- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.288 release. There are 24 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Dec 2024 17:05:03 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.288-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.288-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix a DMA to stack memory bug Juergen Gross <jgross(a)suse.com> xen/netfront: fix crash when removing device Nikolay Kuratov <kniv(a)yandex-team.ru> tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() Raghavendra Rao Ananta <rananta(a)google.com> KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status Nathan Chancellor <nathan(a)kernel.org> blk-iocost: Avoid using clamp() on inuse in __propagate_weights() Tejun Heo <tj(a)kernel.org> blk-iocost: fix weight updates of inner active iocgs Tejun Heo <tj(a)kernel.org> blk-iocost: clamp inuse and skip noops in __propagate_weights() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired Martin Ottens <martin.ottens(a)fau.de> net/sched: netem: account for backlog updates from child qdisc Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Make driver probing reliable Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix clock speed for multiple QCA7000 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> ACPI: resource: Fix memory resource type union access Eric Dumazet <edumazet(a)google.com> net: lapb: increase LAPB_HEADER_LEN Eric Dumazet <edumazet(a)google.com> tipc: fix NULL deref in cleanup_bearer() Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not let TT changes list grows indefinitely Remi Pommarel <repk(a)triplefau.lt> batman-adv: Remove uninitialized data in full table TT response Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not send uninitialized TT changes Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix update element with same Darrick J. Wong <djwong(a)kernel.org> xfs: don't drop errno values when we fail to ficlone the entire range Lianqin Hu <hulianqin(a)vivo.com> usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-hcd: fix call balance of clocks handling routines Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> usb: host: max3421-hcd: Correctly abort a USB request. ------------- Diffstat: Makefile | 4 +-- block/blk-iocost.c | 24 ++++++++++++-- drivers/acpi/acpica/evxfregn.c | 2 -- drivers/acpi/resource.c | 6 ++-- drivers/ata/sata_highbank.c | 1 + drivers/net/ethernet/qualcomm/qca_spi.c | 26 +++++++-------- drivers/net/ethernet/qualcomm/qca_spi.h | 1 - drivers/net/xen-netfront.c | 5 ++- drivers/usb/dwc2/hcd.c | 16 ++++----- drivers/usb/gadget/function/u_serial.c | 9 +++-- drivers/usb/host/ehci-sh.c | 9 +++-- drivers/usb/host/max3421-hcd.c | 16 ++++++--- fs/xfs/xfs_file.c | 8 +++++ include/net/lapb.h | 2 +- kernel/trace/trace_kprobe.c | 2 +- net/batman-adv/translation-table.c | 58 +++++++++++++++++++++++---------- net/core/sock_map.c | 1 + net/sched/sch_netem.c | 22 +++++++++---- net/tipc/udp_media.c | 7 +++- sound/usb/quirks.c | 31 ++++++++++++------ virt/kvm/arm/pmu.c | 1 - 21 files changed, 167 insertions(+), 84 deletions(-)

6 months

7
30
0 0

[PATCH] spi: atmel-qspi: Memory barriers after memory-mapped I/O

by Bence Csókás

The QSPI peripheral control and status registers are accessible via the SoC's APB bus, whereas MMIO transactions' data travels on the AHB bus. Microchip documentation and even sample code from Atmel emphasises the need for a memory barrier before the first MMIO transaction to the AHB-connected QSPI, and before the last write to its registers via APB. This is achieved by the following lines in `atmel_qspi_transfer()`: /* Dummy read of QSPI_IFR to synchronize APB and AHB accesses */ (void)atmel_qspi_read(aq, QSPI_IFR); However, the current documentation makes no mention to synchronization requirements in the other direction, i.e. after the last data written via AHB, and before the first register access on APB. --- In our case, we were facing an issue where the QSPI peripheral would cease to send any new CSR (nCS Rise) interrupts, leading to a timeout in `atmel_qspi_wait_for_completion()` and ultimately this panic in higher levels: ubi0 error: ubi_io_write: error -110 while writing 63108 bytes to PEB 491:128, written 63104 bytes After months of extensive research of the codebase, fiddling around the debugger with kgdb, and back-and-forth with Microchip, we came to the conclusion that the issue is probably that the peripheral is still busy receiving on AHB when the LASTXFER bit is written to its Control Register on APB, therefore this write gets lost, and the peripheral still thinks there is more data to come in the MMIO transfer. This was first formulated when we noticed that doubling the write() of QSPI_CR_LASTXFER seemed to solve the problem. Ultimately, the solution is to introduce memory barriers after the AHB-mapped MMIO transfers, to ensure ordering. Fixes: d5433def3153 ("mtd: spi-nor: atmel-quadspi: Add spi-mem support to atmel-quadspi") Cc: Hari.PrasathGE(a)microchip.com Cc: Mahesh.Abotula(a)microchip.com Cc: Marco.Cardellini(a)microchip.com Cc: <stable(a)vger.kernel.org> # c0a0203cf579: ("spi: atmel-quadspi: Create `atmel_qspi_ops`"...) Cc: <stable(a)vger.kernel.org> # 6.x.y Signed-off-by: Bence Csókás <csokas.bence(a)prolan.hu> --- drivers/spi/atmel-quadspi.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/spi/atmel-quadspi.c b/drivers/spi/atmel-quadspi.c index 73cf0c3f1477..96fc1c56a221 100644 --- a/drivers/spi/atmel-quadspi.c +++ b/drivers/spi/atmel-quadspi.c @@ -625,13 +625,20 @@ static int atmel_qspi_transfer(struct spi_mem *mem, (void)atmel_qspi_read(aq, QSPI_IFR); /* Send/Receive data */ - if (op->data.dir == SPI_MEM_DATA_IN) + if (op->data.dir == SPI_MEM_DATA_IN) { memcpy_fromio(op->data.buf.in, aq->mem + offset, op->data.nbytes); - else + + /* Synchronize AHB and APB accesses again */ + rmb(); + } else { memcpy_toio(aq->mem + offset, op->data.buf.out, op->data.nbytes); + /* Synchronize AHB and APB accesses again */ + wmb(); + } + /* Release the chip-select */ atmel_qspi_write(QSPI_CR_LASTXFER, aq, QSPI_CR); -- 2.34.1

6 months

3
2
0 0

[PATCH] PM / devfreq: Check dev_set_name() return value

by Ma Ke

It's possible that dev_set_name() returns -ENOMEM. We could catch and handle it by adding dev_set_name() return value check. Cc: stable(a)vger.kernel.org Fixes: 775fa8c3aa22 ("PM / devfreq: Simplify the sysfs name of devfreq-event device") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- drivers/devfreq/devfreq-event.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/devfreq/devfreq-event.c b/drivers/devfreq/devfreq-event.c index 3ebac2496679..9479fbe71eda 100644 --- a/drivers/devfreq/devfreq-event.c +++ b/drivers/devfreq/devfreq-event.c @@ -328,7 +328,10 @@ struct devfreq_event_dev *devfreq_event_add_edev(struct device *dev, edev->dev.class = devfreq_event_class; edev->dev.release = devfreq_event_release_edev; - dev_set_name(&edev->dev, "event%d", atomic_inc_return(&event_no)); + ret = dev_set_name(&edev->dev, "event%d", atomic_inc_return(&event_no)); + if (ret) + return ERR_PTR(-ENOMEM); + ret = device_register(&edev->dev); if (ret < 0) { put_device(&edev->dev); -- 2.25.1

6 months

2
1
0 0

[merged mm-hotfixes-stable] alloc_tag-fix-set_codetag_empty-when-config_mem_alloc_profiling_debug.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: alloc_tag: fix set_codetag_empty() when !CONFIG_MEM_ALLOC_PROFILING_DEBUG has been removed from the -mm tree. Its filename was alloc_tag-fix-set_codetag_empty-when-config_mem_alloc_profiling_debug.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: alloc_tag: fix set_codetag_empty() when !CONFIG_MEM_ALLOC_PROFILING_DEBUG Date: Fri, 29 Nov 2024 16:14:23 -0800 It was recently noticed that set_codetag_empty() might be used not only to mark NULL alloctag references as empty to avoid warnings but also to reset valid tags (in clear_page_tag_ref()). Since set_codetag_empty() is defined as NOOP for CONFIG_MEM_ALLOC_PROFILING_DEBUG=n, such use of set_codetag_empty() leads to subtle bugs. Fix set_codetag_empty() for CONFIG_MEM_ALLOC_PROFILING_DEBUG=n to reset the tag reference. Link: https://lkml.kernel.org/r/20241130001423.1114965-2-surenb@google.com Fixes: a8fc28dad6d5 ("alloc_tag: introduce clear_page_tag_ref() helper function") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: David Wang <00107082(a)163.com> Closes: https://lore.kernel.org/lkml/20241124074318.399027-1-00107082@163.com/ Cc: David Wang <00107082(a)163.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Sourav Panda <souravpanda(a)google.com> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/alloc_tag.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/include/linux/alloc_tag.h~alloc_tag-fix-set_codetag_empty-when-config_mem_alloc_profiling_debug +++ a/include/linux/alloc_tag.h @@ -63,7 +63,12 @@ static inline void set_codetag_empty(uni #else /* CONFIG_MEM_ALLOC_PROFILING_DEBUG */ static inline bool is_codetag_empty(union codetag_ref *ref) { return false; } -static inline void set_codetag_empty(union codetag_ref *ref) {} + +static inline void set_codetag_empty(union codetag_ref *ref) +{ + if (ref) + ref->ct = NULL; +} #endif /* CONFIG_MEM_ALLOC_PROFILING_DEBUG */ _ Patches currently in -mm which might be from surenb(a)google.com are seqlock-add-raw_seqcount_try_begin.patch mm-convert-mm_lock_seq-to-a-proper-seqcount.patch mm-introduce-mmap_lock_speculate_try_beginretry.patch

6 months

1
0
0 0

[merged mm-hotfixes-stable] alloc_tag-fix-module-allocation-tags-populated-area-calculation.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: alloc_tag: fix module allocation tags populated area calculation has been removed from the -mm tree. Its filename was alloc_tag-fix-module-allocation-tags-populated-area-calculation.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: alloc_tag: fix module allocation tags populated area calculation Date: Fri, 29 Nov 2024 16:14:22 -0800 vm_module_tags_populate() calculation of the populated area assumes that area starts at a page boundary and therefore when new pages are allocation, the end of the area is page-aligned as well. If the start of the area is not page-aligned then allocating a page and incrementing the end of the area by PAGE_SIZE leads to an area at the end but within the area boundary which is not populated. Accessing this are will lead to a kernel panic. Fix the calculation by down-aligning the start of the area and using that as the location allocated pages are mapped to. [gehao(a)kylinos.cn: fix vm_module_tags_populate's KASAN poisoning logic] Link: https://lkml.kernel.org/r/20241205170528.81000-1-hao.ge@linux.dev [gehao(a)kylinos.cn: fix panic when CONFIG_KASAN enabled and CONFIG_KASAN_VMALLOC not enabled] Link: https://lkml.kernel.org/r/20241212072126.134572-1-hao.ge@linux.dev Link: https://lkml.kernel.org/r/20241130001423.1114965-1-surenb@google.com Fixes: 0f9b685626da ("alloc_tag: populate memory for module tags as needed") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202411132111.6a221562-lkp@intel.com Acked-by: Yu Zhao <yuzhao(a)google.com> Tested-by: Adrian Huang <ahuang12(a)lenovo.com> Cc: David Wang <00107082(a)163.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Sourav Panda <souravpanda(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/alloc_tag.c | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) --- a/lib/alloc_tag.c~alloc_tag-fix-module-allocation-tags-populated-area-calculation +++ a/lib/alloc_tag.c @@ -408,28 +408,52 @@ repeat: static int vm_module_tags_populate(void) { - unsigned long phys_size = vm_module_tags->nr_pages << PAGE_SHIFT; + unsigned long phys_end = ALIGN_DOWN(module_tags.start_addr, PAGE_SIZE) + + (vm_module_tags->nr_pages << PAGE_SHIFT); + unsigned long new_end = module_tags.start_addr + module_tags.size; - if (phys_size < module_tags.size) { + if (phys_end < new_end) { struct page **next_page = vm_module_tags->pages + vm_module_tags->nr_pages; - unsigned long addr = module_tags.start_addr + phys_size; + unsigned long old_shadow_end = ALIGN(phys_end, MODULE_ALIGN); + unsigned long new_shadow_end = ALIGN(new_end, MODULE_ALIGN); unsigned long more_pages; unsigned long nr; - more_pages = ALIGN(module_tags.size - phys_size, PAGE_SIZE) >> PAGE_SHIFT; + more_pages = ALIGN(new_end - phys_end, PAGE_SIZE) >> PAGE_SHIFT; nr = alloc_pages_bulk_array_node(GFP_KERNEL | __GFP_NOWARN, NUMA_NO_NODE, more_pages, next_page); if (nr < more_pages || - vmap_pages_range(addr, addr + (nr << PAGE_SHIFT), PAGE_KERNEL, + vmap_pages_range(phys_end, phys_end + (nr << PAGE_SHIFT), PAGE_KERNEL, next_page, PAGE_SHIFT) < 0) { /* Clean up and error out */ for (int i = 0; i < nr; i++) __free_page(next_page[i]); return -ENOMEM; } + vm_module_tags->nr_pages += nr; + + /* + * Kasan allocates 1 byte of shadow for every 8 bytes of data. + * When kasan_alloc_module_shadow allocates shadow memory, + * its unit of allocation is a page. + * Therefore, here we need to align to MODULE_ALIGN. + */ + if (old_shadow_end < new_shadow_end) + kasan_alloc_module_shadow((void *)old_shadow_end, + new_shadow_end - old_shadow_end, + GFP_KERNEL); } + /* + * Mark the pages as accessible, now that they are mapped. + * With hardware tag-based KASAN, marking is skipped for + * non-VM_ALLOC mappings, see __kasan_unpoison_vmalloc(). + */ + kasan_unpoison_vmalloc((void *)module_tags.start_addr, + new_end - module_tags.start_addr, + KASAN_VMALLOC_PROT_NORMAL); + return 0; } _ Patches currently in -mm which might be from surenb(a)google.com are seqlock-add-raw_seqcount_try_begin.patch mm-convert-mm_lock_seq-to-a-proper-seqcount.patch mm-introduce-mmap_lock_speculate_try_beginretry.patch

6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-codetag-clear-tags-before-swap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/codetag: clear tags before swap has been removed from the -mm tree. Its filename was mm-codetag-clear-tags-before-swap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Wang <00107082(a)163.com> Subject: mm/codetag: clear tags before swap Date: Fri, 13 Dec 2024 09:33:32 +0800 When CONFIG_MEM_ALLOC_PROFILING_DEBUG is set, kernel WARN would be triggered when calling __alloc_tag_ref_set() during swap: alloc_tag was not cleared (got tag for mm/filemap.c:1951) WARNING: CPU: 0 PID: 816 at ./include/linux/alloc_tag.h... Clear code tags before swap can fix the warning. And this patch also fix a potential invalid address dereference in alloc_tag_add_check() when CONFIG_MEM_ALLOC_PROFILING_DEBUG is set and ref->ct is CODETAG_EMPTY, which is defined as ((void *)1). Link: https://lkml.kernel.org/r/20241213013332.89910-1-00107082@163.com Fixes: 51f43d5d82ed ("mm/codetag: swap tags when migrate pages") Signed-off-by: David Wang <00107082(a)163.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202412112227.df61ebb-lkp@intel.com Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/alloc_tag.h | 2 +- lib/alloc_tag.c | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) --- a/include/linux/alloc_tag.h~mm-codetag-clear-tags-before-swap +++ a/include/linux/alloc_tag.h @@ -135,7 +135,7 @@ static inline struct alloc_tag_counters #ifdef CONFIG_MEM_ALLOC_PROFILING_DEBUG static inline void alloc_tag_add_check(union codetag_ref *ref, struct alloc_tag *tag) { - WARN_ONCE(ref && ref->ct, + WARN_ONCE(ref && ref->ct && !is_codetag_empty(ref), "alloc_tag was not cleared (got tag for %s:%u)\n", ref->ct->filename, ref->ct->lineno); --- a/lib/alloc_tag.c~mm-codetag-clear-tags-before-swap +++ a/lib/alloc_tag.c @@ -209,6 +209,13 @@ void pgalloc_tag_swap(struct folio *new, return; } + /* + * Clear tag references to avoid debug warning when using + * __alloc_tag_ref_set() with non-empty reference. + */ + set_codetag_empty(&ref_old); + set_codetag_empty(&ref_new); + /* swap tags */ __alloc_tag_ref_set(&ref_old, tag_new); update_page_tag_ref(handle_old, &ref_old); _ Patches currently in -mm which might be from 00107082(a)163.com are

6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-convert-partially_mapped-set-clear-operations-to-be-atomic.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: convert partially_mapped set/clear operations to be atomic has been removed from the -mm tree. Its filename was mm-convert-partially_mapped-set-clear-operations-to-be-atomic.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Usama Arif <usamaarif642(a)gmail.com> Subject: mm: convert partially_mapped set/clear operations to be atomic Date: Thu, 12 Dec 2024 18:33:51 +0000 Other page flags in the 2nd page, like PG_hwpoison and PG_anon_exclusive can get modified concurrently. Changes to other page flags might be lost if they are happening at the same time as non-atomic partially_mapped operations. Hence, make partially_mapped operations atomic. Link: https://lkml.kernel.org/r/20241212183351.1345389-1-usamaarif642@gmail.com Fixes: 8422acdc97ed ("mm: introduce a pageflag for partially mapped folios") Reported-by: David Hildenbrand <david(a)redhat.com> Link: https://lore.kernel.org/all/e53b04ad-1827-43a2-a1ab-864c7efecf6e@redhat.com/ Signed-off-by: Usama Arif <usamaarif642(a)gmail.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Barry Song <baohua(a)kernel.org> Cc: Domenico Cerasuolo <cerasuolodomenico(a)gmail.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Nico Pache <npache(a)redhat.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/page-flags.h | 12 ++---------- mm/huge_memory.c | 8 ++++---- 2 files changed, 6 insertions(+), 14 deletions(-) --- a/include/linux/page-flags.h~mm-convert-partially_mapped-set-clear-operations-to-be-atomic +++ a/include/linux/page-flags.h @@ -862,18 +862,10 @@ static inline void ClearPageCompound(str ClearPageHead(page); } FOLIO_FLAG(large_rmappable, FOLIO_SECOND_PAGE) -FOLIO_TEST_FLAG(partially_mapped, FOLIO_SECOND_PAGE) -/* - * PG_partially_mapped is protected by deferred_split split_queue_lock, - * so its safe to use non-atomic set/clear. - */ -__FOLIO_SET_FLAG(partially_mapped, FOLIO_SECOND_PAGE) -__FOLIO_CLEAR_FLAG(partially_mapped, FOLIO_SECOND_PAGE) +FOLIO_FLAG(partially_mapped, FOLIO_SECOND_PAGE) #else FOLIO_FLAG_FALSE(large_rmappable) -FOLIO_TEST_FLAG_FALSE(partially_mapped) -__FOLIO_SET_FLAG_NOOP(partially_mapped) -__FOLIO_CLEAR_FLAG_NOOP(partially_mapped) +FOLIO_FLAG_FALSE(partially_mapped) #endif #define PG_head_mask ((1UL << PG_head)) --- a/mm/huge_memory.c~mm-convert-partially_mapped-set-clear-operations-to-be-atomic +++ a/mm/huge_memory.c @@ -3577,7 +3577,7 @@ int split_huge_page_to_list_to_order(str !list_empty(&folio->_deferred_list)) { ds_queue->split_queue_len--; if (folio_test_partially_mapped(folio)) { - __folio_clear_partially_mapped(folio); + folio_clear_partially_mapped(folio); mod_mthp_stat(folio_order(folio), MTHP_STAT_NR_ANON_PARTIALLY_MAPPED, -1); } @@ -3689,7 +3689,7 @@ bool __folio_unqueue_deferred_split(stru if (!list_empty(&folio->_deferred_list)) { ds_queue->split_queue_len--; if (folio_test_partially_mapped(folio)) { - __folio_clear_partially_mapped(folio); + folio_clear_partially_mapped(folio); mod_mthp_stat(folio_order(folio), MTHP_STAT_NR_ANON_PARTIALLY_MAPPED, -1); } @@ -3733,7 +3733,7 @@ void deferred_split_folio(struct folio * spin_lock_irqsave(&ds_queue->split_queue_lock, flags); if (partially_mapped) { if (!folio_test_partially_mapped(folio)) { - __folio_set_partially_mapped(folio); + folio_set_partially_mapped(folio); if (folio_test_pmd_mappable(folio)) count_vm_event(THP_DEFERRED_SPLIT_PAGE); count_mthp_stat(folio_order(folio), MTHP_STAT_SPLIT_DEFERRED); @@ -3826,7 +3826,7 @@ static unsigned long deferred_split_scan } else { /* We lost race with folio_put() */ if (folio_test_partially_mapped(folio)) { - __folio_clear_partially_mapped(folio); + folio_clear_partially_mapped(folio); mod_mthp_stat(folio_order(folio), MTHP_STAT_NR_ANON_PARTIALLY_MAPPED, -1); } _ Patches currently in -mm which might be from usamaarif642(a)gmail.com are

6 months

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-fix-buffer-head-leaks-in-calls-to-truncate_inode_pages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix buffer head leaks in calls to truncate_inode_pages() has been removed from the -mm tree. Its filename was nilfs2-fix-buffer-head-leaks-in-calls-to-truncate_inode_pages.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix buffer head leaks in calls to truncate_inode_pages() Date: Fri, 13 Dec 2024 01:43:28 +0900 When block_invalidatepage was converted to block_invalidate_folio, the fallback to block_invalidatepage in folio_invalidate() if the address_space_operations method invalidatepage (currently invalidate_folio) was not set, was removed. Unfortunately, some pseudo-inodes in nilfs2 use empty_aops set by inode_init_always_gfp() as is, or explicitly set it to address_space_operations. Therefore, with this change, block_invalidatepage() is no longer called from folio_invalidate(), and as a result, the buffer_head structures attached to these pages/folios are no longer freed via try_to_free_buffers(). Thus, these buffer heads are now leaked by truncate_inode_pages(), which cleans up the page cache from inode evict(), etc. Three types of caches use empty_aops: gc inode caches and the DAT shadow inode used by GC, and b-tree node caches. Of these, b-tree node caches explicitly call invalidate_mapping_pages() during cleanup, which involves calling try_to_free_buffers(), so the leak was not visible during normal operation but worsened when GC was performed. Fix this issue by using address_space_operations with invalidate_folio set to block_invalidate_folio instead of empty_aops, which will ensure the same behavior as before. Link: https://lkml.kernel.org/r/20241212164556.21338-1-konishi.ryusuke@gmail.com Fixes: 7ba13abbd31e ("fs: Turn block_invalidatepage into block_invalidate_folio") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> [5.18+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/btnode.c | 1 + fs/nilfs2/gcinode.c | 2 +- fs/nilfs2/inode.c | 5 +++++ fs/nilfs2/nilfs.h | 1 + 4 files changed, 8 insertions(+), 1 deletion(-) --- a/fs/nilfs2/btnode.c~nilfs2-fix-buffer-head-leaks-in-calls-to-truncate_inode_pages +++ a/fs/nilfs2/btnode.c @@ -35,6 +35,7 @@ void nilfs_init_btnc_inode(struct inode ii->i_flags = 0; memset(&ii->i_bmap_data, 0, sizeof(struct nilfs_bmap)); mapping_set_gfp_mask(btnc_inode->i_mapping, GFP_NOFS); + btnc_inode->i_mapping->a_ops = &nilfs_buffer_cache_aops; } void nilfs_btnode_cache_clear(struct address_space *btnc) --- a/fs/nilfs2/gcinode.c~nilfs2-fix-buffer-head-leaks-in-calls-to-truncate_inode_pages +++ a/fs/nilfs2/gcinode.c @@ -163,7 +163,7 @@ int nilfs_init_gcinode(struct inode *ino inode->i_mode = S_IFREG; mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); - inode->i_mapping->a_ops = &empty_aops; + inode->i_mapping->a_ops = &nilfs_buffer_cache_aops; ii->i_flags = 0; nilfs_bmap_init_gc(ii->i_bmap); --- a/fs/nilfs2/inode.c~nilfs2-fix-buffer-head-leaks-in-calls-to-truncate_inode_pages +++ a/fs/nilfs2/inode.c @@ -276,6 +276,10 @@ const struct address_space_operations ni .is_partially_uptodate = block_is_partially_uptodate, }; +const struct address_space_operations nilfs_buffer_cache_aops = { + .invalidate_folio = block_invalidate_folio, +}; + static int nilfs_insert_inode_locked(struct inode *inode, struct nilfs_root *root, unsigned long ino) @@ -681,6 +685,7 @@ struct inode *nilfs_iget_for_shadow(stru NILFS_I(s_inode)->i_flags = 0; memset(NILFS_I(s_inode)->i_bmap, 0, sizeof(struct nilfs_bmap)); mapping_set_gfp_mask(s_inode->i_mapping, GFP_NOFS); + s_inode->i_mapping->a_ops = &nilfs_buffer_cache_aops; err = nilfs_attach_btree_node_cache(s_inode); if (unlikely(err)) { --- a/fs/nilfs2/nilfs.h~nilfs2-fix-buffer-head-leaks-in-calls-to-truncate_inode_pages +++ a/fs/nilfs2/nilfs.h @@ -401,6 +401,7 @@ extern const struct file_operations nilf extern const struct inode_operations nilfs_file_inode_operations; extern const struct file_operations nilfs_file_operations; extern const struct address_space_operations nilfs_aops; +extern const struct address_space_operations nilfs_buffer_cache_aops; extern const struct inode_operations nilfs_dir_inode_operations; extern const struct inode_operations nilfs_special_inode_operations; extern const struct inode_operations nilfs_symlink_inode_operations; _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are

6 months

1
0
0 0

[merged mm-hotfixes-stable] vmalloc-fix-accounting-with-i915.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: vmalloc: fix accounting with i915 has been removed from the -mm tree. Its filename was vmalloc-fix-accounting-with-i915.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: vmalloc: fix accounting with i915 Date: Wed, 11 Dec 2024 20:25:37 +0000 If the caller of vmap() specifies VM_MAP_PUT_PAGES (currently only the i915 driver), we will decrement nr_vmalloc_pages and MEMCG_VMALLOC in vfree(). These counters are incremented by vmalloc() but not by vmap() so this will cause an underflow. Check the VM_MAP_PUT_PAGES flag before decrementing either counter. Link: https://lkml.kernel.org/r/20241211202538.168311-1-willy@infradead.org Fixes: b944afc9d64d ("mm: add a VM_MAP_PUT_PAGES flag for vmap") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Reviewed-by: Shakeel Butt <shakeel.butt(a)linux.dev> Reviewed-by: Balbir Singh <balbirs(a)nvidia.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/mm/vmalloc.c~vmalloc-fix-accounting-with-i915 +++ a/mm/vmalloc.c @@ -3374,7 +3374,8 @@ void vfree(const void *addr) struct page *page = vm->pages[i]; BUG_ON(!page); - mod_memcg_page_state(page, MEMCG_VMALLOC, -1); + if (!(vm->flags & VM_MAP_PUT_PAGES)) + mod_memcg_page_state(page, MEMCG_VMALLOC, -1); /* * High-order allocs for huge vmallocs are split, so * can be freed as an array of order-0 allocations @@ -3382,7 +3383,8 @@ void vfree(const void *addr) __free_page(page); cond_resched(); } - atomic_long_sub(vm->nr_pages, &nr_vmalloc_pages); + if (!(vm->flags & VM_MAP_PUT_PAGES)) + atomic_long_sub(vm->nr_pages, &nr_vmalloc_pages); kvfree(vm->pages); kfree(vm); } _ Patches currently in -mm which might be from willy(a)infradead.org are mm-page_alloc-cache-page_zone-result-in-free_unref_page.patch mm-make-alloc_pages_mpol-static.patch mm-page_alloc-export-free_frozen_pages-instead-of-free_unref_page.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-post_alloc_hook.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-prep_new_page.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-get_page_from_freelist.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_cpuset_fallback.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_may_oom.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_direct_compact.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_direct_reclaim.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_slowpath.patch mm-page_alloc-move-set_page_refcounted-to-end-of-__alloc_pages.patch mm-page_alloc-add-__alloc_frozen_pages.patch mm-mempolicy-add-alloc_frozen_pages.patch slab-allocate-frozen-pages.patch ocfs2-handle-a-symlink-read-error-correctly.patch ocfs2-convert-ocfs2_page_mkwrite-to-use-a-folio.patch ocfs2-pass-mmap_folio-around-instead-of-mmap_page.patch ocfs2-convert-ocfs2_read_inline_data-to-take-a-folio.patch ocfs2-use-a-folio-in-ocfs2_fast_symlink_read_folio.patch ocfs2-remove-ocfs2_start_walk_page_trans-prototype.patch iov_iter-remove-setting-of-page-index.patch

