pchelkin <boddah8794(a)gmail.com> > Signed-off-by: Fedor Pchelkin <boddah8794(a)gmail.com> > Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> > Link: https://lore.kernel.org/r/20250217105442.113486-2-boddah8794@gmail.com > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/usb/typec/ucsi/ucsi.c | 10 +++++----- > drivers/usb/typec/ucsi/ucsi.h | 2 ++ > drivers/usb/typec/ucsi/ucsi_acpi.c | 21 ++++++++++++++------- > drivers/usb/typec/ucsi/ucsi_ccg.c | 1 + > drivers/usb/typec/ucsi/ucsi_glink.c | 1 + > drivers/usb/typec/ucsi/ucsi_stm32g0.c | 1 + > drivers/usb/typec/ucsi/ucsi_yoga_c630.c | 1 + > 7 files changed, 25 insertions(+), 12 deletions(-) > > diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c > index fcf499cc9458..0fe1476f4c29 100644 > --- a/drivers/usb/typec/ucsi/ucsi.c > +++ b/drivers/usb/typec/ucsi/ucsi.c > @@ -1346,7 +1346,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) > > mutex_lock(&ucsi->ppm_lock); > > - ret = ucsi->ops->read_cci(ucsi, &cci); > + ret = ucsi->ops->poll_cci(ucsi, &cci); > if (ret < 0) > goto out; > > @@ -1364,7 +1364,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) > > tmo = jiffies + msecs_to_jiffies(UCSI_TIMEOUT_MS); > do { > - ret = ucsi->ops->read_cci(ucsi, &cci); > + ret = ucsi->ops->poll_cci(ucsi, &cci); > if (ret < 0) > goto out; > if (cci & UCSI_CCI_COMMAND_COMPLETE) > @@ -1393,7 +1393,7 @@ static int ucsi_reset_ppm(struct ucsi *ucsi) > /* Give the PPM time to process a reset before reading CCI */ > msleep(20); > > - ret = ucsi->ops->read_cci(ucsi, &cci); > + ret = ucsi->ops->poll_cci(ucsi, &cci); > if (ret) > goto out; > > @@ -1929,8 +1929,8 @@ struct ucsi *ucsi_create(struct device *dev, const struct ucsi_operations *ops) > struct ucsi *ucsi; > > if (!ops || > - !ops->read_version || !ops->read_cci || !ops->read_message_in || > - !ops->sync_control || !ops->async_control) > + !ops->read_version || !ops->read_cci || !ops->poll_cci || > + !ops->read_message_in || !ops->sync_control || !ops->async_control) > return ERR_PTR(-EINVAL); > > ucsi = kzalloc(sizeof(*ucsi), GFP_KERNEL); > diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h > index 82735eb34f0e..28780acc4af2 100644 > --- a/drivers/usb/typec/ucsi/ucsi.h > +++ b/drivers/usb/typec/ucsi/ucsi.h > @@ -62,6 +62,7 @@ struct dentry; > * struct ucsi_operations - UCSI I/O operations > * @read_version: Read implemented UCSI version > * @read_cci: Read CCI register > + * @poll_cci: Read CCI register while polling with notifications disabled > * @read_message_in: Read message data from UCSI > * @sync_control: Blocking control operation > * @async_control: Non-blocking control operation > @@ -76,6 +77,7 @@ struct dentry; > struct ucsi_operations { > int (*read_version)(struct ucsi *ucsi, u16 *version); > int (*read_cci)(struct ucsi *ucsi, u32 *cci); > + int (*poll_cci)(struct ucsi *ucsi, u32 *cci); > int (*read_message_in)(struct ucsi *ucsi, void *val, size_t val_len); > int (*sync_control)(struct ucsi *ucsi, u64 command); > int (*async_control)(struct ucsi *ucsi, u64 command); > diff --git a/drivers/usb/typec/ucsi/ucsi_acpi.c b/drivers/usb/typec/ucsi/ucsi_acpi.c > index 5c5515551963..ac1ebb5d9527 100644 > --- a/drivers/usb/typec/ucsi/ucsi_acpi.c > +++ b/drivers/usb/typec/ucsi/ucsi_acpi.c > @@ -59,19 +59,24 @@ static int ucsi_acpi_read_version(struct ucsi *ucsi, u16 *version) > static int ucsi_acpi_read_cci(struct ucsi *ucsi, u32 *cci) > { > struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); > - int ret; > - > - if (UCSI_COMMAND(ua->cmd) == UCSI_PPM_RESET) { > - ret = ucsi_acpi_dsm(ua, UCSI_DSM_FUNC_READ); > - if (ret) > - return ret; > - } > > memcpy(cci, ua->base + UCSI_CCI, sizeof(*cci)); > > return 0; > } > > +static int ucsi_acpi_poll_cci(struct ucsi *ucsi, u32 *cci) > +{ > + struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); > + int ret; > + > + ret = ucsi_acpi_dsm(ua, UCSI_DSM_FUNC_READ); > + if (ret) > + return ret; > + > + return ucsi_acpi_read_cci(ucsi, cci); > +} > + > static int ucsi_acpi_read_message_in(struct ucsi *ucsi, void *val, size_t val_len) > { > struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi); > @@ -94,6 +99,7 @@ static int ucsi_acpi_async_control(struct ucsi *ucsi, u64 command) > static const struct ucsi_operations ucsi_acpi_ops = { > .read_version = ucsi_acpi_read_version, > .read_cci = ucsi_acpi_read_cci, > + .poll_cci = ucsi_acpi_poll_cci, > .read_message_in = ucsi_acpi_read_message_in, > .sync_control = ucsi_sync_control_common, > .async_control = ucsi_acpi_async_control > @@ -142,6 +148,7 @@ static int ucsi_gram_sync_control(struct ucsi *ucsi, u64 command) > static const struct ucsi_operations ucsi_gram_ops = { > .read_version = ucsi_acpi_read_version, > .read_cci = ucsi_acpi_read_cci, > + .poll_cci = ucsi_acpi_poll_cci, > .read_message_in = ucsi_gram_read_message_in, > .sync_control = ucsi_gram_sync_control, > .async_control = ucsi_acpi_async_control > diff --git a/drivers/usb/typec/ucsi/ucsi_ccg.c b/drivers/usb/typec/ucsi/ucsi_ccg.c > index 740171f24ef9..4b1668733a4b 100644 > --- a/drivers/usb/typec/ucsi/ucsi_ccg.c > +++ b/drivers/usb/typec/ucsi/ucsi_ccg.c > @@ -664,6 +664,7 @@ static int ucsi_ccg_sync_control(struct ucsi *ucsi, u64 command) > static const struct ucsi_operations ucsi_ccg_ops = { > .read_version = ucsi_ccg_read_version, > .read_cci = ucsi_ccg_read_cci, > + .poll_cci = ucsi_ccg_read_cci, > .read_message_in = ucsi_ccg_read_message_in, > .sync_control = ucsi_ccg_sync_control, > .async_control = ucsi_ccg_async_control, > diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c b/drivers/usb/typec/ucsi/ucsi_glink.c > index fed39d458090..8af79101a2fc 100644 > --- a/drivers/usb/typec/ucsi/ucsi_glink.c > +++ b/drivers/usb/typec/ucsi/ucsi_glink.c > @@ -206,6 +206,7 @@ static void pmic_glink_ucsi_connector_status(struct ucsi_connector *con) > static const struct ucsi_operations pmic_glink_ucsi_ops = { > .read_version = pmic_glink_ucsi_read_version, > .read_cci = pmic_glink_ucsi_read_cci, > + .poll_cci = pmic_glink_ucsi_read_cci, > .read_message_in = pmic_glink_ucsi_read_message_in, > .sync_control = ucsi_sync_control_common, > .async_control = pmic_glink_ucsi_async_control, > diff --git a/drivers/usb/typec/ucsi/ucsi_stm32g0.c b/drivers/usb/typec/ucsi/ucsi_stm32g0.c > index 6923fad31d79..57ef7d83a412 100644 > --- a/drivers/usb/typec/ucsi/ucsi_stm32g0.c > +++ b/drivers/usb/typec/ucsi/ucsi_stm32g0.c > @@ -424,6 +424,7 @@ static irqreturn_t ucsi_stm32g0_irq_handler(int irq, void *data) > static const struct ucsi_operations ucsi_stm32g0_ops = { > .read_version = ucsi_stm32g0_read_version, > .read_cci = ucsi_stm32g0_read_cci, > + .poll_cci = ucsi_stm32g0_read_cci, > .read_message_in = ucsi_stm32g0_read_message_in, > .sync_control = ucsi_sync_control_common, > .async_control = ucsi_stm32g0_async_control, > diff --git a/drivers/usb/typec/ucsi/ucsi_yoga_c630.c b/drivers/usb/typec/ucsi/ucsi_yoga_c630.c > index 4cae85c0dc12..d33e3f2dd1d8 100644 > --- a/drivers/usb/typec/ucsi/ucsi_yoga_c630.c > +++ b/drivers/usb/typec/ucsi/ucsi_yoga_c630.c > @@ -74,6 +74,7 @@ static int yoga_c630_ucsi_async_control(struct ucsi *ucsi, u64 command) > static const struct ucsi_operations yoga_c630_ucsi_ops = { > .read_version = yoga_c630_ucsi_read_version, > .read_cci = yoga_c630_ucsi_read_cci, > + .poll_cci = yoga_c630_ucsi_read_cci, > .read_message_in = yoga_c630_ucsi_read_message_in, > .sync_control = ucsi_sync_control_common, > .async_control = yoga_c630_ucsi_async_control, > -- > 2.48.1 > >

3 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] usb: dwc3: gadget: Prevent irq storm when TH re-executes" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 69c58deec19628c8a686030102176484eb94fed4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030917-porridge-retired-1abd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 69c58deec19628c8a686030102176484eb94fed4 Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan <badhri(a)google.com> Date: Sun, 16 Feb 2025 22:30:02 +0000 Subject: [PATCH] usb: dwc3: gadget: Prevent irq storm when TH re-executes While commit d325a1de49d6 ("usb: dwc3: gadget: Prevent losing events in event cache") makes sure that top half(TH) does not end up overwriting the cached events before processing them when the TH gets invoked more than one time, returning IRQ_HANDLED results in occasional irq storm where the TH hogs the CPU. The irq storm can be prevented by the flag before event handler busy is cleared. Default enable interrupt moderation in all versions which support them. ftrace event stub during dwc3 irq storm: irq/504_dwc3-1111 ( 1111) [000] .... 70.000866: irq_handler_exit: irq=14 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000872: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000874: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000881: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000883: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000889: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000892: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000898: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000901: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000907: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000909: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000915: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000918: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000924: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000927: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000933: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000935: irq_handler_exit: irq=504 ret=handled .... Cc: stable <stable(a)kernel.org> Suggested-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Fixes: d325a1de49d6 ("usb: dwc3: gadget: Prevent losing events in event cache") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/20250216223003.3568039-1-badhri@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index dfa1b5fe48dc..2c472cb97f6c 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1835,8 +1835,6 @@ static void dwc3_get_properties(struct dwc3 *dwc) dwc->tx_thr_num_pkt_prd = tx_thr_num_pkt_prd; dwc->tx_max_burst_prd = tx_max_burst_prd; - dwc->imod_interval = 0; - dwc->tx_fifo_resize_max_num = tx_fifo_resize_max_num; } @@ -1854,21 +1852,19 @@ static void dwc3_check_params(struct dwc3 *dwc) unsigned int hwparam_gen = DWC3_GHWPARAMS3_SSPHY_IFC(dwc->hwparams.hwparams3); - /* Check for proper value of imod_interval */ - if (dwc->imod_interval && !dwc3_has_imod(dwc)) { - dev_warn(dwc->dev, "Interrupt moderation not supported\n"); - dwc->imod_interval = 0; - } - /* + * Enable IMOD for all supporting controllers. + * + * Particularly, DWC_usb3 v3.00a must enable this feature for + * the following reason: + * * Workaround for STAR 9000961433 which affects only version * 3.00a of the DWC_usb3 core. This prevents the controller * interrupt from being masked while handling events. IMOD * allows us to work around this issue. Enable it for the * affected version. */ - if (!dwc->imod_interval && - DWC3_VER_IS(DWC3, 300A)) + if (dwc3_has_imod((dwc))) dwc->imod_interval = 1; /* Check the maximum_speed parameter */ diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index ddd6b2ce5710..89a4dc8ebf94 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4501,14 +4501,18 @@ static irqreturn_t dwc3_process_event_buf(struct dwc3_event_buffer *evt) dwc3_writel(dwc->regs, DWC3_GEVNTSIZ(0), DWC3_GEVNTSIZ_SIZE(evt->length)); + evt->flags &= ~DWC3_EVENT_PENDING; + /* + * Add an explicit write memory barrier to make sure that the update of + * clearing DWC3_EVENT_PENDING is observed in dwc3_check_event_buf() + */ + wmb(); + if (dwc->imod_interval) { dwc3_writel(dwc->regs, DWC3_GEVNTCOUNT(0), DWC3_GEVNTCOUNT_EHB); dwc3_writel(dwc->regs, DWC3_DEV_IMOD(0), dwc->imod_interval); } - /* Keep the clearing of DWC3_EVENT_PENDING at the end */ - evt->flags &= ~DWC3_EVENT_PENDING; - return ret; }

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: gadget: Prevent irq storm when TH re-executes" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 69c58deec19628c8a686030102176484eb94fed4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030916-expenses-extended-20cc@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 69c58deec19628c8a686030102176484eb94fed4 Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan <badhri(a)google.com> Date: Sun, 16 Feb 2025 22:30:02 +0000 Subject: [PATCH] usb: dwc3: gadget: Prevent irq storm when TH re-executes While commit d325a1de49d6 ("usb: dwc3: gadget: Prevent losing events in event cache") makes sure that top half(TH) does not end up overwriting the cached events before processing them when the TH gets invoked more than one time, returning IRQ_HANDLED results in occasional irq storm where the TH hogs the CPU. The irq storm can be prevented by the flag before event handler busy is cleared. Default enable interrupt moderation in all versions which support them. ftrace event stub during dwc3 irq storm: irq/504_dwc3-1111 ( 1111) [000] .... 70.000866: irq_handler_exit: irq=14 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000872: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000874: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000881: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000883: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000889: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000892: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000898: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000901: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000907: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000909: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000915: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000918: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000924: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000927: irq_handler_exit: irq=504 ret=handled irq/504_dwc3-1111 ( 1111) [000] .... 70.000933: irq_handler_entry: irq=504 name=dwc3 irq/504_dwc3-1111 ( 1111) [000] .... 70.000935: irq_handler_exit: irq=504 ret=handled .... Cc: stable <stable(a)kernel.org> Suggested-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Fixes: d325a1de49d6 ("usb: dwc3: gadget: Prevent losing events in event cache") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/20250216223003.3568039-1-badhri@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index dfa1b5fe48dc..2c472cb97f6c 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1835,8 +1835,6 @@ static void dwc3_get_properties(struct dwc3 *dwc) dwc->tx_thr_num_pkt_prd = tx_thr_num_pkt_prd; dwc->tx_max_burst_prd = tx_max_burst_prd; - dwc->imod_interval = 0; - dwc->tx_fifo_resize_max_num = tx_fifo_resize_max_num; } @@ -1854,21 +1852,19 @@ static void dwc3_check_params(struct dwc3 *dwc) unsigned int hwparam_gen = DWC3_GHWPARAMS3_SSPHY_IFC(dwc->hwparams.hwparams3); - /* Check for proper value of imod_interval */ - if (dwc->imod_interval && !dwc3_has_imod(dwc)) { - dev_warn(dwc->dev, "Interrupt moderation not supported\n"); - dwc->imod_interval = 0; - } - /* + * Enable IMOD for all supporting controllers. + * + * Particularly, DWC_usb3 v3.00a must enable this feature for + * the following reason: + * * Workaround for STAR 9000961433 which affects only version * 3.00a of the DWC_usb3 core. This prevents the controller * interrupt from being masked while handling events. IMOD * allows us to work around this issue. Enable it for the * affected version. */ - if (!dwc->imod_interval && - DWC3_VER_IS(DWC3, 300A)) + if (dwc3_has_imod((dwc))) dwc->imod_interval = 1; /* Check the maximum_speed parameter */ diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index ddd6b2ce5710..89a4dc8ebf94 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4501,14 +4501,18 @@ static irqreturn_t dwc3_process_event_buf(struct dwc3_event_buffer *evt) dwc3_writel(dwc->regs, DWC3_GEVNTSIZ(0), DWC3_GEVNTSIZ_SIZE(evt->length)); + evt->flags &= ~DWC3_EVENT_PENDING; + /* + * Add an explicit write memory barrier to make sure that the update of + * clearing DWC3_EVENT_PENDING is observed in dwc3_check_event_buf() + */ + wmb(); + if (dwc->imod_interval) { dwc3_writel(dwc->regs, DWC3_GEVNTCOUNT(0), DWC3_GEVNTCOUNT_EHB); dwc3_writel(dwc->regs, DWC3_DEV_IMOD(0), dwc->imod_interval); } - /* Keep the clearing of DWC3_EVENT_PENDING at the end */ - evt->flags &= ~DWC3_EVENT_PENDING; - return ret; }

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: dwc3: Set SUSPENDENABLE soon after phy init" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x cc5bfc4e16fc1d1c520cd7bb28646e82b6e69217 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030953-washboard-overcrowd-fed5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc5bfc4e16fc1d1c520cd7bb28646e82b6e69217 Mon Sep 17 00:00:00 2001 From: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Date: Thu, 30 Jan 2025 23:49:31 +0000 Subject: [PATCH] usb: dwc3: Set SUSPENDENABLE soon after phy init After phy initialization, some phy operations can only be executed while in lower P states. Ensure GUSB3PIPECTL.SUSPENDENABLE and GUSB2PHYCFG.SUSPHY are set soon after initialization to avoid blocking phy ops. Previously the SUSPENDENABLE bits are only set after the controller initialization, which may not happen right away if there's no gadget driver or xhci driver bound. Revise this to clear SUSPENDENABLE bits only when there's mode switching (change in GCTL.PRTCAPDIR). Fixes: 6d735722063a ("usb: dwc3: core: Prevent phy suspend during init") Cc: stable <stable(a)kernel.org> Signed-off-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/633aef0afee7d56d2316f7cc3e1b2a6d518a8cc9.17382809… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 2c472cb97f6c..66a08b527165 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -131,11 +131,24 @@ void dwc3_enable_susphy(struct dwc3 *dwc, bool enable) } } -void dwc3_set_prtcap(struct dwc3 *dwc, u32 mode) +void dwc3_set_prtcap(struct dwc3 *dwc, u32 mode, bool ignore_susphy) { + unsigned int hw_mode; u32 reg; reg = dwc3_readl(dwc->regs, DWC3_GCTL); + + /* + * For DRD controllers, GUSB3PIPECTL.SUSPENDENABLE and + * GUSB2PHYCFG.SUSPHY should be cleared during mode switching, + * and they can be set after core initialization. + */ + hw_mode = DWC3_GHWPARAMS0_MODE(dwc->hwparams.hwparams0); + if (hw_mode == DWC3_GHWPARAMS0_MODE_DRD && !ignore_susphy) { + if (DWC3_GCTL_PRTCAP(reg) != mode) + dwc3_enable_susphy(dwc, false); + } + reg &= ~(DWC3_GCTL_PRTCAPDIR(DWC3_GCTL_PRTCAP_OTG)); reg |= DWC3_GCTL_PRTCAPDIR(mode); dwc3_writel(dwc->regs, DWC3_GCTL, reg); @@ -216,7 +229,7 @@ static void __dwc3_set_mode(struct work_struct *work) spin_lock_irqsave(&dwc->lock, flags); - dwc3_set_prtcap(dwc, desired_dr_role); + dwc3_set_prtcap(dwc, desired_dr_role, false); spin_unlock_irqrestore(&dwc->lock, flags); @@ -658,16 +671,7 @@ static int dwc3_ss_phy_setup(struct dwc3 *dwc, int index) */ reg &= ~DWC3_GUSB3PIPECTL_UX_EXIT_PX; - /* - * Above DWC_usb3.0 1.94a, it is recommended to set - * DWC3_GUSB3PIPECTL_SUSPHY to '0' during coreConsultant configuration. - * So default value will be '0' when the core is reset. Application - * needs to set it to '1' after the core initialization is completed. - * - * Similarly for DRD controllers, GUSB3PIPECTL.SUSPENDENABLE must be - * cleared after power-on reset, and it can be set after core - * initialization. - */ + /* Ensure the GUSB3PIPECTL.SUSPENDENABLE is cleared prior to phy init. */ reg &= ~DWC3_GUSB3PIPECTL_SUSPHY; if (dwc->u2ss_inp3_quirk) @@ -747,15 +751,7 @@ static int dwc3_hs_phy_setup(struct dwc3 *dwc, int index) break; } - /* - * Above DWC_usb3.0 1.94a, it is recommended to set - * DWC3_GUSB2PHYCFG_SUSPHY to '0' during coreConsultant configuration. - * So default value will be '0' when the core is reset. Application - * needs to set it to '1' after the core initialization is completed. - * - * Similarly for DRD controllers, GUSB2PHYCFG.SUSPHY must be cleared - * after power-on reset, and it can be set after core initialization. - */ + /* Ensure the GUSB2PHYCFG.SUSPHY is cleared prior to phy init. */ reg &= ~DWC3_GUSB2PHYCFG_SUSPHY; if (dwc->dis_enblslpm_quirk) @@ -830,6 +826,25 @@ static int dwc3_phy_init(struct dwc3 *dwc) goto err_exit_usb3_phy; } + /* + * Above DWC_usb3.0 1.94a, it is recommended to set + * DWC3_GUSB3PIPECTL_SUSPHY and DWC3_GUSB2PHYCFG_SUSPHY to '0' during + * coreConsultant configuration. So default value will be '0' when the + * core is reset. Application needs to set it to '1' after the core + * initialization is completed. + * + * Certain phy requires to be in P0 power state during initialization. + * Make sure GUSB3PIPECTL.SUSPENDENABLE and GUSB2PHYCFG.SUSPHY are clear + * prior to phy init to maintain in the P0 state. + * + * After phy initialization, some phy operations can only be executed + * while in lower P states. Ensure GUSB3PIPECTL.SUSPENDENABLE and + * GUSB2PHYCFG.SUSPHY are set soon after initialization to avoid + * blocking phy ops. + */ + if (!DWC3_VER_IS_WITHIN(DWC3, ANY, 194A)) + dwc3_enable_susphy(dwc, true); + return 0; err_exit_usb3_phy: @@ -1588,7 +1603,7 @@ static int dwc3_core_init_mode(struct dwc3 *dwc) switch (dwc->dr_mode) { case USB_DR_MODE_PERIPHERAL: - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE, false); if (dwc->usb2_phy) otg_set_vbus(dwc->usb2_phy->otg, false); @@ -1600,7 +1615,7 @@ static int dwc3_core_init_mode(struct dwc3 *dwc) return dev_err_probe(dev, ret, "failed to initialize gadget\n"); break; case USB_DR_MODE_HOST: - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_HOST); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_HOST, false); if (dwc->usb2_phy) otg_set_vbus(dwc->usb2_phy->otg, true); @@ -1645,7 +1660,7 @@ static void dwc3_core_exit_mode(struct dwc3 *dwc) } /* de-assert DRVVBUS for HOST and OTG mode */ - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE, true); } static void dwc3_get_software_properties(struct dwc3 *dwc) @@ -2453,7 +2468,7 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) if (ret) return ret; - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE, true); dwc3_gadget_resume(dwc); break; case DWC3_GCTL_PRTCAP_HOST: @@ -2461,7 +2476,7 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) ret = dwc3_core_init_for_resume(dwc); if (ret) return ret; - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_HOST); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_HOST, true); break; } /* Restore GUSB2PHYCFG bits that were modified in suspend */ @@ -2490,7 +2505,7 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) if (ret) return ret; - dwc3_set_prtcap(dwc, dwc->current_dr_role); + dwc3_set_prtcap(dwc, dwc->current_dr_role, true); dwc3_otg_init(dwc); if (dwc->current_otg_role == DWC3_OTG_ROLE_HOST) { diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index c955039bb4f6..aaa39e663f60 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1558,7 +1558,7 @@ struct dwc3_gadget_ep_cmd_params { #define DWC3_HAS_OTG BIT(3) /* prototypes */ -void dwc3_set_prtcap(struct dwc3 *dwc, u32 mode); +void dwc3_set_prtcap(struct dwc3 *dwc, u32 mode, bool ignore_susphy); void dwc3_set_mode(struct dwc3 *dwc, u32 mode); u32 dwc3_core_fifo_space(struct dwc3_ep *dep, u8 type); diff --git a/drivers/usb/dwc3/drd.c b/drivers/usb/dwc3/drd.c index d76ae676783c..7977860932b1 100644 --- a/drivers/usb/dwc3/drd.c +++ b/drivers/usb/dwc3/drd.c @@ -173,7 +173,7 @@ void dwc3_otg_init(struct dwc3 *dwc) * block "Initialize GCTL for OTG operation". */ /* GCTL.PrtCapDir=2'b11 */ - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_OTG); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_OTG, true); /* GUSB2PHYCFG0.SusPHY=0 */ reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)); reg &= ~DWC3_GUSB2PHYCFG_SUSPHY; @@ -556,7 +556,7 @@ int dwc3_drd_init(struct dwc3 *dwc) dwc3_drd_update(dwc); } else { - dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_OTG); + dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_OTG, true); /* use OTG block to get ID event */ irq = dwc3_otg_get_irq(dwc);

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c133ec0e5717868c9967fa3df92a55e537b1aead # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030902-fernlike-flashback-65c0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c133ec0e5717868c9967fa3df92a55e537b1aead Mon Sep 17 00:00:00 2001 From: Michal Pecio <michal.pecio(a)gmail.com> Date: Tue, 25 Feb 2025 11:59:27 +0200 Subject: [PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250225095927.2512358-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48)

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c133ec0e5717868c9967fa3df92a55e537b1aead # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030959-character-delouse-db17@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c133ec0e5717868c9967fa3df92a55e537b1aead Mon Sep 17 00:00:00 2001 From: Michal Pecio <michal.pecio(a)gmail.com> Date: Tue, 25 Feb 2025 11:59:27 +0200 Subject: [PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250225095927.2512358-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48)

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c133ec0e5717868c9967fa3df92a55e537b1aead # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030959-thee-uniformed-b4eb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c133ec0e5717868c9967fa3df92a55e537b1aead Mon Sep 17 00:00:00 2001 From: Michal Pecio <michal.pecio(a)gmail.com> Date: Tue, 25 Feb 2025 11:59:27 +0200 Subject: [PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250225095927.2512358-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48)

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x c133ec0e5717868c9967fa3df92a55e537b1aead # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030958-june-lard-2d9f@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c133ec0e5717868c9967fa3df92a55e537b1aead Mon Sep 17 00:00:00 2001 From: Michal Pecio <michal.pecio(a)gmail.com> Date: Tue, 25 Feb 2025 11:59:27 +0200 Subject: [PATCH] usb: xhci: Enable the TRB overfetch quirk on VIA VL805 Raspberry Pi is a major user of those chips and they discovered a bug - when the end of a transfer ring segment is reached, up to four TRBs can be prefetched from the next page even if the segment ends with link TRB and on page boundary (the chip claims to support standard 4KB pages). It also appears that if the prefetched TRBs belong to a different ring whose doorbell is later rung, they may be used without refreshing from system RAM and the endpoint will stay idle if their cycle bit is stale. Other users complain about IOMMU faults on x86 systems, unsurprisingly. Deal with it by using existing quirk which allocates a dummy page after each transfer ring segment. This was seen to resolve both problems. RPi came up with a more efficient solution, shortening each segment by four TRBs, but it complicated the driver and they ditched it for this quirk. Also rename the quirk and add VL805 device ID macro. Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Link: https://github.com/raspberrypi/linux/issues/4685 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=215906 CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250225095927.2512358-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 92703efda1f7..fdf0c1008225 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -2437,7 +2437,8 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) * and our use of dma addresses in the trb_address_map radix tree needs * TRB_SEGMENT_SIZE alignment, so we pick the greater alignment need. */ - if (xhci->quirks & XHCI_ZHAOXIN_TRB_FETCH) + if (xhci->quirks & XHCI_TRB_OVERFETCH) + /* Buggy HC prefetches beyond segment bounds - allocate dummy space at the end */ xhci->segment_pool = dma_pool_create("xHCI ring segments", dev, TRB_SEGMENT_SIZE * 2, TRB_SEGMENT_SIZE * 2, xhci->page_size * 2); else diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index ad0ff356f6fa..54460d11f7ee 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -38,6 +38,8 @@ #define PCI_DEVICE_ID_ETRON_EJ168 0x7023 #define PCI_DEVICE_ID_ETRON_EJ188 0x7052 +#define PCI_DEVICE_ID_VIA_VL805 0x3483 + #define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 #define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 #define PCI_DEVICE_ID_INTEL_WILDCATPOINT_LP_XHCI 0x9cb1 @@ -418,8 +420,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == 0x3432) xhci->quirks |= XHCI_BROKEN_STREAMS; - if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == 0x3483) + if (pdev->vendor == PCI_VENDOR_ID_VIA && pdev->device == PCI_DEVICE_ID_VIA_VL805) { xhci->quirks |= XHCI_LPM_SUPPORT; + xhci->quirks |= XHCI_TRB_OVERFETCH; + } if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == PCI_DEVICE_ID_ASMEDIA_1042_XHCI) { @@ -467,11 +471,11 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->device == 0x9202) { xhci->quirks |= XHCI_RESET_ON_RESUME; - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->device == 0x9203) - xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; + xhci->quirks |= XHCI_TRB_OVERFETCH; } if (pdev->vendor == PCI_VENDOR_ID_CDNS && diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 8c164340a2c3..779b01dee068 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1632,7 +1632,7 @@ struct xhci_hcd { #define XHCI_EP_CTX_BROKEN_DCS BIT_ULL(42) #define XHCI_SUSPEND_RESUME_CLKS BIT_ULL(43) #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) -#define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) +#define XHCI_TRB_OVERFETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) #define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48)

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x dfd3df31c9db752234d7d2e09bef2aeabb643ce4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030913-contact-unit-647c@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dfd3df31c9db752234d7d2e09bef2aeabb643ce4 Mon Sep 17 00:00:00 2001 From: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Date: Fri, 28 Feb 2025 13:13:56 +0100 Subject: [PATCH] mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use a system workqueue which is "system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning can be observed: <snip> workqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120 Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ... CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1 Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023 Workqueue: nvme-wq nvme_scan_work RIP: 0010:check_flush_dependency+0x112/0x120 Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ... RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082 RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027 RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88 RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400 R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000 CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa4/0x140 ? check_flush_dependency+0x112/0x120 ? report_bug+0xe1/0x140 ? check_flush_dependency+0x112/0x120 ? handle_bug+0x5e/0x90 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? timer_recalc_next_expiry+0x190/0x190 ? check_flush_dependency+0x112/0x120 ? check_flush_dependency+0x112/0x120 __flush_work.llvm.1643880146586177030+0x174/0x2c0 flush_rcu_work+0x28/0x30 kvfree_rcu_barrier+0x12f/0x160 kmem_cache_destroy+0x18/0x120 bioset_exit+0x10c/0x150 disk_release.llvm.6740012984264378178+0x61/0xd0 device_release+0x4f/0x90 kobject_put+0x95/0x180 nvme_put_ns+0x23/0xc0 nvme_remove_invalid_namespaces+0xb3/0xd0 nvme_scan_work+0x342/0x490 process_scheduled_works+0x1a2/0x370 worker_thread+0x2ff/0x390 ? pwq_release_workfn+0x1e0/0x1e0 kthread+0xb1/0xe0 ? __kthread_parkme+0x70/0x70 ret_from_fork+0x30/0x40 ? __kthread_parkme+0x70/0x70 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- <snip> To address this switch to use of independent WQ_MEM_RECLAIM workqueue, so the rules are not violated from workqueue framework point of view. Apart of that, since kvfree_rcu() does reclaim memory it is worth to go with WQ_MEM_RECLAIM type of wq because it is designed for this purpose. Fixes: 6c6c47b063b5 ("mm, slab: call kvfree_rcu_barrier() from kmem_cache_destroy()"), Reported-by: Keith Busch <kbusch(a)kernel.org> Closes: https://lore.kernel.org/all/Z7iqJtCjHKfo8Kho@kbusch-mbp/ Cc: stable(a)vger.kernel.org Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Reviewed-by: Joel Fernandes <joelagnelf(a)nvidia.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slab_common.c b/mm/slab_common.c index 4030907b6b7d..4c9f0a87f733 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1304,6 +1304,8 @@ module_param(rcu_min_cached_objs, int, 0444); static int rcu_delay_page_cache_fill_msec = 5000; module_param(rcu_delay_page_cache_fill_msec, int, 0444); +static struct workqueue_struct *rcu_reclaim_wq; + /* Maximum number of jiffies to wait before draining a batch. */ #define KFREE_DRAIN_JIFFIES (5 * HZ) #define KFREE_N_BATCHES 2 @@ -1632,10 +1634,10 @@ __schedule_delayed_monitor_work(struct kfree_rcu_cpu *krcp) if (delayed_work_pending(&krcp->monitor_work)) { delay_left = krcp->monitor_work.timer.expires - jiffies; if (delay < delay_left) - mod_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + mod_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); return; } - queue_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + queue_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); } static void @@ -1733,7 +1735,7 @@ kvfree_rcu_queue_batch(struct kfree_rcu_cpu *krcp) // "free channels", the batch can handle. Break // the loop since it is done with this CPU thus // queuing an RCU work is _always_ success here. - queued = queue_rcu_work(system_unbound_wq, &krwp->rcu_work); + queued = queue_rcu_work(rcu_reclaim_wq, &krwp->rcu_work); WARN_ON_ONCE(!queued); break; } @@ -1883,7 +1885,7 @@ run_page_cache_worker(struct kfree_rcu_cpu *krcp) if (rcu_scheduler_active == RCU_SCHEDULER_RUNNING && !atomic_xchg(&krcp->work_in_progress, 1)) { if (atomic_read(&krcp->backoff_page_cache_fill)) { - queue_delayed_work(system_unbound_wq, + queue_delayed_work(rcu_reclaim_wq, &krcp->page_cache_work, msecs_to_jiffies(rcu_delay_page_cache_fill_msec)); } else { @@ -2120,6 +2122,10 @@ void __init kvfree_rcu_init(void) int i, j; struct shrinker *kfree_rcu_shrinker; + rcu_reclaim_wq = alloc_workqueue("kvfree_rcu_reclaim", + WQ_UNBOUND | WQ_MEM_RECLAIM, 0); + WARN_ON(!rcu_reclaim_wq); + /* Clamp it to [0:100] seconds interval. */ if (rcu_delay_page_cache_fill_msec < 0 || rcu_delay_page_cache_fill_msec > 100 * MSEC_PER_SEC) {

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: wait for hugetlb folios to be freed" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 67bab13307c83fb742c2556b06cdc39dbad27f07 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030908-defacing-rumor-448c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 67bab13307c83fb742c2556b06cdc39dbad27f07 Mon Sep 17 00:00:00 2001 From: Ge Yang <yangge1116(a)126.com> Date: Wed, 19 Feb 2025 11:46:44 +0800 Subject: [PATCH] mm/hugetlb: wait for hugetlb folios to be freed Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739936804-18199-1-git-send-email-yangge1116@126.… Fixes: c77c0a8ac4c5 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..dbe76d4f1bfc 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -682,6 +682,7 @@ struct huge_bootmem_page { int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1066,6 +1067,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 163190e89ea1..811b29f77abf 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2943,6 +2943,14 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/page_isolation.c b/mm/page_isolation.c index c608e9d72865..a051a29e95ad 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -607,6 +607,16 @@ int test_pages_isolated(unsigned long start_pfn, unsigned long end_pfn, struct zone *zone; int ret; + /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages.

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: wait for hugetlb folios to be freed" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 67bab13307c83fb742c2556b06cdc39dbad27f07 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030907-blush-surname-f05c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 67bab13307c83fb742c2556b06cdc39dbad27f07 Mon Sep 17 00:00:00 2001 From: Ge Yang <yangge1116(a)126.com> Date: Wed, 19 Feb 2025 11:46:44 +0800 Subject: [PATCH] mm/hugetlb: wait for hugetlb folios to be freed Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739936804-18199-1-git-send-email-yangge1116@126.… Fixes: c77c0a8ac4c5 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..dbe76d4f1bfc 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -682,6 +682,7 @@ struct huge_bootmem_page { int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1066,6 +1067,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 163190e89ea1..811b29f77abf 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2943,6 +2943,14 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/page_isolation.c b/mm/page_isolation.c index c608e9d72865..a051a29e95ad 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -607,6 +607,16 @@ int test_pages_isolated(unsigned long start_pfn, unsigned long end_pfn, struct zone *zone; int ret; + /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages.

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: wait for hugetlb folios to be freed" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 67bab13307c83fb742c2556b06cdc39dbad27f07 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030906-iodize-baboon-b1af@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 67bab13307c83fb742c2556b06cdc39dbad27f07 Mon Sep 17 00:00:00 2001 From: Ge Yang <yangge1116(a)126.com> Date: Wed, 19 Feb 2025 11:46:44 +0800 Subject: [PATCH] mm/hugetlb: wait for hugetlb folios to be freed Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739936804-18199-1-git-send-email-yangge1116@126.… Fixes: c77c0a8ac4c5 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..dbe76d4f1bfc 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -682,6 +682,7 @@ struct huge_bootmem_page { int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1066,6 +1067,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 163190e89ea1..811b29f77abf 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2943,6 +2943,14 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/page_isolation.c b/mm/page_isolation.c index c608e9d72865..a051a29e95ad 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -607,6 +607,16 @@ int test_pages_isolated(unsigned long start_pfn, unsigned long end_pfn, struct zone *zone; int ret; + /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages.

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: wait for hugetlb folios to be freed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 67bab13307c83fb742c2556b06cdc39dbad27f07 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030905-parchment-riddance-0a09@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 67bab13307c83fb742c2556b06cdc39dbad27f07 Mon Sep 17 00:00:00 2001 From: Ge Yang <yangge1116(a)126.com> Date: Wed, 19 Feb 2025 11:46:44 +0800 Subject: [PATCH] mm/hugetlb: wait for hugetlb folios to be freed Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739936804-18199-1-git-send-email-yangge1116@126.… Fixes: c77c0a8ac4c5 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..dbe76d4f1bfc 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -682,6 +682,7 @@ struct huge_bootmem_page { int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1066,6 +1067,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 163190e89ea1..811b29f77abf 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2943,6 +2943,14 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/page_isolation.c b/mm/page_isolation.c index c608e9d72865..a051a29e95ad 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -607,6 +607,16 @@ int test_pages_isolated(unsigned long start_pfn, unsigned long end_pfn, struct zone *zone; int ret; + /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages.

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: wait for hugetlb folios to be freed" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 67bab13307c83fb742c2556b06cdc39dbad27f07 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030904-splendor-sly-a852@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 67bab13307c83fb742c2556b06cdc39dbad27f07 Mon Sep 17 00:00:00 2001 From: Ge Yang <yangge1116(a)126.com> Date: Wed, 19 Feb 2025 11:46:44 +0800 Subject: [PATCH] mm/hugetlb: wait for hugetlb folios to be freed Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739936804-18199-1-git-send-email-yangge1116@126.… Fixes: c77c0a8ac4c5 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..dbe76d4f1bfc 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -682,6 +682,7 @@ struct huge_bootmem_page { int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1066,6 +1067,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 163190e89ea1..811b29f77abf 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2943,6 +2943,14 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/page_isolation.c b/mm/page_isolation.c index c608e9d72865..a051a29e95ad 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -607,6 +607,16 @@ int test_pages_isolated(unsigned long start_pfn, unsigned long end_pfn, struct zone *zone; int ret; + /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages.

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: wait for hugetlb folios to be freed" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 67bab13307c83fb742c2556b06cdc39dbad27f07 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030903-simplify-blooming-c758@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 67bab13307c83fb742c2556b06cdc39dbad27f07 Mon Sep 17 00:00:00 2001 From: Ge Yang <yangge1116(a)126.com> Date: Wed, 19 Feb 2025 11:46:44 +0800 Subject: [PATCH] mm/hugetlb: wait for hugetlb folios to be freed Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739936804-18199-1-git-send-email-yangge1116@126.… Fixes: c77c0a8ac4c5 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..dbe76d4f1bfc 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -682,6 +682,7 @@ struct huge_bootmem_page { int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1066,6 +1067,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 163190e89ea1..811b29f77abf 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2943,6 +2943,14 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/page_isolation.c b/mm/page_isolation.c index c608e9d72865..a051a29e95ad 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -607,6 +607,16 @@ int test_pages_isolated(unsigned long start_pfn, unsigned long end_pfn, struct zone *zone; int ret; + /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages.

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: wait for hugetlb folios to be freed" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 67bab13307c83fb742c2556b06cdc39dbad27f07 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030902-guidance-kung-0573@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 67bab13307c83fb742c2556b06cdc39dbad27f07 Mon Sep 17 00:00:00 2001 From: Ge Yang <yangge1116(a)126.com> Date: Wed, 19 Feb 2025 11:46:44 +0800 Subject: [PATCH] mm/hugetlb: wait for hugetlb folios to be freed Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739936804-18199-1-git-send-email-yangge1116@126.… Fixes: c77c0a8ac4c5 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..dbe76d4f1bfc 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -682,6 +682,7 @@ struct huge_bootmem_page { int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1066,6 +1067,10 @@ static inline int replace_free_hugepage_folios(unsigned long start_pfn, return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 163190e89ea1..811b29f77abf 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2943,6 +2943,14 @@ int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn) return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv diff --git a/mm/page_isolation.c b/mm/page_isolation.c index c608e9d72865..a051a29e95ad 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -607,6 +607,16 @@ int test_pages_isolated(unsigned long start_pfn, unsigned long end_pfn, struct zone *zone; int ret; + /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages.

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm: shmem: fix potential data corruption during shmem swapin" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 058313515d5aab10d0a01dd634f92ed4a4e71d4c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030954-polish-overeater-d2be@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 058313515d5aab10d0a01dd634f92ed4a4e71d4c Mon Sep 17 00:00:00 2001 From: Baolin Wang <baolin.wang(a)linux.alibaba.com> Date: Tue, 25 Feb 2025 17:52:55 +0800 Subject: [PATCH] mm: shmem: fix potential data corruption during shmem swapin Alex and Kairui reported some issues (system hang or data corruption) when swapping out or swapping in large shmem folios. This is especially easy to reproduce when the tmpfs is mount with the 'huge=within_size' parameter. Thanks to Kairui's reproducer, the issue can be easily replicated. The root cause of the problem is that swap readahead may asynchronously swap in order 0 folios into the swap cache, while the shmem mapping can still store large swap entries. Then an order 0 folio is inserted into the shmem mapping without splitting the large swap entry, which overwrites the original large swap entry, leading to data corruption. When getting a folio from the swap cache, we should split the large swap entry stored in the shmem mapping if the orders do not match, to fix this issue. Link: https://lkml.kernel.org/r/2fe47c557e74e9df5fe2437ccdc6c9115fa1bf70.17404769… Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Reported-by: Alex Xu (Hello71) <alex_y_xu(a)yahoo.ca> Reported-by: Kairui Song <ryncsn(a)gmail.com> Closes: https://lore.kernel.org/all/1738717785.im3r5g2vxc.none@localhost/ Tested-by: Kairui Song <kasong(a)tencent.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Lance Yang <ioworker0(a)gmail.com> Cc: Matthew Wilcow <willy(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/shmem.c b/mm/shmem.c index 4ea6109a8043..cebbac97a221 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2253,7 +2253,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, struct folio *folio = NULL; bool skip_swapcache = false; swp_entry_t swap; - int error, nr_pages; + int error, nr_pages, order, split_order; VM_BUG_ON(!*foliop || !xa_is_value(*foliop)); swap = radix_to_swp_entry(*foliop); @@ -2272,10 +2272,9 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, /* Look it up and read it in.. */ folio = swap_cache_get_folio(swap, NULL, 0); + order = xa_get_order(&mapping->i_pages, index); if (!folio) { - int order = xa_get_order(&mapping->i_pages, index); bool fallback_order0 = false; - int split_order; /* Or update major stats only when swapin succeeds?? */ if (fault_type) { @@ -2339,6 +2338,29 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, error = -ENOMEM; goto failed; } + } else if (order != folio_order(folio)) { + /* + * Swap readahead may swap in order 0 folios into swapcache + * asynchronously, while the shmem mapping can still stores + * large swap entries. In such cases, we should split the + * large swap entry to prevent possible data corruption. + */ + split_order = shmem_split_large_entry(inode, index, swap, gfp); + if (split_order < 0) { + error = split_order; + goto failed; + } + + /* + * If the large swap entry has already been split, it is + * necessary to recalculate the new swap entry based on + * the old order alignment. + */ + if (split_order > 0) { + pgoff_t offset = index - round_down(index, 1 << split_order); + + swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); + } } alloced: @@ -2346,7 +2368,8 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap)) { + !shmem_confirm_swap(mapping, index, swap) || + xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { error = -EEXIST; goto unlock; }

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm: shmem: fix potential data corruption during shmem swapin" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 058313515d5aab10d0a01dd634f92ed4a4e71d4c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030953-alkalize-eardrum-de40@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 058313515d5aab10d0a01dd634f92ed4a4e71d4c Mon Sep 17 00:00:00 2001 From: Baolin Wang <baolin.wang(a)linux.alibaba.com> Date: Tue, 25 Feb 2025 17:52:55 +0800 Subject: [PATCH] mm: shmem: fix potential data corruption during shmem swapin Alex and Kairui reported some issues (system hang or data corruption) when swapping out or swapping in large shmem folios. This is especially easy to reproduce when the tmpfs is mount with the 'huge=within_size' parameter. Thanks to Kairui's reproducer, the issue can be easily replicated. The root cause of the problem is that swap readahead may asynchronously swap in order 0 folios into the swap cache, while the shmem mapping can still store large swap entries. Then an order 0 folio is inserted into the shmem mapping without splitting the large swap entry, which overwrites the original large swap entry, leading to data corruption. When getting a folio from the swap cache, we should split the large swap entry stored in the shmem mapping if the orders do not match, to fix this issue. Link: https://lkml.kernel.org/r/2fe47c557e74e9df5fe2437ccdc6c9115fa1bf70.17404769… Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Reported-by: Alex Xu (Hello71) <alex_y_xu(a)yahoo.ca> Reported-by: Kairui Song <ryncsn(a)gmail.com> Closes: https://lore.kernel.org/all/1738717785.im3r5g2vxc.none@localhost/ Tested-by: Kairui Song <kasong(a)tencent.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Lance Yang <ioworker0(a)gmail.com> Cc: Matthew Wilcow <willy(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/shmem.c b/mm/shmem.c index 4ea6109a8043..cebbac97a221 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2253,7 +2253,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, struct folio *folio = NULL; bool skip_swapcache = false; swp_entry_t swap; - int error, nr_pages; + int error, nr_pages, order, split_order; VM_BUG_ON(!*foliop || !xa_is_value(*foliop)); swap = radix_to_swp_entry(*foliop); @@ -2272,10 +2272,9 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, /* Look it up and read it in.. */ folio = swap_cache_get_folio(swap, NULL, 0); + order = xa_get_order(&mapping->i_pages, index); if (!folio) { - int order = xa_get_order(&mapping->i_pages, index); bool fallback_order0 = false; - int split_order; /* Or update major stats only when swapin succeeds?? */ if (fault_type) { @@ -2339,6 +2338,29 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, error = -ENOMEM; goto failed; } + } else if (order != folio_order(folio)) { + /* + * Swap readahead may swap in order 0 folios into swapcache + * asynchronously, while the shmem mapping can still stores + * large swap entries. In such cases, we should split the + * large swap entry to prevent possible data corruption. + */ + split_order = shmem_split_large_entry(inode, index, swap, gfp); + if (split_order < 0) { + error = split_order; + goto failed; + } + + /* + * If the large swap entry has already been split, it is + * necessary to recalculate the new swap entry based on + * the old order alignment. + */ + if (split_order > 0) { + pgoff_t offset = index - round_down(index, 1 << split_order); + + swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); + } } alloced: @@ -2346,7 +2368,8 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap)) { + !shmem_confirm_swap(mapping, index, swap) || + xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { error = -EEXIST; goto unlock; }

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] hwpoison, memory_hotplug: lock folio before unmap hwpoisoned" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x af288a426c3e3552b62595c6138ec6371a17dbba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030937-relax-dubbed-d185@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af288a426c3e3552b62595c6138ec6371a17dbba Mon Sep 17 00:00:00 2001 From: Ma Wupeng <mawupeng1(a)huawei.com> Date: Mon, 17 Feb 2025 09:43:29 +0800 Subject: [PATCH] hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]--- Link: https://lkml.kernel.org/r/20250217014329.3610326-4-mawupeng1@huawei.com Fixes: b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index a6abd8d4a09c..16cf9e17077e 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1832,8 +1832,11 @@ static void do_migrate_range(unsigned long start_pfn, unsigned long end_pfn) (folio_test_large(folio) && folio_test_has_hwpoisoned(folio))) { if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); - if (folio_mapped(folio)) + if (folio_mapped(folio)) { + folio_lock(folio); unmap_poisoned_folio(folio, pfn, false); + folio_unlock(folio); + } goto put_folio; }

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] hwpoison, memory_hotplug: lock folio before unmap hwpoisoned" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x af288a426c3e3552b62595c6138ec6371a17dbba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030936-oink-rocklike-abc3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af288a426c3e3552b62595c6138ec6371a17dbba Mon Sep 17 00:00:00 2001 From: Ma Wupeng <mawupeng1(a)huawei.com> Date: Mon, 17 Feb 2025 09:43:29 +0800 Subject: [PATCH] hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]--- Link: https://lkml.kernel.org/r/20250217014329.3610326-4-mawupeng1@huawei.com Fixes: b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index a6abd8d4a09c..16cf9e17077e 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1832,8 +1832,11 @@ static void do_migrate_range(unsigned long start_pfn, unsigned long end_pfn) (folio_test_large(folio) && folio_test_has_hwpoisoned(folio))) { if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); - if (folio_mapped(folio)) + if (folio_mapped(folio)) { + folio_lock(folio); unmap_poisoned_folio(folio, pfn, false); + folio_unlock(folio); + } goto put_folio; }

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] hwpoison, memory_hotplug: lock folio before unmap hwpoisoned" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x af288a426c3e3552b62595c6138ec6371a17dbba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030935-pasted-diner-95df@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af288a426c3e3552b62595c6138ec6371a17dbba Mon Sep 17 00:00:00 2001 From: Ma Wupeng <mawupeng1(a)huawei.com> Date: Mon, 17 Feb 2025 09:43:29 +0800 Subject: [PATCH] hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]--- Link: https://lkml.kernel.org/r/20250217014329.3610326-4-mawupeng1@huawei.com Fixes: b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index a6abd8d4a09c..16cf9e17077e 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1832,8 +1832,11 @@ static void do_migrate_range(unsigned long start_pfn, unsigned long end_pfn) (folio_test_large(folio) && folio_test_has_hwpoisoned(folio))) { if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); - if (folio_mapped(folio)) + if (folio_mapped(folio)) { + folio_lock(folio); unmap_poisoned_folio(folio, pfn, false); + folio_unlock(folio); + } goto put_folio; }

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] hwpoison, memory_hotplug: lock folio before unmap hwpoisoned" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x af288a426c3e3552b62595c6138ec6371a17dbba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030934-clock-preview-4a7a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af288a426c3e3552b62595c6138ec6371a17dbba Mon Sep 17 00:00:00 2001 From: Ma Wupeng <mawupeng1(a)huawei.com> Date: Mon, 17 Feb 2025 09:43:29 +0800 Subject: [PATCH] hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]--- Link: https://lkml.kernel.org/r/20250217014329.3610326-4-mawupeng1@huawei.com Fixes: b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index a6abd8d4a09c..16cf9e17077e 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1832,8 +1832,11 @@ static void do_migrate_range(unsigned long start_pfn, unsigned long end_pfn) (folio_test_large(folio) && folio_test_has_hwpoisoned(folio))) { if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); - if (folio_mapped(folio)) + if (folio_mapped(folio)) { + folio_lock(folio); unmap_poisoned_folio(folio, pfn, false); + folio_unlock(folio); + } goto put_folio; }

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] hwpoison, memory_hotplug: lock folio before unmap hwpoisoned" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x af288a426c3e3552b62595c6138ec6371a17dbba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030928-lukewarm-cranberry-950f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af288a426c3e3552b62595c6138ec6371a17dbba Mon Sep 17 00:00:00 2001 From: Ma Wupeng <mawupeng1(a)huawei.com> Date: Mon, 17 Feb 2025 09:43:29 +0800 Subject: [PATCH] hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]--- Link: https://lkml.kernel.org/r/20250217014329.3610326-4-mawupeng1@huawei.com Fixes: b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index a6abd8d4a09c..16cf9e17077e 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1832,8 +1832,11 @@ static void do_migrate_range(unsigned long start_pfn, unsigned long end_pfn) (folio_test_large(folio) && folio_test_has_hwpoisoned(folio))) { if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); - if (folio_mapped(folio)) + if (folio_mapped(folio)) { + folio_lock(folio); unmap_poisoned_folio(folio, pfn, false); + folio_unlock(folio); + } goto put_folio; }

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm: memory-failure: update ttu flag inside" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b81679b1633aa43c0d973adfa816d78c1ed0d032 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030932-mystify-finicky-bf5c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b81679b1633aa43c0d973adfa816d78c1ed0d032 Mon Sep 17 00:00:00 2001 From: Ma Wupeng <mawupeng1(a)huawei.com> Date: Mon, 17 Feb 2025 09:43:27 +0800 Subject: [PATCH] mm: memory-failure: update ttu flag inside unmap_poisoned_folio Patch series "mm: memory_failure: unmap poisoned folio during migrate properly", v3. Fix two bugs during folio migration if the folio is poisoned. This patch (of 3): Commit 6da6b1d4a7df ("mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON") introduce TTU_HWPOISON to replace TTU_IGNORE_HWPOISON in order to stop send SIGBUS signal when accessing an error page after a memory error on a clean folio. However during page migration, anon folio must be set with TTU_HWPOISON during unmap_*(). For pagecache we need some policy just like the one in hwpoison_user_mappings to set this flag. So move this policy from hwpoison_user_mappings to unmap_poisoned_folio to handle this warning properly. Warning will be produced during unamp poison folio with the following log: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 365 at mm/rmap.c:1847 try_to_unmap_one+0x8fc/0xd3c Modules linked in: CPU: 1 UID: 0 PID: 365 Comm: bash Tainted: G W 6.13.0-rc1-00018-gacdb4bbda7ab #42 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0x8fc/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0x8fc/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c ---[ end trace 0000000000000000 ]--- [mawupeng1(a)huawei.com: unmap_poisoned_folio(): remove shadowed local `mapping', per Miaohe] Link: https://lkml.kernel.org/r/20250219060653.3849083-1-mawupeng1@huawei.com Link: https://lkml.kernel.org/r/20250217014329.3610326-1-mawupeng1@huawei.com Link: https://lkml.kernel.org/r/20250217014329.3610326-2-mawupeng1@huawei.com Fixes: 6da6b1d4a7df ("mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Ma Wupeng <mawupeng1(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/internal.h b/mm/internal.h index 109ef30fee11..20b3535935a3 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -1115,7 +1115,7 @@ static inline int find_next_best_node(int node, nodemask_t *used_node_mask) * mm/memory-failure.c */ #ifdef CONFIG_MEMORY_FAILURE -void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu); +int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill); void shake_folio(struct folio *folio); extern int hwpoison_filter(struct page *p); @@ -1138,8 +1138,9 @@ unsigned long page_mapped_in_vma(const struct page *page, struct vm_area_struct *vma); #else -static inline void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) +static inline int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill) { + return -EBUSY; } #endif diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 995a15eb67e2..327e02fdc029 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1556,11 +1556,35 @@ static int get_hwpoison_page(struct page *p, unsigned long flags) return ret; } -void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) +int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill) { - if (folio_test_hugetlb(folio) && !folio_test_anon(folio)) { - struct address_space *mapping; + enum ttu_flags ttu = TTU_IGNORE_MLOCK | TTU_SYNC | TTU_HWPOISON; + struct address_space *mapping; + if (folio_test_swapcache(folio)) { + pr_err("%#lx: keeping poisoned page in swap cache\n", pfn); + ttu &= ~TTU_HWPOISON; + } + + /* + * Propagate the dirty bit from PTEs to struct page first, because we + * need this to decide if we should kill or just drop the page. + * XXX: the dirty test could be racy: set_page_dirty() may not always + * be called inside page lock (it's recommended but not enforced). + */ + mapping = folio_mapping(folio); + if (!must_kill && !folio_test_dirty(folio) && mapping && + mapping_can_writeback(mapping)) { + if (folio_mkclean(folio)) { + folio_set_dirty(folio); + } else { + ttu &= ~TTU_HWPOISON; + pr_info("%#lx: corrupted page was clean: dropped without side effects\n", + pfn); + } + } + + if (folio_test_hugetlb(folio) && !folio_test_anon(folio)) { /* * For hugetlb folios in shared mappings, try_to_unmap * could potentially call huge_pmd_unshare. Because of @@ -1572,7 +1596,7 @@ void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) if (!mapping) { pr_info("%#lx: could not lock mapping for mapped hugetlb folio\n", folio_pfn(folio)); - return; + return -EBUSY; } try_to_unmap(folio, ttu|TTU_RMAP_LOCKED); @@ -1580,6 +1604,8 @@ void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) } else { try_to_unmap(folio, ttu); } + + return folio_mapped(folio) ? -EBUSY : 0; } /* @@ -1589,8 +1615,6 @@ void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) static bool hwpoison_user_mappings(struct folio *folio, struct page *p, unsigned long pfn, int flags) { - enum ttu_flags ttu = TTU_IGNORE_MLOCK | TTU_SYNC | TTU_HWPOISON; - struct address_space *mapping; LIST_HEAD(tokill); bool unmap_success; int forcekill; @@ -1613,29 +1637,6 @@ static bool hwpoison_user_mappings(struct folio *folio, struct page *p, if (!folio_mapped(folio)) return true; - if (folio_test_swapcache(folio)) { - pr_err("%#lx: keeping poisoned page in swap cache\n", pfn); - ttu &= ~TTU_HWPOISON; - } - - /* - * Propagate the dirty bit from PTEs to struct page first, because we - * need this to decide if we should kill or just drop the page. - * XXX: the dirty test could be racy: set_page_dirty() may not always - * be called inside page lock (it's recommended but not enforced). - */ - mapping = folio_mapping(folio); - if (!(flags & MF_MUST_KILL) && !folio_test_dirty(folio) && mapping && - mapping_can_writeback(mapping)) { - if (folio_mkclean(folio)) { - folio_set_dirty(folio); - } else { - ttu &= ~TTU_HWPOISON; - pr_info("%#lx: corrupted page was clean: dropped without side effects\n", - pfn); - } - } - /* * First collect all the processes that have the page * mapped in dirty form. This has to be done before try_to_unmap, @@ -1643,9 +1644,7 @@ static bool hwpoison_user_mappings(struct folio *folio, struct page *p, */ collect_procs(folio, p, &tokill, flags & MF_ACTION_REQUIRED); - unmap_poisoned_folio(folio, ttu); - - unmap_success = !folio_mapped(folio); + unmap_success = !unmap_poisoned_folio(folio, pfn, flags & MF_MUST_KILL); if (!unmap_success) pr_err("%#lx: failed to unmap page (folio mapcount=%d)\n", pfn, folio_mapcount(folio)); diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index e3655f07dd6e..e7e47838fd49 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1833,7 +1833,8 @@ static void do_migrate_range(unsigned long start_pfn, unsigned long end_pfn) if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); if (folio_mapped(folio)) - unmap_poisoned_folio(folio, TTU_IGNORE_MLOCK); + unmap_poisoned_folio(folio, pfn, false); + continue; }

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm: memory-failure: update ttu flag inside" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b81679b1633aa43c0d973adfa816d78c1ed0d032 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030931-doornail-culinary-ca50@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b81679b1633aa43c0d973adfa816d78c1ed0d032 Mon Sep 17 00:00:00 2001 From: Ma Wupeng <mawupeng1(a)huawei.com> Date: Mon, 17 Feb 2025 09:43:27 +0800 Subject: [PATCH] mm: memory-failure: update ttu flag inside unmap_poisoned_folio Patch series "mm: memory_failure: unmap poisoned folio during migrate properly", v3. Fix two bugs during folio migration if the folio is poisoned. This patch (of 3): Commit 6da6b1d4a7df ("mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON") introduce TTU_HWPOISON to replace TTU_IGNORE_HWPOISON in order to stop send SIGBUS signal when accessing an error page after a memory error on a clean folio. However during page migration, anon folio must be set with TTU_HWPOISON during unmap_*(). For pagecache we need some policy just like the one in hwpoison_user_mappings to set this flag. So move this policy from hwpoison_user_mappings to unmap_poisoned_folio to handle this warning properly. Warning will be produced during unamp poison folio with the following log: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 365 at mm/rmap.c:1847 try_to_unmap_one+0x8fc/0xd3c Modules linked in: CPU: 1 UID: 0 PID: 365 Comm: bash Tainted: G W 6.13.0-rc1-00018-gacdb4bbda7ab #42 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0x8fc/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0x8fc/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c ---[ end trace 0000000000000000 ]--- [mawupeng1(a)huawei.com: unmap_poisoned_folio(): remove shadowed local `mapping', per Miaohe] Link: https://lkml.kernel.org/r/20250219060653.3849083-1-mawupeng1@huawei.com Link: https://lkml.kernel.org/r/20250217014329.3610326-1-mawupeng1@huawei.com Link: https://lkml.kernel.org/r/20250217014329.3610326-2-mawupeng1@huawei.com Fixes: 6da6b1d4a7df ("mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Ma Wupeng <mawupeng1(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/internal.h b/mm/internal.h index 109ef30fee11..20b3535935a3 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -1115,7 +1115,7 @@ static inline int find_next_best_node(int node, nodemask_t *used_node_mask) * mm/memory-failure.c */ #ifdef CONFIG_MEMORY_FAILURE -void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu); +int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill); void shake_folio(struct folio *folio); extern int hwpoison_filter(struct page *p); @@ -1138,8 +1138,9 @@ unsigned long page_mapped_in_vma(const struct page *page, struct vm_area_struct *vma); #else -static inline void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) +static inline int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill) { + return -EBUSY; } #endif diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 995a15eb67e2..327e02fdc029 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1556,11 +1556,35 @@ static int get_hwpoison_page(struct page *p, unsigned long flags) return ret; } -void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) +int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill) { - if (folio_test_hugetlb(folio) && !folio_test_anon(folio)) { - struct address_space *mapping; + enum ttu_flags ttu = TTU_IGNORE_MLOCK | TTU_SYNC | TTU_HWPOISON; + struct address_space *mapping; + if (folio_test_swapcache(folio)) { + pr_err("%#lx: keeping poisoned page in swap cache\n", pfn); + ttu &= ~TTU_HWPOISON; + } + + /* + * Propagate the dirty bit from PTEs to struct page first, because we + * need this to decide if we should kill or just drop the page. + * XXX: the dirty test could be racy: set_page_dirty() may not always + * be called inside page lock (it's recommended but not enforced). + */ + mapping = folio_mapping(folio); + if (!must_kill && !folio_test_dirty(folio) && mapping && + mapping_can_writeback(mapping)) { + if (folio_mkclean(folio)) { + folio_set_dirty(folio); + } else { + ttu &= ~TTU_HWPOISON; + pr_info("%#lx: corrupted page was clean: dropped without side effects\n", + pfn); + } + } + + if (folio_test_hugetlb(folio) && !folio_test_anon(folio)) { /* * For hugetlb folios in shared mappings, try_to_unmap * could potentially call huge_pmd_unshare. Because of @@ -1572,7 +1596,7 @@ void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) if (!mapping) { pr_info("%#lx: could not lock mapping for mapped hugetlb folio\n", folio_pfn(folio)); - return; + return -EBUSY; } try_to_unmap(folio, ttu|TTU_RMAP_LOCKED); @@ -1580,6 +1604,8 @@ void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) } else { try_to_unmap(folio, ttu); } + + return folio_mapped(folio) ? -EBUSY : 0; } /* @@ -1589,8 +1615,6 @@ void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) static bool hwpoison_user_mappings(struct folio *folio, struct page *p, unsigned long pfn, int flags) { - enum ttu_flags ttu = TTU_IGNORE_MLOCK | TTU_SYNC | TTU_HWPOISON; - struct address_space *mapping; LIST_HEAD(tokill); bool unmap_success; int forcekill; @@ -1613,29 +1637,6 @@ static bool hwpoison_user_mappings(struct folio *folio, struct page *p, if (!folio_mapped(folio)) return true; - if (folio_test_swapcache(folio)) { - pr_err("%#lx: keeping poisoned page in swap cache\n", pfn); - ttu &= ~TTU_HWPOISON; - } - - /* - * Propagate the dirty bit from PTEs to struct page first, because we - * need this to decide if we should kill or just drop the page. - * XXX: the dirty test could be racy: set_page_dirty() may not always - * be called inside page lock (it's recommended but not enforced). - */ - mapping = folio_mapping(folio); - if (!(flags & MF_MUST_KILL) && !folio_test_dirty(folio) && mapping && - mapping_can_writeback(mapping)) { - if (folio_mkclean(folio)) { - folio_set_dirty(folio); - } else { - ttu &= ~TTU_HWPOISON; - pr_info("%#lx: corrupted page was clean: dropped without side effects\n", - pfn); - } - } - /* * First collect all the processes that have the page * mapped in dirty form. This has to be done before try_to_unmap, @@ -1643,9 +1644,7 @@ static bool hwpoison_user_mappings(struct folio *folio, struct page *p, */ collect_procs(folio, p, &tokill, flags & MF_ACTION_REQUIRED); - unmap_poisoned_folio(folio, ttu); - - unmap_success = !folio_mapped(folio); + unmap_success = !unmap_poisoned_folio(folio, pfn, flags & MF_MUST_KILL); if (!unmap_success) pr_err("%#lx: failed to unmap page (folio mapcount=%d)\n", pfn, folio_mapcount(folio)); diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index e3655f07dd6e..e7e47838fd49 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1833,7 +1833,8 @@ static void do_migrate_range(unsigned long start_pfn, unsigned long end_pfn) if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); if (folio_mapped(folio)) - unmap_poisoned_folio(folio, TTU_IGNORE_MLOCK); + unmap_poisoned_folio(folio, pfn, false); + continue; }

3 months, 1 week

1
0
0 0

[PATCH 3/3] usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling

by Fedor Pchelkin

usb_phy_init() may return an error code if e.g. its implementation fails to prepare/enable some clocks. Detect this early. Trying to disable it later on driver removal would result in a WARNING splat. And properly rollback on probe error path by calling the counterpart usb_phy_shutdown(). Found by Linux Verification Center (linuxtesting.org). Fixes: be9cae2479f4 ("usb: chipidea: imx: Fix ULPI on imx53") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/usb/chipidea/ci_hdrc_imx.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index 3f11ae071c7f..720b998376b9 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -470,7 +470,11 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) of_usb_get_phy_mode(np) == USBPHY_INTERFACE_MODE_ULPI) { pdata.flags |= CI_HDRC_OVERRIDE_PHY_CONTROL; data->override_phy_control = true; - usb_phy_init(pdata.usb_phy); + ret = usb_phy_init(pdata.usb_phy); + if (ret) { + dev_err(dev, "Failed to init phy\n"); + goto err_clk; + } } if (pdata.flags & CI_HDRC_SUPPORTS_RUNTIME_PM) @@ -479,7 +483,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) ret = imx_usbmisc_init(data->usbmisc_data); if (ret) { dev_err(dev, "usbmisc init failed, ret=%d\n", ret); - goto err_clk; + goto phy_shutdown; } data->ci_pdev = ci_hdrc_add_device(dev, @@ -488,7 +492,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) if (IS_ERR(data->ci_pdev)) { ret = PTR_ERR(data->ci_pdev); dev_err_probe(dev, ret, "ci_hdrc_add_device failed\n"); - goto err_clk; + goto phy_shutdown; } if (data->usbmisc_data) { @@ -522,6 +526,9 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) disable_device: ci_hdrc_remove_device(data->ci_pdev); +phy_shutdown: + if (data->override_phy_control) + usb_phy_shutdown(data->phy); err_clk: clk_disable_unprepare(data->clk_wakeup); err_wakeup_clk: -- 2.48.1

3 months, 1 week

1
0
0 0

send ..!

by Adriana Chechik

Hi, Greetings of the day! Would you be interested send our Seo packages and Price list. Can I send you a quote? Regards,

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] x86/boot: Sanitize boot params before parsing command line" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c00b413a96261faef4ce22329153c6abd4acef25 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030905-canteen-spilt-99c5@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c00b413a96261faef4ce22329153c6abd4acef25 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel <ardb(a)kernel.org> Date: Thu, 6 Mar 2025 16:59:16 +0100 Subject: [PATCH] x86/boot: Sanitize boot params before parsing command line The 5-level paging code parses the command line to look for the 'no5lvl' string, and does so very early, before sanitize_boot_params() has been called and has been given the opportunity to wipe bogus data from the fields in boot_params that are not covered by struct setup_header, and are therefore supposed to be initialized to zero by the bootloader. This triggers an early boot crash when using syslinux-efi to boot a recent kernel built with CONFIG_X86_5LEVEL=y and CONFIG_EFI_STUB=n, as the 0xff padding that now fills the unused PE/COFF header is copied into boot_params by the bootloader, and interpreted as the top half of the command line pointer. Fix this by sanitizing the boot_params before use. Note that there is no harm in calling this more than once; subsequent invocations are able to spot that the boot_params have already been cleaned up. Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> # v6.1+ Link: https://lore.kernel.org/r/20250306155915.342465-2-ardb+git@google.com Closes: https://lore.kernel.org/all/202503041549.35913.ulrich.gemkow@ikr.uni-stuttg… diff --git a/arch/x86/boot/compressed/pgtable_64.c b/arch/x86/boot/compressed/pgtable_64.c index c882e1f67af0..d8c5de40669d 100644 --- a/arch/x86/boot/compressed/pgtable_64.c +++ b/arch/x86/boot/compressed/pgtable_64.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 #include "misc.h" #include <asm/bootparam.h> +#include <asm/bootparam_utils.h> #include <asm/e820/types.h> #include <asm/processor.h> #include "pgtable.h" @@ -107,6 +108,7 @@ asmlinkage void configure_5level_paging(struct boot_params *bp, void *pgtable) bool l5_required = false; /* Initialize boot_params. Required for cmdline_find_option_bool(). */ + sanitize_boot_params(bp); boot_params_ptr = bp; /*

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] x86/boot: Sanitize boot params before parsing command line" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c00b413a96261faef4ce22329153c6abd4acef25 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030905-smooth-making-7a63@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c00b413a96261faef4ce22329153c6abd4acef25 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel <ardb(a)kernel.org> Date: Thu, 6 Mar 2025 16:59:16 +0100 Subject: [PATCH] x86/boot: Sanitize boot params before parsing command line The 5-level paging code parses the command line to look for the 'no5lvl' string, and does so very early, before sanitize_boot_params() has been called and has been given the opportunity to wipe bogus data from the fields in boot_params that are not covered by struct setup_header, and are therefore supposed to be initialized to zero by the bootloader. This triggers an early boot crash when using syslinux-efi to boot a recent kernel built with CONFIG_X86_5LEVEL=y and CONFIG_EFI_STUB=n, as the 0xff padding that now fills the unused PE/COFF header is copied into boot_params by the bootloader, and interpreted as the top half of the command line pointer. Fix this by sanitizing the boot_params before use. Note that there is no harm in calling this more than once; subsequent invocations are able to spot that the boot_params have already been cleaned up. Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> # v6.1+ Link: https://lore.kernel.org/r/20250306155915.342465-2-ardb+git@google.com Closes: https://lore.kernel.org/all/202503041549.35913.ulrich.gemkow@ikr.uni-stuttg… diff --git a/arch/x86/boot/compressed/pgtable_64.c b/arch/x86/boot/compressed/pgtable_64.c index c882e1f67af0..d8c5de40669d 100644 --- a/arch/x86/boot/compressed/pgtable_64.c +++ b/arch/x86/boot/compressed/pgtable_64.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 #include "misc.h" #include <asm/bootparam.h> +#include <asm/bootparam_utils.h> #include <asm/e820/types.h> #include <asm/processor.h> #include "pgtable.h" @@ -107,6 +108,7 @@ asmlinkage void configure_5level_paging(struct boot_params *bp, void *pgtable) bool l5_required = false; /* Initialize boot_params. Required for cmdline_find_option_bool(). */ + sanitize_boot_params(bp); boot_params_ptr = bp; /*

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/mst: update max stream count to match number of" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d1039a3c12fffe501c5379c7eb1372eaab318e0a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030932-imbecile-rerun-13a8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1039a3c12fffe501c5379c7eb1372eaab318e0a Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 26 Feb 2025 15:56:26 +0200 Subject: [PATCH] drm/i915/mst: update max stream count to match number of pipes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We create the stream encoders and attach connectors for each pipe we have. As the number of pipes has increased, we've failed to update the topology manager maximum number of payloads to match that. Bump up the max stream count to match number of pipes, enabling the fourth stream on platforms that support four pipes. Cc: stable(a)vger.kernel.org Cc: Imre Deak <imre.deak(a)intel.com> Cc: Ville Syrjala <ville.syrjala(a)linux.intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250226135626.1956012-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 15bccbfb78d63a2a621b30caff8b9424160c6c89) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index a65cf97ad12d..86d6185fda50 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -1867,7 +1867,8 @@ intel_dp_mst_encoder_init(struct intel_digital_port *dig_port, int conn_base_id) /* create encoders */ mst_stream_encoders_create(dig_port); ret = drm_dp_mst_topology_mgr_init(&intel_dp->mst_mgr, display->drm, - &intel_dp->aux, 16, 3, conn_base_id); + &intel_dp->aux, 16, + INTEL_NUM_PIPES(display), conn_base_id); if (ret) { intel_dp->mst_mgr.cbs = NULL; return ret;

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/mst: update max stream count to match number of" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d1039a3c12fffe501c5379c7eb1372eaab318e0a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030932-sneezing-pristine-7955@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1039a3c12fffe501c5379c7eb1372eaab318e0a Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 26 Feb 2025 15:56:26 +0200 Subject: [PATCH] drm/i915/mst: update max stream count to match number of pipes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We create the stream encoders and attach connectors for each pipe we have. As the number of pipes has increased, we've failed to update the topology manager maximum number of payloads to match that. Bump up the max stream count to match number of pipes, enabling the fourth stream on platforms that support four pipes. Cc: stable(a)vger.kernel.org Cc: Imre Deak <imre.deak(a)intel.com> Cc: Ville Syrjala <ville.syrjala(a)linux.intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250226135626.1956012-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 15bccbfb78d63a2a621b30caff8b9424160c6c89) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index a65cf97ad12d..86d6185fda50 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -1867,7 +1867,8 @@ intel_dp_mst_encoder_init(struct intel_digital_port *dig_port, int conn_base_id) /* create encoders */ mst_stream_encoders_create(dig_port); ret = drm_dp_mst_topology_mgr_init(&intel_dp->mst_mgr, display->drm, - &intel_dp->aux, 16, 3, conn_base_id); + &intel_dp->aux, 16, + INTEL_NUM_PIPES(display), conn_base_id); if (ret) { intel_dp->mst_mgr.cbs = NULL; return ret;

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/mst: update max stream count to match number of" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d1039a3c12fffe501c5379c7eb1372eaab318e0a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030931-foyer-paced-3135@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1039a3c12fffe501c5379c7eb1372eaab318e0a Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 26 Feb 2025 15:56:26 +0200 Subject: [PATCH] drm/i915/mst: update max stream count to match number of pipes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We create the stream encoders and attach connectors for each pipe we have. As the number of pipes has increased, we've failed to update the topology manager maximum number of payloads to match that. Bump up the max stream count to match number of pipes, enabling the fourth stream on platforms that support four pipes. Cc: stable(a)vger.kernel.org Cc: Imre Deak <imre.deak(a)intel.com> Cc: Ville Syrjala <ville.syrjala(a)linux.intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250226135626.1956012-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 15bccbfb78d63a2a621b30caff8b9424160c6c89) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index a65cf97ad12d..86d6185fda50 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -1867,7 +1867,8 @@ intel_dp_mst_encoder_init(struct intel_digital_port *dig_port, int conn_base_id) /* create encoders */ mst_stream_encoders_create(dig_port); ret = drm_dp_mst_topology_mgr_init(&intel_dp->mst_mgr, display->drm, - &intel_dp->aux, 16, 3, conn_base_id); + &intel_dp->aux, 16, + INTEL_NUM_PIPES(display), conn_base_id); if (ret) { intel_dp->mst_mgr.cbs = NULL; return ret;

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/mst: update max stream count to match number of" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d1039a3c12fffe501c5379c7eb1372eaab318e0a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030931-cancel-neatly-1f51@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1039a3c12fffe501c5379c7eb1372eaab318e0a Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 26 Feb 2025 15:56:26 +0200 Subject: [PATCH] drm/i915/mst: update max stream count to match number of pipes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We create the stream encoders and attach connectors for each pipe we have. As the number of pipes has increased, we've failed to update the topology manager maximum number of payloads to match that. Bump up the max stream count to match number of pipes, enabling the fourth stream on platforms that support four pipes. Cc: stable(a)vger.kernel.org Cc: Imre Deak <imre.deak(a)intel.com> Cc: Ville Syrjala <ville.syrjala(a)linux.intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250226135626.1956012-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 15bccbfb78d63a2a621b30caff8b9424160c6c89) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index a65cf97ad12d..86d6185fda50 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -1867,7 +1867,8 @@ intel_dp_mst_encoder_init(struct intel_digital_port *dig_port, int conn_base_id) /* create encoders */ mst_stream_encoders_create(dig_port); ret = drm_dp_mst_topology_mgr_init(&intel_dp->mst_mgr, display->drm, - &intel_dp->aux, 16, 3, conn_base_id); + &intel_dp->aux, 16, + INTEL_NUM_PIPES(display), conn_base_id); if (ret) { intel_dp->mst_mgr.cbs = NULL; return ret;

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/mst: update max stream count to match number of" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d1039a3c12fffe501c5379c7eb1372eaab318e0a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030931-dress-bobsled-e0d5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1039a3c12fffe501c5379c7eb1372eaab318e0a Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 26 Feb 2025 15:56:26 +0200 Subject: [PATCH] drm/i915/mst: update max stream count to match number of pipes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We create the stream encoders and attach connectors for each pipe we have. As the number of pipes has increased, we've failed to update the topology manager maximum number of payloads to match that. Bump up the max stream count to match number of pipes, enabling the fourth stream on platforms that support four pipes. Cc: stable(a)vger.kernel.org Cc: Imre Deak <imre.deak(a)intel.com> Cc: Ville Syrjala <ville.syrjala(a)linux.intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250226135626.1956012-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 15bccbfb78d63a2a621b30caff8b9424160c6c89) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index a65cf97ad12d..86d6185fda50 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -1867,7 +1867,8 @@ intel_dp_mst_encoder_init(struct intel_digital_port *dig_port, int conn_base_id) /* create encoders */ mst_stream_encoders_create(dig_port); ret = drm_dp_mst_topology_mgr_init(&intel_dp->mst_mgr, display->drm, - &intel_dp->aux, 16, 3, conn_base_id); + &intel_dp->aux, 16, + INTEL_NUM_PIPES(display), conn_base_id); if (ret) { intel_dp->mst_mgr.cbs = NULL; return ret;

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/mst: update max stream count to match number of" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x d1039a3c12fffe501c5379c7eb1372eaab318e0a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030930-spiritism-mankind-bea9@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1039a3c12fffe501c5379c7eb1372eaab318e0a Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 26 Feb 2025 15:56:26 +0200 Subject: [PATCH] drm/i915/mst: update max stream count to match number of pipes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We create the stream encoders and attach connectors for each pipe we have. As the number of pipes has increased, we've failed to update the topology manager maximum number of payloads to match that. Bump up the max stream count to match number of pipes, enabling the fourth stream on platforms that support four pipes. Cc: stable(a)vger.kernel.org Cc: Imre Deak <imre.deak(a)intel.com> Cc: Ville Syrjala <ville.syrjala(a)linux.intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250226135626.1956012-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 15bccbfb78d63a2a621b30caff8b9424160c6c89) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index a65cf97ad12d..86d6185fda50 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -1867,7 +1867,8 @@ intel_dp_mst_encoder_init(struct intel_digital_port *dig_port, int conn_base_id) /* create encoders */ mst_stream_encoders_create(dig_port); ret = drm_dp_mst_topology_mgr_init(&intel_dp->mst_mgr, display->drm, - &intel_dp->aux, 16, 3, conn_base_id); + &intel_dp->aux, 16, + INTEL_NUM_PIPES(display), conn_base_id); if (ret) { intel_dp->mst_mgr.cbs = NULL; return ret;

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/mst: update max stream count to match number of" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x d1039a3c12fffe501c5379c7eb1372eaab318e0a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030930-chaplain-swaddling-e75d@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1039a3c12fffe501c5379c7eb1372eaab318e0a Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 26 Feb 2025 15:56:26 +0200 Subject: [PATCH] drm/i915/mst: update max stream count to match number of pipes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We create the stream encoders and attach connectors for each pipe we have. As the number of pipes has increased, we've failed to update the topology manager maximum number of payloads to match that. Bump up the max stream count to match number of pipes, enabling the fourth stream on platforms that support four pipes. Cc: stable(a)vger.kernel.org Cc: Imre Deak <imre.deak(a)intel.com> Cc: Ville Syrjala <ville.syrjala(a)linux.intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250226135626.1956012-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 15bccbfb78d63a2a621b30caff8b9424160c6c89) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index a65cf97ad12d..86d6185fda50 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -1867,7 +1867,8 @@ intel_dp_mst_encoder_init(struct intel_digital_port *dig_port, int conn_base_id) /* create encoders */ mst_stream_encoders_create(dig_port); ret = drm_dp_mst_topology_mgr_init(&intel_dp->mst_mgr, display->drm, - &intel_dp->aux, 16, 3, conn_base_id); + &intel_dp->aux, 16, + INTEL_NUM_PIPES(display), conn_base_id); if (ret) { intel_dp->mst_mgr.cbs = NULL; return ret;

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix null check for pipe_ctx->plane_state in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 374c9faac5a763a05bc3f68ad9f73dab3c6aec90 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030933-vividness-retreat-a4bf@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 374c9faac5a763a05bc3f68ad9f73dab3c6aec90 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Wed, 26 Feb 2025 16:37:31 +0800 Subject: [PATCH] drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not null before accessing. This prevents a null pointer dereference. Found by code review. Fixes: 3be5262e353b ("drm/amd/display: Rename more dc_surface stuff to plane_state") Reviewed-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c index 520a34a42827..a45037cb4cc0 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c @@ -1455,7 +1455,8 @@ bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx) DC_LOGGER_INIT(pipe_ctx->stream->ctx->logger); /* Invalid input */ - if (!plane_state->dst_rect.width || + if (!plane_state || + !plane_state->dst_rect.width || !plane_state->dst_rect.height || !plane_state->src_rect.width || !plane_state->src_rect.height) {

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix null check for pipe_ctx->plane_state in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 374c9faac5a763a05bc3f68ad9f73dab3c6aec90 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030932-proactive-bounce-ca24@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 374c9faac5a763a05bc3f68ad9f73dab3c6aec90 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Wed, 26 Feb 2025 16:37:31 +0800 Subject: [PATCH] drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not null before accessing. This prevents a null pointer dereference. Found by code review. Fixes: 3be5262e353b ("drm/amd/display: Rename more dc_surface stuff to plane_state") Reviewed-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c index 520a34a42827..a45037cb4cc0 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c @@ -1455,7 +1455,8 @@ bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx) DC_LOGGER_INIT(pipe_ctx->stream->ctx->logger); /* Invalid input */ - if (!plane_state->dst_rect.width || + if (!plane_state || + !plane_state->dst_rect.width || !plane_state->dst_rect.height || !plane_state->src_rect.width || !plane_state->src_rect.height) {

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix null check for pipe_ctx->plane_state in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 374c9faac5a763a05bc3f68ad9f73dab3c6aec90 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030932-alike-buddhist-c44e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 374c9faac5a763a05bc3f68ad9f73dab3c6aec90 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Wed, 26 Feb 2025 16:37:31 +0800 Subject: [PATCH] drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not null before accessing. This prevents a null pointer dereference. Found by code review. Fixes: 3be5262e353b ("drm/amd/display: Rename more dc_surface stuff to plane_state") Reviewed-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c index 520a34a42827..a45037cb4cc0 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c @@ -1455,7 +1455,8 @@ bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx) DC_LOGGER_INIT(pipe_ctx->stream->ctx->logger); /* Invalid input */ - if (!plane_state->dst_rect.width || + if (!plane_state || + !plane_state->dst_rect.width || !plane_state->dst_rect.height || !plane_state->src_rect.width || !plane_state->src_rect.height) {

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] stmmac: loongson: Pass correct arg to PCI function" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 00371a3f48775967950c2fe3ec97b7c786ca956d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030956-demeanor-abrasion-7a8d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 00371a3f48775967950c2fe3ec97b7c786ca956d Mon Sep 17 00:00:00 2001 From: Philipp Stanner <phasta(a)kernel.org> Date: Wed, 26 Feb 2025 09:52:05 +0100 Subject: [PATCH] stmmac: loongson: Pass correct arg to PCI function pcim_iomap_regions() should receive the driver's name as its third parameter, not the PCI device's name. Define the driver name with a macro and use it at the appropriate places, including pcim_iomap_regions(). Cc: stable(a)vger.kernel.org # v5.14+ Fixes: 30bba69d7db4 ("stmmac: pci: Add dwmac support for Loongson") Signed-off-by: Philipp Stanner <phasta(a)kernel.org> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Reviewed-by: Yanteng Si <si.yanteng(a)linux.dev> Tested-by: Henry Chen <chenx97(a)aosc.io> Link: https://patch.msgid.link/20250226085208.97891-2-phasta@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c index f5acfb7d4ff6..ab7c2750c104 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c @@ -11,6 +11,8 @@ #include "dwmac_dma.h" #include "dwmac1000.h" +#define DRIVER_NAME "dwmac-loongson-pci" + /* Normal Loongson Tx Summary */ #define DMA_INTR_ENA_NIE_TX_LOONGSON 0x00040000 /* Normal Loongson Rx Summary */ @@ -568,7 +570,7 @@ static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id for (i = 0; i < PCI_STD_NUM_BARS; i++) { if (pci_resource_len(pdev, i) == 0) continue; - ret = pcim_iomap_regions(pdev, BIT(0), pci_name(pdev)); + ret = pcim_iomap_regions(pdev, BIT(0), DRIVER_NAME); if (ret) goto err_disable_device; break; @@ -687,7 +689,7 @@ static const struct pci_device_id loongson_dwmac_id_table[] = { MODULE_DEVICE_TABLE(pci, loongson_dwmac_id_table); static struct pci_driver loongson_dwmac_driver = { - .name = "dwmac-loongson-pci", + .name = DRIVER_NAME, .id_table = loongson_dwmac_id_table, .probe = loongson_dwmac_probe, .remove = loongson_dwmac_remove,

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] stmmac: loongson: Pass correct arg to PCI function" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 00371a3f48775967950c2fe3ec97b7c786ca956d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030955-curable-irk-822f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 00371a3f48775967950c2fe3ec97b7c786ca956d Mon Sep 17 00:00:00 2001 From: Philipp Stanner <phasta(a)kernel.org> Date: Wed, 26 Feb 2025 09:52:05 +0100 Subject: [PATCH] stmmac: loongson: Pass correct arg to PCI function pcim_iomap_regions() should receive the driver's name as its third parameter, not the PCI device's name. Define the driver name with a macro and use it at the appropriate places, including pcim_iomap_regions(). Cc: stable(a)vger.kernel.org # v5.14+ Fixes: 30bba69d7db4 ("stmmac: pci: Add dwmac support for Loongson") Signed-off-by: Philipp Stanner <phasta(a)kernel.org> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Reviewed-by: Yanteng Si <si.yanteng(a)linux.dev> Tested-by: Henry Chen <chenx97(a)aosc.io> Link: https://patch.msgid.link/20250226085208.97891-2-phasta@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c index f5acfb7d4ff6..ab7c2750c104 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c @@ -11,6 +11,8 @@ #include "dwmac_dma.h" #include "dwmac1000.h" +#define DRIVER_NAME "dwmac-loongson-pci" + /* Normal Loongson Tx Summary */ #define DMA_INTR_ENA_NIE_TX_LOONGSON 0x00040000 /* Normal Loongson Rx Summary */ @@ -568,7 +570,7 @@ static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id for (i = 0; i < PCI_STD_NUM_BARS; i++) { if (pci_resource_len(pdev, i) == 0) continue; - ret = pcim_iomap_regions(pdev, BIT(0), pci_name(pdev)); + ret = pcim_iomap_regions(pdev, BIT(0), DRIVER_NAME); if (ret) goto err_disable_device; break; @@ -687,7 +689,7 @@ static const struct pci_device_id loongson_dwmac_id_table[] = { MODULE_DEVICE_TABLE(pci, loongson_dwmac_id_table); static struct pci_driver loongson_dwmac_driver = { - .name = "dwmac-loongson-pci", + .name = DRIVER_NAME, .id_table = loongson_dwmac_id_table, .probe = loongson_dwmac_probe, .remove = loongson_dwmac_remove,