6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-page_alloc-dont-call-pfn_to_page-on-possibly-non-existent-pfn-in-split_large_buddy.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() has been removed from the -mm tree. Its filename was mm-page_alloc-dont-call-pfn_to_page-on-possibly-non-existent-pfn-in-split_large_buddy.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() Date: Tue, 10 Dec 2024 10:34:37 +0100 In split_large_buddy(), we might call pfn_to_page() on a PFN that might not exist. In corner cases, such as when freeing the highest pageblock in the last memory section, this could result with CONFIG_SPARSEMEM && !CONFIG_SPARSEMEM_EXTREME in __pfn_to_section() returning NULL and and __section_mem_map_addr() dereferencing that NULL pointer. Let's fix it, and avoid doing a pfn_to_page() call for the first iteration, where we already have the page. So far this was found by code inspection, but let's just CC stable as the fix is easy. Link: https://lkml.kernel.org/r/20241210093437.174413-1-david@redhat.com Fixes: fd919a85cd55 ("mm: page_isolation: prepare for hygienic freelists") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Vlastimil Babka <vbabka(a)suse.cz> Closes: https://lkml.kernel.org/r/e1a898ba-a717-4d20-9144-29df1a6c8813@suse.cz Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/mm/page_alloc.c~mm-page_alloc-dont-call-pfn_to_page-on-possibly-non-existent-pfn-in-split_large_buddy +++ a/mm/page_alloc.c @@ -1238,13 +1238,15 @@ static void split_large_buddy(struct zon if (order > pageblock_order) order = pageblock_order; - while (pfn != end) { + do { int mt = get_pfnblock_migratetype(page, pfn); __free_one_page(page, pfn, zone, order, mt, fpi); pfn += 1 << order; + if (pfn == end) + break; page = pfn_to_page(pfn); - } + } while (1); } static void free_one_page(struct zone *zone, struct page *page, _ Patches currently in -mm which might be from david(a)redhat.com are fs-proc-task_mmu-fix-pagemap-flags-with-pmd-thp-entries-on-32bit.patch docs-tmpfs-update-the-large-folios-policy-for-tmpfs-and-shmem.patch mm-memory_hotplug-move-debug_pagealloc_map_pages-into-online_pages_range.patch mm-page_isolation-dont-pass-gfp-flags-to-isolate_single_pageblock.patch mm-page_isolation-dont-pass-gfp-flags-to-start_isolate_page_range.patch mm-page_alloc-make-__alloc_contig_migrate_range-static.patch mm-page_alloc-sort-out-the-alloc_contig_range-gfp-flags-mess.patch mm-page_alloc-forward-the-gfp-flags-from-alloc_contig_range-to-post_alloc_hook.patch powernv-memtrace-use-__gfp_zero-with-alloc_contig_pages.patch mm-hugetlb-dont-map-folios-writable-without-vm_write-when-copying-during-fork.patch fs-proc-vmcore-convert-vmcore_cb_lock-into-vmcore_mutex.patch fs-proc-vmcore-replace-vmcoredd_mutex-by-vmcore_mutex.patch fs-proc-vmcore-disallow-vmcore-modifications-while-the-vmcore-is-open.patch fs-proc-vmcore-prefix-all-pr_-with-vmcore.patch fs-proc-vmcore-move-vmcore-definitions-out-of-kcoreh.patch fs-proc-vmcore-factor-out-allocating-a-vmcore-range-and-adding-it-to-a-list.patch fs-proc-vmcore-factor-out-freeing-a-list-of-vmcore-ranges.patch fs-proc-vmcore-introduce-proc_vmcore_device_ram-to-detect-device-ram-ranges-in-2nd-kernel.patch virtio-mem-mark-device-ready-before-registering-callbacks-in-kdump-mode.patch virtio-mem-remember-usable-region-size.patch virtio-mem-support-config_proc_vmcore_device_ram.patch s390-kdump-virtio-mem-kdump-support-config_proc_vmcore_device_ram.patch mm-page_alloc-dont-use-__gfp_hardwall-when-migrating-pages-via-alloc_contig.patch mm-memory_hotplug-dont-use-__gfp_hardwall-when-migrating-pages-via-memory-offlining.patch

6 months

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-prevent-use-of-deleted-inode.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: prevent use of deleted inode has been removed from the -mm tree. Its filename was nilfs2-prevent-use-of-deleted-inode.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Edward Adam Davis <eadavis(a)qq.com> Subject: nilfs2: prevent use of deleted inode Date: Mon, 9 Dec 2024 15:56:52 +0900 syzbot reported a WARNING in nilfs_rmdir. [1] Because the inode bitmap is corrupted, an inode with an inode number that should exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0", causing an inode duplication during execution. And this causes an underflow of i_nlink in rmdir operations. The inode is used twice by the same task to unmount and remove directories ".nilfs" and "file0", it trigger warning in nilfs_rmdir. Avoid to this issue, check i_nlink in nilfs_iget(), if it is 0, it means that this inode has been deleted, and iput is executed to reclaim it. [1] WARNING: CPU: 1 PID: 5824 at fs/inode.c:407 drop_nlink+0xc4/0x110 fs/inode.c:407 ... Call Trace: <TASK> nilfs_rmdir+0x1b0/0x250 fs/nilfs2/namei.c:342 vfs_rmdir+0x3a3/0x510 fs/namei.c:4394 do_rmdir+0x3b5/0x580 fs/namei.c:4453 __do_sys_rmdir fs/namei.c:4472 [inline] __se_sys_rmdir fs/namei.c:4470 [inline] __x64_sys_rmdir+0x47/0x50 fs/namei.c:4470 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Link: https://lkml.kernel.org/r/20241209065759.6781-1-konishi.ryusuke@gmail.com Fixes: d25006523d0b ("nilfs2: pathname operations") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+9260555647a5132edd48(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=9260555647a5132edd48 Tested-by: syzbot+9260555647a5132edd48(a)syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/inode.c | 8 +++++++- fs/nilfs2/namei.c | 5 +++++ 2 files changed, 12 insertions(+), 1 deletion(-) --- a/fs/nilfs2/inode.c~nilfs2-prevent-use-of-deleted-inode +++ a/fs/nilfs2/inode.c @@ -544,8 +544,14 @@ struct inode *nilfs_iget(struct super_bl inode = nilfs_iget_locked(sb, root, ino); if (unlikely(!inode)) return ERR_PTR(-ENOMEM); - if (!(inode->i_state & I_NEW)) + + if (!(inode->i_state & I_NEW)) { + if (!inode->i_nlink) { + iput(inode); + return ERR_PTR(-ESTALE); + } return inode; + } err = __nilfs_read_inode(sb, root, ino, inode); if (unlikely(err)) { --- a/fs/nilfs2/namei.c~nilfs2-prevent-use-of-deleted-inode +++ a/fs/nilfs2/namei.c @@ -67,6 +67,11 @@ nilfs_lookup(struct inode *dir, struct d inode = NULL; } else { inode = nilfs_iget(dir->i_sb, NILFS_I(dir)->i_root, ino); + if (inode == ERR_PTR(-ESTALE)) { + nilfs_error(dir->i_sb, + "deleted inode referenced: %lu", ino); + return ERR_PTR(-EIO); + } } return d_splice_alias(inode, dentry); _ Patches currently in -mm which might be from eadavis(a)qq.com are

6 months

1
0
0 0

[merged mm-hotfixes-stable] zram-fix-uninitialized-zram-not-releasing-backing-device.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: zram: fix uninitialized ZRAM not releasing backing device has been removed from the -mm tree. Its filename was zram-fix-uninitialized-zram-not-releasing-backing-device.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: zram: fix uninitialized ZRAM not releasing backing device Date: Tue, 10 Dec 2024 00:57:16 +0800 Setting backing device is done before ZRAM initialization. If we set the backing device, then remove the ZRAM module without initializing the device, the backing device reference will be leaked and the device will be hold forever. Fix this by always reset the ZRAM fully on rmmod or reset store. Link: https://lkml.kernel.org/r/20241209165717.94215-3-ryncsn@gmail.com Fixes: 013bf95a83ec ("zram: add interface to specif backing device") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reported-by: Desheng Wu <deshengwu(a)tencent.com> Suggested-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) --- a/drivers/block/zram/zram_drv.c~zram-fix-uninitialized-zram-not-releasing-backing-device +++ a/drivers/block/zram/zram_drv.c @@ -1444,12 +1444,16 @@ static void zram_meta_free(struct zram * size_t num_pages = disksize >> PAGE_SHIFT; size_t index; + if (!zram->table) + return; + /* Free all pages that are still in this zram device */ for (index = 0; index < num_pages; index++) zram_free_page(zram, index); zs_destroy_pool(zram->mem_pool); vfree(zram->table); + zram->table = NULL; } static bool zram_meta_alloc(struct zram *zram, u64 disksize) @@ -2326,11 +2330,6 @@ static void zram_reset_device(struct zra zram->limit_pages = 0; - if (!init_done(zram)) { - up_write(&zram->init_lock); - return; - } - set_capacity_and_notify(zram->disk, 0); part_stat_set_all(zram->disk->part0, 0); _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-memcontrol-avoid-duplicated-memcg-enable-check.patch mm-swap_cgroup-remove-swap_cgroup_cmpxchg.patch mm-swap_cgroup-remove-global-swap-cgroup-lock.patch mm-swap_cgroup-decouple-swap-cgroup-recording-and-clearing.patch

6 months

1
0
0 0

[merged mm-hotfixes-stable] zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: zram: refuse to use zero sized block device as backing device has been removed from the -mm tree. Its filename was zram-refuse-to-use-zero-sized-block-device-as-backing-device.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: zram: refuse to use zero sized block device as backing device Date: Tue, 10 Dec 2024 00:57:15 +0800 Patch series "zram: fix backing device setup issue", v2. This series fixes two bugs of backing device setting: - ZRAM should reject using a zero sized (or the uninitialized ZRAM device itself) as the backing device. - Fix backing device leaking when removing a uninitialized ZRAM device. This patch (of 2): Setting a zero sized block device as backing device is pointless, and one can easily create a recursive loop by setting the uninitialized ZRAM device itself as its own backing device by (zram0 is uninitialized): echo /dev/zram0 > /sys/block/zram0/backing_dev It's definitely a wrong config, and the module will pin itself, kernel should refuse doing so in the first place. By refusing to use zero sized device we avoided misuse cases including this one above. Link: https://lkml.kernel.org/r/20241209165717.94215-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20241209165717.94215-2-ryncsn@gmail.com Fixes: 013bf95a83ec ("zram: add interface to specif backing device") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reported-by: Desheng Wu <deshengwu(a)tencent.com> Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/block/zram/zram_drv.c~zram-refuse-to-use-zero-sized-block-device-as-backing-device +++ a/drivers/block/zram/zram_drv.c @@ -614,6 +614,12 @@ static ssize_t backing_dev_store(struct } nr_pages = i_size_read(inode) >> PAGE_SHIFT; + /* Refuse to use zero sized device (also prevents self reference) */ + if (!nr_pages) { + err = -EINVAL; + goto out; + } + bitmap_sz = BITS_TO_LONGS(nr_pages) * sizeof(long); bitmap = kvzalloc(bitmap_sz, GFP_KERNEL); if (!bitmap) { _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-memcontrol-avoid-duplicated-memcg-enable-check.patch mm-swap_cgroup-remove-swap_cgroup_cmpxchg.patch mm-swap_cgroup-remove-global-swap-cgroup-lock.patch mm-swap_cgroup-decouple-swap-cgroup-recording-and-clearing.patch

6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-use-aligned-address-in-copy_user_gigantic_page.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: use aligned address in copy_user_gigantic_page() has been removed from the -mm tree. Its filename was mm-use-aligned-address-in-copy_user_gigantic_page.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kefeng Wang <wangkefeng.wang(a)huawei.com> Subject: mm: use aligned address in copy_user_gigantic_page() Date: Mon, 28 Oct 2024 22:56:56 +0800 In current kernel, hugetlb_wp() calls copy_user_large_folio() with the fault address. Where the fault address may be not aligned with the huge page size. Then, copy_user_large_folio() may call copy_user_gigantic_page() with the address, while copy_user_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for copy_user_gigantic_page(). Link: https://lkml.kernel.org/r/20241028145656.932941-2-wangkefeng.wang@huawei.com Fixes: 530dd9926dc1 ("mm: memory: improve copy_user_large_folio()") Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Huang Ying <ying.huang(a)intel.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 5 ++--- mm/memory.c | 5 +++-- 2 files changed, 5 insertions(+), 5 deletions(-) --- a/mm/hugetlb.c~mm-use-aligned-address-in-copy_user_gigantic_page +++ a/mm/hugetlb.c @@ -5340,7 +5340,7 @@ again: break; } ret = copy_user_large_folio(new_folio, pte_folio, - ALIGN_DOWN(addr, sz), dst_vma); + addr, dst_vma); folio_put(pte_folio); if (ret) { folio_put(new_folio); @@ -6643,8 +6643,7 @@ int hugetlb_mfill_atomic_pte(pte_t *dst_ *foliop = NULL; goto out; } - ret = copy_user_large_folio(folio, *foliop, - ALIGN_DOWN(dst_addr, size), dst_vma); + ret = copy_user_large_folio(folio, *foliop, dst_addr, dst_vma); folio_put(*foliop); *foliop = NULL; if (ret) { --- a/mm/memory.c~mm-use-aligned-address-in-copy_user_gigantic_page +++ a/mm/memory.c @@ -6852,13 +6852,14 @@ void folio_zero_user(struct folio *folio } static int copy_user_gigantic_page(struct folio *dst, struct folio *src, - unsigned long addr, + unsigned long addr_hint, struct vm_area_struct *vma, unsigned int nr_pages) { - int i; + unsigned long addr = ALIGN_DOWN(addr_hint, folio_size(dst)); struct page *dst_page; struct page *src_page; + int i; for (i = 0; i < nr_pages; i++) { dst_page = folio_page(dst, i); _ Patches currently in -mm which might be from wangkefeng.wang(a)huawei.com are mm-dont-try-thp-align-for-fs-without-get_unmapped_area.patch

6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-use-aligned-address-in-clear_gigantic_page.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: use aligned address in clear_gigantic_page() has been removed from the -mm tree. Its filename was mm-use-aligned-address-in-clear_gigantic_page.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kefeng Wang <wangkefeng.wang(a)huawei.com> Subject: mm: use aligned address in clear_gigantic_page() Date: Mon, 28 Oct 2024 22:56:55 +0800 In current kernel, hugetlb_no_page() calls folio_zero_user() with the fault address. Where the fault address may be not aligned with the huge page size. Then, folio_zero_user() may call clear_gigantic_page() with the address, while clear_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for clear_gigantic_page(). Link: https://lkml.kernel.org/r/20241028145656.932941-1-wangkefeng.wang@huawei.com Fixes: 78fefd04c123 ("mm: memory: convert clear_huge_page() to folio_zero_user()") Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Reviewed-by: "Huang, Ying" <ying.huang(a)intel.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/hugetlbfs/inode.c | 2 +- mm/memory.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) --- a/fs/hugetlbfs/inode.c~mm-use-aligned-address-in-clear_gigantic_page +++ a/fs/hugetlbfs/inode.c @@ -825,7 +825,7 @@ static long hugetlbfs_fallocate(struct f error = PTR_ERR(folio); goto out; } - folio_zero_user(folio, ALIGN_DOWN(addr, hpage_size)); + folio_zero_user(folio, addr); __folio_mark_uptodate(folio); error = hugetlb_add_to_page_cache(folio, mapping, index); if (unlikely(error)) { --- a/mm/memory.c~mm-use-aligned-address-in-clear_gigantic_page +++ a/mm/memory.c @@ -6815,9 +6815,10 @@ static inline int process_huge_page( return 0; } -static void clear_gigantic_page(struct folio *folio, unsigned long addr, +static void clear_gigantic_page(struct folio *folio, unsigned long addr_hint, unsigned int nr_pages) { + unsigned long addr = ALIGN_DOWN(addr_hint, folio_size(folio)); int i; might_sleep(); _ Patches currently in -mm which might be from wangkefeng.wang(a)huawei.com are mm-dont-try-thp-align-for-fs-without-get_unmapped_area.patch

6 months

1
0
0 0

[merged mm-hotfixes-stable] mm-shmem-fix-shmemhugepages-at-swapout.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: shmem: fix ShmemHugePages at swapout has been removed from the -mm tree. Its filename was mm-shmem-fix-shmemhugepages-at-swapout.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Hugh Dickins <hughd(a)google.com> Subject: mm: shmem: fix ShmemHugePages at swapout Date: Wed, 4 Dec 2024 22:50:06 -0800 (PST) /proc/meminfo ShmemHugePages has been showing overlarge amounts (more than Shmem) after swapping out THPs: we forgot to update NR_SHMEM_THPS. Add shmem_update_stats(), to avoid repetition, and risk of making that mistake again: the call from shmem_delete_from_page_cache() is the bugfix; the call from shmem_replace_folio() is reassuring, but not really a bugfix (replace corrects misplaced swapin readahead, but huge swapin readahead would be a mistake). Link: https://lkml.kernel.org/r/5ba477c8-a569-70b5-923e-09ab221af45b@google.com Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Hugh Dickins <hughd(a)google.com> Reviewed-by: Shakeel Butt <shakeel.butt(a)linux.dev> Reviewed-by: Yosry Ahmed <yosryahmed(a)google.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Tested-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) --- a/mm/shmem.c~mm-shmem-fix-shmemhugepages-at-swapout +++ a/mm/shmem.c @@ -787,6 +787,14 @@ static bool shmem_huge_global_enabled(st } #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ +static void shmem_update_stats(struct folio *folio, int nr_pages) +{ + if (folio_test_pmd_mappable(folio)) + __lruvec_stat_mod_folio(folio, NR_SHMEM_THPS, nr_pages); + __lruvec_stat_mod_folio(folio, NR_FILE_PAGES, nr_pages); + __lruvec_stat_mod_folio(folio, NR_SHMEM, nr_pages); +} + /* * Somewhat like filemap_add_folio, but error if expected item has gone. */ @@ -821,10 +829,7 @@ static int shmem_add_to_page_cache(struc xas_store(&xas, folio); if (xas_error(&xas)) goto unlock; - if (folio_test_pmd_mappable(folio)) - __lruvec_stat_mod_folio(folio, NR_SHMEM_THPS, nr); - __lruvec_stat_mod_folio(folio, NR_FILE_PAGES, nr); - __lruvec_stat_mod_folio(folio, NR_SHMEM, nr); + shmem_update_stats(folio, nr); mapping->nrpages += nr; unlock: xas_unlock_irq(&xas); @@ -852,8 +857,7 @@ static void shmem_delete_from_page_cache error = shmem_replace_entry(mapping, folio->index, folio, radswap); folio->mapping = NULL; mapping->nrpages -= nr; - __lruvec_stat_mod_folio(folio, NR_FILE_PAGES, -nr); - __lruvec_stat_mod_folio(folio, NR_SHMEM, -nr); + shmem_update_stats(folio, -nr); xa_unlock_irq(&mapping->i_pages); folio_put_refs(folio, nr); BUG_ON(error); @@ -1969,10 +1973,8 @@ static int shmem_replace_folio(struct fo } if (!error) { mem_cgroup_replace_folio(old, new); - __lruvec_stat_mod_folio(new, NR_FILE_PAGES, nr_pages); - __lruvec_stat_mod_folio(new, NR_SHMEM, nr_pages); - __lruvec_stat_mod_folio(old, NR_FILE_PAGES, -nr_pages); - __lruvec_stat_mod_folio(old, NR_SHMEM, -nr_pages); + shmem_update_stats(new, nr_pages); + shmem_update_stats(old, -nr_pages); } xa_unlock_irq(&swap_mapping->i_pages); _ Patches currently in -mm which might be from hughd(a)google.com are

6 months

1
0
0 0

[merged mm-hotfixes-stable] ocfs2-fix-the-space-leak-in-la-when-releasing-la.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: fix the space leak in LA when releasing LA has been removed from the -mm tree. Its filename was ocfs2-fix-the-space-leak-in-la-when-releasing-la.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Heming Zhao <heming.zhao(a)suse.com> Subject: ocfs2: fix the space leak in LA when releasing LA Date: Thu, 5 Dec 2024 18:48:33 +0800 Commit 30dd3478c3cd ("ocfs2: correctly use ocfs2_find_next_zero_bit()") introduced an issue, the ocfs2_sync_local_to_main() ignores the last contiguous free bits, which causes an OCFS2 volume to lose the last free clusters of LA window during the release routine. Please note, because commit dfe6c5692fb5 ("ocfs2: fix the la space leak when unmounting an ocfs2 volume") was reverted, this commit is a replacement fix for commit dfe6c5692fb5. Link: https://lkml.kernel.org/r/20241205104835.18223-3-heming.zhao@suse.com Fixes: 30dd3478c3cd ("ocfs2: correctly use ocfs2_find_next_zero_bit()") Signed-off-by: Heming Zhao <heming.zhao(a)suse.com> Suggested-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/localalloc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/fs/ocfs2/localalloc.c~ocfs2-fix-the-space-leak-in-la-when-releasing-la +++ a/fs/ocfs2/localalloc.c @@ -971,9 +971,9 @@ static int ocfs2_sync_local_to_main(stru start = count = 0; left = le32_to_cpu(alloc->id1.bitmap1.i_total); - while ((bit_off = ocfs2_find_next_zero_bit(bitmap, left, start)) < - left) { - if (bit_off == start) { + while (1) { + bit_off = ocfs2_find_next_zero_bit(bitmap, left, start); + if ((bit_off < left) && (bit_off == start)) { count++; start++; continue; @@ -998,6 +998,8 @@ static int ocfs2_sync_local_to_main(stru } } + if (bit_off >= left) + break; count = 1; start = bit_off + 1; } _ Patches currently in -mm which might be from heming.zhao(a)suse.com are

6 months

1
0
0 0

[merged mm-hotfixes-stable] ocfs2-revert-ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" has been removed from the -mm tree. Its filename was ocfs2-revert-ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Heming Zhao <heming.zhao(a)suse.com> Subject: ocfs2: revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" Date: Thu, 5 Dec 2024 18:48:32 +0800 Patch series "Revert ocfs2 commit dfe6c5692fb5 and provide a new fix". SUSE QA team detected a mistake in my commit dfe6c5692fb5 ("ocfs2: fix the la space leak when unmounting an ocfs2 volume"). I am very sorry for my error. (If my eyes are correct) From the mailling list mails, this patch shouldn't be applied to 4.19 5.4 5.10 5.15 6.1 6.6, and these branches should perform a revert operation. Reason for revert: In commit dfe6c5692fb5, I mistakenly wrote: "This bug has existed since the initial OCFS2 code.". The statement is wrong. The correct introduction commit is 30dd3478c3cd. IOW, if the branch doesn't include 30dd3478c3cd, dfe6c5692fb5 should also not be included. This reverts commit dfe6c5692fb5 ("ocfs2: fix the la space leak when unmounting an ocfs2 volume"). In commit dfe6c5692fb5, the commit log "This bug has existed since the initial OCFS2 code." is wrong. The correct introduction commit is 30dd3478c3cd ("ocfs2: correctly use ocfs2_find_next_zero_bit()"). The influence of commit dfe6c5692fb5 is that it provides a correct fix for the latest kernel. however, it shouldn't be pushed to stable branches. Let's use this commit to revert all branches that include dfe6c5692fb5 and use a new fix method to fix commit 30dd3478c3cd. Link: https://lkml.kernel.org/r/20241205104835.18223-1-heming.zhao@suse.com Link: https://lkml.kernel.org/r/20241205104835.18223-2-heming.zhao@suse.com Fixes: dfe6c5692fb5 ("ocfs2: fix the la space leak when unmounting an ocfs2 volume") Signed-off-by: Heming Zhao <heming.zhao(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/localalloc.c | 19 ------------------- 1 file changed, 19 deletions(-) --- a/fs/ocfs2/localalloc.c~ocfs2-revert-ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume +++ a/fs/ocfs2/localalloc.c @@ -1002,25 +1002,6 @@ static int ocfs2_sync_local_to_main(stru start = bit_off + 1; } - /* clear the contiguous bits until the end boundary */ - if (count) { - blkno = la_start_blk + - ocfs2_clusters_to_blocks(osb->sb, - start - count); - - trace_ocfs2_sync_local_to_main_free( - count, start - count, - (unsigned long long)la_start_blk, - (unsigned long long)blkno); - - status = ocfs2_release_clusters(handle, - main_bm_inode, - main_bm_bh, blkno, - count); - if (status < 0) - mlog_errno(status); - } - bail: if (status) mlog_errno(status); _ Patches currently in -mm which might be from heming.zhao(a)suse.com are

6 months

1
0
0 0

[merged mm-hotfixes-stable] selftests-memfd-run-sysctl-tests-when-pid-namespace-support-is-enabled.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/memfd: run sysctl tests when PID namespace support is enabled has been removed from the -mm tree. Its filename was selftests-memfd-run-sysctl-tests-when-pid-namespace-support-is-enabled.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Isaac J. Manjarres" <isaacmanjarres(a)google.com> Subject: selftests/memfd: run sysctl tests when PID namespace support is enabled Date: Thu, 5 Dec 2024 11:29:41 -0800 The sysctl tests for vm.memfd_noexec rely on the kernel to support PID namespaces (i.e. the kernel is built with CONFIG_PID_NS=y). If the kernel the test runs on does not support PID namespaces, the first sysctl test will fail when attempting to spawn a new thread in a new PID namespace, abort the test, preventing the remaining tests from being run. This is not desirable, as not all kernels need PID namespaces, but can still use the other features provided by memfd. Therefore, only run the sysctl tests if the kernel supports PID namespaces. Otherwise, skip those tests and emit an informative message to let the user know why the sysctl tests are not being run. Link: https://lkml.kernel.org/r/20241205192943.3228757-1-isaacmanjarres@google.com Fixes: 11f75a01448f ("selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC") Signed-off-by: Isaac J. Manjarres <isaacmanjarres(a)google.com> Reviewed-by: Jeff Xu <jeffxu(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/memfd/memfd_test.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) --- a/tools/testing/selftests/memfd/memfd_test.c~selftests-memfd-run-sysctl-tests-when-pid-namespace-support-is-enabled +++ a/tools/testing/selftests/memfd/memfd_test.c @@ -9,6 +9,7 @@ #include <fcntl.h> #include <linux/memfd.h> #include <sched.h> +#include <stdbool.h> #include <stdio.h> #include <stdlib.h> #include <signal.h> @@ -1557,6 +1558,11 @@ static void test_share_fork(char *banner close(fd); } +static bool pid_ns_supported(void) +{ + return access("/proc/self/ns/pid", F_OK) == 0; +} + int main(int argc, char **argv) { pid_t pid; @@ -1591,8 +1597,12 @@ int main(int argc, char **argv) test_seal_grow(); test_seal_resize(); - test_sysctl_simple(); - test_sysctl_nested(); + if (pid_ns_supported()) { + test_sysctl_simple(); + test_sysctl_nested(); + } else { + printf("PID namespaces are not supported; skipping sysctl tests\n"); + } test_share_dup("SHARE-DUP", ""); test_share_mmap("SHARE-MMAP", ""); _ Patches currently in -mm which might be from isaacmanjarres(a)google.com are

6 months

1
0
0 0

+ ocfs2-fix-slab-use-after-free-due-to-dangling-pointer-dqi_priv.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv has been added to the -mm mm-nonmm-unstable branch. Its filename is ocfs2-fix-slab-use-after-free-due-to-dangling-pointer-dqi_priv.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Dennis Lam <dennis.lamerice(a)gmail.com> Subject: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv Date: Tue, 17 Dec 2024 21:39:25 -0500 When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the dangling pointer. During the remounting process, the pointer dqi_priv is freed but is never set as null leaving it to to be accessed. Additionally, the read-only option for remounting sets the DQUOT_SUSPENDED flag instead of setting the DQUOT_USAGE_ENABLED flags. Moreover, later in the process of getting the next quota, the function ocfs2_get_next_id is called and only checks the quota usage flags and not the quota suspended flags. To fix this, I set dqi_priv to null when it is freed after remounting with read-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id. Link: https://lkml.kernel.org/r/20241218023924.22821-2-dennis.lamerice@gmail.com Fixes: 8f9e8f5fcc05 ("ocfs2: Fix Q_GETNEXTQUOTA for filesystem without quotas") Signed-off-by: Dennis Lam <dennis.lamerice(a)gmail.com> Reported-by: syzbot+d173bf8a5a7faeede34c(a)syzkaller.appspotmail.com Tested-by: syzbot+d173bf8a5a7faeede34c(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/6731d26f.050a0220.1fb99c.014b.GAE@google.com/T/ Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/quota_global.c | 2 +- fs/ocfs2/quota_local.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) --- a/fs/ocfs2/quota_global.c~ocfs2-fix-slab-use-after-free-due-to-dangling-pointer-dqi_priv +++ a/fs/ocfs2/quota_global.c @@ -893,7 +893,7 @@ static int ocfs2_get_next_id(struct supe int status = 0; trace_ocfs2_get_next_id(from_kqid(&init_user_ns, *qid), type); - if (!sb_has_quota_loaded(sb, type)) { + if (!sb_has_quota_active(sb, type)){ status = -ESRCH; goto out; } --- a/fs/ocfs2/quota_local.c~ocfs2-fix-slab-use-after-free-due-to-dangling-pointer-dqi_priv +++ a/fs/ocfs2/quota_local.c @@ -867,6 +867,7 @@ out: brelse(oinfo->dqi_libh); brelse(oinfo->dqi_lqi_bh); kfree(oinfo); + info->dqi_priv = NULL; return status; } _ Patches currently in -mm which might be from dennis.lamerice(a)gmail.com are ocfs2-fix-slab-use-after-free-due-to-dangling-pointer-dqi_priv.patch

6 months

1
0
0 0

[PATCH] PCI: fix reference leak in pci_alloc_child_bus()

by Ma Ke

When device_register(&child->dev) failed, calling put_device() to explicitly release child->dev. Otherwise, it could cause double free problem. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 4f535093cf8f ("PCI: Put pci_dev in device tree as early as possible") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- drivers/pci/probe.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index 2e81ab0f5a25..d3146c588d7f 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -1174,7 +1174,10 @@ static struct pci_bus *pci_alloc_child_bus(struct pci_bus *parent, add_dev: pci_set_bus_msi_domain(child); ret = device_register(&child->dev); - WARN_ON(ret < 0); + if (ret) { + WARN_ON(ret < 0); + put_device(&child->dev); + } pcibios_add_bus(child); -- 2.25.1

6 months

2
2
0 0

[for-linus][PATCH 2/2] trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The TP_printk() of a TRACE_EVENT() is a generic printf format that any developer can create for their event. It may include pointers to strings and such. A boot mapped buffer may contain data from a previous kernel where the strings addresses are different. One solution is to copy the event content and update the pointers by the recorded delta, but a simpler solution (for now) is to just use the print_fields() function to print these events. The print_fields() function just iterates the fields and prints them according to what type they are, and ignores the TP_printk() format from the event itself. To understand the difference, when printing via TP_printk() the output looks like this: 4582.696626: kmem_cache_alloc: call_site=getname_flags+0x47/0x1f0 ptr=00000000e70e10e0 bytes_req=4096 bytes_alloc=4096 gfp_flags=GFP_KERNEL node=-1 accounted=false 4582.696629: kmem_cache_alloc: call_site=alloc_empty_file+0x6b/0x110 ptr=0000000095808002 bytes_req=360 bytes_alloc=384 gfp_flags=GFP_KERNEL node=-1 accounted=false 4582.696630: kmem_cache_alloc: call_site=security_file_alloc+0x24/0x100 ptr=00000000576339c3 bytes_req=16 bytes_alloc=16 gfp_flags=GFP_KERNEL|__GFP_ZERO node=-1 accounted=false 4582.696653: kmem_cache_free: call_site=do_sys_openat2+0xa7/0xd0 ptr=00000000e70e10e0 name=names_cache But when printing via print_fields() (echo 1 > /sys/kernel/tracing/options/fields) the same event output looks like this: 4582.696626: kmem_cache_alloc: call_site=0xffffffff92d10d97 (-1831793257) ptr=0xffff9e0e8571e000 (-107689771147264) bytes_req=0x1000 (4096) bytes_alloc=0x1000 (4096) gfp_flags=0xcc0 (3264) node=0xffffffff (-1) accounted=(0) 4582.696629: kmem_cache_alloc: call_site=0xffffffff92d0250b (-1831852789) ptr=0xffff9e0e8577f800 (-107689770747904) bytes_req=0x168 (360) bytes_alloc=0x180 (384) gfp_flags=0xcc0 (3264) node=0xffffffff (-1) accounted=(0) 4582.696630: kmem_cache_alloc: call_site=0xffffffff92efca74 (-1829778828) ptr=0xffff9e0e8d35d3b0 (-107689640864848) bytes_req=0x10 (16) bytes_alloc=0x10 (16) gfp_flags=0xdc0 (3520) node=0xffffffff (-1) accounted=(0) 4582.696653: kmem_cache_free: call_site=0xffffffff92cfbea7 (-1831879001) ptr=0xffff9e0e8571e000 (-107689771147264) name=names_cache Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/20241218141507.28389a1d@gandalf.local.home Fixes: 07714b4bb3f98 ("tracing: Handle old buffer mappings for event strings and functions") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index be62f0ea1814..6581cb2bc67f 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -4353,6 +4353,15 @@ static enum print_line_t print_trace_fmt(struct trace_iterator *iter) if (event) { if (tr->trace_flags & TRACE_ITER_FIELDS) return print_event_fields(iter, event); + /* + * For TRACE_EVENT() events, the print_fmt is not + * safe to use if the array has delta offsets + * Force printing via the fields. + */ + if ((tr->text_delta || tr->data_delta) && + event->type > __TRACE_LAST_TYPE) + return print_event_fields(iter, event); + return event->funcs->trace(iter, sym_flags, event); } -- 2.45.2

6 months

1
0
0 0

[for-linus][PATCH 1/2] ring-buffer: Fix overflow in __rb_map_vma

by Steven Rostedt

From: Edward Adam Davis <eadavis(a)qq.com> An overflow occurred when performing the following calculation: nr_pages = ((nr_subbufs + 1) << subbuf_order) - pgoff; Add a check before the calculation to avoid this problem. syzbot reported this as a slab-out-of-bounds in __rb_map_vma: BUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 Read of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836 CPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138 tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482 call_mmap include/linux/fs.h:2183 [inline] mmap_file mm/internal.h:124 [inline] __mmap_new_file_vma mm/vma.c:2291 [inline] __mmap_new_vma mm/vma.c:2355 [inline] __mmap_region+0x1786/0x2670 mm/vma.c:2456 mmap_region+0x127/0x320 mm/mmap.c:1348 do_mmap+0xc00/0xfc0 mm/mmap.c:496 vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The reproducer for this bug is: ------------------------8<------------------------- #include <fcntl.h> #include <stdlib.h> #include <unistd.h> #include <asm/types.h> #include <sys/mman.h> int main(int argc, char **argv) { int page_size = getpagesize(); int fd; void *meta; system("echo 1 > /sys/kernel/tracing/buffer_size_kb"); fd = open("/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw", O_RDONLY); meta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5); } ------------------------>8------------------------- Cc: stable(a)vger.kernel.org Fixes: 117c39200d9d7 ("ring-buffer: Introducing ring-buffer mapping functions") Link: https://lore.kernel.org/tencent_06924B6674ED771167C23CC336C097223609@qq.com Reported-by: syzbot+345e4443a21200874b18(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=345e4443a21200874b18 Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ring_buffer.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 7e257e855dd1..60210fb5b211 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -7019,7 +7019,11 @@ static int __rb_map_vma(struct ring_buffer_per_cpu *cpu_buffer, lockdep_assert_held(&cpu_buffer->mapping_lock); nr_subbufs = cpu_buffer->nr_pages + 1; /* + reader-subbuf */ - nr_pages = ((nr_subbufs + 1) << subbuf_order) - pgoff; /* + meta-page */ + nr_pages = ((nr_subbufs + 1) << subbuf_order); /* + meta-page */ + if (nr_pages <= pgoff) + return -EINVAL; + + nr_pages -= pgoff; nr_vma_pages = vma_pages(vma); if (!nr_vma_pages || nr_vma_pages > nr_pages) -- 2.45.2

6 months

1
0
0 0

[PATCH] io_uring: Fix registered ring file refcount leak

by Jann Horn

Currently, io_uring_unreg_ringfd() (which cleans up registered rings) is only called on exit, but __io_uring_free (which frees the tctx in which the registered ring pointers are stored) is also called on execve (via begin_new_exec -> io_uring_task_cancel -> __io_uring_cancel -> io_uring_cancel_generic -> __io_uring_free). This means: A process going through execve while having registered rings will leak references to the rings' `struct file`. Fix it by zapping registered rings on execve(). This is implemented by moving the io_uring_unreg_ringfd() from io_uring_files_cancel() into its callee __io_uring_cancel(), which is called from io_uring_task_cancel() on execve. This could probably be exploited *on 32-bit kernels* by leaking 2^32 references to the same ring, because the file refcount is stored in a pointer-sized field and get_file() doesn't have protection against refcount overflow, just a WARN_ONCE(); but on 64-bit it should have no impact beyond a memory leak. Cc: stable(a)vger.kernel.org Fixes: e7a6c00dc77a ("io_uring: add support for registering ring file descriptors") Signed-off-by: Jann Horn <jannh(a)google.com> --- testcase: ``` #define _GNU_SOURCE #include <err.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sys/mman.h> #include <sys/syscall.h> #include <linux/io_uring.h> #define SYSCHK(x) ({ \ typeof(x) __res = (x); \ if (__res == (typeof(x))-1) \ err(1, "SYSCHK(" #x ")"); \ __res; \ }) #define NUM_SQ_PAGES 4 static int uring_fd; int main(void) { int memfd_sq = SYSCHK(memfd_create("", 0)); int memfd_cq = SYSCHK(memfd_create("", 0)); SYSCHK(ftruncate(memfd_sq, NUM_SQ_PAGES * 0x1000)); SYSCHK(ftruncate(memfd_cq, NUM_SQ_PAGES * 0x1000)); // sq void *sq_data = SYSCHK(mmap(NULL, NUM_SQ_PAGES*0x1000, PROT_READ|PROT_WRITE, MAP_SHARED, memfd_sq, 0)); // cq void *cq_data = SYSCHK(mmap(NULL, NUM_SQ_PAGES*0x1000, PROT_READ|PROT_WRITE, MAP_SHARED, memfd_cq, 0)); *(volatile unsigned int *)(cq_data+4) = 64 * NUM_SQ_PAGES; close(memfd_sq); close(memfd_cq); // initialize uring struct io_uring_params params = { .flags = IORING_SETUP_REGISTERED_FD_ONLY|IORING_SETUP_NO_MMAP|IORING_SETUP_NO_SQARRAY, .sq_off = { .user_addr = (unsigned long)sq_data }, .cq_off = { .user_addr = (unsigned long)cq_data } }; uring_fd = SYSCHK(syscall(__NR_io_uring_setup, /*entries=*/10, &params)); // re-execute execl("/proc/self/exe", NULL); err(1, "execve"); } ``` Leave it running for a while and monitor `grep ^filp /proc/slabinfo` and memory usage - without the patch, both will go up slowly but steadily. --- include/linux/io_uring.h | 4 +--- io_uring/io_uring.c | 1 + 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/include/linux/io_uring.h b/include/linux/io_uring.h index e123d5e17b526148054872ee513f665adea80eb6..85fe4e6b275c7de260ea9a8552b8e1c3e7f7e5ec 100644 --- a/include/linux/io_uring.h +++ b/include/linux/io_uring.h @@ -15,10 +15,8 @@ bool io_is_uring_fops(struct file *file); static inline void io_uring_files_cancel(void) { - if (current->io_uring) { - io_uring_unreg_ringfd(); + if (current->io_uring) __io_uring_cancel(false); - } } static inline void io_uring_task_cancel(void) { diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 06ff41484e29c6e7d8779bd7ff8317ebae003a8d..b1e888999cea137e043bf00372576861182857ac 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -3214,6 +3214,7 @@ __cold void io_uring_cancel_generic(bool cancel_all, struct io_sq_data *sqd) void __io_uring_cancel(bool cancel_all) { + io_uring_unreg_ringfd(); io_uring_cancel_generic(cancel_all, NULL); } --- base-commit: aef25be35d23ec768eed08bfcf7ca3cf9685bc28 change-id: 20241218-uring-reg-ring-cleanup-15dd7343194a -- Jann Horn <jannh(a)google.com>

6 months

2
1
0 0

[PATCH v3] tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe()

by Nikolay Kuratov

commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols") avoids checking number_of_same_symbols() for module symbol in __trace_kprobe_create(), but create_local_trace_kprobe() should avoid this check too. Doing this check leads to ENOENT for module_name:symbol_name constructions passed over perf_event_open. No bug in mainline and 6.12 as those contain more general fix commit 9d8616034f16 ("tracing/kprobes: Add symbol counting check when module loads") Link: https://lore.kernel.org/linux-trace-kernel/20240705161030.b3ddb33a8167013b9… Fixes: b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols") Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru> --- v1 -> v2: * Reword commit title and message * Send for stable instead of mainline v2 -> v3: * Specify first good LTS version in commit message * Remove explicit versions from the subject since 6.1 and 5.10 need fix too kernel/trace/trace_kprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 12d997bb3e78..94cb09d44115 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -1814,7 +1814,7 @@ create_local_trace_kprobe(char *func, void *addr, unsigned long offs, int ret; char *event; - if (func) { + if (func && !strchr(func, ':')) { unsigned int count; count = number_of_same_symbols(func); -- 2.34.1

6 months

3
2
0 0

[PATCH v2] mailbox: zynqmp: setup IPI for each valid child node

by Tanmay Shah

As per zynqmp-ipi bindings, zynqmp IPI node can have multiple child nodes. Current IPI setup function is set only for first child node. If IPI node has multiple child nodes in the device-tree, then IPI setup fails for child nodes other than first child node. In such case kernel will crash. Fix this crash by registering IPI setup function for each available child node. Cc: stable(a)vger.kernel.org Fixes: 41bcf30100c5 (mailbox: zynqmp: Move buffered IPI setup) Signed-off-by: Tanmay Shah <tanmay.shah(a)amd.com> Reviewed-by: Michal Simek <michal.simek(a)amd.com> --- Changes in v2: - Add Fixes tag drivers/mailbox/zynqmp-ipi-mailbox.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mailbox/zynqmp-ipi-mailbox.c b/drivers/mailbox/zynqmp-ipi-mailbox.c index 521d08b9ab47..815e0492f029 100644 --- a/drivers/mailbox/zynqmp-ipi-mailbox.c +++ b/drivers/mailbox/zynqmp-ipi-mailbox.c @@ -940,10 +940,10 @@ static int zynqmp_ipi_probe(struct platform_device *pdev) pdata->num_mboxes = num_mboxes; mbox = pdata->ipi_mboxes; - mbox->setup_ipi_fn = ipi_fn; - for_each_available_child_of_node(np, nc) { mbox->pdata = pdata; + mbox->setup_ipi_fn = ipi_fn; + ret = zynqmp_ipi_mbox_probe(mbox, nc); if (ret) { of_node_put(nc); base-commit: 28955f4fa2823e39f1ecfb3a37a364563527afbc -- 2.34.1

6 months

2
3
0 0

[PATCH v2 2/2] arm64: tegra: disable Tegra234 sce-fabric node

by Ivy Huang

From: Sumit Gupta <sumitg(a)nvidia.com> Access to safety cluster engine (SCE) fabric registers was blocked by firewall after the introduction of Functional Safety Island in Tegra234. After that, any access by software to SCE registers is correctly resulting in the internal bus error. However, when CPUs try accessing the SCE-fabric registers to print error info, another firewall error occurs as the fabric registers are also firewall protected. This results in a second error to be printed. Disable the SCE fabric node to avoid printing the misleading error. The first error info will be printed by the interrupt from the fabric causing the actual access. Cc: stable(a)vger.kernel.org Fixes: 302e154000ec ("arm64: tegra: Add node for CBB 2.0 on Tegra234") Signed-off-by: Sumit Gupta <sumitg(a)nvidia.com> Signed-off-by: Ivy Huang <yijuh(a)nvidia.com> --- arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/nvidia/tegra234.dtsi b/arch/arm64/boot/dts/nvidia/tegra234.dtsi index d08faf6bb505..05a771ab1ed5 100644 --- a/arch/arm64/boot/dts/nvidia/tegra234.dtsi +++ b/arch/arm64/boot/dts/nvidia/tegra234.dtsi @@ -3815,7 +3815,7 @@ sce-fabric@b600000 { compatible = "nvidia,tegra234-sce-fabric"; reg = <0x0 0xb600000 0x0 0x40000>; interrupts = <GIC_SPI 173 IRQ_TYPE_LEVEL_HIGH>; - status = "okay"; + status = "disabled"; }; rce-fabric@be00000 { -- 2.25.1

6 months

2
1
0 0

[PATCH v2 1/2] arm64: tegra: fix typo in Tegra234 dce-fabric compatible

by Ivy Huang

From: Sumit Gupta <sumitg(a)nvidia.com> The compatible string for the Tegra DCE fabric is currently defined as 'nvidia,tegra234-sce-fabric' but this is incorrect because this is the compatible string for SCE fabric. Update the compatible for the DCE fabric to correct the compatible string. This compatible needs to be correct in order for the interconnect to catch things such as improper data accesses. Cc: stable(a)vger.kernel.org Fixes: 302e154000ec ("arm64: tegra: Add node for CBB 2.0 on Tegra234") Signed-off-by: Sumit Gupta <sumitg(a)nvidia.com> Signed-off-by: Ivy Huang <yijuh(a)nvidia.com> --- arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/nvidia/tegra234.dtsi b/arch/arm64/boot/dts/nvidia/tegra234.dtsi index 984c85eab41a..d08faf6bb505 100644 --- a/arch/arm64/boot/dts/nvidia/tegra234.dtsi +++ b/arch/arm64/boot/dts/nvidia/tegra234.dtsi @@ -3995,7 +3995,7 @@ bpmp-fabric@d600000 { }; dce-fabric@de00000 { - compatible = "nvidia,tegra234-sce-fabric"; + compatible = "nvidia,tegra234-dce-fabric"; reg = <0x0 0xde00000 0x0 0x40000>; interrupts = <GIC_SPI 381 IRQ_TYPE_LEVEL_HIGH>; status = "okay"; -- 2.25.1

6 months

2
1
0 0

[PATCH 6.6 00/17] xfs backports for 6.6.y (from 6.11)

by Catherine Hoang

Hello, This series contains backports for 6.6 from the 6.11 release. This patchset has gone through xfs testing and review. Chen Ni (1): xfs: convert comma to semicolon Christoph Hellwig (1): xfs: fix the contact address for the sysfs ABI documentation Darrick J. Wong (10): xfs: verify buffer, inode, and dquot items every tx commit xfs: use consistent uid/gid when grabbing dquots for inodes xfs: declare xfs_file.c symbols in xfs_file.h xfs: create a new helper to return a file's allocation unit xfs: fix file_path handling in tracepoints xfs: attr forks require attr, not attr2 xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code xfs: take m_growlock when running growfsrt xfs: reset rootdir extent size hint after growfsrt John Garry (2): xfs: Fix xfs_flush_unmap_range() range for RT xfs: Fix xfs_prepare_shift() range for RT Julian Sun (1): xfs: remove unused parameter in macro XFS_DQUOT_LOGRES Zizhi Wo (1): xfs: Fix the owner setting issue for rmap query in xfs fsmap lei lu (1): xfs: don't walk off the end of a directory data block Documentation/ABI/testing/sysfs-fs-xfs | 8 +-- fs/xfs/Kconfig | 12 ++++ fs/xfs/libxfs/xfs_dir2_data.c | 31 ++++++++-- fs/xfs/libxfs/xfs_dir2_priv.h | 7 +++ fs/xfs/libxfs/xfs_quota_defs.h | 2 +- fs/xfs/libxfs/xfs_trans_resv.c | 28 ++++----- fs/xfs/scrub/agheader_repair.c | 2 +- fs/xfs/scrub/bmap.c | 8 ++- fs/xfs/scrub/trace.h | 10 ++-- fs/xfs/xfs.h | 4 ++ fs/xfs/xfs_bmap_util.c | 22 +++++--- fs/xfs/xfs_buf_item.c | 32 +++++++++++ fs/xfs/xfs_dquot_item.c | 31 ++++++++++ fs/xfs/xfs_file.c | 33 +++++------ fs/xfs/xfs_file.h | 15 +++++ fs/xfs/xfs_fsmap.c | 6 +- fs/xfs/xfs_inode.c | 29 ++++++++-- fs/xfs/xfs_inode.h | 2 + fs/xfs/xfs_inode_item.c | 32 +++++++++++ fs/xfs/xfs_ioctl.c | 12 ++++ fs/xfs/xfs_iops.c | 1 + fs/xfs/xfs_iops.h | 3 - fs/xfs/xfs_rtalloc.c | 78 +++++++++++++++++++++----- fs/xfs/xfs_symlink.c | 8 ++- 24 files changed, 328 insertions(+), 88 deletions(-) create mode 100644 fs/xfs/xfs_file.h -- 2.39.3

6 months

2
30
0 0

[PATCHSET 6.12] xfs: bug fixes for 6.12.y LTS

by Darrick J. Wong

Hi all, Here's a bunch of bespoke hand-ported bug fixes for 6.12 LTS. These fixes are the ones that weren't automatically picked up by Greg, either because they didn't apply or because they weren't cc'd to stable. If there are any problems please let me know; this is the first time I've ever sent patches to stable. With a bit of luck, this should all go splendidly. Comments and questions are, as always, welcome. --D --- Commits in this patchset: * xfs: sb_spino_align is not verified * xfs: fix sparse inode limits on runt AG * xfs: fix off-by-one error in fsmap's end_daddr usage * xfs: fix sb_spino_align checks for large fsblock sizes * xfs: fix zero byte checking in the superblock scrubber --- fs/xfs/libxfs/xfs_ialloc.c | 16 +++++++++------- fs/xfs/libxfs/xfs_sb.c | 15 +++++++++++++++ fs/xfs/scrub/agheader.c | 29 +++++++++++++++++++++++++++-- fs/xfs/xfs_fsmap.c | 29 ++++++++++++++++++----------- 4 files changed, 69 insertions(+), 20 deletions(-)

6 months

2
6
0 0

[PATCH 0/4] serial: sc16is7xx: backport FIFO fixes for linux-5.15.y

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Hello, this patch series brings additional patches to fix some FIFO issues when backporting to linux-5.15.y for the sc16is7xx driver. Commit ("serial: sc16is7xx: add missing support for rs485 devicetree properties") is required when using RS-485. Commit ("serial: sc16is7xx: refactor FIFO access functions to increase commonality") is a prerequisite for commit ("serial: sc16is7xx: fix TX fifo corruption"). Altough it is not strictly necessary, it makes backporting easier. I have tested the changes on a custom board with two SC16IS752 DUART over a SPI interface using a Variscite IMX8MN NANO SOM. The four UARTs are configured in RS-485 mode. Thank you. Hugo Villeneuve (4): serial: sc16is7xx: add missing support for rs485 devicetree properties serial: sc16is7xx: refactor FIFO access functions to increase commonality serial: sc16is7xx: fix TX fifo corruption serial: sc16is7xx: fix invalid FIFO access with special register set drivers/tty/serial/sc16is7xx.c | 38 ++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 16 deletions(-) -- 2.39.5

6 months

4
8
0 0

[PATCH v2] hexagon: Disable constant extender optimization for LLVM prior to 19.1.0

by Nathan Chancellor

The Hexagon-specific constant extender optimization in LLVM may crash on Linux kernel code [1], such as fs/bcache/btree_io.c after commit 32ed4a620c54 ("bcachefs: Btree path tracepoints") in 6.12: clang: llvm/lib/Target/Hexagon/HexagonConstExtenders.cpp:745: bool (anonymous namespace)::HexagonConstExtenders::ExtRoot::operator<(const HCE::ExtRoot &) const: Assertion `ThisB->getParent() == OtherB->getParent()' failed. Stack dump: 0. Program arguments: clang --target=hexagon-linux-musl ... fs/bcachefs/btree_io.c 1. <eof> parser at end of file 2. Code generation 3. Running pass 'Function Pass Manager' on module 'fs/bcachefs/btree_io.c'. 4. Running pass 'Hexagon constant-extender optimization' on function '@__btree_node_lock_nopath' Without assertions enabled, there is just a hang during compilation. This has been resolved in LLVM main (20.0.0) [2] and backported to LLVM 19.1.0 but the kernel supports LLVM 13.0.1 and newer, so disable the constant expander optimization using the '-mllvm' option when using a toolchain that is not fixed. Cc: stable(a)vger.kernel.org Link: https://github.com/llvm/llvm-project/issues/99714 [1] Link: https://github.com/llvm/llvm-project/commit/68df06a0b2998765cb0a41353fcf091… [2] Link: https://github.com/llvm/llvm-project/commit/2ab8d93061581edad3501561722ebd5… [3] Reviewed-by: Brian Cain <bcain(a)quicinc.com> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- Andrew, can you please take this for 6.13? Our CI continues to hit this. Changes in v2: - Rebase on 6.12 to make sure it is still applicable - Name exact bcachefs commit that introduces crash now that it is merged - Add 'Cc: stable' as this is now visible in a stable release - Carry forward Brian's reviewed-by - Link to v1: https://lore.kernel.org/r/20240819-hexagon-disable-constant-expander-pass-v… --- arch/hexagon/Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/hexagon/Makefile b/arch/hexagon/Makefile index 92d005958dfb232d48a4ca843b46262a84a08eb4..ff172cbe5881a074f9d9430c37071992a4c8beac 100644 --- a/arch/hexagon/Makefile +++ b/arch/hexagon/Makefile @@ -32,3 +32,9 @@ KBUILD_LDFLAGS += $(ldflags-y) TIR_NAME := r19 KBUILD_CFLAGS += -ffixed-$(TIR_NAME) -DTHREADINFO_REG=$(TIR_NAME) -D__linux__ KBUILD_AFLAGS += -DTHREADINFO_REG=$(TIR_NAME) + +# Disable HexagonConstExtenders pass for LLVM versions prior to 19.1.0 +# https://github.com/llvm/llvm-project/issues/99714 +ifneq ($(call clang-min-version, 190100),y) +KBUILD_CFLAGS += -mllvm -hexagon-cext=false +endif --- base-commit: adc218676eef25575469234709c2d87185ca223a change-id: 20240802-hexagon-disable-constant-expander-pass-8b6b61db6afc Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

6 months

2
4
0 0

[PATCH 5.10 00/43] 5.10.232-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.232 release. There are 43 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Dec 2024 17:05:03 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.232-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.232-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix a DMA to stack memory bug Juergen Gross <jgross(a)suse.com> x86/xen: remove hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: use new hypercall functions instead of hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: add central hypercall functions Juergen Gross <jgross(a)suse.com> x86/xen: don't do PV iret hypercall through hypercall page Juergen Gross <jgross(a)suse.com> x86/static-call: provide a way to do very early static-call updates Juergen Gross <jgross(a)suse.com> objtool/x86: allow syscall instruction Juergen Gross <jgross(a)suse.com> x86: make get_cpu_vendor() accessible from Xen code Juergen Gross <jgross(a)suse.com> xen/netfront: fix crash when removing device Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "clkdev: remove CONFIG_CLKDEV_LOOKUP" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "clocksource/drivers:sp804: Make user selectable" Jiasheng Jiang <jiashengjiangcool(a)outlook.com> drm/i915: Fix memory leak by correcting cache object name in error handler Nikolay Kuratov <kniv(a)yandex-team.ru> tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() Eduard Zingerman <eddyz87(a)gmail.com> bpf: sync_linked_regs() must preserve subreg_def Nathan Chancellor <nathan(a)kernel.org> blk-iocost: Avoid using clamp() on inuse in __propagate_weights() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired Daniel Borkmann <daniel(a)iogearbox.net> team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Daniel Borkmann <daniel(a)iogearbox.net> bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Alexander Lobakin <alobakin(a)pm.me> net: bonding, dummy, ifb, team: advertise NETIF_F_GSO_SOFTWARE Martin Ottens <martin.ottens(a)fau.de> net/sched: netem: account for backlog updates from child qdisc Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Make driver probing reliable Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix clock speed for multiple QCA7000 Anumula Murali Mohan Reddy <anumula(a)chelsio.com> cxgb4: use port number to set mac addr Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> ACPI: resource: Fix memory resource type union access Eric Dumazet <edumazet(a)google.com> net: lapb: increase LAPB_HEADER_LEN Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove duplicate test cases Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove h1 ingress test case Eric Dumazet <edumazet(a)google.com> tipc: fix NULL deref in cleanup_bearer() Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not let TT changes list grows indefinitely Remi Pommarel <repk(a)triplefau.lt> batman-adv: Remove uninitialized data in full table TT response Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not send uninitialized TT changes Suraj Sonawane <surajsonawane0215(a)gmail.com> acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix potential deadlock on __exfat_get_dentry_set Michal Luczaj <mhal(a)rbox.co> virtio/vsock: Fix accept_queue memory leak Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix update element with same Darrick J. Wong <djwong(a)kernel.org> xfs: fix scrub tracepoints when inode-rooted btrees are involved Darrick J. Wong <djwong(a)kernel.org> xfs: don't drop errno values when we fail to ficlone the entire range Lianqin Hu <hulianqin(a)vivo.com> usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-hcd: fix call balance of clocks handling routines Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> usb: host: max3421-hcd: Correctly abort a USB request. MoYuanhao <moyuanhao3676(a)163.com> tcp: check space before adding MPTCP SYN options ------------- Diffstat: Makefile | 4 +- arch/arm/Kconfig | 2 + arch/mips/Kconfig | 3 + arch/mips/pic32/Kconfig | 1 + arch/sh/Kconfig | 1 + arch/x86/include/asm/processor.h | 2 + arch/x86/include/asm/static_call.h | 15 ++++ arch/x86/include/asm/sync_core.h | 6 +- arch/x86/include/asm/xen/hypercall.h | 36 ++++---- arch/x86/kernel/cpu/common.c | 38 +++++---- arch/x86/kernel/static_call.c | 10 +++ arch/x86/xen/enlighten.c | 65 ++++++++++++++- arch/x86/xen/enlighten_hvm.c | 13 ++- arch/x86/xen/enlighten_pv.c | 4 +- arch/x86/xen/enlighten_pvh.c | 7 -- arch/x86/xen/xen-asm.S | 49 +++++++++-- arch/x86/xen/xen-head.S | 97 ++++++++++++++++++---- arch/x86/xen/xen-ops.h | 9 ++ block/blk-iocost.c | 9 +- drivers/acpi/acpica/evxfregn.c | 2 - drivers/acpi/nfit/core.c | 7 +- drivers/acpi/resource.c | 6 +- drivers/ata/sata_highbank.c | 1 + drivers/clk/Kconfig | 6 +- drivers/clk/Makefile | 3 +- drivers/clocksource/Kconfig | 9 +- drivers/gpu/drm/i915/i915_scheduler.c | 2 +- drivers/mmc/host/Kconfig | 4 +- drivers/net/bonding/bond_main.c | 12 +-- drivers/net/dummy.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4.h | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 5 +- drivers/net/ethernet/qualcomm/qca_spi.c | 26 +++--- drivers/net/ethernet/qualcomm/qca_spi.h | 1 - drivers/net/ifb.c | 3 +- drivers/net/team/team.c | 12 +-- drivers/net/xen-netfront.c | 5 +- drivers/staging/board/Kconfig | 2 +- drivers/usb/dwc2/hcd.c | 16 ++-- drivers/usb/gadget/function/u_serial.c | 9 +- drivers/usb/host/ehci-sh.c | 9 +- drivers/usb/host/max3421-hcd.c | 16 ++-- fs/exfat/dir.c | 2 +- fs/xfs/scrub/trace.h | 2 +- fs/xfs/xfs_file.c | 8 ++ include/linux/compiler.h | 34 +++++--- include/linux/static_call.h | 1 + include/net/lapb.h | 2 +- kernel/bpf/verifier.c | 5 +- kernel/static_call.c | 2 +- kernel/trace/trace_kprobe.c | 2 +- net/batman-adv/translation-table.c | 58 +++++++++---- net/core/sock_map.c | 1 + net/ipv4/tcp_output.c | 6 +- net/sched/sch_netem.c | 22 +++-- net/tipc/udp_media.c | 7 +- net/vmw_vsock/virtio_transport_common.c | 8 ++ sound/soc/dwc/Kconfig | 2 +- sound/soc/rockchip/Kconfig | 14 ++-- sound/usb/quirks.c | 31 ++++--- tools/objtool/check.c | 11 ++- .../selftests/drivers/net/mlxsw/sharedbuffer.sh | 15 ---- 63 files changed, 534 insertions(+), 232 deletions(-)