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] stmmac: loongson: Pass correct arg to PCI function" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 00371a3f48775967950c2fe3ec97b7c786ca956d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030955-spruce-hence-17e4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 00371a3f48775967950c2fe3ec97b7c786ca956d Mon Sep 17 00:00:00 2001 From: Philipp Stanner <phasta(a)kernel.org> Date: Wed, 26 Feb 2025 09:52:05 +0100 Subject: [PATCH] stmmac: loongson: Pass correct arg to PCI function pcim_iomap_regions() should receive the driver's name as its third parameter, not the PCI device's name. Define the driver name with a macro and use it at the appropriate places, including pcim_iomap_regions(). Cc: stable(a)vger.kernel.org # v5.14+ Fixes: 30bba69d7db4 ("stmmac: pci: Add dwmac support for Loongson") Signed-off-by: Philipp Stanner <phasta(a)kernel.org> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Reviewed-by: Yanteng Si <si.yanteng(a)linux.dev> Tested-by: Henry Chen <chenx97(a)aosc.io> Link: https://patch.msgid.link/20250226085208.97891-2-phasta@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c index f5acfb7d4ff6..ab7c2750c104 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c @@ -11,6 +11,8 @@ #include "dwmac_dma.h" #include "dwmac1000.h" +#define DRIVER_NAME "dwmac-loongson-pci" + /* Normal Loongson Tx Summary */ #define DMA_INTR_ENA_NIE_TX_LOONGSON 0x00040000 /* Normal Loongson Rx Summary */ @@ -568,7 +570,7 @@ static int loongson_dwmac_probe(struct pci_dev *pdev, const struct pci_device_id for (i = 0; i < PCI_STD_NUM_BARS; i++) { if (pci_resource_len(pdev, i) == 0) continue; - ret = pcim_iomap_regions(pdev, BIT(0), pci_name(pdev)); + ret = pcim_iomap_regions(pdev, BIT(0), DRIVER_NAME); if (ret) goto err_disable_device; break; @@ -687,7 +689,7 @@ static const struct pci_device_id loongson_dwmac_id_table[] = { MODULE_DEVICE_TABLE(pci, loongson_dwmac_id_table); static struct pci_driver loongson_dwmac_driver = { - .name = "dwmac-loongson-pci", + .name = DRIVER_NAME, .id_table = loongson_dwmac_id_table, .probe = loongson_dwmac_probe, .remove = loongson_dwmac_remove,

3 months, 1 week

1
0
0 0

Re: [PATCH 1/2] arm64: efi: Execute runtime services from a dedicated stack

by Lee Jones

On Mon, 05 Dec 2022, Ard Biesheuvel wrote: > With the introduction of PRMT in the ACPI subsystem, the EFI rts > workqueue is no longer the only caller of efi_call_virt_pointer() in the > kernel. This means the EFI runtime services lock is no longer sufficient > to manage concurrent calls into firmware, but also that firmware calls > may occur that are not marshalled via the workqueue mechanism, but > originate directly from the caller context. > > For added robustness, and to ensure that the runtime services have 8 KiB > of stack space available as per the EFI spec, introduce a spinlock > protected EFI runtime stack of 8 KiB, where the spinlock also ensures > serialization between the EFI rts workqueue (which itself serializes EFI > runtime calls) and other callers of efi_call_virt_pointer(). > > While at it, use the stack pivot to avoid reloading the shadow call > stack pointer from the ordinary stack, as doing so could produce a > gadget to defeat it. > > Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> > --- > arch/arm64/include/asm/efi.h | 3 +++ > arch/arm64/kernel/efi-rt-wrapper.S | 13 +++++++++- > arch/arm64/kernel/efi.c | 25 ++++++++++++++++++++ > 3 files changed, 40 insertions(+), 1 deletion(-) Could we have this in Stable please? Upstream commit: ff7a167961d1b ("arm64: efi: Execute runtime services from a dedicated stack") Ard, do we need Patch 2 as well, or can this be applied on its own? > diff --git a/arch/arm64/include/asm/efi.h b/arch/arm64/include/asm/efi.h > index 7c12e01c2b312e7b..1c408ec3c8b3a883 100644 > --- a/arch/arm64/include/asm/efi.h > +++ b/arch/arm64/include/asm/efi.h > @@ -25,6 +25,7 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md); > ({ \ > efi_virtmap_load(); \ > __efi_fpsimd_begin(); \ > + spin_lock(&efi_rt_lock); \ > }) > > #undef arch_efi_call_virt > @@ -33,10 +34,12 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md); > > #define arch_efi_call_virt_teardown() \ > ({ \ > + spin_unlock(&efi_rt_lock); \ > __efi_fpsimd_end(); \ > efi_virtmap_unload(); \ > }) > > +extern spinlock_t efi_rt_lock; > efi_status_t __efi_rt_asm_wrapper(void *, const char *, ...); > > #define ARCH_EFI_IRQ_FLAGS_MASK (PSR_D_BIT | PSR_A_BIT | PSR_I_BIT | PSR_F_BIT) > diff --git a/arch/arm64/kernel/efi-rt-wrapper.S b/arch/arm64/kernel/efi-rt-wrapper.S > index 75691a2641c1c0f8..b2786b968fee68dd 100644 > --- a/arch/arm64/kernel/efi-rt-wrapper.S > +++ b/arch/arm64/kernel/efi-rt-wrapper.S > @@ -16,6 +16,12 @@ SYM_FUNC_START(__efi_rt_asm_wrapper) > */ > stp x1, x18, [sp, #16] > > + ldr_l x16, efi_rt_stack_top > + mov sp, x16 > +#ifdef CONFIG_SHADOW_CALL_STACK > + str x18, [sp, #-16]! > +#endif > + > /* > * We are lucky enough that no EFI runtime services take more than > * 5 arguments, so all are passed in registers rather than via the > @@ -29,6 +35,7 @@ SYM_FUNC_START(__efi_rt_asm_wrapper) > mov x4, x6 > blr x8 > > + mov sp, x29 > ldp x1, x2, [sp, #16] > cmp x2, x18 > ldp x29, x30, [sp], #32 > @@ -42,6 +49,10 @@ SYM_FUNC_START(__efi_rt_asm_wrapper) > * called with preemption disabled and a separate shadow stack is used > * for interrupts. > */ > - mov x18, x2 > +#ifdef CONFIG_SHADOW_CALL_STACK > + ldr_l x18, efi_rt_stack_top > + ldr x18, [x18, #-16] > +#endif > + > b efi_handle_corrupted_x18 // tail call > SYM_FUNC_END(__efi_rt_asm_wrapper) > diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c > index a908a37f03678b6b..8cb2e005f8aca589 100644 > --- a/arch/arm64/kernel/efi.c > +++ b/arch/arm64/kernel/efi.c > @@ -144,3 +144,28 @@ asmlinkage efi_status_t efi_handle_corrupted_x18(efi_status_t s, const char *f) > pr_err_ratelimited(FW_BUG "register x18 corrupted by EFI %s\n", f); > return s; > } > + > +DEFINE_SPINLOCK(efi_rt_lock); > + > +asmlinkage u64 *efi_rt_stack_top __ro_after_init; > + > +/* required by the EFI spec */ > +static_assert(THREAD_SIZE >= SZ_8K); > + > +int __init arm64_efi_rt_init(void) > +{ > + void *p = __vmalloc_node_range(THREAD_SIZE, THREAD_ALIGN, > + VMALLOC_START, VMALLOC_END, GFP_KERNEL, > + PAGE_KERNEL, 0, NUMA_NO_NODE, > + __builtin_return_address(0)); > + > + if (!p) { > + pr_warn("Failed to allocate EFI runtime stack\n"); > + clear_bit(EFI_RUNTIME_SERVICES, &efi.flags); > + return -ENOMEM; > + } > + > + efi_rt_stack_top = p + THREAD_SIZE; > + return 0; > +} > +core_initcall(arm64_efi_rt_init); > -- > 2.35.1 > > -- Lee Jones [李琼斯]

3 months, 1 week

6
13
0 0

[PATCH 6.13 000/157] 6.13.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.6 release. There are 157 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 07 Mar 2025 17:44:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.6-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Load only SHA256-checksummed patches Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add get_patch_level() Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Merge early_apply_microcode() into its single callsite Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Have __apply_microcode_amd() return bool Nikolay Borisov <nik.borisov(a)suse.com> x86/microcode/AMD: Return bool from find_blobs_in_containers() Peter Jones <pjones(a)redhat.com> efi: Don't map the entire mokvar table to determine its size Clément Léger <cleger(a)rivosinc.com> riscv: cpufeature: use bitmap_equal() instead of memcmp() Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal_minsigstksz Rob Herring <robh(a)kernel.org> riscv: cacheinfo: Use of_property_present() for non-boolean properties Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal frame size Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Andreas Schwab <schwab(a)suse.de> riscv/atomic: Do proper sign extension also for unsigned in arch_cmpxchg Stafford Horne <shorne(a)gmail.com> rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm Arthur Simchaev <arthur.simchaev(a)sandisk.com> scsi: ufs: core: bsg: Fix crash when arpmb command fails Roberto Sassu <roberto.sassu(a)huawei.com> ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Ken Raeburn <raeburn(a)redhat.com> dm vdo: add missing spin_lock_init Milan Broz <gmazyland(a)gmail.com> dm-integrity: Avoid divide by zero in table status in Inline mode Joanne Koong <joannelkoong(a)gmail.com> fuse: revert back to __readahead_folio() for readahead Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP Tejun Heo <tj(a)kernel.org> sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Thomas Gleixner <tglx(a)linutronix.de> rcuref: Plug slowpath race in rcuref_put() Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> selftests/landlock: Test that MPTCP actions are not restricted Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix suspicious RCU usage Jerry Snitselaar <jsnitsel(a)redhat.com> iommu/vt-d: Remove device comparison in context_setup_pass_through_cb Harshitha Ramamurthy <hramamurthy(a)google.com> gve: unlink old napi when stopping a queue using queue API André Draszik <andre.draszik(a)linaro.org> phy: exynos5-usbdrd: gs101: ensure power is gated to SS phy in phy_exit() Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: add missing enetc4_link_deinit() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: remove the mm_lock from the ENETC v4 driver Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() George Moussalem <george.moussalem(a)outlook.com> net: phy: qcom: qca807x fix condition for DAC_DSP_BIAS_CURRENT Qunqin Zhao <zhaoqunqin(a)loongson.cn> net: stmmac: dwmac-loongson: Add fix_soc_reset() callback Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> i2c: amd-asf: Fix EOI register write to enable successive interrupts Binbin Zhou <zhoubinbin(a)loongson.cn> i2c: ls2x: Fix frequency division register access Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Qu Wenruo <wqu(a)suse.com> btrfs: fix data overwriting bug during buffered write when block size < page size Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free on inode when scanning root during em shrinking Filipe Manana <fdmanana(a)suse.com> btrfs: do regular iput instead of delayed iput during extent map shrinking Filipe Manana <fdmanana(a)suse.com> btrfs: skip inodes without loaded extent maps when shrinking extent maps Damien Le Moal <dlemoal(a)kernel.org> block: Remove zone write plugs when handling native zone append writes Ryan Roberts <ryan.roberts(a)arm.com> arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level Ryan Roberts <ryan.roberts(a)arm.com> arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Fix Boot panic on Ampere Altra Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Yilin Chen <Yilin.Chen(a)amd.com> drm/amd/display: add a quirk to enable eDP0 on DP1 Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable BAR resize on Dell G5 SE David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: Preserve cp_hqd_pq_control on update_mqd Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-dma: Add shadow buffering for deferred I/O Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: fix EFAULT handling Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: restore invalidation list on error Mingcong Bai <jeffbai(a)aosc.io> drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size) Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Breno Leitao <leitao(a)debian.org> perf/core: Add RCU read lock protection to perf_iterate_ctx() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Ensure a VMID is allocated before programming VTTBR_EL2 Adrien Vergé <adrienverge(a)gmail.com> ALSA: hda/realtek: Fix microphone regression on ASUS N705UD Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI TIME error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI IPI error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend_type use Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend status check Christian Bruel <christian.bruel(a)foss.st.com> phy: stm32: Fix constant-value overflow assertion Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Arnd Bergmann <arnd(a)arndb.de> phy: rockchip: fix Kconfig dependency more Andrii Nakryiko <andrii(a)kernel.org> uprobes: Remove too strict lockdep_assert() condition in hprobe_expire() Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ard Biesheuvel <ardb(a)kernel.org> objtool: Fix C jump table annotations for Clang Peter Zijlstra <peterz(a)infradead.org> objtool: Remove annotate_{,un}reachable() Peter Zijlstra <peterz(a)infradead.org> unreachable: Unify Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Yu-Che Cheng <giver(a)chromium.org> thermal: gov_power_allocator: Update total_weight on bind and cdev updates Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/of: Fix cdev lookup in thermal_of_should_bind() Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Yu-Che Cheng <giver(a)chromium.org> thermal: gov_power_allocator: Fix incorrect calculation in divvy_up_power() Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Reject perout generation request Eric Dumazet <edumazet(a)google.com> idpf: fix checksums set in idpf_rx_rsc() Joe Damato <jdamato(a)fastly.com> selftests: drv-net: Check if combined-count exists Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Restore missing trace event when enabling vport QoS Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Fix vport QoS cleanup on error Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe: cancel pending job timer before freeing scheduler Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Avoid setting default Rx VSI twice in switchdev setup Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix deinitializing VF in error path Stanislav Fomichev <sdf(a)fomichev.me> tcp: devmem: don't write truncated dmabuf CMSGs to userspace Sascha Hauer <s.hauer(a)pengutronix.de> net: ethernet: ti: am65-cpsw: select PAGE_POOL Melissa Wen <mwen(a)igalia.com> drm/amd/display: restore edid reading from a given i2c adapter Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: keep enforce isolation up to date Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx: only call mes for enforce isolation if supported Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Prevent races when soft-resetting using SPI control Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Remove async regmap writes Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/xe/oa: Allow oa_exponent value of 0 Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl: Rename stream name of SAI DAI driver Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Linus Walleij <linus.walleij(a)linaro.org> net: dsa: rtl8366rb: Fix compilation problem Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header Eric Dumazet <edumazet(a)google.com> net: better track kernel sockets lifetime Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add net_passive_inc() and net_passive_dec(). David Howells <dhowells(a)redhat.com> afs: Give an afs_server object a ref on the afs_cell object it points to David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> rxrpc: rxperf: Fix missing decoding of terminal magic cookie Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix AH static rate parsing Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix implicit ODP hang on parent deregistration Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Handle -ETIMEDOUT return from tlshd Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix a deadlock when recovering state on a sillyrenamed file Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Adjust delegated timestamps for O_DIRECT reads and writes Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: O_DIRECT writes must check and adjust the file length Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> landlock: Fix non-TCP sockets restriction Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the statistics for Gen P7 VF Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Allocate dev_attr information dynamically Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add sanity checks on rdev validity Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix mbox timing out by adding retry mechanism Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Allocate PAGE aligned doorbell index Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a WARN during dereg_mr for DM type Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix the recovery flow of the UMR QP ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/hugetlb.h | 22 +- arch/arm64/include/asm/kvm_host.h | 2 +- arch/arm64/kvm/arm.c | 22 +- arch/arm64/kvm/vmid.c | 11 +- arch/arm64/mm/hugetlbpage.c | 51 +-- arch/arm64/mm/init.c | 7 +- arch/riscv/include/asm/cmpxchg.h | 2 +- arch/riscv/include/asm/futex.h | 2 +- arch/riscv/kernel/cacheinfo.c | 12 +- arch/riscv/kernel/cpufeature.c | 2 +- arch/riscv/kernel/setup.c | 2 +- arch/riscv/kernel/signal.c | 6 - arch/riscv/kvm/vcpu_sbi_hsm.c | 11 +- arch/riscv/kvm/vcpu_sbi_replace.c | 15 +- arch/x86/Kconfig | 1 + arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/cyrix.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 283 ++++++++----- arch/x86/kernel/cpu/microcode/amd_shas.c | 444 +++++++++++++++++++++ arch/x86/kernel/cpu/microcode/internal.h | 2 - block/blk-zoned.c | 76 +++- drivers/firmware/cirrus/cs_dsp.c | 24 +- drivers/firmware/efi/mokvar-table.c | 42 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 20 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4 + drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 4 + drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v10.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 86 +++- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 +- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 +- drivers/gpu/drm/drm_fbdev_dma.c | 217 +++++++--- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 - drivers/gpu/drm/xe/xe_guc_submit.c | 2 + drivers/gpu/drm/xe/xe_oa.c | 5 +- drivers/gpu/drm/xe/xe_vm.c | 40 +- drivers/i2c/busses/i2c-amd-asf-plat.c | 1 + drivers/i2c/busses/i2c-ls2x.c | 16 +- drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/hw/bnxt_re/bnxt_re.h | 2 +- drivers/infiniband/hw/bnxt_re/hw_counters.c | 4 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 40 +- drivers/infiniband/hw/bnxt_re/main.c | 41 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_res.h | 12 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/bnxt_re/qplib_sp.h | 3 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 64 ++- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 + drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/ah.c | 3 +- drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/mr.c | 16 +- drivers/infiniband/hw/mlx5/odp.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 10 +- drivers/infiniband/hw/mlx5/qp.h | 1 + drivers/infiniband/hw/mlx5/umr.c | 83 ++-- drivers/iommu/intel/dmar.c | 1 + drivers/iommu/intel/iommu.c | 10 +- drivers/md/dm-integrity.c | 8 +- drivers/md/dm-vdo/dedupe.c | 1 + drivers/net/dsa/realtek/Kconfig | 6 + drivers/net/dsa/realtek/Makefile | 3 + drivers/net/dsa/realtek/rtl8366rb-leds.c | 177 ++++++++ drivers/net/dsa/realtek/rtl8366rb.c | 258 +----------- drivers/net/dsa/realtek/rtl8366rb.h | 107 +++++ drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 103 +++-- drivers/net/ethernet/freescale/enetc/enetc4_pf.c | 2 +- .../net/ethernet/freescale/enetc/enetc_ethtool.c | 7 +- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 2 + drivers/net/ethernet/intel/ice/ice_eswitch.c | 3 +- drivers/net/ethernet/intel/ice/ice_sriov.c | 5 +- drivers/net/ethernet/intel/ice/ice_vf_lib.c | 8 + .../net/ethernet/intel/ice/ice_vf_lib_private.h | 1 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 + drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/ethernet/ti/icssg/icss_iep.c | 21 +- drivers/net/ipvlan/ipvlan_core.c | 21 +- drivers/net/loopback.c | 14 + drivers/net/phy/qcom/qca807x.c | 2 +- drivers/net/usb/gl620a.c | 4 +- drivers/phy/rockchip/Kconfig | 1 + drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 25 +- drivers/phy/st/phy-stm32-combophy.c | 38 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/scsi/scsi_lib.c | 14 +- drivers/thermal/gov_power_allocator.c | 32 +- drivers/thermal/thermal_of.c | 50 ++- drivers/ufs/core/ufs_bsg.c | 6 +- drivers/ufs/core/ufshcd.c | 38 +- fs/afs/server.c | 3 + fs/afs/server_list.c | 4 +- fs/btrfs/extent_map.c | 83 ++-- fs/btrfs/file.c | 9 +- fs/fuse/dev.c | 6 + fs/fuse/file.c | 13 +- fs/nfs/delegation.c | 37 ++ fs/nfs/delegation.h | 1 + fs/nfs/direct.c | 23 ++ fs/nfs/nfs4proc.c | 3 + fs/overlayfs/copy_up.c | 2 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/blkdev.h | 7 +- include/linux/compiler-gcc.h | 12 - include/linux/compiler.h | 39 +- include/linux/rcuref.h | 9 +- include/linux/socket.h | 2 + include/linux/sunrpc/sched.h | 3 +- include/net/net_namespace.h | 11 + include/net/sock.h | 1 + include/sound/cs35l56.h | 31 ++ include/trace/events/afs.h | 2 + include/trace/events/sunrpc.h | 3 +- io_uring/net.c | 4 +- kernel/events/core.c | 31 +- kernel/events/uprobes.c | 15 +- kernel/sched/core.c | 2 +- kernel/sched/ext.c | 11 +- kernel/trace/ftrace.c | 27 +- kernel/trace/trace_events_hist.c | 34 +- lib/rcuref.c | 5 +- net/bluetooth/l2cap_core.c | 9 +- net/core/gro.c | 1 + net/core/net_namespace.c | 8 +- net/core/scm.c | 10 + net/core/skbuff.c | 2 +- net/core/sock.c | 27 +- net/core/sysctl_net_core.c | 3 +- net/ipv4/tcp.c | 26 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/rpl_iptunnel.c | 14 +- net/ipv6/seg6_iptunnel.c | 14 +- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 20 +- net/netlink/af_netlink.c | 10 - net/rds/tcp.c | 8 +- net/rxrpc/rxperf.c | 12 + net/smc/af_smc.c | 5 +- net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - net/sunrpc/svcsock.c | 5 +- net/sunrpc/xprtsock.c | 18 +- security/integrity/ima/ima.h | 3 + security/integrity/ima/ima_main.c | 7 +- security/landlock/net.c | 3 +- sound/pci/hda/cs35l56_hda_spi.c | 3 + sound/pci/hda/patch_realtek.c | 2 +- sound/soc/codecs/cs35l56-shared.c | 80 ++++ sound/soc/codecs/cs35l56-spi.c | 3 + sound/soc/codecs/es8328.c | 15 +- sound/soc/fsl/fsl_sai.c | 6 +- sound/soc/fsl/imx-audmix.c | 4 +- sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + tools/objtool/check.c | 50 +-- tools/objtool/include/objtool/special.h | 2 +- tools/testing/selftests/drivers/net/queues.py | 7 +- tools/testing/selftests/landlock/common.h | 1 + tools/testing/selftests/landlock/config | 2 + tools/testing/selftests/landlock/net_test.c | 124 +++++- tools/testing/selftests/rseq/rseq-riscv-bits.h | 6 +- tools/testing/selftests/rseq/rseq-riscv.h | 2 +- 180 files changed, 2674 insertions(+), 1209 deletions(-)

3 months, 1 week

15
177
0 0

Linux 6.13.6

by Greg Kroah-Hartman

I'm announcing the release of the 6.13.6 kernel. All users of the 6.13 kernel series must upgrade. The updated 6.13.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/include/asm/kvm_host.h | 2 arch/arm64/kvm/arm.c | 22 arch/arm64/kvm/vmid.c | 11 arch/arm64/mm/init.c | 7 arch/riscv/include/asm/cmpxchg.h | 2 arch/riscv/include/asm/futex.h | 2 arch/riscv/kernel/cacheinfo.c | 12 arch/riscv/kernel/cpufeature.c | 2 arch/riscv/kernel/setup.c | 2 arch/riscv/kernel/signal.c | 6 arch/riscv/kvm/vcpu_sbi_hsm.c | 11 arch/riscv/kvm/vcpu_sbi_replace.c | 15 arch/x86/Kconfig | 1 arch/x86/events/core.c | 2 arch/x86/kernel/cpu/cyrix.c | 4 arch/x86/kernel/cpu/microcode/amd.c | 283 +++++++---- arch/x86/kernel/cpu/microcode/amd_shas.c | 444 ++++++++++++++++++ arch/x86/kernel/cpu/microcode/internal.h | 2 block/blk-zoned.c | 76 ++- drivers/firmware/cirrus/cs_dsp.c | 24 drivers/firmware/efi/mokvar-table.c | 42 - drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 20 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v10.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 86 +++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 - drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 - drivers/gpu/drm/drm_fbdev_dma.c | 217 ++++++-- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 drivers/gpu/drm/xe/xe_oa.c | 5 drivers/gpu/drm/xe/xe_vm.c | 40 + drivers/i2c/busses/i2c-amd-asf-plat.c | 1 drivers/i2c/busses/i2c-ls2x.c | 16 drivers/i2c/busses/i2c-npcm7xx.c | 7 drivers/idle/intel_idle.c | 4 drivers/infiniband/hw/bnxt_re/bnxt_re.h | 2 drivers/infiniband/hw/bnxt_re/hw_counters.c | 4 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 40 - drivers/infiniband/hw/bnxt_re/main.c | 41 + drivers/infiniband/hw/bnxt_re/qplib_res.c | 7 drivers/infiniband/hw/bnxt_re/qplib_res.h | 12 drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 drivers/infiniband/hw/bnxt_re/qplib_sp.h | 3 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 64 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 drivers/infiniband/hw/mana/main.c | 2 drivers/infiniband/hw/mlx5/ah.c | 3 drivers/infiniband/hw/mlx5/counters.c | 8 drivers/infiniband/hw/mlx5/mr.c | 16 drivers/infiniband/hw/mlx5/odp.c | 1 drivers/infiniband/hw/mlx5/qp.c | 10 drivers/infiniband/hw/mlx5/qp.h | 1 drivers/infiniband/hw/mlx5/umr.c | 83 ++- drivers/iommu/intel/dmar.c | 1 drivers/iommu/intel/iommu.c | 10 drivers/md/dm-integrity.c | 8 drivers/md/dm-vdo/dedupe.c | 1 drivers/net/dsa/realtek/Kconfig | 6 drivers/net/dsa/realtek/Makefile | 3 drivers/net/dsa/realtek/rtl8366rb-leds.c | 177 +++++++ drivers/net/dsa/realtek/rtl8366rb.c | 258 ---------- drivers/net/dsa/realtek/rtl8366rb.h | 107 ++++ drivers/net/ethernet/cadence/macb.h | 2 drivers/net/ethernet/cadence/macb_main.c | 12 drivers/net/ethernet/freescale/enetc/enetc.c | 103 +++- drivers/net/ethernet/freescale/enetc/enetc4_pf.c | 2 drivers/net/ethernet/freescale/enetc/enetc_ethtool.c | 7 drivers/net/ethernet/google/gve/gve_rx_dqo.c | 2 drivers/net/ethernet/intel/ice/ice_eswitch.c | 3 drivers/net/ethernet/intel/ice/ice_sriov.c | 5 drivers/net/ethernet/intel/ice/ice_vf_lib.c | 8 drivers/net/ethernet/intel/ice/ice_vf_lib_private.h | 1 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 8 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 drivers/net/ethernet/ti/Kconfig | 1 drivers/net/ethernet/ti/icssg/icss_iep.c | 21 drivers/net/ipvlan/ipvlan_core.c | 21 drivers/net/loopback.c | 14 drivers/net/phy/qcom/qca807x.c | 2 drivers/net/usb/gl620a.c | 4 drivers/phy/rockchip/Kconfig | 1 drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 drivers/phy/samsung/phy-exynos5-usbdrd.c | 25 - drivers/phy/st/phy-stm32-combophy.c | 38 - drivers/phy/tegra/xusb-tegra186.c | 11 drivers/scsi/scsi_lib.c | 14 drivers/thermal/gov_power_allocator.c | 32 - drivers/thermal/thermal_of.c | 50 +- drivers/ufs/core/ufs_bsg.c | 6 drivers/ufs/core/ufshcd.c | 38 - fs/afs/server.c | 3 fs/afs/server_list.c | 4 fs/btrfs/extent_map.c | 83 ++- fs/btrfs/file.c | 9 fs/fuse/dev.c | 6 fs/fuse/file.c | 13 fs/nfs/delegation.c | 37 + fs/nfs/delegation.h | 1 fs/nfs/direct.c | 23 fs/nfs/nfs4proc.c | 3 fs/overlayfs/copy_up.c | 2 include/asm-generic/vmlinux.lds.h | 2 include/linux/blkdev.h | 7 include/linux/compiler-gcc.h | 12 include/linux/compiler.h | 39 - include/linux/rcuref.h | 9 include/linux/socket.h | 2 include/linux/sunrpc/sched.h | 3 include/net/net_namespace.h | 11 include/net/sock.h | 1 include/sound/cs35l56.h | 31 + include/trace/events/afs.h | 2 include/trace/events/sunrpc.h | 3 io_uring/net.c | 4 kernel/events/core.c | 31 - kernel/events/uprobes.c | 15 kernel/sched/core.c | 2 kernel/sched/ext.c | 11 kernel/trace/ftrace.c | 27 - kernel/trace/trace_events_hist.c | 30 - lib/rcuref.c | 5 net/bluetooth/l2cap_core.c | 9 net/core/gro.c | 1 net/core/net_namespace.c | 8 net/core/scm.c | 10 net/core/skbuff.c | 2 net/core/sock.c | 27 - net/core/sysctl_net_core.c | 3 net/ipv4/tcp.c | 26 - net/ipv4/tcp_minisocks.c | 10 net/ipv6/rpl_iptunnel.c | 14 net/ipv6/seg6_iptunnel.c | 14 net/mptcp/pm_netlink.c | 5 net/mptcp/subflow.c | 20 net/netlink/af_netlink.c | 10 net/rds/tcp.c | 8 net/rxrpc/rxperf.c | 12 net/smc/af_smc.c | 5 net/sunrpc/cache.c | 10 net/sunrpc/sched.c | 2 net/sunrpc/svcsock.c | 5 net/sunrpc/xprtsock.c | 18 security/integrity/ima/ima.h | 3 security/integrity/ima/ima_main.c | 7 security/landlock/net.c | 3 sound/pci/hda/cs35l56_hda_spi.c | 3 sound/pci/hda/patch_realtek.c | 2 sound/soc/codecs/cs35l56-shared.c | 80 +++ sound/soc/codecs/cs35l56-spi.c | 3 sound/soc/codecs/es8328.c | 15 sound/soc/fsl/fsl_sai.c | 6 sound/soc/fsl/imx-audmix.c | 4 sound/usb/midi.c | 2 sound/usb/quirks.c | 1 tools/objtool/check.c | 50 -- tools/objtool/include/objtool/special.h | 2 tools/testing/selftests/drivers/net/queues.py | 7 tools/testing/selftests/landlock/common.h | 1 tools/testing/selftests/landlock/config | 2 tools/testing/selftests/landlock/net_test.c | 124 ++++- tools/testing/selftests/rseq/rseq-riscv-bits.h | 6 tools/testing/selftests/rseq/rseq-riscv.h | 2 177 files changed, 2634 insertions(+), 1168 deletions(-) Adrien Vergé (1): ALSA: hda/realtek: Fix microphone regression on ASUS N705UD Alex Deucher (3): drm/amdgpu/gfx: only call mes for enforce isolation if supported drm/amdgpu/mes: keep enforce isolation up to date drm/amdgpu: disable BAR resize on Dell G5 SE Andreas Schwab (2): riscv/atomic: Do proper sign extension also for unsigned in arch_cmpxchg riscv/futex: sign extend compare value in atomic cmpxchg Andrew Jones (4): riscv: KVM: Fix hart suspend status check riscv: KVM: Fix hart suspend_type use riscv: KVM: Fix SBI IPI error generation riscv: KVM: Fix SBI TIME error generation Andrii Nakryiko (1): uprobes: Remove too strict lockdep_assert() condition in hprobe_expire() André Draszik (1): phy: exynos5-usbdrd: gs101: ensure power is gated to SS phy in phy_exit() Ard Biesheuvel (2): objtool: Fix C jump table annotations for Clang vmlinux.lds: Ensure that const vars with relocations are mapped R/O Arnd Bergmann (2): sunrpc: suppress warnings for unused procfs functions phy: rockchip: fix Kconfig dependency more Arthur Simchaev (1): scsi: ufs: core: bsg: Fix crash when arpmb command fails BH Hsieh (1): phy: tegra: xusb: reset VBUS & ID OVERRIDE Bart Van Assche (1): scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() Benjamin Coddington (1): SUNRPC: Handle -ETIMEDOUT return from tlshd Binbin Zhou (1): i2c: ls2x: Fix frequency division register access Borislav Petkov (AMD) (7): x86/microcode/AMD: Have __apply_microcode_amd() return bool x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations x86/microcode/AMD: Merge early_apply_microcode() into its single callsite x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration x86/microcode/AMD: Add get_patch_level() x86/microcode/AMD: Load only SHA256-checksummed patches Breno Leitao (1): perf/core: Add RCU read lock protection to perf_iterate_ctx() Carolina Jubran (2): net/mlx5: Fix vport QoS cleanup on error net/mlx5: Restore missing trace event when enabling vport QoS Chancel Liu (1): ASoC: fsl: Rename stream name of SAI DAI driver Christian Bruel (1): phy: stm32: Fix constant-value overflow assertion Chukun Pan (1): phy: rockchip: naneng-combphy: compatible reset with old DT Clément Léger (1): riscv: cpufeature: use bitmap_equal() instead of memcmp() Damien Le Moal (1): block: Remove zone write plugs when handling native zone append writes David Howells (3): rxrpc: rxperf: Fix missing decoding of terminal magic cookie afs: Fix the server_list to unuse a displaced server rather than putting it afs: Give an afs_server object a ref on the afs_cell object it points to David Yat Sin (1): drm/amdkfd: Preserve cp_hqd_pq_control on update_mqd Dmitry Panchenko (1): ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Eric Dumazet (3): net: better track kernel sockets lifetime ipvlan: ensure network headers are in skb linear part idpf: fix checksums set in idpf_rx_rsc() Filipe Manana (3): btrfs: skip inodes without loaded extent maps when shrinking extent maps btrfs: do regular iput instead of delayed iput during extent map shrinking btrfs: fix use-after-free on inode when scanning root during em shrinking George Moussalem (1): net: phy: qcom: qca807x fix condition for DAC_DSP_BIAS_CURRENT Greg Kroah-Hartman (1): Linux 6.13.6 Harshal Chaudhari (1): net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Harshitha Ramamurthy (1): gve: unlink old napi when stopping a queue using queue API Ido Schimmel (1): net: loopback: Avoid sending IP packets without an Ethernet header Jerry Snitselaar (1): iommu/vt-d: Remove device comparison in context_setup_pass_through_cb Jiri Slaby (SUSE) (1): net: set the minimum for net_hotdata.netdev_budget_usecs Joanne Koong (1): fuse: revert back to __readahead_folio() for readahead Joe Damato (1): selftests: drv-net: Check if combined-count exists Junxian Huang (1): RDMA/hns: Fix mbox timing out by adding retry mechanism Justin Iurman (2): net: ipv6: fix dst ref loop on input in seg6 lwt net: ipv6: fix dst ref loop on input in rpl lwt Kalesh AP (2): RDMA/bnxt_re: Add sanity checks on rdev validity RDMA/bnxt_re: Allocate dev_attr information dynamically Kan Liang (2): perf/x86: Fix low freqency setting issue perf/core: Fix low freq setting via IOC_PERIOD Kashyap Desai (1): RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers Kaustabh Chakraborty (1): phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk Ken Raeburn (1): dm vdo: add missing spin_lock_init Konstantin Taranov (1): RDMA/mana_ib: Allocate PAGE aligned doorbell index Kuniyuki Iwashima (1): net: Add net_passive_inc() and net_passive_dec(). Linus Walleij (1): net: dsa: rtl8366rb: Fix compilation problem Lu Baolu (1): iommu/vt-d: Fix suspicious RCU usage Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Luo Gengkun (1): perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Manivannan Sadhasivam (1): scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() Marcin Szycik (2): ice: Fix deinitializing VF in error path ice: Avoid setting default Rx VSI twice in switchdev setup Mark Zhang (1): IB/mlx5: Set and get correct qp_num for a DCT QP Matthew Auld (2): drm/xe/userptr: restore invalidation list on error drm/xe/userptr: fix EFAULT handling Matthieu Baerts (NGI0) (1): mptcp: reset when MPTCP opts are dropped after join Meghana Malladi (1): net: ti: icss-iep: Reject perout generation request Melissa Wen (1): drm/amd/display: restore edid reading from a given i2c adapter Mikhail Ivanov (3): landlock: Fix non-TCP sockets restriction selftests/landlock: Test that MPTCP actions are not restricted selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP Milan Broz (1): dm-integrity: Avoid divide by zero in table status in Inline mode Mingcong Bai (1): drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size) Mohammad Heib (1): net: Clear old fragment checksum value in napi_reuse_skb Nicolas Frattaroli (1): ASoC: es8328: fix route from DAC to output Nikita Zhandarovich (1): usbnet: gl620a: fix endpoint checking in genelink_bind() Nikolay Borisov (1): x86/microcode/AMD: Return bool from find_blobs_in_containers() Nikolay Kuratov (1): ftrace: Avoid potential division by zero in function_stat_show() Oliver Upton (1): KVM: arm64: Ensure a VMID is allocated before programming VTTBR_EL2 Paolo Abeni (1): mptcp: always handle address removal under msk socket lock Patrisious Haddad (2): RDMA/mlx5: Fix AH static rate parsing RDMA/mlx5: Fix bind QP error cleanup flow Pavel Begunkov (1): io_uring/net: save msg_control for compat Peter Jones (1): efi: Don't map the entire mokvar table to determine its size Peter Zijlstra (2): unreachable: Unify objtool: Remove annotate_{,un}reachable() Philo Lu (1): ipvs: Always clear ipvs_property flag in skb_scrub_packet() Pierre-Eric Pelloux-Prayer (1): drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Qu Wenruo (1): btrfs: fix data overwriting bug during buffered write when block size < page size Qunqin Zhao (1): net: stmmac: dwmac-loongson: Add fix_soc_reset() callback Rafael J. Wysocki (1): thermal/of: Fix cdev lookup in thermal_of_should_bind() Richard Fitzgerald (2): firmware: cs_dsp: Remove async regmap writes ASoC: cs35l56: Prevent races when soft-resetting using SPI control Rob Herring (1): riscv: cacheinfo: Use of_property_present() for non-boolean properties Roberto Sassu (1): ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Roman Li (1): drm/amd/display: Fix HPD after gpu reset Russell Senior (1): x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ryan Roberts (1): arm64/mm: Fix Boot panic on Ampere Altra Sascha Hauer (1): net: ethernet: ti: am65-cpsw: select PAGE_POOL Sean Anderson (1): net: cadence: macb: Synchronize stats calculations Selvin Xavier (1): RDMA/bnxt_re: Fix the statistics for Gen P7 VF Shay Drory (1): net/mlx5: IRQ, Fix null string in debug print Shyam Sundar S K (1): i2c: amd-asf: Fix EOI register write to enable successive interrupts Stafford Horne (1): rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm Stanislav Fomichev (1): tcp: devmem: don't write truncated dmabuf CMSGs to userspace Steven Rostedt (1): tracing: Fix bad hist from corrupting named_triggers list Takashi Iwai (2): ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 Tejun Heo (1): sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() Thomas Gleixner (3): intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly rcuref: Plug slowpath race in rcuref_put() sched/core: Prevent rescheduling when interrupts are disabled Thomas Zimmermann (1): drm/fbdev-dma: Add shadow buffering for deferred I/O Tom Chung (1): drm/amd/display: Disable PSR-SU on eDP panels Tong Tiangen (1): uprobes: Reject the shared zeropage in uprobe_write_opcode() Trond Myklebust (4): NFS: O_DIRECT writes must check and adjust the file length NFS: Adjust delegated timestamps for O_DIRECT reads and writes SUNRPC: Prevent looping due to rpc_signal_task() races NFSv4: Fix a deadlock when recovering state on a sillyrenamed file Tyrone Ting (1): i2c: npcm: disable interrupt enable bit before devm_request_irq Umesh Nerlige Ramappa (1): drm/xe/oa: Allow oa_exponent value of 0 Vasiliy Kovalev (1): ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Wang Hai (1): tcp: Defer ts_recent changes until req is owned Wei Fang (8): net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC net: enetc: update UDP checksum when updating originTimestamp field net: enetc: correct the xdp_tx statistics net: enetc: remove the mm_lock from the ENETC v4 driver net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() net: enetc: add missing enetc4_link_deinit() Ye Bin (1): scsi: core: Clear driver private data when retrying request Yilin Chen (1): drm/amd/display: add a quirk to enable eDP0 on DP1 Yishai Hadas (4): RDMA/mlx5: Fix the recovery flow of the UMR QP RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error RDMA/mlx5: Fix a WARN during dereg_mr for DM type RDMA/mlx5: Fix implicit ODP hang on parent deregistration Yong-Xuan Wang (2): riscv: signal: fix signal frame size riscv: signal: fix signal_minsigstksz Yu-Che Cheng (2): thermal: gov_power_allocator: Fix incorrect calculation in divvy_up_power() thermal: gov_power_allocator: Update total_weight on bind and cdev updates chr[] (1): amdgpu/pm/legacy: fix suspend/resume issues

3 months, 1 week

3
4
0 0

[PATCH 6.12 000/148] 6.12.18-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.18 release. There are 148 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 08 Mar 2025 15:13:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.18-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.18-rc2 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: gov_power_allocator: Add missing NULL pointer check Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Load only SHA256-checksummed patches Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add get_patch_level() Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Merge early_apply_microcode() into its single callsite Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Have __apply_microcode_amd() return bool Nikolay Borisov <nik.borisov(a)suse.com> x86/microcode/AMD: Return bool from find_blobs_in_containers() chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Peter Jones <pjones(a)redhat.com> efi: Don't map the entire mokvar table to determine its size Clément Léger <cleger(a)rivosinc.com> riscv: cpufeature: use bitmap_equal() instead of memcmp() Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal_minsigstksz Rob Herring <robh(a)kernel.org> riscv: cacheinfo: Use of_property_present() for non-boolean properties Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal frame size Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Stafford Horne <shorne(a)gmail.com> rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm Arthur Simchaev <arthur.simchaev(a)sandisk.com> scsi: ufs: core: bsg: Fix crash when arpmb command fails Roberto Sassu <roberto.sassu(a)huawei.com> ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Ken Raeburn <raeburn(a)redhat.com> dm vdo: add missing spin_lock_init Milan Broz <gmazyland(a)gmail.com> dm-integrity: Avoid divide by zero in table status in Inline mode Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP Tejun Heo <tj(a)kernel.org> sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Thomas Gleixner <tglx(a)linutronix.de> rcuref: Plug slowpath race in rcuref_put() Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> selftests/landlock: Test that MPTCP actions are not restricted Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix suspicious RCU usage Jerry Snitselaar <jsnitsel(a)redhat.com> iommu/vt-d: Remove device comparison in context_setup_pass_through_cb André Draszik <andre.draszik(a)linaro.org> phy: exynos5-usbdrd: gs101: ensure power is gated to SS phy in phy_exit() Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() George Moussalem <george.moussalem(a)outlook.com> net: phy: qcom: qca807x fix condition for DAC_DSP_BIAS_CURRENT Qunqin Zhao <zhaoqunqin(a)loongson.cn> net: stmmac: dwmac-loongson: Add fix_soc_reset() callback Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Binbin Zhou <zhoubinbin(a)loongson.cn> i2c: ls2x: Fix frequency division register access Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Damien Le Moal <dlemoal(a)kernel.org> block: Remove zone write plugs when handling native zone append writes Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Fix Boot panic on Ampere Altra Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Yilin Chen <Yilin.Chen(a)amd.com> drm/amd/display: add a quirk to enable eDP0 on DP1 Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable BAR resize on Dell G5 SE David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: Preserve cp_hqd_pq_control on update_mqd Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: fix EFAULT handling Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: restore invalidation list on error Mingcong Bai <jeffbai(a)aosc.io> drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size) Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Breno Leitao <leitao(a)debian.org> perf/core: Add RCU read lock protection to perf_iterate_ctx() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Ensure a VMID is allocated before programming VTTBR_EL2 Adrien Vergé <adrienverge(a)gmail.com> ALSA: hda/realtek: Fix microphone regression on ASUS N705UD Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI TIME error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI IPI error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend_type use Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend status check Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Arnd Bergmann <arnd(a)arndb.de> phy: rockchip: fix Kconfig dependency more Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ard Biesheuvel <ardb(a)kernel.org> objtool: Fix C jump table annotations for Clang Peter Zijlstra <peterz(a)infradead.org> objtool: Remove annotate_{,un}reachable() Peter Zijlstra <peterz(a)infradead.org> unreachable: Unify Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Yu-Che Cheng <giver(a)chromium.org> thermal: gov_power_allocator: Update total_weight on bind and cdev updates Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Move lists of thermal instances to trip descriptors Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/of: Fix cdev lookup in thermal_of_should_bind() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> thermal: of: Simplify thermal_of_should_bind with scoped for each OF child Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Yu-Che Cheng <giver(a)chromium.org> thermal: gov_power_allocator: Fix incorrect calculation in divvy_up_power() Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Reject perout generation request Eric Dumazet <edumazet(a)google.com> idpf: fix checksums set in idpf_rx_rsc() Joe Damato <jdamato(a)fastly.com> selftests: drv-net: Check if combined-count exists Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Avoid setting default Rx VSI twice in switchdev setup Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix deinitializing VF in error path Paul Greenwalt <paul.greenwalt(a)intel.com> ice: add E830 HW VF mailbox message limit support Stanislav Fomichev <sdf(a)fomichev.me> tcp: devmem: don't write truncated dmabuf CMSGs to userspace Sascha Hauer <s.hauer(a)pengutronix.de> net: ethernet: ti: am65-cpsw: select PAGE_POOL Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Prevent races when soft-resetting using SPI control Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Remove async regmap writes Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/xe/oa: Allow oa_exponent value of 0 Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Allow only certain property changes from config Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Add syncs support to OA config ioctl Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Move functions up so they can be reused for config ioctl Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Signal output fences Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl: Rename stream name of SAI DAI driver Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Linus Walleij <linus.walleij(a)linaro.org> net: dsa: rtl8366rb: Fix compilation problem Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Guillaume Nault <gnault(a)redhat.com> ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert ip_route_input() to dscp_t. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert icmp_route_lookup() to dscp_t. Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header David Howells <dhowells(a)redhat.com> afs: Give an afs_server object a ref on the afs_cell object it points to David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> rxrpc: rxperf: Fix missing decoding of terminal magic cookie Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix AH static rate parsing Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix implicit ODP hang on parent deregistration Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Handle -ETIMEDOUT return from tlshd Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix a deadlock when recovering state on a sillyrenamed file Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Adjust delegated timestamps for O_DIRECT reads and writes Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: O_DIRECT writes must check and adjust the file length Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> landlock: Fix non-TCP sockets restriction Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the statistics for Gen P7 VF Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Allocate dev_attr information dynamically Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add sanity checks on rdev validity Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Cache MSIx info to a local structure Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Refactor NQ allocation Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fail probe early when not enough MSI-x vectors are reserved Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix mbox timing out by adding retry mechanism Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Allocate PAGE aligned doorbell index Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a WARN during dereg_mr for DM type Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix the recovery flow of the UMR QP ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/kvm_host.h | 2 +- arch/arm64/kvm/arm.c | 22 +- arch/arm64/kvm/vmid.c | 11 +- arch/arm64/mm/init.c | 7 +- arch/riscv/include/asm/futex.h | 2 +- arch/riscv/kernel/cacheinfo.c | 12 +- arch/riscv/kernel/cpufeature.c | 2 +- arch/riscv/kernel/setup.c | 2 +- arch/riscv/kernel/signal.c | 6 - arch/riscv/kvm/vcpu_sbi_hsm.c | 11 +- arch/riscv/kvm/vcpu_sbi_replace.c | 15 +- arch/x86/Kconfig | 1 + arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/cyrix.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 283 ++++++--- arch/x86/kernel/cpu/microcode/amd_shas.c | 444 ++++++++++++++ arch/x86/kernel/cpu/microcode/internal.h | 2 - block/blk-zoned.c | 76 ++- drivers/firmware/cirrus/cs_dsp.c | 24 +- drivers/firmware/efi/mokvar-table.c | 42 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 + drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v10.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 69 ++- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 +- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 +- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 - drivers/gpu/drm/xe/xe_oa.c | 657 ++++++++++++--------- drivers/gpu/drm/xe/xe_oa_types.h | 6 + drivers/gpu/drm/xe/xe_vm.c | 40 +- drivers/i2c/busses/i2c-ls2x.c | 16 +- drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/hw/bnxt_re/bnxt_re.h | 18 +- drivers/infiniband/hw/bnxt_re/hw_counters.c | 4 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 46 +- drivers/infiniband/hw/bnxt_re/main.c | 153 +++-- drivers/infiniband/hw/bnxt_re/qplib_res.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_res.h | 12 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/bnxt_re/qplib_sp.h | 3 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 64 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 + drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/ah.c | 3 +- drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/mr.c | 16 +- drivers/infiniband/hw/mlx5/odp.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 10 +- drivers/infiniband/hw/mlx5/qp.h | 1 + drivers/infiniband/hw/mlx5/umr.c | 83 ++- drivers/iommu/intel/dmar.c | 1 + drivers/iommu/intel/iommu.c | 10 +- drivers/md/dm-integrity.c | 8 +- drivers/md/dm-vdo/dedupe.c | 1 + drivers/net/dsa/realtek/Kconfig | 6 + drivers/net/dsa/realtek/Makefile | 3 + drivers/net/dsa/realtek/rtl8366rb-leds.c | 177 ++++++ drivers/net/dsa/realtek/rtl8366rb.c | 258 +------- drivers/net/dsa/realtek/rtl8366rb.h | 107 ++++ drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 103 +++- .../net/ethernet/freescale/enetc/enetc_ethtool.c | 7 +- drivers/net/ethernet/intel/ice/ice.h | 1 + drivers/net/ethernet/intel/ice/ice_eswitch.c | 3 +- drivers/net/ethernet/intel/ice/ice_hw_autogen.h | 3 + drivers/net/ethernet/intel/ice/ice_lib.c | 3 + drivers/net/ethernet/intel/ice/ice_main.c | 24 +- drivers/net/ethernet/intel/ice/ice_sriov.c | 4 +- drivers/net/ethernet/intel/ice/ice_vf_lib.c | 34 +- .../net/ethernet/intel/ice/ice_vf_lib_private.h | 1 + drivers/net/ethernet/intel/ice/ice_vf_mbx.c | 32 + drivers/net/ethernet/intel/ice/ice_vf_mbx.h | 9 + drivers/net/ethernet/intel/ice/ice_virtchnl.c | 8 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 + drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/ethernet/ti/icssg/icss_iep.c | 21 +- drivers/net/ipvlan/ipvlan_core.c | 22 +- drivers/net/loopback.c | 14 + drivers/net/phy/qcom/qca807x.c | 2 +- drivers/net/usb/gl620a.c | 4 +- drivers/phy/rockchip/Kconfig | 1 + drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 25 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/scsi/scsi_lib.c | 14 +- drivers/thermal/gov_bang_bang.c | 11 +- drivers/thermal/gov_fair_share.c | 16 +- drivers/thermal/gov_power_allocator.c | 71 ++- drivers/thermal/gov_step_wise.c | 16 +- drivers/thermal/thermal_core.c | 33 +- drivers/thermal/thermal_core.h | 5 +- drivers/thermal/thermal_helpers.c | 5 +- drivers/thermal/thermal_of.c | 53 +- drivers/ufs/core/ufs_bsg.c | 6 +- drivers/ufs/core/ufshcd.c | 38 +- fs/afs/server.c | 3 + fs/afs/server_list.c | 4 +- fs/nfs/delegation.c | 37 ++ fs/nfs/delegation.h | 1 + fs/nfs/direct.c | 23 + fs/nfs/nfs4proc.c | 3 + fs/overlayfs/copy_up.c | 2 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/blkdev.h | 7 +- include/linux/compiler-gcc.h | 12 - include/linux/compiler.h | 39 +- include/linux/rcuref.h | 9 +- include/linux/socket.h | 2 + include/linux/sunrpc/sched.h | 3 +- include/net/ip.h | 5 + include/net/route.h | 5 +- include/sound/cs35l56.h | 31 + include/trace/events/afs.h | 2 + include/trace/events/sunrpc.h | 3 +- io_uring/net.c | 4 +- kernel/events/core.c | 31 +- kernel/events/uprobes.c | 5 + kernel/sched/core.c | 2 +- kernel/sched/ext.c | 11 +- kernel/trace/ftrace.c | 27 +- kernel/trace/trace_events_hist.c | 34 +- lib/rcuref.c | 5 +- net/bluetooth/l2cap_core.c | 9 +- net/bridge/br_netfilter_hooks.c | 8 +- net/core/gro.c | 1 + net/core/scm.c | 10 + net/core/skbuff.c | 2 +- net/core/sysctl_net_core.c | 3 +- net/ipv4/icmp.c | 19 +- net/ipv4/ip_options.c | 3 +- net/ipv4/tcp.c | 26 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/ip6_tunnel.c | 4 +- net/ipv6/rpl_iptunnel.c | 14 +- net/ipv6/seg6_iptunnel.c | 14 +- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 15 +- net/rxrpc/rxperf.c | 12 + net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - net/sunrpc/xprtsock.c | 10 +- security/integrity/ima/ima.h | 3 + security/integrity/ima/ima_main.c | 7 +- security/landlock/net.c | 3 +- sound/pci/hda/cs35l56_hda_spi.c | 3 + sound/pci/hda/patch_realtek.c | 2 +- sound/soc/codecs/cs35l56-shared.c | 80 +++ sound/soc/codecs/cs35l56-spi.c | 3 + sound/soc/codecs/es8328.c | 15 +- sound/soc/fsl/fsl_sai.c | 6 +- sound/soc/fsl/imx-audmix.c | 4 +- sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + tools/objtool/check.c | 50 +- tools/objtool/include/objtool/special.h | 2 +- tools/testing/selftests/drivers/net/queues.py | 7 +- tools/testing/selftests/landlock/common.h | 1 + tools/testing/selftests/landlock/config | 2 + tools/testing/selftests/landlock/net_test.c | 124 +++- tools/testing/selftests/rseq/rseq-riscv-bits.h | 6 +- tools/testing/selftests/rseq/rseq-riscv.h | 2 +- 173 files changed, 2932 insertions(+), 1409 deletions(-)

3 months, 1 week

9
10
0 0

Linux 6.6.82

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.82 kernel. All i386 users of the 6.6 kernel series must upgrade (as they skipped the last release.) All other arches can skip this one as it should not affect them. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/Kconfig | 4 + arch/x86/include/asm/microcode.h | 2 arch/x86/include/asm/setup.h | 1 arch/x86/kernel/Makefile | 1 arch/x86/kernel/head32.c | 117 ++++++++++++++++++++++++++++----------- 6 files changed, 93 insertions(+), 34 deletions(-) Greg Kroah-Hartman (1): Linux 6.6.82 Thomas Gleixner (6): x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() x86/boot/32: Restructure mk_early_pgtbl_32() x86/microcode: Provide CONFIG_MICROCODE_INITRD32 x86/boot/32: Temporarily map initrd for microcode loading

3 months, 1 week

1
1
0 0

[PATCH 6.6 000/147] 6.6.81-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.81 release. There are 147 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 08 Mar 2025 15:13:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.81-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.81-rc2 Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: core: Cancel RTC work during ufshcd_remove() Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Start the RTC update work later Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix another deadlock during RTC update Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix deadlock during RTC update Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Load only SHA256-checksummed patches Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add get_patch_level() Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Merge early_apply_microcode() into its single callsite Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Have __apply_microcode_amd() return bool Nikolay Borisov <nik.borisov(a)suse.com> x86/microcode/AMD: Make __verify_patch_size() return bool Nikolay Borisov <nik.borisov(a)suse.com> x86/microcode/AMD: Return bool from find_blobs_in_containers() Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Flush patch buffer mapping after application Chang S. Bae <chang.seok.bae(a)intel.com> x86/microcode/intel: Remove unnecessary cache writeback and invalidation Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Split load_microcode_amd() Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Pay attention to the stepping dynamically Borislav Petkov <bp(a)alien8.de> x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/intel: Set new revision only after a successful update Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode: Rework early revisions reporting Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Prepare for minimal revision check Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Handle "offline" CPUs correctly Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Provide apic_force_nmi_on_cpu() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Protect against instrumentation Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Rendezvous and load in NMI Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Replace the all-in-one rendevous handler Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Provide new control functions Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Add per CPU control field Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Add per CPU result state Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Sanitize __wait_for_cpus() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Clarify the late load logic Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Handle "nosmt" correctly Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Clean up mc_cpu_down_prep() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Get rid of the schedule work indirection Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Mop up early loading leftovers Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/amd: Use cached microcode for AP load Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/amd: Cache builtin/initrd microcode early Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/amd: Cache builtin microcode too Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/amd: Use correct per CPU ucode_cpu_info Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Remove pointless apply() invocation Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Rework intel_find_matching_signature() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Reuse intel_cpu_collect_info() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Rework intel_cpu_collect_info() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Unify microcode apply() functions Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Switch to kvmalloc() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Save the microcode only after a successful late-load Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Simplify early loading Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Cleanup code further Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Simplify and rename generic_load_microcode() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Simplify scan_microcode() Ashok Raj <ashok.raj(a)intel.com> x86/microcode/intel: Rip out mixed stepping support for Intel CPUs Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/32: Move early loading after paging enable Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly Joshua Washington <joshwash(a)google.com> gve: set xdp redirect target only when it is available chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> Revert "rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads" Tomas Glozar <tglozar(a)redhat.com> Revert "rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads" Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal frame size Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Stafford Horne <shorne(a)gmail.com> rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm Arthur Simchaev <arthur.simchaev(a)sandisk.com> scsi: ufs: core: bsg: Fix crash when arpmb command fails Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Thomas Gleixner <tglx(a)linutronix.de> rcuref: Plug slowpath race in rcuref_put() Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Binbin Zhou <zhoubinbin(a)loongson.cn> i2c: ls2x: Fix frequency division register access Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Breno Leitao <leitao(a)debian.org> perf/core: Add RCU read lock protection to perf_iterate_ctx() Adrien Vergé <adrienverge(a)gmail.com> ALSA: hda/realtek: Fix microphone regression on ASUS N705UD Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI TIME error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI IPI error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend status check Yong-Xuan Wang <yongxuan.wang(a)sifive.com> RISCV: KVM: Introduce mp_state_lock to avoid lock inversion Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Reject perout generation request Diogo Ivo <diogo.ivo(a)siemens.com> net: ti: icss-iep: Remove spinlock-based synchronization Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix deinitializing VF in error path Paul Greenwalt <paul.greenwalt(a)intel.com> ice: add E830 HW VF mailbox message limit support Paul Greenwalt <paul.greenwalt(a)intel.com> ice: Add E830 device IDs, MAC type and registers Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add quirks for ASUS ROG 2023 models Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Remove async regmap writes Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Guillaume Nault <gnault(a)redhat.com> ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert ip_route_input() to dscp_t. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert icmp_route_lookup() to dscp_t. Ido Schimmel <idosch(a)nvidia.com> ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Pass full DS field to ip_route_input() Peilin He <he.peilin(a)zte.com.cn> net/ipv4: add tracepoint for icmp_send Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> afs: Make it possible to find the volumes that are using a server David Howells <dhowells(a)redhat.com> rxrpc: rxperf: Fix missing decoding of terminal magic cookie Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix AH static rate parsing Or Har-Toov <ohartoov(a)nvidia.com> IB/core: Add support for XDR link speed Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Handle -ETIMEDOUT return from tlshd Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Stephen Brennan <stephen.s.brennan(a)oracle.com> SUNRPC: convert RPC_TASK_* constants to enum Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Prepare to introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce ufshcd_has_pending_tasks() Bean Huo <beanhuo(a)micron.com> scsi: ufs: core: Add UFS RTC support Bean Huo <beanhuo(a)micron.com> scsi: ufs: core: Add ufshcd_is_ufs_dev_busy() Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Allocate PAGE aligned doorbell index Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 5 + Makefile | 4 +- arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 5 + arch/riscv/include/asm/futex.h | 2 +- arch/riscv/include/asm/kvm_host.h | 8 +- arch/riscv/kernel/signal.c | 6 - arch/riscv/kvm/vcpu.c | 48 +- arch/riscv/kvm/vcpu_sbi.c | 7 +- arch/riscv/kvm/vcpu_sbi_hsm.c | 45 +- arch/riscv/kvm/vcpu_sbi_replace.c | 15 +- arch/x86/Kconfig | 26 +- arch/x86/events/core.c | 2 +- arch/x86/include/asm/apic.h | 5 +- arch/x86/include/asm/cpu.h | 20 +- arch/x86/include/asm/microcode.h | 18 +- arch/x86/kernel/apic/apic_flat_64.c | 2 + arch/x86/kernel/apic/ipi.c | 8 + arch/x86/kernel/apic/x2apic_cluster.c | 1 + arch/x86/kernel/apic/x2apic_phys.c | 1 + arch/x86/kernel/cpu/common.c | 12 - arch/x86/kernel/cpu/cyrix.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 650 ++++++++++++------ arch/x86/kernel/cpu/microcode/amd_shas.c | 444 +++++++++++++ arch/x86/kernel/cpu/microcode/core.c | 723 +++++++++++++-------- arch/x86/kernel/cpu/microcode/intel.c | 706 ++++++-------------- arch/x86/kernel/cpu/microcode/internal.h | 49 +- arch/x86/kernel/head32.c | 3 + arch/x86/kernel/head_32.S | 10 - arch/x86/kernel/nmi.c | 9 +- arch/x86/kernel/smpboot.c | 12 +- drivers/firmware/cirrus/cs_dsp.c | 24 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 +- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 +- drivers/i2c/busses/i2c-ls2x.c | 16 +- drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/core/sysfs.c | 4 + drivers/infiniband/core/uverbs_std_types_device.c | 3 +- drivers/infiniband/core/verbs.c | 3 + drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/ah.c | 3 +- drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/qp.c | 10 +- drivers/infiniband/hw/mlx5/qp.h | 1 + drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 100 ++- drivers/net/ethernet/google/gve/gve.h | 10 + drivers/net/ethernet/google/gve/gve_main.c | 6 +- drivers/net/ethernet/intel/ice/ice.h | 1 + drivers/net/ethernet/intel/ice/ice_common.c | 65 +- drivers/net/ethernet/intel/ice/ice_devids.h | 10 +- drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 24 +- drivers/net/ethernet/intel/ice/ice_hw_autogen.h | 55 +- drivers/net/ethernet/intel/ice/ice_lib.c | 3 + drivers/net/ethernet/intel/ice/ice_main.c | 37 +- drivers/net/ethernet/intel/ice/ice_sriov.c | 4 +- drivers/net/ethernet/intel/ice/ice_type.h | 3 +- drivers/net/ethernet/intel/ice/ice_vf_lib.c | 34 +- .../net/ethernet/intel/ice/ice_vf_lib_private.h | 1 + drivers/net/ethernet/intel/ice/ice_vf_mbx.c | 32 + drivers/net/ethernet/intel/ice/ice_vf_mbx.h | 9 + drivers/net/ethernet/intel/ice/ice_virtchnl.c | 8 +- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 29 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- drivers/net/ethernet/ti/icssg/icss_iep.c | 35 +- drivers/net/ipvlan/ipvlan_core.c | 24 +- drivers/net/loopback.c | 14 + drivers/net/usb/gl620a.c | 4 +- drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/platform/x86/intel/ifs/load.c | 8 +- drivers/scsi/scsi_lib.c | 14 +- drivers/ufs/core/ufs_bsg.c | 6 +- drivers/ufs/core/ufshcd-priv.h | 5 + drivers/ufs/core/ufshcd.c | 122 +++- fs/afs/cell.c | 1 + fs/afs/internal.h | 23 +- fs/afs/server.c | 1 + fs/afs/server_list.c | 114 +++- fs/afs/vl_alias.c | 2 +- fs/afs/volume.c | 36 +- fs/overlayfs/copy_up.c | 2 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/rcuref.h | 9 +- include/linux/sunrpc/sched.h | 17 +- include/net/dst.h | 9 + include/net/ip.h | 5 + include/net/route.h | 5 +- include/rdma/ib_verbs.h | 2 + include/trace/events/icmp.h | 67 ++ include/trace/events/sunrpc.h | 3 +- include/uapi/rdma/ib_user_ioctl_verbs.h | 3 +- include/ufs/ufs.h | 13 + include/ufs/ufshcd.h | 4 + io_uring/net.c | 4 +- kernel/events/core.c | 31 +- kernel/events/uprobes.c | 5 + kernel/sched/core.c | 2 +- kernel/trace/ftrace.c | 27 +- kernel/trace/trace_events_hist.c | 34 +- lib/rcuref.c | 5 +- net/bluetooth/l2cap_core.c | 9 +- net/bridge/br_netfilter_hooks.c | 8 +- net/core/gro.c | 1 + net/core/skbuff.c | 2 +- net/core/sysctl_net_core.c | 3 +- net/ipv4/icmp.c | 24 +- net/ipv4/ip_options.c | 3 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/ip6_tunnel.c | 4 +- net/ipv6/rpl_iptunnel.c | 58 +- net/ipv6/seg6_iptunnel.c | 97 ++- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 15 +- net/rxrpc/rxperf.c | 12 + net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - net/sunrpc/xprtsock.c | 10 +- sound/pci/hda/patch_realtek.c | 32 +- sound/soc/codecs/es8328.c | 15 +- sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + tools/testing/selftests/rseq/rseq-riscv-bits.h | 6 +- tools/testing/selftests/rseq/rseq-riscv.h | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 2 +- tools/tracing/rtla/src/timerlat_top.c | 2 +- 132 files changed, 2912 insertions(+), 1569 deletions(-)

3 months, 1 week

10
13
0 0

[PATCH v2 0/6] drm/v3d: Fix GPU reset issues on the Raspberry Pi 5

by Maíra Canal

This series addresses GPU reset issues reported in [1], where running a long compute job would trigger repeated GPU resets, leading to a UI freeze. Patches #1 and #2 prevent the same faulty job from being resubmitted in a loop, mitigating the first cause of the issue. However, the issue isn't entirely solved. Even with only a single GPU reset, the UI still freezes on the Raspberry Pi 5, indicating a GPU hang. Patches #3 to #5 address this by properly configuring the V3D_SMS registers, which are required for power management and resets in V3D 7.1. Patch #6 updates the DT maintainership, replacing Emma with the current v3d driver maintainer. [1] https://github.com/raspberrypi/linux/issues/6660 Best Regards, - Maíra --- v1 -> v2: - [1/6, 2/6, 5/6] Add Iago's R-b (Iago Toral) - [3/6] Use V3D_GEN_* macros consistently throughout the driver (Phil Elwell) - [3/6] Don't add Iago's R-b in 3/6 due to changes in the patch - [4/6] Add per-compatible restrictions to enforce per‐SoC register rules (Conor Dooley) - [6/6] Add Emma's A-b, collected through IRC (Emma Anholt) - [6/6] Add Rob's A-b (Rob Herring) - Link to v1: https://lore.kernel.org/r/20250226-v3d-gpu-reset-fixes-v1-0-83a969fdd9c1@ig… --- Maíra Canal (6): drm/v3d: Don't run jobs that have errors flagged in its fence drm/v3d: Set job pointer to NULL when the job's fence has an error drm/v3d: Associate a V3D tech revision to all supported devices dt-bindings: gpu: v3d: Add SMS to the registers' list drm/v3d: Use V3D_SMS registers for power on/off and reset on V3D 7.x dt-bindings: gpu: Add V3D driver maintainer as DT maintainer .../devicetree/bindings/gpu/brcm,bcm-v3d.yaml | 62 +++++++++- drivers/gpu/drm/v3d/v3d_debugfs.c | 126 ++++++++++----------- drivers/gpu/drm/v3d/v3d_drv.c | 62 +++++++++- drivers/gpu/drm/v3d/v3d_drv.h | 22 +++- drivers/gpu/drm/v3d/v3d_gem.c | 27 ++++- drivers/gpu/drm/v3d/v3d_irq.c | 6 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 4 +- drivers/gpu/drm/v3d/v3d_regs.h | 26 +++++ drivers/gpu/drm/v3d/v3d_sched.c | 29 ++++- 9 files changed, 271 insertions(+), 93 deletions(-) --- base-commit: 2c7aafc05c8330be4c5f0092b79843507a5e1023 change-id: 20250224-v3d-gpu-reset-fixes-2d21fc70711d

3 months, 1 week

1
1
0 0

[REGRESSION] Long boot times due to USB enumeration

by Seïfane Idouchach

Dear all, I am reporting what I believe to be regression due to c0a40097f0bc81deafc15f9195d1fb54595cd6d0. After this change I am experiencing long boot times on a setup that has what seems like a bad usb. The progress of the boot gets halted while retrying (and ultimately failing) to enumerate the USB device and is only allowed to continue after giving up enumerating the USB device. On Arch Linux this manifests itself by a message from SystemD having a wait job on journald. Journald starts just after the enumeration fails with "unable to enumerate USB device". This results in longer boot times on average 1 minute longer than usual (usually around 10s). No stable kernel before this change exhibits the issue all stable kernels after this change exhibit the issue. See the related USB messages attached below (these messages are continuous and have not been snipped) : [...] [ 9.640854] usb 1-9: device descriptor read/64, error -110 [ 25.147505] usb 1-9: device descriptor read/64, error -110 [ 25.650779] usb 1-9: new high-speed USB device number 5 using xhci_hcd [ 30.907482] usb 1-9: device descriptor read/64, error -110 [ 46.480900] usb 1-9: device descriptor read/64, error -110 [ 46.589883] usb usb1-port9: attempt power cycle [ 46.990815] usb 1-9: new high-speed USB device number 6 using xhci_hcd [ 51.791571] usb 1-9: Device not responding to setup address. [ 56.801594] usb 1-9: Device not responding to setup address. [ 57.010803] usb 1-9: device not accepting address 6, error -71 [ 57.137485] usb 1-9: new high-speed USB device number 7 using xhci_hcd [ 61.937624] usb 1-9: Device not responding to setup address. [ 66.947485] usb 1-9: Device not responding to setup address. [ 67.154086] usb 1-9: device not accepting address 7, error -71 [ 67.156426] usb usb1-port9: unable to enumerate USB device [...] This issue does not manifest in 44a45be57f85. I am available to test any patches to address this on my system since I understand this could be quite hard to replicate on any system. I am available to provide more information if I am able or with guidance to help troubleshoot the issue further. Wishing you all a good day. #regzbot introduced: c0a40097f0bc81deafc15f9195d1fb54595cd6d0

3 months, 1 week

2
6
0 0

[PATCH] x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes

by Florent Revest

Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditonally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: "Some memory may share the same node as a CPU, and others are provided as memory only nodes." Therefore, some node CPU masks may be empty and wouldn't have a "first CPU". On a machine with far memory (and therefore CPU-less NUMA nodes): - cpumask_of_node(nid) is 0 - cpumask_first(0) is CONFIG_NR_CPUS - cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds This does not have any security implications since flashing microcode is a privileged operation but I believe this has reliability implications by potentially corrupting memory while flashing a microcode update. When booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes a microcode update. I get the following splat: UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y index 512 is out of range for type 'unsigned long[512]' [...] Call Trace: dump_stack+0xdb/0x143 __ubsan_handle_out_of_bounds+0xf5/0x120 load_microcode_amd+0x58f/0x6b0 request_microcode_amd+0x17c/0x250 reload_store+0x174/0x2b0 kernfs_fop_write_iter+0x227/0x2d0 vfs_write+0x322/0x510 ksys_write+0xb5/0x160 do_syscall_64+0x6b/0xa0 entry_SYSCALL_64_after_hwframe+0x67/0xd1 This patch checks that a NUMA node has CPUs before attempting to update its first CPU's microcode. Fixes: 7ff6edf4fef3 ("x86/microcode/AMD: Fix mixed steppings support") Signed-off-by: Florent Revest <revest(a)chromium.org> Cc: stable(a)vger.kernel.org --- arch/x86/kernel/cpu/microcode/amd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index 95ac1c6a84fbe..7c06425edc1b5 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -1059,6 +1059,7 @@ static enum ucode_state _load_microcode_amd(u8 family, const u8 *data, size_t si static enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t size) { + const struct cpumask *mask; struct cpuinfo_x86 *c; unsigned int nid, cpu; struct ucode_patch *p; @@ -1069,7 +1070,11 @@ static enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t siz return ret; for_each_node(nid) { - cpu = cpumask_first(cpumask_of_node(nid)); + mask = cpumask_of_node(nid); + if (cpumask_empty(mask)) + continue; + + cpu = cpumask_first(mask); c = &cpu_data(cpu); p = find_patch(cpu); -- 2.49.0.rc0.332.g42c0ae87b1-goog

3 months, 1 week

5
7
0 0

Apply 0c5928deada1 for 6.12.y and 6.13.y

by Miguel Ojeda

Hi Greg, Sasha, Please consider applying the following commits for 6.12.y and 6.13.y: 0c5928deada1 ("rust: block: fix formatting in GenDisk doc") It is trivial, and should apply cleanly. This avoids a Clippy warning in the upcoming Rust 1.86.0 release (to be released in a few weeks). Thanks! Cheers, Miguel

3 months, 1 week

2
1
0 0

Linux 6.12.18

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.18 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/include/asm/kvm_host.h | 2 arch/arm64/kvm/arm.c | 22 arch/arm64/kvm/vmid.c | 11 arch/arm64/mm/init.c | 7 arch/riscv/include/asm/futex.h | 2 arch/riscv/kernel/cacheinfo.c | 12 arch/riscv/kernel/cpufeature.c | 2 arch/riscv/kernel/setup.c | 2 arch/riscv/kernel/signal.c | 6 arch/riscv/kvm/vcpu_sbi_hsm.c | 11 arch/riscv/kvm/vcpu_sbi_replace.c | 15 arch/x86/Kconfig | 1 arch/x86/events/core.c | 2 arch/x86/kernel/cpu/cyrix.c | 4 arch/x86/kernel/cpu/microcode/amd.c | 283 +++++-- arch/x86/kernel/cpu/microcode/amd_shas.c | 444 ++++++++++++ arch/x86/kernel/cpu/microcode/internal.h | 2 block/blk-zoned.c | 76 +- drivers/firmware/cirrus/cs_dsp.c | 24 drivers/firmware/efi/mokvar-table.c | 42 - drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v10.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 69 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 drivers/gpu/drm/xe/xe_oa.c | 657 ++++++++++-------- drivers/gpu/drm/xe/xe_oa_types.h | 6 drivers/gpu/drm/xe/xe_vm.c | 40 - drivers/i2c/busses/i2c-ls2x.c | 16 drivers/i2c/busses/i2c-npcm7xx.c | 7 drivers/idle/intel_idle.c | 4 drivers/infiniband/hw/bnxt_re/bnxt_re.h | 18 drivers/infiniband/hw/bnxt_re/hw_counters.c | 4 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 46 - drivers/infiniband/hw/bnxt_re/main.c | 153 ++-- drivers/infiniband/hw/bnxt_re/qplib_res.c | 7 drivers/infiniband/hw/bnxt_re/qplib_res.h | 12 drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 drivers/infiniband/hw/bnxt_re/qplib_sp.h | 3 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 64 + drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 drivers/infiniband/hw/mana/main.c | 2 drivers/infiniband/hw/mlx5/ah.c | 3 drivers/infiniband/hw/mlx5/counters.c | 8 drivers/infiniband/hw/mlx5/mr.c | 16 drivers/infiniband/hw/mlx5/odp.c | 1 drivers/infiniband/hw/mlx5/qp.c | 10 drivers/infiniband/hw/mlx5/qp.h | 1 drivers/infiniband/hw/mlx5/umr.c | 83 +- drivers/iommu/intel/dmar.c | 1 drivers/iommu/intel/iommu.c | 10 drivers/md/dm-integrity.c | 8 drivers/md/dm-vdo/dedupe.c | 1 drivers/net/dsa/realtek/Kconfig | 6 drivers/net/dsa/realtek/Makefile | 3 drivers/net/dsa/realtek/rtl8366rb-leds.c | 177 ++++ drivers/net/dsa/realtek/rtl8366rb.c | 258 ------- drivers/net/dsa/realtek/rtl8366rb.h | 107 ++ drivers/net/ethernet/cadence/macb.h | 2 drivers/net/ethernet/cadence/macb_main.c | 12 drivers/net/ethernet/freescale/enetc/enetc.c | 103 ++ drivers/net/ethernet/freescale/enetc/enetc_ethtool.c | 7 drivers/net/ethernet/intel/ice/ice.h | 1 drivers/net/ethernet/intel/ice/ice_eswitch.c | 3 drivers/net/ethernet/intel/ice/ice_hw_autogen.h | 3 drivers/net/ethernet/intel/ice/ice_lib.c | 3 drivers/net/ethernet/intel/ice/ice_main.c | 24 drivers/net/ethernet/intel/ice/ice_sriov.c | 4 drivers/net/ethernet/intel/ice/ice_vf_lib.c | 34 drivers/net/ethernet/intel/ice/ice_vf_lib_private.h | 1 drivers/net/ethernet/intel/ice/ice_vf_mbx.c | 32 drivers/net/ethernet/intel/ice/ice_vf_mbx.h | 9 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 8 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 drivers/net/ethernet/ti/Kconfig | 1 drivers/net/ethernet/ti/icssg/icss_iep.c | 21 drivers/net/ipvlan/ipvlan_core.c | 22 drivers/net/loopback.c | 14 drivers/net/phy/qcom/qca807x.c | 2 drivers/net/usb/gl620a.c | 4 drivers/phy/rockchip/Kconfig | 1 drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 drivers/phy/samsung/phy-exynos5-usbdrd.c | 25 drivers/phy/tegra/xusb-tegra186.c | 11 drivers/scsi/scsi_lib.c | 14 drivers/thermal/gov_bang_bang.c | 11 drivers/thermal/gov_fair_share.c | 16 drivers/thermal/gov_power_allocator.c | 71 + drivers/thermal/gov_step_wise.c | 16 drivers/thermal/thermal_core.c | 33 drivers/thermal/thermal_core.h | 5 drivers/thermal/thermal_helpers.c | 5 drivers/thermal/thermal_of.c | 53 - drivers/ufs/core/ufs_bsg.c | 6 drivers/ufs/core/ufshcd.c | 38 - fs/afs/server.c | 3 fs/afs/server_list.c | 4 fs/nfs/delegation.c | 37 + fs/nfs/delegation.h | 1 fs/nfs/direct.c | 23 fs/nfs/nfs4proc.c | 3 fs/overlayfs/copy_up.c | 2 include/asm-generic/vmlinux.lds.h | 2 include/linux/blkdev.h | 7 include/linux/compiler-gcc.h | 12 include/linux/compiler.h | 39 - include/linux/rcuref.h | 9 include/linux/socket.h | 2 include/linux/sunrpc/sched.h | 3 include/net/ip.h | 5 include/net/route.h | 5 include/sound/cs35l56.h | 31 include/trace/events/afs.h | 2 include/trace/events/sunrpc.h | 3 io_uring/net.c | 4 kernel/events/core.c | 31 kernel/events/uprobes.c | 5 kernel/sched/core.c | 2 kernel/sched/ext.c | 11 kernel/trace/ftrace.c | 27 kernel/trace/trace_events_hist.c | 30 lib/rcuref.c | 5 net/bluetooth/l2cap_core.c | 9 net/bridge/br_netfilter_hooks.c | 8 net/core/gro.c | 1 net/core/scm.c | 10 net/core/skbuff.c | 2 net/core/sysctl_net_core.c | 3 net/ipv4/icmp.c | 19 net/ipv4/ip_options.c | 3 net/ipv4/tcp.c | 26 net/ipv4/tcp_minisocks.c | 10 net/ipv6/ip6_tunnel.c | 4 net/ipv6/rpl_iptunnel.c | 14 net/ipv6/seg6_iptunnel.c | 14 net/mptcp/pm_netlink.c | 5 net/mptcp/subflow.c | 15 net/rxrpc/rxperf.c | 12 net/sunrpc/cache.c | 10 net/sunrpc/sched.c | 2 net/sunrpc/xprtsock.c | 10 security/integrity/ima/ima.h | 3 security/integrity/ima/ima_main.c | 7 security/landlock/net.c | 3 sound/pci/hda/cs35l56_hda_spi.c | 3 sound/pci/hda/patch_realtek.c | 2 sound/soc/codecs/cs35l56-shared.c | 80 ++ sound/soc/codecs/cs35l56-spi.c | 3 sound/soc/codecs/es8328.c | 15 sound/soc/fsl/fsl_sai.c | 6 sound/soc/fsl/imx-audmix.c | 4 sound/usb/midi.c | 2 sound/usb/quirks.c | 1 tools/objtool/check.c | 50 - tools/objtool/include/objtool/special.h | 2 tools/testing/selftests/drivers/net/queues.py | 7 tools/testing/selftests/landlock/common.h | 1 tools/testing/selftests/landlock/config | 2 tools/testing/selftests/landlock/net_test.c | 124 +++ tools/testing/selftests/rseq/rseq-riscv-bits.h | 6 tools/testing/selftests/rseq/rseq-riscv.h | 2 173 files changed, 2929 insertions(+), 1406 deletions(-) Adrien Vergé (1): ALSA: hda/realtek: Fix microphone regression on ASUS N705UD Alex Deucher (1): drm/amdgpu: disable BAR resize on Dell G5 SE Andreas Schwab (1): riscv/futex: sign extend compare value in atomic cmpxchg Andrew Jones (4): riscv: KVM: Fix hart suspend status check riscv: KVM: Fix hart suspend_type use riscv: KVM: Fix SBI IPI error generation riscv: KVM: Fix SBI TIME error generation André Draszik (1): phy: exynos5-usbdrd: gs101: ensure power is gated to SS phy in phy_exit() Ard Biesheuvel (2): objtool: Fix C jump table annotations for Clang vmlinux.lds: Ensure that const vars with relocations are mapped R/O Arnd Bergmann (2): sunrpc: suppress warnings for unused procfs functions phy: rockchip: fix Kconfig dependency more Arthur Simchaev (1): scsi: ufs: core: bsg: Fix crash when arpmb command fails Ashutosh Dixit (4): drm/xe/oa: Signal output fences drm/xe/oa: Move functions up so they can be reused for config ioctl drm/xe/oa: Add syncs support to OA config ioctl drm/xe/oa: Allow only certain property changes from config BH Hsieh (1): phy: tegra: xusb: reset VBUS & ID OVERRIDE Bart Van Assche (1): scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() Benjamin Coddington (1): SUNRPC: Handle -ETIMEDOUT return from tlshd Binbin Zhou (1): i2c: ls2x: Fix frequency division register access Borislav Petkov (AMD) (7): x86/microcode/AMD: Have __apply_microcode_amd() return bool x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations x86/microcode/AMD: Merge early_apply_microcode() into its single callsite x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration x86/microcode/AMD: Add get_patch_level() x86/microcode/AMD: Load only SHA256-checksummed patches Breno Leitao (1): perf/core: Add RCU read lock protection to perf_iterate_ctx() Chancel Liu (1): ASoC: fsl: Rename stream name of SAI DAI driver Chukun Pan (1): phy: rockchip: naneng-combphy: compatible reset with old DT Clément Léger (1): riscv: cpufeature: use bitmap_equal() instead of memcmp() Damien Le Moal (1): block: Remove zone write plugs when handling native zone append writes David Howells (3): rxrpc: rxperf: Fix missing decoding of terminal magic cookie afs: Fix the server_list to unuse a displaced server rather than putting it afs: Give an afs_server object a ref on the afs_cell object it points to David Yat Sin (1): drm/amdkfd: Preserve cp_hqd_pq_control on update_mqd Dmitry Panchenko (1): ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Eric Dumazet (2): ipvlan: ensure network headers are in skb linear part idpf: fix checksums set in idpf_rx_rsc() George Moussalem (1): net: phy: qcom: qca807x fix condition for DAC_DSP_BIAS_CURRENT Greg Kroah-Hartman (1): Linux 6.12.18 Guillaume Nault (3): ipv4: Convert icmp_route_lookup() to dscp_t. ipv4: Convert ip_route_input() to dscp_t. ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Harshal Chaudhari (1): net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Ido Schimmel (1): net: loopback: Avoid sending IP packets without an Ethernet header Jerry Snitselaar (1): iommu/vt-d: Remove device comparison in context_setup_pass_through_cb Jiri Slaby (SUSE) (1): net: set the minimum for net_hotdata.netdev_budget_usecs Joe Damato (1): selftests: drv-net: Check if combined-count exists Junxian Huang (1): RDMA/hns: Fix mbox timing out by adding retry mechanism Justin Iurman (2): net: ipv6: fix dst ref loop on input in seg6 lwt net: ipv6: fix dst ref loop on input in rpl lwt Kalesh AP (5): RDMA/bnxt_re: Fail probe early when not enough MSI-x vectors are reserved RDMA/bnxt_re: Refactor NQ allocation RDMA/bnxt_re: Cache MSIx info to a local structure RDMA/bnxt_re: Add sanity checks on rdev validity RDMA/bnxt_re: Allocate dev_attr information dynamically Kan Liang (2): perf/x86: Fix low freqency setting issue perf/core: Fix low freq setting via IOC_PERIOD Kashyap Desai (1): RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers Kaustabh Chakraborty (1): phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk Ken Raeburn (1): dm vdo: add missing spin_lock_init Konstantin Taranov (1): RDMA/mana_ib: Allocate PAGE aligned doorbell index Krzysztof Kozlowski (1): thermal: of: Simplify thermal_of_should_bind with scoped for each OF child Linus Walleij (1): net: dsa: rtl8366rb: Fix compilation problem Lu Baolu (1): iommu/vt-d: Fix suspicious RCU usage Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Luo Gengkun (1): perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Manivannan Sadhasivam (1): scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() Marcin Szycik (2): ice: Fix deinitializing VF in error path ice: Avoid setting default Rx VSI twice in switchdev setup Mark Zhang (1): IB/mlx5: Set and get correct qp_num for a DCT QP Matthew Auld (2): drm/xe/userptr: restore invalidation list on error drm/xe/userptr: fix EFAULT handling Matthieu Baerts (NGI0) (1): mptcp: reset when MPTCP opts are dropped after join Meghana Malladi (1): net: ti: icss-iep: Reject perout generation request Mikhail Ivanov (3): landlock: Fix non-TCP sockets restriction selftests/landlock: Test that MPTCP actions are not restricted selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP Milan Broz (1): dm-integrity: Avoid divide by zero in table status in Inline mode Mingcong Bai (1): drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size) Mohammad Heib (1): net: Clear old fragment checksum value in napi_reuse_skb Nicolas Frattaroli (1): ASoC: es8328: fix route from DAC to output Nikita Zhandarovich (1): usbnet: gl620a: fix endpoint checking in genelink_bind() Nikolay Borisov (1): x86/microcode/AMD: Return bool from find_blobs_in_containers() Nikolay Kuratov (1): ftrace: Avoid potential division by zero in function_stat_show() Oliver Upton (1): KVM: arm64: Ensure a VMID is allocated before programming VTTBR_EL2 Paolo Abeni (1): mptcp: always handle address removal under msk socket lock Patrisious Haddad (2): RDMA/mlx5: Fix AH static rate parsing RDMA/mlx5: Fix bind QP error cleanup flow Paul Greenwalt (1): ice: add E830 HW VF mailbox message limit support Pavel Begunkov (1): io_uring/net: save msg_control for compat Peter Jones (1): efi: Don't map the entire mokvar table to determine its size Peter Zijlstra (2): unreachable: Unify objtool: Remove annotate_{,un}reachable() Philo Lu (1): ipvs: Always clear ipvs_property flag in skb_scrub_packet() Pierre-Eric Pelloux-Prayer (1): drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Qunqin Zhao (1): net: stmmac: dwmac-loongson: Add fix_soc_reset() callback Rafael J. Wysocki (3): thermal/of: Fix cdev lookup in thermal_of_should_bind() thermal: core: Move lists of thermal instances to trip descriptors thermal: gov_power_allocator: Add missing NULL pointer check Richard Fitzgerald (2): firmware: cs_dsp: Remove async regmap writes ASoC: cs35l56: Prevent races when soft-resetting using SPI control Rob Herring (1): riscv: cacheinfo: Use of_property_present() for non-boolean properties Roberto Sassu (1): ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Roman Li (1): drm/amd/display: Fix HPD after gpu reset Russell Senior (1): x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ryan Roberts (1): arm64/mm: Fix Boot panic on Ampere Altra Sascha Hauer (1): net: ethernet: ti: am65-cpsw: select PAGE_POOL Sean Anderson (1): net: cadence: macb: Synchronize stats calculations Selvin Xavier (1): RDMA/bnxt_re: Fix the statistics for Gen P7 VF Shay Drory (1): net/mlx5: IRQ, Fix null string in debug print Stafford Horne (1): rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm Stanislav Fomichev (1): tcp: devmem: don't write truncated dmabuf CMSGs to userspace Steven Rostedt (1): tracing: Fix bad hist from corrupting named_triggers list Takashi Iwai (2): ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 Tejun Heo (1): sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() Thomas Gleixner (3): intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly rcuref: Plug slowpath race in rcuref_put() sched/core: Prevent rescheduling when interrupts are disabled Tom Chung (1): drm/amd/display: Disable PSR-SU on eDP panels Tong Tiangen (1): uprobes: Reject the shared zeropage in uprobe_write_opcode() Trond Myklebust (4): NFS: O_DIRECT writes must check and adjust the file length NFS: Adjust delegated timestamps for O_DIRECT reads and writes SUNRPC: Prevent looping due to rpc_signal_task() races NFSv4: Fix a deadlock when recovering state on a sillyrenamed file Tyrone Ting (1): i2c: npcm: disable interrupt enable bit before devm_request_irq Umesh Nerlige Ramappa (1): drm/xe/oa: Allow oa_exponent value of 0 Vasiliy Kovalev (1): ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Wang Hai (1): tcp: Defer ts_recent changes until req is owned Wei Fang (6): net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC net: enetc: update UDP checksum when updating originTimestamp field net: enetc: correct the xdp_tx statistics net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Ye Bin (1): scsi: core: Clear driver private data when retrying request Yilin Chen (1): drm/amd/display: add a quirk to enable eDP0 on DP1 Yishai Hadas (4): RDMA/mlx5: Fix the recovery flow of the UMR QP RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error RDMA/mlx5: Fix a WARN during dereg_mr for DM type RDMA/mlx5: Fix implicit ODP hang on parent deregistration Yong-Xuan Wang (2): riscv: signal: fix signal frame size riscv: signal: fix signal_minsigstksz Yu-Che Cheng (2): thermal: gov_power_allocator: Fix incorrect calculation in divvy_up_power() thermal: gov_power_allocator: Update total_weight on bind and cdev updates chr[] (1): amdgpu/pm/legacy: fix suspend/resume issues