6 months

7
49
0 0

[PATCH 5.15 00/51] 5.15.175-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.175 release. There are 51 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Dec 2024 17:05:03 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.175-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.175-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix a DMA to stack memory bug Juergen Gross <jgross(a)suse.com> x86/xen: remove hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: use new hypercall functions instead of hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: add central hypercall functions Juergen Gross <jgross(a)suse.com> x86/xen: don't do PV iret hypercall through hypercall page Juergen Gross <jgross(a)suse.com> x86/static-call: provide a way to do very early static-call updates Juergen Gross <jgross(a)suse.com> objtool/x86: allow syscall instruction Juergen Gross <jgross(a)suse.com> x86: make get_cpu_vendor() accessible from Xen code Juergen Gross <jgross(a)suse.com> xen/netfront: fix crash when removing device Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "parisc: fix a possible DMA corruption" Nikolay Kuratov <kniv(a)yandex-team.ru> tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() Eduard Zingerman <eddyz87(a)gmail.com> bpf: sync_linked_regs() must preserve subreg_def Nathan Chancellor <nathan(a)kernel.org> blk-iocost: Avoid using clamp() on inuse in __propagate_weights() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired Daniel Borkmann <daniel(a)iogearbox.net> team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Daniel Borkmann <daniel(a)iogearbox.net> bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Martin Ottens <martin.ottens(a)fau.de> net/sched: netem: account for backlog updates from child qdisc Paul Barker <paul.barker.ct(a)bp.renesas.com> Documentation: PM: Clarify pm_runtime_resume_and_get() return value Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Make driver probing reliable Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix clock speed for multiple QCA7000 Anumula Murali Mohan Reddy <anumula(a)chelsio.com> cxgb4: use port number to set mac addr Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> ACPI: resource: Fix memory resource type union access Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix the maximum frame length register Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix FDMA performance issue Eric Dumazet <edumazet(a)google.com> net: lapb: increase LAPB_HEADER_LEN Thomas Weißschuh <linux(a)weissschuh.net> ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from kvm_arch_ptp_init() Jeremi Piotrowski <jpiotrowski(a)linux.microsoft.com> ptp: kvm: Use decrypted memory in confidential guest on x86 Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove duplicate test cases Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove h1 ingress test case Eric Dumazet <edumazet(a)google.com> tipc: fix NULL deref in cleanup_bearer() Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not let TT changes list grows indefinitely Remi Pommarel <repk(a)triplefau.lt> batman-adv: Remove uninitialized data in full table TT response Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not send uninitialized TT changes Suraj Sonawane <surajsonawane0215(a)gmail.com> acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix potential deadlock on __exfat_get_dentry_set Michal Luczaj <mhal(a)rbox.co> virtio/vsock: Fix accept_queue memory leak Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix update element with same Darrick J. Wong <djwong(a)kernel.org> xfs: fix scrub tracepoints when inode-rooted btrees are involved Darrick J. Wong <djwong(a)kernel.org> xfs: return from xfs_symlink_verify early on V4 filesystems Darrick J. Wong <djwong(a)kernel.org> xfs: don't drop errno values when we fail to ficlone the entire range Darrick J. Wong <djwong(a)kernel.org> xfs: update btree keys correctly when _insrec splits an inode root block Jiasheng Jiang <jiashengjiangcool(a)outlook.com> drm/i915: Fix memory leak by correcting cache object name in error handler Lianqin Hu <hulianqin(a)vivo.com> usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-hcd: fix call balance of clocks handling routines Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: Fix HCD port connection race Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: Fix HCD resume Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> usb: host: max3421-hcd: Correctly abort a USB request. Jaakko Salo <jaakkos(a)gmail.com> ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 MoYuanhao <moyuanhao3676(a)163.com> tcp: check space before adding MPTCP SYN options ------------- Diffstat: Documentation/power/runtime_pm.rst | 4 +- Makefile | 4 +- arch/parisc/Kconfig | 1 - arch/parisc/include/asm/cache.h | 11 +-- arch/x86/include/asm/processor.h | 2 + arch/x86/include/asm/static_call.h | 15 ++++ arch/x86/include/asm/sync_core.h | 6 +- arch/x86/include/asm/xen/hypercall.h | 36 ++++---- arch/x86/kernel/cpu/common.c | 38 +++++---- arch/x86/kernel/static_call.c | 10 +++ arch/x86/xen/enlighten.c | 65 ++++++++++++++- arch/x86/xen/enlighten_hvm.c | 13 ++- arch/x86/xen/enlighten_pv.c | 4 +- arch/x86/xen/enlighten_pvh.c | 7 -- arch/x86/xen/xen-asm.S | 49 +++++++++-- arch/x86/xen/xen-head.S | 97 ++++++++++++++++++---- arch/x86/xen/xen-ops.h | 9 ++ block/blk-iocost.c | 9 +- drivers/acpi/acpica/evxfregn.c | 2 - drivers/acpi/nfit/core.c | 7 +- drivers/acpi/resource.c | 6 +- drivers/ata/sata_highbank.c | 1 + drivers/gpu/drm/i915/i915_scheduler.c | 2 +- drivers/net/bonding/bond_main.c | 1 + drivers/net/ethernet/chelsio/cxgb4/cxgb4.h | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 5 +- .../net/ethernet/microchip/sparx5/sparx5_main.c | 11 ++- .../net/ethernet/microchip/sparx5/sparx5_port.c | 2 +- drivers/net/ethernet/qualcomm/qca_spi.c | 26 +++--- drivers/net/ethernet/qualcomm/qca_spi.h | 1 - drivers/net/team/team.c | 3 +- drivers/net/xen-netfront.c | 5 +- drivers/ptp/ptp_kvm_arm.c | 4 + drivers/ptp/ptp_kvm_common.c | 1 + drivers/ptp/ptp_kvm_x86.c | 61 +++++++++++--- drivers/usb/dwc2/hcd.c | 19 ++--- drivers/usb/gadget/function/u_serial.c | 9 +- drivers/usb/host/ehci-sh.c | 9 +- drivers/usb/host/max3421-hcd.c | 16 ++-- fs/exfat/dir.c | 2 +- fs/xfs/libxfs/xfs_btree.c | 29 +++++-- fs/xfs/libxfs/xfs_symlink_remote.c | 4 +- fs/xfs/scrub/trace.h | 2 +- fs/xfs/xfs_file.c | 8 ++ include/linux/compiler.h | 34 +++++--- include/linux/ptp_kvm.h | 1 + include/linux/static_call.h | 1 + include/net/lapb.h | 2 +- kernel/bpf/verifier.c | 5 +- kernel/static_call_inline.c | 2 +- kernel/trace/trace_kprobe.c | 2 +- net/batman-adv/translation-table.c | 58 +++++++++---- net/core/sock_map.c | 1 + net/ipv4/tcp_output.c | 6 +- net/sched/sch_netem.c | 22 +++-- net/tipc/udp_media.c | 7 +- net/vmw_vsock/virtio_transport_common.c | 8 ++ sound/usb/quirks.c | 33 +++++--- tools/objtool/check.c | 11 ++- .../selftests/drivers/net/mlxsw/sharedbuffer.sh | 15 ---- 61 files changed, 589 insertions(+), 239 deletions(-)

6 months

7
57
0 0

Rechnung. Nr49024

by alex＠dollkiteboarding.com

Guten Morgen Anbei finden Sie Ihre Rechnung. Viele Grüße Jan Leye

6 months

1
0
0 0

[PATCH 1/4] drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> I'm seeing underruns with these 64bpp YUV formats on TGL. The weird details: - only happens on pipe B/C/D SDR planes, pipe A SDR planes seem fine, as do all HDR planes - somehow CDCLK related, higher CDCLK allows for bigger plane with these formats without underruns. With 300MHz CDCLK I can only go up to 1200 pixels wide or so, with 650MHz even a 3840 pixel wide plane was OK - ICL and ADL so far appear unaffected So not really sure what's the deal with this, but bspec does state "64-bit formats supported only on the HDR planes" so let's just drop these formats from the SDR planes. We already disallow 64bpp RGB formats. Cc: stable(a)vger.kernel.org Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/skl_universal_plane.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/gpu/drm/i915/display/skl_universal_plane.c b/drivers/gpu/drm/i915/display/skl_universal_plane.c index ff9764cac1e7..80e558042d97 100644 --- a/drivers/gpu/drm/i915/display/skl_universal_plane.c +++ b/drivers/gpu/drm/i915/display/skl_universal_plane.c @@ -106,8 +106,6 @@ static const u32 icl_sdr_y_plane_formats[] = { DRM_FORMAT_Y216, DRM_FORMAT_XYUV8888, DRM_FORMAT_XVYU2101010, - DRM_FORMAT_XVYU12_16161616, - DRM_FORMAT_XVYU16161616, }; static const u32 icl_sdr_uv_plane_formats[] = { @@ -134,8 +132,6 @@ static const u32 icl_sdr_uv_plane_formats[] = { DRM_FORMAT_Y216, DRM_FORMAT_XYUV8888, DRM_FORMAT_XVYU2101010, - DRM_FORMAT_XVYU12_16161616, - DRM_FORMAT_XVYU16161616, }; static const u32 icl_hdr_plane_formats[] = { -- 2.45.2

6 months

1
0
0 0

[PATCH 6.1 00/76] 6.1.121-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.121 release. There are 76 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Dec 2024 17:05:03 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.121-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.121-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix a DMA to stack memory bug Juergen Gross <jgross(a)suse.com> x86/xen: remove hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: use new hypercall functions instead of hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: add central hypercall functions Juergen Gross <jgross(a)suse.com> x86/xen: don't do PV iret hypercall through hypercall page Juergen Gross <jgross(a)suse.com> x86/static-call: provide a way to do very early static-call updates Juergen Gross <jgross(a)suse.com> objtool/x86: allow syscall instruction Juergen Gross <jgross(a)suse.com> x86: make get_cpu_vendor() accessible from Xen code Juergen Gross <jgross(a)suse.com> xen/netfront: fix crash when removing device Nikolay Kuratov <kniv(a)yandex-team.ru> tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() Eduard Zingerman <eddyz87(a)gmail.com> bpf: sync_linked_regs() must preserve subreg_def Nathan Chancellor <nathan(a)kernel.org> blk-iocost: Avoid using clamp() on inuse in __propagate_weights() Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: SCO: Add support for 16 bits transparent voice setting Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Fix recursive locking warning Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired Daniel Borkmann <daniel(a)iogearbox.net> team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Daniel Borkmann <daniel(a)iogearbox.net> bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Martin Ottens <martin.ottens(a)fau.de> net/sched: netem: account for backlog updates from child qdisc Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix stuck CPU-injected packets with short taprio windows Paul Barker <paul.barker.ct(a)bp.renesas.com> Documentation: PM: Clarify pm_runtime_resume_and_get() return value Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: yc: Fix the wrong return value Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Make driver probing reliable Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix clock speed for multiple QCA7000 Anumula Murali Mohan Reddy <anumula(a)chelsio.com> cxgb4: use port number to set mac addr Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> ACPI: resource: Fix memory resource type union access Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix the maximum frame length register Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix FDMA performance issue Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: perform error cleanup in ocelot_hwstamp_set() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: be resilient to loss of PTP packets during transmission Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: ocelot->ts_id_lock and ocelot_port->tx_skbs.lock are IRQ-safe Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: improve handling of TX timestamp for unknown skb Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: fix memory leak on ocelot_port_add_txtstamp_skb() Eric Dumazet <edumazet(a)google.com> net: defer final 'struct net' free in netns dismantle Eric Dumazet <edumazet(a)google.com> net: lapb: increase LAPB_HEADER_LEN Thomas Weißschuh <linux(a)weissschuh.net> ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from kvm_arch_ptp_init() Jeremi Piotrowski <jpiotrowski(a)linux.microsoft.com> ptp: kvm: Use decrypted memory in confidential guest on x86 Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Ensure no extra packets are counted Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove duplicate test cases Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove h1 ingress test case Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx5: DR, prevent potential error pointer dereference Eric Dumazet <edumazet(a)google.com> tipc: fix NULL deref in cleanup_bearer() Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not let TT changes list grows indefinitely Remi Pommarel <repk(a)triplefau.lt> batman-adv: Remove uninitialized data in full table TT response Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not send uninitialized TT changes David (Ming Qiang) Wu <David.Wu3(a)amd.com> amdgpu/uvd: get ring reference from rq scheduler Suraj Sonawane <surajsonawane0215(a)gmail.com> acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mac80211: fix station NSS capability initialization order Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() Lin Ma <linma(a)zju.edu.cn> wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one Sungjong Seo <sj1557.seo(a)samsung.com> exfat: fix potential deadlock on __exfat_get_dentry_set Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: support dynamic allocate bh for exfat_entry_set_cache Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in smb2_reconnect_server() Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix update element with same Jiri Olsa <jolsa(a)kernel.org> bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog Darrick J. Wong <djwong(a)kernel.org> xfs: only run precommits once per transaction object Darrick J. Wong <djwong(a)kernel.org> xfs: fix scrub tracepoints when inode-rooted btrees are involved Darrick J. Wong <djwong(a)kernel.org> xfs: return from xfs_symlink_verify early on V4 filesystems Darrick J. Wong <djwong(a)kernel.org> xfs: don't drop errno values when we fail to ficlone the entire range Darrick J. Wong <djwong(a)kernel.org> xfs: update btree keys correctly when _insrec splits an inode root block Jiasheng Jiang <jiashengjiangcool(a)outlook.com> drm/i915: Fix memory leak by correcting cache object name in error handler Neal Frager <neal.frager(a)amd.com> usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode Lianqin Hu <hulianqin(a)vivo.com> usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: typec: anx7411: fix fwnode_handle reference leak Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-hcd: fix call balance of clocks handling routines Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: Fix HCD port connection race Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: Fix HCD resume Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> usb: host: max3421-hcd: Correctly abort a USB request. Jaakko Salo <jaakkos(a)gmail.com> ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 Tejun Heo <tj(a)kernel.org> blk-cgroup: Fix UAF in blkcg_unpin_online() MoYuanhao <moyuanhao3676(a)163.com> tcp: check space before adding MPTCP SYN options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix racy issue from session lookup and expire Jann Horn <jannh(a)google.com> bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors ------------- Diffstat: Documentation/power/runtime_pm.rst | 4 +- Makefile | 4 +- arch/x86/include/asm/processor.h | 2 + arch/x86/include/asm/static_call.h | 15 ++ arch/x86/include/asm/sync_core.h | 6 +- arch/x86/include/asm/xen/hypercall.h | 36 ++-- arch/x86/kernel/cpu/common.c | 38 ++-- arch/x86/kernel/static_call.c | 9 + arch/x86/xen/enlighten.c | 65 ++++++- arch/x86/xen/enlighten_hvm.c | 13 +- arch/x86/xen/enlighten_pv.c | 4 +- arch/x86/xen/enlighten_pvh.c | 7 - arch/x86/xen/xen-asm.S | 50 ++++- arch/x86/xen/xen-head.S | 106 ++++++++--- arch/x86/xen/xen-ops.h | 9 + block/blk-cgroup.c | 6 +- block/blk-iocost.c | 9 +- drivers/acpi/acpica/evxfregn.c | 2 - drivers/acpi/nfit/core.c | 7 +- drivers/acpi/resource.c | 6 +- drivers/ata/sata_highbank.c | 1 + drivers/gpu/drm/amd/amdgpu/uvd_v7_0.c | 2 +- drivers/gpu/drm/i915/i915_scheduler.c | 2 +- drivers/net/bonding/bond_main.c | 1 + drivers/net/dsa/ocelot/felix_vsc9959.c | 17 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4.h | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 5 +- .../mellanox/mlx5/core/steering/dr_domain.c | 4 +- .../net/ethernet/microchip/sparx5/sparx5_main.c | 11 +- .../net/ethernet/microchip/sparx5/sparx5_port.c | 2 +- drivers/net/ethernet/mscc/ocelot_ptp.c | 207 +++++++++++++-------- drivers/net/ethernet/qualcomm/qca_spi.c | 26 ++- drivers/net/ethernet/qualcomm/qca_spi.h | 1 - drivers/net/team/team.c | 3 +- drivers/net/xen-netfront.c | 5 +- drivers/ptp/ptp_kvm_arm.c | 4 + drivers/ptp/ptp_kvm_common.c | 1 + drivers/ptp/ptp_kvm_x86.c | 61 ++++-- drivers/spi/spi-aspeed-smc.c | 10 +- drivers/usb/dwc2/hcd.c | 19 +- drivers/usb/dwc3/dwc3-xilinx.c | 5 +- drivers/usb/gadget/function/u_serial.c | 9 +- drivers/usb/host/ehci-sh.c | 9 +- drivers/usb/host/max3421-hcd.c | 16 +- drivers/usb/typec/anx7411.c | 66 ++++--- fs/exfat/dir.c | 15 ++ fs/exfat/exfat_fs.h | 5 +- fs/smb/client/connect.c | 78 ++++---- fs/smb/server/auth.c | 2 + fs/smb/server/mgmt/user_session.c | 6 +- fs/smb/server/server.c | 4 +- fs/smb/server/smb2pdu.c | 27 +-- fs/xfs/libxfs/xfs_btree.c | 29 ++- fs/xfs/libxfs/xfs_symlink_remote.c | 4 +- fs/xfs/scrub/trace.h | 2 +- fs/xfs/xfs_file.c | 8 + fs/xfs/xfs_trans.c | 16 +- include/linux/compiler.h | 39 ++-- include/linux/dsa/ocelot.h | 1 + include/linux/ptp_kvm.h | 1 + include/linux/static_call.h | 1 + include/net/bluetooth/bluetooth.h | 1 + include/net/lapb.h | 2 +- include/net/net_namespace.h | 1 + include/soc/mscc/ocelot.h | 2 - kernel/bpf/verifier.c | 5 +- kernel/static_call_inline.c | 2 +- kernel/trace/bpf_trace.c | 11 ++ kernel/trace/trace_kprobe.c | 2 +- net/batman-adv/translation-table.c | 58 ++++-- net/bluetooth/iso.c | 8 +- net/bluetooth/sco.c | 29 +-- net/core/net_namespace.c | 21 ++- net/core/sock_map.c | 1 + net/ipv4/tcp_output.c | 6 +- net/mac80211/cfg.c | 9 +- net/sched/sch_netem.c | 22 ++- net/tipc/udp_media.c | 7 +- net/wireless/nl80211.c | 2 +- sound/soc/amd/yc/acp6x-mach.c | 13 +- sound/usb/quirks.c | 44 +++-- tools/objtool/check.c | 11 +- .../selftests/drivers/net/mlxsw/sharedbuffer.sh | 55 ++++-- 84 files changed, 980 insertions(+), 459 deletions(-)

6 months

9
84
0 0

add 'X-KernelTest-Commit' in the stable-rc mail header

by Gustavo Padovan

Hey Greg, Sasha, We are doing some work to further automate stable-rc testing, triage, validation and reporting of stable-rc branches in the new KernelCI system. As part of that, we want to start relying on the X-KernelTest-* mail header parameters, however there is no parameter with the git commit hash of the brach head. Today, there is only information about the tree and branch, but no tags or commits. Essentially, we want to parse the email headers and immediately be able to request results from the KernelCI Dashboard API passing the head commit being tested. Is it possible to add 'X-KernelTest-Commit'? Thank you. - Gus -- Gustavo Padovan Kernel Lead Collabora Ltd. Platinum Building, St John's Innovation Park Cambridge CB4 0DS, UK Registered in England & Wales, no. 5513718

6 months

4
9
0 0

[PATCH v4 0/8] driver core: class: Fix bug and code improvements for class APIs

by Zijun Hu

This patch series is to fix bugs and improve codes regarding various driver core device iterating APIs Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v4: - Squich patches 3-5 into one based on Jonathan and Fan comments. - Add one more patch - Link to v3: https://lore.kernel.org/r/20241212-class_fix-v3-0-04e20c4f0971@quicinc.com Changes in v3: - Correct commit message, add fix tag, and correct pr_crit() message for 1st patch - Add more patches regarding driver core device iterating APIs. - Link to v2: https://lore.kernel.org/r/20241112-class_fix-v2-0-73d198d0a0d5@quicinc.com Changes in v2: - Remove both fix and stable tag for patch 1/3 - drop patch 3/3 - Link to v1: https://lore.kernel.org/r/20241105-class_fix-v1-0-80866f9994a5@quicinc.com --- Zijun Hu (8): driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() blk-cgroup: Fix class @block_class's subsystem refcount leakage driver core: Move true expression out of if condition in 3 device finding APIs driver core: Rename declaration parameter name for API device_find_child() cluster driver core: Correct parameter check for API device_for_each_child_reverse_from() driver core: Correct API device_for_each_child_reverse_from() prototype driver core: Introduce device_iter_t for device iterating APIs driver core: Move 2 one line device finding APIs to header block/blk-cgroup.c | 1 + drivers/base/bus.c | 9 +++++--- drivers/base/class.c | 11 ++++++++-- drivers/base/core.c | 49 +++++++++---------------------------------- drivers/base/driver.c | 9 +++++--- drivers/cxl/core/hdm.c | 2 +- drivers/cxl/core/region.c | 2 +- include/linux/device.h | 28 ++++++++++++++++--------- include/linux/device/bus.h | 7 +++++-- include/linux/device/class.h | 4 ++-- include/linux/device/driver.h | 2 +- 11 files changed, 60 insertions(+), 64 deletions(-) --- base-commit: cdd30ebb1b9f36159d66f088b61aee264e649d7a change-id: 20241104-class_fix-f176bd9eba22 prerequisite-change-id: 20241201-const_dfc_done-aaec71e3bbea:v4 prerequisite-patch-id: 536aa56c0d055f644a1f71ab5c88b7cac9510162 prerequisite-patch-id: 39b0cf088c72853d9ce60c9e633ad2070a0278a8 prerequisite-patch-id: 60b22c42b67ad56a3d2a7b80a30ad588cbe740ec prerequisite-patch-id: 119a167d7248481987b5e015db0e4fdb0d6edab8 prerequisite-patch-id: 133248083f3d3c57beb16473c2a4c62b3abc5fd0 prerequisite-patch-id: 4cda541f55165650bfa69fb19cbe0524eff0cb85 prerequisite-patch-id: 2b4193c6ea6370c07e6b66de04be89fb09448f54 prerequisite-patch-id: 73c675db18330c89fd8ca4790914d1d486ce0db8 prerequisite-patch-id: 88c50fc851fd7077797fd4e63fb12966b1b601bd prerequisite-patch-id: 47b93916c1b5fb809d7c99aeaa05c729b1af01c5 prerequisite-patch-id: 52ffb42b5aae69cae708332e0ddc7016139999f1 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

6 months

2
2
0 0

[PATCH v3] usb: fix reference leak in usb_new_device()

by Ma Ke

When device_add(&udev->dev) succeeds and a later call fails, usb_new_device() does not properly call device_del(). As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 9f8b17e643fe ("USB: make usbdevices export their device nodes instead of using a separate class") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- Changes in v3: - modified the bug description according to the changes of the patch; - removed redundant put_device() in patch v2 as suggestions. Changes in v2: - modified the bug description to make it more clear; - added the missed part of the patch. --- drivers/usb/core/hub.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 4b93c0bd1d4b..21ac9b464696 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -2663,13 +2663,13 @@ int usb_new_device(struct usb_device *udev) err = sysfs_create_link(&udev->dev.kobj, &port_dev->dev.kobj, "port"); if (err) - goto fail; + goto out_del_dev; err = sysfs_create_link(&port_dev->dev.kobj, &udev->dev.kobj, "device"); if (err) { sysfs_remove_link(&udev->dev.kobj, "port"); - goto fail; + goto out_del_dev; } if (!test_and_set_bit(port1, hub->child_usage_bits)) @@ -2683,6 +2683,8 @@ int usb_new_device(struct usb_device *udev) pm_runtime_put_sync_autosuspend(&udev->dev); return err; +out_del_dev: + device_del(&udev->dev); fail: usb_set_device_state(udev, USB_STATE_NOTATTACHED); pm_runtime_disable(&udev->dev); -- 2.25.1

6 months

2
1
0 0

[PATCH V6 1/3] perf/x86/intel/ds: Add PEBS format 6

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The only difference between 5 and 6 is the new counters snapshotting group, without the following counters snapshotting enabling patches, it's impossible to utilize the feature in a PEBS record. It's safe to share the same code path with format 5. Add format 6, so the end user can at least utilize the legacy PEBS features. Fixes: a932aa0e868f ("perf/x86: Add Lunar Lake and Arrow Lake support") Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- No changes since V5 arch/x86/events/intel/ds.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index 8dcf90f6fb59..ba74e1198328 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -2551,6 +2551,7 @@ void __init intel_ds_init(void) x86_pmu.large_pebs_flags |= PERF_SAMPLE_TIME; break; + case 6: case 5: x86_pmu.pebs_ept = 1; fallthrough; -- 2.38.1

6 months

1
0
0 0

[PATCH] NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()

by Gax-c

From: Zichen Xie <zichenxie0106(a)gmail.com> name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues. Fixes: e13b549319a6 ("NFS: Add sysfs links to sunrpc clients for nfs_clients") Signed-off-by: Zichen Xie <zichenxie0106(a)gmail.com> Cc: stable(a)vger.kernel.org --- fs/nfs/sysfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/nfs/sysfs.c b/fs/nfs/sysfs.c index bf378ecd5d9f..7b59a40d40c0 100644 --- a/fs/nfs/sysfs.c +++ b/fs/nfs/sysfs.c @@ -280,9 +280,9 @@ void nfs_sysfs_link_rpc_client(struct nfs_server *server, char name[RPC_CLIENT_NAME_SIZE]; int ret; - strcpy(name, clnt->cl_program->name); - strcat(name, uniq ? uniq : ""); - strcat(name, "_client"); + strscpy(name, clnt->cl_program->name, sizeof(name)); + strncat(name, uniq ? uniq : "", sizeof(name) - strlen(name) - 1); + strncat(name, "_client", sizeof(name) - strlen(name) - 1); ret = sysfs_create_link_nowarn(&server->kobj, &clnt->cl_sysfs->kobject, name); -- 2.25.1

6 months

3
3
0 0

[PATCH net 5/5] gve: fix XDP allocation path in edge cases

by Praveen Kaligineedi

From: Joshua Washington <joshwash(a)google.com> This patch fixes a number of consistency issues in the queue allocation path related to XDP. As it stands, the number of allocated XDP queues changes in three different scenarios. 1) Adding an XDP program while the interface is up via gve_add_xdp_queues 2) Removing an XDP program while the interface is up via gve_remove_xdp_queues 3) After queues have been allocated and the old queue memory has been removed in gve_queues_start. However, the requirement for the interface to be up for gve_(add|remove)_xdp_queues to be called, in conjunction with the fact that the number of queues stored in priv isn't updated until _after_ XDP queues have been allocated in the normal queue allocation path means that if an XDP program is added while the interface is down, XDP queues won't be added until the _second_ if_up, not the first. Given the expectation that the number of XDP queues is equal to the number of RX queues, scenario (3) has another problematic implication. When changing the number of queues while an XDP program is loaded, the number of XDP queues must be updated as well, as there is logic in the driver (gve_xdp_tx_queue_id()) which relies on every RX queue having a corresponding XDP TX queue. However, the number of XDP queues stored in priv would not be updated until _after_ a close/open leading to a mismatch in the number of XDP queues reported vs the number of XDP queues which actually exist after the queue count update completes. This patch remedies these issues by doing the following: 1) The allocation config getter function is set up to retrieve the _expected_ number of XDP queues to allocate instead of relying on the value stored in `priv` which is only updated once the queues have been allocated. 2) When adjusting queues, XDP queues are adjusted to match the number of RX queues when XDP is enabled. This only works in the case when queues are live, so part (1) of the fix must still be available in the case that queues are adjusted when there is an XDP program and the interface is down. Fixes: 5f08cd3d6423 ("gve: Alloc before freeing when adjusting queues") Cc: stable(a)vger.kernel.org Signed-off-by: Joshua Washington <joshwash(a)google.com> Signed-off-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Reviewed-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Reviewed-by: Shailend Chand <shailend(a)google.com> Reviewed-by: Willem de Bruijn <willemb(a)google.com> --- drivers/net/ethernet/google/gve/gve_main.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c index 5cab7b88610f..09fb7f16f73e 100644 --- a/drivers/net/ethernet/google/gve/gve_main.c +++ b/drivers/net/ethernet/google/gve/gve_main.c @@ -930,11 +930,13 @@ static void gve_init_sync_stats(struct gve_priv *priv) static void gve_tx_get_curr_alloc_cfg(struct gve_priv *priv, struct gve_tx_alloc_rings_cfg *cfg) { + int num_xdp_queues = priv->xdp_prog ? priv->rx_cfg.num_queues : 0; + cfg->qcfg = &priv->tx_cfg; cfg->raw_addressing = !gve_is_qpl(priv); cfg->ring_size = priv->tx_desc_cnt; cfg->start_idx = 0; - cfg->num_rings = gve_num_tx_queues(priv); + cfg->num_rings = priv->tx_cfg.num_queues + num_xdp_queues; cfg->tx = priv->tx; } @@ -1843,6 +1845,7 @@ int gve_adjust_queues(struct gve_priv *priv, { struct gve_tx_alloc_rings_cfg tx_alloc_cfg = {0}; struct gve_rx_alloc_rings_cfg rx_alloc_cfg = {0}; + int num_xdp_queues; int err; gve_get_curr_alloc_cfgs(priv, &tx_alloc_cfg, &rx_alloc_cfg); @@ -1853,6 +1856,10 @@ int gve_adjust_queues(struct gve_priv *priv, rx_alloc_cfg.qcfg = &new_rx_config; tx_alloc_cfg.num_rings = new_tx_config.num_queues; + /* Add dedicated XDP TX queues if enabled. */ + num_xdp_queues = priv->xdp_prog ? new_rx_config.num_queues : 0; + tx_alloc_cfg.num_rings += num_xdp_queues; + if (netif_running(priv->dev)) { err = gve_adjust_config(priv, &tx_alloc_cfg, &rx_alloc_cfg); return err; -- 2.47.1.613.gc27f4b7a9f-goog

6 months

1
0
0 0

[PATCH net 4/5] gve: process XSK TX descriptors as part of RX NAPI

by Praveen Kaligineedi

From: Joshua Washington <joshwash(a)google.com> When busy polling is enabled, xsk_sendmsg for AF_XDP zero copy marks the NAPI ID corresponding to the memory pool allocated for the socket. In GVE, this NAPI ID will never correspond to a NAPI ID of one of the dedicated XDP TX queues registered with the umem because XDP TX is not set up to share a NAPI with a corresponding RX queue. This patch moves XSK TX descriptor processing from the TX NAPI to the RX NAPI, and the gve_xsk_wakeup callback is updated to use the RX NAPI instead of the TX NAPI, accordingly. The branch on if the wakeup is for TX is removed, as the NAPI poll should be invoked whether the wakeup is for TX or for RX. Fixes: fd8e40321a12 ("gve: Add AF_XDP zero-copy support for GQI-QPL format") Cc: stable(a)vger.kernel.org Signed-off-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Signed-off-by: Joshua Washington <joshwash(a)google.com> Reviewed-by: Willem de Bruijn <willemb(a)google.com> --- drivers/net/ethernet/google/gve/gve.h | 1 + drivers/net/ethernet/google/gve/gve_main.c | 8 +++++ drivers/net/ethernet/google/gve/gve_tx.c | 36 +++++++++++++--------- 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/drivers/net/ethernet/google/gve/gve.h b/drivers/net/ethernet/google/gve/gve.h index dd92949bb214..8167cc5fb0df 100644 --- a/drivers/net/ethernet/google/gve/gve.h +++ b/drivers/net/ethernet/google/gve/gve.h @@ -1140,6 +1140,7 @@ int gve_xdp_xmit_one(struct gve_priv *priv, struct gve_tx_ring *tx, void gve_xdp_tx_flush(struct gve_priv *priv, u32 xdp_qid); bool gve_tx_poll(struct gve_notify_block *block, int budget); bool gve_xdp_poll(struct gve_notify_block *block, int budget); +int gve_xsk_tx_poll(struct gve_notify_block *block, int budget); int gve_tx_alloc_rings_gqi(struct gve_priv *priv, struct gve_tx_alloc_rings_cfg *cfg); void gve_tx_free_rings_gqi(struct gve_priv *priv, diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c index e4e8ff4f9f80..5cab7b88610f 100644 --- a/drivers/net/ethernet/google/gve/gve_main.c +++ b/drivers/net/ethernet/google/gve/gve_main.c @@ -333,6 +333,14 @@ int gve_napi_poll(struct napi_struct *napi, int budget) if (block->rx) { work_done = gve_rx_poll(block, budget); + + /* Poll XSK TX as part of RX NAPI. Setup re-poll based on max of + * TX and RX work done. + */ + if (priv->xdp_prog) + work_done = max_t(int, work_done, + gve_xsk_tx_poll(block, budget)); + reschedule |= work_done == budget; } diff --git a/drivers/net/ethernet/google/gve/gve_tx.c b/drivers/net/ethernet/google/gve/gve_tx.c index 852f8c7e39d2..4350ebd9c2bd 100644 --- a/drivers/net/ethernet/google/gve/gve_tx.c +++ b/drivers/net/ethernet/google/gve/gve_tx.c @@ -981,33 +981,41 @@ static int gve_xsk_tx(struct gve_priv *priv, struct gve_tx_ring *tx, return sent; } +int gve_xsk_tx_poll(struct gve_notify_block *rx_block, int budget) +{ + struct gve_rx_ring *rx = rx_block->rx; + struct gve_priv *priv = rx->gve; + struct gve_tx_ring *tx; + int sent = 0; + + tx = &priv->tx[gve_xdp_tx_queue_id(priv, rx->q_num)]; + if (tx->xsk_pool) { + sent = gve_xsk_tx(priv, tx, budget); + + u64_stats_update_begin(&tx->statss); + tx->xdp_xsk_sent += sent; + u64_stats_update_end(&tx->statss); + if (xsk_uses_need_wakeup(tx->xsk_pool)) + xsk_set_tx_need_wakeup(tx->xsk_pool); + } + + return sent; +} + bool gve_xdp_poll(struct gve_notify_block *block, int budget) { struct gve_priv *priv = block->priv; struct gve_tx_ring *tx = block->tx; u32 nic_done; - bool repoll; u32 to_do; /* Find out how much work there is to be done */ nic_done = gve_tx_load_event_counter(priv, tx); to_do = min_t(u32, (nic_done - tx->done), budget); gve_clean_xdp_done(priv, tx, to_do); - repoll = nic_done != tx->done; - - if (tx->xsk_pool) { - int sent = gve_xsk_tx(priv, tx, budget); - - u64_stats_update_begin(&tx->statss); - tx->xdp_xsk_sent += sent; - u64_stats_update_end(&tx->statss); - repoll |= (sent == budget); - if (xsk_uses_need_wakeup(tx->xsk_pool)) - xsk_set_tx_need_wakeup(tx->xsk_pool); - } /* If we still have work we want to repoll */ - return repoll; + return nic_done != tx->done; } bool gve_tx_poll(struct gve_notify_block *block, int budget) -- 2.47.1.613.gc27f4b7a9f-goog

6 months

1
0
0 0

[PATCH net 1/5] gve: clean XDP queues in gve_tx_stop_ring_gqi

by Praveen Kaligineedi

From: Joshua Washington <joshwash(a)google.com> When stopping XDP TX rings, the XDP clean function needs to be called to clean out the entire queue, similar to what happens in the normal TX queue case. Otherwise, the FIFO won't be cleared correctly, and xsk_tx_completed won't be reported. Fixes: 75eaae158b1b ("gve: Add XDP DROP and TX support for GQI-QPL format") Cc: stable(a)vger.kernel.org Signed-off-by: Joshua Washington <joshwash(a)google.com> Signed-off-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Reviewed-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Reviewed-by: Willem de Bruijn <willemb(a)google.com> --- drivers/net/ethernet/google/gve/gve_tx.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/google/gve/gve_tx.c b/drivers/net/ethernet/google/gve/gve_tx.c index e7fb7d6d283d..83ad278ec91f 100644 --- a/drivers/net/ethernet/google/gve/gve_tx.c +++ b/drivers/net/ethernet/google/gve/gve_tx.c @@ -206,7 +206,10 @@ void gve_tx_stop_ring_gqi(struct gve_priv *priv, int idx) return; gve_remove_napi(priv, ntfy_idx); - gve_clean_tx_done(priv, tx, priv->tx_desc_cnt, false); + if (tx->q_num < priv->tx_cfg.num_queues) + gve_clean_tx_done(priv, tx, priv->tx_desc_cnt, false); + else + gve_clean_xdp_done(priv, tx, priv->tx_desc_cnt); netdev_tx_reset_queue(tx->netdev_txq); gve_tx_remove_from_block(priv, idx); } -- 2.47.1.613.gc27f4b7a9f-goog

6 months

1
0
0 0

[PATCH 5.4.y 1/2] erofs: fix order >= MAX_ORDER warning due to crafted negative i_size

by Gao Xiang

commit 1dd73601a1cba37a0ed5f89a8662c90191df5873 upstream. As syzbot reported [1], the root cause is that i_size field is a signed type, and negative i_size is also less than EROFS_BLKSIZ. As a consequence, it's handled as fast symlink unexpectedly. Let's fall back to the generic path to deal with such unusual i_size. [1] https://lore.kernel.org/r/000000000000ac8efa05e7feaa1f@google.com Reported-by: syzbot+f966c13b1b4fc0403b19(a)syzkaller.appspotmail.com Fixes: 431339ba9042 ("staging: erofs: add inode operations") Reviewed-by: Yue Hu <huyue2(a)coolpad.com> Link: https://lore.kernel.org/r/20220909023948.28925-1-hsiangkao@linux.alibaba.com Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- fs/erofs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/erofs/inode.c b/fs/erofs/inode.c index 0dbeaf68e1d6..ba981076d6f2 100644 --- a/fs/erofs/inode.c +++ b/fs/erofs/inode.c @@ -202,7 +202,7 @@ static int erofs_fill_symlink(struct inode *inode, void *data, /* if it cannot be handled with fast symlink scheme */ if (vi->datalayout != EROFS_INODE_FLAT_INLINE || - inode->i_size >= PAGE_SIZE) { + inode->i_size >= PAGE_SIZE || inode->i_size < 0) { inode->i_op = &erofs_symlink_iops; return 0; } -- 2.43.5

6 months

2
3
0 0

[PATCH 5.15.y] erofs: fix incorrect symlink detection in fast symlink

by Gao Xiang

commit 9ed50b8231e37b1ae863f5dec8153b98d9f389b4 upstream. Fast symlink can be used if the on-disk symlink data is stored in the same block as the on-disk inode, so we don’t need to trigger another I/O for symlink data. However, currently fs correction could be reported _incorrectly_ if inode xattrs are too large. In fact, these should be valid images although they cannot be handled as fast symlinks. Many thanks to Colin for reporting this! Reported-by: Colin Walters <walters(a)verbum.org> Reported-by: https://honggfuzz.dev/ Link: https://lore.kernel.org/r/bb2dd430-7de0-47da-ae5b-82ab2dd4d945@app.fastmail… Fixes: 431339ba9042 ("staging: erofs: add inode operations") [ Note that it's a runtime misbehavior instead of a security issue. ] Link: https://lore.kernel.org/r/20240909031911.1174718-1-hsiangkao@linux.alibaba.… Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- fs/erofs/inode.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/fs/erofs/inode.c b/fs/erofs/inode.c index 638bb70d0d65..c68258ae70d3 100644 --- a/fs/erofs/inode.c +++ b/fs/erofs/inode.c @@ -219,11 +219,14 @@ static int erofs_fill_symlink(struct inode *inode, void *data, unsigned int m_pofs) { struct erofs_inode *vi = EROFS_I(inode); + loff_t off; char *lnk; - /* if it cannot be handled with fast symlink scheme */ - if (vi->datalayout != EROFS_INODE_FLAT_INLINE || - inode->i_size >= PAGE_SIZE || inode->i_size < 0) { + m_pofs += vi->xattr_isize; + /* check if it cannot be handled with fast symlink scheme */ + if (vi->datalayout != EROFS_INODE_FLAT_INLINE || inode->i_size < 0 || + check_add_overflow(m_pofs, inode->i_size, &off) || + off > i_blocksize(inode)) { inode->i_op = &erofs_symlink_iops; return 0; } @@ -232,17 +235,6 @@ static int erofs_fill_symlink(struct inode *inode, void *data, if (!lnk) return -ENOMEM; - m_pofs += vi->xattr_isize; - /* inline symlink data shouldn't cross page boundary as well */ - if (m_pofs + inode->i_size > PAGE_SIZE) { - kfree(lnk); - erofs_err(inode->i_sb, - "inline data cross block boundary @ nid %llu", - vi->nid); - DBG_BUGON(1); - return -EFSCORRUPTED; - } - memcpy(lnk, data + m_pofs, inode->i_size); lnk[inode->i_size] = '\0'; -- 2.43.5

6 months

2
1
0 0

[PATCH 5.10.y 1/2] erofs: fix order >= MAX_ORDER warning due to crafted negative i_size

by Gao Xiang

commit 1dd73601a1cba37a0ed5f89a8662c90191df5873 upstream. As syzbot reported [1], the root cause is that i_size field is a signed type, and negative i_size is also less than EROFS_BLKSIZ. As a consequence, it's handled as fast symlink unexpectedly. Let's fall back to the generic path to deal with such unusual i_size. [1] https://lore.kernel.org/r/000000000000ac8efa05e7feaa1f@google.com Reported-by: syzbot+f966c13b1b4fc0403b19(a)syzkaller.appspotmail.com Fixes: 431339ba9042 ("staging: erofs: add inode operations") Reviewed-by: Yue Hu <huyue2(a)coolpad.com> Link: https://lore.kernel.org/r/20220909023948.28925-1-hsiangkao@linux.alibaba.com Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- fs/erofs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/erofs/inode.c b/fs/erofs/inode.c index 0a94a52a119f..93a4ed665d93 100644 --- a/fs/erofs/inode.c +++ b/fs/erofs/inode.c @@ -202,7 +202,7 @@ static int erofs_fill_symlink(struct inode *inode, void *data, /* if it cannot be handled with fast symlink scheme */ if (vi->datalayout != EROFS_INODE_FLAT_INLINE || - inode->i_size >= PAGE_SIZE) { + inode->i_size >= PAGE_SIZE || inode->i_size < 0) { inode->i_op = &erofs_symlink_iops; return 0; } -- 2.43.5

6 months

2
3
0 0

[PATCH v2 2/2] i2c: microchip-core: fix "ghost" detections

by Conor Dooley

From: Conor Dooley <conor.dooley(a)microchip.com> Running i2c-detect currently produces an output akin to: 0 1 2 3 4 5 6 7 8 9 a b c d e f 00: 08 -- 0a -- 0c -- 0e -- 10: 10 -- 12 -- 14 -- 16 -- UU 19 -- 1b -- 1d -- 1f 20: -- 21 -- 23 -- 25 -- 27 -- 29 -- 2b -- 2d -- 2f 30: -- -- -- -- -- -- -- -- 38 -- 3a -- 3c -- 3e -- 40: 40 -- 42 -- 44 -- 46 -- 48 -- 4a -- 4c -- 4e -- 50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 60: 60 -- 62 -- 64 -- 66 -- 68 -- 6a -- 6c -- 6e -- 70: 70 -- 72 -- 74 -- 76 -- This happens because for an i2c_msg with a len of 0 the driver will mark the transmission of the message as a success once the START has been sent, without waiting for the devices on the bus to respond with an ACK/NAK. Since i2cdetect seems to run in a tight loop over all addresses the NAK is treated as part of the next test for the next address. Delete the fast path that marks a message as complete when idev->msg_len is zero after sending a START/RESTART since this isn't a valid scenario. CC: stable(a)vger.kernel.org Fixes: 64a6f1c4987e ("i2c: add support for microchip fpga i2c controllers") Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> --- My original tests with KASAN/UBSAN/PREEMPT_RT enabled saw far fewer of these "ghost" detections and the skip caused by the occupied address at 0x18 on this bus is part of my attribution of the problem. Unless I'm mistaken there's no scenario that you consider a message complete after sending a START/RESTART without waiting for the ACK/NAK and this code path I deleted is useless? Looking out of tree, it predates my involvement with the code so I don't know where it came from, nor is there anything like it in the bare-metal driver the linux one was based on. --- drivers/i2c/busses/i2c-microchip-corei2c.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/i2c/busses/i2c-microchip-corei2c.c b/drivers/i2c/busses/i2c-microchip-corei2c.c index e5af38dfaa81..b0a51695138a 100644 --- a/drivers/i2c/busses/i2c-microchip-corei2c.c +++ b/drivers/i2c/busses/i2c-microchip-corei2c.c @@ -287,8 +287,6 @@ static irqreturn_t mchp_corei2c_handle_isr(struct mchp_corei2c_dev *idev) ctrl &= ~CTRL_STA; writeb(idev->addr, idev->base + CORE_I2C_DATA); writeb(ctrl, idev->base + CORE_I2C_CTRL); - if (idev->msg_len == 0) - finished = true; break; case STATUS_M_ARB_LOST: idev->msg_err = -EAGAIN; -- 2.45.2

6 months

1
0
0 0

[PATCH v2 1/2] i2c: microchip-core: actually use repeated sends

by Conor Dooley

From: Conor Dooley <conor.dooley(a)microchip.com> At present, where repeated sends are intended to be used, the i2c-microchip-core driver sends a stop followed by a start. Lots of i2c devices must not malfunction in the face of this behaviour, because the driver has operated like this for years! Try to keep track of whether or not a repeated send is required, and suppress sending a stop in these cases. CC: stable(a)vger.kernel.org Fixes: 64a6f1c4987e ("i2c: add support for microchip fpga i2c controllers") Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> --- drivers/i2c/busses/i2c-microchip-corei2c.c | 124 ++++++++++++++++----- 1 file changed, 96 insertions(+), 28 deletions(-) diff --git a/drivers/i2c/busses/i2c-microchip-corei2c.c b/drivers/i2c/busses/i2c-microchip-corei2c.c index 0b0a1c4d17ca..e5af38dfaa81 100644 --- a/drivers/i2c/busses/i2c-microchip-corei2c.c +++ b/drivers/i2c/busses/i2c-microchip-corei2c.c @@ -93,27 +93,35 @@ * @base: pointer to register struct * @dev: device reference * @i2c_clk: clock reference for i2c input clock + * @msg_queue: pointer to the messages requiring sending * @buf: pointer to msg buffer for easier use * @msg_complete: xfer completion object * @adapter: core i2c abstraction * @msg_err: error code for completed message * @bus_clk_rate: current i2c bus clock rate * @isr_status: cached copy of local ISR status + * @total_num: total number of messages to be sent/received + * @current_num: index of the current message being sent/received * @msg_len: number of bytes transferred in msg * @addr: address of the current slave + * @restart_needed: whether or not a repeated start is required after current message */ struct mchp_corei2c_dev { void __iomem *base; struct device *dev; struct clk *i2c_clk; + struct i2c_msg *msg_queue; u8 *buf; struct completion msg_complete; struct i2c_adapter adapter; int msg_err; + int total_num; + int current_num; u32 bus_clk_rate; u32 isr_status; u16 msg_len; u8 addr; + bool restart_needed; }; static void mchp_corei2c_core_disable(struct mchp_corei2c_dev *idev) @@ -222,6 +230,47 @@ static int mchp_corei2c_fill_tx(struct mchp_corei2c_dev *idev) return 0; } +static void mchp_corei2c_next_msg(struct mchp_corei2c_dev *idev) +{ + struct i2c_msg *this_msg; + u8 ctrl; + + if (idev->current_num >= idev->total_num) { + complete(&idev->msg_complete); + return; + } + + /* + * If there's been an error, the isr needs to return control + * to the "main" part of the driver, so as not to keep sending + * messages once it completes and clears the SI bit. + */ + if (idev->msg_err) { + complete(&idev->msg_complete); + return; + } + + this_msg = idev->msg_queue++; + + if (idev->current_num < (idev->total_num - 1)) { + struct i2c_msg *next_msg = idev->msg_queue; + + idev->restart_needed = next_msg->flags & I2C_M_RD; + } else { + idev->restart_needed = false; + } + + idev->addr = i2c_8bit_addr_from_msg(this_msg); + idev->msg_len = this_msg->len; + idev->buf = this_msg->buf; + + ctrl = readb(idev->base + CORE_I2C_CTRL); + ctrl |= CTRL_STA; + writeb(ctrl, idev->base + CORE_I2C_CTRL); + + idev->current_num++; +} + static irqreturn_t mchp_corei2c_handle_isr(struct mchp_corei2c_dev *idev) { u32 status = idev->isr_status; @@ -247,10 +296,14 @@ static irqreturn_t mchp_corei2c_handle_isr(struct mchp_corei2c_dev *idev) break; case STATUS_M_SLAW_ACK: case STATUS_M_TX_DATA_ACK: - if (idev->msg_len > 0) + if (idev->msg_len > 0) { mchp_corei2c_fill_tx(idev); - else - last_byte = true; + } else { + if (idev->restart_needed) + finished = true; + else + last_byte = true; + } break; case STATUS_M_TX_DATA_NACK: case STATUS_M_SLAR_NACK: @@ -287,7 +340,7 @@ static irqreturn_t mchp_corei2c_handle_isr(struct mchp_corei2c_dev *idev) mchp_corei2c_stop(idev); if (last_byte || finished) - complete(&idev->msg_complete); + mchp_corei2c_next_msg(idev); return IRQ_HANDLED; } @@ -311,21 +364,48 @@ static irqreturn_t mchp_corei2c_isr(int irq, void *_dev) return ret; } -static int mchp_corei2c_xfer_msg(struct mchp_corei2c_dev *idev, - struct i2c_msg *msg) +static int mchp_corei2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, + int num) { - u8 ctrl; + struct mchp_corei2c_dev *idev = i2c_get_adapdata(adap); + struct i2c_msg *this_msg = msgs; unsigned long time_left; - - idev->addr = i2c_8bit_addr_from_msg(msg); - idev->msg_len = msg->len; - idev->buf = msg->buf; - idev->msg_err = 0; - - reinit_completion(&idev->msg_complete); + u8 ctrl; mchp_corei2c_core_enable(idev); + /* + * The isr controls the flow of a transfer, this info needs to be saved + * to a location that it can access the queue information from. + */ + idev->restart_needed = false; + idev->msg_queue = msgs; + idev->total_num = num; + idev->current_num = 0; + + /* + * But the first entry to the isr is triggered by the start in this + * function, so the first message needs to be "dequeued". + */ + idev->addr = i2c_8bit_addr_from_msg(this_msg); + idev->msg_len = this_msg->len; + idev->buf = this_msg->buf; + idev->msg_err = 0; + + if (idev->total_num > 1) { + struct i2c_msg *next_msg = msgs + 1; + + idev->restart_needed = next_msg->flags & I2C_M_RD; + } + + idev->current_num++; + idev->msg_queue++; + + reinit_completion(&idev->msg_complete); + + /* + * Send the first start to pass control to the isr + */ ctrl = readb(idev->base + CORE_I2C_CTRL); ctrl |= CTRL_STA; writeb(ctrl, idev->base + CORE_I2C_CTRL); @@ -335,20 +415,8 @@ static int mchp_corei2c_xfer_msg(struct mchp_corei2c_dev *idev, if (!time_left) return -ETIMEDOUT; - return idev->msg_err; -} - -static int mchp_corei2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, - int num) -{ - struct mchp_corei2c_dev *idev = i2c_get_adapdata(adap); - int i, ret; - - for (i = 0; i < num; i++) { - ret = mchp_corei2c_xfer_msg(idev, msgs++); - if (ret) - return ret; - } + if (idev->msg_err) + return idev->msg_err; return num; } -- 2.45.2

6 months

1
0
0 0

[PATCH v2] virtio: fix reference leak in register_virtio_device()

by Ma Ke

Once device_add(&dev->dev) failed, call put_device() to explicitly release dev->dev. Or it could cause double free problem. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: f2b44cde7e16 ("virtio: split device_register into device_initialize and device_add") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- Changes in v2: - modified the bug description to make it more clear; - changed the Fixes tag. --- drivers/virtio/virtio.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index b9095751e43b..ac721b5597e8 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -503,6 +503,7 @@ int register_virtio_device(struct virtio_device *dev) out_of_node_put: of_node_put(dev->dev.of_node); + put_device(&dev->dev); out_ida_remove: ida_free(&virtio_index_ida, dev->index); out: -- 2.25.1

6 months

3
2
0 0

[PATCH] objtool: add bch2_trans_unlocked_error to bcachefs noreturns.

by chenchangcheng

fs/bcachefs/btree_trans_commit.o: warning: objtool: bch2_trans_commit_write_locked.isra.0() falls through to next function do_bch2_trans_commit.isra.0() fs/bcachefs/btree_trans_commit.o: warning: objtool: .text: unexpected end of section ...... fs/bcachefs/btree_update.o: warning: objtool: bch2_trans_update_get_key_cache() falls through to next function flush_new_cached_update() fs/bcachefs/btree_update.o: warning: objtool: flush_new_cached_update() falls through to next function bch2_trans_update_by_path() Signed-off-by: chenchangcheng <ccc194101(a)163.com> --- tools/objtool/noreturns.h | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/objtool/noreturns.h b/tools/objtool/noreturns.h index f37614cc2c1b..88a0fa8807be 100644 --- a/tools/objtool/noreturns.h +++ b/tools/objtool/noreturns.h @@ -49,3 +49,4 @@ NORETURN(x86_64_start_kernel) NORETURN(x86_64_start_reservations) NORETURN(xen_cpu_bringup_again) NORETURN(xen_start_kernel) +NORETURN(bch2_trans_unlocked_error) -- 2.25.1

6 months

1
0
0 0

[PATCH V7] mm, compaction: don't use ALLOC_CMA for unmovable allocations

by yangge1116＠126.com

From: yangge <yangge1116(a)126.com> Since commit 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") allow compaction to proceed when free pages required for compaction reside in the CMA pageblocks, it's possible that __compaction_suitable() always returns true, and in some cases, it's not acceptable. There are 4 NUMA nodes on my machine, and each NUMA node has 32GB of memory. I have configured 16GB of CMA memory on each NUMA node, and starting a 32GB virtual machine with device passthrough is extremely slow, taking almost an hour. During the start-up of the virtual machine, it will call pin_user_pages_remote(..., FOLL_LONGTERM, ...) to allocate memory. Long term GUP cannot allocate memory from CMA area, so a maximum of 16 GB of no-CMA memory on a NUMA node can be used as virtual machine memory. Since there is 16G of free CMA memory on the NUMA node, watermark for order-0 always be met for compaction, so __compaction_suitable() always returns true, even if the node is unable to allocate non-CMA memory for the virtual machine. For costly allocations, because __compaction_suitable() always returns true, __alloc_pages_slowpath() can't exit at the appropriate place, resulting in excessively long virtual machine startup times. Call trace: __alloc_pages_slowpath if (compact_result == COMPACT_SKIPPED || compact_result == COMPACT_DEFERRED) goto nopage; // should exit __alloc_pages_slowpath() from here Other unmovable alloctions, like dma_buf, which can be large in a Linux system, are also unable to allocate memory from CMA, and these allocations suffer from the same problems described above. In order to quickly fall back to remote node, we should remove ALLOC_CMA both in __compaction_suitable() and __isolate_free_page() for unmovable alloctions. After this fix, starting a 32GB virtual machine with device passthrough takes only a few seconds. Fixes: 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") Cc: <stable(a)vger.kernel.org> Signed-off-by: yangge <yangge1116(a)126.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> --- V7: -- fix the changelog and code documentation V6: -- update cc->alloc_flags to keep the original loginc V5: - add 'alloc_flags' parameter for __isolate_free_page() - remove 'usa_cma' variable V4: - rich the commit log description V3: - fix build errors - add ALLOC_CMA both in should_continue_reclaim() and compaction_ready() V2: - using the 'cc->alloc_flags' to determin if 'ALLOC_CMA' is needed - rich the commit log description include/linux/compaction.h | 6 ++++-- mm/compaction.c | 26 +++++++++++++++----------- mm/internal.h | 3 ++- mm/page_alloc.c | 7 +++++-- mm/page_isolation.c | 3 ++- mm/page_reporting.c | 2 +- mm/vmscan.c | 4 ++-- 7 files changed, 31 insertions(+), 20 deletions(-) diff --git a/include/linux/compaction.h b/include/linux/compaction.h index e947764..b4c3ac3 100644 --- a/include/linux/compaction.h +++ b/include/linux/compaction.h @@ -90,7 +90,8 @@ extern enum compact_result try_to_compact_pages(gfp_t gfp_mask, struct page **page); extern void reset_isolation_suitable(pg_data_t *pgdat); extern bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx); + int highest_zoneidx, + unsigned int alloc_flags); extern void compaction_defer_reset(struct zone *zone, int order, bool alloc_success); @@ -108,7 +109,8 @@ static inline void reset_isolation_suitable(pg_data_t *pgdat) } static inline bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx) + int highest_zoneidx, + unsigned int alloc_flags) { return false; } diff --git a/mm/compaction.c b/mm/compaction.c index 07bd227..223f2da 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -655,7 +655,7 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, /* Found a free page, will break it into order-0 pages */ order = buddy_order(page); - isolated = __isolate_free_page(page, order); + isolated = __isolate_free_page(page, order, cc->alloc_flags); if (!isolated) break; set_page_private(page, order); @@ -1634,7 +1634,7 @@ static void fast_isolate_freepages(struct compact_control *cc) /* Isolate the page if available */ if (page) { - if (__isolate_free_page(page, order)) { + if (__isolate_free_page(page, order, cc->alloc_flags)) { set_page_private(page, order); nr_isolated = 1 << order; nr_scanned += nr_isolated - 1; @@ -2381,6 +2381,7 @@ static enum compact_result compact_finished(struct compact_control *cc) static bool __compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags, unsigned long wmark_target) { unsigned long watermark; @@ -2395,25 +2396,26 @@ static bool __compaction_suitable(struct zone *zone, int order, * even if compaction succeeds. * For costly orders, we require low watermark instead of min for * compaction to proceed to increase its chances. - * ALLOC_CMA is used, as pages in CMA pageblocks are considered - * suitable migration targets + * In addition to unmovable allocations, ALLOC_CMA is used, as pages in + * CMA pageblocks are considered suitable migration targets */ watermark = (order > PAGE_ALLOC_COSTLY_ORDER) ? low_wmark_pages(zone) : min_wmark_pages(zone); watermark += compact_gap(order); return __zone_watermark_ok(zone, 0, watermark, highest_zoneidx, - ALLOC_CMA, wmark_target); + alloc_flags & ALLOC_CMA, wmark_target); } /* * compaction_suitable: Is this suitable to run compaction on this zone now? */ -bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx) +bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags) { enum compact_result compact_result; bool suitable; - suitable = __compaction_suitable(zone, order, highest_zoneidx, + suitable = __compaction_suitable(zone, order, highest_zoneidx, alloc_flags, zone_page_state(zone, NR_FREE_PAGES)); /* * fragmentation index determines if allocation failures are due to @@ -2474,7 +2476,7 @@ bool compaction_zonelist_suitable(struct alloc_context *ac, int order, available = zone_reclaimable_pages(zone) / order; available += zone_page_state_snapshot(zone, NR_FREE_PAGES); if (__compaction_suitable(zone, order, ac->highest_zoneidx, - available)) + alloc_flags, available)) return true; } @@ -2499,7 +2501,7 @@ compaction_suit_allocation_order(struct zone *zone, unsigned int order, alloc_flags)) return COMPACT_SUCCESS; - if (!compaction_suitable(zone, order, highest_zoneidx)) + if (!compaction_suitable(zone, order, highest_zoneidx, alloc_flags)) return COMPACT_SKIPPED; return COMPACT_CONTINUE; @@ -2893,6 +2895,7 @@ static int compact_node(pg_data_t *pgdat, bool proactive) struct compact_control cc = { .order = -1, .mode = proactive ? MIGRATE_SYNC_LIGHT : MIGRATE_SYNC, + .alloc_flags = ALLOC_CMA, .ignore_skip_hint = true, .whole_zone = true, .gfp_mask = GFP_KERNEL, @@ -3037,7 +3040,7 @@ static bool kcompactd_node_suitable(pg_data_t *pgdat) ret = compaction_suit_allocation_order(zone, pgdat->kcompactd_max_order, - highest_zoneidx, ALLOC_WMARK_MIN); + highest_zoneidx, ALLOC_CMA | ALLOC_WMARK_MIN); if (ret == COMPACT_CONTINUE) return true; } @@ -3058,6 +3061,7 @@ static void kcompactd_do_work(pg_data_t *pgdat) .search_order = pgdat->kcompactd_max_order, .highest_zoneidx = pgdat->kcompactd_highest_zoneidx, .mode = MIGRATE_SYNC_LIGHT, + .alloc_flags = ALLOC_CMA | ALLOC_WMARK_MIN, .ignore_skip_hint = false, .gfp_mask = GFP_KERNEL, }; @@ -3078,7 +3082,7 @@ static void kcompactd_do_work(pg_data_t *pgdat) continue; ret = compaction_suit_allocation_order(zone, - cc.order, zoneid, ALLOC_WMARK_MIN); + cc.order, zoneid, cc.alloc_flags); if (ret != COMPACT_CONTINUE) continue; diff --git a/mm/internal.h b/mm/internal.h index 3922788..6d257c8 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -662,7 +662,8 @@ static inline void clear_zone_contiguous(struct zone *zone) zone->contiguous = false; } -extern int __isolate_free_page(struct page *page, unsigned int order); +extern int __isolate_free_page(struct page *page, unsigned int order, + unsigned int alloc_flags); extern void __putback_isolated_page(struct page *page, unsigned int order, int mt); extern void memblock_free_pages(struct page *page, unsigned long pfn, diff --git a/mm/page_alloc.c b/mm/page_alloc.c index dde19db..1bfdca3 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2809,7 +2809,8 @@ void split_page(struct page *page, unsigned int order) } EXPORT_SYMBOL_GPL(split_page); -int __isolate_free_page(struct page *page, unsigned int order) +int __isolate_free_page(struct page *page, unsigned int order, + unsigned int alloc_flags) { struct zone *zone = page_zone(page); int mt = get_pageblock_migratetype(page); @@ -2823,7 +2824,8 @@ int __isolate_free_page(struct page *page, unsigned int order) * exists. */ watermark = zone->_watermark[WMARK_MIN] + (1UL << order); - if (!zone_watermark_ok(zone, 0, watermark, 0, ALLOC_CMA)) + if (!zone_watermark_ok(zone, 0, watermark, 0, + alloc_flags & ALLOC_CMA)) return 0; } @@ -6454,6 +6456,7 @@ int alloc_contig_range_noprof(unsigned long start, unsigned long end, .order = -1, .zone = page_zone(pfn_to_page(start)), .mode = MIGRATE_SYNC, + .alloc_flags = ALLOC_CMA, .ignore_skip_hint = true, .no_set_skip_hint = true, .alloc_contig = true, diff --git a/mm/page_isolation.c b/mm/page_isolation.c index c608e9d..a1f2c79 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -229,7 +229,8 @@ static void unset_migratetype_isolate(struct page *page, int migratetype) buddy = find_buddy_page_pfn(page, page_to_pfn(page), order, NULL); if (buddy && !is_migrate_isolate_page(buddy)) { - isolated_page = !!__isolate_free_page(page, order); + isolated_page = !!__isolate_free_page(page, order, + ALLOC_CMA); /* * Isolating a free page in an isolated pageblock * is expected to always work as watermarks don't diff --git a/mm/page_reporting.c b/mm/page_reporting.c index e4c428e..fd3813b 100644 --- a/mm/page_reporting.c +++ b/mm/page_reporting.c @@ -198,7 +198,7 @@ page_reporting_cycle(struct page_reporting_dev_info *prdev, struct zone *zone, /* Attempt to pull page from list and place in scatterlist */ if (*offset) { - if (!__isolate_free_page(page, order)) { + if (!__isolate_free_page(page, order, ALLOC_CMA)) { next = page; break; } diff --git a/mm/vmscan.c b/mm/vmscan.c index 5e03a61..33f5b46 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -5815,7 +5815,7 @@ static inline bool should_continue_reclaim(struct pglist_data *pgdat, sc->reclaim_idx, 0)) return false; - if (compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; } @@ -6043,7 +6043,7 @@ static inline bool compaction_ready(struct zone *zone, struct scan_control *sc) return true; /* Compaction cannot yet proceed. Do reclaim. */ - if (!compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (!compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; /* -- 2.7.4