3 months, 1 week

3
3
0 0

[PATCH] jffs2: check that raw node were preallocated before writing summary

by Artem Sadovnikov

Syzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault injection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doesn't check return value of jffs2_prealloc_raw_node_refs and simply lets any error propagate into jffs2_sum_write_data, which eventually calls jffs2_link_node_ref in order to link the summary to an expectedly allocated node. kernel BUG at fs/jffs2/nodelist.c:592! invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 1 PID: 31277 Comm: syz-executor.7 Not tainted 6.1.128-syzkaller-00139-ge10f83ca10a1 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:jffs2_link_node_ref+0x570/0x690 fs/jffs2/nodelist.c:592 Call Trace: <TASK> jffs2_sum_write_data fs/jffs2/summary.c:841 [inline] jffs2_sum_write_sumnode+0xd1a/0x1da0 fs/jffs2/summary.c:874 jffs2_do_reserve_space+0xa18/0xd60 fs/jffs2/nodemgmt.c:388 jffs2_reserve_space+0x55f/0xaa0 fs/jffs2/nodemgmt.c:197 jffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362 jffs2_write_end+0x726/0x15d0 fs/jffs2/file.c:301 generic_perform_write+0x314/0x5d0 mm/filemap.c:3856 __generic_file_write_iter+0x2ae/0x4d0 mm/filemap.c:3973 generic_file_write_iter+0xe3/0x350 mm/filemap.c:4005 call_write_iter include/linux/fs.h:2265 [inline] do_iter_readv_writev+0x20f/0x3c0 fs/read_write.c:735 do_iter_write+0x186/0x710 fs/read_write.c:861 vfs_iter_write+0x70/0xa0 fs/read_write.c:902 iter_file_splice_write+0x73b/0xc90 fs/splice.c:685 do_splice_from fs/splice.c:763 [inline] direct_splice_actor+0x10c/0x170 fs/splice.c:950 splice_direct_to_actor+0x337/0xa10 fs/splice.c:896 do_splice_direct+0x1a9/0x280 fs/splice.c:1002 do_sendfile+0xb13/0x12c0 fs/read_write.c:1255 __do_sys_sendfile64 fs/read_write.c:1323 [inline] __se_sys_sendfile64 fs/read_write.c:1309 [inline] __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Fix this issue by checking return value of jffs2_prealloc_raw_node_refs before calling jffs2_sum_write_data. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 2f785402f39b ("[JFFS2] Reduce visibility of raw_node_ref to upper layers of JFFS2 code.") Signed-off-by: Artem Sadovnikov <a.sadovnikov(a)ispras.ru> --- fs/jffs2/summary.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/jffs2/summary.c b/fs/jffs2/summary.c index 4fe64519870f1..d83372d3e1a07 100644 --- a/fs/jffs2/summary.c +++ b/fs/jffs2/summary.c @@ -858,7 +858,10 @@ int jffs2_sum_write_sumnode(struct jffs2_sb_info *c) spin_unlock(&c->erase_completion_lock); jeb = c->nextblock; - jffs2_prealloc_raw_node_refs(c, jeb, 1); + ret = jffs2_prealloc_raw_node_refs(c, jeb, 1); + + if (ret) + goto out; if (!c->summary->sum_num || !c->summary->sum_list_head) { JFFS2_WARNING("Empty summary info!!!\n"); @@ -872,6 +875,8 @@ int jffs2_sum_write_sumnode(struct jffs2_sb_info *c) datasize += padsize; ret = jffs2_sum_write_data(c, jeb, infosize, datasize, padsize); + +out: spin_lock(&c->erase_completion_lock); return ret; } -- 2.43.0

3 months, 1 week

2
1
0 0

[PATCH net v2] netmem: prevent TX of unreadable skbs

by Mina Almasry

Currently on stable trees we have support for netmem/devmem RX but not TX. It is not safe to forward/redirect an RX unreadable netmem packet into the device's TX path, as the device may call dma-mapping APIs on dma addrs that should not be passed to it. Fix this by preventing the xmit of unreadable skbs. Tested by configuring tc redirect: sudo tc qdisc add dev eth1 ingress sudo tc filter add dev eth1 ingress protocol ip prio 1 flower ip_proto \ tcp src_ip 192.168.1.12 action mirred egress redirect dev eth1 Before, I see unreadable skbs in the driver's TX path passed to dma mapping APIs. After, I don't see unreadable skbs in the driver's TX path passed to dma mapping APIs. Fixes: 65249feb6b3d ("net: add support for skbs with unreadable frags") Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Mina Almasry <almasrymina(a)google.com> --- v2: https://lore.kernel.org/netdev/20250305191153.6d899a00@kernel.org/ - Put unreadable check at the top (Jakub) --- net/core/dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index 30da277c5a6f..2f7f5fd9ffec 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3872,6 +3872,9 @@ static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device { netdev_features_t features; + if (!skb_frags_readable(skb)) + goto out_kfree_skb; + features = netif_skb_features(skb); skb = validate_xmit_vlan(skb, features); if (unlikely(!skb)) base-commit: f315296c92fd4b7716bdea17f727ab431891dc3b -- 2.49.0.rc0.332.g42c0ae87b1-goog

3 months, 1 week

2
1
0 0

[PATCH v3] mm/migrate: fix shmem xarray update during migration

by Zi Yan

A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, folio->mapping should be NULL, and the folio is no longer in a shmem mapping. In __folio_migrate_mapping(), to determine the number of xarray entries to update, folio_test_swapbacked() is used, but that conflates shmem in page cache case and shmem in swap cache case. It leads to xarray multi-index entry corruption, since it turns a sibling entry to a normal entry during xas_store() (see [1] for a userspace reproduction). Fix it by only using folio_test_swapcache() to determine whether xarray is storing swap cache entries or not to choose the right number of xarray entries to update. [1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/ Note: In __split_huge_page(), folio_test_anon() && folio_test_swapcache() is used to get swap_cache address space, but that ignores the shmem folio in swap cache case. It could lead to NULL pointer dereferencing when a in-swap-cache shmem folio is split at __xa_store(), since !folio_test_anon() is true and folio->mapping is NULL. But fortunately, its caller split_huge_page_to_list_to_order() bails out early with EBUSY when folio->mapping is NULL. So no need to take care of it here. Fixes: fc346d0a70a1 ("mm: migrate high-order folios in swap cache correctly") Reported-by: Liu Shixin <liushixin2(a)huawei.com> Closes: https://lore.kernel.org/all/28546fb4-5210-bf75-16d6-43e1f8646080@huawei.com/ Suggested-by: Hugh Dickins <hughd(a)google.com> Signed-off-by: Zi Yan <ziy(a)nvidia.com> Cc: stable(a)vger.kernel.org --- mm/migrate.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/mm/migrate.c b/mm/migrate.c index fb4afd31baf0..c0adea67cd62 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -518,15 +518,13 @@ static int __folio_migrate_mapping(struct address_space *mapping, if (folio_test_anon(folio) && folio_test_large(folio)) mod_mthp_stat(folio_order(folio), MTHP_STAT_NR_ANON, 1); folio_ref_add(newfolio, nr); /* add cache reference */ - if (folio_test_swapbacked(folio)) { + if (folio_test_swapbacked(folio)) __folio_set_swapbacked(newfolio); - if (folio_test_swapcache(folio)) { - folio_set_swapcache(newfolio); - newfolio->private = folio_get_private(folio); - } + if (folio_test_swapcache(folio)) { + folio_set_swapcache(newfolio); + newfolio->private = folio_get_private(folio); entries = nr; } else { - VM_BUG_ON_FOLIO(folio_test_swapcache(folio), folio); entries = 1; } -- 2.47.2

3 months, 1 week

4
3
0 0

[PATCH 6.1 000/161] 6.1.130-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.130 release. There are 161 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 08 Mar 2025 15:13:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.130-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.130-rc2 Fullway Wang <fullwaywang(a)outlook.com> media: mtk-vcodec: potential null pointer deference in SCP Quang Le <quanglex97(a)gmail.com> pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check the inode number is not the invalid value of zero Jiaxun Yang <jiaxun.yang(a)flygoat.com> mm/memory: Use exception ip to search exception tables Jiaxun Yang <jiaxun.yang(a)flygoat.com> ptrace: Introduce exception_ip arch hook Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Sohaib Nadeem <sohaib.nadeem(a)amd.com> drm/amd/display: fixed integer types and null check locations Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() David Howells <dhowells(a)redhat.com> mm: Don't pin ZERO_PAGE in pin_user_pages() Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Guillaume Nault <gnault(a)redhat.com> ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert ip_route_input() to dscp_t. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert icmp_route_lookup() to dscp_t. Ido Schimmel <idosch(a)nvidia.com> ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Pass full DS field to ip_route_input() Peilin He <he.peilin(a)zte.com.cn> net/ipv4: add tracepoint for icmp_send Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> afs: Make it possible to find the volumes that are using a server Colin Ian King <colin.i.king(a)gmail.com> afs: remove variable nr_servers Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Stephen Brennan <stephen.s.brennan(a)oracle.com> SUNRPC: convert RPC_TASK_* constants to enum Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP Xin Long <lucien.xin(a)gmail.com> netfilter: allow exp not to be removed in nf_ct_find_expectation Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Fix wrong register value written to MR Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Avoid overwriting delay register settings Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix bfqq uaf in bfq_limit_depth() Paolo Valente <paolo.valente(a)linaro.org> block, bfq: split sync bfq_queues on a per-actuator basis Patrick Bellasi <derkling(a)google.com> x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Steven Rostedt <rostedt(a)goodmis.org> ftrace: Do not add duplicate entries in subops manager ops Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ftrace: Correct preemption accounting for function tracing. Komal Bajaj <quic_kbajaj(a)quicinc.com> EDAC/qcom: Correct interrupt enable register configuration Haoxiang Li <haoxiang_li2024(a)163.com> smb: client: Add check for next_buffer in receive_encrypted_standard() Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: use dma_map_resource for sdma address Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> mtd: rawnand: cadence: fix error code in cadence_nand_init() Ricardo Cañuelo Navarro <rcn(a)igalia.com> mm,madvise,hugetlb: check for 0-length range after end address adjustment Christian Brauner <brauner(a)kernel.org> acct: block access to kernel internal filesystems Christian Brauner <brauner(a)kernel.org> acct: perform last write from workqueue John Veness <john-linux(a)pelago.org.uk> ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Wentao Liang <vulab(a)iscas.ac.cn> ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ASoC: fsl_micfil: Enable default case in micfil_set_quality() Haoxiang Li <haoxiang_li2024(a)163.com> nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> drop_monitor: fix incorrect initialization order Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix supplicant wait loop Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Make sure all planes in use by the joiner have their crtc included Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Disable dither in phys encoder cleanup Yan Zhai <yan(a)cloudflare.com> bpf: skip non exist keys in generic_map_lookup_batch Caleb Sander Mateos <csander(a)purestorage.com> nvme/ioctl: add missing space in err message Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields David Hildenbrand <david(a)redhat.com> nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() Andrey Vatoropin <a.vatoropin(a)crpt.ru> power: supply: da9150-fg: fix potential overflow Jiayuan Chen <mrpre(a)163.com> bpf: Fix wrong copied_seq calculation Jiayuan Chen <mrpre(a)163.com> strparser: Add read_sock callback Shigeru Yoshida <syoshida(a)redhat.com> bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> drm/rcar-du: dsi: Fix PHY lock bit check Devarsh Thakkar <devarsht(a)ti.com> drm/tidss: Fix race condition while handling interrupt registers Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Add simple K2G manual reset Sabrina Dubroca <sd(a)queasysnail.net> tcp: drop secpath at the same time as we currently drop dst Nick Hu <nick.hu(a)sifive.com> net: axienet: Set mac_managed_pm Breno Leitao <leitao(a)debian.org> arp: switch to dev_getbyhwaddr() in arp_req_set_public() Breno Leitao <leitao(a)debian.org> net: Add non-RCU dev_getbyhwaddr() helper Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix port range key handling in BPF conversion Cong Wang <xiyou.wangcong(a)gmail.com> flow_dissector: Fix handling of mixed port and port-range keys Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Kuniyuki Iwashima <kuniyu(a)amazon.com> gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Don't reference skb after sending to VIOS Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add stat for tx direct vs tx batched Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Introduce send sub-crq direct Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Return error code on TX scrq flush fail Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ALSA: hda/cirrus: Correct the full scale volume set logic Kuniyuki Iwashima <kuniyu(a)amazon.com> geneve: Fix use-after-free in geneve_find_dev(). Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Fixup ALC225 depop procedure Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s/mm: Move __real_pte stubs into hash-4k.h John Keeping <jkeeping(a)inmusicbrands.com> ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] Jill Donahue <jilliandonahue58(a)gmail.com> USB: gadget: f_midi: f_midi_complete to call queue_work Roy Luo <royluo(a)google.com> usb: gadget: core: flush gadget workqueue after device removal Roy Luo <royluo(a)google.com> USB: gadget: core: create sysfs link between udc and gadget Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Remove dangling pointers Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Only save async fh if success Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Refactor iterators Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix crash during unbind if gpio unit is in use Yang Yingliang <yangyingliang(a)huawei.com> media: Switch to use dev_err_probe() helper Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> soc/mediatek: mtk-devapc: Convert to platform remove callback returning void Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: mediatek: mtk-devapc: Fix leaking IO map on error paths AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled() Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Change to kvalloc() in eventlog/acpi.c Eddie James <eajames(a)linux.ibm.com> tpm: Use managed allocation for bios event log Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: Fix CDSP memory length Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: trim addresses to 8 digits Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183: Disable DSI display output by default Igor Pylypiv <ipylypiv(a)google.com> scsi: core: Do not retry I/Os during depopulation Douglas Gilbert <dgilbert(a)interlog.com> scsi: core: Handle depopulation and restoration in progress Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: renesas: rz-ssi: Add a check for negative sample_space Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-img: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-bdp: add missing dummy clk Daniel Golle <daniel(a)makrotopia.org> clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: clk-mtk: Add dummy clock ops Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix poor RF performance for WCN6855 Cheng Jiang <quic_chejiang(a)quicinc.com> Bluetooth: qca: Update firmware-name to support board specific nvm Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Support downloading board id specific NVM for WCN7850 Bence Csókás <csokas.bence(a)prolan.hu> spi: atmel-qspi: Memory barriers after memory-mapped I/O Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Yang Yingliang <yangyingliang(a)huawei.com> spi: atmel-quadspi: switch to use modern name Tudor Ambarus <tudor.ambarus(a)microchip.com> spi: atmel-quadspi: Add support for configuring CS timing Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Carlos Galo <carlosgalo(a)google.com> mm: update mark_victim tracepoints fields Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: add 'sync_size' into struct md_bitmap_stats Yu Kuai <yukuai3(a)huawei.com> md/md-cluster: fix spares warnings for __le64 Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings ------------- Diffstat: Documentation/core-api/pin_user_pages.rst | 6 + Documentation/networking/strparser.rst | 9 +- Makefile | 4 +- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 4 +- arch/arm64/include/asm/mman.h | 9 +- arch/mips/include/asm/ptrace.h | 2 + arch/mips/kernel/ptrace.c | 7 + arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 +++ arch/powerpc/include/asm/book3s/64/pgtable.h | 26 --- arch/powerpc/lib/code-patching.c | 2 +- arch/riscv/include/asm/futex.h | 2 +- arch/x86/Kconfig | 3 +- arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/bugs.c | 20 ++- arch/x86/kernel/cpu/cyrix.c | 4 +- block/bfq-cgroup.c | 97 +++++----- block/bfq-iosched.c | 195 ++++++++++++++------- block/bfq-iosched.h | 51 ++++-- drivers/bluetooth/btqca.c | 110 +++++++++--- drivers/char/tpm/eventlog/acpi.c | 16 +- drivers/char/tpm/eventlog/efi.c | 13 +- drivers/char/tpm/eventlog/of.c | 3 +- drivers/char/tpm/tpm-chip.c | 1 - drivers/clk/mediatek/clk-mt2701-bdp.c | 1 + drivers/clk/mediatek/clk-mt2701-img.c | 1 + drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + drivers/clk/mediatek/clk-mtk.c | 16 ++ drivers/clk/mediatek/clk-mtk.h | 19 ++ drivers/edac/qcom_edac.c | 4 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 ++ .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 ++- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 ++- drivers/gpu/drm/i915/display/intel_display.c | 18 ++ drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 9 +- drivers/gpu/drm/rcar-du/rcar_mipi_dsi.c | 2 +- drivers/gpu/drm/rcar-du/rcar_mipi_dsi_regs.h | 1 - drivers/gpu/drm/tidss/tidss_dispc.c | 22 ++- drivers/gpu/drm/tidss/tidss_irq.c | 2 + drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/qp.c | 4 +- drivers/md/md-bitmap.c | 34 ++-- drivers/md/md-bitmap.h | 9 +- drivers/md/md-cluster.c | 34 ++-- drivers/md/md.c | 33 +++- drivers/media/cec/platform/stm32/stm32-cec.c | 9 +- drivers/media/i2c/ad5820.c | 18 +- drivers/media/i2c/imx274.c | 5 +- drivers/media/i2c/tc358743.c | 9 +- drivers/media/platform/mediatek/mdp/mtk_mdp_comp.c | 5 +- .../platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 + .../mediatek/vcodec/vdec/vdec_h264_req_multi_if.c | 9 +- .../media/platform/samsung/exynos4-is/media-dev.c | 4 +- drivers/media/platform/st/stm32/stm32-dcmi.c | 27 +-- drivers/media/platform/ti/omap3isp/isp.c | 3 +- drivers/media/platform/xilinx/xilinx-csi2rxss.c | 8 +- drivers/media/rc/gpio-ir-recv.c | 10 +- drivers/media/rc/gpio-ir-tx.c | 9 +- drivers/media/rc/ir-rx51.c | 9 +- drivers/media/usb/uvc/uvc_ctrl.c | 99 +++++++++-- drivers/media/usb/uvc/uvc_driver.c | 35 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 2 + drivers/media/usb/uvc/uvcvideo.h | 10 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +++-- drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 100 ++++++++--- drivers/net/ethernet/ibm/ibmvnic.c | 85 +++++++-- drivers/net/ethernet/ibm/ibmvnic.h | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 + drivers/net/geneve.c | 16 +- drivers/net/gtp.c | 5 - drivers/net/ipvlan/ipvlan_core.c | 24 ++- drivers/net/loopback.c | 14 ++ drivers/net/usb/gl620a.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 +- drivers/phy/tegra/xusb-tegra186.c | 11 ++ drivers/power/supply/da9150-fg.c | 4 +- drivers/scsi/scsi_lib.c | 22 ++- drivers/scsi/sd.c | 4 + drivers/soc/mediatek/mtk-devapc.c | 36 ++-- drivers/spi/atmel-quadspi.c | 172 +++++++++++++----- drivers/tee/optee/supp.c | 35 +--- drivers/usb/gadget/function/f_midi.c | 2 +- drivers/usb/gadget/udc/core.c | 11 +- fs/afs/cell.c | 1 + fs/afs/internal.h | 23 ++- fs/afs/server.c | 1 + fs/afs/server_list.c | 114 ++++++++++-- fs/afs/vl_alias.c | 2 +- fs/afs/volume.c | 40 +++-- fs/overlayfs/copy_up.c | 2 +- fs/smb/client/smb2ops.c | 4 + fs/squashfs/inode.c | 5 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/mm.h | 26 ++- include/linux/netdevice.h | 2 + include/linux/ptrace.h | 4 + include/linux/skmsg.h | 2 + include/linux/sunrpc/sched.h | 17 +- include/net/dst.h | 9 + include/net/ip.h | 5 + include/net/netfilter/nf_conntrack_expect.h | 2 +- include/net/route.h | 5 +- include/net/strparser.h | 2 + include/net/tcp.h | 22 +++ include/trace/events/icmp.h | 67 +++++++ include/trace/events/oom.h | 36 +++- include/trace/events/sunrpc.h | 3 +- io_uring/net.c | 4 +- kernel/acct.c | 134 ++++++++------ kernel/bpf/syscall.c | 18 +- kernel/events/core.c | 17 +- kernel/events/uprobes.c | 5 + kernel/sched/core.c | 2 +- kernel/trace/ftrace.c | 30 ++-- kernel/trace/trace_events_hist.c | 34 ++-- kernel/trace/trace_functions.c | 6 +- mm/gup.c | 31 +++- mm/madvise.c | 11 +- mm/memcontrol.c | 7 +- mm/memory.c | 4 +- mm/oom_kill.c | 14 +- net/bluetooth/l2cap_core.c | 9 +- net/bpf/test_run.c | 5 +- net/bridge/br_netfilter_hooks.c | 8 +- net/core/dev.c | 37 +++- net/core/drop_monitor.c | 39 ++--- net/core/flow_dissector.c | 49 +++--- net/core/gro.c | 1 + net/core/skbuff.c | 2 +- net/core/skmsg.c | 7 + net/core/sysctl_net_core.c | 3 +- net/ipv4/arp.c | 2 +- net/ipv4/icmp.c | 24 +-- net/ipv4/ip_options.c | 3 +- net/ipv4/tcp.c | 29 ++- net/ipv4/tcp_bpf.c | 36 ++++ net/ipv4/tcp_fastopen.c | 4 +- net/ipv4/tcp_input.c | 8 +- net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/ip6_tunnel.c | 4 +- net/ipv6/rpl_iptunnel.c | 58 +++--- net/ipv6/seg6_iptunnel.c | 97 ++++++---- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 15 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_expect.c | 4 +- net/netfilter/nft_ct.c | 2 + net/sched/sch_fifo.c | 3 + net/strparser/strparser.c | 11 +- net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - sound/pci/hda/hda_codec.c | 4 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_cs8409-tables.c | 6 +- sound/pci/hda/patch_cs8409.c | 20 ++- sound/pci/hda/patch_cs8409.h | 5 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/es8328.c | 15 +- sound/soc/fsl/fsl_micfil.c | 2 + sound/soc/rockchip/rockchip_i2s_tdm.c | 4 +- sound/soc/sh/rz-ssi.c | 2 + sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + 179 files changed, 2160 insertions(+), 955 deletions(-)

3 months, 1 week

8
7
0 0

[PATCH locking 10/11] rust: lockdep: Remove support for dynamically allocated LockClassKeys

by Boqun Feng

From: Mitchell Levy <levymitchell0(a)gmail.com> Currently, dynamically allocated LockCLassKeys can be used from the Rust side without having them registered. This is a soundness issue, so remove them. Suggested-by: Alice Ryhl <aliceryhl(a)google.com> Link: https://lore.kernel.org/rust-for-linux/20240815074519.2684107-3-nmi@metaspa… Cc: stable(a)vger.kernel.org Fixes: 6ea5aa08857a ("rust: sync: introduce `LockClassKey`") Reviewed-by: Benno Lossin <benno.lossin(a)proton.me> Signed-off-by: Mitchell Levy <levymitchell0(a)gmail.com> Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> Link: https://lore.kernel.org/r/20250207-rust-lockdep-v4-1-7a50a7e88656@gmail.com --- rust/kernel/sync.rs | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/rust/kernel/sync.rs b/rust/kernel/sync.rs index 3498fb344dc9..16eab9138b2b 100644 --- a/rust/kernel/sync.rs +++ b/rust/kernel/sync.rs @@ -30,28 +30,20 @@ unsafe impl Sync for LockClassKey {} impl LockClassKey { - /// Creates a new lock class key. - pub const fn new() -> Self { - Self(Opaque::uninit()) - } - pub(crate) fn as_ptr(&self) -> *mut bindings::lock_class_key { self.0.get() } } -impl Default for LockClassKey { - fn default() -> Self { - Self::new() - } -} - /// Defines a new static lock class and returns a pointer to it. #[doc(hidden)] #[macro_export] macro_rules! static_lock_class { () => {{ - static CLASS: $crate::sync::LockClassKey = $crate::sync::LockClassKey::new(); + static CLASS: $crate::sync::LockClassKey = + // SAFETY: lockdep expects uninitialized memory when it's handed a statically allocated + // lock_class_key + unsafe { ::core::mem::MaybeUninit::uninit().assume_init() }; &CLASS }}; } -- 2.47.1

3 months, 1 week

2
1
0 0

[PATCH v6 4/8] crypto: ccp: Fix uapi definitions of PSP errors

by Dionna Glaze

From: Alexey Kardashevskiy <aik(a)amd.com> Additions to the error enum after the explicit 0x27 setting for SEV_RET_INVALID_KEY leads to incorrect value assignments. Use explicit values to match the manufacturer specifications more clearly. Fixes: 3a45dc2b419e ("crypto: ccp: Define the SEV-SNP commands") CC: Sean Christopherson <seanjc(a)google.com> CC: Paolo Bonzini <pbonzini(a)redhat.com> CC: Thomas Gleixner <tglx(a)linutronix.de> CC: Ingo Molnar <mingo(a)redhat.com> CC: Borislav Petkov <bp(a)alien8.de> CC: Dave Hansen <dave.hansen(a)linux.intel.com> CC: Ashish Kalra <ashish.kalra(a)amd.com> CC: Tom Lendacky <thomas.lendacky(a)amd.com> CC: John Allen <john.allen(a)amd.com> CC: Herbert Xu <herbert(a)gondor.apana.org.au> CC: "David S. Miller" <davem(a)davemloft.net> CC: Michael Roth <michael.roth(a)amd.com> CC: Luis Chamberlain <mcgrof(a)kernel.org> CC: Russ Weight <russ.weight(a)linux.dev> CC: Danilo Krummrich <dakr(a)redhat.com> CC: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CC: "Rafael J. Wysocki" <rafael(a)kernel.org> CC: Tianfei zhang <tianfei.zhang(a)intel.com> CC: Alexey Kardashevskiy <aik(a)amd.com> CC: stable(a)vger.kernel.org Signed-off-by: Alexey Kardashevskiy <aik(a)amd.com> Signed-off-by: Dionna Glaze <dionnaglaze(a)google.com> --- include/uapi/linux/psp-sev.h | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 832c15d9155bd..eeb20dfb1fdaa 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -73,13 +73,20 @@ typedef enum { SEV_RET_INVALID_PARAM, SEV_RET_RESOURCE_LIMIT, SEV_RET_SECURE_DATA_INVALID, - SEV_RET_INVALID_KEY = 0x27, - SEV_RET_INVALID_PAGE_SIZE, - SEV_RET_INVALID_PAGE_STATE, - SEV_RET_INVALID_MDATA_ENTRY, - SEV_RET_INVALID_PAGE_OWNER, - SEV_RET_INVALID_PAGE_AEAD_OFLOW, - SEV_RET_RMP_INIT_REQUIRED, + SEV_RET_INVALID_PAGE_SIZE = 0x0019, + SEV_RET_INVALID_PAGE_STATE = 0x001A, + SEV_RET_INVALID_MDATA_ENTRY = 0x001B, + SEV_RET_INVALID_PAGE_OWNER = 0x001C, + SEV_RET_AEAD_OFLOW = 0x001D, + SEV_RET_EXIT_RING_BUFFER = 0x001F, + SEV_RET_RMP_INIT_REQUIRED = 0x0020, + SEV_RET_BAD_SVN = 0x0021, + SEV_RET_BAD_VERSION = 0x0022, + SEV_RET_SHUTDOWN_REQUIRED = 0x0023, + SEV_RET_UPDATE_FAILED = 0x0024, + SEV_RET_RESTORE_REQUIRED = 0x0025, + SEV_RET_RMP_INITIALIZATION_FAILED = 0x0026, + SEV_RET_INVALID_KEY = 0x0027, SEV_RET_MAX, } sev_ret_code; -- 2.47.0.277.g8800431eea-goog

3 months, 1 week

4
6
0 0

[PATCH v2] iommufd: Fail replace if device has not been attached

by Yi Liu

The current implementation of iommufd_device_do_replace() implicitly assumes that the input device has already been attached. However, there is no explicit check to verify this assumption. If another device within the same group has been attached, the replace operation might succeed, but the input device itself may not have been attached yet. As a result, the input device might not be tracked in the igroup->device_list, and its reserved IOVA might not be added. Despite this, the caller might incorrectly assume that the device has been successfully replaced, which could lead to unexpected behavior or errors. To address this issue, add a check to ensure that the input device has been attached before proceeding with the replace operation. This check will help maintain the integrity of the device tracking system and prevent potential issues arising from incorrect assumptions about the device's attachment status. Fixes: e88d4ec154a8 ("iommufd: Add iommufd_device_replace()") Cc: stable(a)vger.kernel.org Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Signed-off-by: Yi Liu <yi.l.liu(a)intel.com> --- Change log: v2: - Add r-b tag (Kevin) - Minor tweaks. I swarpped the order of is_attach check with the if (igroup->hwpt == NULL) check, hence no need to add WARN_ON. v1: https://lore.kernel.org/linux-iommu/20250304120754.12450-1-yi.l.liu@intel.c… --- drivers/iommu/iommufd/device.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c index b2f0cb909e6d..bd50146e2ad0 100644 --- a/drivers/iommu/iommufd/device.c +++ b/drivers/iommu/iommufd/device.c @@ -471,6 +471,17 @@ iommufd_device_attach_reserved_iova(struct iommufd_device *idev, /* The device attach/detach/replace helpers for attach_handle */ +/* Check if idev is attached to igroup->hwpt */ +static bool iommufd_device_is_attached(struct iommufd_device *idev) +{ + struct iommufd_device *cur; + + list_for_each_entry(cur, &idev->igroup->device_list, group_item) + if (cur == idev) + return true; + return false; +} + static int iommufd_hwpt_attach_device(struct iommufd_hw_pagetable *hwpt, struct iommufd_device *idev) { @@ -710,6 +721,11 @@ iommufd_device_do_replace(struct iommufd_device *idev, goto err_unlock; } + if (!iommufd_device_is_attached(idev)) { + rc = -EINVAL; + goto err_unlock; + } + if (hwpt == igroup->hwpt) { mutex_unlock(&idev->igroup->lock); return NULL; -- 2.34.1

3 months, 1 week

2
1
0 0

[PATCH 6.13 000/154] 6.13.6-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.6 release. There are 154 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 08 Mar 2025 15:13:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.6-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.6-rc2 Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Load only SHA256-checksummed patches Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add get_patch_level() Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Merge early_apply_microcode() into its single callsite Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Have __apply_microcode_amd() return bool Nikolay Borisov <nik.borisov(a)suse.com> x86/microcode/AMD: Return bool from find_blobs_in_containers() Peter Jones <pjones(a)redhat.com> efi: Don't map the entire mokvar table to determine its size Clément Léger <cleger(a)rivosinc.com> riscv: cpufeature: use bitmap_equal() instead of memcmp() Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal_minsigstksz Rob Herring <robh(a)kernel.org> riscv: cacheinfo: Use of_property_present() for non-boolean properties Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal frame size Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Andreas Schwab <schwab(a)suse.de> riscv/atomic: Do proper sign extension also for unsigned in arch_cmpxchg Stafford Horne <shorne(a)gmail.com> rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm Arthur Simchaev <arthur.simchaev(a)sandisk.com> scsi: ufs: core: bsg: Fix crash when arpmb command fails Roberto Sassu <roberto.sassu(a)huawei.com> ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Ken Raeburn <raeburn(a)redhat.com> dm vdo: add missing spin_lock_init Milan Broz <gmazyland(a)gmail.com> dm-integrity: Avoid divide by zero in table status in Inline mode Joanne Koong <joannelkoong(a)gmail.com> fuse: revert back to __readahead_folio() for readahead Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP Tejun Heo <tj(a)kernel.org> sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Thomas Gleixner <tglx(a)linutronix.de> rcuref: Plug slowpath race in rcuref_put() Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> selftests/landlock: Test that MPTCP actions are not restricted Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix suspicious RCU usage Jerry Snitselaar <jsnitsel(a)redhat.com> iommu/vt-d: Remove device comparison in context_setup_pass_through_cb Harshitha Ramamurthy <hramamurthy(a)google.com> gve: unlink old napi when stopping a queue using queue API André Draszik <andre.draszik(a)linaro.org> phy: exynos5-usbdrd: gs101: ensure power is gated to SS phy in phy_exit() Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: add missing enetc4_link_deinit() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: remove the mm_lock from the ENETC v4 driver Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() George Moussalem <george.moussalem(a)outlook.com> net: phy: qcom: qca807x fix condition for DAC_DSP_BIAS_CURRENT Qunqin Zhao <zhaoqunqin(a)loongson.cn> net: stmmac: dwmac-loongson: Add fix_soc_reset() callback Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> i2c: amd-asf: Fix EOI register write to enable successive interrupts Binbin Zhou <zhoubinbin(a)loongson.cn> i2c: ls2x: Fix frequency division register access Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Qu Wenruo <wqu(a)suse.com> btrfs: fix data overwriting bug during buffered write when block size < page size Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free on inode when scanning root during em shrinking Filipe Manana <fdmanana(a)suse.com> btrfs: do regular iput instead of delayed iput during extent map shrinking Filipe Manana <fdmanana(a)suse.com> btrfs: skip inodes without loaded extent maps when shrinking extent maps Damien Le Moal <dlemoal(a)kernel.org> block: Remove zone write plugs when handling native zone append writes Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Fix Boot panic on Ampere Altra Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Yilin Chen <Yilin.Chen(a)amd.com> drm/amd/display: add a quirk to enable eDP0 on DP1 Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable BAR resize on Dell G5 SE David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: Preserve cp_hqd_pq_control on update_mqd Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-dma: Add shadow buffering for deferred I/O Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: fix EFAULT handling Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: restore invalidation list on error Mingcong Bai <jeffbai(a)aosc.io> drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size) Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Breno Leitao <leitao(a)debian.org> perf/core: Add RCU read lock protection to perf_iterate_ctx() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Ensure a VMID is allocated before programming VTTBR_EL2 Adrien Vergé <adrienverge(a)gmail.com> ALSA: hda/realtek: Fix microphone regression on ASUS N705UD Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI TIME error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI IPI error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend_type use Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend status check Christian Bruel <christian.bruel(a)foss.st.com> phy: stm32: Fix constant-value overflow assertion Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Arnd Bergmann <arnd(a)arndb.de> phy: rockchip: fix Kconfig dependency more Andrii Nakryiko <andrii(a)kernel.org> uprobes: Remove too strict lockdep_assert() condition in hprobe_expire() Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ard Biesheuvel <ardb(a)kernel.org> objtool: Fix C jump table annotations for Clang Peter Zijlstra <peterz(a)infradead.org> objtool: Remove annotate_{,un}reachable() Peter Zijlstra <peterz(a)infradead.org> unreachable: Unify Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Yu-Che Cheng <giver(a)chromium.org> thermal: gov_power_allocator: Update total_weight on bind and cdev updates Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/of: Fix cdev lookup in thermal_of_should_bind() Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Yu-Che Cheng <giver(a)chromium.org> thermal: gov_power_allocator: Fix incorrect calculation in divvy_up_power() Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Reject perout generation request Eric Dumazet <edumazet(a)google.com> idpf: fix checksums set in idpf_rx_rsc() Joe Damato <jdamato(a)fastly.com> selftests: drv-net: Check if combined-count exists Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Restore missing trace event when enabling vport QoS Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Fix vport QoS cleanup on error Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Avoid setting default Rx VSI twice in switchdev setup Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix deinitializing VF in error path Stanislav Fomichev <sdf(a)fomichev.me> tcp: devmem: don't write truncated dmabuf CMSGs to userspace Sascha Hauer <s.hauer(a)pengutronix.de> net: ethernet: ti: am65-cpsw: select PAGE_POOL Melissa Wen <mwen(a)igalia.com> drm/amd/display: restore edid reading from a given i2c adapter Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: keep enforce isolation up to date Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx: only call mes for enforce isolation if supported Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Prevent races when soft-resetting using SPI control Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Remove async regmap writes Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/xe/oa: Allow oa_exponent value of 0 Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl: Rename stream name of SAI DAI driver Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Linus Walleij <linus.walleij(a)linaro.org> net: dsa: rtl8366rb: Fix compilation problem Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header Eric Dumazet <edumazet(a)google.com> net: better track kernel sockets lifetime Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add net_passive_inc() and net_passive_dec(). David Howells <dhowells(a)redhat.com> afs: Give an afs_server object a ref on the afs_cell object it points to David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> rxrpc: rxperf: Fix missing decoding of terminal magic cookie Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix AH static rate parsing Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix implicit ODP hang on parent deregistration Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Handle -ETIMEDOUT return from tlshd Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix a deadlock when recovering state on a sillyrenamed file Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Adjust delegated timestamps for O_DIRECT reads and writes Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: O_DIRECT writes must check and adjust the file length Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> landlock: Fix non-TCP sockets restriction Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the statistics for Gen P7 VF Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Allocate dev_attr information dynamically Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add sanity checks on rdev validity Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix mbox timing out by adding retry mechanism Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Allocate PAGE aligned doorbell index Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a WARN during dereg_mr for DM type Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix the recovery flow of the UMR QP ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/kvm_host.h | 2 +- arch/arm64/kvm/arm.c | 22 +- arch/arm64/kvm/vmid.c | 11 +- arch/arm64/mm/init.c | 7 +- arch/riscv/include/asm/cmpxchg.h | 2 +- arch/riscv/include/asm/futex.h | 2 +- arch/riscv/kernel/cacheinfo.c | 12 +- arch/riscv/kernel/cpufeature.c | 2 +- arch/riscv/kernel/setup.c | 2 +- arch/riscv/kernel/signal.c | 6 - arch/riscv/kvm/vcpu_sbi_hsm.c | 11 +- arch/riscv/kvm/vcpu_sbi_replace.c | 15 +- arch/x86/Kconfig | 1 + arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/cyrix.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 283 ++++++++----- arch/x86/kernel/cpu/microcode/amd_shas.c | 444 +++++++++++++++++++++ arch/x86/kernel/cpu/microcode/internal.h | 2 - block/blk-zoned.c | 76 +++- drivers/firmware/cirrus/cs_dsp.c | 24 +- drivers/firmware/efi/mokvar-table.c | 42 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 20 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4 + drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 4 + drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v10.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 86 +++- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 +- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 +- drivers/gpu/drm/drm_fbdev_dma.c | 217 +++++++--- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 - drivers/gpu/drm/xe/xe_oa.c | 5 +- drivers/gpu/drm/xe/xe_vm.c | 40 +- drivers/i2c/busses/i2c-amd-asf-plat.c | 1 + drivers/i2c/busses/i2c-ls2x.c | 16 +- drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/hw/bnxt_re/bnxt_re.h | 2 +- drivers/infiniband/hw/bnxt_re/hw_counters.c | 4 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 40 +- drivers/infiniband/hw/bnxt_re/main.c | 41 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_res.h | 12 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/bnxt_re/qplib_sp.h | 3 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 64 ++- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 + drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/ah.c | 3 +- drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/mr.c | 16 +- drivers/infiniband/hw/mlx5/odp.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 10 +- drivers/infiniband/hw/mlx5/qp.h | 1 + drivers/infiniband/hw/mlx5/umr.c | 83 ++-- drivers/iommu/intel/dmar.c | 1 + drivers/iommu/intel/iommu.c | 10 +- drivers/md/dm-integrity.c | 8 +- drivers/md/dm-vdo/dedupe.c | 1 + drivers/net/dsa/realtek/Kconfig | 6 + drivers/net/dsa/realtek/Makefile | 3 + drivers/net/dsa/realtek/rtl8366rb-leds.c | 177 ++++++++ drivers/net/dsa/realtek/rtl8366rb.c | 258 +----------- drivers/net/dsa/realtek/rtl8366rb.h | 107 +++++ drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 103 +++-- drivers/net/ethernet/freescale/enetc/enetc4_pf.c | 2 +- .../net/ethernet/freescale/enetc/enetc_ethtool.c | 7 +- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 2 + drivers/net/ethernet/intel/ice/ice_eswitch.c | 3 +- drivers/net/ethernet/intel/ice/ice_sriov.c | 5 +- drivers/net/ethernet/intel/ice/ice_vf_lib.c | 8 + .../net/ethernet/intel/ice/ice_vf_lib_private.h | 1 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 + drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/ethernet/ti/icssg/icss_iep.c | 21 +- drivers/net/ipvlan/ipvlan_core.c | 21 +- drivers/net/loopback.c | 14 + drivers/net/phy/qcom/qca807x.c | 2 +- drivers/net/usb/gl620a.c | 4 +- drivers/phy/rockchip/Kconfig | 1 + drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 25 +- drivers/phy/st/phy-stm32-combophy.c | 38 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/scsi/scsi_lib.c | 14 +- drivers/thermal/gov_power_allocator.c | 32 +- drivers/thermal/thermal_of.c | 50 ++- drivers/ufs/core/ufs_bsg.c | 6 +- drivers/ufs/core/ufshcd.c | 38 +- fs/afs/server.c | 3 + fs/afs/server_list.c | 4 +- fs/btrfs/extent_map.c | 83 ++-- fs/btrfs/file.c | 9 +- fs/fuse/dev.c | 6 + fs/fuse/file.c | 13 +- fs/nfs/delegation.c | 37 ++ fs/nfs/delegation.h | 1 + fs/nfs/direct.c | 23 ++ fs/nfs/nfs4proc.c | 3 + fs/overlayfs/copy_up.c | 2 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/blkdev.h | 7 +- include/linux/compiler-gcc.h | 12 - include/linux/compiler.h | 39 +- include/linux/rcuref.h | 9 +- include/linux/socket.h | 2 + include/linux/sunrpc/sched.h | 3 +- include/net/net_namespace.h | 11 + include/net/sock.h | 1 + include/sound/cs35l56.h | 31 ++ include/trace/events/afs.h | 2 + include/trace/events/sunrpc.h | 3 +- io_uring/net.c | 4 +- kernel/events/core.c | 31 +- kernel/events/uprobes.c | 15 +- kernel/sched/core.c | 2 +- kernel/sched/ext.c | 11 +- kernel/trace/ftrace.c | 27 +- kernel/trace/trace_events_hist.c | 34 +- lib/rcuref.c | 5 +- net/bluetooth/l2cap_core.c | 9 +- net/core/gro.c | 1 + net/core/net_namespace.c | 8 +- net/core/scm.c | 10 + net/core/skbuff.c | 2 +- net/core/sock.c | 27 +- net/core/sysctl_net_core.c | 3 +- net/ipv4/tcp.c | 26 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/rpl_iptunnel.c | 14 +- net/ipv6/seg6_iptunnel.c | 14 +- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 20 +- net/netlink/af_netlink.c | 10 - net/rds/tcp.c | 8 +- net/rxrpc/rxperf.c | 12 + net/smc/af_smc.c | 5 +- net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - net/sunrpc/svcsock.c | 5 +- net/sunrpc/xprtsock.c | 18 +- security/integrity/ima/ima.h | 3 + security/integrity/ima/ima_main.c | 7 +- security/landlock/net.c | 3 +- sound/pci/hda/cs35l56_hda_spi.c | 3 + sound/pci/hda/patch_realtek.c | 2 +- sound/soc/codecs/cs35l56-shared.c | 80 ++++ sound/soc/codecs/cs35l56-spi.c | 3 + sound/soc/codecs/es8328.c | 15 +- sound/soc/fsl/fsl_sai.c | 6 +- sound/soc/fsl/imx-audmix.c | 4 +- sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + tools/objtool/check.c | 50 +-- tools/objtool/include/objtool/special.h | 2 +- tools/testing/selftests/drivers/net/queues.py | 7 +- tools/testing/selftests/landlock/common.h | 1 + tools/testing/selftests/landlock/config | 2 + tools/testing/selftests/landlock/net_test.c | 124 +++++- tools/testing/selftests/rseq/rseq-riscv-bits.h | 6 +- tools/testing/selftests/rseq/rseq-riscv.h | 2 +- 177 files changed, 2637 insertions(+), 1171 deletions(-)

3 months, 1 week

11
10
0 0

[PATCH 2/2] virt: sev-guest: Move SNP Guest Request data pages handling under snp_cmd_mutex

by Alexey Kardashevskiy

Compared to the SNP Guest Request, the "Extended" version adds data pages for receiving certificates. If not enough pages provided, the HV can report to the VM how much is needed so the VM can reallocate and repeat. Commit ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") moved handling of the allocated/desired pages number out of scope of said mutex and create a possibility for a race (multiple instances trying to trigger Extended request in a VM) as there is just one instance of snp_msg_desc per /dev/sev-guest and no locking other than snp_cmd_mutex. Fix the issue by moving the data blob/size and the GHCB input struct (snp_req_data) into snp_guest_req which is allocated on stack now and accessed by the GHCB caller under that mutex. Stop allocating SEV_FW_BLOB_MAX_SIZE in snp_msg_alloc() as only one of four callers needs it. Free the received blob in get_ext_report() right after it is copied to the userspace. Possible future users of snp_send_guest_request() are likely to have different ideas about the buffer size anyways. Fixes: ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex") Cc: stable(a)vger.kernel.org Cc: Nikunj A Dadhania <nikunj(a)amd.com> Signed-off-by: Alexey Kardashevskiy <aik(a)amd.com> --- arch/x86/include/asm/sev.h | 6 ++-- arch/x86/coco/sev/core.c | 23 +++++-------- drivers/virt/coco/sev-guest/sev-guest.c | 34 ++++++++++++++++---- 3 files changed, 39 insertions(+), 24 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 1581246491b5..ba7999f66abe 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -203,6 +203,9 @@ struct snp_guest_req { unsigned int vmpck_id; u8 msg_version; u8 msg_type; + + struct snp_req_data input; + void *certs_data; }; /* @@ -263,9 +266,6 @@ struct snp_msg_desc { struct snp_guest_msg secret_request, secret_response; struct snp_secrets_page *secrets; - struct snp_req_data input; - - void *certs_data; struct aesgcm_ctx *ctx; diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 82492efc5d94..d02eea5e3d50 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2853,19 +2853,8 @@ struct snp_msg_desc *snp_msg_alloc(void) if (!mdesc->response) goto e_free_request; - mdesc->certs_data = alloc_shared_pages(SEV_FW_BLOB_MAX_SIZE); - if (!mdesc->certs_data) - goto e_free_response; - - /* initial the input address for guest request */ - mdesc->input.req_gpa = __pa(mdesc->request); - mdesc->input.resp_gpa = __pa(mdesc->response); - mdesc->input.data_gpa = __pa(mdesc->certs_data); - return mdesc; -e_free_response: - free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); e_free_request: free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); e_unmap: @@ -2885,7 +2874,6 @@ void snp_msg_free(struct snp_msg_desc *mdesc) kfree(mdesc->ctx); free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg)); free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg)); - free_shared_pages(mdesc->certs_data, SEV_FW_BLOB_MAX_SIZE); iounmap((__force void __iomem *)mdesc->secrets); memset(mdesc, 0, sizeof(*mdesc)); @@ -3054,7 +3042,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r * sequence number must be incremented or the VMPCK must be deleted to * prevent reuse of the IV. */ - rc = snp_issue_guest_request(req, &mdesc->input, rio); + rc = snp_issue_guest_request(req, &req->input, rio); switch (rc) { case -ENOSPC: /* @@ -3064,7 +3052,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r * order to increment the sequence number and thus avoid * IV reuse. */ - override_npages = mdesc->input.data_npages; + override_npages = req->input.data_npages; req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; /* @@ -3120,7 +3108,7 @@ static int __handle_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r } if (override_npages) - mdesc->input.data_npages = override_npages; + req->input.data_npages = override_npages; return rc; } @@ -3158,6 +3146,11 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req */ memcpy(mdesc->request, &mdesc->secret_request, sizeof(mdesc->secret_request)); + /* initial the input address for guest request */ + req->input.req_gpa = __pa(mdesc->request); + req->input.resp_gpa = __pa(mdesc->response); + req->input.data_gpa = req->certs_data ? __pa(req->certs_data) : 0; + rc = __handle_guest_request(mdesc, req, rio); if (rc) { if (rc == -EIO && diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 4699fdc9ed44..cf3fb61f4d5b 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -177,6 +177,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques struct snp_guest_req req = {}; int ret, npages = 0, resp_len; sockptr_t certs_address; + struct page *page; if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) return -EINVAL; @@ -210,8 +211,20 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques * the host. If host does not supply any certs in it, then copy * zeros to indicate that certificate data was not provided. */ - memset(mdesc->certs_data, 0, report_req->certs_len); npages = report_req->certs_len >> PAGE_SHIFT; + page = alloc_pages(GFP_KERNEL_ACCOUNT | __GFP_ZERO, + get_order(report_req->certs_len)); + if (!page) + return -ENOMEM; + + req.certs_data = page_address(page); + ret = set_memory_decrypted((unsigned long)req.certs_data, npages); + if (ret) { + pr_err("failed to mark page shared, ret=%d\n", ret); + __free_pages(page, get_order(report_req->certs_len)); + return -EFAULT; + } + cmd: /* * The intermediate response buffer is used while decrypting the @@ -220,10 +233,12 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques */ resp_len = sizeof(report_resp->data) + mdesc->ctx->authsize; report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); - if (!report_resp) - return -ENOMEM; + if (!report_resp) { + ret = -ENOMEM; + goto e_free_data; + } - mdesc->input.data_npages = npages; + req.input.data_npages = npages; req.msg_version = arg->msg_version; req.msg_type = SNP_MSG_REPORT_REQ; @@ -238,7 +253,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques /* If certs length is invalid then copy the returned length */ if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { - report_req->certs_len = mdesc->input.data_npages << PAGE_SHIFT; + report_req->certs_len = req.input.data_npages << PAGE_SHIFT; if (copy_to_sockptr(io->req_data, report_req, sizeof(*report_req))) ret = -EFAULT; @@ -247,7 +262,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques if (ret) goto e_free; - if (npages && copy_to_sockptr(certs_address, mdesc->certs_data, report_req->certs_len)) { + if (npages && copy_to_sockptr(certs_address, req.certs_data, report_req->certs_len)) { ret = -EFAULT; goto e_free; } @@ -257,6 +272,13 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques e_free: kfree(report_resp); +e_free_data: + if (npages) { + if (set_memory_encrypted((unsigned long)req.certs_data, npages)) + WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); + else + __free_pages(page, get_order(report_req->certs_len)); + } return ret; } -- 2.47.1

3 months, 1 week

4
3
0 0

[PATCH] PCI: controller: Restore PCI_REASSIGN_ALL_BUS when PCI_PROBE_ONLY is enabled

by Bo Sun

On our Marvell OCTEON CN96XX board, we observed the following panic on the latest kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080 Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [0000000000000080] user address but active_mm is swapper Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Modules linked in: CPU: 9 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.13.0-rc7-00149-g9bffa1ad25b8 #1 Hardware name: Marvell OcteonTX CN96XX board (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : of_pci_add_properties+0x278/0x4c8 lr : of_pci_add_properties+0x258/0x4c8 sp : ffff8000822ef9b0 x29: ffff8000822ef9b0 x28: ffff000106dd8000 x27: ffff800081bc3b30 x26: ffff800081540118 x25: ffff8000813d2be0 x24: 0000000000000000 x23: ffff00010528a800 x22: ffff000107c50000 x21: ffff0001039c2630 x20: ffff0001039c2630 x19: 0000000000000000 x18: ffffffffffffffff x17: 00000000a49c1b85 x16: 0000000084c07b58 x15: ffff000103a10f98 x14: ffffffffffffffff x13: ffff000103a10f96 x12: 0000000000000003 x11: 0101010101010101 x10: 000000000000002c x9 : ffff800080ca7acc x8 : ffff0001038fd900 x7 : 0000000000000000 x6 : 0000000000696370 x5 : 0000000000000000 x4 : 0000000000000002 x3 : ffff8000822efa40 x2 : ffff800081341000 x1 : ffff000107c50000 x0 : 0000000000000000 Call trace: of_pci_add_properties+0x278/0x4c8 (P) of_pci_make_dev_node+0xe0/0x158 pci_bus_add_device+0x158/0x210 pci_bus_add_devices+0x40/0x98 pci_host_probe+0x94/0x118 pci_host_common_probe+0x120/0x1a0 platform_probe+0x70/0xf0 really_probe+0xb4/0x2a8 __driver_probe_device+0x80/0x140 driver_probe_device+0x48/0x170 __driver_attach+0x9c/0x1b0 bus_for_each_dev+0x7c/0xe8 driver_attach+0x2c/0x40 bus_add_driver+0xec/0x218 driver_register+0x68/0x138 __platform_driver_register+0x2c/0x40 gen_pci_driver_init+0x24/0x38 do_one_initcall+0x4c/0x278 kernel_init_freeable+0x1f4/0x3d0 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20 Code: aa1603e1 f0005522 d2800044 91000042 (f94040a0) This regression was introduced by commit 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags"). On our board, the 002:00:07.0 bridge is misconfigured by the bootloader. Both its secondary and subordinate bus numbers are initialized to 0, while its fixed secondary bus number is set to 8. However, bus number 8 is also assigned to another bridge (0002:00:0f.0). Although this is a bootloader issue, before the change in commit 7246a4520b4b, the PCI_REASSIGN_ALL_BUS flag was set by default when PCI_PROBE_ONLY was enabled, ensuing that all the bus number for these bridges were reassigned, avoiding any conflicts. After the change introduced in commit 7246a4520b4b, the bus numbers assigned by the bootloader are reused by all other bridges, except the misconfigured 002:00:07.0 bridge. The kernel attempt to reconfigure 002:00:07.0 by reusing the fixed secondary bus number 8 assigned by bootloader. However, since a pci_bus has already been allocated for bus 8 due to the probe of 0002:00:0f.0, no new pci_bus allocated for 002:00:07.0. This results in a pci bridge device without a pci_bus attached (pdev->subordinate == NULL). Consequently, accessing pdev->subordinate in of_pci_prop_bus_range() leads to a NULL pointer dereference. To summarize, we need to restore the PCI_REASSIGN_ALL_BUS flag when PCI_PROBE_ONLY is enabled in order to work around issue like the one described above. Cc: stable(a)vger.kernel.org Fixes: 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags") Signed-off-by: Bo Sun <Bo.Sun.CN(a)windriver.com> --- drivers/pci/controller/pci-host-common.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/controller/pci-host-common.c b/drivers/pci/controller/pci-host-common.c index cf5f59a745b3..615923acbc3e 100644 --- a/drivers/pci/controller/pci-host-common.c +++ b/drivers/pci/controller/pci-host-common.c @@ -73,6 +73,10 @@ int pci_host_common_probe(struct platform_device *pdev) if (IS_ERR(cfg)) return PTR_ERR(cfg); + /* Do not reassign resources if probe only */ + if (!pci_has_flag(PCI_PROBE_ONLY)) + pci_add_flags(PCI_REASSIGN_ALL_BUS); + bridge->sysdata = cfg; bridge->ops = (struct pci_ops *)&ops->pci_ops; bridge->msi_domain = true; -- 2.48.1

3 months, 1 week

4
9
0 0

[PATCH v1] mm/madvise: Always set ptes via arch helpers

by Ryan Roberts

Instead of writing a pte directly into the table, use the set_pte_at() helper, which gives the arch visibility of the change. In this instance we are guaranteed that the pte was originally none and is being modified to a not-present pte, so there was unlikely to be a bug in practice (at least not on arm64). But it's bad practice to write the page table memory directly without arch involvement. Cc: <stable(a)vger.kernel.org> Fixes: 662df3e5c376 ("mm: madvise: implement lightweight guard page mechanism") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> --- mm/madvise.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/madvise.c b/mm/madvise.c index 388dc289b5d1..6170f4acc14f 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -1101,7 +1101,7 @@ static int guard_install_set_pte(unsigned long addr, unsigned long next, unsigned long *nr_pages = (unsigned long *)walk->private; /* Simply install a PTE marker, this causes segfault on access. */ - *ptep = make_pte_marker(PTE_MARKER_GUARD); + set_pte_at(walk->mm, addr, ptep, make_pte_marker(PTE_MARKER_GUARD)); (*nr_pages)++; return 0; -- 2.43.0

3 months, 1 week

3
8
0 0

Re: [PATCH] net: fix uninitialised access in mii_nway_restart()

by Qasim Ijaz

On Tue, Feb 18, 2025 at 02:10:08AM +0100, Andrew Lunn wrote: > On Tue, Feb 18, 2025 at 12:24:43AM +0000, Qasim Ijaz wrote: > > In mii_nway_restart() during the line: > > > > bmcr = mii->mdio_read(mii->dev, mii->phy_id, MII_BMCR); > > > > The code attempts to call mii->mdio_read which is ch9200_mdio_read(). > > > > ch9200_mdio_read() utilises a local buffer, which is initialised > > with control_read(): > > > > unsigned char buff[2]; > > > > However buff is conditionally initialised inside control_read(): > > > > if (err == size) { > > memcpy(data, buf, size); > > } > > > > If the condition of "err == size" is not met, then buff remains > > uninitialised. Once this happens the uninitialised buff is accessed > > and returned during ch9200_mdio_read(): > > > > return (buff[0] | buff[1] << 8); > > > > The problem stems from the fact that ch9200_mdio_read() ignores the > > return value of control_read(), leading to uinit-access of buff. > > > > To fix this we should check the return value of control_read() > > and return early on error. > > What about get_mac_address()? > > If you find a bug, it is a good idea to look around and see if there > are any more instances of the same bug. I could be wrong, but it seems > like get_mac_address() suffers from the same problem? Thank you for the feedback Andrew. I checked get_mac_address() before sending this patch and to me it looks like it does check the return value of control_read(). It accumulates the return value of each control_read() call into rd_mac_len and then checks if it not equal to what is expected (ETH_ALEN which is 6), I believe each call should return 2. > > Andrew

3 months, 1 week

2
3
0 0

Shopify POS new users

by kristina williams

Hi there, I hope you're doing well. Would you be open to exploring our freshly verified Shopify POS Users Data? This could be a valuable resource for your marketing and outreach efforts. Let me know if you're interested, and I'd be happy to share the available count and more details. Looking forward to your response. Best Regards, Kristina Williams Demand Generation Executive Please respond with cancel, if not needed.

3 months, 1 week

1
0
0 0

Apply 3 commits for 6.13.y

by Miguel Ojeda

Hi Greg, Sasha, Please consider applying the following commits for 6.13.y: 27c7518e7f1c ("rust: finish using custom FFI integer types") 1bae8729e50a ("rust: map `long` to `isize` and `char` to `u8`") 9b98be76855f ("rust: cleanup unnecessary casts") They should apply cleanly. This backports the custom FFI integer types, which in turn solves a build failure under `CONFIG_RUST_FW_LOADER_ABSTRACTIONS=y`. I will have to send something similar to 6.12.y, but it requires more commits -- I may do the `alloc` backport first we discussed the other day. Thanks! Cheers, Miguel

3 months, 1 week

4
5
0 0

Linux 6.6.81

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.81 kernel. All users, EXCEPT i386 systems, of the 6.6 kernel series must upgrade. Note, the i386 arch is currently broken, please wait for the next release before you upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 5 Makefile | 2 arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 5 arch/riscv/include/asm/futex.h | 2 arch/riscv/include/asm/kvm_host.h | 8 arch/riscv/kernel/signal.c | 6 arch/riscv/kvm/vcpu.c | 48 - arch/riscv/kvm/vcpu_sbi.c | 7 arch/riscv/kvm/vcpu_sbi_hsm.c | 45 - arch/riscv/kvm/vcpu_sbi_replace.c | 15 arch/x86/Kconfig | 26 arch/x86/events/core.c | 2 arch/x86/include/asm/apic.h | 5 arch/x86/include/asm/cpu.h | 20 arch/x86/include/asm/microcode.h | 16 arch/x86/kernel/apic/apic_flat_64.c | 2 arch/x86/kernel/apic/ipi.c | 8 arch/x86/kernel/apic/x2apic_cluster.c | 1 arch/x86/kernel/apic/x2apic_phys.c | 1 arch/x86/kernel/cpu/common.c | 12 arch/x86/kernel/cpu/cyrix.c | 4 arch/x86/kernel/cpu/microcode/amd.c | 636 +++++++++++----- arch/x86/kernel/cpu/microcode/amd_shas.c | 444 +++++++++++ arch/x86/kernel/cpu/microcode/core.c | 685 +++++++++++------- arch/x86/kernel/cpu/microcode/intel.c | 670 +++++------------ arch/x86/kernel/cpu/microcode/internal.h | 49 - arch/x86/kernel/head32.c | 3 arch/x86/kernel/head_32.S | 10 arch/x86/kernel/nmi.c | 9 arch/x86/kernel/smpboot.c | 12 drivers/firmware/cirrus/cs_dsp.c | 24 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 drivers/i2c/busses/i2c-ls2x.c | 16 drivers/i2c/busses/i2c-npcm7xx.c | 7 drivers/idle/intel_idle.c | 4 drivers/infiniband/core/sysfs.c | 4 drivers/infiniband/core/uverbs_std_types_device.c | 3 drivers/infiniband/core/verbs.c | 3 drivers/infiniband/hw/mana/main.c | 2 drivers/infiniband/hw/mlx5/ah.c | 3 drivers/infiniband/hw/mlx5/counters.c | 8 drivers/infiniband/hw/mlx5/qp.c | 10 drivers/infiniband/hw/mlx5/qp.h | 1 drivers/net/ethernet/cadence/macb.h | 2 drivers/net/ethernet/cadence/macb_main.c | 12 drivers/net/ethernet/freescale/enetc/enetc.c | 100 +- drivers/net/ethernet/google/gve/gve.h | 10 drivers/net/ethernet/google/gve/gve_main.c | 6 drivers/net/ethernet/intel/ice/ice.h | 1 drivers/net/ethernet/intel/ice/ice_common.c | 71 + drivers/net/ethernet/intel/ice/ice_devids.h | 10 drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 24 drivers/net/ethernet/intel/ice/ice_hw_autogen.h | 55 + drivers/net/ethernet/intel/ice/ice_lib.c | 3 drivers/net/ethernet/intel/ice/ice_main.c | 37 drivers/net/ethernet/intel/ice/ice_sriov.c | 4 drivers/net/ethernet/intel/ice/ice_type.h | 3 drivers/net/ethernet/intel/ice/ice_vf_lib.c | 34 drivers/net/ethernet/intel/ice/ice_vf_lib_private.h | 1 drivers/net/ethernet/intel/ice/ice_vf_mbx.c | 32 drivers/net/ethernet/intel/ice/ice_vf_mbx.h | 9 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 8 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 29 drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 drivers/net/ethernet/ti/icssg/icss_iep.c | 35 drivers/net/ipvlan/ipvlan_core.c | 24 drivers/net/loopback.c | 14 drivers/net/usb/gl620a.c | 4 drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 drivers/phy/tegra/xusb-tegra186.c | 11 drivers/platform/x86/intel/ifs/load.c | 8 drivers/scsi/scsi_lib.c | 14 drivers/ufs/core/ufs_bsg.c | 6 drivers/ufs/core/ufshcd-priv.h | 5 drivers/ufs/core/ufshcd.c | 122 ++- fs/afs/cell.c | 1 fs/afs/internal.h | 23 fs/afs/server.c | 1 fs/afs/server_list.c | 114 ++ fs/afs/vl_alias.c | 2 fs/afs/volume.c | 36 fs/overlayfs/copy_up.c | 2 include/asm-generic/vmlinux.lds.h | 2 include/linux/rcuref.h | 9 include/linux/sunrpc/sched.h | 17 include/net/dst.h | 9 include/net/ip.h | 5 include/net/route.h | 5 include/rdma/ib_verbs.h | 2 include/trace/events/icmp.h | 67 + include/trace/events/sunrpc.h | 3 include/uapi/rdma/ib_user_ioctl_verbs.h | 3 include/ufs/ufs.h | 13 include/ufs/ufshcd.h | 4 io_uring/net.c | 4 kernel/events/core.c | 31 kernel/events/uprobes.c | 5 kernel/sched/core.c | 2 kernel/trace/ftrace.c | 27 kernel/trace/trace_events_hist.c | 30 lib/rcuref.c | 5 net/bluetooth/l2cap_core.c | 9 net/bridge/br_netfilter_hooks.c | 8 net/core/gro.c | 1 net/core/skbuff.c | 2 net/core/sysctl_net_core.c | 3 net/ipv4/icmp.c | 24 net/ipv4/ip_options.c | 3 net/ipv4/tcp_minisocks.c | 10 net/ipv6/ip6_tunnel.c | 4 net/ipv6/rpl_iptunnel.c | 58 - net/ipv6/seg6_iptunnel.c | 97 +- net/mptcp/pm_netlink.c | 5 net/mptcp/subflow.c | 15 net/rxrpc/rxperf.c | 12 net/sunrpc/cache.c | 10 net/sunrpc/sched.c | 2 net/sunrpc/xprtsock.c | 10 sound/pci/hda/patch_realtek.c | 32 sound/soc/codecs/es8328.c | 15 sound/usb/midi.c | 2 sound/usb/quirks.c | 1 tools/testing/selftests/rseq/rseq-riscv-bits.h | 6 tools/testing/selftests/rseq/rseq-riscv.h | 2 tools/tracing/rtla/src/timerlat_hist.c | 2 tools/tracing/rtla/src/timerlat_top.c | 2 132 files changed, 2867 insertions(+), 1524 deletions(-) Adrien Vergé (1): ALSA: hda/realtek: Fix microphone regression on ASUS N705UD Andreas Schwab (1): riscv/futex: sign extend compare value in atomic cmpxchg Andrew Jones (3): riscv: KVM: Fix hart suspend status check riscv: KVM: Fix SBI IPI error generation riscv: KVM: Fix SBI TIME error generation Ard Biesheuvel (1): vmlinux.lds: Ensure that const vars with relocations are mapped R/O Arnd Bergmann (1): sunrpc: suppress warnings for unused procfs functions Arthur Simchaev (1): scsi: ufs: core: bsg: Fix crash when arpmb command fails Ashok Raj (1): x86/microcode/intel: Rip out mixed stepping support for Intel CPUs Avri Altman (2): scsi: ufs: core: Introduce ufshcd_has_pending_tasks() scsi: ufs: core: Prepare to introduce a new clock_gating lock BH Hsieh (1): phy: tegra: xusb: reset VBUS & ID OVERRIDE Bart Van Assche (2): scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() scsi: ufs: core: Start the RTC update work later Bean Huo (2): scsi: ufs: core: Add ufshcd_is_ufs_dev_busy() scsi: ufs: core: Add UFS RTC support Benjamin Coddington (1): SUNRPC: Handle -ETIMEDOUT return from tlshd Binbin Zhou (1): i2c: ls2x: Fix frequency division register access Borislav Petkov (1): x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID Borislav Petkov (AMD) (11): x86/microcode: Rework early revisions reporting x86/microcode/intel: Set new revision only after a successful update x86/microcode/AMD: Pay attention to the stepping dynamically x86/microcode/AMD: Split load_microcode_amd() x86/microcode/AMD: Flush patch buffer mapping after application x86/microcode/AMD: Have __apply_microcode_amd() return bool x86/microcode/AMD: Merge early_apply_microcode() into its single callsite x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration x86/microcode/AMD: Add get_patch_level() x86/microcode/AMD: Load only SHA256-checksummed patches x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive Breno Leitao (1): perf/core: Add RCU read lock protection to perf_iterate_ctx() Chang S. Bae (1): x86/microcode/intel: Remove unnecessary cache writeback and invalidation Chukun Pan (1): phy: rockchip: naneng-combphy: compatible reset with old DT David Howells (3): rxrpc: rxperf: Fix missing decoding of terminal magic cookie afs: Make it possible to find the volumes that are using a server afs: Fix the server_list to unuse a displaced server rather than putting it Diogo Ivo (1): net: ti: icss-iep: Remove spinlock-based synchronization Dmitry Panchenko (1): ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Eric Dumazet (1): ipvlan: ensure network headers are in skb linear part Greg Kroah-Hartman (1): Linux 6.6.81 Guillaume Nault (3): ipv4: Convert icmp_route_lookup() to dscp_t. ipv4: Convert ip_route_input() to dscp_t. ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Harshal Chaudhari (1): net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Ido Schimmel (4): net: loopback: Avoid sending IP packets without an Ethernet header ipv4: icmp: Pass full DS field to ip_route_input() ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup() ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound() Jiri Slaby (SUSE) (1): net: set the minimum for net_hotdata.netdev_budget_usecs Joshua Washington (1): gve: set xdp redirect target only when it is available Justin Iurman (5): include: net: add static inline dst_dev_overhead() to dst.h net: ipv6: seg6_iptunnel: mitigate 2-realloc issue net: ipv6: fix dst ref loop on input in seg6 lwt net: ipv6: rpl_iptunnel: mitigate 2-realloc issue net: ipv6: fix dst ref loop on input in rpl lwt Kan Liang (2): perf/x86: Fix low freqency setting issue perf/core: Fix low freq setting via IOC_PERIOD Kaustabh Chakraborty (1): phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk Konstantin Taranov (1): RDMA/mana_ib: Allocate PAGE aligned doorbell index Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Lukasz Czechowski (1): arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck Luo Gengkun (1): perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Manivannan Sadhasivam (1): scsi: ufs: core: Cancel RTC work during ufshcd_remove() Marcin Szycik (1): ice: Fix deinitializing VF in error path Mark Zhang (1): IB/mlx5: Set and get correct qp_num for a DCT QP Matthieu Baerts (NGI0) (1): mptcp: reset when MPTCP opts are dropped after join Meghana Malladi (1): net: ti: icss-iep: Reject perout generation request Mohammad Heib (1): net: Clear old fragment checksum value in napi_reuse_skb Nicolas Frattaroli (1): ASoC: es8328: fix route from DAC to output Nikita Zhandarovich (1): usbnet: gl620a: fix endpoint checking in genelink_bind() Nikolay Borisov (2): x86/microcode/AMD: Return bool from find_blobs_in_containers() x86/microcode/AMD: Make __verify_patch_size() return bool Nikolay Kuratov (1): ftrace: Avoid potential division by zero in function_stat_show() Or Har-Toov (1): IB/core: Add support for XDR link speed Paolo Abeni (1): mptcp: always handle address removal under msk socket lock Patrisious Haddad (2): RDMA/mlx5: Fix AH static rate parsing RDMA/mlx5: Fix bind QP error cleanup flow Paul Greenwalt (2): ice: Add E830 device IDs, MAC type and registers ice: add E830 HW VF mailbox message limit support Pavel Begunkov (1): io_uring/net: save msg_control for compat Peilin He (1): net/ipv4: add tracepoint for icmp_send Peter Wang (2): scsi: ufs: core: Fix deadlock during RTC update scsi: ufs: core: Fix another deadlock during RTC update Philo Lu (1): ipvs: Always clear ipvs_property flag in skb_scrub_packet() Richard Fitzgerald (1): firmware: cs_dsp: Remove async regmap writes Roman Li (1): drm/amd/display: Fix HPD after gpu reset Russell Senior (1): x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Sean Anderson (1): net: cadence: macb: Synchronize stats calculations Shay Drory (1): net/mlx5: IRQ, Fix null string in debug print Stafford Horne (1): rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm Stefan Binding (1): ALSA: hda/realtek: Add quirks for ASUS ROG 2023 models Stephen Brennan (1): SUNRPC: convert RPC_TASK_* constants to enum Steven Rostedt (1): tracing: Fix bad hist from corrupting named_triggers list Takashi Iwai (2): ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 Thomas Gleixner (34): rcuref: Plug slowpath race in rcuref_put() sched/core: Prevent rescheduling when interrupts are disabled intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly x86/microcode/32: Move early loading after paging enable x86/microcode/intel: Simplify scan_microcode() x86/microcode/intel: Simplify and rename generic_load_microcode() x86/microcode/intel: Cleanup code further x86/microcode/intel: Simplify early loading x86/microcode/intel: Save the microcode only after a successful late-load x86/microcode/intel: Switch to kvmalloc() x86/microcode/intel: Unify microcode apply() functions x86/microcode/intel: Rework intel_cpu_collect_info() x86/microcode/intel: Reuse intel_cpu_collect_info() x86/microcode/intel: Rework intel_find_matching_signature() x86/microcode: Remove pointless apply() invocation x86/microcode/amd: Use correct per CPU ucode_cpu_info x86/microcode/amd: Cache builtin microcode too x86/microcode/amd: Cache builtin/initrd microcode early x86/microcode/amd: Use cached microcode for AP load x86/microcode: Mop up early loading leftovers x86/microcode: Get rid of the schedule work indirection x86/microcode: Clean up mc_cpu_down_prep() x86/microcode: Handle "nosmt" correctly x86/microcode: Clarify the late load logic x86/microcode: Sanitize __wait_for_cpus() x86/microcode: Add per CPU result state x86/microcode: Add per CPU control field x86/microcode: Provide new control functions x86/microcode: Replace the all-in-one rendevous handler x86/microcode: Rendezvous and load in NMI x86/microcode: Protect against instrumentation x86/apic: Provide apic_force_nmi_on_cpu() x86/microcode: Handle "offline" CPUs correctly x86/microcode: Prepare for minimal revision check Tom Chung (1): drm/amd/display: Disable PSR-SU on eDP panels Tomas Glozar (4): Revert "rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads" Revert "rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads" rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tong Tiangen (1): uprobes: Reject the shared zeropage in uprobe_write_opcode() Trond Myklebust (1): SUNRPC: Prevent looping due to rpc_signal_task() races Tyrone Ting (1): i2c: npcm: disable interrupt enable bit before devm_request_irq Vasiliy Kovalev (1): ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Wang Hai (1): tcp: Defer ts_recent changes until req is owned Wei Fang (5): net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() net: enetc: update UDP checksum when updating originTimestamp field net: enetc: correct the xdp_tx statistics net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Ye Bin (1): scsi: core: Clear driver private data when retrying request Yong-Xuan Wang (2): RISCV: KVM: Introduce mp_state_lock to avoid lock inversion riscv: signal: fix signal frame size chr[] (1): amdgpu/pm/legacy: fix suspend/resume issues

3 months, 1 week

1
1
0 0

Linux 6.1.130

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.130 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/core-api/pin_user_pages.rst | 6 Documentation/networking/strparser.rst | 9 Makefile | 2 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 arch/arm64/boot/dts/qcom/sm8450.dtsi | 4 arch/arm64/include/asm/mman.h | 9 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/ptrace.c | 7 arch/powerpc/include/asm/book3s/64/hash-4k.h | 28 + arch/powerpc/include/asm/book3s/64/pgtable.h | 26 - arch/powerpc/lib/code-patching.c | 2 arch/riscv/include/asm/futex.h | 2 arch/x86/Kconfig | 3 arch/x86/events/core.c | 2 arch/x86/kernel/cpu/bugs.c | 20 - arch/x86/kernel/cpu/cyrix.c | 4 block/bfq-cgroup.c | 95 ++-- block/bfq-iosched.c | 191 ++++++---- block/bfq-iosched.h | 51 ++ drivers/bluetooth/btqca.c | 110 ++++- drivers/char/tpm/eventlog/acpi.c | 16 drivers/char/tpm/eventlog/efi.c | 13 drivers/char/tpm/eventlog/of.c | 3 drivers/char/tpm/tpm-chip.c | 1 drivers/clk/mediatek/clk-mt2701-bdp.c | 1 drivers/clk/mediatek/clk-mt2701-img.c | 1 drivers/clk/mediatek/clk-mt2701-vdec.c | 1 drivers/clk/mediatek/clk-mtk.c | 16 drivers/clk/mediatek/clk-mtk.h | 19 drivers/edac/qcom_edac.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 - drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 + drivers/gpu/drm/i915/display/intel_display.c | 18 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.c | 3 drivers/gpu/drm/nouveau/nouveau_svm.c | 9 drivers/gpu/drm/rcar-du/rcar_mipi_dsi.c | 2 drivers/gpu/drm/rcar-du/rcar_mipi_dsi_regs.h | 1 drivers/gpu/drm/tidss/tidss_dispc.c | 22 + drivers/gpu/drm/tidss/tidss_irq.c | 2 drivers/i2c/busses/i2c-npcm7xx.c | 7 drivers/idle/intel_idle.c | 4 drivers/infiniband/hw/mlx5/counters.c | 8 drivers/infiniband/hw/mlx5/qp.c | 4 drivers/md/md-bitmap.c | 34 - drivers/md/md-bitmap.h | 9 drivers/md/md-cluster.c | 34 + drivers/md/md.c | 33 + drivers/media/cec/platform/stm32/stm32-cec.c | 9 drivers/media/i2c/ad5820.c | 18 drivers/media/i2c/imx274.c | 5 drivers/media/i2c/tc358743.c | 9 drivers/media/platform/mediatek/mdp/mtk_mdp_comp.c | 5 drivers/media/platform/mediatek/vcodec/mtk_vcodec_fw_scp.c | 2 drivers/media/platform/mediatek/vcodec/vdec/vdec_h264_req_multi_if.c | 9 drivers/media/platform/samsung/exynos4-is/media-dev.c | 4 drivers/media/platform/st/stm32/stm32-dcmi.c | 27 - drivers/media/platform/ti/omap3isp/isp.c | 3 drivers/media/platform/xilinx/xilinx-csi2rxss.c | 8 drivers/media/rc/gpio-ir-recv.c | 10 drivers/media/rc/gpio-ir-tx.c | 9 drivers/media/rc/ir-rx51.c | 9 drivers/media/usb/uvc/uvc_ctrl.c | 99 ++++- drivers/media/usb/uvc/uvc_driver.c | 35 + drivers/media/usb/uvc/uvc_v4l2.c | 2 drivers/media/usb/uvc/uvcvideo.h | 10 drivers/mtd/nand/raw/cadence-nand-controller.c | 42 +- drivers/net/ethernet/cadence/macb.h | 2 drivers/net/ethernet/cadence/macb_main.c | 12 drivers/net/ethernet/freescale/enetc/enetc.c | 100 +++-- drivers/net/ethernet/ibm/ibmvnic.c | 85 +++- drivers/net/ethernet/ibm/ibmvnic.h | 3 drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 drivers/net/ethernet/netronome/nfp/bpf/cmsg.c | 2 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 1 drivers/net/geneve.c | 16 drivers/net/gtp.c | 5 drivers/net/ipvlan/ipvlan_core.c | 24 - drivers/net/loopback.c | 14 drivers/net/usb/gl620a.c | 4 drivers/nvme/host/ioctl.c | 3 drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 drivers/phy/tegra/xusb-tegra186.c | 11 drivers/power/supply/da9150-fg.c | 4 drivers/scsi/scsi_lib.c | 22 - drivers/scsi/sd.c | 4 drivers/soc/mediatek/mtk-devapc.c | 36 - drivers/spi/atmel-quadspi.c | 172 ++++++--- drivers/tee/optee/supp.c | 35 - drivers/usb/gadget/function/f_midi.c | 2 drivers/usb/gadget/udc/core.c | 11 fs/afs/cell.c | 1 fs/afs/internal.h | 23 - fs/afs/server.c | 1 fs/afs/server_list.c | 114 +++++ fs/afs/vl_alias.c | 2 fs/afs/volume.c | 40 +- fs/overlayfs/copy_up.c | 2 fs/smb/client/smb2ops.c | 4 fs/squashfs/inode.c | 5 include/asm-generic/vmlinux.lds.h | 2 include/linux/mm.h | 26 + include/linux/netdevice.h | 2 include/linux/ptrace.h | 4 include/linux/skmsg.h | 2 include/linux/sunrpc/sched.h | 17 include/net/dst.h | 9 include/net/ip.h | 5 include/net/netfilter/nf_conntrack_expect.h | 2 include/net/route.h | 5 include/net/strparser.h | 2 include/net/tcp.h | 22 + include/trace/events/icmp.h | 67 +++ include/trace/events/oom.h | 36 + include/trace/events/sunrpc.h | 3 io_uring/net.c | 4 kernel/acct.c | 134 ++++--- kernel/bpf/syscall.c | 18 kernel/events/core.c | 17 kernel/events/uprobes.c | 5 kernel/sched/core.c | 2 kernel/trace/ftrace.c | 30 - kernel/trace/trace_events_hist.c | 30 - kernel/trace/trace_functions.c | 6 mm/gup.c | 31 + mm/madvise.c | 11 mm/memcontrol.c | 7 mm/memory.c | 4 mm/oom_kill.c | 14 net/bluetooth/l2cap_core.c | 9 net/bpf/test_run.c | 5 net/bridge/br_netfilter_hooks.c | 8 net/core/dev.c | 37 + net/core/drop_monitor.c | 29 - net/core/flow_dissector.c | 49 +- net/core/gro.c | 1 net/core/skbuff.c | 2 net/core/skmsg.c | 7 net/core/sysctl_net_core.c | 3 net/ipv4/arp.c | 2 net/ipv4/icmp.c | 24 - net/ipv4/ip_options.c | 3 net/ipv4/tcp.c | 29 + net/ipv4/tcp_bpf.c | 36 + net/ipv4/tcp_fastopen.c | 4 net/ipv4/tcp_input.c | 8 net/ipv4/tcp_ipv4.c | 2 net/ipv4/tcp_minisocks.c | 10 net/ipv6/ip6_tunnel.c | 4 net/ipv6/rpl_iptunnel.c | 58 +-- net/ipv6/seg6_iptunnel.c | 97 +++-- net/mptcp/pm_netlink.c | 5 net/mptcp/subflow.c | 15 net/netfilter/nf_conntrack_core.c | 2 net/netfilter/nf_conntrack_expect.c | 4 net/netfilter/nft_ct.c | 2 net/sched/sch_fifo.c | 3 net/strparser/strparser.c | 11 net/sunrpc/cache.c | 10 net/sunrpc/sched.c | 2 sound/pci/hda/hda_codec.c | 4 sound/pci/hda/patch_conexant.c | 1 sound/pci/hda/patch_cs8409-tables.c | 6 sound/pci/hda/patch_cs8409.c | 20 - sound/pci/hda/patch_cs8409.h | 5 sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/es8328.c | 15 sound/soc/fsl/fsl_micfil.c | 2 sound/soc/rockchip/rockchip_i2s_tdm.c | 4 sound/soc/sh/rz-ssi.c | 2 sound/usb/midi.c | 2 sound/usb/quirks.c | 1 179 files changed, 2149 insertions(+), 944 deletions(-) Alexander Dahl (2): spi: atmel-quadspi: Avoid overwriting delay register settings spi: atmel-quadspi: Fix wrong register value written to MR Andreas Schwab (1): riscv/futex: sign extend compare value in atomic cmpxchg Andrey Vatoropin (1): power: supply: da9150-fg: fix potential overflow AngeloGioacchino Del Regno (2): clk: mediatek: clk-mtk: Add dummy clock ops soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled() Ard Biesheuvel (1): vmlinux.lds: Ensure that const vars with relocations are mapped R/O Arnd Bergmann (1): sunrpc: suppress warnings for unused procfs functions BH Hsieh (1): phy: tegra: xusb: reset VBUS & ID OVERRIDE Bence Csókás (1): spi: atmel-qspi: Memory barriers after memory-mapped I/O Breno Leitao (2): net: Add non-RCU dev_getbyhwaddr() helper arp: switch to dev_getbyhwaddr() in arp_req_set_public() Caleb Sander Mateos (1): nvme/ioctl: add missing space in err message Carlos Galo (1): mm: update mark_victim tracepoints fields Catalin Marinas (1): arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings Chen Ridong (1): memcg: fix soft lockup in the OOM process Chen-Yu Tsai (1): arm64: dts: mediatek: mt8183: Disable DSI display output by default Cheng Jiang (1): Bluetooth: qca: Update firmware-name to support board specific nvm Christian Brauner (2): acct: perform last write from workqueue acct: block access to kernel internal filesystems Christophe Leroy (2): powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Chukun Pan (1): phy: rockchip: naneng-combphy: compatible reset with old DT Colin Ian King (1): afs: remove variable nr_servers Cong Wang (2): flow_dissector: Fix handling of mixed port and port-range keys flow_dissector: Fix port range key handling in BPF conversion Csókás, Bence (1): spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families Dan Carpenter (1): ASoC: renesas: rz-ssi: Add a check for negative sample_space Daniel Golle (3): clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe clk: mediatek: mt2701-bdp: add missing dummy clk clk: mediatek: mt2701-img: add missing dummy clk David Hildenbrand (1): nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() David Howells (3): afs: Make it possible to find the volumes that are using a server afs: Fix the server_list to unuse a displaced server rather than putting it mm: Don't pin ZERO_PAGE in pin_user_pages() Devarsh Thakkar (1): drm/tidss: Fix race condition while handling interrupt registers Dmitry Panchenko (1): ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Douglas Gilbert (1): scsi: core: Handle depopulation and restoration in progress Eddie James (1): tpm: Use managed allocation for bios event log Eric Dumazet (1): ipvlan: ensure network headers are in skb linear part Fullway Wang (1): media: mtk-vcodec: potential null pointer deference in SCP Gavrilov Ilia (1): drop_monitor: fix incorrect initialization order Greg Kroah-Hartman (1): Linux 6.1.130 Guillaume Nault (3): ipv4: Convert icmp_route_lookup() to dscp_t. ipv4: Convert ip_route_input() to dscp_t. ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Haoxiang Li (2): nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() smb: client: Add check for next_buffer in receive_encrypted_standard() Harshal Chaudhari (1): net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Ido Schimmel (4): net: loopback: Avoid sending IP packets without an Ethernet header ipv4: icmp: Pass full DS field to ip_route_input() ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup() ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound() Igor Pylypiv (1): scsi: core: Do not retry I/Os during depopulation Jarkko Sakkinen (1): tpm: Change to kvalloc() in eventlog/acpi.c Jessica Zhang (1): drm/msm/dpu: Disable dither in phys encoder cleanup Jiaxun Yang (2): ptrace: Introduce exception_ip arch hook mm/memory: Use exception ip to search exception tables Jiayuan Chen (2): strparser: Add read_sock callback bpf: Fix wrong copied_seq calculation Jill Donahue (1): USB: gadget: f_midi: f_midi_complete to call queue_work Jiri Slaby (SUSE) (1): net: set the minimum for net_hotdata.netdev_budget_usecs John Keeping (1): ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] John Veness (1): ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED Justin Iurman (5): include: net: add static inline dst_dev_overhead() to dst.h net: ipv6: seg6_iptunnel: mitigate 2-realloc issue net: ipv6: fix dst ref loop on input in seg6 lwt net: ipv6: rpl_iptunnel: mitigate 2-realloc issue net: ipv6: fix dst ref loop on input in rpl lwt Kailang Yang (1): ALSA: hda/realtek: Fixup ALC225 depop procedure Kan Liang (2): perf/x86: Fix low freqency setting issue perf/core: Fix low freq setting via IOC_PERIOD Kaustabh Chakraborty (1): phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk Komal Bajaj (1): EDAC/qcom: Correct interrupt enable register configuration Krzysztof Kozlowski (4): arm64: dts: qcom: trim addresses to 8 digits arm64: dts: qcom: sm8450: Fix CDSP memory length soc: mediatek: mtk-devapc: Fix leaking IO map on error paths soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove Kuniyuki Iwashima (3): geneve: Fix use-after-free in geneve_find_dev(). gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). geneve: Suppress list corruption splat in geneve_destroy_tunnels(). Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Marijn Suijten (1): drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields Mark Zhang (1): IB/mlx5: Set and get correct qp_num for a DCT QP Matthieu Baerts (NGI0) (1): mptcp: reset when MPTCP opts are dropped after join Michael Ellerman (1): powerpc/64s/mm: Move __real_pte stubs into hash-4k.h Mohammad Heib (1): net: Clear old fragment checksum value in napi_reuse_skb Nick Child (4): ibmvnic: Return error code on TX scrq flush fail ibmvnic: Introduce send sub-crq direct ibmvnic: Add stat for tx direct vs tx batched ibmvnic: Don't reference skb after sending to VIOS Nick Hu (1): net: axienet: Set mac_managed_pm Nicolas Frattaroli (1): ASoC: es8328: fix route from DAC to output Nikita Zhandarovich (2): ASoC: fsl_micfil: Enable default case in micfil_set_quality() usbnet: gl620a: fix endpoint checking in genelink_bind() Nikolay Kuratov (1): ftrace: Avoid potential division by zero in function_stat_show() Niravkumar L Rabara (3): mtd: rawnand: cadence: fix error code in cadence_nand_init() mtd: rawnand: cadence: use dma_map_resource for sdma address mtd: rawnand: cadence: fix incorrect device in dma_unmap_single Paolo Abeni (1): mptcp: always handle address removal under msk socket lock Paolo Valente (1): block, bfq: split sync bfq_queues on a per-actuator basis Patrick Bellasi (1): x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit Patrisious Haddad (1): RDMA/mlx5: Fix bind QP error cleanup flow Pavel Begunkov (1): io_uring/net: save msg_control for compat Peilin He (1): net/ipv4: add tracepoint for icmp_send Phillip Lougher (1): Squashfs: check the inode number is not the invalid value of zero Philo Lu (1): ipvs: Always clear ipvs_property flag in skb_scrub_packet() Quang Le (1): pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Ricardo Cañuelo Navarro (1): mm,madvise,hugetlb: check for 0-length range after end address adjustment Ricardo Ribalda (4): media: uvcvideo: Fix crash during unbind if gpio unit is in use media: uvcvideo: Refactor iterators media: uvcvideo: Only save async fh if success media: uvcvideo: Remove dangling pointers Roman Li (1): drm/amd/display: Fix HPD after gpu reset Roy Luo (2): USB: gadget: core: create sysfs link between udc and gadget usb: gadget: core: flush gadget workqueue after device removal Russell Senior (1): x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Sabrina Dubroca (1): tcp: drop secpath at the same time as we currently drop dst Sean Anderson (1): net: cadence: macb: Synchronize stats calculations Sebastian Andrzej Siewior (1): ftrace: Correct preemption accounting for function tracing. Shay Drory (1): net/mlx5: IRQ, Fix null string in debug print Shigeru Yoshida (1): bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() Sohaib Nadeem (1): drm/amd/display: fixed integer types and null check locations Stephen Brennan (1): SUNRPC: convert RPC_TASK_* constants to enum Steven Rostedt (2): ftrace: Do not add duplicate entries in subops manager ops tracing: Fix bad hist from corrupting named_triggers list Sumit Garg (1): tee: optee: Fix supplicant wait loop Takashi Iwai (1): ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Thomas Gleixner (2): sched/core: Prevent rescheduling when interrupts are disabled intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly Tom Chung (1): drm/amd/display: Disable PSR-SU on eDP panels Tomi Valkeinen (2): drm/tidss: Add simple K2G manual reset drm/rcar-du: dsi: Fix PHY lock bit check Tong Tiangen (1): uprobes: Reject the shared zeropage in uprobe_write_opcode() Trond Myklebust (1): SUNRPC: Prevent looping due to rpc_signal_task() races Tudor Ambarus (1): spi: atmel-quadspi: Add support for configuring CS timing Tyrone Ting (1): i2c: npcm: disable interrupt enable bit before devm_request_irq Uwe Kleine-König (1): soc/mediatek: mtk-devapc: Convert to platform remove callback returning void Vasiliy Kovalev (1): ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Ville Syrjälä (1): drm/i915: Make sure all planes in use by the joiner have their crtc included Vitaly Rodionov (1): ALSA: hda/cirrus: Correct the full scale volume set logic Wang Hai (1): tcp: Defer ts_recent changes until req is owned Wei Fang (5): net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() net: enetc: update UDP checksum when updating originTimestamp field net: enetc: correct the xdp_tx statistics net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wentao Liang (1): ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() Xin Long (1): netfilter: allow exp not to be removed in nf_ct_find_expectation Yan Zhai (1): bpf: skip non exist keys in generic_map_lookup_batch Yang Yingliang (2): spi: atmel-quadspi: switch to use modern name media: Switch to use dev_err_probe() helper Ye Bin (1): scsi: core: Clear driver private data when retrying request Yu Kuai (5): md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() md/md-cluster: fix spares warnings for __le64 md/md-bitmap: add 'sync_size' into struct md_bitmap_stats md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime block, bfq: fix bfqq uaf in bfq_limit_depth() Yunfei Dong (1): media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Zijun Hu (2): Bluetooth: qca: Support downloading board id specific NVM for WCN7850 Bluetooth: qca: Fix poor RF performance for WCN6855 chr[] (1): amdgpu/pm/legacy: fix suspend/resume issues

3 months, 1 week

1
1
0 0

[PATCH v2] tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN

by Günther Noack

With this, processes without CAP_SYS_ADMIN are able to use TIOCLINUX with subcode TIOCL_SETSEL, in the selection modes TIOCL_SETPOINTER, TIOCL_SELCLEAR and TIOCL_SELMOUSEREPORT. TIOCL_SETSEL was previously changed to require CAP_SYS_ADMIN, as this IOCTL let callers change the selection buffer and could be used to simulate keypresses. These three TIOCL_SETSEL selection modes, however, are safe to use, as they do not modify the selection buffer. This fixes a mouse support regression that affected Emacs (invisible mouse cursor). Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/ee3ec63269b43b34e1c90dd8c9743bf8@finder.org Fixes: 8d1b43f6a6df ("tty: Restrict access to TIOCLINUX' copy-and-paste subcommands") Signed-off-by: Günther Noack <gnoack(a)google.com> --- Changes in V2: * Removed comment in vt.c (per Greg's suggestion) * CC'd stable@ * I *kept* the CAP_SYS_ADMIN check *after* copy_from_user(), with the reasoning that: 1. I do not see a good alternative to reorder the code here. We need the data from copy_from_user() in order to know whether the CAP_SYS_ADMIN check even needs to be performed. 2. A previous get_user() from an adjacent memory region already worked (making this a very unlikely failure) I would still appreciate a more formal Tested-by from Hanno (hint, hint) :) --- drivers/tty/vt/selection.c | 14 ++++++++++++++ drivers/tty/vt/vt.c | 2 -- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c index 564341f1a74f..0bd6544e30a6 100644 --- a/drivers/tty/vt/selection.c +++ b/drivers/tty/vt/selection.c @@ -192,6 +192,20 @@ int set_selection_user(const struct tiocl_selection __user *sel, if (copy_from_user(&v, sel, sizeof(*sel))) return -EFAULT; + /* + * TIOCL_SELCLEAR, TIOCL_SELPOINTER and TIOCL_SELMOUSEREPORT are OK to + * use without CAP_SYS_ADMIN as they do not modify the selection. + */ + switch (v.sel_mode) { + case TIOCL_SELCLEAR: + case TIOCL_SELPOINTER: + case TIOCL_SELMOUSEREPORT: + break; + default: + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + } + return set_selection_kernel(&v, tty); } diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index 96842ce817af..be5564ed8c01 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -3345,8 +3345,6 @@ int tioclinux(struct tty_struct *tty, unsigned long arg) switch (type) { case TIOCL_SETSEL: - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; return set_selection_user(param, tty); case TIOCL_PASTESEL: if (!capable(CAP_SYS_ADMIN)) -- 2.47.1.613.gc27f4b7a9f-goog

3 months, 1 week

6
13
0 0

let me know

by Martyn Beasley.