6 months

4
6
0 0

[BUG stable 6.6] kernel crash in BPF selftests dummy_st_ops

by Shung-Hsi Yu

(Maybe a good first-timer bug if anyone wants to try contributing during the holiday seasons) The stable v6.6 kernel currently runs into kernel panic when running the test_progs tests from BPF selftests. Judging by the log it is failing in one of the dummy_st_ops tests (which comes after deny_namespace tests if you look at the output of `test_progs -l`). My guess is that it is related to "check bpf_dummy_struct_ops program params for test runs"[1], perhaps we're missing a commit or two. Some notes for anyone tackling this for the first time: 1. You'll need to use the stable/linux-6.6.y branch from https://github.com/shunghsiyu/bpf. The current v6.6.66 one fails at compiling of BPF selftests[2] 2. The easiest way to run BPF selftests is to got relevant dependencies[3] installed, and run tools/testing/selftests/bpf/vmtest.sh (need to give it `-i` to download the root image first, and also might need to specify clang and llvm-strip by setting environmental variable CLANG=clang-17 and LLVM_STRIP=llvm-strip-17, respectively). For a more solid setup, see materials[4][5] from Manu Bretelle 3. Patch(es) should be send to stable(a)vger.kernel.org, following the stable process[6], see [2] as an example Below is the output from vmtest.sh: #68/1 deny_namespace/unpriv_userns_create_no_bpf:OK #68/2 deny_namespace/userns_create_bpf:OK #68 deny_namespace:OK [ 26.829153] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 26.831136] #PF: supervisor read access in kernel mode [ 26.832635] #PF: error_code(0x0000) - not-present page [ 26.833999] PGD 0 P4D 0 [ 26.834771] Oops: 0000 [#1] PREEMPT SMP PTI [ 26.835997] CPU: 2 PID: 119 Comm: test_progs Tainted: G OE 6.6.66-00003-gd80551078e71 #3 [ 26.838774] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 [ 26.841152] RIP: 0010:bpf_prog_8ee9cbe7c9b5a50f_test_1+0x17/0x24 [ 26.842877] Code: 00 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 66 90 55 48 89 e5 f3 0f 1e fa 48 8b 7f 00 <8b> 47 00 be 5a 00 00 00 89 77 00 c9 c3 cc cc cc cc cc cc cc cc c0 [ 26.847953] RSP: 0018:ffff9e6b803b7d88 EFLAGS: 00010202 [ 26.849425] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 2845e103d7dffb60 [ 26.851483] RDX: 0000000000000000 RSI: 0000000084d09025 RDI: 0000000000000000 [ 26.853508] RBP: ffff9e6b803b7d88 R08: 0000000000000001 R09: 0000000000000000 [ 26.855670] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9754c0b5f700 [ 26.857824] R13: ffff9754c09cc800 R14: ffff9754c0b5f680 R15: ffff9754c0b5f760 [ 26.859741] FS: 00007f77dee12740(0000) GS:ffff9754fbc80000(0000) knlGS:0000000000000000 [ 26.862087] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.863705] CR2: 0000000000000000 CR3: 00000001020e6003 CR4: 0000000000170ee0 [ 26.865689] Call Trace: [ 26.866407] <TASK> [ 26.866982] ? __die+0x24/0x70 [ 26.867774] ? page_fault_oops+0x15b/0x450 [ 26.868882] ? search_bpf_extables+0xb0/0x160 [ 26.870076] ? fixup_exception+0x26/0x330 [ 26.871214] ? exc_page_fault+0x64/0x190 [ 26.872293] ? asm_exc_page_fault+0x26/0x30 [ 26.873352] ? bpf_prog_8ee9cbe7c9b5a50f_test_1+0x17/0x24 [ 26.874705] ? __bpf_prog_enter+0x3f/0xc0 [ 26.875718] ? bpf_struct_ops_test_run+0x1b8/0x2c0 [ 26.876942] ? __sys_bpf+0xc4e/0x2c30 [ 26.877898] ? __x64_sys_bpf+0x20/0x30 [ 26.878812] ? do_syscall_64+0x37/0x90 [ 26.879704] ? entry_SYSCALL_64_after_hwframe+0x78/0xe2 [ 26.880918] </TASK> [ 26.881409] Modules linked in: bpf_testmod(OE) [last unloaded: bpf_testmod(OE)] [ 26.883095] CR2: 0000000000000000 [ 26.883934] ---[ end trace 0000000000000000 ]--- [ 26.885099] RIP: 0010:bpf_prog_8ee9cbe7c9b5a50f_test_1+0x17/0x24 [ 26.886452] Code: 00 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 66 90 55 48 89 e5 f3 0f 1e fa 48 8b 7f 00 <8b> 47 00 be 5a 00 00 00 89 77 00 c9 c3 cc cc cc cc cc cc cc cc c0 [ 26.890379] RSP: 0018:ffff9e6b803b7d88 EFLAGS: 00010202 [ 26.891450] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 2845e103d7dffb60 [ 26.892779] RDX: 0000000000000000 RSI: 0000000084d09025 RDI: 0000000000000000 [ 26.894254] RBP: ffff9e6b803b7d88 R08: 0000000000000001 R09: 0000000000000000 [ 26.895630] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9754c0b5f700 [ 26.897008] R13: ffff9754c09cc800 R14: ffff9754c0b5f680 R15: ffff9754c0b5f760 [ 26.898337] FS: 00007f77dee12740(0000) GS:ffff9754fbc80000(0000) knlGS:0000000000000000 [ 26.899972] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.901076] CR2: 0000000000000000 CR3: 00000001020e6003 CR4: 0000000000170ee0 [ 26.902336] Kernel panic - not syncing: Fatal exception [ 26.903639] Kernel Offset: 0x36000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 26.905693] ---[ end Kernel panic - not syncing: Fatal exception ]--- 1: https://lore.kernel.org/all/20240424012821.595216-1-eddyz87@gmail.com/t/#u 2: https://lore.kernel.org/all/20241217080240.46699-1-shung-hsi.yu@suse.com/t/… 3: https://gist.github.com/shunghsiyu/1bd4189654cce5b3e55c2ab8da7dd33d#file-vm… 4: https://chantra.github.io/bpfcitools/bpf-local-development.html 5: http://oldvger.kernel.org/bpfconf2024_material/BPF-dev-hacks.pdf 6: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html

6 months

2
2
0 0

[PATCH v3] RDMA/srp: Fix error handling in srp_add_port

by Ma Ke

If device_add() fails, call only put_device() to decrement reference count for cleanup. Do not call device_del() before put_device(). As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: c8e4c2397655 ("RDMA/srp: Rework the srp_add_port() error path") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- Changes in v3: - modified the bug description as suggestions; - added a blank line to separate the description and the tags. Changes in v2: - modified the bug description as suggestions. --- drivers/infiniband/ulp/srp/ib_srp.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c index 2916e77f589b..7289ae0b83ac 100644 --- a/drivers/infiniband/ulp/srp/ib_srp.c +++ b/drivers/infiniband/ulp/srp/ib_srp.c @@ -3978,7 +3978,6 @@ static struct srp_host *srp_add_port(struct srp_device *device, u32 port) return host; put_host: - device_del(&host->dev); put_device(&host->dev); return NULL; } -- 2.25.1

6 months

2
1
0 0

request to backport this patch to v6.6 stable tree

by Hardik Gohil

ethtool: fail closed if we can't get max channel used in indirection tables [ Upstream commit 2899d58462ba868287d6ff3acad3675e7adf934f ]

6 months

2
3
0 0

[PATCH v2] usb: fix reference leak in usb_new_device()

by Ma Ke

When device_add(&udev->dev) failed, calling put_device() to explicitly release udev->dev. And the routine which calls usb_new_device() does not call put_device() when an error occurs. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 9f8b17e643fe ("USB: make usbdevices export their device nodes instead of using a separate class") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- Changes in v2: - modified the bug description to make it more clear; - added the missed part of the patch. --- drivers/usb/core/hub.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 4b93c0bd1d4b..ddd572312296 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -2651,6 +2651,7 @@ int usb_new_device(struct usb_device *udev) err = device_add(&udev->dev); if (err) { dev_err(&udev->dev, "can't device_add, error %d\n", err); + put_device(&udev->dev); goto fail; } @@ -2663,13 +2664,13 @@ int usb_new_device(struct usb_device *udev) err = sysfs_create_link(&udev->dev.kobj, &port_dev->dev.kobj, "port"); if (err) - goto fail; + goto out_del_dev; err = sysfs_create_link(&port_dev->dev.kobj, &udev->dev.kobj, "device"); if (err) { sysfs_remove_link(&udev->dev.kobj, "port"); - goto fail; + goto out_del_dev; } if (!test_and_set_bit(port1, hub->child_usage_bits)) @@ -2683,6 +2684,9 @@ int usb_new_device(struct usb_device *udev) pm_runtime_put_sync_autosuspend(&udev->dev); return err; +out_del_dev: + device_del(&udev->dev); + put_device(&udev->dev); fail: usb_set_device_state(udev, USB_STATE_NOTATTACHED); pm_runtime_disable(&udev->dev); -- 2.25.1

6 months

2
2
0 0

[PATCH 1/3] ring-buffer: Add uname to match criteria for persistent ring buffer

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The persistent ring buffer can live across boots. It is expected that the content in the buffer can be translated to the current kernel with delta offsets even with KASLR enabled. But it can only guarantee this if the content of the ring buffer came from the same kernel as the one that is currently running. Add uname into the meta data and if the uname in the meta data from the previous boot does not match the uname of the current boot, then clear the buffer and re-initialize it. This only handles the case of kernel versions. It does not clear the buffer for development. There's several mechanisms to keep bad data from crashing the kernel. The worse that can happen is some corrupt data may be displayed. Cc: stable(a)vger.kernel.org Fixes: 8f3e6659656e6 ("ring-buffer: Save text and data locations in mapped meta data") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ring_buffer.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 7e257e855dd1..3c94c59d000c 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -17,6 +17,7 @@ #include <linux/uaccess.h> #include <linux/hardirq.h> #include <linux/kthread.h> /* for self test */ +#include <linux/utsname.h> #include <linux/module.h> #include <linux/percpu.h> #include <linux/mutex.h> @@ -45,10 +46,13 @@ static void update_pages_handler(struct work_struct *work); #define RING_BUFFER_META_MAGIC 0xBADFEED +#define UNAME_SZ 64 struct ring_buffer_meta { int magic; int struct_size; + char uname[UNAME_SZ]; + unsigned long text_addr; unsigned long data_addr; unsigned long first_buffer; @@ -1687,6 +1691,11 @@ static bool rb_meta_valid(struct ring_buffer_meta *meta, int cpu, return false; } + if (strncmp(init_utsname()->release, meta->uname, UNAME_SZ - 1)) { + pr_info("Ring buffer boot meta[%d] mismatch of uname\n", cpu); + return false; + } + /* The subbuffer's size and number of subbuffers must match */ if (meta->subbuf_size != subbuf_size || meta->nr_subbufs != nr_pages + 1) { @@ -1920,6 +1929,7 @@ static void rb_range_meta_init(struct trace_buffer *buffer, int nr_pages) meta->magic = RING_BUFFER_META_MAGIC; meta->struct_size = sizeof(*meta); + strscpy(meta->uname, init_utsname()->release, UNAME_SZ); meta->nr_subbufs = nr_pages + 1; meta->subbuf_size = PAGE_SIZE; -- 2.45.2

6 months

4
24
0 0

[for-linus][PATCH 4/4] tracing: Check "%s" dereference via the field and not the TP_printk format

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The TP_printk() portion of a trace event is executed at the time a event is read from the trace. This can happen seconds, minutes, hours, days, months, years possibly later since the event was recorded. If the print format contains a dereference to a string via "%s", and that string was allocated, there's a chance that string could be freed before it is read by the trace file. To protect against such bugs, there are two functions that verify the event. The first one is test_event_printk(), which is called when the event is created. It reads the TP_printk() format as well as its arguments to make sure nothing may be dereferencing a pointer that was not copied into the ring buffer along with the event. If it is, it will trigger a WARN_ON(). For strings that use "%s", it is not so easy. The string may not reside in the ring buffer but may still be valid. Strings that are static and part of the kernel proper which will not be freed for the life of the running system, are safe to dereference. But to know if it is a pointer to a static string or to something on the heap can not be determined until the event is triggered. This brings us to the second function that tests for the bad dereferencing of strings, trace_check_vprintf(). It would walk through the printf format looking for "%s", and when it finds it, it would validate that the pointer is safe to read. If not, it would produces a WARN_ON() as well and write into the ring buffer "[UNSAFE-MEMORY]". The problem with this is how it used va_list to have vsnprintf() handle all the cases that it didn't need to check. Instead of re-implementing vsnprintf(), it would make a copy of the format up to the %s part, and call vsnprintf() with the current va_list ap variable, where the ap would then be ready to point at the string in question. For architectures that passed va_list by reference this was possible. For architectures that passed it by copy it was not. A test_can_verify() function was used to differentiate between the two, and if it wasn't possible, it would disable it. Even for architectures where this was feasible, it was a stretch to rely on such a method that is undocumented, and could cause issues later on with new optimizations of the compiler. Instead, the first function test_event_printk() was updated to look at "%s" as well. If the "%s" argument is a pointer outside the event in the ring buffer, it would find the field type of the event that is the problem and mark the structure with a new flag called "needs_test". The event itself will be marked by TRACE_EVENT_FL_TEST_STR to let it be known that this event has a field that needs to be verified before the event can be printed using the printf format. When the event fields are created from the field type structure, the fields would copy the field type's "needs_test" value. Finally, before being printed, a new function ignore_event() is called which will check if the event has the TEST_STR flag set (if not, it returns false). If the flag is set, it then iterates through the events fields looking for the ones that have the "needs_test" flag set. Then it uses the offset field from the field structure to find the pointer in the ring buffer event. It runs the tests to make sure that pointer is safe to print and if not, it triggers the WARN_ON() and also adds to the trace output that the event in question has an unsafe memory access. The ignore_event() makes the trace_check_vprintf() obsolete so it is removed. Link: https://lore.kernel.org/all/CAHk-=wh3uOnqnZPpR0PeLZZtyWbZLboZ7cHLCKRWsocvs9… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Al Viro <viro(a)ZenIV.linux.org.uk> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/20241217024720.848621576@goodmis.org Fixes: 5013f454a352c ("tracing: Add check of trace event print fmts for dereferencing pointers") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- include/linux/trace_events.h | 6 +- kernel/trace/trace.c | 255 ++++++++--------------------------- kernel/trace/trace.h | 6 +- kernel/trace/trace_events.c | 32 +++-- kernel/trace/trace_output.c | 6 +- 5 files changed, 88 insertions(+), 217 deletions(-) diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h index 2a5df5b62cfc..91b8ffbdfa8c 100644 --- a/include/linux/trace_events.h +++ b/include/linux/trace_events.h @@ -273,7 +273,8 @@ struct trace_event_fields { const char *name; const int size; const int align; - const int is_signed; + const unsigned int is_signed:1; + unsigned int needs_test:1; const int filter_type; const int len; }; @@ -324,6 +325,7 @@ enum { TRACE_EVENT_FL_EPROBE_BIT, TRACE_EVENT_FL_FPROBE_BIT, TRACE_EVENT_FL_CUSTOM_BIT, + TRACE_EVENT_FL_TEST_STR_BIT, }; /* @@ -340,6 +342,7 @@ enum { * CUSTOM - Event is a custom event (to be attached to an exsiting tracepoint) * This is set when the custom event has not been attached * to a tracepoint yet, then it is cleared when it is. + * TEST_STR - The event has a "%s" that points to a string outside the event */ enum { TRACE_EVENT_FL_CAP_ANY = (1 << TRACE_EVENT_FL_CAP_ANY_BIT), @@ -352,6 +355,7 @@ enum { TRACE_EVENT_FL_EPROBE = (1 << TRACE_EVENT_FL_EPROBE_BIT), TRACE_EVENT_FL_FPROBE = (1 << TRACE_EVENT_FL_FPROBE_BIT), TRACE_EVENT_FL_CUSTOM = (1 << TRACE_EVENT_FL_CUSTOM_BIT), + TRACE_EVENT_FL_TEST_STR = (1 << TRACE_EVENT_FL_TEST_STR_BIT), }; #define TRACE_EVENT_FL_UKPROBE (TRACE_EVENT_FL_KPROBE | TRACE_EVENT_FL_UPROBE) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index be62f0ea1814..7cc18b9bce27 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3611,17 +3611,12 @@ char *trace_iter_expand_format(struct trace_iterator *iter) } /* Returns true if the string is safe to dereference from an event */ -static bool trace_safe_str(struct trace_iterator *iter, const char *str, - bool star, int len) +static bool trace_safe_str(struct trace_iterator *iter, const char *str) { unsigned long addr = (unsigned long)str; struct trace_event *trace_event; struct trace_event_call *event; - /* Ignore strings with no length */ - if (star && !len) - return true; - /* OK if part of the event data */ if ((addr >= (unsigned long)iter->ent) && (addr < (unsigned long)iter->ent + iter->ent_size)) @@ -3661,181 +3656,69 @@ static bool trace_safe_str(struct trace_iterator *iter, const char *str, return false; } -static DEFINE_STATIC_KEY_FALSE(trace_no_verify); - -static int test_can_verify_check(const char *fmt, ...) -{ - char buf[16]; - va_list ap; - int ret; - - /* - * The verifier is dependent on vsnprintf() modifies the va_list - * passed to it, where it is sent as a reference. Some architectures - * (like x86_32) passes it by value, which means that vsnprintf() - * does not modify the va_list passed to it, and the verifier - * would then need to be able to understand all the values that - * vsnprintf can use. If it is passed by value, then the verifier - * is disabled. - */ - va_start(ap, fmt); - vsnprintf(buf, 16, "%d", ap); - ret = va_arg(ap, int); - va_end(ap); - - return ret; -} - -static void test_can_verify(void) -{ - if (!test_can_verify_check("%d %d", 0, 1)) { - pr_info("trace event string verifier disabled\n"); - static_branch_inc(&trace_no_verify); - } -} - /** - * trace_check_vprintf - Check dereferenced strings while writing to the seq buffer + * ignore_event - Check dereferenced fields while writing to the seq buffer * @iter: The iterator that holds the seq buffer and the event being printed - * @fmt: The format used to print the event - * @ap: The va_list holding the data to print from @fmt. * - * This writes the data into the @iter->seq buffer using the data from - * @fmt and @ap. If the format has a %s, then the source of the string - * is examined to make sure it is safe to print, otherwise it will - * warn and print "[UNSAFE MEMORY]" in place of the dereferenced string - * pointer. + * At boot up, test_event_printk() will flag any event that dereferences + * a string with "%s" that does exist in the ring buffer. It may still + * be valid, as the string may point to a static string in the kernel + * rodata that never gets freed. But if the string pointer is pointing + * to something that was allocated, there's a chance that it can be freed + * by the time the user reads the trace. This would cause a bad memory + * access by the kernel and possibly crash the system. + * + * This function will check if the event has any fields flagged as needing + * to be checked at runtime and perform those checks. + * + * If it is found that a field is unsafe, it will write into the @iter->seq + * a message stating what was found to be unsafe. + * + * @return: true if the event is unsafe and should be ignored, + * false otherwise. */ -void trace_check_vprintf(struct trace_iterator *iter, const char *fmt, - va_list ap) +bool ignore_event(struct trace_iterator *iter) { - long text_delta = 0; - long data_delta = 0; - const char *p = fmt; - const char *str; - bool good; - int i, j; + struct ftrace_event_field *field; + struct trace_event *trace_event; + struct trace_event_call *event; + struct list_head *head; + struct trace_seq *seq; + const void *ptr; - if (WARN_ON_ONCE(!fmt)) - return; + trace_event = ftrace_find_event(iter->ent->type); - if (static_branch_unlikely(&trace_no_verify)) - goto print; + seq = &iter->seq; - /* - * When the kernel is booted with the tp_printk command line - * parameter, trace events go directly through to printk(). - * It also is checked by this function, but it does not - * have an associated trace_array (tr) for it. - */ - if (iter->tr) { - text_delta = iter->tr->text_delta; - data_delta = iter->tr->data_delta; + if (!trace_event) { + trace_seq_printf(seq, "EVENT ID %d NOT FOUND?\n", iter->ent->type); + return true; } - /* Don't bother checking when doing a ftrace_dump() */ - if (iter->fmt == static_fmt_buf) - goto print; - - while (*p) { - bool star = false; - int len = 0; - - j = 0; - - /* - * We only care about %s and variants - * as well as %p[sS] if delta is non-zero - */ - for (i = 0; p[i]; i++) { - if (i + 1 >= iter->fmt_size) { - /* - * If we can't expand the copy buffer, - * just print it. - */ - if (!trace_iter_expand_format(iter)) - goto print; - } - - if (p[i] == '\\' && p[i+1]) { - i++; - continue; - } - if (p[i] == '%') { - /* Need to test cases like %08.*s */ - for (j = 1; p[i+j]; j++) { - if (isdigit(p[i+j]) || - p[i+j] == '.') - continue; - if (p[i+j] == '*') { - star = true; - continue; - } - break; - } - if (p[i+j] == 's') - break; - - if (text_delta && p[i+1] == 'p' && - ((p[i+2] == 's' || p[i+2] == 'S'))) - break; - - star = false; - } - j = 0; - } - /* If no %s found then just print normally */ - if (!p[i]) - break; - - /* Copy up to the %s, and print that */ - strncpy(iter->fmt, p, i); - iter->fmt[i] = '\0'; - trace_seq_vprintf(&iter->seq, iter->fmt, ap); + event = container_of(trace_event, struct trace_event_call, event); + if (!(event->flags & TRACE_EVENT_FL_TEST_STR)) + return false; - /* Add delta to %pS pointers */ - if (p[i+1] == 'p') { - unsigned long addr; - char fmt[4]; + head = trace_get_fields(event); + if (!head) { + trace_seq_printf(seq, "FIELDS FOR EVENT '%s' NOT FOUND?\n", + trace_event_name(event)); + return true; + } - fmt[0] = '%'; - fmt[1] = 'p'; - fmt[2] = p[i+2]; /* Either %ps or %pS */ - fmt[3] = '\0'; + /* Offsets are from the iter->ent that points to the raw event */ + ptr = iter->ent; - addr = va_arg(ap, unsigned long); - addr += text_delta; - trace_seq_printf(&iter->seq, fmt, (void *)addr); + list_for_each_entry(field, head, link) { + const char *str; + bool good; - p += i + 3; + if (!field->needs_test) continue; - } - /* - * If iter->seq is full, the above call no longer guarantees - * that ap is in sync with fmt processing, and further calls - * to va_arg() can return wrong positional arguments. - * - * Ensure that ap is no longer used in this case. - */ - if (iter->seq.full) { - p = ""; - break; - } - - if (star) - len = va_arg(ap, int); - - /* The ap now points to the string data of the %s */ - str = va_arg(ap, const char *); + str = *(const char **)(ptr + field->offset); - good = trace_safe_str(iter, str, star, len); - - /* Could be from the last boot */ - if (data_delta && !good) { - str += data_delta; - good = trace_safe_str(iter, str, star, len); - } + good = trace_safe_str(iter, str); /* * If you hit this warning, it is likely that the @@ -3846,44 +3729,14 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt, * instead. See samples/trace_events/trace-events-sample.h * for reference. */ - if (WARN_ONCE(!good, "fmt: '%s' current_buffer: '%s'", - fmt, seq_buf_str(&iter->seq.seq))) { - int ret; - - /* Try to safely read the string */ - if (star) { - if (len + 1 > iter->fmt_size) - len = iter->fmt_size - 1; - if (len < 0) - len = 0; - ret = copy_from_kernel_nofault(iter->fmt, str, len); - iter->fmt[len] = 0; - star = false; - } else { - ret = strncpy_from_kernel_nofault(iter->fmt, str, - iter->fmt_size); - } - if (ret < 0) - trace_seq_printf(&iter->seq, "(0x%px)", str); - else - trace_seq_printf(&iter->seq, "(0x%px:%s)", - str, iter->fmt); - str = "[UNSAFE-MEMORY]"; - strcpy(iter->fmt, "%s"); - } else { - strncpy(iter->fmt, p + i, j + 1); - iter->fmt[j+1] = '\0'; + if (WARN_ONCE(!good, "event '%s' has unsafe pointer field '%s'", + trace_event_name(event), field->name)) { + trace_seq_printf(seq, "EVENT %s: HAS UNSAFE POINTER FIELD '%s'\n", + trace_event_name(event), field->name); + return true; } - if (star) - trace_seq_printf(&iter->seq, iter->fmt, len, str); - else - trace_seq_printf(&iter->seq, iter->fmt, str); - - p += i + j + 1; } - print: - if (*p) - trace_seq_vprintf(&iter->seq, p, ap); + return false; } const char *trace_event_format(struct trace_iterator *iter, const char *fmt) @@ -10777,8 +10630,6 @@ __init static int tracer_alloc_buffers(void) register_snapshot_cmd(); - test_can_verify(); - return 0; out_free_pipe_cpumask: diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 266740b4e121..9691b47b5f3d 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -667,9 +667,8 @@ void trace_buffer_unlock_commit_nostack(struct trace_buffer *buffer, bool trace_is_tracepoint_string(const char *str); const char *trace_event_format(struct trace_iterator *iter, const char *fmt); -void trace_check_vprintf(struct trace_iterator *iter, const char *fmt, - va_list ap) __printf(2, 0); char *trace_iter_expand_format(struct trace_iterator *iter); +bool ignore_event(struct trace_iterator *iter); int trace_empty(struct trace_iterator *iter); @@ -1413,7 +1412,8 @@ struct ftrace_event_field { int filter_type; int offset; int size; - int is_signed; + unsigned int is_signed:1; + unsigned int needs_test:1; int len; }; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 521ad2fd1fe7..1545cc8b49d0 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -82,7 +82,7 @@ static int system_refcount_dec(struct event_subsystem *system) } static struct ftrace_event_field * -__find_event_field(struct list_head *head, char *name) +__find_event_field(struct list_head *head, const char *name) { struct ftrace_event_field *field; @@ -114,7 +114,8 @@ trace_find_event_field(struct trace_event_call *call, char *name) static int __trace_define_field(struct list_head *head, const char *type, const char *name, int offset, int size, - int is_signed, int filter_type, int len) + int is_signed, int filter_type, int len, + int need_test) { struct ftrace_event_field *field; @@ -133,6 +134,7 @@ static int __trace_define_field(struct list_head *head, const char *type, field->offset = offset; field->size = size; field->is_signed = is_signed; + field->needs_test = need_test; field->len = len; list_add(&field->link, head); @@ -151,13 +153,13 @@ int trace_define_field(struct trace_event_call *call, const char *type, head = trace_get_fields(call); return __trace_define_field(head, type, name, offset, size, - is_signed, filter_type, 0); + is_signed, filter_type, 0, 0); } EXPORT_SYMBOL_GPL(trace_define_field); static int trace_define_field_ext(struct trace_event_call *call, const char *type, const char *name, int offset, int size, int is_signed, - int filter_type, int len) + int filter_type, int len, int need_test) { struct list_head *head; @@ -166,13 +168,13 @@ static int trace_define_field_ext(struct trace_event_call *call, const char *typ head = trace_get_fields(call); return __trace_define_field(head, type, name, offset, size, - is_signed, filter_type, len); + is_signed, filter_type, len, need_test); } #define __generic_field(type, item, filter_type) \ ret = __trace_define_field(&ftrace_generic_fields, #type, \ #item, 0, 0, is_signed_type(type), \ - filter_type, 0); \ + filter_type, 0, 0); \ if (ret) \ return ret; @@ -181,7 +183,8 @@ static int trace_define_field_ext(struct trace_event_call *call, const char *typ "common_" #item, \ offsetof(typeof(ent), item), \ sizeof(ent.item), \ - is_signed_type(type), FILTER_OTHER, 0); \ + is_signed_type(type), FILTER_OTHER, \ + 0, 0); \ if (ret) \ return ret; @@ -332,6 +335,7 @@ static bool process_pointer(const char *fmt, int len, struct trace_event_call *c /* Return true if the string is safe */ static bool process_string(const char *fmt, int len, struct trace_event_call *call) { + struct trace_event_fields *field; const char *r, *e, *s; e = fmt + len; @@ -372,8 +376,16 @@ static bool process_string(const char *fmt, int len, struct trace_event_call *ca if (process_pointer(fmt, len, call)) return true; - /* Make sure the field is found, and consider it OK for now if it is */ - return find_event_field(fmt, call) != NULL; + /* Make sure the field is found */ + field = find_event_field(fmt, call); + if (!field) + return false; + + /* Test this field's string before printing the event */ + call->flags |= TRACE_EVENT_FL_TEST_STR; + field->needs_test = 1; + + return true; } /* @@ -2586,7 +2598,7 @@ event_define_fields(struct trace_event_call *call) ret = trace_define_field_ext(call, field->type, field->name, offset, field->size, field->is_signed, field->filter_type, - field->len); + field->len, field->needs_test); if (WARN_ON_ONCE(ret)) { pr_err("error code is %d\n", ret); break; diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c index da748b7cbc4d..03d56f711ad1 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -317,10 +317,14 @@ EXPORT_SYMBOL(trace_raw_output_prep); void trace_event_printf(struct trace_iterator *iter, const char *fmt, ...) { + struct trace_seq *s = &iter->seq; va_list ap; + if (ignore_event(iter)) + return; + va_start(ap, fmt); - trace_check_vprintf(iter, trace_event_format(iter, fmt), ap); + trace_seq_vprintf(s, trace_event_format(iter, fmt), ap); va_end(ap); } EXPORT_SYMBOL(trace_event_printf); -- 2.45.2

6 months

1
0
0 0

[for-linus][PATCH 3/4] tracing: Add "%s" check in test_event_printk()

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The test_event_printk() code makes sure that when a trace event is registered, any dereferenced pointers in from the event's TP_printk() are pointing to content in the ring buffer. But currently it does not handle "%s", as there's cases where the string pointer saved in the ring buffer points to a static string in the kernel that will never be freed. As that is a valid case, the pointer needs to be checked at runtime. Currently the runtime check is done via trace_check_vprintf(), but to not have to replicate everything in vsnprintf() it does some logic with the va_list that may not be reliable across architectures. In order to get rid of that logic, more work in the test_event_printk() needs to be done. Some of the strings can be validated at this time when it is obvious the string is valid because the string will be saved in the ring buffer content. Do all the validation of strings in the ring buffer at boot in test_event_printk(), and make sure that the field of the strings that point into the kernel are accessible. This will allow adding checks at runtime that will validate the fields themselves and not rely on paring the TP_printk() format at runtime. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Al Viro <viro(a)ZenIV.linux.org.uk> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/20241217024720.685917008@goodmis.org Fixes: 5013f454a352c ("tracing: Add check of trace event print fmts for dereferencing pointers") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_events.c | 104 ++++++++++++++++++++++++++++++------ 1 file changed, 89 insertions(+), 15 deletions(-) diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index df75c06bb23f..521ad2fd1fe7 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -244,19 +244,16 @@ int trace_event_get_offsets(struct trace_event_call *call) return tail->offset + tail->size; } -/* - * Check if the referenced field is an array and return true, - * as arrays are OK to dereference. - */ -static bool test_field(const char *fmt, struct trace_event_call *call) + +static struct trace_event_fields *find_event_field(const char *fmt, + struct trace_event_call *call) { struct trace_event_fields *field = call->class->fields_array; - const char *array_descriptor; const char *p = fmt; int len; if (!(len = str_has_prefix(fmt, "REC->"))) - return false; + return NULL; fmt += len; for (p = fmt; *p; p++) { if (!isalnum(*p) && *p != '_') @@ -267,11 +264,26 @@ static bool test_field(const char *fmt, struct trace_event_call *call) for (; field->type; field++) { if (strncmp(field->name, fmt, len) || field->name[len]) continue; - array_descriptor = strchr(field->type, '['); - /* This is an array and is OK to dereference. */ - return array_descriptor != NULL; + + return field; } - return false; + return NULL; +} + +/* + * Check if the referenced field is an array and return true, + * as arrays are OK to dereference. + */ +static bool test_field(const char *fmt, struct trace_event_call *call) +{ + struct trace_event_fields *field; + + field = find_event_field(fmt, call); + if (!field) + return false; + + /* This is an array and is OK to dereference. */ + return strchr(field->type, '[') != NULL; } /* Look for a string within an argument */ @@ -317,6 +329,53 @@ static bool process_pointer(const char *fmt, int len, struct trace_event_call *c return false; } +/* Return true if the string is safe */ +static bool process_string(const char *fmt, int len, struct trace_event_call *call) +{ + const char *r, *e, *s; + + e = fmt + len; + + /* + * There are several helper functions that return strings. + * If the argument contains a function, then assume its field is valid. + * It is considered that the argument has a function if it has: + * alphanumeric or '_' before a parenthesis. + */ + s = fmt; + do { + r = strstr(s, "("); + if (!r || r >= e) + break; + for (int i = 1; r - i >= s; i++) { + char ch = *(r - i); + if (isspace(ch)) + continue; + if (isalnum(ch) || ch == '_') + return true; + /* Anything else, this isn't a function */ + break; + } + /* A function could be wrapped in parethesis, try the next one */ + s = r + 1; + } while (s < e); + + /* + * If there's any strings in the argument consider this arg OK as it + * could be: REC->field ? "foo" : "bar" and we don't want to get into + * verifying that logic here. + */ + if (find_print_string(fmt, "\"", e)) + return true; + + /* Dereferenced strings are also valid like any other pointer */ + if (process_pointer(fmt, len, call)) + return true; + + /* Make sure the field is found, and consider it OK for now if it is */ + return find_event_field(fmt, call) != NULL; +} + /* * Examine the print fmt of the event looking for unsafe dereference * pointers using %p* that could be recorded in the trace event and @@ -326,6 +385,7 @@ static bool process_pointer(const char *fmt, int len, struct trace_event_call *c static void test_event_printk(struct trace_event_call *call) { u64 dereference_flags = 0; + u64 string_flags = 0; bool first = true; const char *fmt; int parens = 0; @@ -416,8 +476,16 @@ static void test_event_printk(struct trace_event_call *call) star = true; continue; } - if ((fmt[i + j] == 's') && star) - arg++; + if ((fmt[i + j] == 's')) { + if (star) + arg++; + if (WARN_ONCE(arg == 63, + "Too many args for event: %s", + trace_event_name(call))) + return; + dereference_flags |= 1ULL << arg; + string_flags |= 1ULL << arg; + } break; } break; @@ -464,7 +532,10 @@ static void test_event_printk(struct trace_event_call *call) } if (dereference_flags & (1ULL << arg)) { - if (process_pointer(fmt + start_arg, e - start_arg, call)) + if (string_flags & (1ULL << arg)) { + if (process_string(fmt + start_arg, e - start_arg, call)) + dereference_flags &= ~(1ULL << arg); + } else if (process_pointer(fmt + start_arg, e - start_arg, call)) dereference_flags &= ~(1ULL << arg); } @@ -476,7 +547,10 @@ static void test_event_printk(struct trace_event_call *call) } if (dereference_flags & (1ULL << arg)) { - if (process_pointer(fmt + start_arg, i - start_arg, call)) + if (string_flags & (1ULL << arg)) { + if (process_string(fmt + start_arg, i - start_arg, call)) + dereference_flags &= ~(1ULL << arg); + } else if (process_pointer(fmt + start_arg, i - start_arg, call)) dereference_flags &= ~(1ULL << arg); } -- 2.45.2

6 months

1
0
0 0

[for-linus][PATCH 2/4] tracing: Add missing helper functions in event pointer dereference check

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The process_pointer() helper function looks to see if various trace event macros are used. These macros are for storing data in the event. This makes it safe to dereference as the dereference will then point into the event on the ring buffer where the content of the data stays with the event itself. A few helper functions were missing. Those were: __get_rel_dynamic_array() __get_dynamic_array_len() __get_rel_dynamic_array_len() __get_rel_sockaddr() Also add a helper function find_print_string() to not need to use a middle man variable to test if the string exists. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Al Viro <viro(a)ZenIV.linux.org.uk> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/20241217024720.521836792@goodmis.org Fixes: 5013f454a352c ("tracing: Add check of trace event print fmts for dereferencing pointers") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_events.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 14e160a5b905..df75c06bb23f 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -274,6 +274,15 @@ static bool test_field(const char *fmt, struct trace_event_call *call) return false; } +/* Look for a string within an argument */ +static bool find_print_string(const char *arg, const char *str, const char *end) +{ + const char *r; + + r = strstr(arg, str); + return r && r < end; +} + /* Return true if the argument pointer is safe */ static bool process_pointer(const char *fmt, int len, struct trace_event_call *call) { @@ -292,9 +301,17 @@ static bool process_pointer(const char *fmt, int len, struct trace_event_call *c a = strchr(fmt, '&'); if ((a && (a < r)) || test_field(r, call)) return true; - } else if ((r = strstr(fmt, "__get_dynamic_array(")) && r < e) { + } else if (find_print_string(fmt, "__get_dynamic_array(", e)) { + return true; + } else if (find_print_string(fmt, "__get_rel_dynamic_array(", e)) { + return true; + } else if (find_print_string(fmt, "__get_dynamic_array_len(", e)) { + return true; + } else if (find_print_string(fmt, "__get_rel_dynamic_array_len(", e)) { + return true; + } else if (find_print_string(fmt, "__get_sockaddr(", e)) { return true; - } else if ((r = strstr(fmt, "__get_sockaddr(")) && r < e) { + } else if (find_print_string(fmt, "__get_rel_sockaddr(", e)) { return true; } return false; -- 2.45.2

6 months

1
0
0 0

[for-linus][PATCH 1/4] tracing: Fix test_event_printk() to process entire print argument

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The test_event_printk() analyzes print formats of trace events looking for cases where it may dereference a pointer that is not in the ring buffer which can possibly be a bug when the trace event is read from the ring buffer and the content of that pointer no longer exists. The function needs to accurately go from one print format argument to the next. It handles quotes and parenthesis that may be included in an argument. When it finds the start of the next argument, it uses a simple "c = strstr(fmt + i, ',')" to find the end of that argument! In order to include "%s" dereferencing, it needs to process the entire content of the print format argument and not just the content of the first ',' it finds. As there may be content like: ({ const char *saved_ptr = trace_seq_buffer_ptr(p); static const char *access_str[] = { "---", "--x", "w--", "w-x", "-u-", "-ux", "wu-", "wux" }; union kvm_mmu_page_role role; role.word = REC->role; trace_seq_printf(p, "sp gen %u gfn %llx l%u %u-byte q%u%s %s%s" " %snxe %sad root %u %s%c", REC->mmu_valid_gen, REC->gfn, role.level, role.has_4_byte_gpte ? 4 : 8, role.quadrant, role.direct ? " direct" : "", access_str[role.access], role.invalid ? " invalid" : "", role.efer_nx ? "" : "!", role.ad_disabled ? "!" : "", REC->root_count, REC->unsync ? "unsync" : "sync", 0); saved_ptr; }) Which is an example of a full argument of an existing event. As the code already handles finding the next print format argument, process the argument at the end of it and not the start of it. This way it has both the start of the argument as well as the end of it. Add a helper function "process_pointer()" that will do the processing during the loop as well as at the end. It also makes the code cleaner and easier to read. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Al Viro <viro(a)ZenIV.linux.org.uk> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/20241217024720.362271189@goodmis.org Fixes: 5013f454a352c ("tracing: Add check of trace event print fmts for dereferencing pointers") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_events.c | 82 ++++++++++++++++++++++++------------- 1 file changed, 53 insertions(+), 29 deletions(-) diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 77e68efbd43e..14e160a5b905 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -265,8 +265,7 @@ static bool test_field(const char *fmt, struct trace_event_call *call) len = p - fmt; for (; field->type; field++) { - if (strncmp(field->name, fmt, len) || - field->name[len]) + if (strncmp(field->name, fmt, len) || field->name[len]) continue; array_descriptor = strchr(field->type, '['); /* This is an array and is OK to dereference. */ @@ -275,6 +274,32 @@ static bool test_field(const char *fmt, struct trace_event_call *call) return false; } +/* Return true if the argument pointer is safe */ +static bool process_pointer(const char *fmt, int len, struct trace_event_call *call) +{ + const char *r, *e, *a; + + e = fmt + len; + + /* Find the REC-> in the argument */ + r = strstr(fmt, "REC->"); + if (r && r < e) { + /* + * Addresses of events on the buffer, or an array on the buffer is + * OK to dereference. There's ways to fool this, but + * this is to catch common mistakes, not malicious code. + */ + a = strchr(fmt, '&'); + if ((a && (a < r)) || test_field(r, call)) + return true; + } else if ((r = strstr(fmt, "__get_dynamic_array(")) && r < e) { + return true; + } else if ((r = strstr(fmt, "__get_sockaddr(")) && r < e) { + return true; + } + return false; +} + /* * Examine the print fmt of the event looking for unsafe dereference * pointers using %p* that could be recorded in the trace event and @@ -285,12 +310,12 @@ static void test_event_printk(struct trace_event_call *call) { u64 dereference_flags = 0; bool first = true; - const char *fmt, *c, *r, *a; + const char *fmt; int parens = 0; char in_quote = 0; int start_arg = 0; int arg = 0; - int i; + int i, e; fmt = call->print_fmt; @@ -403,42 +428,41 @@ static void test_event_printk(struct trace_event_call *call) case ',': if (in_quote || parens) continue; + e = i; i++; while (isspace(fmt[i])) i++; - start_arg = i; - if (!(dereference_flags & (1ULL << arg))) - goto next_arg; - /* Find the REC-> in the argument */ - c = strchr(fmt + i, ','); - r = strstr(fmt + i, "REC->"); - if (r && (!c || r < c)) { - /* - * Addresses of events on the buffer, - * or an array on the buffer is - * OK to dereference. - * There's ways to fool this, but - * this is to catch common mistakes, - * not malicious code. - */ - a = strchr(fmt + i, '&'); - if ((a && (a < r)) || test_field(r, call)) + /* + * If start_arg is zero, then this is the start of the + * first argument. The processing of the argument happens + * when the end of the argument is found, as it needs to + * handle paranthesis and such. + */ + if (!start_arg) { + start_arg = i; + /* Balance out the i++ in the for loop */ + i--; + continue; + } + + if (dereference_flags & (1ULL << arg)) { + if (process_pointer(fmt + start_arg, e - start_arg, call)) dereference_flags &= ~(1ULL << arg); - } else if ((r = strstr(fmt + i, "__get_dynamic_array(")) && - (!c || r < c)) { - dereference_flags &= ~(1ULL << arg); - } else if ((r = strstr(fmt + i, "__get_sockaddr(")) && - (!c || r < c)) { - dereference_flags &= ~(1ULL << arg); } - next_arg: - i--; + start_arg = i; arg++; + /* Balance out the i++ in the for loop */ + i--; } } + if (dereference_flags & (1ULL << arg)) { + if (process_pointer(fmt + start_arg, i - start_arg, call)) + dereference_flags &= ~(1ULL << arg); + } + /* * If you triggered the below warning, the trace event reported * uses an unsafe dereference pointer %p*. As the data stored -- 2.45.2

6 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Fix memory leak by correcting cache object name in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2828e5808bcd5aae7fdcd169cac1efa2701fa2dd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121518-unspoken-ladle-1d6a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2828e5808bcd5aae7fdcd169cac1efa2701fa2dd Mon Sep 17 00:00:00 2001 From: Jiasheng Jiang <jiashengjiangcool(a)outlook.com> Date: Wed, 27 Nov 2024 20:10:42 +0000 Subject: [PATCH] drm/i915: Fix memory leak by correcting cache object name in error handler Replace "slab_priorities" with "slab_dependencies" in the error handler to avoid memory leak. Fixes: 32eb6bcfdda9 ("drm/i915: Make request allocation caches global") Cc: <stable(a)vger.kernel.org> # v5.2+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)outlook.com> Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241127201042.29620-1-jiashe… (cherry picked from commit 9bc5e7dc694d3112bbf0fa4c46ef0fa0f114937a) Signed-off-by: Tvrtko Ursulin <tursulin(a)ursulin.net> diff --git a/drivers/gpu/drm/i915/i915_scheduler.c b/drivers/gpu/drm/i915/i915_scheduler.c index 762127dd56c5..70a854557e6e 100644 --- a/drivers/gpu/drm/i915/i915_scheduler.c +++ b/drivers/gpu/drm/i915/i915_scheduler.c @@ -506,6 +506,6 @@ int __init i915_scheduler_module_init(void) return 0; err_priorities: - kmem_cache_destroy(slab_priorities); + kmem_cache_destroy(slab_dependencies); return -ENOMEM; }

6 months

3
2
0 0

6.12.4: System partially freezes with _swap_info_get: Unused swap offset entry

by Kai Krakow

Sorry for posting without subject. Added. Thanks. Am Mi., 18. Dez. 2024 um 01:57 Uhr schrieb Kai Krakow <kai(a)kaishome.de>: > > Hello! > > Running 6.12.4 on Gentoo, using zswap with zsmalloc. > > Since 6.12, I often experience the following error while > installing/compiling packages: > > Dez 16 03:11:58 jupiter kernel: Huh VM_FAULT_OOM leaked out to the #PF > handler. Retrying PF > Dez 16 03:11:58 jupiter kernel: Huh VM_FAULT_OOM leaked out to the #PF > handler. Retrying PF > Dez 16 03:11:58 jupiter kernel: Huh VM_FAULT_OOM leaked out to the #PF > handler. Retrying PF > Dez 16 03:11:58 jupiter kernel: Huh VM_FAULT_OOM leaked out to the #PF > handler. Retrying PF > Dez 16 03:11:58 jupiter kernel: Huh VM_FAULT_OOM leaked out to the #PF > handler. Retrying PF > Dez 16 03:11:58 jupiter kernel: Huh VM_FAULT_OOM leaked out to the #PF > handler. Retrying PF > Dez 16 03:11:58 jupiter kernel: Huh VM_FAULT_OOM leaked out to the #PF > handler. Retrying PF > Dez 16 03:11:58 jupiter kernel: Huh VM_FAULT_OOM leaked out to the #PF > handler. Retrying PF > Dez 16 03:11:58 jupiter kernel: Huh VM_FAULT_OOM leaked out to the #PF > handler. Retrying PF > Dez 16 03:11:58 jupiter kernel: Huh VM_FAULT_OOM leaked out to the #PF > handler. Retrying PF > Dez 16 03:12:03 jupiter kernel: pagefault_out_of_memory: 8645812 > callbacks suppressed > > Programs then slowly start to stop responding and the system won't > shut down cleanly. > > I'm starting to get backtraces after a while: > > Dez 16 03:58:17 jupiter kernel: ------------[ cut here ]------------ > Dez 16 03:58:17 jupiter kernel: WARNING: CPU: 5 PID: 5149 at > mm/swapfile.c:1566 free_swap_and_cache_nr+0xab/0x540 > Dez 16 03:58:17 jupiter kernel: Modules linked in: nfnetlink_queue > nf_conntrack_netlink ip6t_REJECT nf_reject_ipv6 ip6table_nat > ip6table_filter xt_nat ipt_REJECT nf_reject_ipv4 xt_NFQUEUE xt_mark > xt_connmark iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 > nf_defrag_ipv4 iptable_filter ip6table_mangle ip6_tables > iptable_mangle xt_DSCP xt_tcpudp ip_tables x_tables rfcomm > snd_hrtimer> > Dez 16 03:58:17 jupiter kernel: gpu_sched drm_gpuvm drm_exec i915 > drm_buddy drm_display_helper ttm nvidia_uvm(PO) nvidia_modeset(PO) > nvidia(PO) lm92 efivarfs > Dez 16 03:58:17 jupiter kernel: CPU: 5 UID: 1000 PID: 5149 Comm: > QXcbEventQueue Tainted: P O 6.12.4-gentoo-r1 #1 > Dez 16 03:58:17 jupiter kernel: Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE > Dez 16 03:58:17 jupiter kernel: Hardware name: ASRock Z690 Pro RS/Z690 > Pro RS, BIOS 18.02 01/04/2024 > Dez 16 03:58:17 jupiter kernel: RIP: 0010:free_swap_and_cache_nr+0xab/0x540 > Dez 16 03:58:17 jupiter kernel: Code: 31 ed 4c 89 7c 24 10 49 89 dc 48 > ba 00 00 00 00 00 00 00 fc 48 89 5c 24 18 45 89 ef 48 21 d1 44 88 4c > 24 26 48 89 0c 24 eb 1c <0f> 0b 41 83 c7 01 49 83 c4 01 45 39 fe 0f 8e > dd 00 00 00 48 8b 45 > Dez 16 03:58:17 jupiter kernel: RSP: 0018:ffffb2bcc984bac8 EFLAGS: 00010246 > Dez 16 03:58:17 jupiter kernel: RAX: 0000000000000000 RBX: > 00000000002c1603 RCX: 0000000000000000 > Dez 16 03:58:17 jupiter kernel: RDX: fc00000000000000 RSI: > 0000000000000001 RDI: ffff8e093c170f00 > Dez 16 03:58:17 jupiter kernel: RBP: ffff8e084a8bec00 R08: > 0000000000000008 R09: 0000000000000000 > Dez 16 03:58:17 jupiter kernel: R10: ffffd68059365ec0 R11: > 0000000000000000 R12: 00000000002c1603 > Dez 16 03:58:17 jupiter kernel: R13: 0000000000000000 R14: > 0000000000000001 R15: 0000000000000000 > Dez 16 03:58:17 jupiter kernel: FS: 0000000000000000(0000) > GS:ffff8e0f6f340000(0000) knlGS:0000000000000000 > Dez 16 03:58:17 jupiter kernel: CS: 0010 DS: 0000 ES: 0000 CR0: > 0000000080050033 > Dez 16 03:58:17 jupiter kernel: CR2: 0000188c00a50000 CR3: > 00000007db42b000 CR4: 0000000000f52ef0 > Dez 16 03:58:17 jupiter kernel: PKRU: 55555554 > Dez 16 03:58:17 jupiter kernel: Call Trace: > Dez 16 03:58:17 jupiter kernel: <TASK> > Dez 16 03:58:17 jupiter kernel: ? __warn.cold+0x90/0x9e > Dez 16 03:58:17 jupiter kernel: ? free_swap_and_cache_nr+0xab/0x540 > Dez 16 03:58:17 jupiter kernel: ? report_bug+0xf6/0x140 > Dez 16 03:58:17 jupiter kernel: ? handle_bug+0x4f/0x90 > Dez 16 03:58:17 jupiter kernel: ? exc_invalid_op+0x17/0x60 > Dez 16 03:58:17 jupiter kernel: ? asm_exc_invalid_op+0x1a/0x20 > Dez 16 03:58:17 jupiter kernel: ? free_swap_and_cache_nr+0xab/0x540 > Dez 16 03:58:17 jupiter kernel: ? free_swap_and_cache_nr+0x2c/0x540 > Dez 16 03:58:17 jupiter kernel: ? swap_pte_batch+0xdc/0x1f0 > Dez 16 03:58:17 jupiter kernel: unmap_page_range+0xa18/0x16b0 > Dez 16 03:58:17 jupiter kernel: unmap_vmas+0xb7/0x170 > Dez 16 03:58:17 jupiter kernel: exit_mmap+0xfb/0x280 > Dez 16 03:58:17 jupiter kernel: __mmput+0x35/0x120 > Dez 16 03:58:17 jupiter kernel: do_exit+0x255/0x930 > Dez 16 03:58:17 jupiter kernel: do_group_exit+0x2b/0x80 > Dez 16 03:58:17 jupiter kernel: get_signal+0x774/0x7b0 > Dez 16 03:58:17 jupiter kernel: arch_do_signal_or_restart+0x29/0x230 > Dez 16 03:58:17 jupiter kernel: syscall_exit_to_user_mode+0x7b/0xf0 > Dez 16 03:58:17 jupiter kernel: do_syscall_64+0x57/0x100 > Dez 16 03:58:17 jupiter kernel: entry_SYSCALL_64_after_hwframe+0x4b/0x53 > Dez 16 03:58:17 jupiter kernel: RIP: 0033:0x564111720e3f > Dez 16 03:58:17 jupiter kernel: Code: Unable to access opcode bytes at > 0x564111720e15. > Dez 16 03:58:17 jupiter kernel: RSP: 002b:000056410b1fda00 EFLAGS: > 00000293 ORIG_RAX: 0000000000000007 > Dez 16 03:58:17 jupiter kernel: RAX: fffffffffffffdfc RBX: > 0000564131839600 RCX: 0000564111720e3f > Dez 16 03:58:17 jupiter kernel: RDX: 00000000ffffffff RSI: > 0000000000000001 RDI: 000056410b1fda48 > Dez 16 03:58:17 jupiter kernel: RBP: 000056410b1fdb20 R08: > 0000000000000000 R09: 0000000000000081 > Dez 16 03:58:17 jupiter kernel: R10: 0000000000000000 R11: > 0000000000000293 R12: 000056410b1fda48 > Dez 16 03:58:17 jupiter kernel: R13: 0000000000000000 R14: > 0000000000000000 R15: 0000564131839618 > Dez 16 03:58:17 jupiter kernel: </TASK> > Dez 16 03:58:17 jupiter kernel: ---[ end trace 0000000000000000 ]--- > Dez 16 03:58:17 jupiter kernel: BUG: Bad rss-counter state > mm:00000000bf899335 type:MM_ANONPAGES val:1 > Dez 16 03:58:17 jupiter kernel: BUG: Bad rss-counter state > mm:00000000bf899335 type:MM_SHMEMPAGES val:-1 > Dez 16 03:58:17 jupiter kernel: BUG: Bad page cache in process > QXcbEventQueue pfn:81fdec > Dez 16 03:58:17 jupiter kernel: page: refcount:3 mapcount:1 > mapping:00000000e6a99870 index:0x10 pfn:0x81fdec > Dez 16 03:58:17 jupiter kernel: memcg:ffff8e09819f9000 > Dez 16 03:58:17 jupiter kernel: aops:0xffffffffbb027a60 ino:20c5 > Dez 16 03:58:17 jupiter kernel: flags: > 0xa00000000002002d(locked|referenced|uptodate|lru|swapbacked|zone=2) > Dez 16 03:58:17 jupiter kernel: raw: a00000000002002d ffffd680607facc8 > ffffd6806075c308 ffff8e0805f5e0b8 > Dez 16 03:58:17 jupiter kernel: raw: 0000000000000010 0000000000000000 > 0000000300000000 ffff8e09819f9000 > Dez 16 03:58:17 jupiter kernel: page dumped because: still mapped when deleted > > When trying to kill processes with sysrq or via kill command, those > processes usually get stuck in state D and I get the following errors > in dmesg: > > Dez 16 20:40:12 jupiter kernel: _swap_info_get: Unused swap offset > entry 002c16ee > Dez 16 20:40:12 jupiter kernel: _swap_info_get: Unused swap offset > entry 002c16c0 > Dez 16 20:40:12 jupiter kernel: _swap_info_get: Unused swap offset > entry 002c16c1 > Dez 16 20:40:12 jupiter kernel: _swap_info_get: Unused swap offset > entry 002c1760 > Dez 16 20:40:12 jupiter kernel: _swap_info_get: Unused swap offset > entry 40000000004ce36 > Dez 16 20:40:12 jupiter kernel: _swap_info_get: Unused swap offset > entry 40000000004ce1d > Dez 16 20:40:12 jupiter kernel: _swap_info_get: Unused swap offset > entry 40000000004ce52 > Dez 16 20:40:12 jupiter kernel: _swap_info_get: Unused swap offset > entry 40000000004ced8 > Dez 16 20:40:12 jupiter kernel: _swap_info_get: Unused swap offset > entry 40000000004ced9 > Dez 16 20:40:12 jupiter kernel: _swap_info_get: Unused swap offset > entry 40000000004cec4 > Dez 16 20:40:12 jupiter kernel: _swap_info_get: Unused swap offset > entry 40000000004cec3 > > The system can then only be rebooted with alt+sysrq+b. > > Regards, > Kai

6 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Fix memory leak by correcting cache object name in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2828e5808bcd5aae7fdcd169cac1efa2701fa2dd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121517-deserve-wharf-c2d0@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2828e5808bcd5aae7fdcd169cac1efa2701fa2dd Mon Sep 17 00:00:00 2001 From: Jiasheng Jiang <jiashengjiangcool(a)outlook.com> Date: Wed, 27 Nov 2024 20:10:42 +0000 Subject: [PATCH] drm/i915: Fix memory leak by correcting cache object name in error handler Replace "slab_priorities" with "slab_dependencies" in the error handler to avoid memory leak. Fixes: 32eb6bcfdda9 ("drm/i915: Make request allocation caches global") Cc: <stable(a)vger.kernel.org> # v5.2+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)outlook.com> Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241127201042.29620-1-jiashe… (cherry picked from commit 9bc5e7dc694d3112bbf0fa4c46ef0fa0f114937a) Signed-off-by: Tvrtko Ursulin <tursulin(a)ursulin.net> diff --git a/drivers/gpu/drm/i915/i915_scheduler.c b/drivers/gpu/drm/i915/i915_scheduler.c index 762127dd56c5..70a854557e6e 100644 --- a/drivers/gpu/drm/i915/i915_scheduler.c +++ b/drivers/gpu/drm/i915/i915_scheduler.c @@ -506,6 +506,6 @@ int __init i915_scheduler_module_init(void) return 0; err_priorities: - kmem_cache_destroy(slab_priorities); + kmem_cache_destroy(slab_dependencies); return -ENOMEM; }