Hi there! Good morning, I am in need of your assistance in procuring materials for production in Asia. Can you please respond? Martyn -- Notice of Non-Discrimination: The school district of Labette County USD 506 does not discriminate on the basis of race, color, ethnicity, national origin, sex/gender (to include orientation, identity or expression), age, disability, genetic information or any other basis prohibited by law. The following person has been designated to handle inquiries or complaints regarding nondiscrimination policies, including requests for accommodations or access to district buildings and programs. Complaints in regard to Discrimination: Discrimination against any student or employees on the basis of race, color, ethnicity, national origin, sex/gender (to include orientation, identity or expression), age, disability, genetic information or any other basis prohibited by law. The superintendent of Schools, PO Box 189, Altamont, Kansas 67330-0188, 620-784-5326, has been designated to coordinate compliance with nondiscrimination requirements contained in Title VI of the Civil Rights Act of 1964, Title IX of the Education Amendments of 1972, Section 504 of the Rehabilitation Act of 1973, Age Discrimination Act of 1975, and Americans with Disability Act of 1990. Superintendent of Schools, 401 S. High School Street, PO Box 189, Altamont, KS 67330, 620-724-6280 (telecommunications device for the deaf), 620-328-3121 (speech impaired). jwyrick(a)usd506.org <mailto:jwyrick@usd506.org>

3 months, 1 week

1
0
0 0

[PATCH net v2 1/2] net: phy: nxp-c45-tja11xx: add TJA112X PHY configuration errata

by Andrei Botila

The most recent sillicon versions of TJA1120 and TJA1121 can achieve full silicon performance by putting the PHY in managed mode. It is necessary to apply these PHY writes before link gets established. Application of this fix is required after restart of device and wakeup from sleep. Cc: stable(a)vger.kernel.org Fixes: f1fe5dff2b8a ("net: phy: nxp-c45-tja11xx: add TJA1120 support") Signed-off-by: Andrei Botila <andrei.botila(a)oss.nxp.com> --- drivers/net/phy/nxp-c45-tja11xx.c | 52 +++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/drivers/net/phy/nxp-c45-tja11xx.c b/drivers/net/phy/nxp-c45-tja11xx.c index 34231b5b9175..709d6c9f7cba 100644 --- a/drivers/net/phy/nxp-c45-tja11xx.c +++ b/drivers/net/phy/nxp-c45-tja11xx.c @@ -22,6 +22,11 @@ #define PHY_ID_TJA_1103 0x001BB010 #define PHY_ID_TJA_1120 0x001BB031 +#define VEND1_DEVICE_ID3 0x0004 +#define TJA1120_DEV_ID3_SILICON_VERSION GENMASK(15, 12) +#define TJA1120_DEV_ID3_SAMPLE_TYPE GENMASK(11, 8) +#define DEVICE_ID3_SAMPLE_TYPE_R 0x9 + #define VEND1_DEVICE_CONTROL 0x0040 #define DEVICE_CONTROL_RESET BIT(15) #define DEVICE_CONTROL_CONFIG_GLOBAL_EN BIT(14) @@ -1593,6 +1598,50 @@ static int nxp_c45_set_phy_mode(struct phy_device *phydev) return 0; } +/* Errata: ES_TJA1120 and ES_TJA1121 Rev. 1.0 — 28 November 2024 Section 3.1 */ +static void nxp_c45_tja1120_errata(struct phy_device *phydev) +{ + int silicon_version, sample_type; + bool macsec_ability; + int phy_abilities; + int ret = 0; + + ret = phy_read_mmd(phydev, MDIO_MMD_VEND1, VEND1_DEVICE_ID3); + if (ret < 0) + return; + + sample_type = FIELD_GET(TJA1120_DEV_ID3_SAMPLE_TYPE, ret); + if (sample_type != DEVICE_ID3_SAMPLE_TYPE_R) + return; + + silicon_version = FIELD_GET(TJA1120_DEV_ID3_SILICON_VERSION, ret); + + phy_abilities = phy_read_mmd(phydev, MDIO_MMD_VEND1, + VEND1_PORT_ABILITIES); + macsec_ability = !!(phy_abilities & MACSEC_ABILITY); + if ((!macsec_ability && silicon_version == 2) || + (macsec_ability && silicon_version == 1)) { + /* TJA1120/TJA1121 PHY configuration errata workaround. + * Apply PHY writes sequence before link up. + */ + if (!macsec_ability) { + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F8, 0x4b95); + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F9, 0xf3cd); + } else { + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F8, 0x89c7); + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F9, 0x0893); + } + + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x0476, 0x58a0); + + phy_write_mmd(phydev, MDIO_MMD_PMAPMD, 0x8921, 0xa3a); + phy_write_mmd(phydev, MDIO_MMD_PMAPMD, 0x89F1, 0x16c1); + + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F8, 0x0); + phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F9, 0x0); + } +} + static int nxp_c45_config_init(struct phy_device *phydev) { int ret; @@ -1609,6 +1658,9 @@ static int nxp_c45_config_init(struct phy_device *phydev) phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F8, 1); phy_write_mmd(phydev, MDIO_MMD_VEND1, 0x01F9, 2); + if (phy_id_compare(phydev->phy_id, PHY_ID_TJA_1120, GENMASK(31, 4))) + nxp_c45_tja1120_errata(phydev); + phy_set_bits_mmd(phydev, MDIO_MMD_VEND1, VEND1_PHY_CONFIG, PHY_CONFIG_AUTO); -- 2.48.1

3 months, 1 week

4
4
0 0

[PATCH] x86/boot: Sanitize boot params before parsing command line

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> The 5-level paging code parses the command line to look for the 'no5lvl' string, and does so very early, before sanitize_boot_params() has been called and has been given the opportunity to wipe bogus data from the fields in boot_params that are not covered by struct setup_header, and are therefore supposed to be initialized to zero by the bootloader. This triggers an early boot crash when using syslinux-efi to boot a recent kernel built with CONFIG_X86_5LEVEL=y and CONFIG_EFI_STUB=n, as the 0xff padding that now fills the unused PE/COFF header is copied into boot_params by the bootloader, and interpreted as the top half of the command line pointer. Fix this by sanitizing the boot_params before use. Note that there is no harm in calling this more than once; subsequent invocations are able to spot that the boot_params have already been cleaned up. Cc: <stable(a)vger.kernel.org> # v6.1+ Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Ulrich Gemkow <ulrich.gemkow(a)ikr.uni-stuttgart.de> Closes: https://lore.kernel.org/all/202503041549.35913.ulrich.gemkow@ikr.uni-stuttg… Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- arch/x86/boot/compressed/pgtable_64.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/boot/compressed/pgtable_64.c b/arch/x86/boot/compressed/pgtable_64.c index c882e1f67af0..d8c5de40669d 100644 --- a/arch/x86/boot/compressed/pgtable_64.c +++ b/arch/x86/boot/compressed/pgtable_64.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 #include "misc.h" #include <asm/bootparam.h> +#include <asm/bootparam_utils.h> #include <asm/e820/types.h> #include <asm/processor.h> #include "pgtable.h" @@ -107,6 +108,7 @@ asmlinkage void configure_5level_paging(struct boot_params *bp, void *pgtable) bool l5_required = false; /* Initialize boot_params. Required for cmdline_find_option_bool(). */ + sanitize_boot_params(bp); boot_params_ptr = bp; /* -- 2.48.1.711.g2feabab25a-goog

3 months, 1 week

3
2
0 0

[PATCH v2] arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks

by Siddharth Vadapalli

Commit under Fixes added the 'idle-states' property for SERDES4 lane muxes without defining the corresponding register offsets and masks for it in the 'mux-reg-masks' property within the 'serdes_ln_ctrl' node. Fix this. Fixes: 7287d423f138 ("arm64: dts: ti: k3-j784s4-main: Add system controller and SERDES lane mux") Cc: stable(a)vger.kernel.org Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> --- Patch is based on commit 76544811c850 Merge tag 'drm-fixes-2025-02-28' of https://gitlab.freedesktop.org/drm/kernel of the master branch of Mainline Linux. v1: https://patchwork.kernel.org/project/linux-arm-kernel/patch/20250227061643.… Changes since v1: - Updated offsets to begin from 0x40 instead of 0x30. This is because SERDES3 is not present in J784S4. Regards, Siddharth. arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi b/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi index 83bbf94b58d1..51cb8f3fd1c8 100644 --- a/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi +++ b/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi @@ -84,7 +84,9 @@ serdes_ln_ctrl: mux-controller@4080 { <0x10 0x3>, <0x14 0x3>, /* SERDES1 lane0/1 select */ <0x18 0x3>, <0x1c 0x3>, /* SERDES1 lane2/3 select */ <0x20 0x3>, <0x24 0x3>, /* SERDES2 lane0/1 select */ - <0x28 0x3>, <0x2c 0x3>; /* SERDES2 lane2/3 select */ + <0x28 0x3>, <0x2c 0x3>, /* SERDES2 lane2/3 select */ + <0x40 0x3>, <0x44 0x3>, /* SERDES4 lane0/1 select */ + <0x48 0x3>, <0x4c 0x3>; /* SERDES4 lane2/3 select */ idle-states = <J784S4_SERDES0_LANE0_PCIE1_LANE0>, <J784S4_SERDES0_LANE1_PCIE1_LANE1>, <J784S4_SERDES0_LANE2_IP3_UNUSED>, -- 2.34.1

3 months, 1 week

2
1
0 0

Reply Request For INTEC 2025

by Davin Roos

Hi, Quick follow up to check if you had a chance to review my previous email? I would appreciate a response from you. Regards, Davin _________________________________________________________________________________________ From: Davin Roos Subject: INTEC 2025 Hi, We are offering the visitors contact list The Intec International Trade Fair for Machine Tools, Manufacturing and Automation (INTEC 2025) We currently have 17,207+ verified visitor contacts. Each contact contains: Contact name, Job Title, Business Name, Physical Address, Phone Numbers, Official Email address and many more… Let me know if you are Interested so that I can share the Pricing for the same. Additionally, we can also provide the Exhibitors list upon request. Kind Regards, Davin Roos Sr. Demand Generation If you do not wish to receive this newsletter reply as “Unfollow”

3 months, 1 week

1
0
0 0

Embedded World Exhibition 2025 Visitor's Contact List

by Frances Gross

Hi, We are offering the visitors contact list of Embedded World Exhibition & Conference 2025. We currently have 36,668 verified visitor contacts. Each contact contains: Contact Name, Job Title, Business Name, Physical Address, Phone Number, Official Email address, and many more. Let me know your interest so that I can share the pricing accordingly. Kind Regards, Frances Gross - Sr. Marketing Manager If you do not wish to receive this newsletter reply as "Not interested"

3 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm: hugetlb: Add huge page size param to" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 02410ac72ac3707936c07ede66e94360d0d65319 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030436-idealize-unsaddle-3c68@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 02410ac72ac3707936c07ede66e94360d0d65319 Mon Sep 17 00:00:00 2001 From: Ryan Roberts <ryan.roberts(a)arm.com> Date: Wed, 26 Feb 2025 12:06:51 +0000 Subject: [PATCH] mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() In order to fix a bug, arm64 needs to be told the size of the huge page for which the huge_pte is being cleared in huge_ptep_get_and_clear(). Provide for this by adding an `unsigned long sz` parameter to the function. This follows the same pattern as huge_pte_clear() and set_huge_pte_at(). This commit makes the required interface modifications to the core mm as well as all arches that implement this function (arm64, loongarch, mips, parisc, powerpc, riscv, s390, sparc). The actual arm64 bug will be fixed in a separate commit. Cc: stable(a)vger.kernel.org Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit") Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> # riscv Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: Alexander Gordeev <agordeev(a)linux.ibm.com> # s390 Link: https://lore.kernel.org/r/20250226120656.2400136-2-ryan.roberts@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h index c6dff3e69539..03db9cb21ace 100644 --- a/arch/arm64/include/asm/hugetlb.h +++ b/arch/arm64/include/asm/hugetlb.h @@ -42,8 +42,8 @@ extern int huge_ptep_set_access_flags(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, pte_t pte, int dirty); #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); +extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_SET_WRPROTECT extern void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep); diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c index 98a2a0e64e25..06db4649af91 100644 --- a/arch/arm64/mm/hugetlbpage.c +++ b/arch/arm64/mm/hugetlbpage.c @@ -396,8 +396,8 @@ void huge_pte_clear(struct mm_struct *mm, unsigned long addr, __pte_clear(mm, addr, ptep); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz) { int ncontig; size_t pgsize; @@ -549,6 +549,8 @@ bool __init arch_hugetlb_valid_size(unsigned long size) pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { + unsigned long psize = huge_page_size(hstate_vma(vma)); + if (alternative_has_cap_unlikely(ARM64_WORKAROUND_2645198)) { /* * Break-before-make (BBM) is required for all user space mappings @@ -558,7 +560,7 @@ pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr if (pte_user_exec(__ptep_get(ptep))) return huge_ptep_clear_flush(vma, addr, ptep); } - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } void huge_ptep_modify_prot_commit(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, diff --git a/arch/loongarch/include/asm/hugetlb.h b/arch/loongarch/include/asm/hugetlb.h index c8e4057734d0..4dc4b3e04225 100644 --- a/arch/loongarch/include/asm/hugetlb.h +++ b/arch/loongarch/include/asm/hugetlb.h @@ -36,7 +36,8 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = ptep_get(ptep); @@ -51,8 +52,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/mips/include/asm/hugetlb.h b/arch/mips/include/asm/hugetlb.h index d0a86ce83de9..fbc71ddcf0f6 100644 --- a/arch/mips/include/asm/hugetlb.h +++ b/arch/mips/include/asm/hugetlb.h @@ -27,7 +27,8 @@ static inline int prepare_hugepage_range(struct file *file, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = *ptep; @@ -42,13 +43,14 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); /* * clear the huge pte entry firstly, so that the other smp threads will * not get old pte entry after finishing flush_tlb_page and before * setting new huge pte entry */ - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/parisc/include/asm/hugetlb.h b/arch/parisc/include/asm/hugetlb.h index 5b3a5429f71b..21e9ace17739 100644 --- a/arch/parisc/include/asm/hugetlb.h +++ b/arch/parisc/include/asm/hugetlb.h @@ -10,7 +10,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c index e9d18cf25b79..a94fe546d434 100644 --- a/arch/parisc/mm/hugetlbpage.c +++ b/arch/parisc/mm/hugetlbpage.c @@ -126,7 +126,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t entry; diff --git a/arch/powerpc/include/asm/hugetlb.h b/arch/powerpc/include/asm/hugetlb.h index dad2e7980f24..86326587e58d 100644 --- a/arch/powerpc/include/asm/hugetlb.h +++ b/arch/powerpc/include/asm/hugetlb.h @@ -45,7 +45,8 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { return __pte(pte_update(mm, addr, ptep, ~0UL, 0, 1)); } @@ -55,8 +56,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_hugetlb_page(vma, addr); return pte; } diff --git a/arch/riscv/include/asm/hugetlb.h b/arch/riscv/include/asm/hugetlb.h index faf3624d8057..446126497768 100644 --- a/arch/riscv/include/asm/hugetlb.h +++ b/arch/riscv/include/asm/hugetlb.h @@ -28,7 +28,8 @@ void set_huge_pte_at(struct mm_struct *mm, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); + unsigned long addr, pte_t *ptep, + unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/riscv/mm/hugetlbpage.c b/arch/riscv/mm/hugetlbpage.c index 42314f093922..b4a78a4b35cf 100644 --- a/arch/riscv/mm/hugetlbpage.c +++ b/arch/riscv/mm/hugetlbpage.c @@ -293,7 +293,7 @@ int huge_ptep_set_access_flags(struct vm_area_struct *vma, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t orig_pte = ptep_get(ptep); int pte_num; diff --git a/arch/s390/include/asm/hugetlb.h b/arch/s390/include/asm/hugetlb.h index 7c52acaf9f82..663e87220e89 100644 --- a/arch/s390/include/asm/hugetlb.h +++ b/arch/s390/include/asm/hugetlb.h @@ -25,8 +25,16 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep); +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep); + #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep); +static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep, + unsigned long sz) +{ + return __huge_ptep_get_and_clear(mm, addr, ptep); +} static inline void arch_clear_hugetlb_flags(struct folio *folio) { @@ -48,7 +56,7 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long address, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, address, ptep); + return __huge_ptep_get_and_clear(vma->vm_mm, address, ptep); } #define __HAVE_ARCH_HUGE_PTEP_SET_ACCESS_FLAGS @@ -59,7 +67,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, int changed = !pte_same(huge_ptep_get(vma->vm_mm, addr, ptep), pte); if (changed) { - huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + __huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); __set_huge_pte_at(vma->vm_mm, addr, ptep, pte); } return changed; @@ -69,7 +77,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, static inline void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { - pte_t pte = huge_ptep_get_and_clear(mm, addr, ptep); + pte_t pte = __huge_ptep_get_and_clear(mm, addr, ptep); __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(pte)); } diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c index d9ce199953de..2e568f175cd4 100644 --- a/arch/s390/mm/hugetlbpage.c +++ b/arch/s390/mm/hugetlbpage.c @@ -188,8 +188,8 @@ pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep) return __rste_to_pte(pte_val(*ptep)); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep) { pte_t pte = huge_ptep_get(mm, addr, ptep); pmd_t *pmdp = (pmd_t *) ptep; diff --git a/arch/sparc/include/asm/hugetlb.h b/arch/sparc/include/asm/hugetlb.h index c714ca6a05aa..e7a9cdd498dc 100644 --- a/arch/sparc/include/asm/hugetlb.h +++ b/arch/sparc/include/asm/hugetlb.h @@ -20,7 +20,7 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c index eee601a0d2cf..80504148d8a5 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c @@ -260,7 +260,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, } pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { unsigned int i, nptes, orig_shift, shift; unsigned long size; diff --git a/include/asm-generic/hugetlb.h b/include/asm-generic/hugetlb.h index f42133dae68e..2afc95bf1655 100644 --- a/include/asm-generic/hugetlb.h +++ b/include/asm-generic/hugetlb.h @@ -90,7 +90,7 @@ static inline void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #ifndef __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, unsigned long sz) { return ptep_get_and_clear(mm, addr, ptep); } diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..bf5f7256bd28 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -1004,7 +1004,9 @@ static inline void hugetlb_count_sub(long l, struct mm_struct *mm) static inline pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + unsigned long psize = huge_page_size(hstate_vma(vma)); + + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } #endif diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 65068671e460..de9d49e521c1 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5447,7 +5447,7 @@ static void move_huge_pte(struct vm_area_struct *vma, unsigned long old_addr, if (src_ptl != dst_ptl) spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); - pte = huge_ptep_get_and_clear(mm, old_addr, src_pte); + pte = huge_ptep_get_and_clear(mm, old_addr, src_pte, sz); if (need_clear_uffd_wp && pte_marker_uffd_wp(pte)) huge_pte_clear(mm, new_addr, dst_pte, sz); @@ -5622,7 +5622,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, set_vma_resv_flags(vma, HPAGE_RESV_UNMAPPED); } - pte = huge_ptep_get_and_clear(mm, address, ptep); + pte = huge_ptep_get_and_clear(mm, address, ptep, sz); tlb_remove_huge_tlb_entry(h, tlb, ptep, address); if (huge_pte_dirty(pte)) set_page_dirty(page);

3 months, 1 week

3
6
0 0

[PATCH 6.12 000/150] 6.12.18-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.18 release. There are 150 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 07 Mar 2025 17:44:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.18-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.18-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Load only SHA256-checksummed patches Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add get_patch_level() Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Merge early_apply_microcode() into its single callsite Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Have __apply_microcode_amd() return bool Nikolay Borisov <nik.borisov(a)suse.com> x86/microcode/AMD: Return bool from find_blobs_in_containers() chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Peter Jones <pjones(a)redhat.com> efi: Don't map the entire mokvar table to determine its size Clément Léger <cleger(a)rivosinc.com> riscv: cpufeature: use bitmap_equal() instead of memcmp() Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal_minsigstksz Rob Herring <robh(a)kernel.org> riscv: cacheinfo: Use of_property_present() for non-boolean properties Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal frame size Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Stafford Horne <shorne(a)gmail.com> rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm Arthur Simchaev <arthur.simchaev(a)sandisk.com> scsi: ufs: core: bsg: Fix crash when arpmb command fails Roberto Sassu <roberto.sassu(a)huawei.com> ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Ken Raeburn <raeburn(a)redhat.com> dm vdo: add missing spin_lock_init Milan Broz <gmazyland(a)gmail.com> dm-integrity: Avoid divide by zero in table status in Inline mode Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP Tejun Heo <tj(a)kernel.org> sched_ext: Fix pick_task_scx() picking non-queued tasks when it's called without balance() Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Thomas Gleixner <tglx(a)linutronix.de> rcuref: Plug slowpath race in rcuref_put() Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> selftests/landlock: Test that MPTCP actions are not restricted Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix suspicious RCU usage Jerry Snitselaar <jsnitsel(a)redhat.com> iommu/vt-d: Remove device comparison in context_setup_pass_through_cb André Draszik <andre.draszik(a)linaro.org> phy: exynos5-usbdrd: gs101: ensure power is gated to SS phy in phy_exit() Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() George Moussalem <george.moussalem(a)outlook.com> net: phy: qcom: qca807x fix condition for DAC_DSP_BIAS_CURRENT Qunqin Zhao <zhaoqunqin(a)loongson.cn> net: stmmac: dwmac-loongson: Add fix_soc_reset() callback Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Binbin Zhou <zhoubinbin(a)loongson.cn> i2c: ls2x: Fix frequency division register access Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Damien Le Moal <dlemoal(a)kernel.org> block: Remove zone write plugs when handling native zone append writes Ryan Roberts <ryan.roberts(a)arm.com> arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level Ryan Roberts <ryan.roberts(a)arm.com> arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Fix Boot panic on Ampere Altra Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Yilin Chen <Yilin.Chen(a)amd.com> drm/amd/display: add a quirk to enable eDP0 on DP1 Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable BAR resize on Dell G5 SE David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: Preserve cp_hqd_pq_control on update_mqd Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: fix EFAULT handling Matthew Auld <matthew.auld(a)intel.com> drm/xe/userptr: restore invalidation list on error Mingcong Bai <jeffbai(a)aosc.io> drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size) Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Breno Leitao <leitao(a)debian.org> perf/core: Add RCU read lock protection to perf_iterate_ctx() Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Ensure a VMID is allocated before programming VTTBR_EL2 Adrien Vergé <adrienverge(a)gmail.com> ALSA: hda/realtek: Fix microphone regression on ASUS N705UD Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI TIME error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI IPI error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend_type use Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend status check Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Arnd Bergmann <arnd(a)arndb.de> phy: rockchip: fix Kconfig dependency more Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Ard Biesheuvel <ardb(a)kernel.org> objtool: Fix C jump table annotations for Clang Peter Zijlstra <peterz(a)infradead.org> objtool: Remove annotate_{,un}reachable() Peter Zijlstra <peterz(a)infradead.org> unreachable: Unify Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Yu-Che Cheng <giver(a)chromium.org> thermal: gov_power_allocator: Update total_weight on bind and cdev updates Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Move lists of thermal instances to trip descriptors Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/of: Fix cdev lookup in thermal_of_should_bind() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> thermal: of: Simplify thermal_of_should_bind with scoped for each OF child Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Yu-Che Cheng <giver(a)chromium.org> thermal: gov_power_allocator: Fix incorrect calculation in divvy_up_power() Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Reject perout generation request Eric Dumazet <edumazet(a)google.com> idpf: fix checksums set in idpf_rx_rsc() Joe Damato <jdamato(a)fastly.com> selftests: drv-net: Check if combined-count exists Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe: cancel pending job timer before freeing scheduler Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Avoid setting default Rx VSI twice in switchdev setup Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix deinitializing VF in error path Paul Greenwalt <paul.greenwalt(a)intel.com> ice: add E830 HW VF mailbox message limit support Stanislav Fomichev <sdf(a)fomichev.me> tcp: devmem: don't write truncated dmabuf CMSGs to userspace Sascha Hauer <s.hauer(a)pengutronix.de> net: ethernet: ti: am65-cpsw: select PAGE_POOL Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Prevent races when soft-resetting using SPI control Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Remove async regmap writes Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/xe/oa: Allow oa_exponent value of 0 Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Allow only certain property changes from config Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Add syncs support to OA config ioctl Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Move functions up so they can be reused for config ioctl Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Signal output fences Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl: Rename stream name of SAI DAI driver Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Linus Walleij <linus.walleij(a)linaro.org> net: dsa: rtl8366rb: Fix compilation problem Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Guillaume Nault <gnault(a)redhat.com> ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert ip_route_input() to dscp_t. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert icmp_route_lookup() to dscp_t. Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header David Howells <dhowells(a)redhat.com> afs: Give an afs_server object a ref on the afs_cell object it points to David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> rxrpc: rxperf: Fix missing decoding of terminal magic cookie Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix AH static rate parsing Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix implicit ODP hang on parent deregistration Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Handle -ETIMEDOUT return from tlshd Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix a deadlock when recovering state on a sillyrenamed file Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Adjust delegated timestamps for O_DIRECT reads and writes Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: O_DIRECT writes must check and adjust the file length Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() Mikhail Ivanov <ivanov.mikhail1(a)huawei-partners.com> landlock: Fix non-TCP sockets restriction Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the statistics for Gen P7 VF Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Allocate dev_attr information dynamically Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Add sanity checks on rdev validity Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Cache MSIx info to a local structure Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Refactor NQ allocation Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fail probe early when not enough MSI-x vectors are reserved Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix mbox timing out by adding retry mechanism Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Allocate PAGE aligned doorbell index Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a WARN during dereg_mr for DM type Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP Yishai Hadas <yishaih(a)nvidia.com> RDMA/mlx5: Fix the recovery flow of the UMR QP ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/hugetlb.h | 22 +- arch/arm64/include/asm/kvm_host.h | 2 +- arch/arm64/kvm/arm.c | 22 +- arch/arm64/kvm/vmid.c | 11 +- arch/arm64/mm/hugetlbpage.c | 51 +- arch/arm64/mm/init.c | 7 +- arch/riscv/include/asm/futex.h | 2 +- arch/riscv/kernel/cacheinfo.c | 12 +- arch/riscv/kernel/cpufeature.c | 2 +- arch/riscv/kernel/setup.c | 2 +- arch/riscv/kernel/signal.c | 6 - arch/riscv/kvm/vcpu_sbi_hsm.c | 11 +- arch/riscv/kvm/vcpu_sbi_replace.c | 15 +- arch/x86/Kconfig | 1 + arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/cyrix.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 283 ++++++--- arch/x86/kernel/cpu/microcode/amd_shas.c | 444 ++++++++++++++ arch/x86/kernel/cpu/microcode/internal.h | 2 - block/blk-zoned.c | 76 ++- drivers/firmware/cirrus/cs_dsp.c | 24 +- drivers/firmware/efi/mokvar-table.c | 42 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 + drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v10.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 69 ++- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 +- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 +- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 - drivers/gpu/drm/xe/xe_guc_submit.c | 2 + drivers/gpu/drm/xe/xe_oa.c | 657 ++++++++++++--------- drivers/gpu/drm/xe/xe_oa_types.h | 6 + drivers/gpu/drm/xe/xe_vm.c | 40 +- drivers/i2c/busses/i2c-ls2x.c | 16 +- drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/hw/bnxt_re/bnxt_re.h | 18 +- drivers/infiniband/hw/bnxt_re/hw_counters.c | 4 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 46 +- drivers/infiniband/hw/bnxt_re/main.c | 153 +++-- drivers/infiniband/hw/bnxt_re/qplib_res.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_res.h | 12 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 4 +- drivers/infiniband/hw/bnxt_re/qplib_sp.h | 3 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 64 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 + drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/ah.c | 3 +- drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/mr.c | 16 +- drivers/infiniband/hw/mlx5/odp.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 10 +- drivers/infiniband/hw/mlx5/qp.h | 1 + drivers/infiniband/hw/mlx5/umr.c | 83 ++- drivers/iommu/intel/dmar.c | 1 + drivers/iommu/intel/iommu.c | 10 +- drivers/md/dm-integrity.c | 8 +- drivers/md/dm-vdo/dedupe.c | 1 + drivers/net/dsa/realtek/Kconfig | 6 + drivers/net/dsa/realtek/Makefile | 3 + drivers/net/dsa/realtek/rtl8366rb-leds.c | 177 ++++++ drivers/net/dsa/realtek/rtl8366rb.c | 258 +------- drivers/net/dsa/realtek/rtl8366rb.h | 107 ++++ drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 103 +++- .../net/ethernet/freescale/enetc/enetc_ethtool.c | 7 +- drivers/net/ethernet/intel/ice/ice.h | 1 + drivers/net/ethernet/intel/ice/ice_eswitch.c | 3 +- drivers/net/ethernet/intel/ice/ice_hw_autogen.h | 3 + drivers/net/ethernet/intel/ice/ice_lib.c | 3 + drivers/net/ethernet/intel/ice/ice_main.c | 24 +- drivers/net/ethernet/intel/ice/ice_sriov.c | 4 +- drivers/net/ethernet/intel/ice/ice_vf_lib.c | 34 +- .../net/ethernet/intel/ice/ice_vf_lib_private.h | 1 + drivers/net/ethernet/intel/ice/ice_vf_mbx.c | 32 + drivers/net/ethernet/intel/ice/ice_vf_mbx.h | 9 + drivers/net/ethernet/intel/ice/ice_virtchnl.c | 8 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 3 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 + drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/ethernet/ti/icssg/icss_iep.c | 21 +- drivers/net/ipvlan/ipvlan_core.c | 22 +- drivers/net/loopback.c | 14 + drivers/net/phy/qcom/qca807x.c | 2 +- drivers/net/usb/gl620a.c | 4 +- drivers/phy/rockchip/Kconfig | 1 + drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 25 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/scsi/scsi_lib.c | 14 +- drivers/thermal/gov_bang_bang.c | 11 +- drivers/thermal/gov_fair_share.c | 16 +- drivers/thermal/gov_power_allocator.c | 68 ++- drivers/thermal/gov_step_wise.c | 16 +- drivers/thermal/thermal_core.c | 33 +- drivers/thermal/thermal_core.h | 5 +- drivers/thermal/thermal_helpers.c | 5 +- drivers/thermal/thermal_of.c | 53 +- drivers/ufs/core/ufs_bsg.c | 6 +- drivers/ufs/core/ufshcd.c | 38 +- fs/afs/server.c | 3 + fs/afs/server_list.c | 4 +- fs/nfs/delegation.c | 37 ++ fs/nfs/delegation.h | 1 + fs/nfs/direct.c | 23 + fs/nfs/nfs4proc.c | 3 + fs/overlayfs/copy_up.c | 2 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/blkdev.h | 7 +- include/linux/compiler-gcc.h | 12 - include/linux/compiler.h | 39 +- include/linux/rcuref.h | 9 +- include/linux/socket.h | 2 + include/linux/sunrpc/sched.h | 3 +- include/net/ip.h | 5 + include/net/route.h | 5 +- include/sound/cs35l56.h | 31 + include/trace/events/afs.h | 2 + include/trace/events/sunrpc.h | 3 +- io_uring/net.c | 4 +- kernel/events/core.c | 31 +- kernel/events/uprobes.c | 5 + kernel/sched/core.c | 2 +- kernel/sched/ext.c | 11 +- kernel/trace/ftrace.c | 27 +- kernel/trace/trace_events_hist.c | 34 +- lib/rcuref.c | 5 +- net/bluetooth/l2cap_core.c | 9 +- net/bridge/br_netfilter_hooks.c | 8 +- net/core/gro.c | 1 + net/core/scm.c | 10 + net/core/skbuff.c | 2 +- net/core/sysctl_net_core.c | 3 +- net/ipv4/icmp.c | 19 +- net/ipv4/ip_options.c | 3 +- net/ipv4/tcp.c | 26 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/ip6_tunnel.c | 4 +- net/ipv6/rpl_iptunnel.c | 14 +- net/ipv6/seg6_iptunnel.c | 14 +- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 15 +- net/rxrpc/rxperf.c | 12 + net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - net/sunrpc/xprtsock.c | 10 +- security/integrity/ima/ima.h | 3 + security/integrity/ima/ima_main.c | 7 +- security/landlock/net.c | 3 +- sound/pci/hda/cs35l56_hda_spi.c | 3 + sound/pci/hda/patch_realtek.c | 2 +- sound/soc/codecs/cs35l56-shared.c | 80 +++ sound/soc/codecs/cs35l56-spi.c | 3 + sound/soc/codecs/es8328.c | 15 +- sound/soc/fsl/fsl_sai.c | 6 +- sound/soc/fsl/imx-audmix.c | 4 +- sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + tools/objtool/check.c | 50 +- tools/objtool/include/objtool/special.h | 2 +- tools/testing/selftests/drivers/net/queues.py | 7 +- tools/testing/selftests/landlock/common.h | 1 + tools/testing/selftests/landlock/config | 2 + tools/testing/selftests/landlock/net_test.c | 124 +++- tools/testing/selftests/rseq/rseq-riscv-bits.h | 6 +- tools/testing/selftests/rseq/rseq-riscv.h | 2 +- 176 files changed, 2965 insertions(+), 1448 deletions(-)

3 months, 1 week

10
161
0 0

[PATCH] mm: memcontrol: fix swap counter leak from offline cgroup

by Muchun Song

The commit 6769183166b3 has removed the parameter of id from swap_cgroup_record() and get the memcg id from mem_cgroup_id(folio_memcg(folio)). However, the caller of it may update a different memcg's counter instead of folio_memcg(folio). E.g. in the caller of mem_cgroup_swapout(), @swap_memcg could be different with @memcg and update the counter of @swap_memcg, but swap_cgroup_record() records the wrong memcg's ID. When it is uncharged from __mem_cgroup_uncharge_swap(), the swap counter will leak since the wrong recorded ID. Fix it by bring the parameter of id back. Fixes: 6769183166b3 ("mm/swap_cgroup: decouple swap cgroup recording and clearing") Cc: <stable(a)vger.kernel.org> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> --- include/linux/swap_cgroup.h | 4 ++-- mm/memcontrol.c | 4 ++-- mm/swap_cgroup.c | 7 ++++--- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/linux/swap_cgroup.h b/include/linux/swap_cgroup.h index b5ec038069dab..91cdf12190a03 100644 --- a/include/linux/swap_cgroup.h +++ b/include/linux/swap_cgroup.h @@ -6,7 +6,7 @@ #if defined(CONFIG_MEMCG) && defined(CONFIG_SWAP) -extern void swap_cgroup_record(struct folio *folio, swp_entry_t ent); +extern void swap_cgroup_record(struct folio *folio, unsigned short id, swp_entry_t ent); extern unsigned short swap_cgroup_clear(swp_entry_t ent, unsigned int nr_ents); extern unsigned short lookup_swap_cgroup_id(swp_entry_t ent); extern int swap_cgroup_swapon(int type, unsigned long max_pages); @@ -15,7 +15,7 @@ extern void swap_cgroup_swapoff(int type); #else static inline -void swap_cgroup_record(struct folio *folio, swp_entry_t ent) +void swap_cgroup_record(struct folio *folio, unsigned short id, swp_entry_t ent) { } diff --git a/mm/memcontrol.c b/mm/memcontrol.c index a5d870fbb4321..a5ab603806fbb 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -4988,7 +4988,7 @@ void mem_cgroup_swapout(struct folio *folio, swp_entry_t entry) mem_cgroup_id_get_many(swap_memcg, nr_entries - 1); mod_memcg_state(swap_memcg, MEMCG_SWAP, nr_entries); - swap_cgroup_record(folio, entry); + swap_cgroup_record(folio, mem_cgroup_id(swap_memcg), entry); folio_unqueue_deferred_split(folio); folio->memcg_data = 0; @@ -5050,7 +5050,7 @@ int __mem_cgroup_try_charge_swap(struct folio *folio, swp_entry_t entry) mem_cgroup_id_get_many(memcg, nr_pages - 1); mod_memcg_state(memcg, MEMCG_SWAP, nr_pages); - swap_cgroup_record(folio, entry); + swap_cgroup_record(folio, mem_cgroup_id(memcg), entry); return 0; } diff --git a/mm/swap_cgroup.c b/mm/swap_cgroup.c index be39078f255be..1007c30f12e2c 100644 --- a/mm/swap_cgroup.c +++ b/mm/swap_cgroup.c @@ -58,9 +58,11 @@ static unsigned short __swap_cgroup_id_xchg(struct swap_cgroup *map, * entries must not have been charged * * @folio: the folio that the swap entry belongs to + * @id: mem_cgroup ID to be recorded * @ent: the first swap entry to be recorded */ -void swap_cgroup_record(struct folio *folio, swp_entry_t ent) +void swap_cgroup_record(struct folio *folio, unsigned short id, + swp_entry_t ent) { unsigned int nr_ents = folio_nr_pages(folio); struct swap_cgroup *map; @@ -72,8 +74,7 @@ void swap_cgroup_record(struct folio *folio, swp_entry_t ent) map = swap_cgroup_ctrl[swp_type(ent)].map; do { - old = __swap_cgroup_id_xchg(map, offset, - mem_cgroup_id(folio_memcg(folio))); + old = __swap_cgroup_id_xchg(map, offset, id); VM_BUG_ON(old); } while (++offset != end); } -- 2.20.1

3 months, 1 week

4
4
0 0

+ selftests-mm-run_vmtestssh-fix-half_ufd_size_mb-calculation.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: run_vmtests.sh: fix half_ufd_size_MB calculation has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-run_vmtestssh-fix-half_ufd_size_mb-calculation.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Rafael Aquini <raquini(a)redhat.com> Subject: selftests/mm: run_vmtests.sh: fix half_ufd_size_MB calculation Date: Tue, 18 Feb 2025 14:22:51 -0500 We noticed that uffd-stress test was always failing to run when invoked for the hugetlb profiles on x86_64 systems with a processor count of 64 or bigger: ... # ------------------------------------ # running ./uffd-stress hugetlb 128 32 # ------------------------------------ # ERROR: invalid MiB (errno=9, @uffd-stress.c:459) ... # [FAIL] not ok 3 uffd-stress hugetlb 128 32 # exit=1 ... The problem boils down to how run_vmtests.sh (mis)calculates the size of the region it feeds to uffd-stress. The latter expects to see an amount of MiB while the former is just giving out the number of free hugepages halved down. This measurement discrepancy ends up violating uffd-stress' assertion on number of hugetlb pages allocated per CPU, causing it to bail out with the error above. This commit fixes that issue by adjusting run_vmtests.sh's half_ufd_size_MB calculation so it properly renders the region size in MiB, as expected, while maintaining all of its original constraints in place. Link: https://lkml.kernel.org/r/20250218192251.53243-1-aquini@redhat.com Fixes: 2e47a445d7b3 ("selftests/mm: run_vmtests.sh: fix hugetlb mem size calculation") Signed-off-by: Rafael Aquini <raquini(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/run_vmtests.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/mm/run_vmtests.sh~selftests-mm-run_vmtestssh-fix-half_ufd_size_mb-calculation +++ a/tools/testing/selftests/mm/run_vmtests.sh @@ -304,7 +304,9 @@ uffd_stress_bin=./uffd-stress CATEGORY="userfaultfd" run_test ${uffd_stress_bin} anon 20 16 # Hugetlb tests require source and destination huge pages. Pass in half # the size of the free pages we have, which is used for *each*. -half_ufd_size_MB=$((freepgs / 2)) +# uffd-stress expects a region expressed in MiB, so we adjust +# half_ufd_size_MB accordingly. +half_ufd_size_MB=$(((freepgs * hpgsize_KB) / 1024 / 2)) CATEGORY="userfaultfd" run_test ${uffd_stress_bin} hugetlb "$half_ufd_size_MB" 32 CATEGORY="userfaultfd" run_test ${uffd_stress_bin} hugetlb-private "$half_ufd_size_MB" 32 CATEGORY="userfaultfd" run_test ${uffd_stress_bin} shmem 20 16 _ Patches currently in -mm which might be from raquini(a)redhat.com are selftests-mm-run_vmtestssh-fix-half_ufd_size_mb-calculation.patch

3 months, 1 week

1
0
0 0

+ mm-fix-error-handling-in-__filemap_get_folio-with-fgp_nowait.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-error-handling-in-__filemap_get_folio-with-fgp_nowait.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Raphael S. Carvalho" <raphaelsc(a)scylladb.com> Subject: mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT Date: Mon, 24 Feb 2025 11:37:00 -0300 original report: https://lore.kernel.org/all/CAKhLTr1UL3ePTpYjXOx2AJfNk8Ku2EdcEfu+CH1sf3Asr=… When doing buffered writes with FGP_NOWAIT, under memory pressure, the system returned ENOMEM despite there being plenty of available memory, to be reclaimed from page cache. The user space used io_uring interface, which in turn submits I/O with FGP_NOWAIT (the fast path). retsnoop pointed to iomap_get_folio: 00:34:16.180612 -> 00:34:16.180651 TID/PID 253786/253721 (reactor-1/combined_tests): entry_SYSCALL_64_after_hwframe+0x76 do_syscall_64+0x82 __do_sys_io_uring_enter+0x265 io_submit_sqes+0x209 io_issue_sqe+0x5b io_write+0xdd xfs_file_buffered_write+0x84 iomap_file_buffered_write+0x1a6 32us [-ENOMEM] iomap_write_begin+0x408 iter=&{.inode=0xffff8c67aa031138,.len=4096,.flags=33,.iomap={.addr=0xffffffffffffffff,.length=4096,.type=1,.flags=3,.bdev=0x�� pos=0 len=4096 foliop=0xffffb32c296b7b80 ! 4us [-ENOMEM] iomap_get_folio iter=&{.inode=0xffff8c67aa031138,.len=4096,.flags=33,.iomap={.addr=0xffffffffffffffff,.length=4096,.type=1,.flags=3,.bdev=0x�� pos=0 len=4096 This is likely a regression caused by 66dabbb65d67 ("mm: return an ERR_PTR from __filemap_get_folio"), which moved error handling from io_map_get_folio() to __filemap_get_folio(), but broke FGP_NOWAIT handling, so ENOMEM is being escaped to user space. Had it correctly returned -EAGAIN with NOWAIT, either io_uring or user space itself would be able to retry the request. It's not enough to patch io_uring since the iomap interface is the one responsible for it, and pwritev2(RWF_NOWAIT) and AIO interfaces must return the proper error too. The patch was tested with scylladb test suite (its original reproducer), and the tests all pass now when memory is pressured. Link: https://lkml.kernel.org/r/20250224143700.23035-1-raphaelsc@scylladb.com Fixes: 66dabbb65d67 ("mm: return an ERR_PTR from __filemap_get_folio") Signed-off-by: Raphael S. Carvalho <raphaelsc(a)scylladb.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Dave Chinner <dchinner(a)redhat.com> Cc: "Darrick J. Wong" <djwong(a)kernel.org> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/mm/filemap.c~mm-fix-error-handling-in-__filemap_get_folio-with-fgp_nowait +++ a/mm/filemap.c @@ -1986,8 +1986,19 @@ no_page: if (err == -EEXIST) goto repeat; - if (err) + if (err) { + /* + * When NOWAIT I/O fails to allocate folios this could + * be due to a nonblocking memory allocation and not + * because the system actually is out of memory. + * Return -EAGAIN so that there caller retries in a + * blocking fashion instead of propagating -ENOMEM + * to the application. + */ + if ((fgp_flags & FGP_NOWAIT) && err == -ENOMEM) + err = -EAGAIN; return ERR_PTR(err); + } /* * filemap_add_folio locks the page, and for mmap * we expect an unlocked page. _ Patches currently in -mm which might be from raphaelsc(a)scylladb.com are mm-fix-error-handling-in-__filemap_get_folio-with-fgp_nowait.patch

3 months, 1 week

1
0
0 0

FW: PO545 #. Date:3/6/2025 11:46:21 PM

by contact＠futuretechdigitalmarketingagency.com

Hello stable, I’m Jordan Patel from Federante Ltd. We’re interested in placing an order and would love to see your latest product/service list along with pricing. Could you kindly send the details to ifaldazos(a)federante.com.ar at your earliest convenience? Looking forward to your response. Best regards, Jordan Patel Federante Ltd.

3 months, 2 weeks

1
0
0 0

Re: The Business Loan/financing.1

by Barry

Hello, My name is Barry at Investment Consult, we are a consultancy and brokerage Firm specializing in Growth Financial Loan and joint partnership venture. We specialize in investments in all Private and public sectors in a broad range of areas within our Financial Investment Services. We are experts in financial and operational management, due diligence and capital planning in all markets and industries. Our Investors wish to invest in any viable Project presented by your Management after reviews on your Business Project Presentation Plan. We look forward to your Swift response. We also offer commission to consultants and brokers for any partnership referrals. Regards, Barry Senior Broker

3 months, 2 weeks

1
0
0 0

+ mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/mremap: correctly handle partial mremap() of VMA starting at 0 has been added to the -mm mm-unstable branch. Its filename is mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: mm/mremap: correctly handle partial mremap() of VMA starting at 0 Date: Thu, 6 Mar 2025 10:33:57 +0000 Patch series "refactor mremap and fix bug", v2. The existing mremap() logic has grown organically over a very long period of time, resulting in code that is in many parts, very difficult to follow and full of subtleties and sources of confusion. In addition, it is difficult to thread state through the operation correctly, as function arguments have expanded, some parameters are expected to be temporarily altered during the operation, others are intended to remain static and some can be overridden. This series completely refactors the mremap implementation, sensibly separating functions, adding comments to explain the more subtle aspects of the implementation and making use of small structs to thread state through everything. The reason for doing so is to lay the groundwork for planned future changes to the mremap logic, changes which require the ability to easily pass around state. Additionally, it would be unhelpful to add yet more logic to code that is already difficult to follow without first refactoring it like this. The first patch in this series additionally fixes a bug when a VMA with start address zero is partially remapped. Tested on real hardware under heavy workload and all self tests are passing. This patch (of 7): Consider the case of a partial mremap() (that results in a VMA split) of an accountable VMA (i.e. which has the VM_ACCOUNT flag set) whose start address is zero, with the MREMAP_MAYMOVE flag specified and a scenario where a move does in fact occur: addr end | | v v |-------------| | vma | |-------------| 0 This move is affected by unmapping the range [addr, end). In order to prevent an incorrect decrement of accounted memory which has already been determined, the mremap() code in move_vma() clears VM_ACCOUNT from the VMA prior to doing so, before reestablishing it in each of the VMAs post-split: addr end | | v v |---| |---| | A | | B | |---| |---| Commit 6b73cff239e5 ("mm: change munmap splitting order and move_vma()") changed this logic such as to determine whether there is a need to do so by establishing account_start and account_end and, in the instance where such an operation is required, assigning them to vma->vm_start and vma->vm_end. Later the code checks if the operation is required for 'A' referenced above thusly: if (account_start) { ... } However, if the VMA described above has vma->vm_start == 0, which is now assigned to account_start, this branch will not be executed. As a result, the VMA 'A' above will remain stripped of its VM_ACCOUNT flag, incorrectly. The fix is to simply convert these variables to booleans and set them as required. Link: https://lkml.kernel.org/r/cover.1741256580.git.lorenzo.stoakes@oracle.com Link: https://lkml.kernel.org/r/94681428faba4c34a76e2de1c875629372aae3d5.17412565… Fixes: 6b73cff239e5 ("mm: change munmap splitting order and move_vma()") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Harry Yoo <harry.yoo(a)oracle.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mremap.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- a/mm/mremap.c~mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0 +++ a/mm/mremap.c @@ -705,8 +705,8 @@ static unsigned long move_vma(struct vm_ unsigned long vm_flags = vma->vm_flags; unsigned long new_pgoff; unsigned long moved_len; - unsigned long account_start = 0; - unsigned long account_end = 0; + bool account_start = false; + bool account_end = false; unsigned long hiwater_vm; int err = 0; bool need_rmap_locks; @@ -790,9 +790,9 @@ static unsigned long move_vma(struct vm_ if (vm_flags & VM_ACCOUNT && !(flags & MREMAP_DONTUNMAP)) { vm_flags_clear(vma, VM_ACCOUNT); if (vma->vm_start < old_addr) - account_start = vma->vm_start; + account_start = true; if (vma->vm_end > old_addr + old_len) - account_end = vma->vm_end; + account_end = true; } /* @@ -832,7 +832,7 @@ static unsigned long move_vma(struct vm_ /* OOM: unable to split vma, just get accounts right */ if (vm_flags & VM_ACCOUNT && !(flags & MREMAP_DONTUNMAP)) vm_acct_memory(old_len >> PAGE_SHIFT); - account_start = account_end = 0; + account_start = account_end = false; } if (vm_flags & VM_LOCKED) { _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-simplify-vma-merge-structure-and-expand-comments.patch mm-further-refactor-commit_merge.patch mm-eliminate-adj_start-parameter-from-commit_merge.patch mm-make-vmg-target-consistent-and-further-simplify-commit_merge.patch mm-completely-abstract-unnecessary-adj_start-calculation.patch mm-madvise-split-out-mmap-locking-operations-for-madvise-fix.patch mm-use-read-write_once-for-vma-vm_flags-on-migrate-mprotect.patch mm-refactor-rmap_walk_file-to-separate-out-traversal-logic.patch mm-provide-mapping_wrprotect_range-function.patch fb_defio-do-not-use-deprecated-page-mapping-index-fields.patch fb_defio-do-not-use-deprecated-page-mapping-index-fields-fix.patch mm-allow-guard-regions-in-file-backed-and-read-only-mappings.patch selftests-mm-rename-guard-pages-to-guard-regions.patch selftests-mm-rename-guard-pages-to-guard-regions-fix.patch tools-selftests-expand-all-guard-region-tests-to-file-backed.patch tools-selftests-add-file-shmem-backed-mapping-guard-region-tests.patch fs-proc-task_mmu-add-guard-region-bit-to-pagemap.patch tools-selftests-add-guard-region-test-for-proc-pid-pagemap.patch tools-selftests-add-guard-region-test-for-proc-pid-pagemap-fix.patch mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0.patch mm-mremap-refactor-mremap-system-call-implementation.patch mm-mremap-introduce-and-use-vma_remap_struct-threaded-state.patch mm-mremap-initial-refactor-of-move_vma.patch mm-mremap-complete-refactor-of-move_vma.patch mm-mremap-refactor-move_page_tables-abstracting-state.patch mm-mremap-thread-state-through-move-page-table-operation.patch

3 months, 2 weeks

1
0
0 0

[PATCH v3 0/4] samsung: pinctrl: Add support for eint_fltcon_offset and filter selection on gs101

by Peter Griffin

Hi folks, This series fixes support for correctly saving and restoring fltcon0 and fltcon1 registers on gs101 for non-alive banks where the fltcon register offset is not at a fixed offset (unlike previous SoCs). This is done by adding a eint_fltcon_offset and providing GS101 specific pin macros that take an additional parameter (similar to how exynosautov920 handles it's eint_con_offset). Additionally the SoC specific suspend and resume callbacks are re-factored so that each SoC variant has it's own callback containing the peculiarities for that SoC. Finally support for filter selection on alive banks is added, this is currently only enabled for gs101. The code path can be excercised using `echo mem > /sys/power/state` regards, Peter To: Krzysztof Kozlowski <krzk(a)kernel.org> To: Sylwester Nawrocki <s.nawrocki(a)samsung.com> To: Alim Akhtar <alim.akhtar(a)samsung.com> To: Linus Walleij <linus.walleij(a)linaro.org> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-samsung-soc(a)vger.kernel.org Cc: linux-gpio(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: andre.draszik(a)linaro.org Cc: tudor.ambarus(a)linaro.org Cc: willmcvicker(a)google.com Cc: semen.protsenko(a)linaro.org Cc: kernel-team(a)android.com Cc: jaewon02.kim(a)samsung.com Signed-off-by: Peter Griffin <peter.griffin(a)linaro.org> --- Changes in v3: - Ensure EXYNOS_FLTCON_DIGITAL bit is cleared (Andre) - Make it obvious that exynos_eint_set_filter() is conditional on bank type (Andre) - Make it obvious exynos_set_wakeup() is conditional on bank type (Andre) - Align style where the '+' is placed first (Andre) - Remove unnecessary braces (Andre) - Link to v2: https://lore.kernel.org/r/20250301-pinctrl-fltcon-suspend-v2-0-a7eef9bb443b… Changes in v2: - Remove eint_flt_selectable bool as it can be deduced from EINT_TYPE_WKUP (Peter) - Move filter config register comment to header file (Andre) - Rename EXYNOS_FLTCON_DELAY to EXYNOS_FLTCON_ANALOG (Andre) - Remove misleading old comment (Andre) - Refactor exynos_eint_update_flt_reg() into a loop (Andre) - Split refactor of suspend/resume callbacks & gs101 parts into separate patches (Andre) - Link to v1: https://lore.kernel.org/r/20250120-pinctrl-fltcon-suspend-v1-0-e77900b2a854… --- Peter Griffin (4): pinctrl: samsung: add support for eint_fltcon_offset pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks pinctrl: samsung: add gs101 specific eint suspend/resume callbacks pinctrl: samsung: Add filter selection support for alive bank on gs101 drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 150 ++++++------- drivers/pinctrl/samsung/pinctrl-exynos.c | 294 +++++++++++++++---------- drivers/pinctrl/samsung/pinctrl-exynos.h | 50 ++++- drivers/pinctrl/samsung/pinctrl-samsung.c | 12 +- drivers/pinctrl/samsung/pinctrl-samsung.h | 12 +- 5 files changed, 318 insertions(+), 200 deletions(-) --- base-commit: 0761652a3b3b607787aebc386d412b1d0ae8008c change-id: 20250120-pinctrl-fltcon-suspend-2333a137c4d4 Best regards, -- Peter Griffin <peter.griffin(a)linaro.org>

3 months, 2 weeks

2
3
0 0

[PATCH v2 1/1] usb: typec: ucsi: Fix NULL pointer access

by Andrei Kuchynski

Resources should be released only after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated workqueue to complete before deallocating them. Cc: stable(a)vger.kernel.org Fixes: b9aa02ca39a4 ("usb: typec: ucsi: Add polling mechanism for partner tasks like alt mode checking") Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org> --- drivers/usb/typec/ucsi/ucsi.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index fcf499cc9458..43b4f8207bb3 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1825,11 +1825,11 @@ static int ucsi_init(struct ucsi *ucsi) err_unregister: for (con = connector; con->port; con++) { + if (con->wq) + destroy_workqueue(con->wq); ucsi_unregister_partner(con); ucsi_unregister_altmodes(con, UCSI_RECIPIENT_CON); ucsi_unregister_port_psy(con); - if (con->wq) - destroy_workqueue(con->wq); usb_power_delivery_unregister_capabilities(con->port_sink_caps); con->port_sink_caps = NULL; @@ -2013,10 +2013,6 @@ void ucsi_unregister(struct ucsi *ucsi) for (i = 0; i < ucsi->cap.num_connectors; i++) { cancel_work_sync(&ucsi->connector[i].work); - ucsi_unregister_partner(&ucsi->connector[i]); - ucsi_unregister_altmodes(&ucsi->connector[i], - UCSI_RECIPIENT_CON); - ucsi_unregister_port_psy(&ucsi->connector[i]); if (ucsi->connector[i].wq) { struct ucsi_work *uwork; @@ -2032,6 +2028,11 @@ void ucsi_unregister(struct ucsi *ucsi) destroy_workqueue(ucsi->connector[i].wq); } + ucsi_unregister_partner(&ucsi->connector[i]); + ucsi_unregister_altmodes(&ucsi->connector[i], + UCSI_RECIPIENT_CON); + ucsi_unregister_port_psy(&ucsi->connector[i]); + usb_power_delivery_unregister_capabilities(ucsi->connector[i].port_sink_caps); ucsi->connector[i].port_sink_caps = NULL; usb_power_delivery_unregister_capabilities(ucsi->connector[i].port_source_caps); -- 2.49.0.rc0.332.g42c0ae87b1-goog

3 months, 2 weeks

3
2
0 0

[PATCH 6.12] KVM: e500: always restore irqs

by Paolo Bonzini

[ Upstream commit 87ecfdbc699cc95fac73291b52650283ddcf929d ] If find_linux_pte fails, IRQs will not be restored. This is unlikely to happen in practice since it would have been reported as hanging hosts, but it should of course be fixed anyway. Cc: stable(a)vger.kernel.org Reported-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- arch/powerpc/kvm/e500_mmu_host.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kvm/e500_mmu_host.c b/arch/powerpc/kvm/e500_mmu_host.c index c664fdec75b1..3708fa48bee9 100644 --- a/arch/powerpc/kvm/e500_mmu_host.c +++ b/arch/powerpc/kvm/e500_mmu_host.c @@ -481,7 +481,6 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500, if (pte_present(pte)) { wimg = (pte_val(pte) >> PTE_WIMGE_SHIFT) & MAS2_WIMGE_MASK; - local_irq_restore(flags); } else { local_irq_restore(flags); pr_err_ratelimited("%s: pte not present: gfn %lx,pfn %lx\n", @@ -490,8 +489,9 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500, goto out; } } + local_irq_restore(flags); + kvmppc_e500_ref_setup(ref, gtlbe, pfn, wimg); - kvmppc_e500_setup_stlbe(&vcpu_e500->vcpu, gtlbe, tsize, ref, gvaddr, stlbe); -- 2.48.1

3 months, 2 weeks

2
2
0 0

[PATCH stable 5.4 0/3] Missing overflow changes

by Florian Fainelli

This patch series backports the minimum set of changes in order to fix this warning that popped up with >= 5.4.284 stable kernels: In file included from ./include/linux/mm.h:29, from ./include/linux/pagemap.h:8, from ./include/linux/buffer_head.h:14, from fs/udf/udfdecl.h:12, from fs/udf/super.c:41: fs/udf/super.c: In function 'udf_fill_partdesc_info': ./include/linux/overflow.h:70:15: warning: comparison of distinct pointer types lacks a cast (void) (&__a == &__b); \ ^~ fs/udf/super.c:1162:7: note: in expansion of macro 'check_add_overflow' if (check_add_overflow(map->s_partition_len, ^~~~~~~~~~~~~~~~~~ Kees Cook (2): overflow: Add __must_check attribute to check_*() helpers overflow: Allow mixed type arguments Keith Busch (1): overflow: Correct check_shl_overflow() comment include/linux/overflow.h | 101 +++++++++++++++++++++++---------------- 1 file changed, 60 insertions(+), 41 deletions(-) -- 2.34.1

3 months, 2 weeks

2
6
0 0

[6.1.y][6.6.y] uprobes: Fix race in uprobe_free_utask

by Christian Simon

Dear stable team, I noticed that cfa7f3d2c526 ("perf,x86: avoid missing caller address in stack traces captured in uprobe"), got backported into 6.1.113 and 6.6.55, but it contains a race condition which Jiri Olsa has fixed in mainline b583ef82b671 ("uprobes: Fix race in uprobe_free_utask"). I think this should be backported into those stable branches. #regzbot title: uprobes: Fix race in uprobe_free_utask #regzbot introduced: cfa7f3d2c526 #regzbot link: https://lore.kernel.org/all/20250109141440.2692173-1-jolsa@kernel.org/ Link: https://lore.kernel.org/all/20250109141440.2692173-1-jolsa@kernel.org/ Note: Sorry if I am using the wrong process/form/format, I tried to follow "Option 2" from the stable-kernel-rules.html. Best regards, Christian

3 months, 2 weeks

3
7
0 0

[PATCH 6.6.y] iommu/amd: Fixes refcount bug in iommu_v2 driver

by Siddharth Chintamaneni

This fix addresses a refcount bug where the reference count was not properly decremented due to the mmput function not being called when mmu_notifier_register fails. Signed-off-by: Siddharth Chintamaneni <sidchintamaneni(a)gmail.com> --- drivers/iommu/amd/iommu_v2.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/amd/iommu_v2.c b/drivers/iommu/amd/iommu_v2.c index 57c2fb1146e2..bce21e266d64 100644 --- a/drivers/iommu/amd/iommu_v2.c +++ b/drivers/iommu/amd/iommu_v2.c @@ -645,7 +645,7 @@ int amd_iommu_bind_pasid(struct pci_dev *pdev, u32 pasid, ret = mmu_notifier_register(&pasid_state->mn, mm); if (ret) - goto out_free; + goto out_mmput; ret = set_pasid_state(dev_state, pasid_state, pasid); if (ret) @@ -673,6 +673,8 @@ int amd_iommu_bind_pasid(struct pci_dev *pdev, u32 pasid, out_unregister: mmu_notifier_unregister(&pasid_state->mn, mm); + +out_mmput: mmput(mm); out_free: -- 2.43.0

3 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 57a0ef02fefafc4b9603e33a18b669ba5ce59ba3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030435-perm-thesis-21fc@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 57a0ef02fefafc4b9603e33a18b669ba5ce59ba3 Mon Sep 17 00:00:00 2001 From: Roberto Sassu <roberto.sassu(a)huawei.com> Date: Tue, 4 Feb 2025 13:57:20 +0100 Subject: [PATCH] ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Commit 0d73a55208e9 ("ima: re-introduce own integrity cache lock") mistakenly reverted the performance improvement introduced in commit 42a4c603198f0 ("ima: fix ima_inode_post_setattr"). The unused bit mask was subsequently removed by commit 11c60f23ed13 ("integrity: Remove unused macro IMA_ACTION_RULE_FLAGS"). Restore the performance improvement by introducing the new mask IMA_NONACTION_RULE_FLAGS, equal to IMA_NONACTION_FLAGS without IMA_NEW_FILE, which is not a rule-specific flag. Finally, reset IMA_NONACTION_RULE_FLAGS instead of IMA_NONACTION_FLAGS in process_measurement(), if the IMA_CHANGE_ATTR atomic flag is set (after file metadata modification). With this patch, new files for which metadata were modified while they are still open, can be reopened before the last file close (when security.ima is written), since the IMA_NEW_FILE flag is not cleared anymore. Otherwise, appraisal fails because security.ima is missing (files with IMA_NEW_FILE set are an exception). Cc: stable(a)vger.kernel.org # v4.16.x Fixes: 0d73a55208e9 ("ima: re-introduce own integrity cache lock") Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 24d09ea91b87..a4f284bd846c 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -149,6 +149,9 @@ struct ima_kexec_hdr { #define IMA_CHECK_BLACKLIST 0x40000000 #define IMA_VERITY_REQUIRED 0x80000000 +/* Exclude non-action flags which are not rule-specific. */ +#define IMA_NONACTION_RULE_FLAGS (IMA_NONACTION_FLAGS & ~IMA_NEW_FILE) + #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \ IMA_HASH | IMA_APPRAISE_SUBMASK) #define IMA_DONE_MASK (IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \ diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index f2c9affa0c2a..28b8b0db6f9b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -269,10 +269,13 @@ static int process_measurement(struct file *file, const struct cred *cred, mutex_lock(&iint->mutex); if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags)) - /* reset appraisal flags if ima_inode_post_setattr was called */ + /* + * Reset appraisal flags (action and non-action rule-specific) + * if ima_inode_post_setattr was called. + */ iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK | - IMA_NONACTION_FLAGS); + IMA_NONACTION_RULE_FLAGS); /* * Re-evaulate the file if either the xattr has changed or the

3 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 879f70382ff3e92fc854589ada3453e3f5f5b601 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022418-clergyman-hacker-f7f7@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 879f70382ff3e92fc854589ada3453e3f5f5b601 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Fri, 14 Feb 2025 16:19:51 +0200 Subject: [PATCH] drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro The format of the port width field in the DDI_BUF_CTL and the TRANS_DDI_FUNC_CTL registers are different starting with MTL, where the x3 lane mode for HDMI FRL has a different encoding in the two registers. To account for this use the TRANS_DDI_FUNC_CTL's own port width macro. Cc: <stable(a)vger.kernel.org> # v6.5+ Fixes: b66a8abaa48a ("drm/i915/display/mtl: Fill port width in DDI_BUF_/TRANS_DDI_FUNC_/PORT_BUF_CTL for HDMI") Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250214142001.552916-2-imre.… (cherry picked from commit 76120b3a304aec28fef4910204b81a12db8974da) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/icl_dsi.c b/drivers/gpu/drm/i915/display/icl_dsi.c index c977b74f82f0..82bf6c654de2 100644 --- a/drivers/gpu/drm/i915/display/icl_dsi.c +++ b/drivers/gpu/drm/i915/display/icl_dsi.c @@ -809,8 +809,8 @@ gen11_dsi_configure_transcoder(struct intel_encoder *encoder, /* select data lane width */ tmp = intel_de_read(display, TRANS_DDI_FUNC_CTL(display, dsi_trans)); - tmp &= ~DDI_PORT_WIDTH_MASK; - tmp |= DDI_PORT_WIDTH(intel_dsi->lane_count); + tmp &= ~TRANS_DDI_PORT_WIDTH_MASK; + tmp |= TRANS_DDI_PORT_WIDTH(intel_dsi->lane_count); /* select input pipe */ tmp &= ~TRANS_DDI_EDP_INPUT_MASK;

3 months, 2 weeks

4
5
0 0

[PATCH v1 2/2] mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq

by Uladzislau Rezki (Sony)

Currently kvfree_rcu() APIs use a system workqueue which is "system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warning can be observed: <snip> workqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120 Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ... CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1 Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023 Workqueue: nvme-wq nvme_scan_work RIP: 0010:check_flush_dependency+0x112/0x120 Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ... RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082 RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027 RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88 RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400 R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000 CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa4/0x140 ? check_flush_dependency+0x112/0x120 ? report_bug+0xe1/0x140 ? check_flush_dependency+0x112/0x120 ? handle_bug+0x5e/0x90 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? timer_recalc_next_expiry+0x190/0x190 ? check_flush_dependency+0x112/0x120 ? check_flush_dependency+0x112/0x120 __flush_work.llvm.1643880146586177030+0x174/0x2c0 flush_rcu_work+0x28/0x30 kvfree_rcu_barrier+0x12f/0x160 kmem_cache_destroy+0x18/0x120 bioset_exit+0x10c/0x150 disk_release.llvm.6740012984264378178+0x61/0xd0 device_release+0x4f/0x90 kobject_put+0x95/0x180 nvme_put_ns+0x23/0xc0 nvme_remove_invalid_namespaces+0xb3/0xd0 nvme_scan_work+0x342/0x490 process_scheduled_works+0x1a2/0x370 worker_thread+0x2ff/0x390 ? pwq_release_workfn+0x1e0/0x1e0 kthread+0xb1/0xe0 ? __kthread_parkme+0x70/0x70 ret_from_fork+0x30/0x40 ? __kthread_parkme+0x70/0x70 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- <snip> To address this switch to use of independent WQ_MEM_RECLAIM workqueue, so the rules are not violated from workqueue framework point of view. Apart of that, since kvfree_rcu() does reclaim memory it is worth to go with WQ_MEM_RECLAIM type of wq because it is designed for this purpose. Cc: <stable(a)vger.kernel.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Keith Busch <kbusch(a)kernel.org> Closes: https://www.spinics.net/lists/kernel/msg5563270.html Fixes: 6c6c47b063b5 ("mm, slab: call kvfree_rcu_barrier() from kmem_cache_destroy()"), Reported-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> --- mm/slab_common.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/mm/slab_common.c b/mm/slab_common.c index 4030907b6b7d..4c9f0a87f733 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1304,6 +1304,8 @@ module_param(rcu_min_cached_objs, int, 0444); static int rcu_delay_page_cache_fill_msec = 5000; module_param(rcu_delay_page_cache_fill_msec, int, 0444); +static struct workqueue_struct *rcu_reclaim_wq; + /* Maximum number of jiffies to wait before draining a batch. */ #define KFREE_DRAIN_JIFFIES (5 * HZ) #define KFREE_N_BATCHES 2 @@ -1632,10 +1634,10 @@ __schedule_delayed_monitor_work(struct kfree_rcu_cpu *krcp) if (delayed_work_pending(&krcp->monitor_work)) { delay_left = krcp->monitor_work.timer.expires - jiffies; if (delay < delay_left) - mod_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + mod_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); return; } - queue_delayed_work(system_unbound_wq, &krcp->monitor_work, delay); + queue_delayed_work(rcu_reclaim_wq, &krcp->monitor_work, delay); } static void @@ -1733,7 +1735,7 @@ kvfree_rcu_queue_batch(struct kfree_rcu_cpu *krcp) // "free channels", the batch can handle. Break // the loop since it is done with this CPU thus // queuing an RCU work is _always_ success here. - queued = queue_rcu_work(system_unbound_wq, &krwp->rcu_work); + queued = queue_rcu_work(rcu_reclaim_wq, &krwp->rcu_work); WARN_ON_ONCE(!queued); break; } @@ -1883,7 +1885,7 @@ run_page_cache_worker(struct kfree_rcu_cpu *krcp) if (rcu_scheduler_active == RCU_SCHEDULER_RUNNING && !atomic_xchg(&krcp->work_in_progress, 1)) { if (atomic_read(&krcp->backoff_page_cache_fill)) { - queue_delayed_work(system_unbound_wq, + queue_delayed_work(rcu_reclaim_wq, &krcp->page_cache_work, msecs_to_jiffies(rcu_delay_page_cache_fill_msec)); } else { @@ -2120,6 +2122,10 @@ void __init kvfree_rcu_init(void) int i, j; struct shrinker *kfree_rcu_shrinker; + rcu_reclaim_wq = alloc_workqueue("kvfree_rcu_reclaim", + WQ_UNBOUND | WQ_MEM_RECLAIM, 0); + WARN_ON(!rcu_reclaim_wq); + /* Clamp it to [0:100] seconds interval. */ if (rcu_delay_page_cache_fill_msec < 0 || rcu_delay_page_cache_fill_msec > 100 * MSEC_PER_SEC) { -- 2.39.5

3 months, 2 weeks

5
5
0 0

[PATCH] arm64: tegra: delete the Orin NX/Nano suspend key

by Ivy Huang

From: Ninad Malwade <nmalwade(a)nvidia.com> As per the Orin Nano Dev Kit schematic, GPIO_G.02 is not available on this device family. It should not be used at all on Orin NX/Nano. Having this unused pin mapped as the suspend key can lead to unpredictable behavior for low power modes. Orin NX/Nano uses GPIO_EE.04 as both a "power" button and a "suspend" button. However, we cannot have two gpio-keys mapped to the same GPIO. Therefore delete the "suspend" key. Cc: stable(a)vger.kernel.org Fixes: e63472eda5ea ("arm64: tegra: Support Jetson Orin NX reference platform") Signed-off-by: Ninad Malwade <nmalwade(a)nvidia.com> Signed-off-by: Ivy Huang <yijuh(a)nvidia.com> --- arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi | 7 ------- 1 file changed, 7 deletions(-) diff --git a/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi b/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi index 19340d13f789..41821354bbda 100644 --- a/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi +++ b/arch/arm64/boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi @@ -227,13 +227,6 @@ wakeup-event-action = <EV_ACT_ASSERTED>; wakeup-source; }; - - key-suspend { - label = "Suspend"; - gpios = <&gpio TEGRA234_MAIN_GPIO(G, 2) GPIO_ACTIVE_LOW>; - linux,input-type = <EV_KEY>; - linux,code = <KEY_SLEEP>; - }; }; fan: pwm-fan { -- 2.17.1

3 months, 2 weeks

2
1
0 0

Regression for PXE boot from patch "Remove the 'bugger off' message" in stable 6.6.18

by Ulrich Gemkow

Hello, starting with stable kernel 6.6.18 we have problems with PXE booting. A bisect shows that the following patch is guilty: From 768171d7ebbce005210e1cf8456f043304805c15 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel <ardb(a)kernel.org> Date: Tue, 12 Sep 2023 09:00:55 +0000 Subject: x86/boot: Remove the 'bugger off' message Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Acked-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Link: https://lore.kernel.org/r/20230912090051.4014114-21-ardb@google.com With this patch applied PXE starts, requests the kernel and the initrd. Without showing anything on the console, the boot process stops. It seems, that the kernel crashes very early. With stable kernel 6.6.17 PXE boot works without problems. Reverting this single patch (which is part of a larger set of patches) solved the problem for us, PXE boot is working again. We use the packages syslinux-efi and syslinux-common from Debian 12. The used boot files are /efi64/syslinux.efi and /ldlinux.e64. Our config-File (for 6.6.80) is attached. Regarding the patch description, we really do not boot with a floppy :-) Any help would be greatly appreciated, I have a bit of a bad feeling about simply reverting a patch at such a deep level in the kernel. Thank you and best regards Ulrich -- |----------------------------------------------------------------------- | Ulrich Gemkow | University of Stuttgart | Institute of Communication Networks and Computer Engineering (IKR) |-----------------------------------------------------------------------

3 months, 2 weeks

4
12
0 0

[PATCH 6.6 000/142] 6.6.81-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.81 release. There are 142 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 07 Mar 2025 17:44:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.81-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.81-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Load only SHA256-checksummed patches Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add get_patch_level() Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Merge early_apply_microcode() into its single callsite Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Have __apply_microcode_amd() return bool Nikolay Borisov <nik.borisov(a)suse.com> x86/microcode/AMD: Make __verify_patch_size() return bool Nikolay Borisov <nik.borisov(a)suse.com> x86/microcode/AMD: Return bool from find_blobs_in_containers() Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Flush patch buffer mapping after application Chang S. Bae <chang.seok.bae(a)intel.com> x86/microcode/intel: Remove unnecessary cache writeback and invalidation Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Split load_microcode_amd() Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Pay attention to the stepping dynamically Borislav Petkov <bp(a)alien8.de> x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/intel: Set new revision only after a successful update Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode: Rework early revisions reporting Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Prepare for minimal revision check Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Handle "offline" CPUs correctly Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Provide apic_force_nmi_on_cpu() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Protect against instrumentation Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Rendezvous and load in NMI Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Replace the all-in-one rendevous handler Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Provide new control functions Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Add per CPU control field Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Add per CPU result state Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Sanitize __wait_for_cpus() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Clarify the late load logic Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Handle "nosmt" correctly Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Clean up mc_cpu_down_prep() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Get rid of the schedule work indirection Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Mop up early loading leftovers Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/amd: Use cached microcode for AP load Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/amd: Cache builtin/initrd microcode early Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/amd: Cache builtin microcode too Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/amd: Use correct per CPU ucode_cpu_info Thomas Gleixner <tglx(a)linutronix.de> x86/microcode: Remove pointless apply() invocation Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Rework intel_find_matching_signature() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Reuse intel_cpu_collect_info() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Rework intel_cpu_collect_info() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Unify microcode apply() functions Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Switch to kvmalloc() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Save the microcode only after a successful late-load Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Simplify early loading Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Cleanup code further Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Simplify and rename generic_load_microcode() Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/intel: Simplify scan_microcode() Ashok Raj <ashok.raj(a)intel.com> x86/microcode/intel: Rip out mixed stepping support for Intel CPUs Thomas Gleixner <tglx(a)linutronix.de> x86/microcode/32: Move early loading after paging enable Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck Thomas Gleixner <tglx(a)linutronix.de> intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly Joshua Washington <joshwash(a)google.com> gve: set xdp redirect target only when it is available chr[] <chris(a)rudorff.com> amdgpu/pm/legacy: fix suspend/resume issues Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads Tomas Glozar <tglozar(a)redhat.com> Revert "rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads" Tomas Glozar <tglozar(a)redhat.com> Revert "rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads" Yong-Xuan Wang <yongxuan.wang(a)sifive.com> riscv: signal: fix signal frame size Andreas Schwab <schwab(a)suse.de> riscv/futex: sign extend compare value in atomic cmpxchg Stafford Horne <shorne(a)gmail.com> rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm Arthur Simchaev <arthur.simchaev(a)sandisk.com> scsi: ufs: core: bsg: Fix crash when arpmb command fails Thomas Gleixner <tglx(a)linutronix.de> sched/core: Prevent rescheduling when interrupts are disabled Thomas Gleixner <tglx(a)linutronix.de> rcuref: Plug slowpath race in rcuref_put() Ard Biesheuvel <ardb(a)kernel.org> vmlinux.lds: Ensure that const vars with relocations are mapped R/O Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset when MPTCP opts are dropped after join Paolo Abeni <pabeni(a)redhat.com> mptcp: always handle address removal under msk socket lock Kaustabh Chakraborty <kauschluss(a)disroot.org> phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk BH Hsieh <bhsieh(a)nvidia.com> phy: tegra: xusb: reset VBUS & ID OVERRIDE Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the xdp_tx statistics Wei Fang <wei.fang(a)nxp.com> net: enetc: update UDP checksum when updating originTimestamp field Wei Fang <wei.fang(a)nxp.com> net: enetc: keep track of correct Tx BD count in enetc_map_tx_tso_buffs() Wei Fang <wei.fang(a)nxp.com> net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usbnet: gl620a: fix endpoint checking in genelink_bind() Binbin Zhou <zhoubinbin(a)loongson.cn> i2c: ls2x: Fix frequency division register access Tyrone Ting <kfting(a)nuvoton.com> i2c: npcm: disable interrupt enable bit before devm_request_irq Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix HPD after gpu reset Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable PSR-SU on eDP panels Kan Liang <kan.liang(a)linux.intel.com> perf/core: Fix low freq setting via IOC_PERIOD Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Fix low freqency setting issue Breno Leitao <leitao(a)debian.org> perf/core: Add RCU read lock protection to perf_iterate_ctx() Adrien Vergé <adrienverge(a)gmail.com> ALSA: hda/realtek: Fix microphone regression on ASUS N705UD Dmitry Panchenko <dmitry(a)d-systems.ee> ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 Nikolay Kuratov <kniv(a)yandex-team.ru> ftrace: Avoid potential division by zero in function_stat_show() Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix bad hist from corrupting named_triggers list Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI TIME error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix SBI IPI error generation Andrew Jones <ajones(a)ventanamicro.com> riscv: KVM: Fix hart suspend status check Yong-Xuan Wang <yongxuan.wang(a)sifive.com> RISCV: KVM: Introduce mp_state_lock to avoid lock inversion Chukun Pan <amadeus(a)jmu.edu.cn> phy: rockchip: naneng-combphy: compatible reset with old DT Russell Senior <russell(a)personaltelco.net> x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: save msg_control for compat Tong Tiangen <tongtiangen(a)huawei.com> uprobes: Reject the shared zeropage in uprobe_write_opcode() Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Meghana Malladi <m-malladi(a)ti.com> net: ti: icss-iep: Reject perout generation request Diogo Ivo <diogo.ivo(a)siemens.com> net: ti: icss-iep: Remove spinlock-based synchronization Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in rpl lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: fix dst ref loop on input in seg6 lwt Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: seg6_iptunnel: mitigate 2-realloc issue Justin Iurman <justin.iurman(a)uliege.be> include: net: add static inline dst_dev_overhead() to dst.h Shay Drory <shayd(a)nvidia.com> net/mlx5: IRQ, Fix null string in debug print Harshal Chaudhari <hchaudhari(a)marvell.com> net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. Mohammad Heib <mheib(a)redhat.com> net: Clear old fragment checksum value in napi_reuse_skb Wang Hai <wanghai38(a)huawei.com> tcp: Defer ts_recent changes until req is owned Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix deinitializing VF in error path Paul Greenwalt <paul.greenwalt(a)intel.com> ice: add E830 HW VF mailbox message limit support Paul Greenwalt <paul.greenwalt(a)intel.com> ice: Add E830 device IDs, MAC type and registers Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add quirks for ASUS ROG 2023 models Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Remove async regmap writes Philo Lu <lulie(a)linux.alibaba.com> ipvs: Always clear ipvs_property flag in skb_scrub_packet() Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> ASoC: es8328: fix route from DAC to output Sean Anderson <sean.anderson(a)linux.dev> net: cadence: macb: Synchronize stats calculations Eric Dumazet <edumazet(a)google.com> ipvlan: ensure network headers are in skb linear part Guillaume Nault <gnault(a)redhat.com> ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos conversion. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert ip_route_input() to dscp_t. Guillaume Nault <gnault(a)redhat.com> ipv4: Convert icmp_route_lookup() to dscp_t. Ido Schimmel <idosch(a)nvidia.com> ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup() Ido Schimmel <idosch(a)nvidia.com> ipv4: icmp: Pass full DS field to ip_route_input() Peilin He <he.peilin(a)zte.com.cn> net/ipv4: add tracepoint for icmp_send Jiri Slaby (SUSE) <jirislaby(a)kernel.org> net: set the minimum for net_hotdata.netdev_budget_usecs Ido Schimmel <idosch(a)nvidia.com> net: loopback: Avoid sending IP packets without an Ethernet header David Howells <dhowells(a)redhat.com> afs: Fix the server_list to unuse a displaced server rather than putting it David Howells <dhowells(a)redhat.com> afs: Make it possible to find the volumes that are using a server David Howells <dhowells(a)redhat.com> rxrpc: rxperf: Fix missing decoding of terminal magic cookie Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports Arnd Bergmann <arnd(a)arndb.de> sunrpc: suppress warnings for unused procfs functions Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix bind QP error cleanup flow Ye Bin <yebin10(a)huawei.com> scsi: core: Clear driver private data when retrying request Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix AH static rate parsing Or Har-Toov <ohartoov(a)nvidia.com> IB/core: Add support for XDR link speed Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Handle -ETIMEDOUT return from tlshd Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Prevent looping due to rpc_signal_task() races Stephen Brennan <stephen.s.brennan(a)oracle.com> SUNRPC: convert RPC_TASK_* constants to enum Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Prepare to introduce a new clock_gating lock Avri Altman <avri.altman(a)wdc.com> scsi: ufs: core: Introduce ufshcd_has_pending_tasks() Bean Huo <beanhuo(a)micron.com> scsi: ufs: core: Add UFS RTC support Bean Huo <beanhuo(a)micron.com> scsi: ufs: core: Add ufshcd_is_ufs_dev_busy() Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Allocate PAGE aligned doorbell index Mark Zhang <markzhang(a)nvidia.com> IB/mlx5: Set and get correct qp_num for a DCT QP ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 5 + Makefile | 4 +- arch/arm64/boot/dts/rockchip/px30-ringneck.dtsi | 5 + arch/riscv/include/asm/futex.h | 2 +- arch/riscv/include/asm/kvm_host.h | 8 +- arch/riscv/kernel/signal.c | 6 - arch/riscv/kvm/vcpu.c | 48 +- arch/riscv/kvm/vcpu_sbi.c | 7 +- arch/riscv/kvm/vcpu_sbi_hsm.c | 45 +- arch/riscv/kvm/vcpu_sbi_replace.c | 15 +- arch/x86/Kconfig | 26 +- arch/x86/events/core.c | 2 +- arch/x86/include/asm/apic.h | 5 +- arch/x86/include/asm/cpu.h | 20 +- arch/x86/include/asm/microcode.h | 18 +- arch/x86/kernel/apic/apic_flat_64.c | 2 + arch/x86/kernel/apic/ipi.c | 8 + arch/x86/kernel/apic/x2apic_cluster.c | 1 + arch/x86/kernel/apic/x2apic_phys.c | 1 + arch/x86/kernel/cpu/common.c | 12 - arch/x86/kernel/cpu/cyrix.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 648 ++++++++++++------ arch/x86/kernel/cpu/microcode/amd_shas.c | 444 +++++++++++++ arch/x86/kernel/cpu/microcode/core.c | 723 +++++++++++++-------- arch/x86/kernel/cpu/microcode/intel.c | 706 ++++++-------------- arch/x86/kernel/cpu/microcode/internal.h | 49 +- arch/x86/kernel/head32.c | 3 + arch/x86/kernel/head_32.S | 10 - arch/x86/kernel/nmi.c | 9 +- arch/x86/kernel/smpboot.c | 12 +- drivers/firmware/cirrus/cs_dsp.c | 24 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 14 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 3 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 25 +- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 8 +- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 26 +- drivers/i2c/busses/i2c-ls2x.c | 16 +- drivers/i2c/busses/i2c-npcm7xx.c | 7 + drivers/idle/intel_idle.c | 4 + drivers/infiniband/core/sysfs.c | 4 + drivers/infiniband/core/uverbs_std_types_device.c | 3 +- drivers/infiniband/core/verbs.c | 3 + drivers/infiniband/hw/mana/main.c | 2 +- drivers/infiniband/hw/mlx5/ah.c | 3 +- drivers/infiniband/hw/mlx5/counters.c | 8 +- drivers/infiniband/hw/mlx5/qp.c | 10 +- drivers/infiniband/hw/mlx5/qp.h | 1 + drivers/net/ethernet/cadence/macb.h | 2 + drivers/net/ethernet/cadence/macb_main.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 100 ++- drivers/net/ethernet/google/gve/gve.h | 10 + drivers/net/ethernet/google/gve/gve_main.c | 6 +- drivers/net/ethernet/intel/ice/ice.h | 1 + drivers/net/ethernet/intel/ice/ice_common.c | 65 +- drivers/net/ethernet/intel/ice/ice_devids.h | 10 +- drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 24 +- drivers/net/ethernet/intel/ice/ice_hw_autogen.h | 55 +- drivers/net/ethernet/intel/ice/ice_lib.c | 3 + drivers/net/ethernet/intel/ice/ice_main.c | 37 +- drivers/net/ethernet/intel/ice/ice_sriov.c | 4 +- drivers/net/ethernet/intel/ice/ice_type.h | 3 +- drivers/net/ethernet/intel/ice/ice_vf_lib.c | 34 +- .../net/ethernet/intel/ice/ice_vf_lib_private.h | 1 + drivers/net/ethernet/intel/ice/ice_vf_mbx.c | 32 + drivers/net/ethernet/intel/ice/ice_vf_mbx.h | 9 + drivers/net/ethernet/intel/ice/ice_virtchnl.c | 8 +- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 29 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 2 +- drivers/net/ethernet/ti/icssg/icss_iep.c | 35 +- drivers/net/ipvlan/ipvlan_core.c | 24 +- drivers/net/loopback.c | 14 + drivers/net/usb/gl620a.c | 4 +- drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 5 +- drivers/phy/samsung/phy-exynos5-usbdrd.c | 12 +- drivers/phy/tegra/xusb-tegra186.c | 11 + drivers/platform/x86/intel/ifs/load.c | 8 +- drivers/scsi/scsi_lib.c | 14 +- drivers/ufs/core/ufs_bsg.c | 6 +- drivers/ufs/core/ufshcd.c | 112 +++- fs/afs/cell.c | 1 + fs/afs/internal.h | 23 +- fs/afs/server.c | 1 + fs/afs/server_list.c | 114 +++- fs/afs/vl_alias.c | 2 +- fs/afs/volume.c | 36 +- fs/overlayfs/copy_up.c | 2 +- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/rcuref.h | 9 +- include/linux/sunrpc/sched.h | 17 +- include/net/dst.h | 9 + include/net/ip.h | 5 + include/net/route.h | 5 +- include/rdma/ib_verbs.h | 2 + include/trace/events/icmp.h | 67 ++ include/trace/events/sunrpc.h | 3 +- include/uapi/rdma/ib_user_ioctl_verbs.h | 3 +- include/ufs/ufs.h | 13 + include/ufs/ufshcd.h | 4 + io_uring/net.c | 4 +- kernel/events/core.c | 31 +- kernel/events/uprobes.c | 5 + kernel/sched/core.c | 2 +- kernel/trace/ftrace.c | 27 +- kernel/trace/trace_events_hist.c | 34 +- lib/rcuref.c | 5 +- net/bluetooth/l2cap_core.c | 9 +- net/bridge/br_netfilter_hooks.c | 8 +- net/core/gro.c | 1 + net/core/skbuff.c | 2 +- net/core/sysctl_net_core.c | 3 +- net/ipv4/icmp.c | 24 +- net/ipv4/ip_options.c | 3 +- net/ipv4/tcp_minisocks.c | 10 +- net/ipv6/ip6_tunnel.c | 4 +- net/ipv6/rpl_iptunnel.c | 58 +- net/ipv6/seg6_iptunnel.c | 97 ++- net/mptcp/pm_netlink.c | 5 - net/mptcp/subflow.c | 15 +- net/rxrpc/rxperf.c | 12 + net/sunrpc/cache.c | 10 +- net/sunrpc/sched.c | 2 - net/sunrpc/xprtsock.c | 10 +- sound/pci/hda/patch_realtek.c | 32 +- sound/soc/codecs/es8328.c | 15 +- sound/usb/midi.c | 2 +- sound/usb/quirks.c | 1 + tools/testing/selftests/rseq/rseq-riscv-bits.h | 6 +- tools/testing/selftests/rseq/rseq-riscv.h | 2 +- tools/tracing/rtla/src/timerlat_hist.c | 2 +- tools/tracing/rtla/src/timerlat_top.c | 2 +- 131 files changed, 2896 insertions(+), 1568 deletions(-)

3 months, 2 weeks

9
149
0 0

[PATCH v2 0/3] media: uvcvideo: Introduce V4L2_META_FMT_UVC_CUSTOM + other meta fixes

by Ricardo Ribalda

This series introduces a new metadata format for UVC cameras and adds a couple of improvements to the UVC metadata handling. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Changes in v2: - Add metadata invalid fix - Move doc note to a separate patch - Introuce V4L2_META_FMT_UVC_CUSTOM (thanks HdG!). - Link to v1: https://lore.kernel.org/r/20250226-uvc-metadata-v1-1-6cd6fe5ec2cb@chromium.… --- Ricardo Ribalda (3): media: uvcvideo: Do not mark valid metadata as invalid media: Documentation: Add note about UVCH length field media: uvcvideo: Introduce V4L2_META_FMT_UVC_CUSTOM .../userspace-api/media/v4l/meta-formats.rst | 1 + .../userspace-api/media/v4l/metafmt-uvc-custom.rst | 30 ++++++++++++++++ .../userspace-api/media/v4l/metafmt-uvc.rst | 4 ++- MAINTAINERS | 1 + drivers/media/usb/uvc/uvc_metadata.c | 40 ++++++++++++++++++---- drivers/media/usb/uvc/uvc_video.c | 12 +++---- drivers/media/v4l2-core/v4l2-ioctl.c | 1 + include/uapi/linux/videodev2.h | 1 + 8 files changed, 77 insertions(+), 13 deletions(-) --- base-commit: 36cef585e2a31e4ddf33a004b0584a7a572246de change-id: 20250226-uvc-metadata-2e7e445966de Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

3 months, 2 weeks

1
1
0 0

[PATCH 03/15] usb: xhci: Don't skip on Stopped - Length Invalid

by Mathias Nyman

From: Michal Pecio <michal.pecio(a)gmail.com> Up until commit d56b0b2ab142 ("usb: xhci: ensure skipped isoc TDs are returned when isoc ring is stopped") in v6.11, the driver didn't skip missed isochronous TDs when handling Stoppend and Stopped - Length Invalid events. Instead, it erroneously cleared the skip flag, which would cause the ring to get stuck, as future events won't match the missed TD which is never removed from the queue until it's cancelled. This buggy logic seems to have been in place substantially unchanged since the 3.x series over 10 years ago, which probably speaks first and foremost about relative rarity of this case in normal usage, but by the spec I see no reason why it shouldn't be possible. After d56b0b2ab142, TDs are immediately skipped when handling those Stopped events. This poses a potential problem in case of Stopped - Length Invalid, which occurs either on completed TDs (likely already given back) or Link and No-Op TRBs. Such event won't be recognized as matching any TD (unless it's the rare Link TRB inside a TD) and will result in skipping all pending TDs, giving them back possibly before they are done, risking isoc data loss and maybe UAF by HW. As a compromise, don't skip and don't clear the skip flag on this kind of event. Then the next event will skip missed TDs. A downside of not handling Stopped - Length Invalid on a Link inside a TD is that if the TD is cancelled, its actual length will not be updated to account for TRBs (silently) completed before the TD was stopped. I had no luck producing this sequence of completion events so there is no compelling demonstration of any resulting disaster. It may be a very rare, obscure condition. The sole motivation for this patch is that if such unlikely event does occur, I'd rather risk reporting a cancelled partially done isoc frame as empty than gamble with UAF. This will be fixed more properly by looking at Stopped event's TRB pointer when making skipping decisions, but such rework is unlikely to be backported to v6.12, which will stay around for a few years. Fixes: d56b0b2ab142 ("usb: xhci: ensure skipped isoc TDs are returned when isoc ring is stopped") Cc: stable(a)vger.kernel.org Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-ring.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 23cf20026359..6fb48d30ec21 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -2828,6 +2828,10 @@ static int handle_tx_event(struct xhci_hcd *xhci, if (!ep_seg) { if (ep->skip && usb_endpoint_xfer_isoc(&td->urb->ep->desc)) { + /* this event is unlikely to match any TD, don't skip them all */ + if (trb_comp_code == COMP_STOPPED_LENGTH_INVALID) + return 0; + skip_isoc_td(xhci, td, ep, status); if (!list_empty(&ep_ring->td_list)) continue; -- 2.43.0

3 months, 2 weeks

2
3
0 0

[PATCH v2 0/4] samsung: pinctrl: Add support for eint_fltcon_offset and filter selection on gs101

by Peter Griffin

Hi folks, This series fixes support for correctly saving and restoring fltcon0 and fltcon1 registers on gs101 for non-alive banks where the fltcon register offset is not at a fixed offset (unlike previous SoCs). This is done by adding a eint_fltcon_offset and providing GS101 specific pin macros that take an additional parameter (similar to how exynosautov920 handles it's eint_con_offset). Additionally the SoC specific suspend and resume callbacks are re-factored so that each SoC variant has it's own callback containing the peculiarities for that SoC. Finally support for filter selection on alive banks is added, this is currently only enabled for gs101. The code path can be excercised using `echo mem > /sys/power/state` regards, Peter To: Krzysztof Kozlowski <krzk(a)kernel.org> To: Sylwester Nawrocki <s.nawrocki(a)samsung.com> To: Alim Akhtar <alim.akhtar(a)samsung.com> To: Linus Walleij <linus.walleij(a)linaro.org> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-samsung-soc(a)vger.kernel.org Cc: linux-gpio(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: andre.draszik(a)linaro.org Cc: tudor.ambarus(a)linaro.org Cc: willmcvicker(a)google.com Cc: semen.protsenko(a)linaro.org Cc: kernel-team(a)android.com Cc: jaewon02.kim(a)samsung.com Signed-off-by: Peter Griffin <peter.griffin(a)linaro.org> --- Changes in v2: - Remove eint_flt_selectable bool as it can be deduced from EINT_TYPE_WKUP (Peter) - Move filter config register comment to header file (Andre) - Rename EXYNOS_FLTCON_DELAY to EXYNOS_FLTCON_ANALOG (Andre) - Remove misleading old comment (Andre) - Refactor exynos_eint_update_flt_reg() into a loop (Andre) - Split refactor of suspend/resume callbacks & gs101 parts into separate patches (Andre) - Link to v1: https://lore.kernel.org/r/20250120-pinctrl-fltcon-suspend-v1-0-e77900b2a854… --- Peter Griffin (4): pinctrl: samsung: add support for eint_fltcon_offset pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks pinctrl: samsung: add gs101 specific eint suspend/resume callbacks pinctrl: samsung: Add filter selection support for alive bank on gs101 drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 150 ++++++------- drivers/pinctrl/samsung/pinctrl-exynos.c | 293 +++++++++++++++---------- drivers/pinctrl/samsung/pinctrl-exynos.h | 51 ++++- drivers/pinctrl/samsung/pinctrl-samsung.c | 12 +- drivers/pinctrl/samsung/pinctrl-samsung.h | 12 +- 5 files changed, 321 insertions(+), 197 deletions(-) --- base-commit: f7da3699c901aea6a009d38116d24c67a4c9662e change-id: 20250120-pinctrl-fltcon-suspend-2333a137c4d4 Best regards, -- Peter Griffin <peter.griffin(a)linaro.org>

3 months, 2 weeks

2
4
0 0

[PATCH 13/15] usb: xhci: Apply the link chain quirk on NEC isoc endpoints

by Mathias Nyman

From: Michal Pecio <michal.pecio(a)gmail.com> Two clearly different specimens of NEC uPD720200 (one with start/stop bug, one without) were seen to cause IOMMU faults after some Missed Service Errors. Faulting address is immediately after a transfer ring segment and patched dynamic debug messages revealed that the MSE was received when waiting for a TD near the end of that segment: [ 1.041954] xhci_hcd: Miss service interval error for slot 1 ep 2 expected TD DMA ffa08fe0 [ 1.042120] xhci_hcd: AMD-Vi: Event logged [IO_PAGE_FAULT domain=0x0005 address=0xffa09000 flags=0x0000] [ 1.042146] xhci_hcd: AMD-Vi: Event logged [IO_PAGE_FAULT domain=0x0005 address=0xffa09040 flags=0x0000] It gets even funnier if the next page is a ring segment accessible to the HC. Below, it reports MSE in segment at ff1e8000, plows through a zero-filled page at ff1e9000 and starts reporting events for TRBs in page at ff1ea000 every microframe, instead of jumping to seg ff1e6000. [ 7.041671] xhci_hcd: Miss service interval error for slot 1 ep 2 expected TD DMA ff1e8fe0 [ 7.041999] xhci_hcd: Miss service interval error for slot 1 ep 2 expected TD DMA ff1e8fe0 [ 7.042011] xhci_hcd: WARN: buffer overrun event for slot 1 ep 2 on endpoint [ 7.042028] xhci_hcd: All TDs skipped for slot 1 ep 2. Clear skip flag. [ 7.042134] xhci_hcd: WARN: buffer overrun event for slot 1 ep 2 on endpoint [ 7.042138] xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2 comp_code 31 [ 7.042144] xhci_hcd: Looking for event-dma 00000000ff1ea040 trb-start 00000000ff1e6820 trb-end 00000000ff1e6820 [ 7.042259] xhci_hcd: WARN: buffer overrun event for slot 1 ep 2 on endpoint [ 7.042262] xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2 comp_code 31 [ 7.042266] xhci_hcd: Looking for event-dma 00000000ff1ea050 trb-start 00000000ff1e6820 trb-end 00000000ff1e6820 At some point completion events change from Isoch Buffer Overrun to Short Packet and the HC finally finds cycle bit mismatch in ff1ec000. [ 7.098130] xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2 comp_code 13 [ 7.098132] xhci_hcd: Looking for event-dma 00000000ff1ecc50 trb-start 00000000ff1e6820 trb-end 00000000ff1e6820 [ 7.098254] xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2 comp_code 13 [ 7.098256] xhci_hcd: Looking for event-dma 00000000ff1ecc60 trb-start 00000000ff1e6820 trb-end 00000000ff1e6820 [ 7.098379] xhci_hcd: Overrun event on slot 1 ep 2 It's possible that data from the isochronous device were written to random buffers of pending TDs on other endpoints (either IN or OUT), other devices or even other HCs in the same IOMMU domain. Lastly, an error from a different USB device on another HC. Was it caused by the above? I don't know, but it may have been. The disk was working without any other issues and generated PCIe traffic to starve the NEC of upstream BW and trigger those MSEs. The two HCs shared one x1 slot by means of a commercial "PCIe splitter" board. [ 7.162604] usb 10-2: reset SuperSpeed USB device number 3 using xhci_hcd [ 7.178990] sd 9:0:0:0: [sdb] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x07 driverbyte=DRIVER_OK cmd_age=0s [ 7.179001] sd 9:0:0:0: [sdb] tag#0 CDB: opcode=0x28 28 00 04 02 ae 00 00 02 00 00 [ 7.179004] I/O error, dev sdb, sector 67284480 op 0x0:(READ) flags 0x80700 phys_seg 5 prio class 0 Fortunately, it appears that this ridiculous bug is avoided by setting the chain bit of Link TRBs on isochronous rings. Other ancient HCs are known which also expect the bit to be set and they ignore Link TRBs if it's not. Reportedly, 0.95 spec guaranteed that the bit is set. The bandwidth-starved NEC HC running a 32KB/uframe UVC endpoint reports tens of MSEs per second and runs into the bug within seconds. Chaining Link TRBs allows the same workload to run for many minutes, many times. No negative side effects seen in UVC recording and UAC playback with a few devices at full speed, high speed and SuperSpeed. The problem doesn't reproduce on the newer Renesas uPD720201/uPD720202 and on old Etron EJ168 and VIA VL805 (but the VL805 has other bug). [shorten line length of log snippets in commit messge -Mathias] Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.h | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 4ee14f651d36..d9d7cd1906f3 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1760,11 +1760,20 @@ static inline void xhci_write_64(struct xhci_hcd *xhci, } -/* Link TRB chain should always be set on 0.95 hosts, and AMD 0.96 ISOC rings */ +/* + * Reportedly, some chapters of v0.95 spec said that Link TRB always has its chain bit set. + * Other chapters and later specs say that it should only be set if the link is inside a TD + * which continues from the end of one segment to the next segment. + * + * Some 0.95 hardware was found to misbehave if any link TRB doesn't have the chain bit set. + * + * 0.96 hardware from AMD and NEC was found to ignore unchained isochronous link TRBs when + * "resynchronizing the pipe" after a Missed Service Error. + */ static inline bool xhci_link_chain_quirk(struct xhci_hcd *xhci, enum xhci_ring_type type) { return (xhci->quirks & XHCI_LINK_TRB_QUIRK) || - (type == TYPE_ISOC && (xhci->quirks & XHCI_AMD_0x96_HOST)); + (type == TYPE_ISOC && (xhci->quirks & (XHCI_AMD_0x96_HOST | XHCI_NEC_HOST))); } /* xHCI debugging */ -- 2.43.0

3 months, 2 weeks

1
0
0 0

[PATCH] drm/amd/display: fix missing .is_two_pixels_per_container

by Aliaksei Urbanski

Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .is_two_pixels_per_container function in dce60_tg_funcs, causes a NULL pointer dereference on PCs with old GPUs, such as R9 280X. So this fix adds missing .is_two_pixels_per_container to dce60_tg_funcs. Reported-by: Rosen Penev <rosenp(a)gmail.com> Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3942 Fixes: e6a901a00822 ("drm/amd/display: use even ODM slice width for two pixels per container") Cc: <stable(a)vger.kernel.org> # 6.11+ Signed-off-by: Aliaksei Urbanski <aliaksei.urbanski(a)gmail.com> --- drivers/gpu/drm/amd/display/dc/dce60/dce60_timing_generator.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/display/dc/dce60/dce60_timing_generator.c b/drivers/gpu/drm/amd/display/dc/dce60/dce60_timing_generator.c index e5fb0e8333..e691a1cf33 100644 --- a/drivers/gpu/drm/amd/display/dc/dce60/dce60_timing_generator.c +++ b/drivers/gpu/drm/amd/display/dc/dce60/dce60_timing_generator.c @@ -239,6 +239,7 @@ static const struct timing_generator_funcs dce60_tg_funcs = { dce60_timing_generator_enable_advanced_request, .configure_crc = dce60_configure_crc, .get_crc = dce110_get_crc, + .is_two_pixels_per_container = dce110_is_two_pixels_per_container, }; void dce60_timing_generator_construct( -- 2.48.1

3 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] mm: hugetlb: Add huge page size param to" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 02410ac72ac3707936c07ede66e94360d0d65319 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030436-duress-catering-8bc9@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 02410ac72ac3707936c07ede66e94360d0d65319 Mon Sep 17 00:00:00 2001 From: Ryan Roberts <ryan.roberts(a)arm.com> Date: Wed, 26 Feb 2025 12:06:51 +0000 Subject: [PATCH] mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() In order to fix a bug, arm64 needs to be told the size of the huge page for which the huge_pte is being cleared in huge_ptep_get_and_clear(). Provide for this by adding an `unsigned long sz` parameter to the function. This follows the same pattern as huge_pte_clear() and set_huge_pte_at(). This commit makes the required interface modifications to the core mm as well as all arches that implement this function (arm64, loongarch, mips, parisc, powerpc, riscv, s390, sparc). The actual arm64 bug will be fixed in a separate commit. Cc: stable(a)vger.kernel.org Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit") Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> # riscv Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: Alexander Gordeev <agordeev(a)linux.ibm.com> # s390 Link: https://lore.kernel.org/r/20250226120656.2400136-2-ryan.roberts@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h index c6dff3e69539..03db9cb21ace 100644 --- a/arch/arm64/include/asm/hugetlb.h +++ b/arch/arm64/include/asm/hugetlb.h @@ -42,8 +42,8 @@ extern int huge_ptep_set_access_flags(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, pte_t pte, int dirty); #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); +extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_SET_WRPROTECT extern void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep); diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c index 98a2a0e64e25..06db4649af91 100644 --- a/arch/arm64/mm/hugetlbpage.c +++ b/arch/arm64/mm/hugetlbpage.c @@ -396,8 +396,8 @@ void huge_pte_clear(struct mm_struct *mm, unsigned long addr, __pte_clear(mm, addr, ptep); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz) { int ncontig; size_t pgsize; @@ -549,6 +549,8 @@ bool __init arch_hugetlb_valid_size(unsigned long size) pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { + unsigned long psize = huge_page_size(hstate_vma(vma)); + if (alternative_has_cap_unlikely(ARM64_WORKAROUND_2645198)) { /* * Break-before-make (BBM) is required for all user space mappings @@ -558,7 +560,7 @@ pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr if (pte_user_exec(__ptep_get(ptep))) return huge_ptep_clear_flush(vma, addr, ptep); } - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } void huge_ptep_modify_prot_commit(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, diff --git a/arch/loongarch/include/asm/hugetlb.h b/arch/loongarch/include/asm/hugetlb.h index c8e4057734d0..4dc4b3e04225 100644 --- a/arch/loongarch/include/asm/hugetlb.h +++ b/arch/loongarch/include/asm/hugetlb.h @@ -36,7 +36,8 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = ptep_get(ptep); @@ -51,8 +52,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/mips/include/asm/hugetlb.h b/arch/mips/include/asm/hugetlb.h index d0a86ce83de9..fbc71ddcf0f6 100644 --- a/arch/mips/include/asm/hugetlb.h +++ b/arch/mips/include/asm/hugetlb.h @@ -27,7 +27,8 @@ static inline int prepare_hugepage_range(struct file *file, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = *ptep; @@ -42,13 +43,14 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); /* * clear the huge pte entry firstly, so that the other smp threads will * not get old pte entry after finishing flush_tlb_page and before * setting new huge pte entry */ - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/parisc/include/asm/hugetlb.h b/arch/parisc/include/asm/hugetlb.h index 5b3a5429f71b..21e9ace17739 100644 --- a/arch/parisc/include/asm/hugetlb.h +++ b/arch/parisc/include/asm/hugetlb.h @@ -10,7 +10,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c index e9d18cf25b79..a94fe546d434 100644 --- a/arch/parisc/mm/hugetlbpage.c +++ b/arch/parisc/mm/hugetlbpage.c @@ -126,7 +126,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t entry; diff --git a/arch/powerpc/include/asm/hugetlb.h b/arch/powerpc/include/asm/hugetlb.h index dad2e7980f24..86326587e58d 100644 --- a/arch/powerpc/include/asm/hugetlb.h +++ b/arch/powerpc/include/asm/hugetlb.h @@ -45,7 +45,8 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { return __pte(pte_update(mm, addr, ptep, ~0UL, 0, 1)); } @@ -55,8 +56,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_hugetlb_page(vma, addr); return pte; } diff --git a/arch/riscv/include/asm/hugetlb.h b/arch/riscv/include/asm/hugetlb.h index faf3624d8057..446126497768 100644 --- a/arch/riscv/include/asm/hugetlb.h +++ b/arch/riscv/include/asm/hugetlb.h @@ -28,7 +28,8 @@ void set_huge_pte_at(struct mm_struct *mm, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); + unsigned long addr, pte_t *ptep, + unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/riscv/mm/hugetlbpage.c b/arch/riscv/mm/hugetlbpage.c index 42314f093922..b4a78a4b35cf 100644 --- a/arch/riscv/mm/hugetlbpage.c +++ b/arch/riscv/mm/hugetlbpage.c @@ -293,7 +293,7 @@ int huge_ptep_set_access_flags(struct vm_area_struct *vma, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t orig_pte = ptep_get(ptep); int pte_num; diff --git a/arch/s390/include/asm/hugetlb.h b/arch/s390/include/asm/hugetlb.h index 7c52acaf9f82..663e87220e89 100644 --- a/arch/s390/include/asm/hugetlb.h +++ b/arch/s390/include/asm/hugetlb.h @@ -25,8 +25,16 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep); +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep); + #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep); +static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep, + unsigned long sz) +{ + return __huge_ptep_get_and_clear(mm, addr, ptep); +} static inline void arch_clear_hugetlb_flags(struct folio *folio) { @@ -48,7 +56,7 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long address, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, address, ptep); + return __huge_ptep_get_and_clear(vma->vm_mm, address, ptep); } #define __HAVE_ARCH_HUGE_PTEP_SET_ACCESS_FLAGS @@ -59,7 +67,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, int changed = !pte_same(huge_ptep_get(vma->vm_mm, addr, ptep), pte); if (changed) { - huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + __huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); __set_huge_pte_at(vma->vm_mm, addr, ptep, pte); } return changed; @@ -69,7 +77,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, static inline void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { - pte_t pte = huge_ptep_get_and_clear(mm, addr, ptep); + pte_t pte = __huge_ptep_get_and_clear(mm, addr, ptep); __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(pte)); } diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c index d9ce199953de..2e568f175cd4 100644 --- a/arch/s390/mm/hugetlbpage.c +++ b/arch/s390/mm/hugetlbpage.c @@ -188,8 +188,8 @@ pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep) return __rste_to_pte(pte_val(*ptep)); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep) { pte_t pte = huge_ptep_get(mm, addr, ptep); pmd_t *pmdp = (pmd_t *) ptep; diff --git a/arch/sparc/include/asm/hugetlb.h b/arch/sparc/include/asm/hugetlb.h index c714ca6a05aa..e7a9cdd498dc 100644 --- a/arch/sparc/include/asm/hugetlb.h +++ b/arch/sparc/include/asm/hugetlb.h @@ -20,7 +20,7 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c index eee601a0d2cf..80504148d8a5 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c @@ -260,7 +260,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, } pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { unsigned int i, nptes, orig_shift, shift; unsigned long size; diff --git a/include/asm-generic/hugetlb.h b/include/asm-generic/hugetlb.h index f42133dae68e..2afc95bf1655 100644 --- a/include/asm-generic/hugetlb.h +++ b/include/asm-generic/hugetlb.h @@ -90,7 +90,7 @@ static inline void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #ifndef __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, unsigned long sz) { return ptep_get_and_clear(mm, addr, ptep); } diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..bf5f7256bd28 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -1004,7 +1004,9 @@ static inline void hugetlb_count_sub(long l, struct mm_struct *mm) static inline pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + unsigned long psize = huge_page_size(hstate_vma(vma)); + + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } #endif diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 65068671e460..de9d49e521c1 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5447,7 +5447,7 @@ static void move_huge_pte(struct vm_area_struct *vma, unsigned long old_addr, if (src_ptl != dst_ptl) spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); - pte = huge_ptep_get_and_clear(mm, old_addr, src_pte); + pte = huge_ptep_get_and_clear(mm, old_addr, src_pte, sz); if (need_clear_uffd_wp && pte_marker_uffd_wp(pte)) huge_pte_clear(mm, new_addr, dst_pte, sz); @@ -5622,7 +5622,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, set_vma_resv_flags(vma, HPAGE_RESV_UNMAPPED); } - pte = huge_ptep_get_and_clear(mm, address, ptep); + pte = huge_ptep_get_and_clear(mm, address, ptep, sz); tlb_remove_huge_tlb_entry(h, tlb, ptep, address); if (huge_pte_dirty(pte)) set_page_dirty(page);

3 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] mm: hugetlb: Add huge page size param to" failed to apply to 6.13-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.13-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y git checkout FETCH_HEAD git cherry-pick -x 02410ac72ac3707936c07ede66e94360d0d65319 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030435-amuck-tapestry-d86d@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 02410ac72ac3707936c07ede66e94360d0d65319 Mon Sep 17 00:00:00 2001 From: Ryan Roberts <ryan.roberts(a)arm.com> Date: Wed, 26 Feb 2025 12:06:51 +0000 Subject: [PATCH] mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() In order to fix a bug, arm64 needs to be told the size of the huge page for which the huge_pte is being cleared in huge_ptep_get_and_clear(). Provide for this by adding an `unsigned long sz` parameter to the function. This follows the same pattern as huge_pte_clear() and set_huge_pte_at(). This commit makes the required interface modifications to the core mm as well as all arches that implement this function (arm64, loongarch, mips, parisc, powerpc, riscv, s390, sparc). The actual arm64 bug will be fixed in a separate commit. Cc: stable(a)vger.kernel.org Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit") Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> # riscv Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: Alexander Gordeev <agordeev(a)linux.ibm.com> # s390 Link: https://lore.kernel.org/r/20250226120656.2400136-2-ryan.roberts@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/include/asm/hugetlb.h b/arch/arm64/include/asm/hugetlb.h index c6dff3e69539..03db9cb21ace 100644 --- a/arch/arm64/include/asm/hugetlb.h +++ b/arch/arm64/include/asm/hugetlb.h @@ -42,8 +42,8 @@ extern int huge_ptep_set_access_flags(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, pte_t pte, int dirty); #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); +extern pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_SET_WRPROTECT extern void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep); diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c index 98a2a0e64e25..06db4649af91 100644 --- a/arch/arm64/mm/hugetlbpage.c +++ b/arch/arm64/mm/hugetlbpage.c @@ -396,8 +396,8 @@ void huge_pte_clear(struct mm_struct *mm, unsigned long addr, __pte_clear(mm, addr, ptep); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, unsigned long sz) { int ncontig; size_t pgsize; @@ -549,6 +549,8 @@ bool __init arch_hugetlb_valid_size(unsigned long size) pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { + unsigned long psize = huge_page_size(hstate_vma(vma)); + if (alternative_has_cap_unlikely(ARM64_WORKAROUND_2645198)) { /* * Break-before-make (BBM) is required for all user space mappings @@ -558,7 +560,7 @@ pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr if (pte_user_exec(__ptep_get(ptep))) return huge_ptep_clear_flush(vma, addr, ptep); } - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } void huge_ptep_modify_prot_commit(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep, diff --git a/arch/loongarch/include/asm/hugetlb.h b/arch/loongarch/include/asm/hugetlb.h index c8e4057734d0..4dc4b3e04225 100644 --- a/arch/loongarch/include/asm/hugetlb.h +++ b/arch/loongarch/include/asm/hugetlb.h @@ -36,7 +36,8 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = ptep_get(ptep); @@ -51,8 +52,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/mips/include/asm/hugetlb.h b/arch/mips/include/asm/hugetlb.h index d0a86ce83de9..fbc71ddcf0f6 100644 --- a/arch/mips/include/asm/hugetlb.h +++ b/arch/mips/include/asm/hugetlb.h @@ -27,7 +27,8 @@ static inline int prepare_hugepage_range(struct file *file, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { pte_t clear; pte_t pte = *ptep; @@ -42,13 +43,14 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); /* * clear the huge pte entry firstly, so that the other smp threads will * not get old pte entry after finishing flush_tlb_page and before * setting new huge pte entry */ - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_tlb_page(vma, addr); return pte; } diff --git a/arch/parisc/include/asm/hugetlb.h b/arch/parisc/include/asm/hugetlb.h index 5b3a5429f71b..21e9ace17739 100644 --- a/arch/parisc/include/asm/hugetlb.h +++ b/arch/parisc/include/asm/hugetlb.h @@ -10,7 +10,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c index e9d18cf25b79..a94fe546d434 100644 --- a/arch/parisc/mm/hugetlbpage.c +++ b/arch/parisc/mm/hugetlbpage.c @@ -126,7 +126,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t entry; diff --git a/arch/powerpc/include/asm/hugetlb.h b/arch/powerpc/include/asm/hugetlb.h index dad2e7980f24..86326587e58d 100644 --- a/arch/powerpc/include/asm/hugetlb.h +++ b/arch/powerpc/include/asm/hugetlb.h @@ -45,7 +45,8 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, + unsigned long sz) { return __pte(pte_update(mm, addr, ptep, ~0UL, 0, 1)); } @@ -55,8 +56,9 @@ static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { pte_t pte; + unsigned long sz = huge_page_size(hstate_vma(vma)); - pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + pte = huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, sz); flush_hugetlb_page(vma, addr); return pte; } diff --git a/arch/riscv/include/asm/hugetlb.h b/arch/riscv/include/asm/hugetlb.h index faf3624d8057..446126497768 100644 --- a/arch/riscv/include/asm/hugetlb.h +++ b/arch/riscv/include/asm/hugetlb.h @@ -28,7 +28,8 @@ void set_huge_pte_at(struct mm_struct *mm, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep); + unsigned long addr, pte_t *ptep, + unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/riscv/mm/hugetlbpage.c b/arch/riscv/mm/hugetlbpage.c index 42314f093922..b4a78a4b35cf 100644 --- a/arch/riscv/mm/hugetlbpage.c +++ b/arch/riscv/mm/hugetlbpage.c @@ -293,7 +293,7 @@ int huge_ptep_set_access_flags(struct vm_area_struct *vma, pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { pte_t orig_pte = ptep_get(ptep); int pte_num; diff --git a/arch/s390/include/asm/hugetlb.h b/arch/s390/include/asm/hugetlb.h index 7c52acaf9f82..663e87220e89 100644 --- a/arch/s390/include/asm/hugetlb.h +++ b/arch/s390/include/asm/hugetlb.h @@ -25,8 +25,16 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep); +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep); + #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep); +static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep, + unsigned long sz) +{ + return __huge_ptep_get_and_clear(mm, addr, ptep); +} static inline void arch_clear_hugetlb_flags(struct folio *folio) { @@ -48,7 +56,7 @@ static inline void huge_pte_clear(struct mm_struct *mm, unsigned long addr, static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, unsigned long address, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, address, ptep); + return __huge_ptep_get_and_clear(vma->vm_mm, address, ptep); } #define __HAVE_ARCH_HUGE_PTEP_SET_ACCESS_FLAGS @@ -59,7 +67,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, int changed = !pte_same(huge_ptep_get(vma->vm_mm, addr, ptep), pte); if (changed) { - huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + __huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); __set_huge_pte_at(vma->vm_mm, addr, ptep, pte); } return changed; @@ -69,7 +77,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, static inline void huge_ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { - pte_t pte = huge_ptep_get_and_clear(mm, addr, ptep); + pte_t pte = __huge_ptep_get_and_clear(mm, addr, ptep); __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(pte)); } diff --git a/arch/s390/mm/hugetlbpage.c b/arch/s390/mm/hugetlbpage.c index d9ce199953de..2e568f175cd4 100644 --- a/arch/s390/mm/hugetlbpage.c +++ b/arch/s390/mm/hugetlbpage.c @@ -188,8 +188,8 @@ pte_t huge_ptep_get(struct mm_struct *mm, unsigned long addr, pte_t *ptep) return __rste_to_pte(pte_val(*ptep)); } -pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) +pte_t __huge_ptep_get_and_clear(struct mm_struct *mm, + unsigned long addr, pte_t *ptep) { pte_t pte = huge_ptep_get(mm, addr, ptep); pmd_t *pmdp = (pmd_t *) ptep; diff --git a/arch/sparc/include/asm/hugetlb.h b/arch/sparc/include/asm/hugetlb.h index c714ca6a05aa..e7a9cdd498dc 100644 --- a/arch/sparc/include/asm/hugetlb.h +++ b/arch/sparc/include/asm/hugetlb.h @@ -20,7 +20,7 @@ void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #define __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep); + pte_t *ptep, unsigned long sz); #define __HAVE_ARCH_HUGE_PTEP_CLEAR_FLUSH static inline pte_t huge_ptep_clear_flush(struct vm_area_struct *vma, diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c index eee601a0d2cf..80504148d8a5 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c @@ -260,7 +260,7 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, } pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) + pte_t *ptep, unsigned long sz) { unsigned int i, nptes, orig_shift, shift; unsigned long size; diff --git a/include/asm-generic/hugetlb.h b/include/asm-generic/hugetlb.h index f42133dae68e..2afc95bf1655 100644 --- a/include/asm-generic/hugetlb.h +++ b/include/asm-generic/hugetlb.h @@ -90,7 +90,7 @@ static inline void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, #ifndef __HAVE_ARCH_HUGE_PTEP_GET_AND_CLEAR static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) + unsigned long addr, pte_t *ptep, unsigned long sz) { return ptep_get_and_clear(mm, addr, ptep); } diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index ec8c0ccc8f95..bf5f7256bd28 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -1004,7 +1004,9 @@ static inline void hugetlb_count_sub(long l, struct mm_struct *mm) static inline pte_t huge_ptep_modify_prot_start(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { - return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep); + unsigned long psize = huge_page_size(hstate_vma(vma)); + + return huge_ptep_get_and_clear(vma->vm_mm, addr, ptep, psize); } #endif diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 65068671e460..de9d49e521c1 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5447,7 +5447,7 @@ static void move_huge_pte(struct vm_area_struct *vma, unsigned long old_addr, if (src_ptl != dst_ptl) spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); - pte = huge_ptep_get_and_clear(mm, old_addr, src_pte); + pte = huge_ptep_get_and_clear(mm, old_addr, src_pte, sz); if (need_clear_uffd_wp && pte_marker_uffd_wp(pte)) huge_pte_clear(mm, new_addr, dst_pte, sz); @@ -5622,7 +5622,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, set_vma_resv_flags(vma, HPAGE_RESV_UNMAPPED); } - pte = huge_ptep_get_and_clear(mm, address, ptep); + pte = huge_ptep_get_and_clear(mm, address, ptep, sz); tlb_remove_huge_tlb_entry(h, tlb, ptep, address); if (huge_pte_dirty(pte)) set_page_dirty(page);

3 months, 2 weeks

2
2
0 0

[PATCH v1] usb: core: fix pipe creation for get_bMaxPacketSize0

by Stefan Eichenberger

From: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> When usb_control_msg is used in the get_bMaxPacketSize0 function, the USB pipe does not include the endpoint device number. This can cause failures when a usb hub port is reinitialized after encountering a bad cable connection. As a result, the system logs the following error messages: usb usb2-port1: cannot reset (err = -32) usb usb2-port1: Cannot enable. Maybe the USB cable is bad? usb usb2-port1: attempt power cycle usb 2-1: new high-speed USB device number 5 using ci_hdrc usb 2-1: device descriptor read/8, error -71 The problem began after commit 85d07c556216 ("USB: core: Unite old scheme and new scheme descriptor reads"). There usb_get_device_descriptor was replaced with get_bMaxPacketSize0. Unlike usb_get_device_descriptor, the get_bMaxPacketSize0 function uses the macro usb_rcvaddr0pipe, which does not include the endpoint device number. usb_get_device_descriptor, on the other hand, used the macro usb_rcvctrlpipe, which includes the endpoint device number. By modifying the get_bMaxPacketSize0 function to use usb_rcvctrlpipe instead of usb_rcvaddr0pipe, the issue can be resolved. This change will ensure that the endpoint device number is included in the USB pipe, preventing reinitialization failures. If the endpoint has not set the device number yet, it will still work because the device number is 0 in udev. Cc: stable(a)vger.kernel.org Fixes: 85d07c556216 ("USB: core: Unite old scheme and new scheme descriptor reads") Signed-off-by: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> --- Before commit 85d07c556216 ("USB: core: Unite old scheme and new scheme descriptor reads") usb_rcvaddr0pipe was used in hub_port_init. With this proposed change, usb_rcvctrlpipe will be used which includes devnum for the pipe. I'm not sure if this might have some side effects. However, my understanding is that devnum is set to the right value (might also be 0 if not initialised) before get_bMaxPacketSize0 is called. Therefore, this should work but please let me know if I'm wrong on this. --- drivers/usb/core/hub.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index c3f839637cb5..59e38780f76d 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -4698,7 +4698,6 @@ void usb_ep0_reinit(struct usb_device *udev) EXPORT_SYMBOL_GPL(usb_ep0_reinit); #define usb_sndaddr0pipe() (PIPE_CONTROL << 30) -#define usb_rcvaddr0pipe() ((PIPE_CONTROL << 30) | USB_DIR_IN) static int hub_set_address(struct usb_device *udev, int devnum) { @@ -4804,7 +4803,7 @@ static int get_bMaxPacketSize0(struct usb_device *udev, for (i = 0; i < GET_MAXPACKET0_TRIES; ++i) { /* Start with invalid values in case the transfer fails */ buf->bDescriptorType = buf->bMaxPacketSize0 = 0; - rc = usb_control_msg(udev, usb_rcvaddr0pipe(), + rc = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), USB_REQ_GET_DESCRIPTOR, USB_DIR_IN, USB_DT_DEVICE << 8, 0, buf, size, -- 2.45.2

3 months, 2 weeks

3
4
0 0

[PATCH 5.10.y 0/3] vsock: fix use-after free and null-ptr-deref

by Luigi Leonardi

Hi all, This series backports three upstream commits: - 135ffc7 "bpf, vsock: Invoke proto::close on close()" - fcdd224 "vsock: Keep the binding until socket destruction" - 78dafe1 "vsock: Orphan socket after transport release" Although this version of the kernel does not support sockmap, I think backporting this patch can be useful to reduce conflicts in future backports [1]. It does not harm the system. The comment it introduces in the code can be misleading. I added some words in the commit to explain the situation. The other two commits are untouched, fixing a use-after free[2] and a null-ptr-deref[3] respectively. [1]https://lore.kernel.org/stable/f7lr3ftzo66sl6phlcygh4xx4spga4b6je37fhawjr… [2]https://lore.kernel.org/all/20250128-vsock-transport-vs-autobind-v3-0-1cf… [3]https://lore.kernel.org/all/20250210-vsock-linger-nullderef-v3-0-ef6244d0… Cheers, Luigi To: Stefano Garzarella <sgarzare(a)redhat.com> To: Michal Luczaj <mhal(a)rbox.co> To: stable(a)vger.kernel.org Signed-off-by: Luigi Leonardi <leonardi(a)redhat.com> --- Michal Luczaj (3): bpf, vsock: Invoke proto::close on close() vsock: Keep the binding until socket destruction vsock: Orphan socket after transport release net/vmw_vsock/af_vsock.c | 77 +++++++++++++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 27 deletions(-) --- base-commit: f0a53361993a94f602df6f35e78149ad2ac12c89 change-id: 20250220-backport_fix_5_10-0ae85f834bc4 Best regards, -- Luigi Leonardi <leonardi(a)redhat.com>

3 months, 2 weeks

2
5
0 0

[PATCHv3 perf/core] uprobes: Harden uretprobe syscall trampoline check

by Jiri Olsa

Jann reported [1] possible issue when trampoline_check_ip returns address near the bottom of the address space that is allowed to call into the syscall if uretprobes are not set up. Though the mmap minimum address restrictions will typically prevent creating mappings there, let's make sure uretprobe syscall checks for that. [1] https://lore.kernel.org/bpf/202502081235.5A6F352985@keescook/T/#m9d416df341… Cc: Kees Cook <kees(a)kernel.org> Cc: Eyal Birger <eyal.birger(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe") Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Reported-by: Jann Horn <jannh(a)google.com> Reviewed-by: Oleg Nesterov <oleg(a)redhat.com> Reviewed-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Jiri Olsa <jolsa(a)kernel.org> --- v3 changes: - used ~0UL instead of -1 [Alexei] - used UPROBE_NO_TRAMPOLINE_VADDR in uprobe_get_trampoline_vaddr [Masami] - added unlikely [Andrii] - I kept the review/ack tags, because I think the change is basically the same, please scream otherwise arch/x86/kernel/uprobes.c | 14 +++++++++----- include/linux/uprobes.h | 2 ++ kernel/events/uprobes.c | 2 +- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c index 5a952c5ea66b..9194695662b2 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c @@ -357,19 +357,23 @@ void *arch_uprobe_trampoline(unsigned long *psize) return &insn; } -static unsigned long trampoline_check_ip(void) +static unsigned long trampoline_check_ip(unsigned long tramp) { - unsigned long tramp = uprobe_get_trampoline_vaddr(); - return tramp + (uretprobe_syscall_check - uretprobe_trampoline_entry); } SYSCALL_DEFINE0(uretprobe) { struct pt_regs *regs = task_pt_regs(current); - unsigned long err, ip, sp, r11_cx_ax[3]; + unsigned long err, ip, sp, r11_cx_ax[3], tramp; + + /* If there's no trampoline, we are called from wrong place. */ + tramp = uprobe_get_trampoline_vaddr(); + if (unlikely(tramp == UPROBE_NO_TRAMPOLINE_VADDR)) + goto sigill; - if (regs->ip != trampoline_check_ip()) + /* Make sure the ip matches the only allowed sys_uretprobe caller. */ + if (unlikely(regs->ip != trampoline_check_ip(tramp))) goto sigill; err = copy_from_user(r11_cx_ax, (void __user *)regs->sp, sizeof(r11_cx_ax)); diff --git a/include/linux/uprobes.h b/include/linux/uprobes.h index a40efdda9052..2e46b69ff0a6 100644 --- a/include/linux/uprobes.h +++ b/include/linux/uprobes.h @@ -39,6 +39,8 @@ struct page; #define MAX_URETPROBE_DEPTH 64 +#define UPROBE_NO_TRAMPOLINE_VADDR (~0UL) + struct uprobe_consumer { /* * handler() can return UPROBE_HANDLER_REMOVE to signal the need to diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 597b9e036e5f..c5d6307bc5bc 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -2156,8 +2156,8 @@ void uprobe_copy_process(struct task_struct *t, unsigned long flags) */ unsigned long uprobe_get_trampoline_vaddr(void) { + unsigned long trampoline_vaddr = UPROBE_NO_TRAMPOLINE_VADDR; struct xol_area *area; - unsigned long trampoline_vaddr = -1; /* Pairs with xol_add_vma() smp_store_release() */ area = READ_ONCE(current->mm->uprobes_state.xol_area); /* ^^^ */ -- 2.48.1

3 months, 2 weeks

7
9
0 0

[PATCH] USB: serial: option: match on interface class for Telit FN990B

by Johan Hovold

The device id entries for Telit FN990B ended up matching only on the interface protocol. While this works, the protocol is qualified by the interface class (and subclass) which should have been included. Switch to matching using USB_DEVICE_AND_INTERFACE_INFO() while keeping the entries sorted also by protocol for consistency. Link: https://lore.kernel.org/20250227110655.3647028-2-fabio.porcedda@gmail.com/ Cc: Fabio Porcedda <fabio.porcedda(a)gmail.com> Cc: Daniele Palmas <dnlplm(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/option.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 58bd54e8c483..1ea2870725ac 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1394,22 +1394,22 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(0) | NCTRL(3) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10c8, 0xff), /* Telit FE910C04 (rmnet) */ .driver_info = RSVD(0) | NCTRL(2) | RSVD(3) | RSVD(4) }, - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d0, 0x60) }, /* Telit FN990B (rmnet) */ - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d0, 0x40) }, - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d0, 0x30), + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x30), /* Telit FN990B (rmnet) */ .driver_info = NCTRL(5) }, - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d1, 0x60) }, /* Telit FN990B (MBIM) */ - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d1, 0x40) }, - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d1, 0x30), + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x40) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x60) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x30), /* Telit FN990B (MBIM) */ .driver_info = NCTRL(6) }, - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d2, 0x60) }, /* Telit FN990B (RNDIS) */ - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d2, 0x40) }, - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d2, 0x30), + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x40) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x60) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d2, 0xff, 0xff, 0x30), /* Telit FN990B (RNDIS) */ .driver_info = NCTRL(6) }, - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d3, 0x60) }, /* Telit FN990B (ECM) */ - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d3, 0x40) }, - { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10d3, 0x30), + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d2, 0xff, 0xff, 0x40) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d2, 0xff, 0xff, 0x60) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d3, 0xff, 0xff, 0x30), /* Telit FN990B (ECM) */ .driver_info = NCTRL(6) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d3, 0xff, 0xff, 0x40) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d3, 0xff, 0xff, 0x60) }, { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910), .driver_info = NCTRL(0) | RSVD(1) | RSVD(3) }, { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910_DUAL_MODEM), -- 2.45.3

3 months, 2 weeks

1
0
0 0

[PATCH V2 1/2] USB: serial: option: add Telit Cinterion FE990B compositions

by Fabio Porcedda

Add the following Telit Cinterion FE990B40 compositions: 0x10b0: rmnet + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) + tty (diag) + DPL + QDSS (Qualcomm Debug SubSystem) + adb T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 7 Spd=480 MxCh= 0 D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10b0 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FE990 S: SerialNumber=28c2595e C: #Ifs= 9 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 6 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none) E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none) E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 8 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x10b1: MBIM + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) + tty (diag) + DPL + QDSS (Qualcomm Debug SubSystem) + adb T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 8 Spd=480 MxCh= 0 D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10b1 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FE990 S: SerialNumber=28c2595e C: #Ifs=10 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 6 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none) E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 8 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none) E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 9 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x10b2: RNDIS + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) + tty (diag) + DPL + QDSS (Qualcomm Debug SubSystem) + adb T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 9 Spd=480 MxCh= 0 D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10b2 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FE990 S: SerialNumber=28c2595e C: #Ifs=10 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=ef(misc ) Sub=04 Prot=01 Driver=rndis_host E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 6 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none) E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 8 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none) E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 9 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x10b3: ECM + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) + tty (diag) + DPL + QDSS (Qualcomm Debug SubSystem) + adb T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 11 Spd=480 MxCh= 0 D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10b3 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FE990 S: SerialNumber=28c2595e C: #Ifs=10 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 6 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none) E: Ad=8c(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 8 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none) E: Ad=8d(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 9 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/usb/serial/option.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 58bd54e8c483..8660f7a89b01 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1388,6 +1388,22 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(0) | NCTRL(2) | RSVD(3) | RSVD(4) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10aa, 0xff), /* Telit FN920C04 (MBIM) */ .driver_info = NCTRL(3) | RSVD(4) | RSVD(5) }, + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b0, 0x60) }, /* Telit FE990B (rmnet) */ + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b0, 0x40) }, + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b0, 0x30), + .driver_info = NCTRL(5) }, + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b1, 0x60) }, /* Telit FE990B (MBIM) */ + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b1, 0x40) }, + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b1, 0x30), + .driver_info = NCTRL(6) }, + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b2, 0x60) }, /* Telit FE990B (RNDIS) */ + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b2, 0x40) }, + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b2, 0x30), + .driver_info = NCTRL(6) }, + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b3, 0x60) }, /* Telit FE990B (ECM) */ + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b3, 0x40) }, + { USB_DEVICE_INTERFACE_PROTOCOL(TELIT_VENDOR_ID, 0x10b3, 0x30), + .driver_info = NCTRL(6) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10c0, 0xff), /* Telit FE910C04 (rmnet) */ .driver_info = RSVD(0) | NCTRL(3) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10c4, 0xff), /* Telit FE910C04 (rmnet) */ -- 2.48.1

3 months, 2 weeks

3
2
0 0

[REGRESSION] stable-rc/linux-6.12.y: (boot) NULL pointer dereference at virtual address 00000000000000d0 [logs...

by KernelCI bot

Hello, New boot regression found on stable-rc/linux-6.12.y: --- NULL pointer dereference at virtual address 00000000000000d0 [logspec:generic_linux_boot,linux.kernel.null_pointer_dereference] --- - dashboard: https://d.kernelci.org/issue/maestro:e301e9dec14c72112ac560e4ba2548ec434c9e… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 43639cc57b2273fce42874dd7f6e0b872f4984c5 Log excerpt: ===================================================== [ 2.402363] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 [ 2.406659] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/ovl@14005000 [ 2.406736] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/ovl@14006000 [ 2.406755] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/rdma@14007000 [ 2.406768] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/color@14009000 [ 2.406779] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/ccorr@1400a000 [ 2.406793] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/aal@1400b000 [ 2.406806] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/gamma@1400c000 [ 2.406866] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/dsi@14010000 [ 2.406878] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/ovl@14014000 [ 2.406892] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/rdma@14015000 [ 2.411531] panfrost 13000000.gpu: clock rate = 357999878 [ 2.412537] panfrost 13000000.gpu: [drm:panfrost_devfreq_init] Failed to register cooling device [ 2.412827] panfrost 13000000.gpu: mali-g57 id 0x9093 major 0x0 minor 0x0 status 0x0 [ 2.412830] panfrost 13000000.gpu: features: 00000000,000019f7, issues: 00000003,80000400 [ 2.412832] panfrost 13000000.gpu: Features: L2:0x07130206 Shader:0x00000000 Tiler:0x00000809 Mem:0x101 MMU:0x00002830 AS:0xff JS:0x7 [ 2.412835] panfrost 13000000.gpu: shader_present=0x50045 l2_present=0x1 [ 2.412900] Mem abort info: [ 2.414378] [drm] Initialized panfrost 1.2.0 for 13000000.gpu on minor 0 [ 2.414747] xhci-mtk 11200000.usb: uwk - reg:0x420, version:102 [ 2.415395] xhci-mtk 11200000.usb: xHCI Host Controller [ 2.415505] xhci-mtk 11200000.usb: new USB bus registered, assigned bus number 1 [ 2.415720] xhci-mtk 11200000.usb: hcc params 0x01400f99 hci version 0x110 quirks 0x0000000000200010 [ 2.415751] xhci-mtk 11200000.usb: irq 275, io mem 0x11200000 [ 2.415804] xhci-mtk 11200000.usb: xHCI Host Controller [ 2.415933] xhci-mtk 11200000.usb: new USB bus registered, assigned bus number 2 [ 2.415940] xhci-mtk 11200000.usb: Host supports USB 3.1 Enhanced SuperSpeed [ 2.416011] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.12 [ 2.416014] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 2.416016] usb usb1: Product: xHCI Host Controller [ 2.416017] usb usb1: Manufacturer: Linux 6.12.18-rc1 xhci-hcd [ 2.416019] usb usb1: SerialNumber: 11200000.usb [ 2.416274] hub 1-0:1.0: USB hub found [ 2.416285] hub 1-0:1.0: 1 port detected [ 2.416394] usb usb2: We don't know the algorithms for LPM for this host, disabling LPM. [ 2.416418] usb usb2: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 6.12 [ 2.416420] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 2.416421] usb usb2: Product: xHCI Host Controller [ 2.416423] usb usb2: Manufacturer: Linux 6.12.18-rc1 xhci-hcd [ 2.416424] usb usb2: SerialNumber: 11200000.usb [ 2.416785] hub 2-0:1.0: USB hub found [ 2.416795] hub 2-0:1.0: 1 port detected [ 2.419750] rt5682 1-001a: Using default DAI clk names: rt5682-dai-wclk, rt5682-dai-bclk [ 2.420524] reg-fixed-voltage regulator-1v8-g: using DT '/regulator-1v8-g' for '(default)' GPIO lookup [ 2.420541] of_get_named_gpiod_flags: can't parse 'gpios' property of node '/regulator-1v8-g[0]' [ 2.420546] of_get_named_gpiod_flags: can't parse 'gpio' property of node '/regulator-1v8-g[0]' [ 2.420552] reg-fixed-voltage regulator-1v8-g: using lookup tables for GPIO lookup [ 2.420555] reg-fixed-voltage regulator-1v8-g: No GPIO consumer (default) found [ 2.420761] reg-fixed-voltage regulator-3v3-dpbrdg: using DT '/regulator-3v3-dpbrdg' for '(default)' GPIO lookup [ 2.420774] of_get_named_gpiod_flags: can't parse 'gpios' property of node '/regulator-3v3-dpbrdg[0]' [ 2.420791] of_get_named_gpiod_flags: parsed 'gpio' property of node '/regulator-3v3-dpbrdg[0]' - status (0) [ 2.420834] gpio gpiochip0: Persistence not supported for GPIO 26 [ 2.420882] rt5682 1-001a: using DT '/soc/i2c@11d20000/audio-codec@1a' for 'realtek,ldo1-en' GPIO lookup [ 2.420899] of_get_named_gpiod_flags: can't parse 'realtek,ldo1-en-gpios' property of node '/soc/i2c@11d20000/audio-codec@1a[0]' [ 2.420911] of_get_named_gpiod_flags: can't parse 'realtek,ldo1-en-gpio' property of node '/soc/i2c@11d20000/audio-codec@1a[0]' [ 2.420920] rt5682 1-001a: using lookup tables for GPIO lookup [ 2.420923] rt5682 1-001a: No GPIO consumer realtek,ldo1-en found [ 2.421046] mtk-iommu 1401d000.m4u: bound 14003000.larb (ops 0xffffb67e921d3ca8) [ 2.421060] mtk-iommu 1401d000.m4u: bound 14004000.larb (ops 0xffffb67e921d3ca8) [ 2.421064] mtk-iommu 1401d000.m4u: bound 1f002000.larb (ops 0xffffb67e921d3ca8) [ 2.421066] mtk-iommu 1401d000.m4u: bound 1602e000.larb (ops 0xffffb67e921d3ca8) [ 2.421076] mtk-iommu 1401d000.m4u: bound 1600d000.larb (ops 0xffffb67e921d3ca8) [ 2.421078] mtk-iommu 1401d000.m4u: bound 17010000.larb (ops 0xffffb67e921d3ca8) [ 2.421081] mtk-iommu 1401d000.m4u: bound 1502e000.larb (ops 0xffffb67e921d3ca8) [ 2.421084] mtk-iommu 1401d000.m4u: bound 1582e000.larb (ops 0xffffb67e921d3ca8) [ 2.421087] mtk-iommu 1401d000.m4u: bound 1a001000.larb (ops 0xffffb67e921d3ca8) [ 2.421089] mtk-iommu 1401d000.m4u: bound 1a002000.larb (ops 0xffffb67e921d3ca8) [ 2.421091] mtk-iommu 1401d000.m4u: bound 1a00f000.larb (ops 0xffffb67e921d3ca8) [ 2.421093] mtk-iommu 1401d000.m4u: bound 1a010000.larb (ops 0xffffb67e921d3ca8) [ 2.421095] mtk-iommu 1401d000.m4u: bound 1a011000.larb (ops 0xffffb67e921d3ca8) [ 2.421097] mtk-iommu 1401d000.m4u: bound 1b10f000.larb (ops 0xffffb67e921d3ca8) [ 2.421102] mtk-iommu 1401d000.m4u: bound 1b00f000.larb (ops 0xffffb67e921d3ca8) [ 2.421248] gpio gpiochip0: Persistence not supported for GPIO 128 [ 2.421266] mediatek-disp-ovl 14005000.ovl: Adding to iommu group 0 [ 2.421694] mediatek-disp-ovl 14006000.ovl: Adding to iommu group 0 [ 2.421841] mediatek-disp-ovl 14014000.ovl: Adding to iommu group 0 [ 2.421979] mediatek-disp-rdma 14007000.rdma: Adding to iommu group 0 [ 2.422135] mediatek-disp-rdma 14015000.rdma: Adding to iommu group 0 [ 2.429607] ESR = 0x0000000096000004 [ 2.429624] EC = 0x25: DABT (current EL), IL = 32 bits [ 2.429631] SET = 0, FnV = 0 [ 2.444848] anx7625 3-0058: using DT '/soc/i2c@11cb0000/anx7625@58' for 'enable' GPIO lookup [ 2.446610] EA = 0, S1PTW = 0 [ 2.456189] of_get_named_gpiod_flags: parsed 'enable-gpios' property of node '/soc/i2c@11cb0000/anx7625@58[0]' - status (0) [ 2.464133] FSC = 0x04: level 0 translation fault [ 2.472625] gpio gpiochip0: Persistence not supported for GPIO 41 [ 2.480586] Data abort info: [ 2.480594] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 2.480601] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 2.480607] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 2.480616] [00000000000000d0] user address but active_mm is swapper [ 2.480647] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 2.489107] anx7625 3-0058: using DT '/soc/i2c@11cb0000/anx7625@58' for 'reset' GPIO lookup [ 2.497405] Modules linked in: [ 2.497434] CPU: 4 UID: 0 PID: 11 Comm: kworker/u32:0 Not tainted 6.12.18-rc1 #1 3a46926a83206508ac114c105c0e62582044df70 [ 2.503025] of_get_named_gpiod_flags: parsed 'reset-gpios' property of node '/soc/i2c@11cb0000/anx7625@58[0]' - status (0) [ 2.509098] clk: Disabling unused clocks [ 2.509736] PM: genpd: Disabling unused power domains [ 2.509759] ALSA device list: [ 2.509761] No soundcards found. [ 2.511584] Hardware name: Google Spherion (rev0 - 3) (DT) [ 2.511586] Workqueue: async async_run_entry_fn [ 2.519348] gpio gpiochip0: Persistence not supported for GPIO 42 [ 2.527478] [ 2.527480] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2.527483] pc : power_allocator_bind+0xd0/0x2e0 [ 2.599906] panel-simple-dp-aux aux-3-0058: using DT '/soc/i2c@11cb0000/anx7625@58/aux-bus/panel' for 'hpd' GPIO lookup [ 2.601559] lr : power_allocator_bind+0x34/0x2e0 [ 2.601561] sp : ffff8000800db010 [ 2.601562] x29: ffff8000800db010 x28: ffff0f7000a55000 x27: ffffb67e921b02d0 [ 2.601566] x26: ffffb67e934b1c18 x25: 0000000000000000 x24: ffff0f7000a56800 [ 2.601570] x23: 0000000000000000 x22: ffff0f7000a55000 x21: ffffb67e92599440 [ 2.601573] x20: ffff0f70009b0500 x19: 0000000000000000 x18: ffffffffffffffff [ 2.608613] of_get_named_gpiod_flags: can't parse 'hpd-gpios' property of node '/soc/i2c@11cb0000/anx7625@58/aux-bus/panel[0]' [ 2.616853] x17: 000000040044ffff x16: 005000f2b5503510 x15: ffff8000800dae30 [ 2.616857] x14: ffff0f7000a58a1c [ 2.624066] of_get_named_gpiod_flags: can't parse 'hpd-gpio' property of node '/soc/i2c@11cb0000/anx7625@58/aux-bus/panel[0]' [ 2.628926] x13: ffff0f7000a5826f x12: 0101010101010101 [ 2.628928] x11: 7f7f7f7f7f7f7f7f [ 2.634749] panel-simple-dp-aux aux-3-0058: using lookup tables for GPIO lookup [ 2.639348] x10: 0000000000000000 x9 : ffffb67e906f13c8 [ 2.639350] x8 : ffff0f70009b0540 [ 2.643087] panel-simple-dp-aux aux-3-0058: No GPIO consumer hpd found [ 2.646992] x7 : 0000000000000000 x6 : 0000000000000000 [ 2.655201] panel-simple-dp-aux aux-3-0058: using DT '/soc/i2c@11cb0000/anx7625@58/aux-bus/panel' for 'enable' GPIO lookup [ 2.663315] x5 : 0000000000000000 x4 : 0000000000000040 x3 : 0000000000000000 [ 2.663318] x2 : ffffffffffffffc0 x1 : 0000000000000000 [ 2.670529] of_get_named_gpiod_flags: can't parse 'enable-gpios' property of node '/soc/i2c@11cb0000/anx7625@58/aux-bus/panel[0]' [ 2.675388] x0 : ffff0f7000a55578 [ 2.675391] Call trace: [ 2.681210] of_get_named_gpiod_flags: can't parse 'enable-gpio' property of node '/soc/i2c@11cb0000/anx7625@58/aux-bus/panel[0]' [ 2.685811] power_allocator_bind+0xd0/0x2e0 [ 2.689548] panel-simple-dp-aux aux-3-0058: using lookup tables for GPIO lookup [ 2.693455] thermal_set_governor+0x48/0xc0 [ 2.701537] panel-simple-dp-aux aux-3-0058: No GPIO consumer enable found [ 2.710823] thermal_zone_device_register_with_trips+0x3ec/0x5a0 [ 2.813506] panel-simple-dp-aux aux-3-0058: Detected IVO R140NWF5 RH (0x057d) [ 2.816653] thermal_tripless_zone_device_register+0x30/0x40 [ 2.816657] __power_supply_register.part.0+0x358/0x4b0 [ 2.816667] __power_supply_register+0x60/0xb0 [ 2.823088] mediatek-drm mediatek-drm.15.auto: bound 14005000.ovl (ops 0xffffb67e91686270) [ 2.830124] devm_power_supply_register+0x60/0xb0 [ 2.830128] sbs_probe+0x288/0x398 [ 2.830130] i2c_device_probe+0x14c/0x290 [ 2.837595] mediatek-drm mediatek-drm.15.auto: bound 14006000.ovl (ops 0xffffb67e91686270) [ 2.844896] really_probe+0xc0/0x2a0 [ 2.852450] mediatek-drm mediatek-drm.15.auto: bound 14007000.rdma (ops 0xffffb67e91687478) [ 2.859659] __driver_probe_device+0x7c/0x138 [ 2.859663] driver_probe_device+0x40/0x118 [ 2.859667] __device_attach_driver+0xb4/0xf8 [ 2.859670] bus_for_each_drv+0x88/0xe8 [ 2.859673] __device_attach+0xa0/0x190 [ 2.859675] device_initial_probe+0x18/0x28 [ 2.859679] bus_probe_device+0xa8/0xb8 [ 2.859682] device_add+0x568/0x738 [ 2.867065] mediatek-drm mediatek-drm.15.auto: bound 14009000.color (ops 0xffffb67e91685a20) [ 2.874440] device_register+0x24/0x38 [ 2.874442] i2c_new_client_device+0x198/0x370 [ 2.881825] mediatek-drm mediatek-drm.15.auto: bound 1400a000.ccorr (ops 0xffffb67e916857a8) [ 2.889201] of_i2c_register_devices+0x114/0x198 [ 2.896585] mediatek-drm mediatek-drm.15.auto: bound 1400b000.aal (ops 0xffffb67e91685538) [ 2.903961] i2c_register_adapter+0x200/0x670 [ 2.911345] mediatek-drm mediatek-drm.15.auto: bound 1400c000.gamma (ops 0xffffb67e91685d68) [ 2.918721] i2c_add_adapter+0x7c/0xd8 [ 2.927700] mediatek-drm mediatek-drm.15.auto: bound 14010000.dsi (ops 0xffffb67e9168bc48) [ 2.933482] ec_i2c_probe+0xdc/0x158 [ 2.933485] platform_probe+0x6c/0xc8 [ 2.939655] mediatek-drm mediatek-drm.15.auto: bound 14014000.ovl (ops 0xffffb67e91686270) [ 2.945902] really_probe+0xc0/0x2a0 [ 2.945904] __driver_probe_device+0x7c/0x138 [ 2.952175] mediatek-drm mediatek-drm.15.auto: bound 14015000.rdma (ops 0xffffb67e91687478) [ 2.958406] driver_probe_device+0x40/0x118 [ 2.964931] mediatek-drm mediatek-drm.15.auto: Not creating crtc 1 because component 10 is disabled or missing [ 2.971257] __device_attach_driver+0xb4/0xf8 [ 2.971260] bus_for_each_drv+0x88/0xe8 [ 2.976297] [drm] Initialized mediatek 1.0.0 for mediatek-drm.15.auto on minor 1 [ 2.980291] __device_attach+0xa0/0x190 [ 2.980294] device_initial_probe+0x18/0x28 [ 2.980297] bus_probe_device+0xa8/0xb8 [ 2.980299] device_add+0x568/0x738 [ 2.980301] of_device_add+0x54/0x68 [ 2.980309] of_platform_device_create_pdata+0x94/0x130 [ 3.566249] of_platform_bus_create+0x154/0x390 [ 3.566251] of_platform_populate+0x54/0x100 [ 3.566253] devm_of_platform_populate+0x5c/0xc0 [ 3.566255] cros_ec_register+0x188/0x368 [ 3.566261] cros_ec_spi_probe+0x178/0x248 [ 3.566264] spi_probe+0x88/0xe8 [ 3.566273] really_probe+0xc0/0x2a0 [ 3.566276] __driver_probe_device+0x7c/0x138 [ 3.566278] driver_probe_device+0x40/0x118 [ 3.566281] __driver_attach_async_helper+0x50/0xb8 [ 3.566284] async_run_entry_fn+0x3c/0x158 [ 3.566286] process_one_work+0x188/0x438 [ 3.566293] worker_thread+0x304/0x410 [ 3.566296] kthread+0x124/0x130 [ 3.566299] ret_from_fork+0x10/0x20 [ 3.566307] Code: b4000b47 aa0703e5 a9019e86 52800013 (f84d0ca0) ===================================================== # Hardware platforms affected: ## mt8186-corsola-steelix-sku131072 - dashboard: https://d.kernelci.org/test/maestro:67c8c8c418018371956e1594 - compatibles: google,steelix-sku131072 | google,steelix - 2 fails since 2025-03-05 22:20 UTC - test path: boot - last pass: https://d.kernelci.org/test/maestro:67bd7853323b35c54a886efc - on 2025-02-25 07:59 UTC - commit hash: f5c37852dffd24f66248b4086ea594060f3299a4 - test id: maestro:67bd7853323b35c54a886efc ## mt8192-asurada-spherion-r0 - dashboard: https://d.kernelci.org/test/maestro:67c8c8c718018371956e15b9 - compatibles: google,spherion-rev3 | google,spherion-rev2 - 2 fails since 2025-03-05 22:21 UTC - test path: boot.nfs - last pass: https://d.kernelci.org/test/maestro:67bd7857323b35c54a886f13 - on 2025-02-25 07:59 UTC - commit hash: f5c37852dffd24f66248b4086ea594060f3299a4 - test id: maestro:67bd7857323b35c54a886f13 ## mt8195-cherry-tomato-r2 - dashboard: https://d.kernelci.org/test/maestro:67c8c8c818018371956e15bc - compatibles: google,tomato-rev2 | google,tomato | mediatek,mt8195 - 2 fails since 2025-03-05 22:20 UTC - test path: boot.nfs - last pass: https://d.kernelci.org/test/maestro:67bd7857323b35c54a886f16 - on 2025-02-25 07:59 UTC - commit hash: f5c37852dffd24f66248b4086ea594060f3299a4 - test id: maestro:67bd7857323b35c54a886f16 #kernelci issue maestro:e301e9dec14c72112ac560e4ba2548ec434c9e20 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 2 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (boot) NULL pointer dereference at virtual address 00000000000000d0 [logs...

by KernelCI bot

Hello, New boot regression found on stable-rc/linux-6.12.y: --- NULL pointer dereference at virtual address 00000000000000d0 [logspec:generic_linux_boot,linux.kernel.null_pointer_dereference] --- - dashboard: https://d.kernelci.org/issue/maestro:5a856af05fecdebd3b9507ff4ed4d0b5b6a54b… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 43639cc57b2273fce42874dd7f6e0b872f4984c5 Log excerpt: ===================================================== [ 2.221462] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 [ 2.223502] Key type fscrypt-provisioning registered [ 2.223634] Key type encrypted registered [ 2.232290] Mem abort info: [ 2.244067] ESR = 0x0000000096000004 [ 2.247839] EC = 0x25: DABT (current EL), IL = 32 bits [ 2.253175] SET = 0, FnV = 0 [ 2.253596] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/ovl@14005000 [ 2.253665] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/ovl@14006000 [ 2.253698] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/rdma@14007000 [ 2.253730] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/color@14009000 [ 2.253774] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/ccorr@1400b000 [ 2.253806] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/aal@1400c000 [ 2.253839] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/gamma@1400d000 [ 2.253958] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/dsi@14013000 [ 2.254004] mediatek-drm mediatek-drm.15.auto: Adding component match for /soc/rdma@1401f000 [ 2.256239] EA = 0, S1PTW = 0 [ 2.263379] reg-fixed-voltage regulator-pp3300-disp-x: using DT '/regulator-pp3300-disp-x' for '(default)' GPIO lookup [ 2.263399] of_get_named_gpiod_flags: parsed 'gpios' property of node '/regulator-pp3300-disp-x[0]' - status (0) [ 2.263418] gpio gpiochip0: Persistence not supported for GPIO 153 [ 2.263517] reg-fixed-voltage regulator-pp3300-s3: using DT '/regulator-pp3300-s3' for '(default)' GPIO lookup [ 2.263529] of_get_named_gpiod_flags: can't parse 'gpios' property of node '/regulator-pp3300-s3[0]' [ 2.263539] of_get_named_gpiod_flags: can't parse 'gpio' property of node '/regulator-pp3300-s3[0]' [ 2.263549] reg-fixed-voltage regulator-pp3300-s3: using lookup tables for GPIO lookup [ 2.263553] reg-fixed-voltage regulator-pp3300-s3: No GPIO consumer (default) found [ 2.263728] reg-fixed-voltage regulator-usb-p1-vbus: using DT '/regulator-usb-p1-vbus' for '(default)' GPIO lookup [ 2.263742] of_get_named_gpiod_flags: can't parse 'gpios' property of node '/regulator-usb-p1-vbus[0]' [ 2.263763] of_get_named_gpiod_flags: parsed 'gpio' property of node '/regulator-usb-p1-vbus[0]' - status (0) [ 2.263780] gpio gpiochip0: Persistence not supported for GPIO 148 [ 2.264577] of_get_named_gpiod_flags: can't parse 'gpio' property of node '/regulator-pp3300-ldo-z5[0]' [ 2.272938] FSC = 0x04: level 0 translation fault [ 2.273171] cpufreq: cpufreq_online: CPU0: Running at unlisted initial frequency: 1999998 KHz, changing to: 2000000 KHz [ 2.273574] cpu cpu0: EM: created perf domain [ 2.273669] pp3300_vcn33_x: Bringing 3500000uV into 3300000-3300000uV [ 2.274033] cpufreq: cpufreq_online: CPU6: Running at unlisted initial frequency: 1084999 KHz, changing to: 1085000 KHz [ 2.274430] cpu cpu6: EM: created perf domain [ 2.274852] pp2760_vsim2_x: Bringing 1860000uV into 2700000-2700000uV [ 2.275758] i2c_hid_of 2-002c: using DT '/soc/i2c@11009000/trackpad@2c' for 'reset' GPIO lookup [ 2.275812] of_get_named_gpiod_flags: can't parse 'reset-gpios' property of node '/soc/i2c@11009000/trackpad@2c[0]' [ 2.275879] of_get_named_gpiod_flags: can't parse 'reset-gpio' property of node '/soc/i2c@11009000/trackpad@2c[0]' [ 2.275910] i2c_hid_of 2-002c: using lookup tables for GPIO lookup [ 2.275914] i2c_hid_of 2-002c: No GPIO consumer reset found [ 2.275970] i2c_hid_of_goodix 1-005d: using DT '/soc/i2c@11008000/touchscreen@5d' for 'reset' GPIO lookup [ 2.276063] i2c_hid_of 2-002c: supply vddl not found, using dummy regulator [ 2.276059] of_get_named_gpiod_flags: parsed 'reset-gpios' property of node '/soc/i2c@11008000/touchscreen@5d[0]' - status (0) [ 2.276099] gpio gpiochip0: Persistence not supported for GPIO 60 [ 2.276212] i2c_hid_of_goodix 1-005d: supply mainboard-vddio not found, using dummy regulator [ 2.279909] mt6358-sound mt6358-sound: mt6358_platform_driver_probe(), dev name mt6358-sound [ 2.280156] rt5682s 5-001a: Using default DAI clk names: rt5682-dai-wclk, rt5682-dai-bclk [ 2.281342] reg-fixed-voltage regulator-pp3300-ldo-z5: using lookup tables for GPIO lookup [ 2.281345] reg-fixed-voltage regulator-pp3300-ldo-z5: No GPIO consumer (default) found [ 2.281559] reg-fixed-voltage regulator-pp1800-dpbrdg-dx: using DT '/regulator-pp1800-dpbrdg-dx' for '(default)' GPIO lookup [ 2.281715] reg-fixed-voltage regulator-pp1800-edpbrdg-dx: using DT '/regulator-pp1800-edpbrdg-dx' for '(default)' GPIO lookup [ 2.281722] of_get_named_gpiod_flags: can't parse 'gpios' property of node '/regulator-pp1800-edpbrdg-dx[0]' [ 2.281734] of_get_named_gpiod_flags: parsed 'gpio' property of node '/regulator-pp1800-edpbrdg-dx[0]' - status (0) [ 2.281743] gpio gpiochip0: Persistence not supported for GPIO 30 [ 2.281986] rt5682s 5-001a: using DT '/soc/i2c@11016000/codec@1a' for 'realtek,ldo1-en' GPIO lookup [ 2.282002] of_get_named_gpiod_flags: can't parse 'realtek,ldo1-en-gpios' property of node '/soc/i2c@11016000/codec@1a[0]' [ 2.282014] of_get_named_gpiod_flags: can't parse 'realtek,ldo1-en-gpio' property of node '/soc/i2c@11016000/codec@1a[0]' [ 2.282022] rt5682s 5-001a: using lookup tables for GPIO lookup [ 2.282026] rt5682s 5-001a: No GPIO consumer realtek,ldo1-en found [ 2.286514] panfrost 13040000.gpu: clock rate = 249999863 [ 2.288872] panfrost 13040000.gpu: [drm:panfrost_devfreq_init] Failed to register cooling device [ 2.289521] panfrost 13040000.gpu: mali-g52 id 0x7402 major 0x1 minor 0x0 status 0x0 [ 2.289527] panfrost 13040000.gpu: features: 00000000,00000cf7, issues: 00000000,00000400 [ 2.289532] panfrost 13040000.gpu: Features: L2:0x07120206 Shader:0x00000002 Tiler:0x00000209 Mem:0x1 MMU:0x00002823 AS:0xff JS:0x7 [ 2.289538] panfrost 13040000.gpu: shader_present=0x3 l2_present=0x1 [ 2.290073] Data abort info: [ 2.291102] [drm] Initialized panfrost 1.2.0 for 13040000.gpu on minor 0 [ 2.291640] mtu3 11201000.usb: supply vusb33 not found, using dummy regulator [ 2.291905] mtu3 11201000.usb: uwk - reg:0x420, version:2 [ 2.291982] mtu3 11201000.usb: dr_mode: 3, drd: auto [ 2.291987] mtu3 11201000.usb: u2p_dis_msk: 0, u3p_dis_msk: 0 [ 2.292141] mtu3 11201000.usb: usb3-drd: 0 [ 2.292911] xhci-mtk 11200000.usb: supply vusb33 not found, using dummy regulator [ 2.293231] xhci-mtk 11200000.usb: xHCI Host Controller [ 2.293400] xhci-mtk 11200000.usb: new USB bus registered, assigned bus number 1 [ 2.293469] xhci-mtk 11200000.usb: USB3 root hub has no ports [ 2.293474] xhci-mtk 11200000.usb: hcc params 0x01400f99 hci version 0x110 quirks 0x0000000000200010 [ 2.293501] xhci-mtk 11200000.usb: irq 269, io mem 0x11200000 [ 2.293704] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.12 [ 2.293711] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 2.293715] usb usb1: Product: xHCI Host Controller [ 2.293718] usb usb1: Manufacturer: Linux 6.12.18-rc1 xhci-hcd [ 2.293722] usb usb1: SerialNumber: 11200000.usb [ 2.294096] hub 1-0:1.0: USB hub found [ 2.294119] hub 1-0:1.0: 1 port detected [ 2.294373] mtu3 11201000.usb: xHCI platform device register success... [ 2.294941] mtu3 11281000.usb: supply vusb33 not found, using dummy regulator [ 2.295211] mtu3 11281000.usb: uwk - reg:0x424, version:2 [ 2.295298] mtu3 11281000.usb: dr_mode: 3, drd: auto [ 2.295303] mtu3 11281000.usb: u2p_dis_msk: 0, u3p_dis_msk: 0 [ 2.295449] mtu3 11281000.usb: usb3-drd: 1 [ 2.297623] xhci-mtk 11280000.usb: supply vusb33 not found, using dummy regulator [ 2.297959] xhci-mtk 11280000.usb: xHCI Host Controller [ 2.298124] xhci-mtk 11280000.usb: new USB bus registered, assigned bus number 2 [ 2.298410] of_get_named_gpiod_flags: parsed 'gpios' property of node '/regulator-pp1800-dpbrdg-dx[0]' - status (0) [ 2.299642] xhci-mtk 11280000.usb: hcc params 0x01400f99 hci version 0x110 quirks 0x0000000000200010 [ 2.299676] xhci-mtk 11280000.usb: irq 270, io mem 0x11280000 [ 2.299776] xhci-mtk 11280000.usb: xHCI Host Controller [ 2.299928] xhci-mtk 11280000.usb: new USB bus registered, assigned bus number 3 [ 2.299943] xhci-mtk 11280000.usb: Host supports USB 3.2 Enhanced SuperSpeed [ 2.300053] usb usb2: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.12 [ 2.300059] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 2.300063] usb usb2: Product: xHCI Host Controller [ 2.300066] usb usb2: Manufacturer: Linux 6.12.18-rc1 xhci-hcd [ 2.300070] usb usb2: SerialNumber: 11280000.usb [ 2.300411] hub 2-0:1.0: USB hub found [ 2.300433] hub 2-0:1.0: 1 port detected [ 2.300684] usb usb3: We don't know the algorithms for LPM for this host, disabling LPM. [ 2.300753] usb usb3: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 6.12 [ 2.300759] usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 2.300763] usb usb3: Product: xHCI Host Controller [ 2.300766] usb usb3: Manufacturer: Linux 6.12.18-rc1 xhci-hcd [ 2.300770] usb usb3: SerialNumber: 11280000.usb [ 2.301070] hub 3-0:1.0: USB hub found [ 2.301090] hub 3-0:1.0: 1 port detected [ 2.301348] mtu3 11281000.usb: xHCI platform device register success... [ 2.301983] anx7625 0-0058: using DT '/soc/i2c@11007000/anx7625@58' for 'enable' GPIO lookup [ 2.301999] of_get_named_gpiod_flags: parsed 'enable-gpios' property of node '/soc/i2c@11007000/anx7625@58[0]' - status (0) [ 2.302020] gpio gpiochip0: Persistence not supported for GPIO 96 [ 2.302033] anx7625 0-0058: using DT '/soc/i2c@11007000/anx7625@58' for 'reset' GPIO lookup [ 2.302045] of_get_named_gpiod_flags: parsed 'reset-gpios' property of node '/soc/i2c@11007000/anx7625@58[0]' - status (0) [ 2.302058] gpio gpiochip0: Persistence not supported for GPIO 98 [ 2.306779] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 2.315334] gpio gpiochip0: Persistence not supported for GPIO 39 [ 2.323615] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 2.323617] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 2.323619] [00000000000000d0] user address but active_mm is swapper [ 2.323622] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 2.359334] panel-simple-dp-aux aux-0-0058: using DT '/soc/i2c@11007000/anx7625@58/aux-bus/panel' for 'hpd' GPIO lookup [ 2.362170] Modules linked in: [ 2.362174] CPU: 6 UID: 0 PID: 81 Comm: kworker/u32:4 Not tainted 6.12.18-rc1 #1 3a46926a83206508ac114c105c0e62582044df70 [ 2.362179] Hardware name: Google Steelix board (DT) [ 2.362181] Workqueue: async async_run_entry_fn [ 2.372178] of_get_named_gpiod_flags: can't parse 'hpd-gpios' property of node '/soc/i2c@11007000/anx7625@58/aux-bus/panel[0]' [ 2.381277] [ 2.381278] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2.381281] pc : power_allocator_bind+0xd0/0x2e0 [ 2.390318] of_get_named_gpiod_flags: can't parse 'hpd-gpio' property of node '/soc/i2c@11007000/anx7625@58/aux-bus/panel[0]' [ 2.398210] lr : power_allocator_bind+0x34/0x2e0 [ 2.398212] sp : ffff8000808e3010 [ 2.398213] x29: ffff8000808e3010 x28: ffff77e38090f000 x27: ffffc2d32b3b02d0 [ 2.398217] x26: ffffc2d32c6b1c18 x25: 0000000000000000 x24: ffff77e38090e800 [ 2.398220] x23: 0000000000000000 [ 2.405877] panel-simple-dp-aux aux-0-0058: using lookup tables for GPIO lookup [ 2.416187] x22: ffff77e38090f000 x21: ffffc2d32b799440 [ 2.416189] x20: ffff77e380e16fc0 x19: 0000000000000000 x18: ffffffffffffffff [ 2.416192] x17: 000000040044ffff x16: 005000f2b5503510 x15: ffff8000808e2e30 [ 2.416195] x14: ffff77e3801dea1c x13: ffff77e3801de26f x12: 0000000000000001 [ 2.416198] x11: 0000000084683902 x10: 0000000000000000 x9 : ffffc2d3298f13c8 [ 2.416201] x8 : ffff77e380e17000 [ 2.425498] panel-simple-dp-aux aux-0-0058: No GPIO consumer hpd found [ 2.435385] x7 : 0000000000000000 x6 : 0000000000000000 [ 2.435387] x5 : 0000000000000000 x4 : 0000000000000040 x3 : 0000000000000000 [ 2.435390] x2 : ffffffffffffffc0 x1 : 0000000000000000 x0 : ffff77e38090f578 [ 2.435393] Call trace: [ 2.435394] power_allocator_bind+0xd0/0x2e0 [ 2.441647] panel-simple-dp-aux aux-0-0058: using DT '/soc/i2c@11007000/anx7625@58/aux-bus/panel' for 'enable' GPIO lookup [ 2.450933] thermal_set_governor+0x48/0xc0 [ 2.450937] thermal_zone_device_register_with_trips+0x3ec/0x5a0 [ 2.450941] thermal_tripless_zone_device_register+0x30/0x40 [ 2.450945] __power_supply_register.part.0+0x358/0x4b0 [ 2.455820] of_get_named_gpiod_flags: can't parse 'enable-gpios' property of node '/soc/i2c@11007000/anx7625@58/aux-bus/panel[0]' [ 2.466571] __power_supply_register+0x60/0xb0 [ 2.466574] devm_power_supply_register+0x60/0xb0 [ 2.466578] sbs_probe+0x288/0x398 [ 2.466580] i2c_device_probe+0x14c/0x290 [ 2.470942] of_get_named_gpiod_flags: can't parse 'enable-gpio' property of node '/soc/i2c@11007000/anx7625@58/aux-bus/panel[0]' [ 2.477345] really_probe+0xc0/0x2a0 [ 2.477349] __driver_probe_device+0x7c/0x138 [ 2.477352] driver_probe_device+0x40/0x118 [ 2.477355] __device_attach_driver+0xb4/0xf8 [ 2.477358] bus_for_each_drv+0x88/0xe8 [ 2.477360] __device_attach+0xa0/0x190 [ 2.488134] panel-simple-dp-aux aux-0-0058: using lookup tables for GPIO lookup [ 2.492463] device_initial_probe+0x18/0x28 [ 2.492466] bus_probe_device+0xa8/0xb8 [ 2.492469] device_add+0x568/0x738 [ 2.492471] device_register+0x24/0x38 [ 2.492473] i2c_new_client_device+0x198/0x370 [ 2.498909] panel-simple-dp-aux aux-0-0058: No GPIO consumer enable found [ 2.507579] of_i2c_register_devices+0x114/0x198 [ 2.507581] i2c_register_adapter+0x200/0x670 [ 2.507584] i2c_add_adapter+0x7c/0xd8 [ 2.604977] panel-simple-dp-aux aux-0-0058: Detected AUO B116XAN06.3 (0x635c) [ 2.607331] ec_i2c_probe+0xdc/0x158 [ 2.607334] platform_probe+0x6c/0xc8 [ 2.607337] really_probe+0xc0/0x2a0 [ 2.607340] __driver_probe_device+0x7c/0x138 [ 2.615592] it6505 3-005c: can not get extcon device! [ 2.626524] driver_probe_device+0x40/0x118 [ 2.626527] __device_attach_driver+0xb4/0xf8 [ 2.626530] bus_for_each_drv+0x88/0xe8 [ 2.639217] mtk-msdc 11230000.mmc: using DT '/soc/mmc@11230000' for 'wp' GPIO lookup [ 2.639300] mtk-msdc 11240000.mmc: using DT '/soc/mmc@11240000' for 'wp' GPIO lookup [ 2.639314] of_get_named_gpiod_flags: can't parse 'wp-gpios' property of node '/soc/mmc@11240000[0]' [ 2.639326] of_get_named_gpiod_flags: can't parse 'wp-gpio' property of node '/soc/mmc@11240000[0]' [ 2.639334] mtk-msdc 11240000.mmc: using lookup tables for GPIO lookup [ 2.639338] mtk-msdc 11240000.mmc: No GPIO consumer wp found [ 2.639364] mtk-msdc 11240000.mmc: allocated mmc-pwrseq [ 2.643184] mtk-iommu 14016000.iommu: bound 14003000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643191] mtk-iommu 14016000.iommu: bound 14004000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643193] mtk-iommu 14016000.iommu: bound 1b002000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643196] mtk-iommu 14016000.iommu: bound 1602e000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643198] mtk-iommu 14016000.iommu: bound 17010000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643201] mtk-iommu 14016000.iommu: bound 14023000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643204] mtk-iommu 14016000.iommu: bound 1502e000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643206] mtk-iommu 14016000.iommu: bound 1582e000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643208] mtk-iommu 14016000.iommu: bound 1a001000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643211] mtk-iommu 14016000.iommu: bound 1a002000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643214] mtk-iommu 14016000.iommu: bound 1a00f000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643216] mtk-iommu 14016000.iommu: bound 1a010000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643218] mtk-iommu 14016000.iommu: bound 1c10f000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643221] mtk-iommu 14016000.iommu: bound 1c00f000.smi (ops 0xffffc2d32b3d3ca8) [ 2.643357] mediatek-disp-ovl 14005000.ovl: Adding to iommu group 0 [ 2.643682] mediatek-disp-ovl 14006000.ovl: Adding to iommu group 0 [ 2.643856] mediatek-disp-rdma 14007000.rdma: Adding to iommu group 0 [ 2.644010] mediatek-disp-rdma 1401f000.rdma: Adding to iommu group 0 [ 2.644240] mediatek-drm mediatek-drm.15.auto: bound 14005000.ovl (ops 0xffffc2d32a886270) [ 2.644245] mediatek-drm mediatek-drm.15.auto: bound 14006000.ovl (ops 0xffffc2d32a886270) [ 2.644248] mediatek-drm mediatek-drm.15.auto: bound 14007000.rdma (ops 0xffffc2d32a887478) [ 2.644250] mediatek-drm mediatek-drm.15.auto: bound 14009000.color (ops 0xffffc2d32a885a20) [ 2.644253] mediatek-drm mediatek-drm.15.auto: bound 1400b000.ccorr (ops 0xffffc2d32a8857a8) [ 2.644256] mediatek-drm mediatek-drm.15.auto: bound 1400c000.aal (ops 0xffffc2d32a885538) [ 2.644259] mediatek-drm mediatek-drm.15.auto: bound 1400d000.gamma (ops 0xffffc2d32a885d68) [ 2.645595] mediatek-drm mediatek-drm.15.auto: bound 14013000.dsi (ops 0xffffc2d32a88bc48) [ 2.645600] mediatek-drm mediatek-drm.15.auto: bound 1401f000.rdma (ops 0xffffc2d32a887478) [ 2.645640] mediatek-drm mediatek-drm.15.auto: Not creating crtc 1 because component 10 is disabled or missing [ 2.646204] [drm] Initialized mediatek 1.0.0 for mediatek-drm.15.auto on minor 1 [ 2.647659] gpio-keys gpio-keys: using DT '/gpio-keys/pen-insert-switch' for '(default)' GPIO lookup [ 2.647679] of_get_named_gpiod_flags: parsed 'gpios' property of node '/gpio-keys/pen-insert-switch[0]' - status (0) [ 2.647699] gpio gpiochip0: Persistence not supported for GPIO 18 [ 2.647707] __device_attach+0xa0/0x190 [ 2.647710] device_initial_probe+0x18/0x28 [ 2.647713] bus_probe_device+0xa8/0xb8 [ 2.647715] device_add+0x568/0x738 [ 2.647717] of_device_add+0x54/0x68 [ 2.647721] of_platform_device_create_pdata+0x94/0x130 [ 2.647723] of_platform_bus_create+0x154/0x390 [ 2.647726] of_platform_populate+0x54/0x100 [ 2.647728] devm_of_platform_populate+0x5c/0xc0 [ 2.647840] input: gpio-keys as /devices/platform/gpio-keys/input/input0 [ 2.648296] gpio-keys wifi-wakeup: using DT '/wifi-wakeup/wowlan-event' for '(default)' GPIO lookup [ 2.648307] of_get_named_gpiod_flags: parsed 'gpios' property of node '/wifi-wakeup/wowlan-event[0]' - status (0) [ 2.648317] gpio gpiochip0: Persistence not supported for GPIO 7 [ 2.648375] input: wifi-wakeup as /devices/platform/wifi-wakeup/input/input1 [ 2.658162] of_get_named_gpiod_flags: can't parse 'wp-gpios' property of node '/soc/mmc@11230000[0]' [ 2.664222] cros_ec_register+0x188/0x368 [ 2.664226] cros_ec_spi_probe+0x178/0x248 [ 2.664228] spi_probe+0x88/0xe8 [ 2.671184] clk: Disabling unused clocks [ 2.671423] PM: genpd: Disabling unused power domains [ 2.671491] ALSA device list: [ 2.671494] No soundcards found. [ 2.673266] of_get_named_gpiod_flags: can't parse 'wp-gpio' property of node '/soc/mmc@11230000[0]' [ 2.684279] really_probe+0xc0/0x2a0 [ 2.684282] __driver_probe_device+0x7c/0x138 [ 2.684285] driver_probe_device+0x40/0x118 [ 2.695228] mtk-msdc 11230000.mmc: using lookup tables for GPIO lookup [ 2.701124] __driver_attach_async_helper+0x50/0xb8 [ 2.701127] async_run_entry_fn+0x3c/0x158 [ 2.701129] process_one_work+0x188/0x438 [ 2.707300] mtk-msdc 11230000.mmc: No GPIO consumer wp found [ 2.712677] worker_thread+0x304/0x410 [ 2.712680] kthread+0x124/0x130 [ 2.849438] hid-multitouch 0018:27C6:0EAA.0001: unknown main item tag 0x0 [ 2.853240] ret_from_fork+0x10/0x20 [ 2.853246] Code: b4000b47 aa0703e5 a9019e86 52800013 (f84d0ca0) ===================================================== # Hardware platforms affected: ## mt8186-corsola-steelix-sku131072 - dashboard: https://d.kernelci.org/test/maestro:67c8c8c618018371956e15b6 - compatibles: google,steelix-sku131072 | google,steelix - 1 fails since 2025-03-05 22:20 UTC - test path: boot.nfs - last pass: https://d.kernelci.org/test/maestro:67bd7856323b35c54a886f0c - on 2025-02-25 07:59 UTC - commit hash: f5c37852dffd24f66248b4086ea594060f3299a4 - test id: maestro:67bd7856323b35c54a886f0c #kernelci issue maestro:5a856af05fecdebd3b9507ff4ed4d0b5b6a54b63 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 2 weeks