6 months

5
6
0 0

+ fs-proc-task_mmu-fix-pagemap-flags-with-pmd-thp-entries-on-32bit.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc/task_mmu: fix pagemap flags with PMD THP entries on 32bit has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-proc-task_mmu-fix-pagemap-flags-with-pmd-thp-entries-on-32bit.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: fs/proc/task_mmu: fix pagemap flags with PMD THP entries on 32bit Date: Tue, 17 Dec 2024 20:50:00 +0100 Entries (including flags) are u64, even on 32bit. So right now we are cutting of the flags on 32bit. This way, for example the cow selftest complains about: # ./cow ... Bail Out! read and ioctl return unmatched results for populated: 0 1 Link: https://lkml.kernel.org/r/20241217195000.1734039-1-david@redhat.com Fixes: 2c1f057e5be6 ("fs/proc/task_mmu: properly detect PM_MMAP_EXCLUSIVE per page of PMD-mapped THPs") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-pagemap-flags-with-pmd-thp-entries-on-32bit +++ a/fs/proc/task_mmu.c @@ -1810,7 +1810,7 @@ static int pagemap_pmd_range(pmd_t *pmdp } for (; addr != end; addr += PAGE_SIZE, idx++) { - unsigned long cur_flags = flags; + u64 cur_flags = flags; pagemap_entry_t pme; if (folio && (flags & PM_PRESENT) && _ Patches currently in -mm which might be from david(a)redhat.com are mm-page_alloc-dont-call-pfn_to_page-on-possibly-non-existent-pfn-in-split_large_buddy.patch fs-proc-task_mmu-fix-pagemap-flags-with-pmd-thp-entries-on-32bit.patch docs-tmpfs-update-the-large-folios-policy-for-tmpfs-and-shmem.patch mm-memory_hotplug-move-debug_pagealloc_map_pages-into-online_pages_range.patch mm-page_isolation-dont-pass-gfp-flags-to-isolate_single_pageblock.patch mm-page_isolation-dont-pass-gfp-flags-to-start_isolate_page_range.patch mm-page_alloc-make-__alloc_contig_migrate_range-static.patch mm-page_alloc-sort-out-the-alloc_contig_range-gfp-flags-mess.patch mm-page_alloc-forward-the-gfp-flags-from-alloc_contig_range-to-post_alloc_hook.patch powernv-memtrace-use-__gfp_zero-with-alloc_contig_pages.patch mm-hugetlb-dont-map-folios-writable-without-vm_write-when-copying-during-fork.patch fs-proc-vmcore-convert-vmcore_cb_lock-into-vmcore_mutex.patch fs-proc-vmcore-replace-vmcoredd_mutex-by-vmcore_mutex.patch fs-proc-vmcore-disallow-vmcore-modifications-while-the-vmcore-is-open.patch fs-proc-vmcore-prefix-all-pr_-with-vmcore.patch fs-proc-vmcore-move-vmcore-definitions-out-of-kcoreh.patch fs-proc-vmcore-factor-out-allocating-a-vmcore-range-and-adding-it-to-a-list.patch fs-proc-vmcore-factor-out-freeing-a-list-of-vmcore-ranges.patch fs-proc-vmcore-introduce-proc_vmcore_device_ram-to-detect-device-ram-ranges-in-2nd-kernel.patch virtio-mem-mark-device-ready-before-registering-callbacks-in-kdump-mode.patch virtio-mem-remember-usable-region-size.patch virtio-mem-support-config_proc_vmcore_device_ram.patch s390-kdump-virtio-mem-kdump-support-config_proc_vmcore_device_ram.patch mm-page_alloc-dont-use-__gfp_hardwall-when-migrating-pages-via-alloc_contig.patch mm-memory_hotplug-dont-use-__gfp_hardwall-when-migrating-pages-via-memory-offlining.patch

6 months

1
0
0 0

[PATCH 1/5] clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe

by Daniel Golle

Commit 973d1607d936 ("clk: mediatek: mt2701: use mtk_clk_simple_probe to simplify driver") broke DT bindings as the highest index was reduced by 1 because the id count starts from 1 and not from 0. Fix this, like for other drivers which had the same issue, by adding a dummy clk at index 0. Fixes: 973d1607d936 ("clk: mediatek: mt2701: use mtk_clk_simple_probe to simplify driver") Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Golle <daniel(a)makrotopia.org> --- drivers/clk/mediatek/clk-mt2701-vdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/clk/mediatek/clk-mt2701-vdec.c b/drivers/clk/mediatek/clk-mt2701-vdec.c index 94db86f8d0a4..5299d92f3aba 100644 --- a/drivers/clk/mediatek/clk-mt2701-vdec.c +++ b/drivers/clk/mediatek/clk-mt2701-vdec.c @@ -31,6 +31,7 @@ static const struct mtk_gate_regs vdec1_cg_regs = { GATE_MTK(_id, _name, _parent, &vdec1_cg_regs, _shift, &mtk_clk_gate_ops_setclr_inv) static const struct mtk_gate vdec_clks[] = { + GATE_DUMMY(CLK_DUMMY, "vdec_dummy"), GATE_VDEC0(CLK_VDEC_CKGEN, "vdec_cken", "vdec_sel", 0), GATE_VDEC1(CLK_VDEC_LARB, "vdec_larb_cken", "mm_sel", 0), }; -- 2.47.1

6 months

3
14
0 0

[PATCH v1] fs/proc/task_mmu: fix pagemap flags with PMD THP entries on 32bit

by David Hildenbrand

Entries (including flags) are u64, even on 32bit. So right now we are cutting of the flags on 32bit. This way, for example the cow selftest complains about: # ./cow ... Bail Out! read and ioctl return unmatched results for populated: 0 1 Fixes: 2c1f057e5be6 ("fs/proc/task_mmu: properly detect PM_MMAP_EXCLUSIVE per page of PMD-mapped THPs") Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 38a5a3e9cba20..f02cd362309a0 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -1810,7 +1810,7 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, } for (; addr != end; addr += PAGE_SIZE, idx++) { - unsigned long cur_flags = flags; + u64 cur_flags = flags; pagemap_entry_t pme; if (folio && (flags & PM_PRESENT) && -- 2.47.1

6 months

1
0
0 0

[PATCH AUTOSEL 5.15 01/13] PCI: Add ACS quirk for Broadcom BCM5760X NIC

by Sasha Levin

From: Ajit Khaparde <ajit.khaparde(a)broadcom.com> [ Upstream commit 524e057b2d66b61f9b63b6db30467ab7b0bb4796 ] The Broadcom BCM5760X NIC may be a multi-function device. While it does not advertise an ACS capability, peer-to-peer transactions are not possible between the individual functions. So it is ok to treat them as fully isolated. Add an ACS quirk for this device so the functions can be in independent IOMMU groups and attached individually to userspace applications using VFIO. [kwilczynski: commit log] Link: https://lore.kernel.org/linux-pci/20240510204228.73435-1-ajit.khaparde@broa… Signed-off-by: Ajit Khaparde <ajit.khaparde(a)broadcom.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Andy Gospodarek <gospo(a)broadcom.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 4d4267105cd2b..842e8fecf0a9a 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -4971,6 +4971,10 @@ static const struct pci_dev_acs_enabled { { PCI_VENDOR_ID_BROADCOM, 0x1750, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1751, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1752, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1760, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1761, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1762, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1763, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0xD714, pci_quirk_brcm_acs }, /* Amazon Annapurna Labs */ { PCI_VENDOR_ID_AMAZON_ANNAPURNA_LABS, 0x0031, pci_quirk_al_acs }, -- 2.43.0

6 months

2
14
0 0

+ maple_tree-reload-mas-before-the-second-call-for-mas_empty_area-fix.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: maple_tree: fix mas_alloc_cyclic() second search has been added to the -mm mm-hotfixes-unstable branch. Its filename is maple_tree-reload-mas-before-the-second-call-for-mas_empty_area-fix.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)Oracle.com> Subject: maple_tree: fix mas_alloc_cyclic() second search Date: Mon, 16 Dec 2024 14:01:12 -0500 The first search may leave the maple state in an error state. Reset the maple state before the second search so that the search has a chance of executing correctly after an exhausted first search. Link: https://lore.kernel.org/all/20241216060600.287B4C4CED0@smtp.kernel.org/ Link: https://lkml.kernel.org/r/20241216190113.1226145-2-Liam.Howlett@oracle.com Fixes: 9b6713cc7522 ("maple_tree: Add mtree_alloc_cyclic()") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reviewed-by: Yang Erkun <yangerkun(a)huawei.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Chuck Lever <chuck.lever(a)oracle.com> says: Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/lib/maple_tree.c~maple_tree-reload-mas-before-the-second-call-for-mas_empty_area-fix +++ a/lib/maple_tree.c @@ -4346,7 +4346,6 @@ int mas_alloc_cyclic(struct ma_state *ma { unsigned long min = range_lo; int ret = 0; - struct ma_state m = *mas; range_lo = max(min, *next); ret = mas_empty_area(mas, range_lo, range_hi, 1); @@ -4355,7 +4354,7 @@ int mas_alloc_cyclic(struct ma_state *ma ret = 1; } if (ret < 0 && range_lo > min) { - *mas = m; + mas_reset(mas); ret = mas_empty_area(mas, min, range_hi, 1); if (ret == 0) ret = 1; _ Patches currently in -mm which might be from Liam.Howlett(a)Oracle.com are maple_tree-reload-mas-before-the-second-call-for-mas_empty_area-fix.patch test_maple_tree-test-exhausted-upper-limit-of-mtree_alloc_cyclic.patch

6 months

1
0
0 0

+ maple_tree-fix-mas_alloc_cyclic-second-search.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: maple_tree: fix mas_alloc_cyclic() second search has been added to the -mm mm-hotfixes-unstable branch. Its filename is maple_tree-fix-mas_alloc_cyclic-second-search.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)Oracle.com> Subject: maple_tree: fix mas_alloc_cyclic() second search Date: Mon, 16 Dec 2024 14:01:12 -0500 The first search may leave the maple state in an error state. Reset the maple state before the second search so that the search has a chance of executing correctly after an exhausted first search. Link: https://lore.kernel.org/all/20241216060600.287B4C4CED0@smtp.kernel.org/ Link: https://lkml.kernel.org/r/20241216190113.1226145-2-Liam.Howlett@oracle.com Fixes: 9b6713cc7522 ("maple_tree: Add mtree_alloc_cyclic()") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reviewed-by: Yang Erkun <yangerkun(a)huawei.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Chuck Lever <chuck.lever(a)oracle.com> says: Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/lib/maple_tree.c~maple_tree-fix-mas_alloc_cyclic-second-search +++ a/lib/maple_tree.c @@ -4346,7 +4346,6 @@ int mas_alloc_cyclic(struct ma_state *ma { unsigned long min = range_lo; int ret = 0; - struct ma_state m = *mas; range_lo = max(min, *next); ret = mas_empty_area(mas, range_lo, range_hi, 1); @@ -4355,7 +4354,7 @@ int mas_alloc_cyclic(struct ma_state *ma ret = 1; } if (ret < 0 && range_lo > min) { - *mas = m; + mas_reset(mas); ret = mas_empty_area(mas, min, range_hi, 1); if (ret == 0) ret = 1; _ Patches currently in -mm which might be from Liam.Howlett(a)Oracle.com are maple_tree-fix-mas_alloc_cyclic-second-search.patch test_maple_tree-test-exhausted-upper-limit-of-mtree_alloc_cyclic.patch

6 months

1
0
0 0

[to-be-updated] mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm, compaction: don't use ALLOC_CMA in long term GUP flow has been removed from the -mm tree. Its filename was mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: yangge <yangge1116(a)126.com> Subject: mm, compaction: don't use ALLOC_CMA in long term GUP flow Date: Mon, 16 Dec 2024 19:54:04 +0800 Since commit 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") allow compaction to proceed when free pages required for compaction reside in the CMA pageblocks, it's possible that __compaction_suitable() always returns true, and in some cases, it's not acceptable. There are 4 NUMA nodes on my machine, and each NUMA node has 32GB of memory. I have configured 16GB of CMA memory on each NUMA node, and starting a 32GB virtual machine with device passthrough is extremely slow, taking almost an hour. During the start-up of the virtual machine, it will call pin_user_pages_remote(..., FOLL_LONGTERM, ...) to allocate memory. Long term GUP cannot allocate memory from CMA area, so a maximum of 16 GB of no-CMA memory on a NUMA node can be used as virtual machine memory. Since there is 16G of free CMA memory on the NUMA node, watermark for order-0 always be met for compaction, so __compaction_suitable() always returns true, even if the node is unable to allocate non-CMA memory for the virtual machine. For costly allocations, because __compaction_suitable() always returns true, __alloc_pages_slowpath() can't exit at the appropriate place, resulting in excessively long virtual machine startup times. Call trace: __alloc_pages_slowpath if (compact_result == COMPACT_SKIPPED || compact_result == COMPACT_DEFERRED) goto nopage; // should exit __alloc_pages_slowpath() from here In order to quickly fall back to remote node, we should remove ALLOC_CMA both in __compaction_suitable() and __isolate_free_page() in long term GUP flow. After this fix, starting a 32GB virtual machine with device passthrough takes only a few seconds. Link: https://lkml.kernel.org/r/1734350044-12928-1-git-send-email-yangge1116@126.… Fixes: 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") Signed-off-by: yangge <yangge1116(a)126.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compaction.h | 6 ++++-- mm/compaction.c | 20 +++++++++++--------- mm/internal.h | 3 ++- mm/page_alloc.c | 6 ++++-- mm/page_isolation.c | 3 ++- mm/page_reporting.c | 2 +- mm/vmscan.c | 4 ++-- 7 files changed, 26 insertions(+), 18 deletions(-) --- a/include/linux/compaction.h~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/include/linux/compaction.h @@ -90,7 +90,8 @@ extern enum compact_result try_to_compac struct page **page); extern void reset_isolation_suitable(pg_data_t *pgdat); extern bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx); + int highest_zoneidx, + unsigned int alloc_flags); extern void compaction_defer_reset(struct zone *zone, int order, bool alloc_success); @@ -108,7 +109,8 @@ static inline void reset_isolation_suita } static inline bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx) + int highest_zoneidx, + unsigned int alloc_flags) { return false; } --- a/mm/compaction.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/compaction.c @@ -654,7 +654,7 @@ static unsigned long isolate_freepages_b /* Found a free page, will break it into order-0 pages */ order = buddy_order(page); - isolated = __isolate_free_page(page, order); + isolated = __isolate_free_page(page, order, cc->alloc_flags); if (!isolated) break; set_page_private(page, order); @@ -1633,7 +1633,7 @@ static void fast_isolate_freepages(struc /* Isolate the page if available */ if (page) { - if (__isolate_free_page(page, order)) { + if (__isolate_free_page(page, order, cc->alloc_flags)) { set_page_private(page, order); nr_isolated = 1 << order; nr_scanned += nr_isolated - 1; @@ -2379,6 +2379,7 @@ static enum compact_result compact_finis static bool __compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags, unsigned long wmark_target) { unsigned long watermark; @@ -2393,25 +2394,26 @@ static bool __compaction_suitable(struct * even if compaction succeeds. * For costly orders, we require low watermark instead of min for * compaction to proceed to increase its chances. - * ALLOC_CMA is used, as pages in CMA pageblocks are considered - * suitable migration targets + * In addition to long term GUP flow, ALLOC_CMA is used, as pages in + * CMA pageblocks are considered suitable migration targets */ watermark = (order > PAGE_ALLOC_COSTLY_ORDER) ? low_wmark_pages(zone) : min_wmark_pages(zone); watermark += compact_gap(order); return __zone_watermark_ok(zone, 0, watermark, highest_zoneidx, - ALLOC_CMA, wmark_target); + alloc_flags & ALLOC_CMA, wmark_target); } /* * compaction_suitable: Is this suitable to run compaction on this zone now? */ -bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx) +bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags) { enum compact_result compact_result; bool suitable; - suitable = __compaction_suitable(zone, order, highest_zoneidx, + suitable = __compaction_suitable(zone, order, highest_zoneidx, alloc_flags, zone_page_state(zone, NR_FREE_PAGES)); /* * fragmentation index determines if allocation failures are due to @@ -2472,7 +2474,7 @@ bool compaction_zonelist_suitable(struct available = zone_reclaimable_pages(zone) / order; available += zone_page_state_snapshot(zone, NR_FREE_PAGES); if (__compaction_suitable(zone, order, ac->highest_zoneidx, - available)) + alloc_flags, available)) return true; } @@ -2497,7 +2499,7 @@ compaction_suit_allocation_order(struct alloc_flags)) return COMPACT_SUCCESS; - if (!compaction_suitable(zone, order, highest_zoneidx)) + if (!compaction_suitable(zone, order, highest_zoneidx, alloc_flags)) return COMPACT_SKIPPED; return COMPACT_CONTINUE; --- a/mm/internal.h~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/internal.h @@ -662,7 +662,8 @@ static inline void clear_zone_contiguous zone->contiguous = false; } -extern int __isolate_free_page(struct page *page, unsigned int order); +extern int __isolate_free_page(struct page *page, unsigned int order, + unsigned int alloc_flags); extern void __putback_isolated_page(struct page *page, unsigned int order, int mt); extern void memblock_free_pages(struct page *page, unsigned long pfn, --- a/mm/page_alloc.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/page_alloc.c @@ -2808,7 +2808,8 @@ void split_page(struct page *page, unsig } EXPORT_SYMBOL_GPL(split_page); -int __isolate_free_page(struct page *page, unsigned int order) +int __isolate_free_page(struct page *page, unsigned int order, + unsigned int alloc_flags) { struct zone *zone = page_zone(page); int mt = get_pageblock_migratetype(page); @@ -2822,7 +2823,8 @@ int __isolate_free_page(struct page *pag * exists. */ watermark = zone->_watermark[WMARK_MIN] + (1UL << order); - if (!zone_watermark_ok(zone, 0, watermark, 0, ALLOC_CMA)) + if (!zone_watermark_ok(zone, 0, watermark, 0, + alloc_flags & ALLOC_CMA)) return 0; } --- a/mm/page_isolation.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/page_isolation.c @@ -229,7 +229,8 @@ static void unset_migratetype_isolate(st buddy = find_buddy_page_pfn(page, page_to_pfn(page), order, NULL); if (buddy && !is_migrate_isolate_page(buddy)) { - isolated_page = !!__isolate_free_page(page, order); + isolated_page = !!__isolate_free_page(page, order, + ALLOC_CMA); /* * Isolating a free page in an isolated pageblock * is expected to always work as watermarks don't --- a/mm/page_reporting.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/page_reporting.c @@ -198,7 +198,7 @@ page_reporting_cycle(struct page_reporti /* Attempt to pull page from list and place in scatterlist */ if (*offset) { - if (!__isolate_free_page(page, order)) { + if (!__isolate_free_page(page, order, ALLOC_CMA)) { next = page; break; } --- a/mm/vmscan.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/vmscan.c @@ -5861,7 +5861,7 @@ static inline bool should_continue_recla sc->reclaim_idx, 0)) return false; - if (compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; } @@ -6089,7 +6089,7 @@ static inline bool compaction_ready(stru return true; /* Compaction cannot yet proceed. Do reclaim. */ - if (!compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (!compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; /* _ Patches currently in -mm which might be from yangge1116(a)126.com are

6 months

1
0
0 0

Re: [PATCH 6.12 000/172] 6.12.6-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

6 months

1
0
0 0

+ kcov-mark-in_softirq_really-as-__always_inline.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kcov: mark in_softirq_really() as __always_inline has been added to the -mm mm-hotfixes-unstable branch. Its filename is kcov-mark-in_softirq_really-as-__always_inline.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Arnd Bergmann <arnd(a)arndb.de> Subject: kcov: mark in_softirq_really() as __always_inline Date: Tue, 17 Dec 2024 08:18:10 +0100 If gcc decides not to inline in_softirq_really(), objtool warns about a function call with UACCESS enabled: kernel/kcov.o: warning: objtool: __sanitizer_cov_trace_pc+0x1e: call to in_softirq_really() with UACCESS enabled kernel/kcov.o: warning: objtool: check_kcov_mode+0x11: call to in_softirq_really() with UACCESS enabled Mark this as __always_inline to avoid the problem. Link: https://lkml.kernel.org/r/20241217071814.2261620-1-arnd@kernel.org Fixes: 7d4df2dad312 ("kcov: properly check for softirq context") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Reviewed-by: Marco Elver <elver(a)google.com> Cc: Aleksandr Nogikh <nogikh(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/kcov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/kcov.c~kcov-mark-in_softirq_really-as-__always_inline +++ a/kernel/kcov.c @@ -166,7 +166,7 @@ static void kcov_remote_area_put(struct * Unlike in_serving_softirq(), this function returns false when called during * a hardirq or an NMI that happened in the softirq context. */ -static inline bool in_softirq_really(void) +static __always_inline bool in_softirq_really(void) { return in_serving_softirq() && !in_hardirq() && !in_nmi(); } _ Patches currently in -mm which might be from arnd(a)arndb.de are kcov-mark-in_softirq_really-as-__always_inline.patch

6 months

1
0
0 0

Re: FAILED: patch "[PATCH] drm/i915: Fix memory leak by correcting cache object name in" failed to apply to 5.10-stable tree

by Andi Shyti

Hi Jiasheng, > Yes. I have submitted the patch for 5.10 to stable(a)vger.kernel.org. Thank you! Andi

6 months

1
0
0 0

+ mm-kmemleak-fix-sleeping-function-called-from-invalid-context-at-print-message.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/kmemleak: fix sleeping function called from invalid context at print message has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-kmemleak-fix-sleeping-function-called-from-invalid-context-at-print-message.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alessandro Carminati <acarmina(a)redhat.com> Subject: mm/kmemleak: fix sleeping function called from invalid context at print message Date: Tue, 17 Dec 2024 14:20:33 +0000 Address a bug in the kernel that triggers a "sleeping function called from invalid context" warning when /sys/kernel/debug/kmemleak is printed under specific conditions: - CONFIG_PREEMPT_RT=y - Set SELinux as the LSM for the system - Set kptr_restrict to 1 - kmemleak buffer contains at least one item BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 136, name: cat preempt_count: 1, expected: 0 RCU nest depth: 2, expected: 2 6 locks held by cat/136: #0: ffff32e64bcbf950 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb8/0xe30 #1: ffffafe6aaa9dea0 (scan_mutex){+.+.}-{3:3}, at: kmemleak_seq_start+0x34/0x128 #3: ffff32e6546b1cd0 (&object->lock){....}-{2:2}, at: kmemleak_seq_show+0x3c/0x1e0 #4: ffffafe6aa8d8560 (rcu_read_lock){....}-{1:2}, at: has_ns_capability_noaudit+0x8/0x1b0 #5: ffffafe6aabbc0f8 (notif_lock){+.+.}-{2:2}, at: avc_compute_av+0xc4/0x3d0 irq event stamp: 136660 hardirqs last enabled at (136659): [<ffffafe6a80fd7a0>] _raw_spin_unlock_irqrestore+0xa8/0xd8 hardirqs last disabled at (136660): [<ffffafe6a80fd85c>] _raw_spin_lock_irqsave+0x8c/0xb0 softirqs last enabled at (0): [<ffffafe6a5d50b28>] copy_process+0x11d8/0x3df8 softirqs last disabled at (0): [<0000000000000000>] 0x0 Preemption disabled at: [<ffffafe6a6598a4c>] kmemleak_seq_show+0x3c/0x1e0 CPU: 1 UID: 0 PID: 136 Comm: cat Tainted: G E 6.11.0-rt7+ #34 Tainted: [E]=UNSIGNED_MODULE Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0xa0/0x128 show_stack+0x1c/0x30 dump_stack_lvl+0xe8/0x198 dump_stack+0x18/0x20 rt_spin_lock+0x8c/0x1a8 avc_perm_nonode+0xa0/0x150 cred_has_capability.isra.0+0x118/0x218 selinux_capable+0x50/0x80 security_capable+0x7c/0xd0 has_ns_capability_noaudit+0x94/0x1b0 has_capability_noaudit+0x20/0x30 restricted_pointer+0x21c/0x4b0 pointer+0x298/0x760 vsnprintf+0x330/0xf70 seq_printf+0x178/0x218 print_unreferenced+0x1a4/0x2d0 kmemleak_seq_show+0xd0/0x1e0 seq_read_iter+0x354/0xe30 seq_read+0x250/0x378 full_proxy_read+0xd8/0x148 vfs_read+0x190/0x918 ksys_read+0xf0/0x1e0 __arm64_sys_read+0x70/0xa8 invoke_syscall.constprop.0+0xd4/0x1d8 el0_svc+0x50/0x158 el0t_64_sync+0x17c/0x180 %pS and %pK, in the same back trace line, are redundant, and %pS can void %pK service in certain contexts. %pS alone already provides the necessary information, and if it cannot resolve the symbol, it falls back to printing the raw address voiding the original intent behind the %pK. Additionally, %pK requires a privilege check CAP_SYSLOG enforced through the LSM, which can trigger a "sleeping function called from invalid context" warning under RT_PREEMPT kernels when the check occurs in an atomic context. This issue may also affect other LSMs. This change avoids the unnecessary privilege check and resolves the sleeping function warning without any loss of information. Link: https://lkml.kernel.org/r/20241217142032.55793-1-acarmina@redhat.com Fixes: 3a6f33d86baa ("mm/kmemleak: use %pK to display kernel pointers in backtrace") Signed-off-by: Alessandro Carminati <acarmina(a)redhat.com> Cc: Cl��ment L��ger <clement.leger(a)bootlin.com> Cc: Alessandro Carminati <acarmina(a)redhat.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Eric Chanudet <echanude(a)redhat.com> Cc: Gabriele Paoloni <gpaoloni(a)redhat.com> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Thomas Wei��schuh <thomas.weissschuh(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kmemleak.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/kmemleak.c~mm-kmemleak-fix-sleeping-function-called-from-invalid-context-at-print-message +++ a/mm/kmemleak.c @@ -373,7 +373,7 @@ static void print_unreferenced(struct se for (i = 0; i < nr_entries; i++) { void *ptr = (void *)entries[i]; - warn_or_seq_printf(seq, " [<%pK>] %pS\n", ptr, ptr); + warn_or_seq_printf(seq, " %pS\n", ptr); } } _ Patches currently in -mm which might be from acarmina(a)redhat.com are mm-kmemleak-fix-sleeping-function-called-from-invalid-context-at-print-message.patch

6 months

1
0
0 0

[PATCH 0/9] media: stm32: csi / dcmipp corrections

by Alain Volmat

Various fixes within the stm32 csi bindings/drivers and stm32 dcmipp driver. Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> --- Alain Volmat (9): media: stm32: dcmipp: correct ret type in dcmipp_graph_notify_bound dt-bindings: media: clarify stm32 csi & simplify example media: stm32: csi: add missing pm_runtime_put on error media: stm32: csi: register subdev only at end of probe media: stm32: csi: use ARRAY_SIZE to search D-PHY table media: stm32: csi: simplify enable_streams error handling media: stm32: csi: remove useless fwnode_graph_get_endpoint call media: stm32: csi: correct unsigned or useless variable settings media: stm32: dcmipp: add has_csi2 & needs_mclk in match data .../bindings/media/st,stm32mp25-csi.yaml | 5 +- drivers/media/platform/st/stm32/stm32-csi.c | 102 +++++++++++---------- .../platform/st/stm32/stm32-dcmipp/dcmipp-core.c | 23 +++-- 3 files changed, 67 insertions(+), 63 deletions(-) --- base-commit: d216d9cb4dd854ef0a2ec1701f403facb298af51 change-id: 20241217-csi_dcmipp_mp25_enhancements-89e0eef194bf Best regards, -- Alain Volmat <alain.volmat(a)foss.st.com>

6 months

1
1
0 0

[PATCH 3/3] trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The TP_printk() of a TRACE_EVENT() is a generic printf format that any developer can create for their event. It may include pointers to strings and such. A boot mapped buffer may contain data from a previous kernel where the strings addresses are different. One solution is to copy the event content and update the pointers by the recorded delta, but a simpler solution (for now) is to just use the print_fields() function to print these events. The print_fields() function just iterates the fields and prints them according to what type they are, and ignores the TP_printk() format from the event itself. To understand the difference, when printing via TP_printk() the output looks like this: 4582.696626: kmem_cache_alloc: call_site=getname_flags+0x47/0x1f0 ptr=00000000e70e10e0 bytes_req=4096 bytes_alloc=4096 gfp_flags=GFP_KERNEL node=-1 accounted=false 4582.696629: kmem_cache_alloc: call_site=alloc_empty_file+0x6b/0x110 ptr=0000000095808002 bytes_req=360 bytes_alloc=384 gfp_flags=GFP_KERNEL node=-1 accounted=false 4582.696630: kmem_cache_alloc: call_site=security_file_alloc+0x24/0x100 ptr=00000000576339c3 bytes_req=16 bytes_alloc=16 gfp_flags=GFP_KERNEL|__GFP_ZERO node=-1 accounted=false 4582.696653: kmem_cache_free: call_site=do_sys_openat2+0xa7/0xd0 ptr=00000000e70e10e0 name=names_cache But when printing via print_fields() (echo 1 > /sys/kernel/tracing/options/fields) the same event output looks like this: 4582.696626: kmem_cache_alloc: call_site=0xffffffff92d10d97 (-1831793257) ptr=0xffff9e0e8571e000 (-107689771147264) bytes_req=0x1000 (4096) bytes_alloc=0x1000 (4096) gfp_flags=0xcc0 (3264) node=0xffffffff (-1) accounted=(0) 4582.696629: kmem_cache_alloc: call_site=0xffffffff92d0250b (-1831852789) ptr=0xffff9e0e8577f800 (-107689770747904) bytes_req=0x168 (360) bytes_alloc=0x180 (384) gfp_flags=0xcc0 (3264) node=0xffffffff (-1) accounted=(0) 4582.696630: kmem_cache_alloc: call_site=0xffffffff92efca74 (-1829778828) ptr=0xffff9e0e8d35d3b0 (-107689640864848) bytes_req=0x10 (16) bytes_alloc=0x10 (16) gfp_flags=0xdc0 (3520) node=0xffffffff (-1) accounted=(0) 4582.696653: kmem_cache_free: call_site=0xffffffff92cfbea7 (-1831879001) ptr=0xffff9e0e8571e000 (-107689771147264) name=names_cache The print_fields() needed one update to handle this, and that's to add the delta to the pointer strings. It also needs to handle %pS, but that is out of scope of this fix. Currently, it only prints the raw address. Ftrace events like stack trace and function tracing have their own