1
0
0 0

[PATCH v2 1/2] Revert "drivers: core: synchronize really_probe() and dev_uevent()"

by Dmitry Torokhov

This reverts commit c0a40097f0bc81deafc15f9195d1fb54595cd6d0. Probing a device can take arbitrary long time. In the field we observed that, for example, probing a bad micro-SD cards in an external USB card reader (or maybe cards were good but cables were flaky) sometimes takes longer than 2 minutes due to multiple retries at various levels of the stack. We can not block uevent_show() method for that long because udev is reading that attribute very often and that blocks udev and interferes with booting of the system. The change that introduced locking was concerned with dev_uevent() racing with unbinding the driver. However we can handle it without locking (which will be done in subsequent patch). There was also claim that synchronization with probe() is needed to properly load USB drivers, however this is a red herring: the change adding the lock was introduced in May of last year and USB loading and probing worked properly for many years before that. Revert the harmful locking. Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> --- v2: added Cc: stable, no code changes. drivers/base/core.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index 5a1f05198114..9f4d4868e3b4 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -2725,11 +2725,8 @@ static ssize_t uevent_show(struct device *dev, struct device_attribute *attr, if (!env) return -ENOMEM; - /* Synchronize with really_probe() */ - device_lock(dev); /* let the kset specific function add its keys */ retval = kset->uevent_ops->uevent(&dev->kobj, env); - device_unlock(dev); if (retval) goto out; -- 2.49.0.rc0.332.g42c0ae87b1-goog

3 months, 2 weeks

2
2
0 0

[PATCH] qlcnic: fix a memory leak in __qlcnic_pci_sriov_enable()

by Haoxiang Li

Add qlcnic_sriov_free_vlans() to free the memory allocated by qlcnic_sriov_alloc_vlans() if qlcnic_sriov_alloc_vlans() fails. Fixes: 60ec7fcfe768 ("qlcnic: potential dereference null pointer of rx_queue->page_ring") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c index 8dd7aa08ecfb..b8a9e0e2907e 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c @@ -598,8 +598,10 @@ static int __qlcnic_pci_sriov_enable(struct qlcnic_adapter *adapter, goto del_flr_queue; err = qlcnic_sriov_alloc_vlans(adapter); - if (err) + if (err) { + qlcnic_sriov_free_vlans(adapter); goto del_flr_queue; + } return err; -- 2.25.1

3 months, 2 weeks

2
1
0 0

[PATCH v2] qlcnic: fix a memory leak in qlcnic_sriov_set_guest_vlan_mode()

by Haoxiang Li

Add qlcnic_sriov_free_vlans() to free the memory allocated by qlcnic_sriov_alloc_vlans() if qlcnic_sriov_alloc_vlans() fails or "sriov->allowed_vlans" fails to be allocated. Fixes: 91b7282b613d ("qlcnic: Support VLAN id config.") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- Changes in v2: - Add qlcnic_sriov_free_vlans() if qlcnic_sriov_alloc_vlans() fails. - Modify the patch description. vf_info was allocated by kcalloc, no need to do more checks cause kfree(NULL) is safe. Thanks, Paolo! --- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c index f9dd50152b1e..0dd9d7cb1de9 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c @@ -446,16 +446,20 @@ static int qlcnic_sriov_set_guest_vlan_mode(struct qlcnic_adapter *adapter, sriov->num_allowed_vlans); ret = qlcnic_sriov_alloc_vlans(adapter); - if (ret) + if (ret) { + qlcnic_sriov_free_vlans(adapter); return ret; + } if (!sriov->any_vlan) return 0; num_vlans = sriov->num_allowed_vlans; sriov->allowed_vlans = kcalloc(num_vlans, sizeof(u16), GFP_KERNEL); - if (!sriov->allowed_vlans) + if (!sriov->allowed_vlans) { + qlcnic_sriov_free_vlans(adapter); return -ENOMEM; + } vlans = (u16 *)&cmd->rsp.arg[3]; for (i = 0; i < num_vlans; i++) -- 2.25.1

3 months, 2 weeks

2
2
0 0

Please apply f24f669d03f8 ("x86/mm: Don't disable PCID when INVLPG has been fixed by microcode")

by Thomas Voegtle

Hi, please apply f24f669d03f8 for 6.12.y. It is already in 6.13.y. Backports of that patch would be needed for 6.6.y down to 5.4.y as it doesn't apply. But I don't know how to backport that fix but I can test anything. Thomas

3 months, 2 weeks

2
2
0 0

[PATCH net v2] net/mlx5: handle errors in mlx5_chains_create_table()

by Wentao Liang

In mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns() and mlx5_get_flow_namespace() must be checked to prevent NULL pointer dereferences. If either function fails, the function should log error message with mlx5_core_warn() and return error pointer. [v1]->[v2]: Add Fixes tag. Target patch to net. Change return value from NULL to ERR_PTR(-EOPNOTSUPP) Fixes: ae430332557a ("net/mlx5: Refactor multi chains and prios support") Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c index a80ecb672f33..711d14dea248 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c @@ -196,6 +196,11 @@ mlx5_chains_create_table(struct mlx5_fs_chains *chains, ns = mlx5_get_flow_namespace(chains->dev, chains->ns); } + if (!ns) { + mlx5_core_warn(chains->dev, "Failed to get flow namespace\n"); + return ERR_PTR(-EOPNOTSUPP); + } + ft_attr.autogroup.num_reserved_entries = 2; ft_attr.autogroup.max_num_groups = chains->group_num; ft = mlx5_create_auto_grouped_flow_table(ns, &ft_attr); -- 2.42.0.windows.2

3 months, 2 weeks

2
1
0 0

[PATCH v2] clocksource: stm32-lptimer: use wakeup capable instead of init wakeup

by Fabrice Gasnier

From: Alexandre Torgue <alexandre.torgue(a)foss.st.com> "wakeup-source" property describes a device which has wakeup capability but should not force this device as a wakeup source. Fixes: 48b41c5e2de6 ("clocksource: Add Low Power STM32 timers driver") Signed-off-by: Alexandre Torgue <alexandre.torgue(a)foss.st.com> Signed-off-by: Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> --- drivers/clocksource/timer-stm32-lp.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/clocksource/timer-stm32-lp.c b/drivers/clocksource/timer-stm32-lp.c index a4c95161cb22..193e4f643358 100644 --- a/drivers/clocksource/timer-stm32-lp.c +++ b/drivers/clocksource/timer-stm32-lp.c @@ -168,9 +168,7 @@ static int stm32_clkevent_lp_probe(struct platform_device *pdev) } if (of_property_read_bool(pdev->dev.parent->of_node, "wakeup-source")) { - ret = device_init_wakeup(&pdev->dev, true); - if (ret) - goto out_clk_disable; + device_set_wakeup_capable(&pdev->dev, true); ret = dev_pm_set_wake_irq(&pdev->dev, irq); if (ret) -- 2.25.1

3 months, 2 weeks

2
1
0 0

[PATCH] RDMA/mlx5: Prevent UB from shifting negative signed value

by Qasim Ijaz

In function create_ib_ah() the following line attempts to left shift the return value of mlx5r_ib_rate() by 4 and store it in the stat_rate_sl member of av: ah->av.stat_rate_sl = (mlx5r_ib_rate(dev, rdma_ah_get_static_rate(ah_attr)) << 4); However the code overlooks the fact that mlx5r_ib_rate() may return -EINVAL if the rate passed to it is less than IB_RATE_2_5_GBPS or greater than IB_RATE_800_GBPS. Because of this, the code may invoke undefined behaviour when shifting a signed negative value when doing "-EINVAL << 4". To fix this check for errors before assigning stat_rate_sl and propagate any error value to the callers. Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> Fixes: c534ffda781f ("RDMA/mlx5: Fix AH static rate parsing") Cc: stable(a)vger.kernel.org --- drivers/infiniband/hw/mlx5/ah.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/drivers/infiniband/hw/mlx5/ah.c b/drivers/infiniband/hw/mlx5/ah.c index 99036afb3aef..6bccd9ce4538 100644 --- a/drivers/infiniband/hw/mlx5/ah.c +++ b/drivers/infiniband/hw/mlx5/ah.c @@ -50,11 +50,12 @@ static __be16 mlx5_ah_get_udp_sport(const struct mlx5_ib_dev *dev, return sport; } -static void create_ib_ah(struct mlx5_ib_dev *dev, struct mlx5_ib_ah *ah, +static int create_ib_ah(struct mlx5_ib_dev *dev, struct mlx5_ib_ah *ah, struct rdma_ah_init_attr *init_attr) { struct rdma_ah_attr *ah_attr = init_attr->ah_attr; enum ib_gid_type gid_type; + int rate_val; if (rdma_ah_get_ah_flags(ah_attr) & IB_AH_GRH) { const struct ib_global_route *grh = rdma_ah_read_grh(ah_attr); @@ -67,8 +68,10 @@ static void create_ib_ah(struct mlx5_ib_dev *dev, struct mlx5_ib_ah *ah, ah->av.tclass = grh->traffic_class; } - ah->av.stat_rate_sl = - (mlx5r_ib_rate(dev, rdma_ah_get_static_rate(ah_attr)) << 4); + rate_val = mlx5r_ib_rate(dev, rdma_ah_get_static_rate(ah_attr)); + if (rate_val < 0) + return rate_val; + ah->av.stat_rate_sl = rate_val << 4; if (ah_attr->type == RDMA_AH_ATTR_TYPE_ROCE) { if (init_attr->xmit_slave) @@ -89,6 +92,8 @@ static void create_ib_ah(struct mlx5_ib_dev *dev, struct mlx5_ib_ah *ah, ah->av.fl_mlid = rdma_ah_get_path_bits(ah_attr) & 0x7f; ah->av.stat_rate_sl |= (rdma_ah_get_sl(ah_attr) & 0xf); } + + return 0; } int mlx5_ib_create_ah(struct ib_ah *ibah, struct rdma_ah_init_attr *init_attr, @@ -99,6 +104,7 @@ int mlx5_ib_create_ah(struct ib_ah *ibah, struct rdma_ah_init_attr *init_attr, struct mlx5_ib_ah *ah = to_mah(ibah); struct mlx5_ib_dev *dev = to_mdev(ibah->device); enum rdma_ah_attr_type ah_type = ah_attr->type; + int ret; if ((ah_type == RDMA_AH_ATTR_TYPE_ROCE) && !(rdma_ah_get_ah_flags(ah_attr) & IB_AH_GRH)) @@ -121,7 +127,10 @@ int mlx5_ib_create_ah(struct ib_ah *ibah, struct rdma_ah_init_attr *init_attr, return err; } - create_ib_ah(dev, ah, init_attr); + ret = create_ib_ah(dev, ah, init_attr); + if (ret) + return ret; + return 0; } -- 2.39.5

3 months, 2 weeks

3
2
0 0

[PATCH v2] svc-i3c-master: Fix read from unreadable memory at svc_i3c_master_ibi_work()

by Manjunatha Venkatesh

As part of I3C driver probing sequence for particular device instance, While adding to queue it is trying to access ibi variable of dev which is not yet initialized causing "Unable to handle kernel read from unreadable memory" resulting in kernel panic. Signed-off-by: Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> --- Changes since v1: - Patch tittle updated as per the review feedback drivers/i3c/master/svc-i3c-master.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index d6057d8c7dec..98c4d2e5cd8d 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -534,8 +534,11 @@ static void svc_i3c_master_ibi_work(struct work_struct *work) switch (ibitype) { case SVC_I3C_MSTATUS_IBITYPE_IBI: if (dev) { - i3c_master_queue_ibi(dev, master->ibi.tbq_slot); - master->ibi.tbq_slot = NULL; + data = i3c_dev_get_master_data(dev); + if (master->ibi.slots[data->ibi]) { + i3c_master_queue_ibi(dev, master->ibi.tbq_slot); + master->ibi.tbq_slot = NULL; + } } svc_i3c_master_emit_stop(master); break; -- 2.46.1

3 months, 2 weeks

2
1
0 0

[PATCH v2] svc-i3c-master: Fix read from unreadable memory at svc_i3c_master_ibi_work()

by Manjunatha Venkatesh

As part of I3C driver probing sequence for particular device instance, While adding to queue it is trying to access ibi variable of dev which is not yet initialized causing "Unable to handle kernel read from unreadable memory" resulting in kernel panic. Signed-off-by: Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> --- Changes since v1: - Patch tittle updated as per the review feedback drivers/i3c/master/svc-i3c-master.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index d6057d8c7dec..98c4d2e5cd8d 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -534,8 +534,11 @@ static void svc_i3c_master_ibi_work(struct work_struct *work) switch (ibitype) { case SVC_I3C_MSTATUS_IBITYPE_IBI: if (dev) { - i3c_master_queue_ibi(dev, master->ibi.tbq_slot); - master->ibi.tbq_slot = NULL; + data = i3c_dev_get_master_data(dev); + if (master->ibi.slots[data->ibi]) { + i3c_master_queue_ibi(dev, master->ibi.tbq_slot); + master->ibi.tbq_slot = NULL; + } } svc_i3c_master_emit_stop(master); break; -- 2.46.1

3 months, 2 weeks

2
1
0 0

[PATCH v2] LoongArch: mm: Set max_pfn with the PFN of the last page

by Bibo Mao

The current max_pfn equals to zero. In this case, it caused users cannot get some page information through /proc such as kpagecount. The following message is displayed by stress-ng test suite with the command "stress-ng --verbose --physpage 1 -t 1". # stress-ng --verbose --physpage 1 -t 1 stress-ng: error: [1691] physpage: cannot read page count for address 0x134ac000 in /proc/kpagecount, errno=22 (Invalid argument) stress-ng: error: [1691] physpage: cannot read page count for address 0x7ffff207c3a8 in /proc/kpagecount, errno=22 (Invalid argument) stress-ng: error: [1691] physpage: cannot read page count for address 0x134b0000 in /proc/kpagecount, errno=22 (Invalid argument) ... After applying this patch, the kernel can pass the test. # stress-ng --verbose --physpage 1 -t 1 stress-ng: debug: [1701] physpage: [1701] started (instance 0 on CPU 3) stress-ng: debug: [1701] physpage: [1701] exited (instance 0 on CPU 3) stress-ng: debug: [1700] physpage: [1701] terminated (success) Cc: stable(a)vger.kernel.org Fixes: ff6c3d81f2e8 ("NUMA: optimize detection of memory with no node id assigned by firmware") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kernel/setup.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/loongarch/kernel/setup.c b/arch/loongarch/kernel/setup.c index edcfdfcad7d2..a9c1184ab893 100644 --- a/arch/loongarch/kernel/setup.c +++ b/arch/loongarch/kernel/setup.c @@ -390,6 +390,7 @@ static void __init arch_mem_init(char **cmdline_p) if (usermem) pr_info("User-defined physical RAM map overwrite\n"); + max_low_pfn = max_pfn = PHYS_PFN(memblock_end_of_DRAM()); check_kernel_sections_mem(); /* base-commit: 848e076317446f9c663771ddec142d7c2eb4cb43 -- 2.39.3

3 months, 2 weeks

3
3
0 0

[merged mm-hotfixes-stable] mm-page_alloc-fix-uninitialized-variable.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/page_alloc: fix uninitialized variable has been removed from the -mm tree. Its filename was mm-page_alloc-fix-uninitialized-variable.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Hao Zhang <zhanghao1(a)kylinos.cn> Subject: mm/page_alloc: fix uninitialized variable Date: Thu, 27 Feb 2025 11:41:29 +0800 The variable "compact_result" is not initialized in function __alloc_pages_slowpath(). It causes should_compact_retry() to use an uninitialized value. Initialize variable "compact_result" with the value COMPACT_SKIPPED. BUG: KMSAN: uninit-value in __alloc_pages_slowpath+0xee8/0x16c0 mm/page_alloc.c:4416 __alloc_pages_slowpath+0xee8/0x16c0 mm/page_alloc.c:4416 __alloc_frozen_pages_noprof+0xa4c/0xe00 mm/page_alloc.c:4752 alloc_pages_mpol+0x4cd/0x890 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof mm/mempolicy.c:2361 [inline] folio_alloc_noprof+0x1dc/0x350 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xa6/0x440 mm/filemap.c:1019 __filemap_get_folio+0xb9a/0x1840 mm/filemap.c:1970 grow_dev_folio fs/buffer.c:1039 [inline] grow_buffers fs/buffer.c:1105 [inline] __getblk_slow fs/buffer.c:1131 [inline] bdev_getblk+0x2c9/0xab0 fs/buffer.c:1431 getblk_unmovable include/linux/buffer_head.h:369 [inline] ext4_getblk+0x3b7/0xe50 fs/ext4/inode.c:864 ext4_bread_batch+0x9f/0x7d0 fs/ext4/inode.c:933 __ext4_find_entry+0x1ebb/0x36c0 fs/ext4/namei.c:1627 ext4_lookup_entry fs/ext4/namei.c:1729 [inline] ext4_lookup+0x189/0xb40 fs/ext4/namei.c:1797 __lookup_slow+0x538/0x710 fs/namei.c:1793 lookup_slow+0x6a/0xd0 fs/namei.c:1810 walk_component fs/namei.c:2114 [inline] link_path_walk+0xf29/0x1420 fs/namei.c:2479 path_openat+0x30f/0x6250 fs/namei.c:3985 do_filp_open+0x268/0x600 fs/namei.c:4016 do_sys_openat2+0x1bf/0x2f0 fs/open.c:1428 do_sys_open fs/open.c:1443 [inline] __do_sys_openat fs/open.c:1459 [inline] __se_sys_openat fs/open.c:1454 [inline] __x64_sys_openat+0x2a1/0x310 fs/open.c:1454 x64_sys_call+0x36f5/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:258 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable compact_result created at: __alloc_pages_slowpath+0x66/0x16c0 mm/page_alloc.c:4218 __alloc_frozen_pages_noprof+0xa4c/0xe00 mm/page_alloc.c:4752 Link: https://lkml.kernel.org/r/tencent_ED1032321D6510B145CDBA8CBA0093178E09@qq.c… Reported-by: syzbot+0cfd5e38e96a5596f2b6(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=0cfd5e38e96a5596f2b6 Signed-off-by: Hao Zhang <zhanghao1(a)kylinos.cn> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/page_alloc.c~mm-page_alloc-fix-uninitialized-variable +++ a/mm/page_alloc.c @@ -4243,6 +4243,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, u restart: compaction_retries = 0; no_progress_loops = 0; + compact_result = COMPACT_SKIPPED; compact_priority = DEF_COMPACT_PRIORITY; cpuset_mems_cookie = read_mems_allowed_begin(); zonelist_iter_cookie = zonelist_iter_begin(); _ Patches currently in -mm which might be from zhanghao1(a)kylinos.cn are mm-vmscan-extract-calculated-pressure-balance-as-a-function.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] rapidio-add-check-for-rio_add_net-in-rio_scan_alloc_net.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: rapidio: add check for rio_add_net() in rio_scan_alloc_net() has been removed from the -mm tree. Its filename was rapidio-add-check-for-rio_add_net-in-rio_scan_alloc_net.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Haoxiang Li <haoxiang_li2024(a)163.com> Subject: rapidio: add check for rio_add_net() in rio_scan_alloc_net() Date: Thu, 27 Feb 2025 12:11:31 +0800 The return value of rio_add_net() should be checked. If it fails, put_device() should be called to free the memory and give up the reference initialized in rio_add_net(). Link: https://lkml.kernel.org/r/20250227041131.3680761-1-haoxiang_li2024@163.com Fixes: e6b585ca6e81 ("rapidio: move net allocation into core code") Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com> Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> Cc: Alexandre Bounine <alex.bou9(a)gmail.com> Cc: Matt Porter <mporter(a)kernel.crashing.org> Cc: Dan Carpenter <dan.carpenter(a)linaro.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/rapidio/rio-scan.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/drivers/rapidio/rio-scan.c~rapidio-add-check-for-rio_add_net-in-rio_scan_alloc_net +++ a/drivers/rapidio/rio-scan.c @@ -871,7 +871,10 @@ static struct rio_net *rio_scan_alloc_ne dev_set_name(&net->dev, "rnet_%d", net->id); net->dev.parent = &mport->dev; net->dev.release = rio_scan_release_dev; - rio_add_net(net); + if (rio_add_net(net)) { + put_device(&net->dev); + net = NULL; + } } return net; _ Patches currently in -mm which might be from haoxiang_li2024(a)163.com are

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] rapidio-fix-an-api-misues-when-rio_add_net-fails.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: rapidio: fix an API misues when rio_add_net() fails has been removed from the -mm tree. Its filename was rapidio-fix-an-api-misues-when-rio_add_net-fails.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Haoxiang Li <haoxiang_li2024(a)163.com> Subject: rapidio: fix an API misues when rio_add_net() fails Date: Thu, 27 Feb 2025 15:34:09 +0800 rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add "mport->net = NULL;" to avoid a use after free issue. Link: https://lkml.kernel.org/r/20250227073409.3696854-1-haoxiang_li2024@163.com Fixes: e8de370188d0 ("rapidio: add mport char device driver") Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> Reviewed-by: Dan Carpenter <dan.carpenter(a)linaro.org> Cc: Alexandre Bounine <alex.bou9(a)gmail.com> Cc: Matt Porter <mporter(a)kernel.crashing.org> Cc: Yang Yingliang <yangyingliang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/rapidio/devices/rio_mport_cdev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/rapidio/devices/rio_mport_cdev.c~rapidio-fix-an-api-misues-when-rio_add_net-fails +++ a/drivers/rapidio/devices/rio_mport_cdev.c @@ -1742,7 +1742,8 @@ static int rio_mport_add_riodev(struct m err = rio_add_net(net); if (err) { rmcd_debug(RDEV, "failed to register net, err=%d", err); - kfree(net); + put_device(&net->dev); + mport->net = NULL; goto cleanup; } } _ Patches currently in -mm which might be from haoxiang_li2024(a)163.com are

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] revert-mm-page_allocc-dont-show-protection-in-zones-lowmem_reserve-for-empty-zone.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" has been removed from the -mm tree. Its filename was revert-mm-page_allocc-dont-show-protection-in-zones-lowmem_reserve-for-empty-zone.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Gabriel Krisman Bertazi <krisman(a)suse.de> Subject: Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" Date: Tue, 25 Feb 2025 22:22:58 -0500 Commit 96a5c186efff ("mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone") removes the protection of lower zones from allocations targeting memory-less high zones. This had an unintended impact on the pattern of reclaims because it makes the high-zone-targeted allocation more likely to succeed in lower zones, which adds pressure to said zones. I.e, the following corresponding checks in zone_watermark_ok/zone_watermark_fast are less likely to trigger: if (free_pages <= min + z->lowmem_reserve[highest_zoneidx]) return false; As a result, we are observing an increase in reclaim and kswapd scans, due to the increased pressure. This was initially observed as increased latency in filesystem operations when benchmarking with fio on a machine with some memory-less zones, but it has since been associated with increased contention in locks related to memory reclaim. By reverting this patch, the original performance was recovered on that machine. The original commit was introduced as a clarification of the /proc/zoneinfo output, so it doesn't seem there are usecases depending on it, making the revert a simple solution. For reference, I collected vmstat with and without this patch on a freshly booted system running intensive randread io from an nvme for 5 minutes. I got: rpm-6.12.0-slfo.1.2 -> pgscan_kswapd 5629543865 Patched -> pgscan_kswapd 33580844 33M scans is similar to what we had in kernels predating this patch. These numbers is fairly representative of the workload on this machine, as measured in several runs. So we are talking about a 2-order of magnitude increase. Link: https://lkml.kernel.org/r/20250226032258.234099-1-krisman@suse.de Fixes: 96a5c186efff ("mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone") Signed-off-by: Gabriel Krisman Bertazi <krisman(a)suse.de> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Mel Gorman <mgorman(a)suse.de> Cc: Baoquan He <bhe(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/mm/page_alloc.c~revert-mm-page_allocc-dont-show-protection-in-zones-lowmem_reserve-for-empty-zone +++ a/mm/page_alloc.c @@ -5849,11 +5849,10 @@ static void setup_per_zone_lowmem_reserv for (j = i + 1; j < MAX_NR_ZONES; j++) { struct zone *upper_zone = &pgdat->node_zones[j]; - bool empty = !zone_managed_pages(upper_zone); managed_pages += zone_managed_pages(upper_zone); - if (clear || empty) + if (clear) zone->lowmem_reserve[j] = 0; else zone->lowmem_reserve[j] = managed_pages / ratio; _ Patches currently in -mm which might be from krisman(a)suse.de are

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-fix-finish_fault-handling-for-large-folios.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix finish_fault() handling for large folios has been removed from the -mm tree. Its filename was mm-fix-finish_fault-handling-for-large-folios.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Brian Geffon <bgeffon(a)google.com> Subject: mm: fix finish_fault() handling for large folios Date: Wed, 26 Feb 2025 11:23:41 -0500 When handling faults for anon shmem finish_fault() will attempt to install ptes for the entire folio. Unfortunately if it encounters a single non-pte_none entry in that range it will bail, even if the pte that triggered the fault is still pte_none. When this situation happens the fault will be retried endlessly never making forward progress. This patch fixes this behavior and if it detects that a pte in the range is not pte_none it will fall back to setting a single pte. [bgeffon(a)google.com: tweak whitespace] Link: https://lkml.kernel.org/r/20250227133236.1296853-1-bgeffon@google.com Link: https://lkml.kernel.org/r/20250226162341.915535-1-bgeffon@google.com Fixes: 43e027e41423 ("mm: memory: extend finish_fault() to support large folio") Signed-off-by: Brian Geffon <bgeffon(a)google.com> Suggested-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Reported-by: Marek Maslanka <mmaslanka(a)google.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickens <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) --- a/mm/memory.c~mm-fix-finish_fault-handling-for-large-folios +++ a/mm/memory.c @@ -5185,7 +5185,11 @@ vm_fault_t finish_fault(struct vm_fault bool is_cow = (vmf->flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED); int type, nr_pages; - unsigned long addr = vmf->address; + unsigned long addr; + bool needs_fallback = false; + +fallback: + addr = vmf->address; /* Did we COW the page? */ if (is_cow) @@ -5224,7 +5228,8 @@ vm_fault_t finish_fault(struct vm_fault * approach also applies to non-anonymous-shmem faults to avoid * inflating the RSS of the process. */ - if (!vma_is_anon_shmem(vma) || unlikely(userfaultfd_armed(vma))) { + if (!vma_is_anon_shmem(vma) || unlikely(userfaultfd_armed(vma)) || + unlikely(needs_fallback)) { nr_pages = 1; } else if (nr_pages > 1) { pgoff_t idx = folio_page_idx(folio, page); @@ -5260,9 +5265,9 @@ vm_fault_t finish_fault(struct vm_fault ret = VM_FAULT_NOPAGE; goto unlock; } else if (nr_pages > 1 && !pte_range_none(vmf->pte, nr_pages)) { - update_mmu_tlb_range(vma, addr, vmf->pte, nr_pages); - ret = VM_FAULT_NOPAGE; - goto unlock; + needs_fallback = true; + pte_unmap_unlock(vmf->pte, vmf->ptl); + goto fallback; } folio_ref_add(folio, nr_pages - 1); _ Patches currently in -mm which might be from bgeffon(a)google.com are

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-dont-skip-arch_sync_kernel_mappings-in-error-paths.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: don't skip arch_sync_kernel_mappings() in error paths has been removed from the -mm tree. Its filename was mm-dont-skip-arch_sync_kernel_mappings-in-error-paths.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: don't skip arch_sync_kernel_mappings() in error paths Date: Wed, 26 Feb 2025 12:16:09 +0000 Fix callers that previously skipped calling arch_sync_kernel_mappings() if an error occurred during a pgtable update. The call is still required to sync any pgtable updates that may have occurred prior to hitting the error condition. These are theoretical bugs discovered during code review. Link: https://lkml.kernel.org/r/20250226121610.2401743-1-ryan.roberts@arm.com Fixes: 2ba3e6947aed ("mm/vmalloc: track which page-table levels were modified") Fixes: 0c95cba49255 ("mm: apply_to_pte_range warn and fail if a large pte is encountered") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christop Hellwig <hch(a)infradead.org> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 6 ++++-- mm/vmalloc.c | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) --- a/mm/memory.c~mm-dont-skip-arch_sync_kernel_mappings-in-error-paths +++ a/mm/memory.c @@ -3051,8 +3051,10 @@ static int __apply_to_page_range(struct next = pgd_addr_end(addr, end); if (pgd_none(*pgd) && !create) continue; - if (WARN_ON_ONCE(pgd_leaf(*pgd))) - return -EINVAL; + if (WARN_ON_ONCE(pgd_leaf(*pgd))) { + err = -EINVAL; + break; + } if (!pgd_none(*pgd) && WARN_ON_ONCE(pgd_bad(*pgd))) { if (!create) continue; --- a/mm/vmalloc.c~mm-dont-skip-arch_sync_kernel_mappings-in-error-paths +++ a/mm/vmalloc.c @@ -586,13 +586,13 @@ static int vmap_small_pages_range_noflus mask |= PGTBL_PGD_MODIFIED; err = vmap_pages_p4d_range(pgd, addr, next, prot, pages, &nr, &mask); if (err) - return err; + break; } while (pgd++, addr = next, addr != end); if (mask & ARCH_PAGE_TABLE_SYNC_MASK) arch_sync_kernel_mappings(start, end); - return 0; + return err; } /* _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-ioremap-pass-pgprot_t-to-ioremap_prot-instead-of-unsigned-long.patch mm-fix-lazy-mmu-docs-and-usage.patch fs-proc-task_mmu-reduce-scope-of-lazy-mmu-region.patch sparc-mm-disable-preemption-in-lazy-mmu-mode.patch sparc-mm-avoid-calling-arch_enter-leave_lazy_mmu-in-set_ptes.patch revert-x86-xen-allow-nesting-of-same-lazy-mode.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] userfaultfd-fix-pte-unmapping-stack-allocated-pte-copies.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: userfaultfd: fix PTE unmapping stack-allocated PTE copies has been removed from the -mm tree. Its filename was userfaultfd-fix-pte-unmapping-stack-allocated-pte-copies.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: userfaultfd: fix PTE unmapping stack-allocated PTE copies Date: Wed, 26 Feb 2025 10:55:09 -0800 Current implementation of move_pages_pte() copies source and destination PTEs in order to detect concurrent changes to PTEs involved in the move. However these copies are also used to unmap the PTEs, which will fail if CONFIG_HIGHPTE is enabled because the copies are allocated on the stack. Fix this by using the actual PTEs which were kmap()ed. Link: https://lkml.kernel.org/r/20250226185510.2732648-3-surenb@google.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) --- a/mm/userfaultfd.c~userfaultfd-fix-pte-unmapping-stack-allocated-pte-copies +++ a/mm/userfaultfd.c @@ -1290,8 +1290,8 @@ retry: spin_unlock(src_ptl); if (!locked) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ folio_lock(src_folio); @@ -1307,8 +1307,8 @@ retry: /* at this point we have src_folio locked */ if (folio_test_large(src_folio)) { /* split_folio() can block */ - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; err = split_folio(src_folio); if (err) @@ -1333,8 +1333,8 @@ retry: goto out; } if (!anon_vma_trylock_write(src_anon_vma)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; /* now we can block and wait */ anon_vma_lock_write(src_anon_vma); @@ -1352,8 +1352,8 @@ retry: entry = pte_to_swp_entry(orig_src_pte); if (non_swap_entry(entry)) { if (is_migration_entry(entry)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; migration_entry_wait(mm, src_pmd, src_addr); err = -EAGAIN; @@ -1396,8 +1396,8 @@ retry: src_folio = folio; src_folio_pte = orig_src_pte; if (!folio_trylock(src_folio)) { - pte_unmap(&orig_src_pte); - pte_unmap(&orig_dst_pte); + pte_unmap(src_pte); + pte_unmap(dst_pte); src_pte = dst_pte = NULL; put_swap_device(si); si = NULL; _ Patches currently in -mm which might be from surenb(a)google.com are mm-avoid-extra-mem_alloc_profiling_enabled-checks.patch alloc_tag-uninline-code-gated-by-mem_alloc_profiling_key-in-slab-allocator.patch alloc_tag-uninline-code-gated-by-mem_alloc_profiling_key-in-page-allocator.patch mm-introduce-vma_start_read_locked_nested-helpers.patch mm-move-per-vma-lock-into-vm_area_struct.patch mm-mark-vma-as-detached-until-its-added-into-vma-tree.patch mm-introduce-vma_iter_store_attached-to-use-with-attached-vmas.patch mm-mark-vmas-detached-upon-exit.patch types-move-struct-rcuwait-into-typesh.patch mm-allow-vma_start_read_locked-vma_start_read_locked_nested-to-fail.patch mm-move-mmap_init_lock-out-of-the-header-file.patch mm-uninline-the-main-body-of-vma_start_write.patch refcount-provide-ops-for-cases-when-objects-memory-can-be-reused.patch refcount-provide-ops-for-cases-when-objects-memory-can-be-reused-fix.patch refcount-introduce-__refcount_addinc_not_zero_limited_acquire.patch mm-replace-vm_lock-and-detached-flag-with-a-reference-count.patch mm-replace-vm_lock-and-detached-flag-with-a-reference-count-fix.patch mm-move-lesser-used-vma_area_struct-members-into-the-last-cacheline.patch mm-debug-print-vm_refcnt-state-when-dumping-the-vma.patch mm-remove-extra-vma_numab_state_init-call.patch mm-prepare-lock_vma_under_rcu-for-vma-reuse-possibility.patch mm-make-vma-cache-slab_typesafe_by_rcu.patch mm-make-vma-cache-slab_typesafe_by_rcu-fix.patch docs-mm-document-latest-changes-to-vm_lock.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] userfaultfd-do-not-block-on-locking-a-large-folio-with-raised-refcount.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: userfaultfd: do not block on locking a large folio with raised refcount has been removed from the -mm tree. Its filename was userfaultfd-do-not-block-on-locking-a-large-folio-with-raised-refcount.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: userfaultfd: do not block on locking a large folio with raised refcount Date: Wed, 26 Feb 2025 10:55:08 -0800 Lokesh recently raised an issue about UFFDIO_MOVE getting into a deadlock state when it goes into split_folio() with raised folio refcount. split_folio() expects the reference count to be exactly mapcount + num_pages_in_folio + 1 (see can_split_folio()) and fails with EAGAIN otherwise. If multiple processes are trying to move the same large folio, they raise the refcount (all tasks succeed in that) then one of them succeeds in locking the folio, while others will block in folio_lock() while keeping the refcount raised. The winner of this race will proceed with calling split_folio() and will fail returning EAGAIN to the caller and unlocking the folio. The next competing process will get the folio locked and will go through the same flow. In the meantime the original winner will be retried and will block in folio_lock(), getting into the queue of waiting processes only to repeat the same path. All this results in a livelock. An easy fix would be to avoid waiting for the folio lock while holding folio refcount, similar to madvise_free_huge_pmd() where folio lock is acquired before raising the folio refcount. Since we lock and take a refcount of the folio while holding the PTE lock, changing the order of these operations should not break anything. Modify move_pages_pte() to try locking the folio first and if that fails and the folio is large then return EAGAIN without touching the folio refcount. If the folio is single-page then split_folio() is not called, so we don't have this issue. Lokesh has a reproducer [1] and I verified that this change fixes the issue. [1] https://github.com/lokeshgidra/uffd_move_ioctl_deadlock [akpm(a)linux-foundation.org: reflow comment to 80 cols, s/end/end up/] Link: https://lkml.kernel.org/r/20250226185510.2732648-2-surenb@google.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: Lokesh Gidra <lokeshgidra(a)google.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Acked-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Barry Song <v-songbaohua(a)oppo.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) --- a/mm/userfaultfd.c~userfaultfd-do-not-block-on-locking-a-large-folio-with-raised-refcount +++ a/mm/userfaultfd.c @@ -1250,6 +1250,7 @@ retry: */ if (!src_folio) { struct folio *folio; + bool locked; /* * Pin the page while holding the lock to be sure the @@ -1269,12 +1270,26 @@ retry: goto out; } + locked = folio_trylock(folio); + /* + * We avoid waiting for folio lock with a raised + * refcount for large folios because extra refcounts + * will result in split_folio() failing later and + * retrying. If multiple tasks are trying to move a + * large folio we can end up livelocking. + */ + if (!locked && folio_test_large(folio)) { + spin_unlock(src_ptl); + err = -EAGAIN; + goto out; + } + folio_get(folio); src_folio = folio; src_folio_pte = orig_src_pte; spin_unlock(src_ptl); - if (!folio_trylock(src_folio)) { + if (!locked) { pte_unmap(&orig_src_pte); pte_unmap(&orig_dst_pte); src_pte = dst_pte = NULL; _ Patches currently in -mm which might be from surenb(a)google.com are mm-avoid-extra-mem_alloc_profiling_enabled-checks.patch alloc_tag-uninline-code-gated-by-mem_alloc_profiling_key-in-slab-allocator.patch alloc_tag-uninline-code-gated-by-mem_alloc_profiling_key-in-page-allocator.patch mm-introduce-vma_start_read_locked_nested-helpers.patch mm-move-per-vma-lock-into-vm_area_struct.patch mm-mark-vma-as-detached-until-its-added-into-vma-tree.patch mm-introduce-vma_iter_store_attached-to-use-with-attached-vmas.patch mm-mark-vmas-detached-upon-exit.patch types-move-struct-rcuwait-into-typesh.patch mm-allow-vma_start_read_locked-vma_start_read_locked_nested-to-fail.patch mm-move-mmap_init_lock-out-of-the-header-file.patch mm-uninline-the-main-body-of-vma_start_write.patch refcount-provide-ops-for-cases-when-objects-memory-can-be-reused.patch refcount-provide-ops-for-cases-when-objects-memory-can-be-reused-fix.patch refcount-introduce-__refcount_addinc_not_zero_limited_acquire.patch mm-replace-vm_lock-and-detached-flag-with-a-reference-count.patch mm-replace-vm_lock-and-detached-flag-with-a-reference-count-fix.patch mm-move-lesser-used-vma_area_struct-members-into-the-last-cacheline.patch mm-debug-print-vm_refcnt-state-when-dumping-the-vma.patch mm-remove-extra-vma_numab_state_init-call.patch mm-prepare-lock_vma_under_rcu-for-vma-reuse-possibility.patch mm-make-vma-cache-slab_typesafe_by_rcu.patch mm-make-vma-cache-slab_typesafe_by_rcu-fix.patch docs-mm-document-latest-changes-to-vm_lock.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-shmem-fix-potential-data-corruption-during-shmem-swapin.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: shmem: fix potential data corruption during shmem swapin has been removed from the -mm tree. Its filename was mm-shmem-fix-potential-data-corruption-during-shmem-swapin.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Baolin Wang <baolin.wang(a)linux.alibaba.com> Subject: mm: shmem: fix potential data corruption during shmem swapin Date: Tue, 25 Feb 2025 17:52:55 +0800 Alex and Kairui reported some issues (system hang or data corruption) when swapping out or swapping in large shmem folios. This is especially easy to reproduce when the tmpfs is mount with the 'huge=within_size' parameter. Thanks to Kairui's reproducer, the issue can be easily replicated. The root cause of the problem is that swap readahead may asynchronously swap in order 0 folios into the swap cache, while the shmem mapping can still store large swap entries. Then an order 0 folio is inserted into the shmem mapping without splitting the large swap entry, which overwrites the original large swap entry, leading to data corruption. When getting a folio from the swap cache, we should split the large swap entry stored in the shmem mapping if the orders do not match, to fix this issue. Link: https://lkml.kernel.org/r/2fe47c557e74e9df5fe2437ccdc6c9115fa1bf70.17404769… Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Reported-by: Alex Xu (Hello71) <alex_y_xu(a)yahoo.ca> Reported-by: Kairui Song <ryncsn(a)gmail.com> Closes: https://lore.kernel.org/all/1738717785.im3r5g2vxc.none@localhost/ Tested-by: Kairui Song <kasong(a)tencent.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Lance Yang <ioworker0(a)gmail.com> Cc: Matthew Wilcow <willy(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) --- a/mm/shmem.c~mm-shmem-fix-potential-data-corruption-during-shmem-swapin +++ a/mm/shmem.c @@ -2253,7 +2253,7 @@ static int shmem_swapin_folio(struct ino struct folio *folio = NULL; bool skip_swapcache = false; swp_entry_t swap; - int error, nr_pages; + int error, nr_pages, order, split_order; VM_BUG_ON(!*foliop || !xa_is_value(*foliop)); swap = radix_to_swp_entry(*foliop); @@ -2272,10 +2272,9 @@ static int shmem_swapin_folio(struct ino /* Look it up and read it in.. */ folio = swap_cache_get_folio(swap, NULL, 0); + order = xa_get_order(&mapping->i_pages, index); if (!folio) { - int order = xa_get_order(&mapping->i_pages, index); bool fallback_order0 = false; - int split_order; /* Or update major stats only when swapin succeeds?? */ if (fault_type) { @@ -2339,6 +2338,29 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } + } else if (order != folio_order(folio)) { + /* + * Swap readahead may swap in order 0 folios into swapcache + * asynchronously, while the shmem mapping can still stores + * large swap entries. In such cases, we should split the + * large swap entry to prevent possible data corruption. + */ + split_order = shmem_split_large_entry(inode, index, swap, gfp); + if (split_order < 0) { + error = split_order; + goto failed; + } + + /* + * If the large swap entry has already been split, it is + * necessary to recalculate the new swap entry based on + * the old order alignment. + */ + if (split_order > 0) { + pgoff_t offset = index - round_down(index, 1 << split_order); + + swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); + } } alloced: @@ -2346,7 +2368,8 @@ alloced: folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap)) { + !shmem_confirm_swap(mapping, index, swap) || + xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from baolin.wang(a)linux.alibaba.com are mm-shmem-drop-the-unused-macro.patch mm-shmem-remove-fadvise-comments.patch mm-shmem-remove-duplicate-error-validation.patch mm-shmem-change-the-return-value-of-shmem_find_swap_entries.patch mm-shmem-factor-out-the-within_size-logic-into-a-new-helper.patch maintainers-add-myself-as-shmem-reviewer.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-fix-kernel-bug-when-userfaultfd_move-encounters-swapcache.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix kernel BUG when userfaultfd_move encounters swapcache has been removed from the -mm tree. Its filename was mm-fix-kernel-bug-when-userfaultfd_move-encounters-swapcache.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Barry Song <v-songbaohua(a)oppo.com> Subject: mm: fix kernel BUG when userfaultfd_move encounters swapcache Date: Wed, 26 Feb 2025 13:14:00 +1300 userfaultfd_move() checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, move_present_pte() handles folio migration by setting: src_folio->index = linear_page_index(dst_vma, dst_addr); - If the PTE entry is a swap entry, move_swap_pte() simply copies the PTE to the new dst_addr. This approach is incorrect because, even if the PTE is a swap entry, it can still reference a folio that remains in the swap cache. This creates a race window between steps 2 and 4. 1. add_to_swap: The folio is added to the swapcache. 2. try_to_unmap: PTEs are converted to swap entries. 3. pageout: The folio is written back. 4. Swapcache is cleared. If userfaultfd_move() occurs in the window between steps 2 and 4, after the swap PTE has been moved to the destination, accessing the destination triggers do_swap_page(), which may locate the folio in the swapcache. However, since the folio's index has not been updated to match the destination VMA, do_swap_page() will detect a mismatch. This can result in two critical issues depending on the system configuration. If KSM is disabled, both small and large folios can trigger a BUG during the add_rmap operation due to: page_pgoff(folio, page) != linear_page_index(vma, address) [ 13.336953] page: refcount:6 mapcount:1 mapping:00000000f43db19c index:0xffffaf150 pfn:0x4667c [ 13.337520] head: order:2 mapcount:1 entire_mapcount:0 nr_pages_mapped:1 pincount:0 [ 13.337716] memcg:ffff00000405f000 [ 13.337849] anon flags: 0x3fffc0000020459(locked|uptodate|dirty|owner_priv_1|head|swapbacked|node=0|zone=0|lastcpupid=0xffff) [ 13.338630] raw: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.338831] raw: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339031] head: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361 [ 13.339204] head: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000 [ 13.339375] head: 03fffc0000000202 fffffdffc0199f01 ffffffff00000000 0000000000000001 [ 13.339546] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 13.339736] page dumped because: VM_BUG_ON_PAGE(page_pgoff(folio, page) != linear_page_index(vma, address)) [ 13.340190] ------------[ cut here ]------------ [ 13.340316] kernel BUG at mm/rmap.c:1380! [ 13.340683] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 13.340969] Modules linked in: [ 13.341257] CPU: 1 UID: 0 PID: 107 Comm: a.out Not tainted 6.14.0-rc3-gcf42737e247a-dirty #299 [ 13.341470] Hardware name: linux,dummy-virt (DT) [ 13.341671] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 13.341815] pc : __page_check_anon_rmap+0xa0/0xb0 [ 13.341920] lr : __page_check_anon_rmap+0xa0/0xb0 [ 13.342018] sp : ffff80008752bb20 [ 13.342093] x29: ffff80008752bb20 x28: fffffdffc0199f00 x27: 0000000000000001 [ 13.342404] x26: 0000000000000000 x25: 0000000000000001 x24: 0000000000000001 [ 13.342575] x23: 0000ffffaf0d0000 x22: 0000ffffaf0d0000 x21: fffffdffc0199f00 [ 13.342731] x20: fffffdffc0199f00 x19: ffff000006210700 x18: 00000000ffffffff [ 13.342881] x17: 6c203d2120296567 x16: 6170202c6f696c6f x15: 662866666f67705f [ 13.343033] x14: 6567617028454741 x13: 2929737365726464 x12: ffff800083728ab0 [ 13.343183] x11: ffff800082996bf8 x10: 0000000000000fd7 x9 : ffff80008011bc40 [ 13.343351] x8 : 0000000000017fe8 x7 : 00000000fffff000 x6 : ffff8000829eebf8 [ 13.343498] x5 : c0000000fffff000 x4 : 0000000000000000 x3 : 0000000000000000 [ 13.343645] x2 : 0000000000000000 x1 : ffff0000062db980 x0 : 000000000000005f [ 13.343876] Call trace: [ 13.344045] __page_check_anon_rmap+0xa0/0xb0 (P) [ 13.344234] folio_add_anon_rmap_ptes+0x22c/0x320 [ 13.344333] do_swap_page+0x1060/0x1400 [ 13.344417] __handle_mm_fault+0x61c/0xbc8 [ 13.344504] handle_mm_fault+0xd8/0x2e8 [ 13.344586] do_page_fault+0x20c/0x770 [ 13.344673] do_translation_fault+0xb4/0xf0 [ 13.344759] do_mem_abort+0x48/0xa0 [ 13.344842] el0_da+0x58/0x130 [ 13.344914] el0t_64_sync_handler+0xc4/0x138 [ 13.345002] el0t_64_sync+0x1ac/0x1b0 [ 13.345208] Code: aa1503e0 f000f801 910f6021 97ff5779 (d4210000) [ 13.345504] ---[ end trace 0000000000000000 ]--- [ 13.345715] note: a.out[107] exited with irqs disabled [ 13.345954] note: a.out[107] exited with preempt_count 2 If KSM is enabled, Peter Xu also discovered that do_swap_page() may trigger an unexpected CoW operation for small folios because ksm_might_need_to_copy() allocates a new folio when the folio index does not match linear_page_index(vma, addr). This patch also checks the swapcache when handling swap entries. If a match is found in the swapcache, it processes it similarly to a present PTE. However, there are some differences. For example, the folio is no longer exclusive because folio_try_share_anon_rmap_pte() is performed during unmapping. Furthermore, in the case of swapcache, the folio has already been unmapped, eliminating the risk of concurrent rmap walks and removing the need to acquire src_folio's anon_vma or lock. Note that for large folios, in the swapcache handling path, we directly return -EBUSY since split_folio() will return -EBUSY regardless if the folio is under writeback or unmapped. This is not an urgent issue, so a follow-up patch may address it separately. [v-songbaohua(a)oppo.com: minor cleanup according to Peter Xu] Link: https://lkml.kernel.org/r/20250226024411.47092-1-21cnbao@gmail.com Link: https://lkml.kernel.org/r/20250226001400.9129-1-21cnbao@gmail.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Brian Geffon <bgeffon(a)google.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jann Horn <jannh(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Nicolas Geoffray <ngeoffray(a)google.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: ZhangPeng <zhangpeng362(a)huawei.com> Cc: Tangquan Zheng <zhengtangquan(a)oppo.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 74 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 66 insertions(+), 8 deletions(-) --- a/mm/userfaultfd.c~mm-fix-kernel-bug-when-userfaultfd_move-encounters-swapcache +++ a/mm/userfaultfd.c @@ -18,6 +18,7 @@ #include <asm/tlbflush.h> #include <asm/tlb.h> #include "internal.h" +#include "swap.h" static __always_inline bool validate_dst_vma(struct vm_area_struct *dst_vma, unsigned long dst_end) @@ -1076,16 +1077,14 @@ out: return err; } -static int move_swap_pte(struct mm_struct *mm, +static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, unsigned long dst_addr, unsigned long src_addr, pte_t *dst_pte, pte_t *src_pte, pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, - spinlock_t *dst_ptl, spinlock_t *src_ptl) + spinlock_t *dst_ptl, spinlock_t *src_ptl, + struct folio *src_folio) { - if (!pte_swp_exclusive(orig_src_pte)) - return -EBUSY; - double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1094,6 +1093,16 @@ static int move_swap_pte(struct mm_struc return -EAGAIN; } + /* + * The src_folio resides in the swapcache, requiring an update to its + * index and mapping to align with the dst_vma, where a swap-in may + * occur and hit the swapcache after moving the PTE. + */ + if (src_folio) { + folio_move_anon_rmap(src_folio, dst_vma); + src_folio->index = linear_page_index(dst_vma, dst_addr); + } + orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); set_pte_at(mm, dst_addr, dst_pte, orig_src_pte); double_pt_unlock(dst_ptl, src_ptl); @@ -1141,6 +1150,7 @@ static int move_pages_pte(struct mm_stru __u64 mode) { swp_entry_t entry; + struct swap_info_struct *si = NULL; pte_t orig_src_pte, orig_dst_pte; pte_t src_folio_pte; spinlock_t *src_ptl, *dst_ptl; @@ -1322,6 +1332,8 @@ retry: orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, dst_ptl, src_ptl, src_folio); } else { + struct folio *folio = NULL; + entry = pte_to_swp_entry(orig_src_pte); if (non_swap_entry(entry)) { if (is_migration_entry(entry)) { @@ -1335,9 +1347,53 @@ retry: goto out; } - err = move_swap_pte(mm, dst_addr, src_addr, dst_pte, src_pte, - orig_dst_pte, orig_src_pte, dst_pmd, - dst_pmdval, dst_ptl, src_ptl); + if (!pte_swp_exclusive(orig_src_pte)) { + err = -EBUSY; + goto out; + } + + si = get_swap_device(entry); + if (unlikely(!si)) { + err = -EAGAIN; + goto out; + } + /* + * Verify the existence of the swapcache. If present, the folio's + * index and mapping must be updated even when the PTE is a swap + * entry. The anon_vma lock is not taken during this process since + * the folio has already been unmapped, and the swap entry is + * exclusive, preventing rmap walks. + * + * For large folios, return -EBUSY immediately, as split_folio() + * also returns -EBUSY when attempting to split unmapped large + * folios in the swapcache. This issue needs to be resolved + * separately to allow proper handling. + */ + if (!src_folio) + folio = filemap_get_folio(swap_address_space(entry), + swap_cache_index(entry)); + if (!IS_ERR_OR_NULL(folio)) { + if (folio_test_large(folio)) { + err = -EBUSY; + folio_put(folio); + goto out; + } + src_folio = folio; + src_folio_pte = orig_src_pte; + if (!folio_trylock(src_folio)) { + pte_unmap(&orig_src_pte); + pte_unmap(&orig_dst_pte); + src_pte = dst_pte = NULL; + put_swap_device(si); + si = NULL; + /* now we can block and wait */ + folio_lock(src_folio); + goto retry; + } + } + err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, + orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, + dst_ptl, src_ptl, src_folio); } out: @@ -1354,6 +1410,8 @@ out: if (src_pte) pte_unmap(src_pte); mmu_notifier_invalidate_range_end(&range); + if (si) + put_swap_device(si); return err; } _ Patches currently in -mm which might be from v-songbaohua(a)oppo.com are mm-set-folio-swapbacked-iff-folios-are-dirty-in-try_to_unmap_one.patch mm-support-tlbbatch-flush-for-a-range-of-ptes.patch mm-support-batched-unmap-for-lazyfree-large-folios-during-reclamation.patch mm-avoid-splitting-pmd-for-lazyfree-pmd-mapped-thp-in-try_to_unmap.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-damon-damon_nr_regions-sort-collected-regiosn-before-checking-with-min-max-boundaries.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries has been removed from the -mm tree. Its filename was selftests-damon-damon_nr_regions-sort-collected-regiosn-before-checking-with-min-max-boundaries.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries Date: Tue, 25 Feb 2025 14:23:33 -0800 damon_nr_regions.py starts DAMON, periodically collect number of regions in snapshots, and see if it is in the requested range. The check code assumes the numbers are sorted on the collection list, but there is no such guarantee. Hence this can result in false positive test success. Sort the list before doing the check. Link: https://lkml.kernel.org/r/20250225222333.505646-4-sj@kernel.org Fixes: 781497347d1b ("selftests/damon: implement test for min/max_nr_regions") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/damon/damon_nr_regions.py | 1 + 1 file changed, 1 insertion(+) --- a/tools/testing/selftests/damon/damon_nr_regions.py~selftests-damon-damon_nr_regions-sort-collected-regiosn-before-checking-with-min-max-boundaries +++ a/tools/testing/selftests/damon/damon_nr_regions.py @@ -65,6 +65,7 @@ def test_nr_regions(real_nr_regions, min test_name = 'nr_regions test with %d/%d/%d real/min/max nr_regions' % ( real_nr_regions, min_nr_regions, max_nr_regions) + collected_nr_regions.sort() if (collected_nr_regions[0] < min_nr_regions or collected_nr_regions[-1] > max_nr_regions): print('fail %s' % test_name) _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-respect-core-layer-filters-allowance-decision-on-ops-layer.patch mm-damon-core-initialize-damos-walk_completed-in-damon_new_scheme.patch mm-madvise-split-out-mmap-locking-operations-for-madvise.patch mm-madvise-split-out-madvise-input-validity-check.patch mm-madvise-split-out-madvise-behavior-execution.patch mm-madvise-remove-redundant-mmap_lock-operations-from-process_madvise.patch mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch mm-damon-core-unset-damos-walk_completed-after-confimed-set.patch mm-damon-core-do-not-call-damos_walk_control-walk-if-walk-is-completed.patch mm-damon-core-do-damos-walking-in-entire-regions-granularity.patch mm-damon-introduce-damos-filter-type-hugepage_size-fix.patch docs-mm-damon-design-fix-typo-on-damos-filters-usage-doc-link.patch docs-mm-damon-design-document-hugepage_size-filter.patch docs-damon-move-damos-filter-type-names-and-meaning-to-design-doc.patch docs-mm-damon-design-clarify-handling-layer-based-filters-evaluation-sequence.patch docs-mm-damon-design-categorize-damos-filter-types-based-on-handling-layer.patch mm-damon-implement-a-new-damos-filter-type-for-unmapped-pages.patch docs-mm-damon-design-document-unmapped-damos-filter-type.patch mm-damon-add-data-structure-for-monitoring-intervals-auto-tuning.patch mm-damon-core-implement-intervals-auto-tuning.patch mm-damon-sysfs-implement-intervals-tuning-goal-directory.patch mm-damon-sysfs-commit-intervals-tuning-goal.patch mm-damon-sysfs-implement-a-command-to-update-auto-tuned-monitoring-intervals.patch docs-mm-damon-design-document-for-intervals-auto-tuning.patch docs-mm-damon-design-document-for-intervals-auto-tuning-fix.patch docs-abi-damon-document-intervals-auto-tuning-abi.patch docs-admin-guide-mm-damon-usage-add-intervals_goal-directory-on-the-hierarchy.patch mm-damon-core-introduce-damos-ops_filters.patch mm-damon-paddr-support-ops_filters.patch mm-damon-core-support-committing-ops_filters.patch mm-damon-core-put-ops-handled-filters-to-damos-ops_filters.patch mm-damon-paddr-support-only-damos-ops_filters.patch mm-damon-add-default-allow-reject-behavior-fields-to-struct-damos.patch mm-damon-core-set-damos_filter-default-allowance-behavior-based-on-installed-filters.patch mm-damon-paddr-respect-ops_filters_default_reject.patch docs-mm-damon-design-update-for-changed-filter-default-behavior.patch mm-damon-sysfs-schemes-let-damon_sysfs_scheme_set_filters-be-used-for-different-named-directories.patch mm-damon-sysfs-schemes-implement-core_filters-and-ops_filters-directories.patch mm-damon-sysfs-schemes-commit-filters-in-coreops_filters-directories.patch mm-damon-core-expose-damos_filter_for_ops-to-damon-kernel-api-callers.patch mm-damon-sysfs-schemes-record-filters-of-which-layer-should-be-added-to-the-given-filters-directory.patch mm-damon-sysfs-schemes-return-error-when-for-attempts-to-install-filters-on-wrong-sysfs-directory.patch docs-abi-damon-document-coreops_filters-directories.patch docs-admin-guide-mm-damon-usage-update-for-coreops_filters-directories.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-damon-damon_nr_regions-set-ops-update-for-merge-results-check-to-100ms.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms has been removed from the -mm tree. Its filename was selftests-damon-damon_nr_regions-set-ops-update-for-merge-results-check-to-100ms.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms Date: Tue, 25 Feb 2025 14:23:32 -0800 damon_nr_regions.py updates max_nr_regions to a number smaller than expected number of real regions and confirms DAMON respect the harsh limit. To give time for DAMON to make changes for the regions, 3 aggregation intervals (300 milliseconds) are given. The internal mechanism works with not only the max_nr_regions, but also sz_limit, though. It avoids merging region if that casn make region of size larger than sz_limit. In the test, sz_limit is set too small to achive the new max_nr_regions, unless it is updated for the new min_nr_regions. But the update is done only once per operations set update interval, which is one second by default. Hence, the test randomly incurs false positive failures. Fix it by setting the ops interval same to aggregation interval, to make sure sz_limit is updated by the time of the check. Link: https://lkml.kernel.org/r/20250225222333.505646-3-sj@kernel.org Fixes: 8bf890c81612 ("selftests/damon/damon_nr_regions: test online-tuned max_nr_regions") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/damon/damon_nr_regions.py | 1 + 1 file changed, 1 insertion(+) --- a/tools/testing/selftests/damon/damon_nr_regions.py~selftests-damon-damon_nr_regions-set-ops-update-for-merge-results-check-to-100ms +++ a/tools/testing/selftests/damon/damon_nr_regions.py @@ -109,6 +109,7 @@ def main(): attrs = kdamonds.kdamonds[0].contexts[0].monitoring_attrs attrs.min_nr_regions = 3 attrs.max_nr_regions = 7 + attrs.update_us = 100000 err = kdamonds.kdamonds[0].commit() if err is not None: proc.terminate() _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-respect-core-layer-filters-allowance-decision-on-ops-layer.patch mm-damon-core-initialize-damos-walk_completed-in-damon_new_scheme.patch mm-madvise-split-out-mmap-locking-operations-for-madvise.patch mm-madvise-split-out-madvise-input-validity-check.patch mm-madvise-split-out-madvise-behavior-execution.patch mm-madvise-remove-redundant-mmap_lock-operations-from-process_madvise.patch mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch mm-damon-core-unset-damos-walk_completed-after-confimed-set.patch mm-damon-core-do-not-call-damos_walk_control-walk-if-walk-is-completed.patch mm-damon-core-do-damos-walking-in-entire-regions-granularity.patch mm-damon-introduce-damos-filter-type-hugepage_size-fix.patch docs-mm-damon-design-fix-typo-on-damos-filters-usage-doc-link.patch docs-mm-damon-design-document-hugepage_size-filter.patch docs-damon-move-damos-filter-type-names-and-meaning-to-design-doc.patch docs-mm-damon-design-clarify-handling-layer-based-filters-evaluation-sequence.patch docs-mm-damon-design-categorize-damos-filter-types-based-on-handling-layer.patch mm-damon-implement-a-new-damos-filter-type-for-unmapped-pages.patch docs-mm-damon-design-document-unmapped-damos-filter-type.patch mm-damon-add-data-structure-for-monitoring-intervals-auto-tuning.patch mm-damon-core-implement-intervals-auto-tuning.patch mm-damon-sysfs-implement-intervals-tuning-goal-directory.patch mm-damon-sysfs-commit-intervals-tuning-goal.patch mm-damon-sysfs-implement-a-command-to-update-auto-tuned-monitoring-intervals.patch docs-mm-damon-design-document-for-intervals-auto-tuning.patch docs-mm-damon-design-document-for-intervals-auto-tuning-fix.patch docs-abi-damon-document-intervals-auto-tuning-abi.patch docs-admin-guide-mm-damon-usage-add-intervals_goal-directory-on-the-hierarchy.patch mm-damon-core-introduce-damos-ops_filters.patch mm-damon-paddr-support-ops_filters.patch mm-damon-core-support-committing-ops_filters.patch mm-damon-core-put-ops-handled-filters-to-damos-ops_filters.patch mm-damon-paddr-support-only-damos-ops_filters.patch mm-damon-add-default-allow-reject-behavior-fields-to-struct-damos.patch mm-damon-core-set-damos_filter-default-allowance-behavior-based-on-installed-filters.patch mm-damon-paddr-respect-ops_filters_default_reject.patch docs-mm-damon-design-update-for-changed-filter-default-behavior.patch mm-damon-sysfs-schemes-let-damon_sysfs_scheme_set_filters-be-used-for-different-named-directories.patch mm-damon-sysfs-schemes-implement-core_filters-and-ops_filters-directories.patch mm-damon-sysfs-schemes-commit-filters-in-coreops_filters-directories.patch mm-damon-core-expose-damos_filter_for_ops-to-damon-kernel-api-callers.patch mm-damon-sysfs-schemes-record-filters-of-which-layer-should-be-added-to-the-given-filters-directory.patch mm-damon-sysfs-schemes-return-error-when-for-attempts-to-install-filters-on-wrong-sysfs-directory.patch docs-abi-damon-document-coreops_filters-directories.patch docs-admin-guide-mm-damon-usage-update-for-coreops_filters-directories.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-damon-damos_quota-make-real-expectation-of-quota-exceeds.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/damon/damos_quota: make real expectation of quota exceeds has been removed from the -mm tree. Its filename was selftests-damon-damos_quota-make-real-expectation-of-quota-exceeds.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: selftests/damon/damos_quota: make real expectation of quota exceeds Date: Tue, 25 Feb 2025 14:23:31 -0800 Patch series "selftests/damon: three fixes for false results". Fix three DAMON selftest bugs that cause two and one false positive failures and successes. This patch (of 3): damos_quota.py assumes the quota will always exceeded. But whether quota will be exceeded or not depend on the monitoring results. Actually the monitored workload has chaning access pattern and hence sometimes the quota may not really be exceeded. As a result, false positive test failures happen. Expect how much time the quota will be exceeded by checking the monitoring results, and use it instead of the naive assumption. Link: https://lkml.kernel.org/r/20250225222333.505646-1-sj@kernel.org Link: https://lkml.kernel.org/r/20250225222333.505646-2-sj@kernel.org Fixes: 51f58c9da14b ("selftests/damon: add a test for DAMOS quota") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/damon/damos_quota.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/tools/testing/selftests/damon/damos_quota.py~selftests-damon-damos_quota-make-real-expectation-of-quota-exceeds +++ a/tools/testing/selftests/damon/damos_quota.py @@ -51,16 +51,19 @@ def main(): nr_quota_exceeds = scheme.stats.qt_exceeds wss_collected.sort() + nr_expected_quota_exceeds = 0 for wss in wss_collected: if wss > sz_quota: print('quota is not kept: %s > %s' % (wss, sz_quota)) print('collected samples are as below') print('\n'.join(['%d' % wss for wss in wss_collected])) exit(1) + if wss == sz_quota: + nr_expected_quota_exceeds += 1 - if nr_quota_exceeds < len(wss_collected): - print('quota is not always exceeded: %d > %d' % - (len(wss_collected), nr_quota_exceeds)) + if nr_quota_exceeds < nr_expected_quota_exceeds: + print('quota is exceeded less than expected: %d < %d' % + (nr_quota_exceeds, nr_expected_quota_exceeds)) exit(1) if __name__ == '__main__': _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-respect-core-layer-filters-allowance-decision-on-ops-layer.patch mm-damon-core-initialize-damos-walk_completed-in-damon_new_scheme.patch mm-madvise-split-out-mmap-locking-operations-for-madvise.patch mm-madvise-split-out-madvise-input-validity-check.patch mm-madvise-split-out-madvise-behavior-execution.patch mm-madvise-remove-redundant-mmap_lock-operations-from-process_madvise.patch mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch mm-damon-core-unset-damos-walk_completed-after-confimed-set.patch mm-damon-core-do-not-call-damos_walk_control-walk-if-walk-is-completed.patch mm-damon-core-do-damos-walking-in-entire-regions-granularity.patch mm-damon-introduce-damos-filter-type-hugepage_size-fix.patch docs-mm-damon-design-fix-typo-on-damos-filters-usage-doc-link.patch docs-mm-damon-design-document-hugepage_size-filter.patch docs-damon-move-damos-filter-type-names-and-meaning-to-design-doc.patch docs-mm-damon-design-clarify-handling-layer-based-filters-evaluation-sequence.patch docs-mm-damon-design-categorize-damos-filter-types-based-on-handling-layer.patch mm-damon-implement-a-new-damos-filter-type-for-unmapped-pages.patch docs-mm-damon-design-document-unmapped-damos-filter-type.patch mm-damon-add-data-structure-for-monitoring-intervals-auto-tuning.patch mm-damon-core-implement-intervals-auto-tuning.patch mm-damon-sysfs-implement-intervals-tuning-goal-directory.patch mm-damon-sysfs-commit-intervals-tuning-goal.patch mm-damon-sysfs-implement-a-command-to-update-auto-tuned-monitoring-intervals.patch docs-mm-damon-design-document-for-intervals-auto-tuning.patch docs-mm-damon-design-document-for-intervals-auto-tuning-fix.patch docs-abi-damon-document-intervals-auto-tuning-abi.patch docs-admin-guide-mm-damon-usage-add-intervals_goal-directory-on-the-hierarchy.patch mm-damon-core-introduce-damos-ops_filters.patch mm-damon-paddr-support-ops_filters.patch mm-damon-core-support-committing-ops_filters.patch mm-damon-core-put-ops-handled-filters-to-damos-ops_filters.patch mm-damon-paddr-support-only-damos-ops_filters.patch mm-damon-add-default-allow-reject-behavior-fields-to-struct-damos.patch mm-damon-core-set-damos_filter-default-allowance-behavior-based-on-installed-filters.patch mm-damon-paddr-respect-ops_filters_default_reject.patch docs-mm-damon-design-update-for-changed-filter-default-behavior.patch mm-damon-sysfs-schemes-let-damon_sysfs_scheme_set_filters-be-used-for-different-named-directories.patch mm-damon-sysfs-schemes-implement-core_filters-and-ops_filters-directories.patch mm-damon-sysfs-schemes-commit-filters-in-coreops_filters-directories.patch mm-damon-core-expose-damos_filter_for_ops-to-damon-kernel-api-callers.patch mm-damon-sysfs-schemes-record-filters-of-which-layer-should-be-added-to-the-given-filters-directory.patch mm-damon-sysfs-schemes-return-error-when-for-attempts-to-install-filters-on-wrong-sysfs-directory.patch docs-abi-damon-document-coreops_filters-directories.patch docs-admin-guide-mm-damon-usage-update-for-coreops_filters-directories.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback has been removed from the -mm tree. Its filename was nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Mike Snitzer <snitzer(a)kernel.org> Subject: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Date: Mon, 24 Feb 2025 21:20:02 -0500 Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so nfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can deadlock waiting for kcompactd enduced writeback which recurses back to NFS (which triggers writeback to NFSD via NFS loopback mount on the same host, NFSD blocks waiting for XFS's call to __filemap_get_folio): 6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds. {--- [58] "kcompactd0" [<0>] folio_wait_bit+0xe8/0x200 [<0>] folio_wait_writeback+0x2b/0x80 [<0>] nfs_wb_folio+0x80/0x1b0 [nfs] [<0>] nfs_release_folio+0x68/0x130 [nfs] [<0>] split_huge_page_to_list_to_order+0x362/0x840 [<0>] migrate_pages_batch+0x43d/0xb90 [<0>] migrate_pages_sync+0x9a/0x240 [<0>] migrate_pages+0x93c/0x9f0 [<0>] compact_zone+0x8e2/0x1030 [<0>] compact_node+0xdb/0x120 [<0>] kcompactd+0x121/0x2e0 [<0>] kthread+0xcf/0x100 [<0>] ret_from_fork+0x31/0x40 [<0>] ret_from_fork_asm+0x1a/0x30 ---} [akpm(a)linux-foundation.org: fix build] Link: https://lkml.kernel.org/r/20250225022002.26141-1-snitzer@kernel.org Fixes: 96780ca55e3c ("NFS: fix up nfs_release_folio() to try to release the page") Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Cc: Anna Schumaker <anna.schumaker(a)oracle.com> Cc: Trond Myklebust <trond.myklebust(a)hammerspace.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nfs/file.c | 3 ++- include/linux/compaction.h | 5 +++++ include/linux/sched.h | 2 +- mm/compaction.c | 3 +++ 4 files changed, 11 insertions(+), 2 deletions(-) --- a/fs/nfs/file.c~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/fs/nfs/file.c @@ -29,6 +29,7 @@ #include <linux/pagemap.h> #include <linux/gfp.h> #include <linux/swap.h> +#include <linux/compaction.h> #include <linux/uaccess.h> #include <linux/filelock.h> @@ -457,7 +458,7 @@ static bool nfs_release_folio(struct fol /* If the private flag is set, then the folio is not freeable */ if (folio_test_private(folio)) { if ((current_gfp_context(gfp) & GFP_KERNEL) != GFP_KERNEL || - current_is_kswapd()) + current_is_kswapd() || current_is_kcompactd()) return false; if (nfs_wb_folio(folio->mapping->host, folio) < 0) return false; --- a/include/linux/compaction.h~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/include/linux/compaction.h @@ -80,6 +80,11 @@ static inline unsigned long compact_gap( return 2UL << order; } +static inline int current_is_kcompactd(void) +{ + return current->flags & PF_KCOMPACTD; +} + #ifdef CONFIG_COMPACTION extern unsigned int extfrag_for_order(struct zone *zone, unsigned int order); --- a/include/linux/sched.h~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/include/linux/sched.h @@ -1701,7 +1701,7 @@ extern struct pid *cad_pid; #define PF_USED_MATH 0x00002000 /* If unset the fpu must be initialized before use */ #define PF_USER_WORKER 0x00004000 /* Kernel thread cloned from userspace thread */ #define PF_NOFREEZE 0x00008000 /* This thread should not be frozen */ -#define PF__HOLE__00010000 0x00010000 +#define PF_KCOMPACTD 0x00010000 /* I am kcompactd */ #define PF_KSWAPD 0x00020000 /* I am kswapd */ #define PF_MEMALLOC_NOFS 0x00040000 /* All allocations inherit GFP_NOFS. See memalloc_nfs_save() */ #define PF_MEMALLOC_NOIO 0x00080000 /* All allocations inherit GFP_NOIO. See memalloc_noio_save() */ --- a/mm/compaction.c~nfs-fix-nfs_release_folio-to-not-deadlock-via-kcompactd-writeback +++ a/mm/compaction.c @@ -3181,6 +3181,7 @@ static int kcompactd(void *p) long default_timeout = msecs_to_jiffies(HPAGE_FRAG_CHECK_INTERVAL_MSEC); long timeout = default_timeout; + current->flags |= PF_KCOMPACTD; set_freezable(); pgdat->kcompactd_max_order = 0; @@ -3237,6 +3238,8 @@ static int kcompactd(void *p) pgdat->proactive_compact_trigger = false; } + current->flags &= ~PF_KCOMPACTD; + return 0; } _ Patches currently in -mm which might be from snitzer(a)kernel.org are

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-abort-vma_modify-on-merge-out-of-memory-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: abort vma_modify() on merge out of memory failure has been removed from the -mm tree. Its filename was mm-abort-vma_modify-on-merge-out-of-memory-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: mm: abort vma_modify() on merge out of memory failure Date: Sat, 22 Feb 2025 16:19:52 +0000 The remainder of vma_modify() relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt failing not due to the specified range being unmergeable, but rather due to an out of memory error arising when attempting to commit the merge, this assumption becomes untrue. This results in vmg->start, end being modified, and thus the proceeding attempts to split the VMA will be done with invalid start/end values. Thankfully, it is likely practically impossible for us to hit this in reality, as it would require a maple tree node pre-allocation failure that would likely never happen due to it being 'too small to fail', i.e. the kernel would simply keep retrying reclaim until it succeeded. However, this scenario remains theoretically possible, and what we are doing here is wrong so we must correct it. The safest option is, when this scenario occurs, to simply give up the operation. If we cannot allocate memory to merge, then we cannot allocate memory to split either (perhaps moreso!). Any scenario where this would be happening would be under very extreme (likely fatal) memory pressure, so it's best we give up early. So there is no doubt it is appropriate to simply bail out in this scenario. However, in general we must if at all possible never assume VMG state is stable after a merge attempt, since merge operations update VMG fields. As a result, additionally also make this clear by storing start, end in local variables. The issue was reported originally by syzkaller, and by Brad Spengler (via an off-list discussion), and in both instances it manifested as a triggering of the assert: VM_WARN_ON_VMG(start >= end, vmg); In vma_merge_existing_range(). It seems at least one scenario in which this is occurring is one in which the merge being attempted is due to an madvise() across multiple VMAs which looks like this: start end |<------>| |----------|------| | vma | next | |----------|------| When madvise_walk_vmas() is invoked, we first find vma in the above (determining prev to be equal to vma as we are offset into vma), and then enter the loop. We determine the end of vma that forms part of the range we are madvise()'ing by setting 'tmp' to this value: /* Here vma->vm_start <= start < (end|vma->vm_end) */ tmp = vma->vm_end; We then invoke the madvise() operation via visit(), letting prev get updated to point to vma as part of the operation: /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */ error = visit(vma, &prev, start, tmp, arg); Where the visit() function pointer in this instance is madvise_vma_behavior(). As observed in syzkaller reports, it is ultimately madvise_update_vma() that is invoked, calling vma_modify_flags_name() and vma_modify() in turn. Then, in vma_modify(), we attempt the merge: merged = vma_merge_existing_range(vmg); if (merged) return merged; We invoke this with vmg->start, end set to start, tmp as such: start tmp |<--->| |----------|------| | vma | next | |----------|------| We find ourselves in the merge right scenario, but the one in which we cannot remove the middle (we are offset into vma). Here we have a special case where vmg->start, end get set to perhaps unintuitive values - we intended to shrink the middle VMA and expand the next. This means vmg->start, end are set to... vma->vm_start, start. Now the commit_merge() fails, and vmg->start, end are left like this. This means we return to the rest of vma_modify() with vmg->start, end (here denoted as start', end') set as: start' end' |<-->| |----------|------| | vma | next | |----------|------| So we now erroneously try to split accordingly. This is where the unfortunate stuff begins. We start with: /* Split any preceding portion of the VMA. */ if (vma->vm_start < vmg->start) { ... } This doesn't trigger as we are no longer offset into vma at the start. But then we invoke: /* Split any trailing portion of the VMA. */ if (vma->vm_end > vmg->end) { ... } Which does get invoked. This leaves us with: start' end' |<-->| |----|-----|------| | vma| new | next | |----|-----|------| We then return ultimately to madvise_walk_vmas(). Here 'new' is unknown, and putting back the values known in this function we are faced with: start tmp end | | | |----|-----|------| | vma| new | next | |----|-----|------| prev Then: start = tmp; So: start end | | |----|-----|------| | vma| new | next | |----|-----|------| prev The following code does not cause anything to happen: if (prev && start < prev->vm_end) start = prev->vm_end; if (start >= end) break; And then we invoke: if (prev) vma = find_vma(mm, prev->vm_end); Which is where a problem occurs - we don't know about 'new' so we essentially look for the vma after prev, which is new, whereas we actually intended to discover next! So we end up with: start end | | |----|-----|------| |prev| vma | next | |----|-----|------| And we have successfully bypassed all of the checks madvise_walk_vmas() has to ensure early exit should we end up moving out of range. We loop around, and hit: /* Here vma->vm_start <= start < (end|vma->vm_end) */ tmp = vma->vm_end; Oh dear. Now we have: tmp start end | | |----|-----|------| |prev| vma | next | |----|-----|------| We then invoke: /* Here vma->vm_start <= start < tmp <= (end|vma->vm_end). */ error = visit(vma, &prev, start, tmp, arg); Where start == tmp. That is, a zero range. This is not good. We invoke visit() which is madvise_vma_behavior() which does not check the range (for good reason, it assumes all checks have been done before it was called), which in turn finally calls madvise_update_vma(). The madvise_update_vma() function calls vma_modify_flags_name() in turn, which ultimately invokes vma_modify() with... start == end. vma_modify() calls vma_merge_existing_range() and finally we hit: VM_WARN_ON_VMG(start >= end, vmg); Which triggers, as start == end. While it might be useful to add some CONFIG_DEBUG_VM asserts in these instances to catch this kind of error, since we have just eliminated any possibility of that happening, we will add such asserts separately as to reduce churn and aid backporting. Link: https://lkml.kernel.org/r/20250222161952.41957-1-lorenzo.stoakes@oracle.com Fixes: 2f1c6611b0a8 ("mm: introduce vma_merge_struct and abstract vma_merge(),vma_modify()") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Tested-by: Brad Spengler <brad.spengler(a)opensrcsec.com> Reported-by: Brad Spengler <brad.spengler(a)opensrcsec.com> Reported-by: syzbot+46423ed8fa1f1148c6e4(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/6774c98f.050a0220.25abdd.0991.GAE@google.c… Cc: Jann Horn <jannh(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vma.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/mm/vma.c~mm-abort-vma_modify-on-merge-out-of-memory-failure +++ a/mm/vma.c @@ -1509,24 +1509,28 @@ int do_vmi_munmap(struct vma_iterator *v static struct vm_area_struct *vma_modify(struct vma_merge_struct *vmg) { struct vm_area_struct *vma = vmg->vma; + unsigned long start = vmg->start; + unsigned long end = vmg->end; struct vm_area_struct *merged; /* First, try to merge. */ merged = vma_merge_existing_range(vmg); if (merged) return merged; + if (vmg_nomem(vmg)) + return ERR_PTR(-ENOMEM); /* Split any preceding portion of the VMA. */ - if (vma->vm_start < vmg->start) { - int err = split_vma(vmg->vmi, vma, vmg->start, 1); + if (vma->vm_start < start) { + int err = split_vma(vmg->vmi, vma, start, 1); if (err) return ERR_PTR(err); } /* Split any trailing portion of the VMA. */ - if (vma->vm_end > vmg->end) { - int err = split_vma(vmg->vmi, vma, vmg->end, 0); + if (vma->vm_end > end) { + int err = split_vma(vmg->vmi, vma, end, 0); if (err) return ERR_PTR(err); _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-simplify-vma-merge-structure-and-expand-comments.patch mm-further-refactor-commit_merge.patch mm-eliminate-adj_start-parameter-from-commit_merge.patch mm-make-vmg-target-consistent-and-further-simplify-commit_merge.patch mm-completely-abstract-unnecessary-adj_start-calculation.patch mm-madvise-split-out-mmap-locking-operations-for-madvise-fix.patch mm-use-read-write_once-for-vma-vm_flags-on-migrate-mprotect.patch mm-refactor-rmap_walk_file-to-separate-out-traversal-logic.patch mm-provide-mapping_wrprotect_range-function.patch fb_defio-do-not-use-deprecated-page-mapping-index-fields.patch fb_defio-do-not-use-deprecated-page-mapping-index-fields-fix.patch mm-allow-guard-regions-in-file-backed-and-read-only-mappings.patch selftests-mm-rename-guard-pages-to-guard-regions.patch selftests-mm-rename-guard-pages-to-guard-regions-fix.patch tools-selftests-expand-all-guard-region-tests-to-file-backed.patch tools-selftests-add-file-shmem-backed-mapping-guard-region-tests.patch fs-proc-task_mmu-add-guard-region-bit-to-pagemap.patch tools-selftests-add-guard-region-test-for-proc-pid-pagemap.patch tools-selftests-add-guard-region-test-for-proc-pid-pagemap-fix.patch mm-mremap-correctly-handle-partial-mremap-of-vma-starting-at-0.patch mm-mremap-refactor-mremap-system-call-implementation.patch mm-mremap-introduce-and-use-vma_remap_struct-threaded-state.patch mm-mremap-initial-refactor-of-move_vma.patch mm-mremap-complete-refactor-of-move_vma.patch mm-mremap-refactor-move_page_tables-abstracting-state.patch mm-mremap-thread-state-through-move-page-table-operation.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: wait for hugetlb folios to be freed has been removed from the -mm tree. Its filename was mm-hugetlb-wait-for-hugetlb-folios-to-be-freed.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ge Yang <yangge1116(a)126.com> Subject: mm/hugetlb: wait for hugetlb folios to be freed Date: Wed, 19 Feb 2025 11:46:44 +0800 Since the introduction of commit c77c0a8ac4c52 ("mm/hugetlb: defer freeing of huge pages if in non-task context"), which supports deferring the freeing of hugetlb pages, the allocation of contiguous memory through cma_alloc() may fail probabilistically. In the CMA allocation process, if it is found that the CMA area is occupied by in-use hugetlb folios, these in-use hugetlb folios need to be migrated to another location. When there are no available hugetlb folios in the free hugetlb pool during the migration of in-use hugetlb folios, new folios are allocated from the buddy system. A temporary state is set on the newly allocated folio. Upon completion of the hugetlb folio migration, the temporary state is transferred from the new folios to the old folios. Normally, when the old folios with the temporary state are freed, it is directly released back to the buddy system. However, due to the deferred freeing of hugetlb pages, the PageBuddy() check fails, ultimately leading to the failure of cma_alloc(). Here is a simplified call trace illustrating the process: cma_alloc() ->__alloc_contig_migrate_range() // Migrate in-use hugetlb folios ->unmap_and_move_huge_page() ->folio_putback_hugetlb() // Free old folios ->test_pages_isolated() ->__test_page_isolated_in_pageblock() ->PageBuddy(page) // Check if the page is in buddy To resolve this issue, we have implemented a function named wait_for_freed_hugetlb_folios(). This function ensures that the hugetlb folios are properly released back to the buddy system after their migration is completed. By invoking wait_for_freed_hugetlb_folios() before calling PageBuddy(), we ensure that PageBuddy() will succeed. Link: https://lkml.kernel.org/r/1739936804-18199-1-git-send-email-yangge1116@126.… Fixes: c77c0a8ac4c5 ("mm/hugetlb: defer freeing of huge pages if in non-task context") Signed-off-by: Ge Yang <yangge1116(a)126.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 5 +++++ mm/hugetlb.c | 8 ++++++++ mm/page_isolation.c | 10 ++++++++++ 3 files changed, 23 insertions(+) --- a/include/linux/hugetlb.h~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/include/linux/hugetlb.h @@ -682,6 +682,7 @@ struct huge_bootmem_page { int isolate_or_dissolve_huge_page(struct page *page, struct list_head *list); int replace_free_hugepage_folios(unsigned long start_pfn, unsigned long end_pfn); +void wait_for_freed_hugetlb_folios(void); struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner); struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, @@ -1066,6 +1067,10 @@ static inline int replace_free_hugepage_ return 0; } +static inline void wait_for_freed_hugetlb_folios(void) +{ +} + static inline struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, unsigned long addr, bool cow_from_owner) --- a/mm/hugetlb.c~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/mm/hugetlb.c @@ -2943,6 +2943,14 @@ int replace_free_hugepage_folios(unsigne return ret; } +void wait_for_freed_hugetlb_folios(void) +{ + if (llist_empty(&hpage_freelist)) + return; + + flush_work(&free_hpage_work); +} + typedef enum { /* * For either 0/1: we checked the per-vma resv map, and one resv --- a/mm/page_isolation.c~mm-hugetlb-wait-for-hugetlb-folios-to-be-freed +++ a/mm/page_isolation.c @@ -608,6 +608,16 @@ int test_pages_isolated(unsigned long st int ret; /* + * Due to the deferred freeing of hugetlb folios, the hugepage folios may + * not immediately release to the buddy system. This can cause PageBuddy() + * to fail in __test_page_isolated_in_pageblock(). To ensure that the + * hugetlb folios are properly released back to the buddy system, we + * invoke the wait_for_freed_hugetlb_folios() function to wait for the + * release to complete. + */ + wait_for_freed_hugetlb_folios(); + + /* * Note: pageblock_nr_pages != MAX_PAGE_ORDER. Then, chunks of free * pages are not aligned to pageblock_nr_pages. * Then we just check migratetype first. _ Patches currently in -mm which might be from yangge1116(a)126.com are

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] hwpoison-memory_hotplug-lock-folio-before-unmap-hwpoisoned-folio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio has been removed from the -mm tree. Its filename was hwpoison-memory_hotplug-lock-folio-before-unmap-hwpoisoned-folio.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ma Wupeng <mawupeng1(a)huawei.com> Subject: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Date: Mon, 17 Feb 2025 09:43:29 +0800 Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]--- Link: https://lkml.kernel.org/r/20250217014329.3610326-4-mawupeng1@huawei.com Fixes: b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/mm/memory_hotplug.c~hwpoison-memory_hotplug-lock-folio-before-unmap-hwpoisoned-folio +++ a/mm/memory_hotplug.c @@ -1832,8 +1832,11 @@ static void do_migrate_range(unsigned lo (folio_test_large(folio) && folio_test_has_hwpoisoned(folio))) { if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); - if (folio_mapped(folio)) + if (folio_mapped(folio)) { + folio_lock(folio); unmap_poisoned_folio(folio, pfn, false); + folio_unlock(folio); + } goto put_folio; } _ Patches currently in -mm which might be from mawupeng1(a)huawei.com are

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-memory-hotplug-check-folio-ref-count-first-in-do_migrate_range.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: memory-hotplug: check folio ref count first in do_migrate_range has been removed from the -mm tree. Its filename was mm-memory-hotplug-check-folio-ref-count-first-in-do_migrate_range.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ma Wupeng <mawupeng1(a)huawei.com> Subject: mm: memory-hotplug: check folio ref count first in do_migrate_range Date: Mon, 17 Feb 2025 09:43:28 +0800 If a folio has an increased reference count, folio_try_get() will acquire it, perform necessary operations, and then release it. In the case of a poisoned folio without an elevated reference count (which is unlikely for memory-failure), folio_try_get() will simply bypass it. Therefore, relocate the folio_try_get() function, responsible for checking and acquiring this reference count at first. Link: https://lkml.kernel.org/r/20250217014329.3610326-3-mawupeng1@huawei.com Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) --- a/mm/memory_hotplug.c~mm-memory-hotplug-check-folio-ref-count-first-in-do_migrate_range +++ a/mm/memory_hotplug.c @@ -1822,12 +1822,12 @@ static void do_migrate_range(unsigned lo if (folio_test_large(folio)) pfn = folio_pfn(folio) + folio_nr_pages(folio) - 1; - /* - * HWPoison pages have elevated reference counts so the migration would - * fail on them. It also doesn't make any sense to migrate them in the - * first place. Still try to unmap such a page in case it is still mapped - * (keep the unmap as the catch all safety net). - */ + if (!folio_try_get(folio)) + continue; + + if (unlikely(page_folio(page) != folio)) + goto put_folio; + if (folio_test_hwpoison(folio) || (folio_test_large(folio) && folio_test_has_hwpoisoned(folio))) { if (WARN_ON(folio_test_lru(folio))) @@ -1835,14 +1835,8 @@ static void do_migrate_range(unsigned lo if (folio_mapped(folio)) unmap_poisoned_folio(folio, pfn, false); - continue; - } - - if (!folio_try_get(folio)) - continue; - - if (unlikely(page_folio(page) != folio)) goto put_folio; + } if (!isolate_folio_to_list(folio, &source)) { if (__ratelimit(&migrate_rs)) { _ Patches currently in -mm which might be from mawupeng1(a)huawei.com are

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: memory-failure: update ttu flag inside unmap_poisoned_folio has been removed from the -mm tree. Its filename was mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ma Wupeng <mawupeng1(a)huawei.com> Subject: mm: memory-failure: update ttu flag inside unmap_poisoned_folio Date: Mon, 17 Feb 2025 09:43:27 +0800 Patch series "mm: memory_failure: unmap poisoned folio during migrate properly", v3. Fix two bugs during folio migration if the folio is poisoned. This patch (of 3): Commit 6da6b1d4a7df ("mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON") introduce TTU_HWPOISON to replace TTU_IGNORE_HWPOISON in order to stop send SIGBUS signal when accessing an error page after a memory error on a clean folio. However during page migration, anon folio must be set with TTU_HWPOISON during unmap_*(). For pagecache we need some policy just like the one in hwpoison_user_mappings to set this flag. So move this policy from hwpoison_user_mappings to unmap_poisoned_folio to handle this warning properly. Warning will be produced during unamp poison folio with the following log: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 365 at mm/rmap.c:1847 try_to_unmap_one+0x8fc/0xd3c Modules linked in: CPU: 1 UID: 0 PID: 365 Comm: bash Tainted: G W 6.13.0-rc1-00018-gacdb4bbda7ab #42 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0x8fc/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0x8fc/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c ---[ end trace 0000000000000000 ]--- [mawupeng1(a)huawei.com: unmap_poisoned_folio(): remove shadowed local `mapping', per Miaohe] Link: https://lkml.kernel.org/r/20250219060653.3849083-1-mawupeng1@huawei.com Link: https://lkml.kernel.org/r/20250217014329.3610326-1-mawupeng1@huawei.com Link: https://lkml.kernel.org/r/20250217014329.3610326-2-mawupeng1@huawei.com Fixes: 6da6b1d4a7df ("mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Ma Wupeng <mawupeng1(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/internal.h | 5 ++- mm/memory-failure.c | 63 ++++++++++++++++++++---------------------- mm/memory_hotplug.c | 3 +- 3 files changed, 36 insertions(+), 35 deletions(-) --- a/mm/internal.h~mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio +++ a/mm/internal.h @@ -1115,7 +1115,7 @@ static inline int find_next_best_node(in * mm/memory-failure.c */ #ifdef CONFIG_MEMORY_FAILURE -void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu); +int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill); void shake_folio(struct folio *folio); extern int hwpoison_filter(struct page *p); @@ -1138,8 +1138,9 @@ unsigned long page_mapped_in_vma(const s struct vm_area_struct *vma); #else -static inline void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) +static inline int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill) { + return -EBUSY; } #endif --- a/mm/memory-failure.c~mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio +++ a/mm/memory-failure.c @@ -1556,11 +1556,35 @@ static int get_hwpoison_page(struct page return ret; } -void unmap_poisoned_folio(struct folio *folio, enum ttu_flags ttu) +int unmap_poisoned_folio(struct folio *folio, unsigned long pfn, bool must_kill) { - if (folio_test_hugetlb(folio) && !folio_test_anon(folio)) { - struct address_space *mapping; + enum ttu_flags ttu = TTU_IGNORE_MLOCK | TTU_SYNC | TTU_HWPOISON; + struct address_space *mapping; + + if (folio_test_swapcache(folio)) { + pr_err("%#lx: keeping poisoned page in swap cache\n", pfn); + ttu &= ~TTU_HWPOISON; + } + + /* + * Propagate the dirty bit from PTEs to struct page first, because we + * need this to decide if we should kill or just drop the page. + * XXX: the dirty test could be racy: set_page_dirty() may not always + * be called inside page lock (it's recommended but not enforced). + */ + mapping = folio_mapping(folio); + if (!must_kill && !folio_test_dirty(folio) && mapping && + mapping_can_writeback(mapping)) { + if (folio_mkclean(folio)) { + folio_set_dirty(folio); + } else { + ttu &= ~TTU_HWPOISON; + pr_info("%#lx: corrupted page was clean: dropped without side effects\n", + pfn); + } + } + if (folio_test_hugetlb(folio) && !folio_test_anon(folio)) { /* * For hugetlb folios in shared mappings, try_to_unmap * could potentially call huge_pmd_unshare. Because of @@ -1572,7 +1596,7 @@ void unmap_poisoned_folio(struct folio * if (!mapping) { pr_info("%#lx: could not lock mapping for mapped hugetlb folio\n", folio_pfn(folio)); - return; + return -EBUSY; } try_to_unmap(folio, ttu|TTU_RMAP_LOCKED); @@ -1580,6 +1604,8 @@ void unmap_poisoned_folio(struct folio * } else { try_to_unmap(folio, ttu); } + + return folio_mapped(folio) ? -EBUSY : 0; } /* @@ -1589,8 +1615,6 @@ void unmap_poisoned_folio(struct folio * static bool hwpoison_user_mappings(struct folio *folio, struct page *p, unsigned long pfn, int flags) { - enum ttu_flags ttu = TTU_IGNORE_MLOCK | TTU_SYNC | TTU_HWPOISON; - struct address_space *mapping; LIST_HEAD(tokill); bool unmap_success; int forcekill; @@ -1613,29 +1637,6 @@ static bool hwpoison_user_mappings(struc if (!folio_mapped(folio)) return true; - if (folio_test_swapcache(folio)) { - pr_err("%#lx: keeping poisoned page in swap cache\n", pfn); - ttu &= ~TTU_HWPOISON; - } - - /* - * Propagate the dirty bit from PTEs to struct page first, because we - * need this to decide if we should kill or just drop the page. - * XXX: the dirty test could be racy: set_page_dirty() may not always - * be called inside page lock (it's recommended but not enforced). - */ - mapping = folio_mapping(folio); - if (!(flags & MF_MUST_KILL) && !folio_test_dirty(folio) && mapping && - mapping_can_writeback(mapping)) { - if (folio_mkclean(folio)) { - folio_set_dirty(folio); - } else { - ttu &= ~TTU_HWPOISON; - pr_info("%#lx: corrupted page was clean: dropped without side effects\n", - pfn); - } - } - /* * First collect all the processes that have the page * mapped in dirty form. This has to be done before try_to_unmap, @@ -1643,9 +1644,7 @@ static bool hwpoison_user_mappings(struc */ collect_procs(folio, p, &tokill, flags & MF_ACTION_REQUIRED); - unmap_poisoned_folio(folio, ttu); - - unmap_success = !folio_mapped(folio); + unmap_success = !unmap_poisoned_folio(folio, pfn, flags & MF_MUST_KILL); if (!unmap_success) pr_err("%#lx: failed to unmap page (folio mapcount=%d)\n", pfn, folio_mapcount(folio)); --- a/mm/memory_hotplug.c~mm-memory-failure-update-ttu-flag-inside-unmap_poisoned_folio +++ a/mm/memory_hotplug.c @@ -1833,7 +1833,8 @@ static void do_migrate_range(unsigned lo if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); if (folio_mapped(folio)) - unmap_poisoned_folio(folio, TTU_IGNORE_MLOCK); + unmap_poisoned_folio(folio, pfn, false); + continue; } _ Patches currently in -mm which might be from mawupeng1(a)huawei.com are

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] arm-pgtable-fix-null-pointer-dereference-issue.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: arm: pgtable: fix NULL pointer dereference issue has been removed from the -mm tree. Its filename was arm-pgtable-fix-null-pointer-dereference-issue.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Qi Zheng <zhengqi.arch(a)bytedance.com> Subject: arm: pgtable: fix NULL pointer dereference issue Date: Mon, 17 Feb 2025 10:49:24 +0800 When update_mmu_cache_range() is called by update_mmu_cache(), the vmf parameter is NULL, which will cause a NULL pointer dereference issue in adjust_pte(): Unable to handle kernel NULL pointer dereference at virtual address 00000030 when read Hardware name: Atmel AT91SAM9 PC is at update_mmu_cache_range+0x1e0/0x278 LR is at pte_offset_map_rw_nolock+0x18/0x2c Call trace: update_mmu_cache_range from remove_migration_pte+0x29c/0x2ec remove_migration_pte from rmap_walk_file+0xcc/0x130 rmap_walk_file from remove_migration_ptes+0x90/0xa4 remove_migration_ptes from migrate_pages_batch+0x6d4/0x858 migrate_pages_batch from migrate_pages+0x188/0x488 migrate_pages from compact_zone+0x56c/0x954 compact_zone from compact_node+0x90/0xf0 compact_node from kcompactd+0x1d4/0x204 kcompactd from kthread+0x120/0x12c kthread from ret_from_fork+0x14/0x38 Exception stack(0xc0d8bfb0 to 0xc0d8bff8) To fix it, do not rely on whether 'ptl' is equal to decide whether to hold the pte lock, but decide it by whether CONFIG_SPLIT_PTE_PTLOCKS is enabled. In addition, if two vmas map to the same PTE page, there is no need to hold the pte lock again, otherwise a deadlock will occur. Just add the need_lock parameter to let adjust_pte() know this information. Link: https://lkml.kernel.org/r/20250217024924.57996-1-zhengqi.arch@bytedance.com Fixes: fc9c45b71f43 ("arm: adjust_pte() use pte_offset_map_rw_nolock()") Signed-off-by: Qi Zheng <zhengqi.arch(a)bytedance.com> Reported-by: Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> Closes: https://lore.kernel.org/lkml/CAM1KZSmZ2T_riHvay+7cKEFxoPgeVpHkVFTzVVEQ1BO0c… Acked-by: David Hildenbrand <david(a)redhat.com> Tested-by: Ezra Buehler <ezra.buehler(a)husqvarnagroup.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: Russel King <linux(a)armlinux.org.uk> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm/mm/fault-armv.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) --- a/arch/arm/mm/fault-armv.c~arm-pgtable-fix-null-pointer-dereference-issue +++ a/arch/arm/mm/fault-armv.c @@ -62,7 +62,7 @@ static int do_adjust_pte(struct vm_area_ } static int adjust_pte(struct vm_area_struct *vma, unsigned long address, - unsigned long pfn, struct vm_fault *vmf) + unsigned long pfn, bool need_lock) { spinlock_t *ptl; pgd_t *pgd; @@ -99,12 +99,11 @@ again: if (!pte) return 0; - /* - * If we are using split PTE locks, then we need to take the page - * lock here. Otherwise we are using shared mm->page_table_lock - * which is already locked, thus cannot take it. - */ - if (ptl != vmf->ptl) { + if (need_lock) { + /* + * Use nested version here to indicate that we are already + * holding one similar spinlock. + */ spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); if (unlikely(!pmd_same(pmdval, pmdp_get_lockless(pmd)))) { pte_unmap_unlock(pte, ptl); @@ -114,7 +113,7 @@ again: ret = do_adjust_pte(vma, address, pfn, pte); - if (ptl != vmf->ptl) + if (need_lock) spin_unlock(ptl); pte_unmap(pte); @@ -123,9 +122,10 @@ again: static void make_coherent(struct address_space *mapping, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep, unsigned long pfn, - struct vm_fault *vmf) + unsigned long addr, pte_t *ptep, unsigned long pfn) { + const unsigned long pmd_start_addr = ALIGN_DOWN(addr, PMD_SIZE); + const unsigned long pmd_end_addr = pmd_start_addr + PMD_SIZE; struct mm_struct *mm = vma->vm_mm; struct vm_area_struct *mpnt; unsigned long offset; @@ -142,6 +142,14 @@ make_coherent(struct address_space *mapp flush_dcache_mmap_lock(mapping); vma_interval_tree_foreach(mpnt, &mapping->i_mmap, pgoff, pgoff) { /* + * If we are using split PTE locks, then we need to take the pte + * lock. Otherwise we are using shared mm->page_table_lock which + * is already locked, thus cannot take it. + */ + bool need_lock = IS_ENABLED(CONFIG_SPLIT_PTE_PTLOCKS); + unsigned long mpnt_addr; + + /* * If this VMA is not in our MM, we can ignore it. * Note that we intentionally mask out the VMA * that we are fixing up. @@ -151,7 +159,12 @@ make_coherent(struct address_space *mapp if (!(mpnt->vm_flags & VM_MAYSHARE)) continue; offset = (pgoff - mpnt->vm_pgoff) << PAGE_SHIFT; - aliases += adjust_pte(mpnt, mpnt->vm_start + offset, pfn, vmf); + mpnt_addr = mpnt->vm_start + offset; + + /* Avoid deadlocks by not grabbing the same PTE lock again. */ + if (mpnt_addr >= pmd_start_addr && mpnt_addr < pmd_end_addr) + need_lock = false; + aliases += adjust_pte(mpnt, mpnt_addr, pfn, need_lock); } flush_dcache_mmap_unlock(mapping); if (aliases) @@ -194,7 +207,7 @@ void update_mmu_cache_range(struct vm_fa __flush_dcache_folio(mapping, folio); if (mapping) { if (cache_is_vivt()) - make_coherent(mapping, vma, addr, ptep, pfn, vmf); + make_coherent(mapping, vma, addr, ptep, pfn); else if (vma->vm_flags & VM_EXEC) __flush_icache_all(); } _ Patches currently in -mm which might be from zhengqi.arch(a)bytedance.com are mm-pgtable-make-generic-tlb_remove_table-use-struct-ptdesc.patch mm-pgtable-change-pt-parameter-of-tlb_remove_ptdesc-to-struct-ptdesc.patch mm-pgtable-convert-some-architectures-to-use-tlb_remove_ptdesc.patch mm-pgtable-convert-some-architectures-to-use-tlb_remove_ptdesc-v2.patch riscv-pgtable-unconditionally-use-tlb_remove_ptdesc.patch x86-pgtable-convert-to-use-tlb_remove_ptdesc.patch mm-pgtable-remove-tlb_remove_page_ptdesc.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] m68k-sun3-add-check-for-__pgd_alloc.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: m68k: sun3: add check for __pgd_alloc() has been removed from the -mm tree. Its filename was m68k-sun3-add-check-for-__pgd_alloc.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Haoxiang Li <haoxiang_li2024(a)163.com> Subject: m68k: sun3: add check for __pgd_alloc() Date: Tue, 18 Feb 2025 00:00:17 +0800 Add check for the return value of __pgd_alloc() in pgd_alloc() to prevent null pointer dereference. Link: https://lkml.kernel.org/r/20250217160017.2375536-1-haoxiang_li2024@163.com Fixes: a9b3c355c2e6 ("asm-generic: pgalloc: provide generic __pgd_{alloc,free}") Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> Reviewed-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Acked-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Kevin Brodsky <kevin.brodsky(a)arm.com> Cc: Qi Zheng <zhengqi.arch(a)bytedance.com> Cc: Sam Creasey <sammy(a)sammy.net> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/m68k/include/asm/sun3_pgalloc.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/arch/m68k/include/asm/sun3_pgalloc.h~m68k-sun3-add-check-for-__pgd_alloc +++ a/arch/m68k/include/asm/sun3_pgalloc.h @@ -44,8 +44,10 @@ static inline pgd_t * pgd_alloc(struct m pgd_t *new_pgd; new_pgd = __pgd_alloc(mm, 0); - memcpy(new_pgd, swapper_pg_dir, PAGE_SIZE); - memset(new_pgd, 0, (PAGE_OFFSET >> PGDIR_SHIFT)); + if (likely(new_pgd != NULL)) { + memcpy(new_pgd, swapper_pg_dir, PAGE_SIZE); + memset(new_pgd, 0, (PAGE_OFFSET >> PGDIR_SHIFT)); + } return new_pgd; } _ Patches currently in -mm which might be from haoxiang_li2024(a)163.com are

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-damon-damos_quota_goal-handle-minimum-quota-that-cannot-be-further-reduced.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced has been removed from the -mm tree. Its filename was selftests-damon-damos_quota_goal-handle-minimum-quota-that-cannot-be-further-reduced.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced Date: Mon, 17 Feb 2025 10:23:04 -0800 damos_quota_goal.py selftest see if DAMOS quota goals tuning feature increases or reduces the effective size quota for given score as expected. The tuning feature sets the minimum quota size as one byte, so if the effective size quota is already one, we cannot expect it further be reduced. However the test is not aware of the edge case, and fails since it shown no expected change of the effective quota. Handle the case by updating the failure logic for no change to see if it was the case, and simply skips to next test input. Link: https://lkml.kernel.org/r/20250217182304.45215-1-sj@kernel.org Fixes: f1c07c0a1662 ("selftests/damon: add a test for DAMOS quota goal") Signed-off-by: SeongJae Park <sj(a)kernel.org> Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202502171423.b28a918d-lkp@intel.com Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.10.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/damon/damos_quota_goal.py | 3 +++ 1 file changed, 3 insertions(+) --- a/tools/testing/selftests/damon/damos_quota_goal.py~selftests-damon-damos_quota_goal-handle-minimum-quota-that-cannot-be-further-reduced +++ a/tools/testing/selftests/damon/damos_quota_goal.py @@ -63,6 +63,9 @@ def main(): if last_effective_bytes != 0 else -1.0)) if last_effective_bytes == goal.effective_bytes: + # effective quota was already minimum that cannot be more reduced + if expect_increase is False and last_effective_bytes == 1: + continue print('efective bytes not changed: %d' % goal.effective_bytes) exit(1) _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-respect-core-layer-filters-allowance-decision-on-ops-layer.patch mm-damon-core-initialize-damos-walk_completed-in-damon_new_scheme.patch mm-madvise-split-out-mmap-locking-operations-for-madvise.patch mm-madvise-split-out-madvise-input-validity-check.patch mm-madvise-split-out-madvise-behavior-execution.patch mm-madvise-remove-redundant-mmap_lock-operations-from-process_madvise.patch mm-damon-avoid-applying-damos-action-to-same-entity-multiple-times.patch mm-damon-core-unset-damos-walk_completed-after-confimed-set.patch mm-damon-core-do-not-call-damos_walk_control-walk-if-walk-is-completed.patch mm-damon-core-do-damos-walking-in-entire-regions-granularity.patch mm-damon-introduce-damos-filter-type-hugepage_size-fix.patch docs-mm-damon-design-fix-typo-on-damos-filters-usage-doc-link.patch docs-mm-damon-design-document-hugepage_size-filter.patch docs-damon-move-damos-filter-type-names-and-meaning-to-design-doc.patch docs-mm-damon-design-clarify-handling-layer-based-filters-evaluation-sequence.patch docs-mm-damon-design-categorize-damos-filter-types-based-on-handling-layer.patch mm-damon-implement-a-new-damos-filter-type-for-unmapped-pages.patch docs-mm-damon-design-document-unmapped-damos-filter-type.patch mm-damon-add-data-structure-for-monitoring-intervals-auto-tuning.patch mm-damon-core-implement-intervals-auto-tuning.patch mm-damon-sysfs-implement-intervals-tuning-goal-directory.patch mm-damon-sysfs-commit-intervals-tuning-goal.patch mm-damon-sysfs-implement-a-command-to-update-auto-tuned-monitoring-intervals.patch docs-mm-damon-design-document-for-intervals-auto-tuning.patch docs-mm-damon-design-document-for-intervals-auto-tuning-fix.patch docs-abi-damon-document-intervals-auto-tuning-abi.patch docs-admin-guide-mm-damon-usage-add-intervals_goal-directory-on-the-hierarchy.patch mm-damon-core-introduce-damos-ops_filters.patch mm-damon-paddr-support-ops_filters.patch mm-damon-core-support-committing-ops_filters.patch mm-damon-core-put-ops-handled-filters-to-damos-ops_filters.patch mm-damon-paddr-support-only-damos-ops_filters.patch mm-damon-add-default-allow-reject-behavior-fields-to-struct-damos.patch mm-damon-core-set-damos_filter-default-allowance-behavior-based-on-installed-filters.patch mm-damon-paddr-respect-ops_filters_default_reject.patch docs-mm-damon-design-update-for-changed-filter-default-behavior.patch mm-damon-sysfs-schemes-let-damon_sysfs_scheme_set_filters-be-used-for-different-named-directories.patch mm-damon-sysfs-schemes-implement-core_filters-and-ops_filters-directories.patch mm-damon-sysfs-schemes-commit-filters-in-coreops_filters-directories.patch mm-damon-core-expose-damos_filter_for_ops-to-damon-kernel-api-callers.patch mm-damon-sysfs-schemes-record-filters-of-which-layer-should-be-added-to-the-given-filters-directory.patch mm-damon-sysfs-schemes-return-error-when-for-attempts-to-install-filters-on-wrong-sysfs-directory.patch docs-abi-damon-document-coreops_filters-directories.patch docs-admin-guide-mm-damon-usage-update-for-coreops_filters-directories.patch

3 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] revert-selftests-mm-remove-local-__nr_-definitions.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Revert "selftests/mm: remove local __NR_* definitions" has been removed from the -mm tree. Its filename was revert-selftests-mm-remove-local-__nr_-definitions.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: John Hubbard <jhubbard(a)nvidia.com> Subject: Revert "selftests/mm: remove local __NR_* definitions" Date: Thu, 13 Feb 2025 19:38:50 -0800 This reverts commit a5c6bc590094a1a73cf6fa3f505e1945d2bf2461. The general approach described in commit e076eaca5906 ("selftests: break the dependency upon local header files") was taken one step too far here: it should not have been extended to include the syscall numbers. This is because doing so would require per-arch support in tools/include/uapi, and no such support exists. This revert fixes two separate reports of test failures, from Dave Hansen[1], and Li Wang[2]. An excerpt of Dave's report: Before this commit (a5c6bc590094a1a73cf6fa3f505e1945d2bf2461) things are fine. But after, I get: running PKEY tests for unsupported CPU/OS An excerpt of Li's report: I just found that mlock2_() return a wrong value in mlock2-test [1] https://lore.kernel.org/dc585017-6740-4cab-a536-b12b37a7582d@intel.com [2] https://lore.kernel.org/CAEemH2eW=UMu9+turT2jRie7+6ewUazXmA6kL+VBo3cGDGU6RA… Link: https://lkml.kernel.org/r/20250214033850.235171-1-jhubbard@nvidia.com Fixes: a5c6bc590094 ("selftests/mm: remove local __NR_* definitions") Signed-off-by: John Hubbard <jhubbard(a)nvidia.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Li Wang <liwang(a)redhat.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jeff Xu <jeffxu(a)chromium.org> Cc: Andrei Vagin <avagin(a)google.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Kees Cook <kees(a)kernel.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Rich Felker <dalias(a)libc.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/hugepage-mremap.c | 2 - tools/testing/selftests/mm/ksm_functional_tests.c | 8 +++++- tools/testing/selftests/mm/memfd_secret.c | 14 ++++++++++- tools/testing/selftests/mm/mkdirty.c | 8 +++++- tools/testing/selftests/mm/mlock2.h | 1 tools/testing/selftests/mm/protection_keys.c | 2 - tools/testing/selftests/mm/uffd-common.c | 4 +++ tools/testing/selftests/mm/uffd-stress.c | 15 +++++++++++- tools/testing/selftests/mm/uffd-unit-tests.c | 14 ++++++++++- 9 files changed, 60 insertions(+), 8 deletions(-) --- a/tools/testing/selftests/mm/hugepage-mremap.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/hugepage-mremap.c @@ -15,7 +15,7 @@ #define _GNU_SOURCE #include <stdlib.h> #include <stdio.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <sys/mman.h> #include <errno.h> #include <fcntl.h> /* Definition of O_* constants */ --- a/tools/testing/selftests/mm/ksm_functional_tests.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/ksm_functional_tests.c @@ -11,7 +11,7 @@ #include <string.h> #include <stdbool.h> #include <stdint.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <errno.h> #include <fcntl.h> #include <sys/mman.h> @@ -369,6 +369,7 @@ unmap: munmap(map, size); } +#ifdef __NR_userfaultfd static void test_unmerge_uffd_wp(void) { struct uffdio_writeprotect uffd_writeprotect; @@ -429,6 +430,7 @@ close_uffd: unmap: munmap(map, size); } +#endif /* Verify that KSM can be enabled / queried with prctl. */ static void test_prctl(void) @@ -684,7 +686,9 @@ int main(int argc, char **argv) exit(test_child_ksm()); } +#ifdef __NR_userfaultfd tests++; +#endif ksft_print_header(); ksft_set_plan(tests); @@ -696,7 +700,9 @@ int main(int argc, char **argv) test_unmerge(); test_unmerge_zero_pages(); test_unmerge_discarded(); +#ifdef __NR_userfaultfd test_unmerge_uffd_wp(); +#endif test_prot_none(); --- a/tools/testing/selftests/mm/memfd_secret.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/memfd_secret.c @@ -17,7 +17,7 @@ #include <stdlib.h> #include <string.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <errno.h> #include <stdio.h> #include <fcntl.h> @@ -28,6 +28,8 @@ #define pass(fmt, ...) ksft_test_result_pass(fmt, ##__VA_ARGS__) #define skip(fmt, ...) ksft_test_result_skip(fmt, ##__VA_ARGS__) +#ifdef __NR_memfd_secret + #define PATTERN 0x55 static const int prot = PROT_READ | PROT_WRITE; @@ -332,3 +334,13 @@ int main(int argc, char *argv[]) ksft_finished(); } + +#else /* __NR_memfd_secret */ + +int main(int argc, char *argv[]) +{ + printf("skip: skipping memfd_secret test (missing __NR_memfd_secret)\n"); + return KSFT_SKIP; +} + +#endif /* __NR_memfd_secret */ --- a/tools/testing/selftests/mm/mkdirty.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/mkdirty.c @@ -9,7 +9,7 @@ */ #include <fcntl.h> #include <signal.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <string.h> #include <errno.h> #include <stdlib.h> @@ -265,6 +265,7 @@ munmap: munmap(mmap_mem, mmap_size); } +#ifdef __NR_userfaultfd static void test_uffdio_copy(void) { struct uffdio_register uffdio_register; @@ -322,6 +323,7 @@ munmap: munmap(dst, pagesize); free(src); } +#endif /* __NR_userfaultfd */ int main(void) { @@ -334,7 +336,9 @@ int main(void) thpsize / 1024); tests += 3; } +#ifdef __NR_userfaultfd tests += 1; +#endif /* __NR_userfaultfd */ ksft_print_header(); ksft_set_plan(tests); @@ -364,7 +368,9 @@ int main(void) if (thpsize) test_pte_mapped_thp(); /* Placing a fresh page via userfaultfd may set the PTE dirty. */ +#ifdef __NR_userfaultfd test_uffdio_copy(); +#endif /* __NR_userfaultfd */ err = ksft_get_fail_cnt(); if (err) --- a/tools/testing/selftests/mm/mlock2.h~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/mlock2.h @@ -3,7 +3,6 @@ #include <errno.h> #include <stdio.h> #include <stdlib.h> -#include <asm-generic/unistd.h> static int mlock2_(void *start, size_t len, int flags) { --- a/tools/testing/selftests/mm/protection_keys.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/protection_keys.c @@ -42,7 +42,7 @@ #include <sys/wait.h> #include <sys/stat.h> #include <fcntl.h> -#include <asm-generic/unistd.h> +#include <unistd.h> #include <sys/ptrace.h> #include <setjmp.h> --- a/tools/testing/selftests/mm/uffd-common.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/uffd-common.c @@ -673,7 +673,11 @@ int uffd_open_dev(unsigned int flags) int uffd_open_sys(unsigned int flags) { +#ifdef __NR_userfaultfd return syscall(__NR_userfaultfd, flags); +#else + return -1; +#endif } int uffd_open(unsigned int flags) --- a/tools/testing/selftests/mm/uffd-stress.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/uffd-stress.c @@ -33,10 +33,11 @@ * pthread_mutex_lock will also verify the atomicity of the memory * transfer (UFFDIO_COPY). */ -#include <asm-generic/unistd.h> + #include "uffd-common.h" uint64_t features; +#ifdef __NR_userfaultfd #define BOUNCE_RANDOM (1<<0) #define BOUNCE_RACINGFAULTS (1<<1) @@ -471,3 +472,15 @@ int main(int argc, char **argv) nr_pages, nr_pages_per_cpu); return userfaultfd_stress(); } + +#else /* __NR_userfaultfd */ + +#warning "missing __NR_userfaultfd definition" + +int main(void) +{ + printf("skip: Skipping userfaultfd test (missing __NR_userfaultfd)\n"); + return KSFT_SKIP; +} + +#endif /* __NR_userfaultfd */ --- a/tools/testing/selftests/mm/uffd-unit-tests.c~revert-selftests-mm-remove-local-__nr_-definitions +++ a/tools/testing/selftests/mm/uffd-unit-tests.c @@ -5,11 +5,12 @@ * Copyright (C) 2015-2023 Red Hat, Inc. */ -#include <asm-generic/unistd.h> #include "uffd-common.h" #include "../../../../mm/gup_test.h" +#ifdef __NR_userfaultfd + /* The unit test doesn't need a large or random size, make it 32MB for now */ #define UFFD_TEST_MEM_SIZE (32UL << 20) @@ -1558,3 +1559,14 @@ int main(int argc, char *argv[]) return ksft_get_fail_cnt() ? KSFT_FAIL : KSFT_PASS; } +#else /* __NR_userfaultfd */ + +#warning "missing __NR_userfaultfd definition" + +int main(void) +{ + printf("Skipping %s (missing __NR_userfaultfd)\n", __file__); + return KSFT_SKIP; +} + +#endif /* __NR_userfaultfd */ _ Patches currently in -mm which might be from jhubbard(a)nvidia.com are

3 months, 2 weeks

1
0
0 0

Linux 5.10.234

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.234 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/rockchip/px30.dtsi | 8 + arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3399.dtsi | 20 ++++ arch/m68k/fpsp040/skeleton.S | 3 arch/m68k/kernel/entry.S | 2 arch/m68k/kernel/traps.c | 2 arch/riscv/kernel/traps.c | 6 - arch/x86/include/asm/special_insns.h | 2 arch/x86/xen/xen-asm.S | 2 block/genhd.c | 13 +- drivers/acpi/resource.c | 18 +++ drivers/block/loop.c | 8 - drivers/block/virtio_blk.c | 2 drivers/block/xen-blkfront.c | 2 drivers/gpio/gpiolib-cdev.c | 2 drivers/gpu/drm/amd/display/dc/dc.h | 2 drivers/gpu/drm/amd/display/dc/dml/dml_inline_defs.h | 8 + drivers/gpu/drm/bridge/adv7511/adv7511.h | 1 drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 17 +-- drivers/gpu/drm/bridge/adv7511/adv7533.c | 38 ++----- drivers/gpu/drm/drm_mipi_dsi.c | 81 ++++++++++++++++ drivers/gpu/drm/radeon/radeon_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 12 ++ drivers/i2c/busses/i2c-rcar.c | 20 +++- drivers/i2c/muxes/i2c-demux-pinctrl.c | 4 drivers/iio/adc/at91_adc.c | 2 drivers/iio/adc/rockchip_saradc.c | 2 drivers/iio/adc/ti-ads124s08.c | 4 drivers/iio/adc/ti-ads8688.c | 2 drivers/iio/dummy/iio_simple_dummy_buffer.c | 2 drivers/iio/gyro/fxas21002c_core.c | 9 + drivers/iio/imu/inv_icm42600/inv_icm42600.h | 1 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 18 +++ drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c | 3 drivers/iio/imu/kmx61.c | 2 drivers/iio/inkern.c | 2 drivers/iio/light/vcnl4035.c | 2 drivers/iio/pressure/zpa2326.c | 2 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_srq.c | 6 - drivers/input/joystick/xpad.c | 2 drivers/input/keyboard/atkbd.c | 2 drivers/irqchip/irq-gic-v3.c | 2 drivers/irqchip/irq-sunxi-nmi.c | 3 drivers/md/dm-ebs-target.c | 2 drivers/md/dm-thin.c | 5 - drivers/md/persistent-data/dm-array.c | 19 ++- drivers/md/raid5.c | 14 +- drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 19 --- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 5 - drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 95 +++++++++++++++---- drivers/net/ethernet/netronome/nfp/bpf/offload.c | 3 drivers/net/ethernet/ti/cpsw_ale.c | 14 +- drivers/net/gtp.c | 42 +++++--- drivers/net/ieee802154/ca8210.c | 6 + drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 7 + drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 9 + drivers/nvme/host/core.c | 5 - drivers/nvme/target/io-cmd-bdev.c | 2 drivers/pci/controller/pci-host-common.c | 4 drivers/pci/probe.c | 20 ++-- drivers/phy/broadcom/phy-brcm-usb-init-synopsys.c | 53 ++++++++-- drivers/phy/broadcom/phy-brcm-usb-init.h | 1 drivers/phy/broadcom/phy-brcm-usb.c | 8 + drivers/scsi/scsi_transport_iscsi.c | 4 drivers/scsi/sd.c | 9 - drivers/scsi/sg.c | 2 drivers/staging/iio/frequency/ad9832.c | 2 drivers/staging/iio/frequency/ad9834.c | 2 drivers/usb/class/usblp.c | 7 - drivers/usb/core/hub.c | 6 - drivers/usb/core/port.c | 7 - drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 4 drivers/usb/gadget/function/f_fs.c | 2 drivers/usb/host/xhci-pci.c | 4 drivers/usb/serial/cp210x.c | 1 drivers/usb/serial/option.c | 4 drivers/usb/serial/quatech2.c | 2 drivers/usb/storage/unusual_devs.h | 7 + drivers/vfio/platform/vfio_platform_common.c | 10 ++ fs/afs/afs.h | 2 fs/afs/afs_vl.h | 1 fs/afs/vl_alias.c | 8 + fs/afs/vlclient.c | 2 fs/ceph/mds_client.c | 9 - fs/exfat/dir.c | 3 fs/file.c | 1 fs/gfs2/file.c | 1 fs/hfs/super.c | 4 fs/jbd2/commit.c | 4 fs/nfsd/filecache.c | 18 ++- fs/nfsd/filecache.h | 1 fs/ocfs2/quota_global.c | 2 fs/ocfs2/quota_local.c | 10 -- fs/proc/vmcore.c | 2 include/drm/drm_mipi_dsi.h | 4 include/linux/blk-cgroup.h | 6 + include/linux/genhd.h | 3 include/linux/hrtimer.h | 1 include/linux/mlx5/device.h | 2 include/linux/mlx5/fs.h | 2 include/linux/poll.h | 10 +- include/linux/seccomp.h | 2 include/linux/usb.h | 3 include/linux/usb/hcd.h | 2 include/net/inet_connection_sock.h | 2 include/net/net_namespace.h | 3 include/net/netfilter/nf_tables.h | 2 kernel/cpu.c | 2 kernel/gen_kheaders.sh | 1 kernel/time/hrtimer.c | 11 ++ mm/vmalloc.c | 3 net/802/psnap.c | 4 net/bluetooth/rfcomm/sock.c | 14 +- net/core/filter.c | 30 +++--- net/core/net_namespace.c | 83 ++++++++++------ net/dccp/ipv6.c | 2 net/ipv4/fou.c | 2 net/ipv4/ip_tunnel.c | 2 net/ipv6/route.c | 2 net/ipv6/tcp_ipv6.c | 4 net/mac802154/iface.c | 4 net/netfilter/nf_conntrack_core.c | 5 - net/netfilter/nf_tables_api.c | 38 ++++++- net/netfilter/nft_dynset.c | 7 + net/sched/cls_flow.c | 3 net/sched/sch_ets.c | 2 net/sctp/sysctl.c | 9 + net/tls/tls_sw.c | 2 net/vmw_vsock/af_vsock.c | 15 +++ net/vmw_vsock/virtio_transport_common.c | 36 +++++-- scripts/sorttable.h | 10 +- sound/soc/codecs/Kconfig | 1 sound/soc/mediatek/common/mtk-afe-platform-driver.c | 4 sound/soc/samsung/Kconfig | 6 - 137 files changed, 813 insertions(+), 354 deletions(-) Aharon Landau (1): net/mlx5: Add priorities for counters in RDMA namespaces Ahmad Fatoum (1): drm: bridge: adv7511: use dev_err_probe in probe function Akash M (1): usb: gadget: f_fs: Remove WARN_ON in functionfs_bind Al Cooper (1): phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers Al Viro (1): m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal Alex Williamson (1): vfio/platform: check the bounds of read/write syscalls Alvin Šipraga (1): drm: bridge: adv7511: unregister cec i2c device after cec adapter Andreas Gruenbacher (1): gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag André Draszik (1): usb: dwc3: gadget: fix writing NYET threshold Anjaneyulu (1): wifi: iwlwifi: add a few rate index validity checks Antonio Pastor (1): net: 802: LLC+SNAP OID:PID lookup on start of skb data Anumula Murali Mohan Reddy (1): cxgb4: Avoid removal of uninserted tid Arnd Bergmann (1): xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals Benjamin Coddington (1): tls: Fix tls_sw_sendmsg error handling Biju Das (1): drm: adv7511: Fix use-after-free in adv7533_attach_dsi() Carlos Song (1): iio: gyro: fxas21002c: Fix missing data update in trigger handler Charles Keepax (3): ASoC: wm8994: Add depends on MFD core ASoC: samsung: Add missing selects for MFD_WM8994 ASoC: samsung: Add missing depends on I2C Chen-Yu Tsai (1): ASoC: mediatek: disable buffer pre-allocation Chengchang Tang (1): RDMA/hns: Fix deadlock on SRQ async events. Christoph Hellwig (4): loop: let set_capacity_revalidate_and_notify update the bdev size nvme: let set_capacity_revalidate_and_notify update the bdev size sd: update the bdev size in sd_revalidate_disk block: remove the update_bdev parameter to set_capacity_revalidate_and_notify Chukun Pan (1): USB: serial: option: add MeiG Smart SRM815 Dan Carpenter (1): nfp: bpf: prevent integer overflow in nfp_bpf_event_output() David Howells (2): afs: Fix the maximum cell name length kheaders: Ignore silly-rename files Dennis Lam (1): ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv Eric Dumazet (4): net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute net: add exit_batch_rtnl() method gtp: use exit_batch_rtnl() method ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Eric W. Biederman (1): signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die Fabio Estevam (1): iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() Greg Kroah-Hartman (2): Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" Linux 5.10.234 Gui-Dong Han (1): md/raid5: fix atomicity violation in raid5_cache_count Hans de Goede (2): ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] Heiner Kallweit (1): net: ethernet: xgbe: re-add aneg to supported features in PHY quirks Ido Schimmel (1): ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() Jack Greiner (1): Input: xpad - add support for wooting two he (arm) Jamal Hadi Salim (1): net: sched: fix ets qdisc OOB Indexing Jason Xing (1): tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog Javier Carrasco (6): iio: pressure: zpa2326: fix information leak in triggered buffer iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer iio: light: vcnl4035: fix information leak in triggered buffer iio: imu: kmx61: fix information leak in triggered buffer iio: adc: ti-ads8688: fix information leak in triggered buffer iio: adc: rockchip_saradc: fix information leak in triggered buffer Jean-Baptiste Maneyrol (2): iio: imu: inv_icm42600: fix spi burst write not supported iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on Joe Hattori (2): iio: adc: at91: call input_free_device() on allocated iio_dev iio: inkern: call iio_device_put() only on mapped devices Johan Hovold (1): USB: serial: cp210x: add Phoenix Contact UPS Device Johan Jonker (1): arm64: dts: rockchip: add #power-domain-cells to power domain nodes Joseph Qi (1): ocfs2: correct return value of ocfs2_local_free_info() Juergen Gross (2): x86/asm: Make serialize() always_inline x86/xen: fix SLS mitigation in xen_hypercall_iret() Jun Yan (1): USB: usblp: return error when setting unsupported protocol Justin Chen (3): phy: usb: Toggle the PHY power during init phy: usb: Use slow clock for wake enabled suspend phy: usb: Fix clock imbalance for suspend/resume Kai-Heng Feng (1): USB: core: Disable LPM only for non-suspended ports Keisuke Nishimura (1): ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() Koichiro Den (1): hrtimers: Handle CPU state correctly on hotplug Krister Johansen (1): dm thin: make get_first_thin use rcu-safe list first function Kuan-Wei Chiu (1): scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity Kuniyuki Iwashima (2): gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). gtp: Destroy device along with udp socket's netns dismantle. Leo Stone (1): hfs: Sanity check the root record Lianqin Hu (1): usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Linus Walleij (1): seccomp: Stub for !CONFIG_SECCOMP Lizhi Xu (1): mac802154: check local interfaces before deleting sdata list Lubomir Rintel (1): usb-storage: Add max sectors quirk for Nokia 208 Luis Chamberlain (1): nvmet: propagate npwg topology Luiz Augusto von Dentz (1): Bluetooth: RFCOMM: Fix not validating setsockopt user input Ma Ke (1): usb: fix reference leak in usb_new_device() Maor Gottlieb (1): net/mlx5: Refactor mlx5_get_flow_namespace Mark Pearson (1): Input: atkbd - map F23 key to support default copilot shortcut Matthew Wilcox (Oracle) (1): vmalloc: fix accounting with i915 Matthieu Baerts (NGI0) (3): sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy sctp: sysctl: auth_enable: avoid using current->nsproxy sctp: sysctl: rto_min/max: avoid using current->nsproxy Max Kellermann (1): ceph: give up on paths longer than PATH_MAX Maxime Ripard (3): drm/mipi-dsi: Create devm device registration drm/mipi-dsi: Create devm device attachment drm/bridge: adv7533: Switch to devm MIPI-DSI helpers Maíra Canal (2): drm/v3d: Ensure job pointer is set to NULL after job completion drm/v3d: Assign job pointer to NULL before signaling the fence Melissa Wen (1): drm/amd/display: increase MAX_SURFACES to the value supported by hw Michal Hrusecky (1): USB: serial: option: add Neoway N723-EA support Michal Luczaj (1): bpf: Fix bpf_sk_select_reuseport() memory leak Mikulas Patocka (1): dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY Ming-Hung Tsai (3): dm array: fix releasing a faulty array block twice in dm_array_cursor_end dm array: fix unreleased btree blocks on closing a faulty array cursor dm array: fix cursor index when skipping across block boundaries Nam Cao (1): riscv: Fix sleeping in invalid context in die() Nilton Perim Neto (1): Input: xpad - add unofficial Xbox 360 wireless receiver clone Oleg Nesterov (1): poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() Pablo Neira Ayuso (3): netfilter: nft_dynset: honor stateful expressions in set definition netfilter: nf_tables: imbalance in flowtable binding netfilter: conntrack: clamp maximum hashtable size to INT_MAX Patrisious Haddad (1): net/mlx5: Fix RDMA TX steering prio Peter Geis (1): arm64: dts: rockchip: add hevc power domain clock to rk3328 Philippe Simons (1): irqchip/sunxi-nmi: Add missing SKIP_WAKE flag Pierre-Eric Pelloux-Prayer (1): drm/radeon: check bo_va->bo is non-NULL before using it Qasim Ijaz (1): USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() Rik van Riel (1): fs/proc: fix softlockup in __read_vmcore (part 2) Roman Li (1): drm/amd/display: Add check for granularity in dml ceil/floor helpers Ron Economos (1): Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals Stefano Garzarella (4): vsock/virtio: cancel close work in the destructor vsock: reset socket state when de-assigning the transport vsock/virtio: discard packets if the transport changes vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Sudheer Kumar Doredla (1): net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() Suraj Sonawane (1): scsi: sg: Fix slab-use-after-free read in sg_release() Tejun Heo (1): blk-cgroup: Fix UAF in blkcg_unpin_online() Terry Tritton (1): Revert "PCI: Use preserve_config in place of pci_flags" Wang Liang (1): net: fix data-races around sk->sk_forward_alloc Willem de Bruijn (1): fou: remove warn in gue_gro_receive on unsupported protocol Wolfram Sang (2): i2c: mux: demux-pinctrl: check initial mux selection, too i2c: rcar: fix NACK handling when being a target Xiang Zhang (1): scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request Xu Wang (1): drm: bridge: adv7511: Remove redundant null check before clk_disable_unprepare Yajun Deng (1): net: net_namespace: Optimize the code Yogesh Lal (1): irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly Youzhong Yang (1): nfsd: add list_head nf_gc to struct nfsd_file Yuezhang Mo (1): exfat: fix the infinite loop in exfat_readdir() Zhang Kunbo (1): fs: fix missing declaration of init_files Zhang Yi (1): jbd2: flush filesystem device before updating tail sequence Zhongqiu Duan (1): tcp/dccp: allow a connection when sk_max_ack_backlog is zero Zhongqiu Han (1): gpiolib: cdev: Fix use after free in lineinfo_changed_notify Zicheng Qu (2): staging: iio: ad9834: Correct phase range check staging: iio: ad9832: Correct phase range check

3 months, 2 weeks

3
3
0 0

[PATCH net v1] netmem: prevent TX of unreadable skbs

by Mina Almasry

Currently on stable trees we have support for netmem/devmem RX but not TX. It is not safe to forward/redirect an RX unreadable netmem packet into the device's TX path, as the device may call dma-mapping APIs on dma addrs that should not be passed to it. Fix this by preventing the xmit of unreadable skbs. Tested by configuring tc redirect: sudo tc qdisc add dev eth1 ingress sudo tc filter add dev eth1 ingress protocol ip prio 1 flower ip_proto \ tcp src_ip 192.168.1.12 action mirred egress redirect dev eth1 Before, I see unreadable skbs in the driver's TX path passed to dma mapping APIs. After, I don't see unreadable skbs in the driver's TX path passed to dma mapping APIs. Fixes: 65249feb6b3d ("net: add support for skbs with unreadable frags") Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Mina Almasry <almasrymina(a)google.com> --- net/core/dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index 30da277c5a6f..63b31afacf84 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3914,6 +3914,9 @@ static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device skb = validate_xmit_xfrm(skb, features, again); + if (!skb_frags_readable(skb)) + goto out_kfree_skb; + return skb; out_kfree_skb: base-commit: 3c6a041b317a9bb0c707343c0b99d2a29d523390 -- 2.48.1.711.g2feabab25a-goog

3 months, 2 weeks

2
1
0 0

[PATCH] rust: init: fix `Zeroable` implementation for `Option<NonNull<T>>` and `Option<KBox<T>>`

by Benno Lossin

According to [1], `NonNull<T>` and `#[repr(transparent)]` wrapper types such as our custom `KBox<T>` have the null pointer optimization only if `T: Sized`. Thus remove the `Zeroable` implementation for the unsized case. Link: https://doc.rust-lang.org/stable/std/option/index.html#representation [1] Cc: stable(a)vger.kernel.org # v6.12+ (a custom patch will be needed for 6.6.y) Fixes: 38cde0bd7b67 ("rust: init: add `Zeroable` trait and `init::zeroed` function") Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> --- rust/kernel/init.rs | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 7fd1ea8265a5..8bbd5e3398fc 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -1418,17 +1418,14 @@ macro_rules! impl_zeroable { // SAFETY: `T: Zeroable` and `UnsafeCell` is `repr(transparent)`. {<T: ?Sized + Zeroable>} UnsafeCell<T>, - // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee). + // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee: + // https://doc.rust-lang.org/stable/std/option/index.html#representation). Option<NonZeroU8>, Option<NonZeroU16>, Option<NonZeroU32>, Option<NonZeroU64>, Option<NonZeroU128>, Option<NonZeroUsize>, Option<NonZeroI8>, Option<NonZeroI16>, Option<NonZeroI32>, Option<NonZeroI64>, Option<NonZeroI128>, Option<NonZeroIsize>, - - // SAFETY: All zeros is equivalent to `None` (option layout optimization guarantee). - // - // In this case we are allowed to use `T: ?Sized`, since all zeros is the `None` variant. - {<T: ?Sized>} Option<NonNull<T>>, - {<T: ?Sized>} Option<KBox<T>>, + {<T>} Option<NonNull<T>>, + {<T>} Option<KBox<T>>, // SAFETY: `null` pointer is valid. // base-commit: 7eb172143d5508b4da468ed59ee857c6e5e01da6 -- 2.48.1

3 months, 2 weeks

4
4
0 0

[PATCH] rust: remove leftover mentions of the `alloc` crate

by Miguel Ojeda

In commit 392e34b6bc22 ("kbuild: rust: remove the `alloc` crate and `GlobalAlloc`") we stopped using the upstream `alloc` crate. Thus remove a few leftover mentions treewide. Cc: stable(a)vger.kernel.org # Also to 6.12.y after the `alloc` backport lands Fixes: 392e34b6bc22 ("kbuild: rust: remove the `alloc` crate and `GlobalAlloc`") Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- Documentation/rust/quick-start.rst | 2 +- rust/kernel/lib.rs | 2 +- scripts/rustdoc_test_gen.rs | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Documentation/rust/quick-start.rst b/Documentation/rust/quick-start.rst index 4aa50e5fcb8c..6d2607870ba4 100644 --- a/Documentation/rust/quick-start.rst +++ b/Documentation/rust/quick-start.rst @@ -145,7 +145,7 @@ Rust standard library source **************************** The Rust standard library source is required because the build system will -cross-compile ``core`` and ``alloc``. +cross-compile ``core``. If ``rustup`` is being used, run:: diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs index 398242f92a96..7697c60b2d1a 100644 --- a/rust/kernel/lib.rs +++ b/rust/kernel/lib.rs @@ -6,7 +6,7 @@ //! usage by Rust code in the kernel and is shared by all of them. //! //! In other words, all the rest of the Rust code in the kernel (e.g. kernel -//! modules written in Rust) depends on [`core`], [`alloc`] and this crate. +//! modules written in Rust) depends on [`core`] and this crate. //! //! If you need a kernel C API that is not ported or wrapped yet here, then //! do so first instead of bypassing this crate. diff --git a/scripts/rustdoc_test_gen.rs b/scripts/rustdoc_test_gen.rs index 5ebd42ae4a3f..76aaa8329413 100644 --- a/scripts/rustdoc_test_gen.rs +++ b/scripts/rustdoc_test_gen.rs @@ -15,8 +15,8 @@ //! - Test code should be able to define functions and call them, without having to carry //! the context. //! -//! - Later on, we may want to be able to test non-kernel code (e.g. `core`, `alloc` or -//! third-party crates) which likely use the standard library `assert*!` macros. +//! - Later on, we may want to be able to test non-kernel code (e.g. `core` or third-party +//! crates) which likely use the standard library `assert*!` macros. //! //! For this reason, instead of the passed context, `kunit_get_current_test()` is used instead //! (i.e. `current->kunit_test`). base-commit: 7eb172143d5508b4da468ed59ee857c6e5e01da6 -- 2.48.1

3 months, 2 weeks

4
3
0 0

+ mm-migrate-fix-shmem-xarray-update-during-migration.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/migrate: fix shmem xarray update during migration has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-migrate-fix-shmem-xarray-update-during-migration.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Zi Yan <ziy(a)nvidia.com> Subject: mm/migrate: fix shmem xarray update during migration Date: Wed, 5 Mar 2025 15:04:03 -0500 A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, folio->mapping should be NULL, and the folio is no longer in a shmem mapping. In __folio_migrate_mapping(), to determine the number of xarray entries to update, folio_test_swapbacked() is used, but that conflates shmem in page cache case and shmem in swap cache case. It leads to xarray multi-index entry corruption, since it turns a sibling entry to a normal entry during xas_store() (see [1] for a userspace reproduction). Fix it by only using folio_test_swapcache() to determine whether xarray is storing swap cache entries or not to choose the right number of xarray entries to update. [1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/ Note: In __split_huge_page(), folio_test_anon() && folio_test_swapcache() is used to get swap_cache address space, but that ignores the shmem folio in swap cache case. It could lead to NULL pointer dereferencing when a in-swap-cache shmem folio is split at __xa_store(), since !folio_test_anon() is true and folio->mapping is NULL. But fortunately, its caller split_huge_page_to_list_to_order() bails out early with EBUSY when folio->mapping is NULL. So no need to take care of it here. Link: https://lkml.kernel.org/r/20250305200403.2822855-1-ziy@nvidia.com Fixes: fc346d0a70a1 ("mm: migrate high-order folios in swap cache correctly") Reported-by: Liu Shixin <liushixin2(a)huawei.com> Closes: https://lore.kernel.org/all/28546fb4-5210-bf75-16d6-43e1f8646080@huawei.com/ Suggested-by: Hugh Dickins <hughd(a)google.com> Signed-off-by: Zi Yan <ziy(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Charan Teja Kalla <quic_charante(a)quicinc.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Lance Yang <ioworker0(a)gmail.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) --- a/mm/migrate.c~mm-migrate-fix-shmem-xarray-update-during-migration +++ a/mm/migrate.c @@ -518,15 +518,13 @@ static int __folio_migrate_mapping(struc if (folio_test_anon(folio) && folio_test_large(folio)) mod_mthp_stat(folio_order(folio), MTHP_STAT_NR_ANON, 1); folio_ref_add(newfolio, nr); /* add cache reference */ - if (folio_test_swapbacked(folio)) { + if (folio_test_swapbacked(folio)) __folio_set_swapbacked(newfolio); - if (folio_test_swapcache(folio)) { - folio_set_swapcache(newfolio); - newfolio->private = folio_get_private(folio); - } + if (folio_test_swapcache(folio)) { + folio_set_swapcache(newfolio); + newfolio->private = folio_get_private(folio); entries = nr; } else { - VM_BUG_ON_FOLIO(folio_test_swapcache(folio), folio); entries = 1; } _ Patches currently in -mm which might be from ziy(a)nvidia.com are mm-migrate-fix-shmem-xarray-update-during-migration.patch selftests-mm-make-file-backed-thp-split-work-by-writing-pmd-size-data.patch mm-huge_memory-allow-split-shmem-large-folio-to-any-lower-order.patch selftests-mm-test-splitting-file-backed-thp-to-any-lower-order.patch

3 months, 2 weeks

1
0
0 0

[PATCH 1/2] spi: cadence-qspi: Fix probe on AM62A LP SK

by Miquel Raynal

In 2020, there's been an unnoticed change which rightfully attempted to report probe deferrals upon DMA absence by checking the return value of dma_request_chan_by_mask(). By doing so, it also reported errors which were simply ignored otherwise, likely on purpose. This change actually turned a void return into an error code. Hence, not only the -EPROBE_DEFER error codes but all error codes got reported to the callers, now failing to probe in the absence of Rx DMA channel, despite the fact that DMA seems to not be supported natively by many implementations. Looking at the history, this change probably led to: ad2775dc3fc5 ("spi: cadence-quadspi: Disable the DAC for Intel LGM SoC") f724c296f2f2 ("spi: cadence-quadspi: fix Direct Access Mode disable for SoCFPGA") In my case, the AM62A LP SK core octo-SPI node from TI does not advertise any DMA channel, hinting that there is likely no support for it, but yet when the support for the am654 compatible was added, DMA seemed to be used, so just discarding its use with the CQSPI_DISABLE_DAC_MODE quirk for this compatible does not seem the correct approach. Let's get change the return condition back to: - return a probe deferral error if we get one - ignore the return value otherwise The "error" log level was however likely too high for something that is expected to fail, so let's lower it arbitrarily to the info level. Fixes: 935da5e5100f ("mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/spi/spi-cadence-quadspi.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index 0cd37a7436d5..c90462783b3f 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -1658,6 +1658,12 @@ static int cqspi_request_mmap_dma(struct cqspi_st *cqspi) int ret = PTR_ERR(cqspi->rx_chan); cqspi->rx_chan = NULL; + if (ret == -ENODEV) { + /* DMA support is not mandatory */ + dev_info(&cqspi->pdev->dev, "No Rx DMA available\n"); + return 0; + } + return dev_err_probe(&cqspi->pdev->dev, ret, "No Rx DMA available\n"); } init_completion(&cqspi->rx_dma_complete); -- 2.48.1

3 months, 2 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) ‘initrd_start_early’ undeclared (first use in this function); did ...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- ‘initrd_start_early’ undeclared (first use in this function); did you mean ‘initrd_start’? in arch/x86/kernel/cpu/microcode/core.o (arch/x86/kernel/cpu/microcode/core.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:b19e4ff21824fec766ed87bd97bf9372369920… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 9f243f9dd2684b4b27f8be0cbed639052bc9b22e Log excerpt: ===================================================== arch/x86/kernel/cpu/microcode/core.c:198:25: error: ‘initrd_start_early’ undeclared (first use in this function); did you mean ‘initrd_start’? 198 | start = initrd_start_early; | ^~~~~~~~~~~~~~~~~~ | initrd_start arch/x86/kernel/cpu/microcode/core.c:198:25: note: each undeclared identifier is reported only once for each function it appears in ===================================================== # Builds where the incident occurred: ## i386_defconfig+kselftest on (i386): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67c89ed518018371956c816d #kernelci issue maestro:b19e4ff21824fec766ed87bd97bf937236992087 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 2 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.6.y: (build) variable 'equiv_id' is used uninitialized whenever 'if' condition ...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.6.y: --- variable 'equiv_id' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] in arch/x86/kernel/cpu/microcode/amd.o (arch/x86/kernel/cpu/microcode/amd.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:b7c225f752a4128f41d922c0181dcbac4f66eb… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 9f243f9dd2684b4b27f8be0cbed639052bc9b22e Log excerpt: ===================================================== arch/x86/kernel/cpu/microcode/amd.c:820:6: error: variable 'equiv_id' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] 820 | if (x86_family(bsp_cpuid_1_eax) < 0x17) { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kernel/cpu/microcode/amd.c:826:31: note: uninitialized use occurs here 826 | return cache_find_patch(uci, equiv_id); | ^~~~~~~~ arch/x86/kernel/cpu/microcode/amd.c:820:2: note: remove the 'if' if its condition is always true 820 | if (x86_family(bsp_cpuid_1_eax) < 0x17) { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kernel/cpu/microcode/amd.c:816:14: note: initialize the variable 'equiv_id' to silence this warning 816 | u16 equiv_id; | ^ | = 0 1 error generated. ===================================================== # Builds where the incident occurred: ## x86_64_defconfig on (x86_64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:67c89e7f18018371956c7fda ## x86_64_defconfig+allmodconfig on (x86_64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:67c89e8318018371956c7fe7 #kernelci issue maestro:b7c225f752a4128f41d922c0181dcbac4f66eb98 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 2 weeks

1
0
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) ‘sz’ undeclared (first use in this function); did you mean ‘s8’? i...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- ‘sz’ undeclared (first use in this function); did you mean ‘s8’? in arch/arm64/mm/hugetlbpage.o (arch/arm64/mm/hugetlbpage.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:6e4ee7f7604c92f861d1cb98d9b4e90c99eb55… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 43639cc57b2273fce42874dd7f6e0b872f4984c5 Log excerpt: ===================================================== arch/arm64/mm/hugetlbpage.c:386:35: error: ‘sz’ undeclared (first use in this function); did you mean ‘s8’? 386 | ncontig = num_contig_ptes(sz, &pgsize); | ^~ | s8 arch/arm64/mm/hugetlbpage.c:386:35: note: each undeclared identifier is reported only once for each function it appears in ===================================================== # Builds where the incident occurred: ## defconfig+arm64-chromebook+kcidebug+lab-setup on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:67c89f6118018371956c856c #kernelci issue maestro:6e4ee7f7604c92f861d1cb98d9b4e90c99eb5508 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 2 weeks

1
0
0 0

[PATCH v2 2/2] clk: samsung: update PLL locktime for PLL142XX used on FSD platform

by Varada Pavani

Currently PLL142XX locktime is 270. As per spec, it should be 150. Hence update PLL142XX controller locktime to 150. Cc: stable(a)vger.kernel.org Signed-off-by: Varada Pavani <v.pavani(a)samsung.com> --- drivers/clk/samsung/clk-pll.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/clk/samsung/clk-pll.c b/drivers/clk/samsung/clk-pll.c index 2e94bba6c396..023a25af73c4 100644 --- a/drivers/clk/samsung/clk-pll.c +++ b/drivers/clk/samsung/clk-pll.c @@ -206,6 +206,7 @@ static const struct clk_ops samsung_pll3000_clk_ops = { */ /* Maximum lock time can be 270 * PDIV cycles */ #define PLL35XX_LOCK_FACTOR (270) +#define PLL142XX_LOCK_FACTOR (150) #define PLL35XX_MDIV_MASK (0x3FF) #define PLL35XX_PDIV_MASK (0x3F) @@ -272,7 +273,11 @@ static int samsung_pll35xx_set_rate(struct clk_hw *hw, unsigned long drate, } /* Set PLL lock time. */ - writel_relaxed(rate->pdiv * PLL35XX_LOCK_FACTOR, + if (pll->type == pll_142xx) + writel_relaxed(rate->pdiv * PLL142XX_LOCK_FACTOR, + pll->lock_reg); + else + writel_relaxed(rate->pdiv * PLL35XX_LOCK_FACTOR, pll->lock_reg); /* Change PLL PMS values */ -- 2.17.1

3 months, 2 weeks

3
4
0 0

[PATCH] clk: samsung: gs101: fix synchronous external abort in samsung_clk_save()

by Peter Griffin

EARLY_WAKEUP_SW_TRIG_*_SET and EARLY_WAKEUP_SW_TRIG_*_CLEAR registers are only writeable. Attempting to read these registers during samsung_clk_save() causes a synchronous external abort. Remove these 8 registers from cmu_top_clk_regs[] array so that system suspend gets further. Note: the code path can be exercised using the following command: echo mem > /sys/power/state Fixes: 2c597bb7d66a ("clk: samsung: clk-gs101: Add cmu_top, cmu_misc and cmu_apm support") Signed-off-by: Peter Griffin <peter.griffin(a)linaro.org> Cc: stable(a)vger.kernel.org --- Note: to hit this clock driver issue you also need the CPU hotplug series otherwise system fails earlier offlining CPUs Link: https://lore.kernel.org/linux-arm-kernel/20241213-contrib-pg-cpu-hotplug-su… --- drivers/clk/samsung/clk-gs101.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/drivers/clk/samsung/clk-gs101.c b/drivers/clk/samsung/clk-gs101.c index 86b39edba122..08b867ae3ed9 100644 --- a/drivers/clk/samsung/clk-gs101.c +++ b/drivers/clk/samsung/clk-gs101.c @@ -382,17 +382,9 @@ static const unsigned long cmu_top_clk_regs[] __initconst = { EARLY_WAKEUP_DPU_DEST, EARLY_WAKEUP_CSIS_DEST, EARLY_WAKEUP_SW_TRIG_APM, - EARLY_WAKEUP_SW_TRIG_APM_SET, - EARLY_WAKEUP_SW_TRIG_APM_CLEAR, EARLY_WAKEUP_SW_TRIG_CLUSTER0, - EARLY_WAKEUP_SW_TRIG_CLUSTER0_SET, - EARLY_WAKEUP_SW_TRIG_CLUSTER0_CLEAR, EARLY_WAKEUP_SW_TRIG_DPU, - EARLY_WAKEUP_SW_TRIG_DPU_SET, - EARLY_WAKEUP_SW_TRIG_DPU_CLEAR, EARLY_WAKEUP_SW_TRIG_CSIS, - EARLY_WAKEUP_SW_TRIG_CSIS_SET, - EARLY_WAKEUP_SW_TRIG_CSIS_CLEAR, CLK_CON_MUX_MUX_CLKCMU_BO_BUS, CLK_CON_MUX_MUX_CLKCMU_BUS0_BUS, CLK_CON_MUX_MUX_CLKCMU_BUS1_BUS, --- base-commit: 480112512bd6e770fa1902d01173731d02377705 change-id: 20250303-clk-suspend-fix-81c5d63827e3 Best regards, -- Peter Griffin <peter.griffin(a)linaro.org>

3 months, 2 weeks

2
1
0 0

[PATCH 0/5] drm/xe: enable driver usage on non-4KiB kernels

by Mingcong Bai via B4 Relay

This patch series attempts to enable the use of xe DRM driver on non-4KiB kernel page platforms. This involves fixing the ttm/bo interface, as well as parts of the userspace API to make use of kernel `PAGE_SIZE' for alignment instead of the assumed `SZ_4K', it also fixes incorrect usage of `PAGE_SIZE' in the GuC and ring buffer interface code to make sure all instructions/commands were aligned to 4KiB barriers (per the Programmer's Manual for the GPUs covered by this DRM driver). This issue was first discovered and reported by members of the LoongArch user communities, whose hardware commonly ran on 16KiB-page kernels. The patch series began on an unassuming branch of a downstream kernel tree maintained by Shang Yatsen.[^1] It worked well but remained sparsely documented, a lot of the work done here relied on Shang Yatsen's original patch. AOSC OS then picked it up[^2] to provide Intel Xe/Arc support for users of its LoongArch port, for which I worked extensively on. After months of positive user feedback and from encouragement from Kexy Biscuit, my colleague at the community, I decided to examine its potential for upstreaming, cross-reference kernel and Intel documentation to better document and revise this patch. Now that this series has been tested good (for boot up, OpenGL, and playback of a standardised set of video samples[^3]... with the exception of the Intel Arc B580, which seems to segfault at intel-media-driver - iHD_drv_video.so, but strangely, hardware accelerated video playback works well with Firefox?) on the following platforms (motherboard + GPU model): - x86-64, 4KiB kernel page: - MS-7D42 + Intel Arc A580 - LoongArch, 16KiB kernel page: - XA61200 + GUNNIR DG1 Blue Halberd (Intel DG1) - XA61200 + ASRock Arc A380 Challenger ITX OC (Intel Arc 380) - XA61200 + Intel Arc 580 - XA61200 + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) - ASUS XC-LS3A6M + GUNNIR Intel Arc B580 INDEX 12G (Intel Arc B580) On these platforms, basic functionalities tested good but the driver was unstable with occasional resets (I do suspect however, that this platform suffers from PCIe coherence issues, as instability only occurs under heavy VRAM I/O load): - AArch64, 4KiB/64KiB kernel pages: - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) I think that this patch series is now ready for your comment and review. Please forgive me if I made any simple mistake or used wrong terminologies, but I have never worked on a patch for the DRM subsystem and my experience is still quite thin. But anyway, just letting you all know that Intel Xe/Arc works on non-4KiB kernel page platforms (and honestly, it's great to use, especially for games and media playback)! [^1]: https://github.com/FanFansfan/loongson-linux/tree/loongarch-xe [^2]: We maintained Shang Yatsen's patch until our v6.13.3 tree, until we decided to test and send this series upstream, https://github.com/AOSC-Tracking/linux/tree/aosc/v6.13.3 [^3]: Delicious hot pot! https://repo.aosc.io/ahvl/sample-videos-20250223.tar.zst Suggested-by: Kexy Biscuit <kexybiscuit(a)aosc.io> Co-developed-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- Mingcong Bai (5): drm/xe/bo: fix alignment with non-4K kernel page sizes drm/xe/guc: use SZ_4K for alignment drm/xe/regs: fix RING_CTL_SIZE(size) calculation drm/xe: use 4K alignment for cursor jumps drm/xe/query: use PAGE_SIZE as the minimum page alignment drivers/gpu/drm/xe/regs/xe_engine_regs.h | 3 +-- drivers/gpu/drm/xe/xe_bo.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc.c | 4 ++-- drivers/gpu/drm/xe/xe_guc_ads.c | 32 ++++++++++++++++---------------- drivers/gpu/drm/xe/xe_guc_capture.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc_ct.c | 2 +- drivers/gpu/drm/xe/xe_guc_log.c | 4 ++-- drivers/gpu/drm/xe/xe_guc_pc.c | 4 ++-- drivers/gpu/drm/xe/xe_migrate.c | 4 ++-- drivers/gpu/drm/xe/xe_query.c | 2 +- include/uapi/drm/xe_drm.h | 2 +- 11 files changed, 36 insertions(+), 37 deletions(-) --- base-commit: d082ecbc71e9e0bf49883ee4afd435a77a5101b6 change-id: 20250226-xe-non-4k-fix-6b2eded0a564 Best regards, -- Mingcong Bai <jeffbai(a)aosc.io>

3 months, 2 weeks

7
25
0 0

[PATCH] drm/tegra: Handle EDID allocation failures in tegra_output_connector_get_modes()

by Wentao Liang

The return values of `drm_edid_dup()` and `drm_edid_read_ddc()` must be checked in `tegra_output_connector_get_modes()` to prevent NULL pointer dereferences. If either function fails, the function should immediately return 0, indicating that no display modes can be retrieved. A proper implementation can be found in `vidi_get_modes()`, where the return values are carefully validated, and the function returns 0 upon failure. Fixes: 98365ca74cbf ("drm/tegra: convert to struct drm_edid") Cc: stable(a)vger.kernel.org # 6.12+ Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/gpu/drm/tegra/output.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/tegra/output.c b/drivers/gpu/drm/tegra/output.c index 49e4f63a5550..360c4f83a4f8 100644 --- a/drivers/gpu/drm/tegra/output.c +++ b/drivers/gpu/drm/tegra/output.c @@ -39,6 +39,9 @@ int tegra_output_connector_get_modes(struct drm_connector *connector) else if (output->ddc) drm_edid = drm_edid_read_ddc(connector, output->ddc); + if (!drm_edid) + return 0; + drm_edid_connector_update(connector, drm_edid); cec_notifier_set_phys_addr(output->cec, connector->display_info.source_physical_address); -- 2.42.0.windows.2

3 months, 2 weeks

2
1
0 0

[REGRESSION] stable-rc/linux-6.13.y: (build) use of undeclared identifier 'sz' in arch/arm64/mm/hugetlbpage.o (...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.13.y: --- use of undeclared identifier 'sz' in arch/arm64/mm/hugetlbpage.o (arch/arm64/mm/hugetlbpage.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/issue/maestro:729533e78f26d9eebe477a0e479e082cba03ba… - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 1ff63493daf5412bf3df24d33c1687bd29c2a983 Log excerpt: ===================================================== arch/arm64/mm/hugetlbpage.c:397:28: error: use of undeclared identifier 'sz' 397 | ncontig = num_contig_ptes(sz, &pgsize); | ^ 1 error generated. ===================================================== # Builds where the incident occurred: ## defconfig+arm64-chromebook+kselftest on (arm64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:67c8713c18018371956b7bef #kernelci issue maestro:729533e78f26d9eebe477a0e479e082cba03bafe Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 166ce267ae3f96e439d8ccc838e8ec4d8b4dab73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022456-vintage-hunter-6136@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 166ce267ae3f96e439d8ccc838e8ec4d8b4dab73 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Fri, 14 Feb 2025 16:19:52 +0200 Subject: [PATCH] drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL Fix the port width programming in the DDI_BUF_CTL register on MTLP+, where this had an off-by-one error. Cc: <stable(a)vger.kernel.org> # v6.5+ Fixes: b66a8abaa48a ("drm/i915/display/mtl: Fill port width in DDI_BUF_/TRANS_DDI_FUNC_/PORT_BUF_CTL for HDMI") Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250214142001.552916-3-imre.… (cherry picked from commit b2ecdabe46d23db275f94cd7c46ca414a144818b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index acb986bc1f33..2b9240ab547d 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -3487,7 +3487,7 @@ static void intel_ddi_enable_hdmi(struct intel_atomic_state *state, intel_de_rmw(dev_priv, XELPDP_PORT_BUF_CTL1(dev_priv, port), XELPDP_PORT_WIDTH_MASK | XELPDP_PORT_REVERSAL, port_buf); - buf_ctl |= DDI_PORT_WIDTH(lane_count); + buf_ctl |= DDI_PORT_WIDTH(crtc_state->lane_count); if (DISPLAY_VER(dev_priv) >= 20) buf_ctl |= XE2LPD_DDI_BUF_D2D_LINK_ENABLE; diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h index 765e6c0528fb..786c727aea45 100644 --- a/drivers/gpu/drm/i915/i915_reg.h +++ b/drivers/gpu/drm/i915/i915_reg.h @@ -3633,7 +3633,7 @@ enum skl_power_gate { #define DDI_BUF_IS_IDLE (1 << 7) #define DDI_BUF_CTL_TC_PHY_OWNERSHIP REG_BIT(6) #define DDI_A_4_LANES (1 << 4) -#define DDI_PORT_WIDTH(width) (((width) - 1) << 1) +#define DDI_PORT_WIDTH(width) (((width) == 3 ? 4 : ((width) - 1)) << 1) #define DDI_PORT_WIDTH_MASK (7 << 1) #define DDI_PORT_WIDTH_SHIFT 1 #define DDI_INIT_DISPLAY_DETECTED (1 << 0)

3 months, 2 weeks

2
1
0 0

[PATCH v2 2/2] phy: freescale: imx8m-pcie: assert phy reset and perst in power off

by Stefan Eichenberger

From: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> Ensure the PHY reset and perst is asserted during power-off to guarantee it is in a reset state upon repeated power-on calls. This resolves an issue where the PHY may not properly initialize during subsequent power-on cycles. Power-on will deassert the reset at the appropriate time after tuning the PHY parameters. During suspend/resume cycles, we observed that the PHY PLL failed to lock during resume when the CPU temperature increased from 65C to 75C. The observed errors were: phy phy-32f00000.pcie-phy.3: phy poweron failed --> -110 imx6q-pcie 33800000.pcie: waiting for PHY ready timeout! imx6q-pcie 33800000.pcie: PM: dpm_run_callback(): genpd_resume_noirq+0x0/0x80 returns -110 imx6q-pcie 33800000.pcie: PM: failed to resume noirq: error -110 This resulted in a complete CPU freeze, which is resolved by ensuring the PHY is in reset during power-on, thus preventing PHY PLL failures. Cc: stable(a)vger.kernel.org Fixes: 1aa97b002258 ("phy: freescale: pcie: Initialize the imx8 pcie standalone phy driver") Signed-off-by: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> --- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/phy/freescale/phy-fsl-imx8m-pcie.c b/drivers/phy/freescale/phy-fsl-imx8m-pcie.c index 5b505e34ca364..7355d9921b646 100644 --- a/drivers/phy/freescale/phy-fsl-imx8m-pcie.c +++ b/drivers/phy/freescale/phy-fsl-imx8m-pcie.c @@ -156,6 +156,16 @@ static int imx8_pcie_phy_power_on(struct phy *phy) return ret; } +static int imx8_pcie_phy_power_off(struct phy *phy) +{ + struct imx8_pcie_phy *imx8_phy = phy_get_drvdata(phy); + + reset_control_assert(imx8_phy->reset); + reset_control_assert(imx8_phy->perst); + + return 0; +} + static int imx8_pcie_phy_init(struct phy *phy) { struct imx8_pcie_phy *imx8_phy = phy_get_drvdata(phy); @@ -176,6 +186,7 @@ static const struct phy_ops imx8_pcie_phy_ops = { .init = imx8_pcie_phy_init, .exit = imx8_pcie_phy_exit, .power_on = imx8_pcie_phy_power_on, + .power_off = imx8_pcie_phy_power_off, .owner = THIS_MODULE, }; -- 2.45.2

3 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 879f70382ff3e92fc854589ada3453e3f5f5b601 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025022418-frostlike-congrats-bf0d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 879f70382ff3e92fc854589ada3453e3f5f5b601 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Fri, 14 Feb 2025 16:19:51 +0200 Subject: [PATCH] drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro The format of the port width field in the DDI_BUF_CTL and the TRANS_DDI_FUNC_CTL registers are different starting with MTL, where the x3 lane mode for HDMI FRL has a different encoding in the two registers. To account for this use the TRANS_DDI_FUNC_CTL's own port width macro. Cc: <stable(a)vger.kernel.org> # v6.5+ Fixes: b66a8abaa48a ("drm/i915/display/mtl: Fill port width in DDI_BUF_/TRANS_DDI_FUNC_/PORT_BUF_CTL for HDMI") Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250214142001.552916-2-imre.… (cherry picked from commit 76120b3a304aec28fef4910204b81a12db8974da) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/icl_dsi.c b/drivers/gpu/drm/i915/display/icl_dsi.c index c977b74f82f0..82bf6c654de2 100644 --- a/drivers/gpu/drm/i915/display/icl_dsi.c +++ b/drivers/gpu/drm/i915/display/icl_dsi.c @@ -809,8 +809,8 @@ gen11_dsi_configure_transcoder(struct intel_encoder *encoder, /* select data lane width */ tmp = intel_de_read(display, TRANS_DDI_FUNC_CTL(display, dsi_trans)); - tmp &= ~DDI_PORT_WIDTH_MASK; - tmp |= DDI_PORT_WIDTH(intel_dsi->lane_count); + tmp &= ~TRANS_DDI_PORT_WIDTH_MASK; + tmp |= TRANS_DDI_PORT_WIDTH(intel_dsi->lane_count); /* select input pipe */ tmp &= ~TRANS_DDI_EDP_INPUT_MASK;

3 months, 2 weeks

4
8
0 0

FAILED: patch "[PATCH] efi: Don't map the entire mokvar table to determine its size" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 2b90e7ace79774a3540ce569e000388f8d22c9e0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025030422-depict-timing-18a8@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2b90e7ace79774a3540ce569e000388f8d22c9e0 Mon Sep 17 00:00:00 2001 From: Peter Jones <pjones(a)redhat.com> Date: Wed, 26 Feb 2025 15:18:39 -0500 Subject: [PATCH] efi: Don't map the entire mokvar table to determine its size Currently, when validating the mokvar table, we (re)map the entire table on each iteration of the loop, adding space as we discover new entries. If the table grows over a certain size, this fails due to limitations of early_memmap(), and we get a failure and traceback: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:139 __early_ioremap+0xef/0x220 ... Call Trace: <TASK> ? __early_ioremap+0xef/0x220 ? __warn.cold+0x93/0xfa ? __early_ioremap+0xef/0x220 ? report_bug+0xff/0x140 ? early_fixup_exception+0x5d/0xb0 ? early_idt_handler_common+0x2f/0x3a ? __early_ioremap+0xef/0x220 ? efi_mokvar_table_init+0xce/0x1d0 ? setup_arch+0x864/0xc10 ? start_kernel+0x6b/0xa10 ? x86_64_start_reservations+0x24/0x30 ? x86_64_start_kernel+0xed/0xf0 ? common_startup_64+0x13e/0x141 </TASK> ---[ end trace 0000000000000000 ]--- mokvar: Failed to map EFI MOKvar config table pa=0x7c4c3000, size=265187. Mapping the entire structure isn't actually necessary, as we don't ever need more than one entry header mapped at once. Changes efi_mokvar_table_init() to only map each entry header, not the entire table, when determining the table size. Since we're not mapping any data past the variable name, it also changes the code to enforce that each variable name is NUL terminated, rather than attempting to verify it in place. Cc: <stable(a)vger.kernel.org> Signed-off-by: Peter Jones <pjones(a)redhat.com> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> diff --git a/drivers/firmware/efi/mokvar-table.c b/drivers/firmware/efi/mokvar-table.c index 5ed0602c2f75..d865cb1dbaad 100644 --- a/drivers/firmware/efi/mokvar-table.c +++ b/drivers/firmware/efi/mokvar-table.c @@ -103,7 +103,6 @@ void __init efi_mokvar_table_init(void) void *va = NULL; unsigned long cur_offset = 0; unsigned long offset_limit; - unsigned long map_size = 0; unsigned long map_size_needed = 0; unsigned long size; struct efi_mokvar_table_entry *mokvar_entry; @@ -134,48 +133,34 @@ void __init efi_mokvar_table_init(void) */ err = -EINVAL; while (cur_offset + sizeof(*mokvar_entry) <= offset_limit) { - mokvar_entry = va + cur_offset; - map_size_needed = cur_offset + sizeof(*mokvar_entry); - if (map_size_needed > map_size) { - if (va) - early_memunmap(va, map_size); - /* - * Map a little more than the fixed size entry - * header, anticipating some data. It's safe to - * do so as long as we stay within current memory - * descriptor. - */ - map_size = min(map_size_needed + 2*EFI_PAGE_SIZE, - offset_limit); - va = early_memremap(efi.mokvar_table, map_size); - if (!va) { - pr_err("Failed to map EFI MOKvar config table pa=0x%lx, size=%lu.\n", - efi.mokvar_table, map_size); - return; - } - mokvar_entry = va + cur_offset; + if (va) + early_memunmap(va, sizeof(*mokvar_entry)); + va = early_memremap(efi.mokvar_table + cur_offset, sizeof(*mokvar_entry)); + if (!va) { + pr_err("Failed to map EFI MOKvar config table pa=0x%lx, size=%zu.\n", + efi.mokvar_table + cur_offset, sizeof(*mokvar_entry)); + return; } + mokvar_entry = va; /* Check for last sentinel entry */ if (mokvar_entry->name[0] == '\0') { if (mokvar_entry->data_size != 0) break; err = 0; + map_size_needed = cur_offset + sizeof(*mokvar_entry); break; } - /* Sanity check that the name is null terminated */ - size = strnlen(mokvar_entry->name, - sizeof(mokvar_entry->name)); - if (size >= sizeof(mokvar_entry->name)) - break; + /* Enforce that the name is NUL terminated */ + mokvar_entry->name[sizeof(mokvar_entry->name) - 1] = '\0'; /* Advance to the next entry */ - cur_offset = map_size_needed + mokvar_entry->data_size; + cur_offset += sizeof(*mokvar_entry) + mokvar_entry->data_size; } if (va) - early_memunmap(va, map_size); + early_memunmap(va, sizeof(*mokvar_entry)); if (err) { pr_err("EFI MOKvar config table is not valid\n"); return;

3 months, 2 weeks

3
2
0 0

Please apply 8fa507083388 ("mm/memory: Use exception ip to search exception tables") (and one required dependency) to v6.1.y

by Salvatore Bonaccorso

Hi Greg, hi Sasha A while back the following regression after 4bce37a68ff8 ("mips/mm: Convert to using lock_mm_and_find_vma()") was reported: https://lore.kernel.org/all/75e9fd7b08562ad9b456a5bdaacb7cc220311cc9.camel@… affecting mips64el. This was later on fixed by 8fa507083388 ("mm/memory: Use exception ip to search exception tables") in 6.8-rc5 and which got backported to 6.7.6 and 6.6.18. The breaking commit was part of a series covering a security fix (CVE-2023-3269), and landed in 6.5-rc1 and backported to 6.4.1, 6.3.11 and 6.1.37. So far 6.1.y remained unfixed and in fact in Debian we got reports about this issue seen on the build infrastructure when building various packages, details are in: https://bugs.debian.org/1086028 https://bugs.debian.org/1087809 https://bugs.debian.org/1093200 The fix probably did not got backported as there is one dependency missing which was not CC'ed for stable afaics. Thus, can you please cherry-pick the following two commits please as well for 6.1.y? 11ba1728be3e ("ptrace: Introduce exception_ip arch hook") 8fa507083388 ("mm/memory: Use exception ip to search exception tables") Sergei Golovan confirmed as well by testing that this fixes the seen issue as well in 6.1.y, cf. https://bugs.debian.org/1086028#95 Thanks in advance already. Regards, Salvatore

3 months, 2 weeks

2
1
0 0

[PATCH 6.6 000/676] 6.6.64-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.64 release. There are 676 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 08 Dec 2024 14:34:52 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.64-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.64-rc1 Frederic Weisbecker <frederic(a)kernel.org> posix-timers: Target group sigqueue to current task only if not exiting Umio Yasuno <coelacanth_dream(a)protonmail.com> drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 Vitaly Prosyak <vitaly.prosyak(a)amd.com> drm/amdgpu: fix usage slab after free Lijo Lazar <lijo.lazar(a)amd.com> drm/amdkfd: Use the correct wptr size Steffen Dirkwinkel <s.dirkwinkel(a)beckhoff.com> drm: xlnx: zynqmp_dpsub: fix hotplug detection Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: flush shader L1 cache after user commandstream Javier Carrasco <javier.carrasco.cruz(a)gmail.com> drm/mediatek: Fix child node refcount handling in early exit Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check Vivek Kasireddy <vivek.kasireddy(a)intel.com> udmabuf: use vmf_insert_pfn and VM_PFNMAP for handling mmap Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Lock TPM chip in tpm_pm_suspend() first Josef Bacik <josef(a)toxicpanda.com> btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() Nathan Chancellor <nathan(a)kernel.org> powerpc: Adjust adding stack protector flags to KBUILD_CLAGS for clang Nathan Chancellor <nathan(a)kernel.org> powerpc: Fix stack protector Kconfig test for clang Zicheng Qu <quzicheng(a)huawei.com> iio: gts: fix infinite loop for gain_to_scaletables() Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer Zicheng Qu <quzicheng(a)huawei.com> iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() Matti Vaittinen <mazziesaccount(a)gmail.com> iio: accel: kx022a: Fix raw read format Yang Erkun <yangerkun(a)huawei.com> nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur Yang Erkun <yangerkun(a)huawei.com> nfsd: make sure exp active before svc_export_show Damien Le Moal <dlemoal(a)kernel.org> PCI: rockchip-ep: Fix address translation unit programming Andrea della Porta <andrea.porta(a)suse.com> PCI: of_property: Assign PCI instead of CPU bus address to dynamic PCI nodes Yuan Can <yuancan(a)huawei.com> dm thin: Add missing destroy_work_on_stack() Ssuhung Yeh <ssuhung(a)gmail.com> dm: Fix typo in error message Oleksandr Tymoshenko <ovt(a)google.com> ovl: properly handle large files in ovl_security_fileattr Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error paths Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: int3400: Fix reading of current_uuid for active policy Jiri Olsa <jolsa(a)kernel.org> fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful iov_iter_zero Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add link up check to ks_pcie_other_map_bus() Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() Jinjie Ruan <ruanjinjie(a)huawei.com> i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Fix hibern8 notify callbacks Alexandru Ardelean <aardelean(a)baylibre.com> util_macros.h: fix/rework find_closest() macros Patrick Donnelly <pdonnell(a)redhat.com> ceph: extract entity name from device id yuan.gao <yuan.gao(a)ucloud.cn> mm/slub: Avoid list corruption when removing a slab from the full list Linus Walleij <linus.walleij(a)linaro.org> ARM: 9431/1: mm: Pair atomic_set_release() with _read_acquire() Linus Walleij <linus.walleij(a)linaro.org> ARM: 9430/1: entry: Do a dummy read from VMAP shadow Vasily Gorbik <gor(a)linux.ibm.com> s390/entry: Mark IRQ entries to fix stack depot warnings Linus Walleij <linus.walleij(a)linaro.org> ARM: 9429/1: ioremap: Sync PGDs for VMALLOC shadow Zicheng Qu <quzicheng(a)huawei.com> ad7780: fix division by zero in ad7780_write_raw() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-qcs404: fix initial rate of GPLL3 Michal Vokáč <michal.vokac(a)ysoft.com> leds: lp55xx: Remove redundant test for invalid channel number Mostafa Saleh <smostafa(a)google.com> iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables Sergey Senozhatsky <senozhatsky(a)chromium.org> zram: clear IDLE flag after recompression MengEn Sun <mengensun(a)tencent.com> vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event guoweikang <guoweikang.kernel(a)gmail.com> ftrace: Fix regression with module command in stack_trace_filter Wei Yang <richard.weiyang(a)gmail.com> maple_tree: refine mas_store_root() on storing NULL Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: Filter invalid inodes with missing lookup function Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> media: uvcvideo: Require entities to have a non-zero unique ID Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Stop stream during unregister Gaosheng Cui <cuigaosheng1(a)huawei.com> media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() Jinjie Ruan <ruanjinjie(a)huawei.com> media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() Jinjie Ruan <ruanjinjie(a)huawei.com> media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled Jinjie Ruan <ruanjinjie(a)huawei.com> media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Free correct pointer on failure Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available Li Zetao <lizetao1(a)huawei.com> media: ts2020: fix null-ptr-deref in ts2020_probe() Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: verisilicon: av1: Fix reference video buffer pointer assignment Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Ensure power suppliers be suspended before detach them Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: tc358743: Fix crash in the probe error path when using polling Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay Jinjie Ruan <ruanjinjie(a)huawei.com> media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled Guoqing Jiang <guoqing.jiang(a)canonical.com> media: mtk-jpeg: Fix null-ptr-deref during unload module Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Set video drvdata before register video device Ming Qian <ming.qian(a)nxp.com> media: amphion: Set video drvdata before register video device Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: ti: k3-am62-verdin: Fix SD regulator startup delay Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay Dragan Simic <dsimic(a)manjaro.org> arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer Yuan Can <yuancan(a)huawei.com> md/md-bitmap: Add missing destroy_work_on_stack() Filipe Manana <fdmanana(a)suse.com> btrfs: ref-verify: fix use-after-free after invalid ref action Lizhi Xu <lizhi.xu(a)windriver.com> btrfs: add a sanity check for btrfs root in btrfs_search_slot() Filipe Manana <fdmanana(a)suse.com> btrfs: don't loop for nowait writes when checking for cross references Ojaswin Mujoo <ojaswin(a)linux.ibm.com> quota: flush quota_release_work upon quota writeback Long Li <leo.lilong(a)huawei.com> xfs: remove unknown compat feature check in superblock write validation Dan Carpenter <dan.carpenter(a)linaro.org> sh: intc: Fix use-after-free bug in register_intc_controller() Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix bfqq uaf in bfq_limit_depth() Liu Jian <liujian56(a)huawei.com> sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT Liu Jian <liujian56(a)huawei.com> sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when mounting nfs Dan Carpenter <dan.carpenter(a)linaro.org> cifs: unlock on error in smb3_reconfigure() Shyam Prasad N <sprasad(a)microsoft.com> cifs: during remount, make sure passwords are in sync Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove incorrect code in do_eisa_entry() Paul Aurich <paul(a)darkrain42.org> smb: Initialize cfid->tcon before performing network ops Masahiro Yamada <masahiroy(a)kernel.org> Rename .data.once to .data..once to fix resetting WARN*_ONCE Masahiro Yamada <masahiroy(a)kernel.org> Rename .data.unlikely to .data..unlikely Masahiro Yamada <masahiroy(a)kernel.org> init/modpost: conditionally check section mismatch to __meminit* Masahiro Yamada <masahiroy(a)kernel.org> modpost: squash ALL_{INIT,EXIT}_TEXT_SECTIONS to ALL_TEXT_SECTIONS Masahiro Yamada <masahiroy(a)kernel.org> modpost: use ALL_INIT_SECTIONS for the section check from DATA_SECTIONS Masahiro Yamada <masahiroy(a)kernel.org> modpost: disallow the combination of EXPORT_SYMBOL and __meminit* Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove EXIT_SECTIONS macro Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove MEM_INIT_SECTIONS macro Masahiro Yamada <masahiroy(a)kernel.org> modpost: disallow *driver to reference .meminit* sections Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove ALL_EXIT_DATA_SECTIONS macro Maxime Chevallier <maxime.chevallier(a)bootlin.com> rtc: ab-eoz9: don't fail temperature reads on undervoltage notification Pali Rohár <pali(a)kernel.org> cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session Pali Rohár <pali(a)kernel.org> cifs: Fix parsing native symlinks relative to the export Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: disable directory caching when dir_cache_timeout is zero Namhyung Kim <namhyung(a)kernel.org> perf/arm-cmn: Ensure port and device id bits are set properly Chun-Tse Shao <ctshao(a)google.com> perf/arm-smmuv3: Fix lockdep assert in ->event_init() Alex Zenla <alex(a)edera.dev> 9p/xen: fix release of IRQ Alex Zenla <alex(a)edera.dev> 9p/xen: fix init sequence Christoph Hellwig <hch(a)lst.de> block: return unsigned int from bdev_io_min Breno Leitao <leitao(a)debian.org> nvme/multipath: Fix RCU list traversal to use SRCU primitive Hannes Reinecke <hare(a)kernel.org> nvme-multipath: avoid hang on inaccessible namespaces Thomas Song <tsong(a)purestorage.com> nvme-multipath: implement "queue-depth" iopolicy John Meneghini <jmeneghi(a)redhat.com> nvme-multipath: prepare for "queue-depth" iopolicy Wolfram Sang <wsa+renesas(a)sang-engineering.com> rtc: rzn1: fix BCD to rtc_time conversion errors Qingfang Deng <qingfang.deng(a)siflower.com.cn> jffs2: fix use of uninitialized variable Waqar Hameed <waqar.hameed(a)axis.com> ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix duplicate slab cache names while attaching Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Correct the total block count by deducting journal reservation Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty Yongliang Gao <leonylgao(a)tencent.com> rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Nobuhiro Iwamatsu <iwamatsu(a)nigauri.org> rtc: abx80x: Fix WDT bit position of the status register Jinjie Ruan <ruanjinjie(a)huawei.com> rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.0: Fix a use-after-free problem in the asynchronous open() Tiwei Bie <tiwei.btw(a)antgroup.com> um: Always dump trace for specified task in show_stack Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the return value of elf_core_copy_task_fpregs Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix potential integer overflow during physmem setup Yang Erkun <yangerkun(a)huawei.com> SUNRPC: make sure cache entry active before cache_show Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent a potential integer overflow Ma Wupeng <mawupeng1(a)huawei.com> ipc: fix memleak if msg_init_ns failed in create_ipc_ns Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on node blkaddr in truncate_node() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> lib: string_helpers: silence snprintf() output truncation warning Ming Lei <ming.lei(a)redhat.com> ublk: fix error code for unsupported command Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix looping of queued SG entries Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix checking for number of TRBs left Hubert Wiśniewski <hubert.wisniewski.25632(a)gmail.com> usb: musb: Fix hardware lockup on first Rx endpoint request Paul Aurich <paul(a)darkrain42.org> smb: During unmount, ensure all cached dir instances drop their dentry Paul Aurich <paul(a)darkrain42.org> smb: prevent use-after-free due to open_cached_dir error paths Paul Aurich <paul(a)darkrain42.org> smb: Don't leak cfid when reconnect races with open_cached_dir Paulo Alcantara <pc(a)manguebit.com> smb: client: handle max length for SMB symlinks Steve French <stfrench(a)microsoft.com> smb3: request handle caching when caching directories Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Apply quirk for Medion E15433 Dinesh Kumar <desikumar81(a)gmail.com> ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Set PCBeep to default value for ALC274 Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC225 depop procedure Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Add sanity NULL check for the default mmap fault handler Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix evaluation of MIDI 1.0 FB info Hans Verkuil <hverkuil(a)xs4all.nl> media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() Qiu-ji Chen <chenqiuji666(a)gmail.com> media: wl128x: Fix atomicity violation in fmc_send_cmd() Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Bart Van Assche <bvanassche(a)acm.org> blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long Muchun Song <muchun.song(a)linux.dev> block: fix ordering between checking BLK_MQ_S_STOPPED request adding Muchun Song <muchun.song(a)linux.dev> block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding Muchun Song <muchun.song(a)linux.dev> block: fix missing dispatching request when queue is started or unquiesced Will Deacon <will(a)kernel.org> arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Ming Lei <ming.lei(a)redhat.com> ublk: fix ublk_ch_mmap() for 64K page size Zicheng Qu <quzicheng(a)huawei.com> iio: gts: Fix uninitialized symbol 'ret' Huacai Chen <chenhuacai(a)kernel.org> sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Do not use drvdata in release Bin Liu <b-liu(a)ti.com> serial: 8250: omap: Move pm_runtime_get_sync Filip Brozovic <fbrozovic(a)gmail.com> serial: 8250_fintek: Add support for F81216E Michal Simek <michal.simek(a)amd.com> dt-bindings: serial: rs485: Fix rs485-rts-delay property Tiwei Bie <tiwei.btw(a)antgroup.com> um: net: Do not use drvdata in release Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Do not use drvdata in release Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: wl: Put source PEB into correct list if trying locking LEB failed Javier Carrasco <javier.carrasco.cruz(a)gmail.com> platform/chrome: cros_ec_typec: fix missing fwnode reference decrement Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL ptr deref in crypto_aead_setkey() Yunseong Kim <yskelg(a)gmail.com> ksmbd: fix use-after-free in SMB request handling Josh Poimboeuf <jpoimboe(a)kernel.org> parisc/ftrace: Fix function graph tracing disablement Meetakshi Setiya <msetiya(a)microsoft.com> cifs: support mounting with alternate password to allow password rotation Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() Cheng Ming Lin <chengminglin(a)mxic.com.tw> mtd: spi-nor: core: replace dummy buswidth from addr to data Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> spi: Fix acpi deferred irq probe Jeongjun Park <aha310510(a)gmail.com> netfilter: ipset: add missing range check in bitmap_ip_uadt Sai Kumar Cholleti <skmr537(a)gmail.com> gpio: exar: set value when external pull-up or pull-down is present Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Michal Vrastil <michal.vrastil(a)hidglobal.com> Revert "usb: gadget: composite: fix OS descriptors w_value logic" Javier Carrasco <javier.carrasco.cruz(a)gmail.com> wifi: brcmfmac: release 'root' node in all execution paths Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> wifi: ath12k: fix crash when unbinding Guilherme G. Piccoli <gpiccoli(a)igalia.com> wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> wifi: ath12k: fix warning when unbinding Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: omap36xx: declare 1GHz OPP as turbo again Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix TD invalidation under pending Set TR Dequeue Jan Hendrik Farr <kernel(a)jfarr.cc> Compiler Attributes: disable __counted_by for clang < 19.1.3 Andrej Shadura <andrew.shadura(a)collabora.co.uk> Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix uninit-value in __exfat_get_dentry_set Angelo Dureghello <adureghello(a)baylibre.com> dt-bindings: iio: dac: ad3552r: fix maximum spi speed Johan Hovold <johan+linaro(a)kernel.org> pinctrl: qcom: spmi: fix debugfs drive strength Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/nolibc: s390: include std.h Ahmed Ehab <bottaawesome633(a)gmail.com> locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Jinjie Ruan <ruanjinjie(a)huawei.com> apparmor: test: Fix memory leak for aa_unpack_strdup() Jann Horn <jannh(a)google.com> comedi: Flush partial mappings in error case Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix sending inotify event with unexpected filename Lukas Wunner <lukas(a)wunner.de> PCI: Fix use-after-free of slot->bus on hot remove Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Jing Zhang <jingzhangos(a)google.com> KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Raghavendra Rao Ananta <rananta(a)google.com> KVM: arm64: Get rid of userspace_irqchip_in_use Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Raghavendra Rao Ananta <rananta(a)google.com> KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR Gautam Menghani <gautam(a)linux.ibm.com> powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE Eric Biggers <ebiggers(a)google.com> crypto: x86/aegis128 - access 32-bit arguments as 32-bit Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix buffer full but size is 0 case Qiu-ji Chen <chenqiuji666(a)gmail.com> ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Ilya Zverev <ilya(a)zverev.info> ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 Artem Sadovnikov <ancowi69(a)gmail.com> jfs: xattr: check invalid xattr size more strictly Theodore Ts'o <tytso(a)mit.edu> ext4: fix FS_IOC_GETFSMAP handling Jeongjun Park <aha310510(a)gmail.com> ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: sst: Fix used of uninitialized ctx to log an error Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled Chen-Yu Tsai <wenst(a)chromium.org> Revert "arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled" Benoît Sevens <bsevens(a)google.com> ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Filipe Manana <fdmanana(a)suse.com> btrfs: do not BUG_ON() when freeing tree block after error Daejun Park <daejun7.park(a)samsung.com> f2fs: fix null reference error when checking end of zone Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Hide Topdown metrics events if the feature is not enumerated Mikulas Patocka <mpatocka(a)redhat.com> dm-bufio: fix warnings about duplicate slab caches Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add NULL pointer check for kzalloc Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check phantom_stream before it is used Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Check null pointer before try to access it Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw Mikulas Patocka <mpatocka(a)redhat.com> dm-cache: fix warnings about duplicate slab caches Kent Overstreet <kent.overstreet(a)linux.dev> closures: Change BUG_ON() to WARN_ON() Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-spear: fix call balance of sehci clk handling routines Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix out of bounds reads when finding clock sources Qiu-ji Chen <chenqiuji666(a)gmail.com> xen: Fix the issue of resource not being properly released in xenbus_dev_probe() lei lu <llfamsec(a)gmail.com> xfs: add bounds checking to xlog_recover_process_data Puranjay Mohan <pjy(a)amazon.com> nvme: fix metadata handling in nvme-passthrough Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths Jason-JH.Lin <jason-jh.lin(a)mediatek.com> mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() Xiuhong Wang <xiuhong.wang(a)unisoc.com> f2fs: fix fiemap failure issue when page size is 16KB Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Remove and replace gfs2_glock_queue_work Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Don't set GLF_LOCK in gfs2_dispose_glock_lru Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry chao liu <liuzgyid(a)outlook.com> apparmor: fix 'Do simple duplicate message elimination' Zicheng Qu <quzicheng(a)huawei.com> drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp Steven 'Steve' Kendall <skend(a)chromium.org> drm/radeon: Fix spurious unplug event on radeon HDMI Wu Hoi Pok <wuhoipok(a)gmail.com> drm/radeon: change rdev->ddev to rdev_to_drm(rdev) Wu Hoi Pok <wuhoipok(a)gmail.com> drm/radeon: add helper rdev_to_drm(rdev) Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC256 depop procedure Gaosheng Cui <cuigaosheng1(a)huawei.com> firmware_loader: Fix possible resource leak in fw_log_firmware_info() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> counter: ti-ecap-capture: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> counter: stm32-timer-cnt: Add check for clk_enable() Jinjie Ruan <ruanjinjie(a)huawei.com> misc: apds990x: Fix missing pm_runtime_disable() Edward Adam Davis <eadavis(a)qq.com> USB: chaoskey: Fix possible deadlock chaoskey_list_lock Oliver Neukum <oneukum(a)suse.com> USB: chaoskey: fail open after removal Oliver Neukum <oneukum(a)suse.com> usb: yurex: make waiting on yurex_write interruptible Jeongjun Park <aha310510(a)gmail.com> usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: light: al3010: Fix an error handling path in al3010_probe() Paolo Abeni <pabeni(a)redhat.com> ipmr: fix tables suspicious RCU usage Paolo Abeni <pabeni(a)redhat.com> ip6mr: fix tables suspicious RCU usage Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix use-after-free of nreq in reqsk_timer_handler(). Michal Luczaj <mhal(a)rbox.co> rxrpc: Improve setsockopt() handling of malformed user input Michal Luczaj <mhal(a)rbox.co> llc: Improve setsockopt() handling of malformed user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix possible deadlocks Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Unregister PTP during PCI shutdown and suspend Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Refactor bnxt_ptp_init() Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Eric Dumazet <edumazet(a)google.com> net: hsr: fix hsr_init_sk() vs network/transport headers. Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Fix register name in verbose logging function Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Quiesce traffic before NIX block reset Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: fix stale FCFEC counters Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: fix stale RSFEC counters Sai Krishna <saikrishnag(a)marvell.com> octeontx2-pf: Reset MAC stats during probe Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: Fix low network performance Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: Fix mismatch in lmac type Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Vitalii Mordan <mordan(a)ispras.ru> marvell: pxa168_eth: fix call balance of pep->clk handling routines Rosen Penev <rosenp(a)gmail.com> net: mdio-ipq4019: add missing error check Hangbin Liu <liuhangbin(a)gmail.com> net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged Sidraya Jayagond <sidraya(a)linux.ibm.com> s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Guenter Roeck <linux(a)roeck-us.net> net: microchip: vcap: Add typegroup table terminators in kunit tests Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Pavan Chebbi <pavan.chebbi(a)broadcom.com> tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix double free issue with interrupt buffer allocation ChiYuan Huang <cy_huang(a)richtek.com> power: supply: rt9471: Use IC status regfield to report real charger status ChiYuan Huang <cy_huang(a)richtek.com> power: supply: rt9471: Fix wrong WDT function regfield declaration Barnabás Czémán <barnabas.czeman(a)mainlining.org> power: supply: bq27xxx: Fix registers of bq27426 Bart Van Assche <bvanassche(a)acm.org> power: supply: core: Remove might_sleep() from power_supply_put() Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: BPF: Sign-extend return values Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Fix build failure with GCC 15 (-std=gnu23) Randy Dunlap <rdunlap(a)infradead.org> fs_parser: update mount_api doc to match function signature Avihai Horon <avihaih(a)nvidia.com> vfio/pci: Properly hide first-in-list PCIe extended capability Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: zevio: Add missed label initialisation Michael Ellerman <mpe(a)ellerman.id.au> selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix suboptimal range on iotlb iteration Murad Masimov <m.masimov(a)maxima.ru> hwmon: (tps23861) Fix reporting of negative temperatures Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_shutdown_copy() Ye Bin <yebin10(a)huawei.com> svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() Yang Erkun <yangerkun(a)huawei.com> nfsd: release svc_expkey/svc_export with rcu_work Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Zhongqiu Han <quic_zhonhan(a)quicinc.com> PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' Sibi Sankar <quic_sibis(a)quicinc.com> remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Jonathan Marek <jonathan(a)marek.ca> rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> remoteproc: qcom: pas: add minidump_id to SM8350 resources Benjamin Peterson <benjamin(a)engflow.com> perf trace: Avoid garbage when not printing a syscall's arguments Benjamin Peterson <benjamin(a)engflow.com> perf trace: Do not lose last events in a race Howard Chu <howardchu95(a)gmail.com> perf trace: Fix tracing itself, creating feedback loops Jean-Philippe Romain <jean-philippe.romain(a)foss.st.com> perf list: Fix topic and pmu_name argument order Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Address an integer overflow Antonio Quartulli <antonio(a)mandelbit.com> m68k: coldfire/device.c: only build FEC when HW macros are defined Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Benjamin Peterson <benjamin(a)engflow.com> perf trace: avoid garbage when not printing a trace event's arguments Chao Yu <chao(a)kernel.org> f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode Long Li <leo.lilong(a)huawei.com> f2fs: fix race in concurrent f2fs_stop_gc_thread Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds Théo Lebrun <theo.lebrun(a)bootlin.com> PCI: j721e: Add suspend and resume support Thomas Richard <thomas.richard(a)bootlin.com> PCI: j721e: Use T_PERST_CLK_US macro Théo Lebrun <theo.lebrun(a)bootlin.com> PCI: j721e: Add reset GPIO to struct j721e_pcie Thomas Richard <thomas.richard(a)bootlin.com> PCI: cadence: Set cdns_pcie_host_init() global Thomas Richard <thomas.richard(a)bootlin.com> PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() Matt Ranostay <mranostay(a)ti.com> PCI: j721e: Add PCIe 4x lane selection support Matt Ranostay <mranostay(a)ti.com> PCI: j721e: Add per platform maximum lane settings Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> PCI: Add T_PVPERL macro Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID Chao Yu <chao(a)kernel.org> f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() Yongpeng Yang <yangyongpeng1(a)oppo.com> f2fs: check curseg->inited before write_sum_page in change_curseg LongPing Wei <weilongping(a)oppo.com> f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Arnaldo Carvalho de Melo <acme(a)kernel.org> perf ftrace latency: Fix unit on histogram first entry when using --use-nsec Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: cpqphp: Fix PCIBIOS_* return value confusion weiyufeng <weiyufeng(a)kylinos.cn> PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads Paolo Bonzini <pbonzini(a)redhat.com> rust: macros: fix documentation of the paste! macro Leo Yan <leo.yan(a)arm.com> perf probe: Correct demangled symbols in C++ program Ian Rogers <irogers(a)google.com> perf probe: Fix libdw memory leak Chao Yu <chao(a)kernel.org> f2fs: fix to account dirty data in __get_secs_required() Qi Han <hanqi(a)vivo.com> f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks Veronika Molnarova <vmolnaro(a)redhat.com> perf test attr: Add back missing topdown events Michael Petlan <mpetlan(a)redhat.com> perf trace: Keep exited threads for summary Ian Rogers <irogers(a)google.com> perf stat: Fix affinity memory leaks on error path Levi Yun <yeoreum.yun(a)arm.com> perf stat: Close cork_fd when create_perf_stat_counter() failed Todd Kjos <tkjos(a)google.com> PCI: Fix reset_method_store() memory leak Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix unlinked inode cleanup Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Allow immediate GLF_VERIFY_DELETE work Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Replace gfs2_glock_queue_put with gfs2_glock_put_async Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Get rid of gfs2_glock_queue_put in signal_our_withdraw James Clark <james.clark(a)linaro.org> perf cs-etm: Don't flush when packet_queue fills up Dan Carpenter <dan.carpenter(a)linaro.org> mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() Paul Aurich <paul(a)darkrain42.org> smb: cached directories can be more than root file handle zhang jiao <zhangjiao2(a)cmss.chinamobile.com> pinctrl: k210: Undef K210_PC_DEFAULT Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw Nuno Sa <nuno.sa(a)analog.com> clk: clk-axi-clkgen: make sure to enable the AXI bus clock Nuno Sa <nuno.sa(a)analog.com> dt-bindings: clock: axi-clkgen: include AXI clk Sergio Paracuellos <sergio.paracuellos(a)gmail.com> clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Sergio Paracuellos <sergio.paracuellos(a)gmail.com> clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883 Charles Han <hanchunchao(a)inspur.com> clk: clk-apple-nco: Add NULL check in applnco_probe Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Move events notifier registration to be after device registration Jianbo Liu <jianbol(a)nvidia.com> IB/mlx5: Allocate resources just before first QP/SRQ is created Zhen Lei <thunder.leizhen(a)huawei.com> fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Zhang Zekun <zhangzekun11(a)huawei.com> powerpc/kexec: Fix return of uninitialized variable Michal Suchanek <msuchanek(a)suse.de> powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> dax: delete a stale directory pmem Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix uninitialized value in ocfs2_file_read_iter() Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix out-of-order issue of requester when setting FENCE Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Dynamically disable SEPT violations from causing #VEs Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Introduce wrappers to read and write TD metadata Kai Huang <kai.huang(a)intel.com> x86/tdx: Pass TDCALL/SEAMCALL input/output registers via a structure Kai Huang <kai.huang(a)intel.com> x86/tdx: Rename __tdx_module_call() to __tdcall() Kai Huang <kai.huang(a)intel.com> x86/tdx: Make macros of TDCALLs consistent with the spec Kai Huang <kai.huang(a)intel.com> x86/tdx: Skip saving output regs when SEAMCALL fails with VMFailInvalid Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Enable runtime power management Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Zeng Heng <zengheng4(a)huawei.com> scsi: fusion: Remove unused variable 'rc' Ye Bin <yebin10(a)huawei.com> scsi: bfa: Fix use-after-free in bfad_im_module_exit() Mirsad Todorovac <mtodorovac69(a)gmail.com> fs/proc/kcore.c: fix coccinelle reported ERROR instances Zhang Changzhong <zhangchangzhong(a)huawei.com> mfd: rt5033: Fix missing regmap_del_irq_chip() Tamir Duberstein <tamird(a)gmail.com> checkpatch: always parse orig_commit in fixes tag Dan Carpenter <dan.carpenter(a)linaro.org> checkpatch: check for missing Fixes tags Zhenzhong Duan <zhenzhong.duan(a)intel.com> iommu/vt-d: Fix checks and print in pgtable_walk() Zhenzhong Duan <zhenzhong.duan(a)intel.com> iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes() Yang Yingliang <yangyingliang(a)huawei.com> clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains() Dong Aisheng <aisheng.dong(a)nxp.com> clk: imx: clk-scu: fix clk enable state save and restore Peng Fan <peng.fan(a)nxp.com> clk: imx: fracn-gppll: fix pll power up Peng Fan <peng.fan(a)nxp.com> clk: imx: fracn-gppll: correct PLL initialization flow Peng Fan <peng.fan(a)nxp.com> clk: imx: lpcg-scu: SW workaround for errata (e10858) Yong-Xuan Wang <yongxuan.wang(a)sifive.com> RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation Liu Jian <liujian56(a)huawei.com> RDMA/rxe: Set queue pair cur_qp_state when being queried Biju Das <biju.das.jz(a)bp.renesas.com> clk: renesas: rzg2l: Fix FOUTPOSTDIV clk Andre Przywara <andre.przywara(a)arm.com> clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the qp flush warnings in req wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix cpu stuck caused by printings during reset Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Use dev_* printings in hem code instead of ibdev_* wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore Takahiro Kuwano <Takahiro.Kuwano(a)infineon.com> mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/mm/fault: Fix kfence page fault reporting Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: atmel: Fix possible memory leak Biju Das <biju.das.jz(a)bp.renesas.com> mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mtd: hyperbus: rpc-if: Convert to platform remove callback returning void Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/fadump: Refactor and prepare fadump_cma_init for late init Yuan Can <yuancan(a)huawei.com> cpufreq: loongson2: Unregister platform_driver on failure Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device Marcus Folkesson <marcus.folkesson(a)gmail.com> mfd: da9052-spi: Change read-mask to write-mask Jinjie Ruan <ruanjinjie(a)huawei.com> mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Flag VDSO64 entry points as functions Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: zynqmp: drop excess struct member description Levi Yun <yeoreum.yun(a)arm.com> trace/trace_event_perf: remove duplicate samples on the first tracepoint event Lukas Bulwahn <lukas.bulwahn(a)redhat.com> clk: mediatek: drop two dead config options Jie Zhan <zhanjie9(a)hisilicon.com> cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged André Almeida <andrealmeid(a)igalia.com> unicode: Fix utf8_load() error path Jiayuan Chen <mrpre(a)163.com> bpf: fix recursive lock when verdict program return SK_PASS Hangbin Liu <liuhangbin(a)gmail.com> wireguard: selftests: load nf_conntrack if not present Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in netpoll_poll_lock Gao Xiang <xiang(a)kernel.org> erofs: handle NONHEAD !delta[1] lclusters gracefully Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: fix use-after-free in device_for_each_child() Takashi Iwai <tiwai(a)suse.de> ALSA: 6fire: Release resources at card release Takashi Iwai <tiwai(a)suse.de> ALSA: caiaq: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: us122l: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: usx2y: Use snd_card_free_when_closed() at disconnection Mingwei Zheng <zmw12306(a)gmail.com> net: rfkill: gpio: Add check for clk_enable() Jiri Olsa <jolsa(a)kernel.org> bpf: Force uprobe bpf program to always return 0 Yuan Can <yuancan(a)huawei.com> drm/amdkfd: Fix wrong usage of INIT_WORK() Paolo Abeni <pabeni(a)redhat.com> selftests: net: really check for bg process completion Paolo Abeni <pabeni(a)redhat.com> ipv6: release nexthop on device removal Eric Dumazet <edumazet(a)google.com> net: use unrcu_pointer() helper Eric Dumazet <edumazet(a)google.com> sock_diag: allow concurrent operation in sock_diag_rcv_msg() Eric Dumazet <edumazet(a)google.com> sock_diag: allow concurrent operations Eric Dumazet <edumazet(a)google.com> sock_diag: add module pointer to "struct sock_diag_handler" Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Fix sk_msg_reset_curr Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_pop_data Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_push_data Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix SENDPAGE data logic in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap Maurice Lambert <mauricelambert434(a)gmail.com> netlink: typographical error in nlmsg_type constants definition Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: must hold rcu read lock while iterating object type list Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip transaction if update object is not implemented Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: must hold rcu read lock while iterating expression type list Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Introduce nf_tables_getrule_single() Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() Jonathan Gray <jsg(a)jsg.id.au> drm: use ATOMIC64_INIT() for atomic64_t José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Drop unnecessary call to drm_crtc_cleanup() Leon Hwang <leon.hwang(a)linux.dev> bpf, bpftool: Fix incorrect disasm pc Zichen Xie <zichenxie0106(a)gmail.com> drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() Yuan Can <yuancan(a)huawei.com> wifi: wfx: Fix error handling in wfx_core_init() Sean Anderson <sean.anderson(a)linux.dev> drm: zynqmp_kms: Unplug DRM device before removal Li Huafei <lihuafei1(a)huawei.com> drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: hold GPU lock across perfmon sampling Xiaolei Wang <xiaolei.wang(a)windriver.com> drm/etnaviv: Request pages from DMA32 zone on addressing_limited Lukasz Luba <lukasz.luba(a)arm.com> drm/msm/gpu: Check the status of registration to PM QoS Jinjie Ruan <ruanjinjie(a)huawei.com> drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Remove garbage frame for struct_ops trampoline Steven Price <steven.price(a)arm.com> drm/panfrost: Remove unused id_mask from struct panfrost_model Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: fix test_spin_lock_fail.c's global vars usage Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: drop LM_3 / LM_4 on SDM845 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block Matthias Schiffer <matthias.schiffer(a)tq-group.com> drm: fsl-dcu: enable PIXCLK on LS1021A Alper Nebi Yasak <alpernebiyasak(a)gmail.com> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix msg_verify_data in test_sockmap Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: tc358767: Fix link properties discovery Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: copy addresses for both in and out paths Andrii Nakryiko <andrii(a)kernel.org> libbpf: never interpret subprogs in .text as entry programs Everest K.C <everestkc(a)everestkc.com.np> ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c Andrii Nakryiko <andrii(a)kernel.org> libbpf: fix sym_is_subprog() logic for weak global subprogs Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush Jacob Keller <jacob.e.keller(a)intel.com> ice: consistently use q_idx in ice_vc_cfg_qs_msg() Haiyue Wang <haiyue.wang(a)intel.com> ice: Support FCS/CRC strip disable for VF Paul M Stillwell Jr <paul.m.stillwell.jr(a)intel.com> virtchnl: Add CRC stripping capability Balaji Pothunoori <quic_bpothuno(a)quicinc.com> wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR Yuan Chen <chenyuan(a)kylinos.cn> bpf: Fix the xdp_adjust_tail sample prog issue Tony Ambardar <tony.ambardar(a)gmail.com> libbpf: Fix output .symtab byte-order during linking Tao Chen <chen.dylane(a)gmail.com> libbpf: Fix expected_attach_type set handling in program load callback Pin-yen Lin <treapking(a)chromium.org> drm/bridge: it6505: Drop EDID cache on bridge power off Pin-yen Lin <treapking(a)chromium.org> drm/bridge: anx7625: Drop EDID cache on bridge power off Macpaul Lin <macpaul.lin(a)mediatek.com> ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_micfil: fix regmap_write_bits usage Igor Prusov <ivprusov(a)salutedevices.com> dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Ramya Gnanasekar <quic_rgnanase(a)quicinc.com> wifi: ath12k: Skip Rx TID cleanup for self peer Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 Maíra Canal <mcanal(a)igalia.com> drm/v3d: Address race-condition in MMU flush Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix locking in omap_gem_new_dmabuf() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix possible NULL dereference Jeongjun Park <aha310510(a)gmail.com> wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Correct logic on stopping an HVS channel Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer Dom Cobley <popcornmix(a)gmail.com> drm/vc4: hdmi: Avoid hang with debug registers when suspended Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Don't write gamma luts on 2711 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Yao Zi <ziyao(a)disroot.org> platform/x86: panasonic-laptop: Return errno correctly in show callback Vitaly Kuznetsov <vkuznets(a)redhat.com> HID: hyperv: streamline driver probe to avoid devres issues Chris Morgan <macromorgan(a)hotmail.com> arm64: dts: rockchip: correct analog audio name on Indiedroid Nova Li Huafei <lihuafei1(a)huawei.com> media: atomisp: Add check for rgby_data memory allocation failure Luo Qiu <luoqiu(a)kylinsec.com.cn> firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Protect against array overrun during iMC config parsing Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Fix memory overflow due to unhandled wraparound Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Refactor fill_buf functions Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/resctrl: Split fill_buf to allow tests finer-grained control Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mediatek: mt6358: fix dtbs_check error AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: Add ADC node on MT6357, MT6358, MT6359 PMICs Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: hihope: Drop #sound-dai-cells Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> regmap: irq: Set lockdep class for hierarchical IRQ domains Jinjie Ruan <ruanjinjie(a)huawei.com> spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: Avoid shift-out-of-bounds Zhang Zekun <zhangzekun11(a)huawei.com> pmdomain: ti-sci: Add missing of_node_put() for args.np Usama Arif <usamaarif642(a)gmail.com> of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify Stephen Boyd <sboyd(a)kernel.org> x86/of: Unconditionally call unflatten_and_copy_device_tree() Stephen Boyd <sboyd(a)kernel.org> um: Unconditionally call unflatten_device_tree() Anurag Dutta <a-dutta(a)ti.com> arm64: dts: ti: k3-j721s2: Fix clock IDs for MCSPI instances Anurag Dutta <a-dutta(a)ti.com> arm64: dts: ti: k3-j721e: Fix clock IDs for MCSPI instances Anurag Dutta <a-dutta(a)ti.com> arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances Jared McArthur <j-mcarthur(a)ti.com> arm64: dts: ti: k3-j7200: Fix register map for main domain pmx Thomas Richard <thomas.richard(a)bootlin.com> arm64: dts: ti: k3-j7200: use ti,j7200-padconf compatible Andre Przywara <andre.przywara(a)arm.com> ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Clark Wang <xiaoning.wang(a)nxp.com> pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns Dragan Simic <dsimic(a)manjaro.org> regulator: rk808: Restrict DVS GPIOs to the RK808 variant only Chen Ridong <chenridong(a)huawei.com> cgroup/bpf: only cgroup v2 can be attached by bpf programs Chen Ridong <chenridong(a)huawei.com> Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4 Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 Colin Ian King <colin.i.king(a)gmail.com> media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call Gregory Price <gourry(a)gourry.net> tpm: fix signed/unsigned bug when checking event logs Jonathan Marek <jonathan(a)marek.ca> efi/libstub: fix efi_parse_options() ignoring the default command line Stafford Horne <shorne(a)gmail.com> openrisc: Implement fixmap to fix earlycon Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mmc: mmc_spi: drop buggy snprintf() Andrei Simion <andrei.simion(a)microchip.com> ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Jinjie Ruan <ruanjinjie(a)huawei.com> soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mt8195: Fix dtbs_check error for mutex node Michal Simek <michal.simek(a)amd.com> microblaze: Export xmb_manager functions Gaosheng Cui <cuigaosheng1(a)huawei.com> drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> clocksource/drivers/timer-ti-dm: Fix child node refcount handling Mark Brown <broonie(a)kernel.org> clocksource/drivers:sp804: Make user selectable Marco Elver <elver(a)google.com> kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Marco Elver <elver(a)google.com> kcsan, seqlock: Support seqcount_latch_t Miguel Ojeda <ojeda(a)kernel.org> time: Fix references to _msecs_to_jiffies() handling of values Miguel Ojeda <ojeda(a)kernel.org> time: Partially revert cleanup on msecs_to_jiffies() documentation Zheng Yejian <zhengyejian(a)huaweicloud.com> x86/unwind/orc: Fix unwind for newly forked tasks Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/lib: Fix memory leak on error in thermal_genl_auto() Daniel Lezcano <daniel.lezcano(a)linaro.org> tools/lib/thermal: Make more generic the command encoding function Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcuscale: Do a proper cleanup if kfree_scale_init() fails Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Chen Ridong <chenridong(a)huawei.com> crypto: bcm - add error check in the ahash_hmac_init function Chen Ridong <chenridong(a)huawei.com> crypto: caam - add error check to caam_rsa_set_priv_key_form Lifeng Zheng <zhenglifeng1(a)huawei.com> ACPI: CPPC: Fix _CPC register setting issue Pei Xiao <xiaopei01(a)kylinos.cn> hwmon: (nct6775-core) Fix overflows seen when writing limit attributes Jerome Brunet <jbrunet(a)baylibre.com> hwmon: (pmbus/core) clear faults after setting smbalert mask Patrick Rudolph <patrick.rudolph(a)9elements.com> hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu Baruch Siach <baruch(a)tkos.co.il> doc: rcu: update printed dynticks counter bits Li Huafei <lihuafei1(a)huawei.com> crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() Orange Kao <orange(a)aiven.io> EDAC/igen6: Avoid segmentation fault on module unload Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - disable same error report before resetting Gautham R. Shenoy <gautham.shenoy(a)amd.com> amd-pstate: Set min_perf to nominal_perf for active mode performance gov Everest K.C <everestkc(a)everestkc.com.np> crypto: cavium - Fix the if condition to exit loop after timeout Yi Yang <yiyang13(a)huawei.com> crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Differentiate memory error sources Priyanka Singh <priyanka.singh(a)nxp.com> EDAC/fsl_ddr: Fix bad bit shift operations Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Initialize thermal zones before registering them Ahsan Atta <ahsan.atta(a)intel.com> crypto: qat - remove faulty arbiter config reset David Thompson <davthompson(a)nvidia.com> EDAC/bluefield: Fix potential integer overflow Yuan Can <yuancan(a)huawei.com> firmware: google: Unregister driver_info on failure Dan Carpenter <dan.carpenter(a)linaro.org> crypto: qat/qat_4xxx - fix off by one in uof_get_name() Cabiddu, Giovanni <giovanni.cabiddu(a)intel.com> crypto: qat - remove check after debugfs_create_dir() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: caam - Fix the pointer passed to caam_qi_shutdown() Christoph Hellwig <hch(a)lst.de> virtio_blk: reverse request order in virtio_queue_rqs Christoph Hellwig <hch(a)lst.de> nvme-pci: reverse request order in nvme_queue_rqs Long Li <leo.lilong(a)huawei.com> ext4: fix race in buffer_head read fault injection Matthew Wilcox (Oracle) <willy(a)infradead.org> ext4: remove array of buffer_heads from mext_page_mkuptodate() Matthew Wilcox (Oracle) <willy(a)infradead.org> ext4: pipeline buffer reads in mext_page_mkuptodate() Matthew Wilcox (Oracle) <willy(a)infradead.org> ext4: remove calls to to set/clear the folio error flag Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> hfsplus: don't query the device logical block size multiple times Masahiro Yamada <masahiroy(a)kernel.org> s390/syscalls: Avoid creation of arch/arch/ directory Christoph Hellwig <hch(a)lst.de> block: fix bio_split_rw_at to take zone_write_granularity into account Zizhi Wo <wozizhi(a)huawei.com> netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter() Aleksandr Mishin <amishin(a)t-argos.ru> acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Masahiro Yamada <masahiroy(a)kernel.org> arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Reinstate early console Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: mvme16x: Add and use "mvme16x.h" Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Fix SCSI controller IRQ numbers Christoph Hellwig <hch(a)lst.de> nvme-pci: fix freeing of the HMB descriptor table David Disseldorp <ddiss(a)suse.de> initramfs: avoid filename buffer overrun Jonas Gorski <jonas.gorski(a)gmail.com> mips: asm: fix warning when disabling MIPS_FP_SUPPORT Jan Kara <jack(a)suse.cz> ext4: avoid remount errors with 'abort' mount option Yang Erkun <yangerkun(a)huawei.com> brd: defer automatic disk creation until module initialization succeeds Ard Biesheuvel <ardb(a)kernel.org> x86/pvh: Call C code via the kernel virtual mapping Jason Andryuk <jason.andryuk(a)amd.com> x86/pvh: Set phys_base when calling xen_prepare_pvh() Heiko Carstens <hca(a)linux.ibm.com> s390/pageattr: Implement missing kernel_page_present() Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Do not unregister the subchannel based on DNV Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: mte: fix printf type warnings about longs Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: mte: fix printf type warnings about __u64 Kristina Martsenko <kristina.martsenko(a)arm.com> arm64: probes: Disable kprobes/uprobes on MOPS instructions Andrii Nakryiko <andrii(a)kernel.org> bpf: support non-r10 register spill/fill to/from stack in precision tracking Dmitry Kandybka <d.kandybka(a)gmail.com> mptcp: fix possible integer overflow in mptcp_reset_tout_timer Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Unregister devices in reverse order Keith Busch <kbusch(a)kernel.org> nvme: apple: fix device reference counting Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null-initialized variables Li Zhijian <lizhijian(a)fujitsu.com> fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize denominators' default to 1 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func Ard Biesheuvel <ardb(a)kernel.org> x86/stackprotector: Work around strict Clang TLS symbol requirements Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix invalid FIFO access with special register set Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe copies of clear-key structures on failure Alexander Stein <alexander.stein(a)ew.tq-group.com> i2c: lpi2c: Avoid calling clk_get_rate during transfer Breno Leitao <leitao(a)debian.org> ipmr: Fix access to mfc_cache_list without lock held Harith G <harith.g(a)alifsemi.com> ARM: 9420/1: smp: Fix SMP for xip kernels Eryk Zagorski <erykzagorski(a)gmail.com> ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Define a default value for VM_DATA_DEFAULT_FLAGS John Watts <contact(a)jookia.org> ASoC: audio-graph-card2: Purge absent supplies for device tree nodes David Wang <00107082(a)163.com> proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Hans de Goede <hdegoede(a)redhat.com> drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() Markus Petri <mp(a)mpetri.org> ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 Vishnu Sankar <vishnuocv(a)gmail.com> platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: fix error in J1939 documentation. zhang jiao <zhangjiao2(a)cmss.chinamobile.com> tools/lib/thermal: Remove the thermal.h soft link when doing make clean Shenghao Ding <shenghao-ding(a)ti.com> ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-base: Handle META key Lock/Unlock events Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-smbios-base: Extends support to Alienware products Mikhail Rudenko <mike.rudenko(a)gmail.com> regulator: rk808: Add apply_bit for BUCK3 on RK809 Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Reject clear channel request on A2P Charles Han <hanchunchao(a)inspur.com> soc: qcom: Add check devm_kasprintf() returned value Benoît Monin <benoit.monin(a)gmx.fr> net: usb: qmi_wwan: add Quectel RG650V Jiayuan Chen <mrpre(a)163.com> bpf: fix filed access without lock Arnd Bergmann <arnd(a)arndb.de> x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Piyush Raj Chouhan <piyushchouhan1598(a)gmail.com> ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 Li Zhijian <lizhijian(a)fujitsu.com> selftests/watchdog-test: Fix system accidentally reset after watchdog-test Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: use cleanup facility for 'altmodes_node' Benjamin Große <ste3ls(a)gmail.com> usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver Ben Greear <greearb(a)candelatech.com> mac80211: fix user-power when emulating chanctx Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: Use the sync timepoint API in suspend Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: sst: Support LPE0F28 ACPI HID Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec Hans de Goede <hdegoede(a)redhat.com> ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() Gustavo A. R. Silva <gustavoars(a)kernel.org> wifi: radiotap: Avoid -Wflex-array-member-not-at-end warnings ------------- Diffstat: Documentation/ABI/testing/sysfs-fs-f2fs | 7 +- Documentation/RCU/stallwarn.rst | 2 +- .../devicetree/bindings/clock/adi,axi-clkgen.yaml | 22 +- .../devicetree/bindings/iio/dac/adi,ad3552r.yaml | 2 +- .../devicetree/bindings/serial/rs485.yaml | 19 +- .../devicetree/bindings/sound/mt6359.yaml | 10 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Documentation/filesystems/mount_api.rst | 3 +- Documentation/locking/seqlock.rst | 2 +- Documentation/networking/j1939.rst | 2 +- Makefile | 4 +- arch/arc/kernel/devtree.c | 2 +- .../boot/dts/allwinner/sun9i-a80-cubieboard4.dts | 4 +- arch/arm/boot/dts/microchip/sam9x60.dtsi | 12 ++ arch/arm/boot/dts/ti/omap/omap36xx.dtsi | 1 + arch/arm/kernel/devtree.c | 2 +- arch/arm/kernel/entry-armv.S | 8 + arch/arm/kernel/head.S | 4 + arch/arm/kernel/psci_smp.c | 7 + arch/arm/mm/idmap.c | 7 + arch/arm/mm/ioremap.c | 35 +++- .../boot/dts/allwinner/sun50i-a64-pinephone.dtsi | 3 + arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8mp-verdin.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt6357.dtsi | 5 + arch/arm64/boot/dts/mediatek/mt6358.dtsi | 9 +- arch/arm64/boot/dts/mediatek/mt6359.dtsi | 5 + arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi | 8 + .../dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts | 3 + .../dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts | 2 + .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 3 + .../dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi | 3 + .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 30 +-- .../boot/dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 +- .../boot/dts/mediatek/mt8183-kukui-kodama.dtsi | 4 +- .../boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 4 +- arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 14 +- arch/arm64/boot/dts/renesas/hihope-rev2.dtsi | 3 - arch/arm64/boot/dts/renesas/hihope-rev4.dtsi | 3 - .../boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 2 +- arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 2 +- .../boot/dts/ti/k3-j7200-common-proc-board.dts | 2 +- arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 46 +++-- arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi | 18 +- arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 6 +- arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi | 16 +- arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 6 +- arch/arm64/include/asm/insn.h | 1 + arch/arm64/include/asm/kvm_host.h | 2 - arch/arm64/kernel/probes/decode-insn.c | 7 +- arch/arm64/kernel/process.c | 2 +- arch/arm64/kernel/setup.c | 6 +- arch/arm64/kernel/vmlinux.lds.S | 6 +- arch/arm64/kvm/arch_timer.c | 3 +- arch/arm64/kvm/arm.c | 18 +- arch/arm64/kvm/pmu-emul.c | 1 - arch/arm64/kvm/vgic/vgic-its.c | 32 +-- arch/arm64/kvm/vgic/vgic-mmio-v3.c | 7 +- arch/arm64/kvm/vgic/vgic.h | 23 +++ arch/arm64/net/bpf_jit_comp.c | 47 +++-- arch/csky/kernel/setup.c | 4 +- arch/loongarch/include/asm/page.h | 5 +- arch/loongarch/kernel/setup.c | 2 +- arch/loongarch/net/bpf_jit.c | 2 +- arch/loongarch/vdso/Makefile | 2 +- arch/m68k/coldfire/device.c | 8 +- arch/m68k/include/asm/mcfgpio.h | 2 +- arch/m68k/include/asm/mvme147hw.h | 4 +- arch/m68k/kernel/early_printk.c | 9 +- arch/m68k/mvme147/config.c | 30 +++ arch/m68k/mvme147/mvme147.h | 6 + arch/m68k/mvme16x/config.c | 2 + arch/m68k/mvme16x/mvme16x.h | 6 + arch/microblaze/kernel/microblaze_ksyms.c | 10 + arch/microblaze/kernel/prom.c | 2 +- arch/mips/include/asm/switch_to.h | 2 +- arch/mips/kernel/prom.c | 2 +- arch/mips/kernel/relocate.c | 2 +- arch/nios2/kernel/prom.c | 4 +- arch/openrisc/Kconfig | 3 + arch/openrisc/include/asm/fixmap.h | 21 +- arch/openrisc/kernel/prom.c | 2 +- arch/openrisc/mm/init.c | 37 ++++ arch/parisc/kernel/ftrace.c | 2 +- arch/powerpc/Kconfig | 4 +- arch/powerpc/Makefile | 13 +- arch/powerpc/include/asm/dtl.h | 4 +- arch/powerpc/include/asm/fadump.h | 7 + arch/powerpc/include/asm/sstep.h | 5 - arch/powerpc/include/asm/vdso.h | 1 + arch/powerpc/kernel/dt_cpu_ftrs.c | 2 +- arch/powerpc/kernel/fadump.c | 23 +-- arch/powerpc/kernel/prom.c | 2 +- arch/powerpc/kernel/setup-common.c | 6 +- arch/powerpc/kernel/setup_64.c | 1 + arch/powerpc/kernel/vmlinux.lds.S | 2 - arch/powerpc/kexec/file_load_64.c | 9 +- arch/powerpc/kvm/book3s_hv.c | 10 +- arch/powerpc/kvm/book3s_hv_nested.c | 14 +- arch/powerpc/lib/sstep.c | 12 +- arch/powerpc/mm/fault.c | 10 +- arch/powerpc/platforms/pseries/dtl.c | 8 +- arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/powerpc/platforms/pseries/plpks.c | 2 +- arch/riscv/kernel/setup.c | 2 +- arch/riscv/kvm/aia_aplic.c | 3 +- arch/s390/include/asm/set_memory.h | 1 + arch/s390/kernel/entry.S | 4 + arch/s390/kernel/kprobes.c | 6 + arch/s390/kernel/syscalls/Makefile | 2 +- arch/s390/mm/pageattr.c | 15 ++ arch/sh/kernel/cpu/proc.c | 2 +- arch/sh/kernel/setup.c | 2 +- arch/um/drivers/net_kern.c | 2 +- arch/um/drivers/ubd_kern.c | 2 +- arch/um/drivers/vector_kern.c | 3 +- arch/um/kernel/dtb.c | 14 +- arch/um/kernel/physmem.c | 6 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/sysrq.c | 2 +- arch/x86/Makefile | 3 +- arch/x86/coco/tdx/tdcall.S | 60 +++--- arch/x86/coco/tdx/tdx-shared.c | 8 +- arch/x86/coco/tdx/tdx.c | 145 +++++++++---- arch/x86/crypto/aegis128-aesni-asm.S | 29 +-- arch/x86/entry/entry.S | 15 ++ arch/x86/events/intel/core.c | 34 ++- arch/x86/events/intel/pt.c | 11 +- arch/x86/events/intel/pt.h | 2 + arch/x86/include/asm/amd_nb.h | 5 +- arch/x86/include/asm/asm-prototypes.h | 3 + arch/x86/include/asm/shared/tdx.h | 29 ++- arch/x86/kernel/asm-offsets.c | 12 +- arch/x86/kernel/cpu/common.c | 2 + arch/x86/kernel/devicetree.c | 24 ++- arch/x86/kernel/unwind_orc.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 3 + arch/x86/kvm/mmu/spte.c | 18 +- arch/x86/platform/pvh/head.S | 22 +- arch/x86/virt/vmx/tdx/tdxcall.S | 104 +++++----- arch/xtensa/kernel/setup.c | 2 +- block/bfq-iosched.c | 37 ++-- block/blk-merge.c | 10 +- block/blk-mq.c | 58 ++++-- block/blk-mq.h | 13 ++ crypto/pcrypt.c | 12 +- drivers/acpi/arm64/gtdt.c | 2 +- drivers/acpi/cppc_acpi.c | 1 - drivers/base/firmware_loader/main.c | 5 +- drivers/base/regmap/regmap-irq.c | 4 + drivers/block/brd.c | 66 ++++-- drivers/block/ublk_drv.c | 17 +- drivers/block/virtio_blk.c | 46 ++--- drivers/block/zram/zram_drv.c | 7 + drivers/char/tpm/tpm-chip.c | 4 - drivers/char/tpm/tpm-interface.c | 29 ++- drivers/clk/clk-apple-nco.c | 3 + drivers/clk/clk-axi-clkgen.c | 22 +- drivers/clk/imx/clk-fracn-gppll.c | 10 +- drivers/clk/imx/clk-imx8-acm.c | 4 +- drivers/clk/imx/clk-lpcg-scu.c | 37 +++- drivers/clk/imx/clk-scu.c | 2 +- drivers/clk/mediatek/Kconfig | 15 -- drivers/clk/qcom/gcc-qcs404.c | 1 + drivers/clk/ralink/clk-mtmips.c | 26 ++- drivers/clk/renesas/rzg2l-cpg.c | 11 +- drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 2 +- drivers/clocksource/Kconfig | 3 +- drivers/clocksource/timer-ti-dm-systimer.c | 4 +- drivers/comedi/comedi_fops.c | 12 ++ drivers/counter/stm32-timer-cnt.c | 16 +- drivers/counter/ti-ecap-capture.c | 7 +- drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 63 +++++- drivers/cpufreq/loongson2_cpufreq.c | 4 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +- drivers/crypto/bcm/cipher.c | 5 +- drivers/crypto/caam/caampkc.c | 11 +- drivers/crypto/caam/qi.c | 2 +- drivers/crypto/cavium/cpt/cptpf_main.c | 6 +- drivers/crypto/hisilicon/hpre/hpre_main.c | 35 +++- drivers/crypto/hisilicon/qm.c | 47 ++--- drivers/crypto/hisilicon/sec2/sec_main.c | 35 +++- drivers/crypto/hisilicon/zip/zip_main.c | 35 +++- drivers/crypto/inside-secure/safexcel_hash.c | 2 +- .../crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 +- drivers/crypto/intel/qat/qat_common/adf_dbgfs.c | 13 +- .../crypto/intel/qat/qat_common/adf_hw_arbiter.c | 4 - drivers/dax/pmem/Makefile | 7 - drivers/dax/pmem/pmem.c | 10 - drivers/dma-buf/udmabuf.c | 8 +- drivers/edac/bluefield_edac.c | 2 +- drivers/edac/fsl_ddr_edac.c | 22 +- drivers/edac/i10nm_base.c | 1 + drivers/edac/igen6_edac.c | 2 + drivers/edac/skx_common.c | 57 +++-- drivers/edac/skx_common.h | 8 + drivers/firmware/arm_scmi/common.h | 2 + drivers/firmware/arm_scmi/driver.c | 6 + drivers/firmware/arm_scpi.c | 3 + drivers/firmware/efi/libstub/efi-stub.c | 4 +- drivers/firmware/efi/tpm.c | 17 +- drivers/firmware/google/gsmi.c | 6 +- drivers/gpio/gpio-exar.c | 10 +- drivers/gpio/gpio-zevio.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_kernel_queue.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 5 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 4 + .../amd/display/dc/clk_mgr/dcn30/dcn30_clk_mgr.c | 8 + .../amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 8 + .../gpu/drm/amd/display/dc/core/dc_hw_sequencer.c | 3 + drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 31 ++- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 7 +- .../gpu/drm/amd/display/dc/dcn30/dcn30_resource.c | 3 + .../gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 5 + .../drm/amd/display/dc/dcn314/dcn314_resource.c | 5 + .../drm/amd/display/dc/dcn315/dcn315_resource.c | 2 + .../drm/amd/display/dc/dcn316/dcn316_resource.c | 2 + drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 11 +- .../gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 8 + .../drm/amd/display/dc/dcn321/dcn321_resource.c | 2 + .../display/dc/dml/dcn20/display_rq_dlg_calc_20.c | 2 +- .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 7 +- .../amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 2 + drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 2 + drivers/gpu/drm/bridge/tc358767.c | 7 + drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_mm.c | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 1 - drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 3 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 + drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 28 +-- drivers/gpu/drm/fsl-dcu/Kconfig | 1 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 15 ++ drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 3 + drivers/gpu/drm/imx/dcss/dcss-crtc.c | 6 +- drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c | 6 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 4 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 +- .../drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h | 12 -- .../gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h | 14 +- drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 2 +- drivers/gpu/drm/msm/msm_gpu_devfreq.c | 9 +- drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 1 + drivers/gpu/drm/omapdrm/dss/base.c | 25 +-- drivers/gpu/drm/omapdrm/dss/omapdss.h | 3 +- drivers/gpu/drm/omapdrm/omap_drv.c | 4 +- drivers/gpu/drm/omapdrm/omap_gem.c | 10 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 - drivers/gpu/drm/radeon/atombios_encoders.c | 2 +- drivers/gpu/drm/radeon/cik.c | 14 +- drivers/gpu/drm/radeon/dce6_afmt.c | 2 +- drivers/gpu/drm/radeon/evergreen.c | 12 +- drivers/gpu/drm/radeon/ni.c | 2 +- drivers/gpu/drm/radeon/r100.c | 24 +-- drivers/gpu/drm/radeon/r300.c | 6 +- drivers/gpu/drm/radeon/r420.c | 6 +- drivers/gpu/drm/radeon/r520.c | 2 +- drivers/gpu/drm/radeon/r600.c | 12 +- drivers/gpu/drm/radeon/r600_cs.c | 2 +- drivers/gpu/drm/radeon/r600_dpm.c | 4 +- drivers/gpu/drm/radeon/r600_hdmi.c | 2 +- drivers/gpu/drm/radeon/radeon.h | 5 + drivers/gpu/drm/radeon/radeon_acpi.c | 10 +- drivers/gpu/drm/radeon/radeon_agp.c | 2 +- drivers/gpu/drm/radeon/radeon_atombios.c | 2 +- drivers/gpu/drm/radeon/radeon_audio.c | 14 +- drivers/gpu/drm/radeon/radeon_combios.c | 12 +- drivers/gpu/drm/radeon/radeon_device.c | 10 +- drivers/gpu/drm/radeon/radeon_display.c | 74 +++---- drivers/gpu/drm/radeon/radeon_fbdev.c | 26 +-- drivers/gpu/drm/radeon/radeon_fence.c | 8 +- drivers/gpu/drm/radeon/radeon_gem.c | 2 +- drivers/gpu/drm/radeon/radeon_i2c.c | 2 +- drivers/gpu/drm/radeon/radeon_ib.c | 2 +- drivers/gpu/drm/radeon/radeon_irq_kms.c | 12 +- drivers/gpu/drm/radeon/radeon_object.c | 2 +- drivers/gpu/drm/radeon/radeon_pm.c | 20 +- drivers/gpu/drm/radeon/radeon_ring.c | 2 +- drivers/gpu/drm/radeon/radeon_ttm.c | 6 +- drivers/gpu/drm/radeon/rs400.c | 6 +- drivers/gpu/drm/radeon/rs600.c | 14 +- drivers/gpu/drm/radeon/rs690.c | 2 +- drivers/gpu/drm/radeon/rv515.c | 4 +- drivers/gpu/drm/radeon/rv770.c | 2 +- drivers/gpu/drm/radeon/si.c | 4 +- drivers/gpu/drm/sti/sti_cursor.c | 3 + drivers/gpu/drm/sti/sti_gdp.c | 3 + drivers/gpu/drm/sti/sti_hqvdp.c | 3 + drivers/gpu/drm/v3d/v3d_mmu.c | 29 +-- drivers/gpu/drm/vc4/vc4_drv.h | 1 + drivers/gpu/drm/vc4/vc4_hdmi.c | 4 + drivers/gpu/drm/vc4/vc4_hvs.c | 23 ++- drivers/gpu/drm/vkms/vkms_output.c | 5 +- drivers/gpu/drm/xlnx/zynqmp_kms.c | 6 +- drivers/hid/hid-hyperv.c | 58 ++++-- drivers/hid/wacom_wac.c | 4 +- drivers/hwmon/nct6775-core.c | 7 +- drivers/hwmon/pmbus/pmbus_core.c | 12 +- drivers/hwmon/tps23861.c | 2 +- drivers/i2c/busses/i2c-imx-lpi2c.c | 10 +- drivers/i3c/master.c | 2 +- drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/accel/kionix-kx022a.c | 2 +- drivers/iio/adc/ad7780.c | 2 +- drivers/iio/adc/ad7923.c | 4 +- drivers/iio/industrialio-gts-helper.c | 4 +- drivers/iio/inkern.c | 2 +- drivers/iio/light/al3010.c | 11 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/infiniband/hw/hns/hns_roce_cq.c | 4 +- drivers/infiniband/hw/hns/hns_roce_device.h | 1 + drivers/infiniband/hw/hns/hns_roce_hem.c | 48 ++--- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 150 ++++++++------ drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 6 + drivers/infiniband/hw/hns/hns_roce_mr.c | 11 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 56 +++-- drivers/infiniband/hw/hns/hns_roce_srq.c | 4 +- drivers/infiniband/hw/mlx5/main.c | 193 +++++++++++------ drivers/infiniband/hw/mlx5/mlx5_ib.h | 6 +- drivers/infiniband/hw/mlx5/qp.c | 4 + drivers/infiniband/hw/mlx5/srq.c | 4 + drivers/infiniband/sw/rxe/rxe_qp.c | 1 + drivers/infiniband/sw/rxe/rxe_req.c | 6 +- drivers/iommu/intel/iommu.c | 40 ++-- drivers/iommu/io-pgtable-arm.c | 18 +- drivers/leds/flash/leds-mt6360.c | 3 +- drivers/leds/leds-lp55xx-common.c | 3 - drivers/mailbox/arm_mhuv2.c | 8 +- drivers/mailbox/mtk-cmdq-mailbox.c | 12 +- drivers/md/bcache/closure.c | 10 +- drivers/md/dm-bufio.c | 12 +- drivers/md/dm-cache-background-tracker.c | 25 +-- drivers/md/dm-cache-background-tracker.h | 8 + drivers/md/dm-cache-target.c | 25 ++- drivers/md/dm-thin.c | 1 + drivers/md/md-bitmap.c | 1 + drivers/md/persistent-data/dm-space-map-common.c | 2 +- drivers/media/dvb-frontends/ts2020.c | 8 +- drivers/media/i2c/adv7604.c | 5 +- drivers/media/i2c/adv7842.c | 13 +- drivers/media/i2c/ds90ub960.c | 2 +- drivers/media/i2c/dw9768.c | 10 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/platform/allegro-dvt/allegro-core.c | 4 +- drivers/media/platform/amphion/vpu_drv.c | 2 +- drivers/media/platform/amphion/vpu_v4l2.c | 2 +- .../media/platform/mediatek/jpeg/mtk_jpeg_core.c | 10 + .../media/platform/mediatek/jpeg/mtk_jpeg_dec_hw.c | 11 - drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 4 +- drivers/media/platform/qcom/venus/core.c | 2 +- .../media/platform/samsung/exynos4-is/media-dev.h | 5 +- .../verisilicon/rockchip_vpu981_hw_av1_dec.c | 3 +- drivers/media/radio/wl128x/fmdrv_common.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 +- drivers/media/usb/gspca/ov534.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 102 ++++++--- drivers/media/v4l2-core/v4l2-dv-timings.c | 132 ++++++------ drivers/message/fusion/mptsas.c | 4 +- drivers/mfd/da9052-spi.c | 2 +- drivers/mfd/intel_soc_pmic_bxtwc.c | 138 ++++++++----- drivers/mfd/rt5033.c | 4 +- drivers/mfd/tps65010.c | 8 +- drivers/misc/apds990x.c | 12 +- drivers/misc/lkdtm/bugs.c | 4 +- drivers/mmc/host/mmc_spi.c | 9 +- drivers/mtd/hyperbus/rpc-if.c | 13 +- drivers/mtd/nand/raw/atmel/pmecc.c | 8 +- drivers/mtd/nand/raw/atmel/pmecc.h | 2 - drivers/mtd/spi-nor/core.c | 2 +- drivers/mtd/spi-nor/spansion.c | 1 + drivers/mtd/ubi/attach.c | 12 +- drivers/mtd/ubi/fastmap-wl.c | 19 +- drivers/mtd/ubi/wl.c | 11 +- drivers/mtd/ubi/wl.h | 3 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 20 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 3 +- drivers/net/ethernet/broadcom/tg3.c | 3 + drivers/net/ethernet/intel/ice/ice_virtchnl.c | 28 ++- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 97 ++++++++- drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 6 + .../ethernet/marvell/octeontx2/af/lmac_common.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 1 + drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 104 ++++++++-- drivers/net/ethernet/marvell/octeontx2/af/rpm.h | 21 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 1 + drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 1 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 74 ++++++- drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 5 + .../ethernet/marvell/octeontx2/nic/otx2_common.c | 4 + .../ethernet/marvell/octeontx2/nic/otx2_common.h | 1 + .../ethernet/marvell/octeontx2/nic/otx2_dcbnl.c | 5 + .../ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c | 9 + .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 + .../ethernet/marvell/octeontx2/nic/otx2_flows.c | 10 + .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 20 ++ drivers/net/ethernet/marvell/pxa168_eth.c | 14 +- .../net/ethernet/microchip/vcap/vcap_api_kunit.c | 17 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 + drivers/net/mdio/mdio-ipq4019.c | 5 +- drivers/net/netdevsim/ipsec.c | 11 +- drivers/net/usb/lan78xx.c | 42 ++-- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/r8152.c | 1 + drivers/net/wireless/ath/ath10k/mac.c | 4 +- drivers/net/wireless/ath/ath11k/qmi.c | 3 + drivers/net/wireless/ath/ath12k/dp.c | 5 +- drivers/net/wireless/ath/ath12k/mac.c | 5 +- drivers/net/wireless/ath/ath9k/htc_hst.c | 3 + drivers/net/wireless/ath/wil6210/txrx.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 3 +- drivers/net/wireless/intel/ipw2x00/ipw2100.c | 2 +- drivers/net/wireless/intel/ipw2x00/ipw2200.h | 2 +- drivers/net/wireless/intel/iwlwifi/fw/init.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 + drivers/net/wireless/intersil/p54/p54spi.c | 4 +- drivers/net/wireless/marvell/libertas/radiotap.h | 4 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/main.c | 4 +- drivers/net/wireless/microchip/wilc1000/mon.c | 4 +- drivers/net/wireless/realtek/rtlwifi/efuse.c | 11 +- drivers/net/wireless/silabs/wfx/main.c | 17 +- drivers/net/wireless/virtual/mac80211_hwsim.c | 4 +- drivers/nvme/host/apple.c | 27 ++- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/ioctl.c | 8 +- drivers/nvme/host/multipath.c | 134 ++++++++++-- drivers/nvme/host/nvme.h | 4 + drivers/nvme/host/pci.c | 55 +++-- drivers/of/fdt.c | 14 +- drivers/of/kexec.c | 2 +- drivers/of/unittest.c | 4 - drivers/pci/controller/cadence/pci-j721e.c | 123 +++++++++-- drivers/pci/controller/cadence/pcie-cadence-host.c | 44 ++-- drivers/pci/controller/cadence/pcie-cadence.h | 12 ++ drivers/pci/controller/dwc/pci-keystone.c | 12 ++ drivers/pci/controller/pcie-rockchip-ep.c | 16 +- drivers/pci/controller/pcie-rockchip.h | 4 + drivers/pci/endpoint/functions/pci-epf-mhi.c | 6 + drivers/pci/endpoint/pci-epc-core.c | 6 +- drivers/pci/hotplug/cpqphp_pci.c | 19 +- drivers/pci/of_property.c | 2 +- drivers/pci/pci.c | 5 +- drivers/pci/pci.h | 3 + drivers/pci/slot.c | 4 +- drivers/perf/arm-cmn.c | 4 +- drivers/perf/arm_smmuv3_pmu.c | 19 +- drivers/pinctrl/pinctrl-k210.c | 2 +- drivers/pinctrl/pinctrl-zynqmp.c | 1 - drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 +- drivers/platform/chrome/cros_ec_typec.c | 1 + drivers/platform/x86/dell/dell-smbios-base.c | 1 + drivers/platform/x86/dell/dell-wmi-base.c | 6 + drivers/platform/x86/intel/bxtwc_tmu.c | 22 +- drivers/platform/x86/panasonic-laptop.c | 10 +- drivers/platform/x86/thinkpad_acpi.c | 28 ++- drivers/platform/x86/x86-android-tablets/core.c | 6 +- drivers/pmdomain/ti/ti_sci_pm_domains.c | 4 + drivers/power/supply/bq27xxx_battery.c | 37 +++- drivers/power/supply/power_supply_core.c | 2 - drivers/power/supply/rt9471.c | 52 +++-- drivers/pwm/pwm-imx27.c | 98 ++++++++- drivers/regulator/rk808-regulator.c | 17 +- drivers/remoteproc/qcom_q6v5_mss.c | 6 +- drivers/remoteproc/qcom_q6v5_pas.c | 2 + drivers/rpmsg/qcom_glink_native.c | 3 +- drivers/rtc/interface.c | 7 +- drivers/rtc/rtc-ab-eoz9.c | 7 - drivers/rtc/rtc-abx80x.c | 2 +- drivers/rtc/rtc-rzn1.c | 8 +- drivers/rtc/rtc-st-lpc.c | 5 +- drivers/s390/cio/cio.c | 6 +- drivers/s390/cio/device.c | 18 +- drivers/s390/crypto/pkey_api.c | 16 +- drivers/scsi/bfa/bfad.c | 3 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 8 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 11 + drivers/scsi/qedf/qedf_main.c | 1 + drivers/scsi/qedi/qedi_main.c | 1 + drivers/scsi/sg.c | 9 +- drivers/sh/intc/core.c | 2 +- drivers/soc/fsl/rcpm.c | 1 + drivers/soc/qcom/qcom-geni-se.c | 3 +- drivers/soc/qcom/socinfo.c | 8 +- drivers/soc/ti/smartreflex.c | 4 +- drivers/soc/xilinx/xlnx_event_manager.c | 4 +- drivers/spi/atmel-quadspi.c | 2 +- drivers/spi/spi-fsl-lpspi.c | 12 +- drivers/spi/spi-tegra210-quad.c | 2 +- drivers/spi/spi-zynqmp-gqspi.c | 2 + drivers/spi/spi.c | 13 +- drivers/staging/media/atomisp/pci/sh_css_params.c | 2 + .../intel/int340x_thermal/int3400_thermal.c | 2 +- drivers/thermal/thermal_core.c | 2 +- drivers/tty/serial/8250/8250_fintek.c | 14 +- drivers/tty/serial/8250/8250_omap.c | 4 +- drivers/tty/serial/sc16is7xx.c | 4 + drivers/tty/tty_io.c | 2 +- drivers/ufs/host/ufs-exynos.c | 16 +- drivers/usb/dwc3/gadget.c | 15 +- drivers/usb/gadget/composite.c | 18 +- drivers/usb/host/ehci-spear.c | 7 +- drivers/usb/host/xhci-ring.c | 18 +- drivers/usb/misc/chaoskey.c | 35 +++- drivers/usb/misc/iowarrior.c | 50 +++-- drivers/usb/misc/yurex.c | 5 +- drivers/usb/musb/musb_gadget.c | 13 +- drivers/usb/typec/class.c | 6 +- drivers/usb/typec/tcpm/wcove.c | 4 - drivers/vdpa/mlx5/core/mr.c | 4 +- drivers/vfio/pci/vfio_pci_config.c | 16 +- drivers/video/fbdev/sh7760fb.c | 3 +- drivers/xen/xenbus/xenbus_probe.c | 8 +- fs/btrfs/ctree.c | 57 ++++- fs/btrfs/extent-tree.c | 25 ++- fs/btrfs/extent-tree.h | 8 +- fs/btrfs/free-space-tree.c | 10 +- fs/btrfs/ioctl.c | 6 +- fs/btrfs/qgroup.c | 6 +- fs/btrfs/ref-verify.c | 1 + fs/cachefiles/ondemand.c | 4 +- fs/ceph/super.c | 10 +- fs/erofs/zmap.c | 17 +- fs/exfat/namei.c | 1 + fs/ext4/balloc.c | 4 +- fs/ext4/ext4.h | 12 +- fs/ext4/extents.c | 2 +- fs/ext4/fsmap.c | 54 ++++- fs/ext4/ialloc.c | 5 +- fs/ext4/indirect.c | 2 +- fs/ext4/inode.c | 4 +- fs/ext4/mballoc.c | 18 +- fs/ext4/mballoc.h | 1 + fs/ext4/mmp.c | 2 +- fs/ext4/move_extent.c | 47 +++-- fs/ext4/page-io.c | 3 - fs/ext4/readpage.c | 1 - fs/ext4/resize.c | 2 +- fs/ext4/super.c | 42 ++-- fs/f2fs/checkpoint.c | 2 +- fs/f2fs/data.c | 26 +-- fs/f2fs/f2fs.h | 3 +- fs/f2fs/file.c | 17 +- fs/f2fs/gc.c | 2 + fs/f2fs/node.c | 10 + fs/f2fs/segment.c | 5 +- fs/f2fs/segment.h | 35 +++- fs/f2fs/super.c | 13 +- fs/fscache/volume.c | 3 +- fs/gfs2/glock.c | 82 ++++---- fs/gfs2/glock.h | 3 +- fs/gfs2/incore.h | 2 +- fs/gfs2/log.c | 2 +- fs/gfs2/rgrp.c | 2 +- fs/gfs2/super.c | 6 +- fs/gfs2/util.c | 2 +- fs/hfsplus/hfsplus_fs.h | 3 +- fs/hfsplus/wrapper.c | 2 + fs/inode.c | 10 +- fs/jffs2/erase.c | 7 +- fs/jfs/xattr.c | 2 +- fs/nfs/internal.h | 2 +- fs/nfs/nfs4proc.c | 8 +- fs/nfsd/export.c | 36 +++- fs/nfsd/export.h | 4 +- fs/nfsd/nfs4callback.c | 16 +- fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4recover.c | 3 +- fs/nfsd/nfs4state.c | 19 ++ fs/notify/fsnotify.c | 23 ++- fs/ocfs2/aops.h | 2 + fs/ocfs2/file.c | 4 + fs/overlayfs/inode.c | 7 +- fs/overlayfs/util.c | 3 + fs/proc/array.c | 57 ++--- fs/proc/kcore.c | 11 +- fs/proc/softirqs.c | 2 +- fs/quota/dquot.c | 2 + fs/smb/client/cached_dir.c | 229 ++++++++++++++------- fs/smb/client/cached_dir.h | 6 +- fs/smb/client/cifsfs.c | 12 +- fs/smb/client/cifsglob.h | 4 +- fs/smb/client/cifsproto.h | 1 + fs/smb/client/connect.c | 59 +++++- fs/smb/client/fs_context.c | 85 +++++++- fs/smb/client/fs_context.h | 1 + fs/smb/client/inode.c | 4 +- fs/smb/client/reparse.c | 95 +++++++-- fs/smb/client/reparse.h | 6 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2file.c | 21 +- fs/smb/client/smb2inode.c | 6 +- fs/smb/client/smb2ops.c | 2 +- fs/smb/client/smb2pdu.c | 4 +- fs/smb/client/smb2proto.h | 9 +- fs/smb/client/trace.h | 3 + fs/smb/server/server.c | 4 + fs/ubifs/super.c | 6 +- fs/ubifs/tnc_commit.c | 2 + fs/unicode/utf8-core.c | 2 +- fs/xfs/libxfs/xfs_sb.c | 7 - fs/xfs/xfs_log_recover.c | 5 +- include/asm-generic/vmlinux.lds.h | 22 +- include/linux/avf/virtchnl.h | 11 +- include/linux/blkdev.h | 2 +- include/linux/bpf_verifier.h | 33 ++- include/linux/compiler_attributes.h | 13 -- include/linux/compiler_types.h | 19 ++ include/linux/hisi_acc_qm.h | 8 +- include/linux/init.h | 14 +- include/linux/jiffies.h | 2 +- include/linux/lockdep.h | 2 +- include/linux/mmdebug.h | 6 +- include/linux/netpoll.h | 2 +- include/linux/of_fdt.h | 5 +- include/linux/once.h | 4 +- include/linux/once_lite.h | 2 +- include/linux/rcupdate.h | 2 +- include/linux/seqlock.h | 98 ++++++--- include/linux/sock_diag.h | 10 +- include/linux/util_macros.h | 56 +++-- include/media/v4l2-dv-timings.h | 18 +- include/net/ieee80211_radiotap.h | 37 ++-- include/net/net_debug.h | 2 +- include/net/sock.h | 2 +- include/uapi/linux/rtnetlink.h | 2 +- init/Kconfig | 9 + init/initramfs.c | 15 ++ ipc/namespace.c | 4 +- kernel/bpf/verifier.c | 175 +++++++++------- kernel/cgroup/cgroup.c | 21 +- kernel/rcu/rcuscale.c | 6 +- kernel/rcu/tree.c | 14 +- kernel/signal.c | 9 +- kernel/time/time.c | 4 +- kernel/trace/bpf_trace.c | 5 +- kernel/trace/ftrace.c | 3 + kernel/trace/trace_event_perf.c | 6 + lib/maple_tree.c | 13 +- lib/string_helpers.c | 2 +- mm/internal.h | 2 +- mm/slab.h | 5 + mm/slub.c | 9 +- mm/vmstat.c | 1 + net/9p/trans_xen.c | 9 +- net/bluetooth/hci_sysfs.c | 15 +- net/bluetooth/mgmt.c | 38 +++- net/bluetooth/rfcomm/sock.c | 10 +- net/core/filter.c | 88 ++++---- net/core/gen_estimator.c | 2 +- net/core/skmsg.c | 4 +- net/core/sock_diag.c | 114 +++++----- net/hsr/hsr_device.c | 4 +- net/ipv4/cipso_ipv4.c | 2 +- net/ipv4/inet_connection_sock.c | 2 +- net/ipv4/inet_diag.c | 11 +- net/ipv4/ipmr.c | 44 ++-- net/ipv4/ipmr_base.c | 3 +- net/ipv4/tcp.c | 2 +- net/ipv4/tcp_bpf.c | 7 +- net/ipv4/tcp_fastopen.c | 7 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 41 ++-- net/ipv6/af_inet6.c | 2 +- net/ipv6/ip6_fib.c | 2 +- net/ipv6/ip6mr.c | 40 ++-- net/ipv6/ipv6_sockglue.c | 3 +- net/ipv6/route.c | 10 +- net/iucv/af_iucv.c | 26 ++- net/llc/af_llc.c | 2 +- net/mac80211/main.c | 2 + net/mptcp/protocol.c | 4 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 7 +- net/netfilter/nf_tables_api.c | 161 +++++++++------ net/netlink/diag.c | 1 + net/packet/diag.c | 1 + net/rfkill/rfkill-gpio.c | 8 +- net/rxrpc/af_rxrpc.c | 7 +- net/sched/act_api.c | 2 +- net/smc/smc_diag.c | 1 + net/sunrpc/cache.c | 4 +- net/sunrpc/svcsock.c | 4 + net/sunrpc/xprtrdma/svc_rdma.c | 19 +- net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +- net/sunrpc/xprtsock.c | 17 +- net/tipc/diag.c | 1 + net/unix/diag.c | 1 + net/vmw_vsock/diag.c | 1 + net/xdp/xsk_diag.c | 1 + rust/macros/lib.rs | 2 +- samples/bpf/xdp_adjust_tail_kern.c | 1 + scripts/checkpatch.pl | 61 ++++-- scripts/mod/file2alias.c | 5 +- scripts/mod/modpost.c | 45 +--- security/apparmor/capability.c | 2 + security/apparmor/policy_unpack_test.c | 6 + sound/core/pcm_native.c | 6 +- sound/core/ump.c | 5 +- sound/hda/intel-dsp-config.c | 4 + sound/pci/hda/patch_realtek.c | 155 +++++++------- sound/soc/amd/yc/acp6x-mach.c | 32 ++- sound/soc/codecs/da7219.c | 9 +- sound/soc/codecs/rt5640.c | 27 +-- sound/soc/codecs/rt722-sdca.c | 8 +- sound/soc/codecs/tas2781-fmwlib.c | 1 + sound/soc/fsl/fsl_micfil.c | 4 +- sound/soc/generic/audio-graph-card2.c | 3 + sound/soc/intel/atom/sst/sst_acpi.c | 64 +++++- sound/soc/intel/boards/bytcr_rt5640.c | 48 ++++- sound/soc/stm/stm32_sai_sub.c | 6 +- sound/usb/6fire/chip.c | 10 +- sound/usb/caiaq/audio.c | 10 +- sound/usb/caiaq/audio.h | 1 + sound/usb/caiaq/device.c | 19 +- sound/usb/caiaq/input.c | 12 +- sound/usb/caiaq/input.h | 1 + sound/usb/clock.c | 24 ++- sound/usb/quirks-table.h | 14 +- sound/usb/quirks.c | 27 ++- sound/usb/usx2y/us122l.c | 5 +- sound/usb/usx2y/usbusx2y.c | 2 +- tools/bpf/bpftool/jit_disasm.c | 40 +++- tools/include/nolibc/arch-s390.h | 1 + tools/lib/bpf/libbpf.c | 16 +- tools/lib/bpf/linker.c | 2 + tools/lib/thermal/Makefile | 4 +- tools/lib/thermal/commands.c | 52 +++-- tools/perf/builtin-ftrace.c | 2 +- tools/perf/builtin-list.c | 4 +- tools/perf/builtin-stat.c | 52 +++-- tools/perf/builtin-trace.c | 23 ++- tools/perf/tests/attr/test-stat-default | 94 ++++++--- tools/perf/tests/attr/test-stat-detailed-1 | 110 +++++++--- tools/perf/tests/attr/test-stat-detailed-2 | 134 ++++++++---- tools/perf/tests/attr/test-stat-detailed-3 | 142 ++++++++----- tools/perf/util/cs-etm.c | 25 ++- tools/perf/util/evlist.c | 19 +- tools/perf/util/evlist.h | 1 + tools/perf/util/pfm.c | 4 +- tools/perf/util/pmus.c | 2 +- tools/perf/util/probe-finder.c | 21 +- tools/perf/util/probe-finder.h | 4 +- .../selftests/arm64/mte/check_tags_inclusion.c | 4 +- .../testing/selftests/arm64/mte/mte_common_util.c | 4 +- .../selftests/bpf/progs/test_spin_lock_fail.c | 4 +- .../bpf/progs/verifier_subprog_precision.c | 23 ++- tools/testing/selftests/bpf/test_sockmap.c | 165 ++++++++++++--- tools/testing/selftests/bpf/verifier/precise.c | 38 ++-- .../selftests/mount_setattr/mount_setattr_test.c | 2 +- tools/testing/selftests/net/pmtu.sh | 2 +- tools/testing/selftests/resctrl/fill_buf.c | 74 +++---- tools/testing/selftests/resctrl/resctrl.h | 2 +- tools/testing/selftests/resctrl/resctrl_val.c | 3 +- tools/testing/selftests/vDSO/parse_vdso.c | 3 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + tools/testing/selftests/wireguard/netns.sh | 1 + 767 files changed, 7277 insertions(+), 3528 deletions(-)

3 months, 2 weeks

13
690
0 0

[PATCH 6.1.y] drm/amd/display: fixed integer types and null check locations

by jianqi.ren.cn＠windriver.com

From: Sohaib Nadeem <sohaib.nadeem(a)amd.com> [ Upstream commit 0484e05d048b66d01d1f3c1d2306010bb57d8738 ] [why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null check Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Josip Pavic <josip.pavic(a)amd.com> Acked-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [ To fix CVE-2024-26767, delete changes made in drivers/gpu/drm/amd/display/dc/link/link_validation.c for this file is deleted in linux-6.1 ] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test. --- .../gpu/drm/amd/display/dc/bios/bios_parser2.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c index 4d2590964a20..75e44d8a7b40 100644 --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c @@ -1862,19 +1862,21 @@ static enum bp_result get_firmware_info_v3_2( /* Vega12 */ smu_info_v3_2 = GET_IMAGE(struct atom_smu_info_v3_2, DATA_TABLES(smu_info)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_2->gpuclk_ss_percentage); if (!smu_info_v3_2) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_2->gpuclk_ss_percentage); + info->default_engine_clk = smu_info_v3_2->bootup_dcefclk_10khz * 10; } else if (revision.minor == 3) { /* Vega20 */ smu_info_v3_3 = GET_IMAGE(struct atom_smu_info_v3_3, DATA_TABLES(smu_info)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_3->gpuclk_ss_percentage); if (!smu_info_v3_3) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", smu_info_v3_3->gpuclk_ss_percentage); + info->default_engine_clk = smu_info_v3_3->bootup_dcefclk_10khz * 10; } @@ -2439,10 +2441,11 @@ static enum bp_result get_integrated_info_v11( info_v11 = GET_IMAGE(struct atom_integrated_system_info_v1_11, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v11->gpuclk_ss_percentage); if (info_v11 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v11->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v11->gpucapinfo); /* @@ -2654,11 +2657,12 @@ static enum bp_result get_integrated_info_v2_1( info_v2_1 = GET_IMAGE(struct atom_integrated_system_info_v2_1, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_1->gpuclk_ss_percentage); if (info_v2_1 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_1->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v2_1->gpucapinfo); /* @@ -2816,11 +2820,11 @@ static enum bp_result get_integrated_info_v2_2( info_v2_2 = GET_IMAGE(struct atom_integrated_system_info_v2_2, DATA_TABLES(integratedsysteminfo)); - DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_2->gpuclk_ss_percentage); - if (info_v2_2 == NULL) return BP_RESULT_BADBIOSTABLE; + DC_LOG_BIOS("gpuclk_ss_percentage (unit of 0.001 percent): %d\n", info_v2_2->gpuclk_ss_percentage); + info->gpu_cap_info = le32_to_cpu(info_v2_2->gpucapinfo); /* -- 2.25.1

3 months, 2 weeks

3
2
0 0

[PATCH 6.6 0/4] rtla/timerlat: Fix "Set OSNOISE_WORKLOAD for kernel threads"

by Tomas Glozar

Two rtla commits that fix a bug in setting OSNOISE_WORKLOAD (see the patches for details) were improperly backported to 6.6-stable, referencing non-existent field params->kernel_workload. Revert the broken backports and backport this properly, using !params->user_hist and !params->user_top instead of the non-existent params->user_workload. The patchset was tested to build and fix the bug. Tomas Glozar (4): Revert "rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads" Revert "rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads" rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads tools/tracing/rtla/src/timerlat_hist.c | 2 +- tools/tracing/rtla/src/timerlat_top.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- 2.48.1

3 months, 2 weeks

5
11
0 0

[PATCH] ext4: Fix potential NULL pointer dereferences in test_mb_mark_used() and test_mb_free_blocks()

by Qasim Ijaz

test_mb_mark_used() and test_mb_free_blocks() call kunit_kzalloc() to allocate memory, however both fail to ensure that the allocations succeeded. If kunit_kzalloc() returns NULL, then dereferencing the corresponding pointer without checking for NULL will lead to a NULL pointer dereference. To fix this call KUNIT_ASSERT_NOT_ERR_OR_NULL() to ensure the allocation succeeded. Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> Fixes: ac96b56a2fbd ("ext4: Add unit test for mb_mark_used") Fixes: b7098e1fa7bc ("ext4: Add unit test for mb_free_blocks") Cc: stable(a)vger.kernel.org --- fs/ext4/mballoc-test.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ext4/mballoc-test.c b/fs/ext4/mballoc-test.c index bb2a223b207c..d634c12f1984 100644 --- a/fs/ext4/mballoc-test.c +++ b/fs/ext4/mballoc-test.c @@ -796,6 +796,7 @@ static void test_mb_mark_used(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buddy); grp = kunit_kzalloc(test, offsetof(struct ext4_group_info, bb_counters[MB_NUM_ORDERS(sb)]), GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, grp); ret = ext4_mb_load_buddy(sb, TEST_GOAL_GROUP, &e4b); KUNIT_ASSERT_EQ(test, ret, 0); @@ -860,6 +861,7 @@ static void test_mb_free_blocks(struct kunit *test) KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buddy); grp = kunit_kzalloc(test, offsetof(struct ext4_group_info, bb_counters[MB_NUM_ORDERS(sb)]), GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, grp); ret = ext4_mb_load_buddy(sb, TEST_GOAL_GROUP, &e4b); KUNIT_ASSERT_EQ(test, ret, 0); -- 2.39.5

3 months, 2 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror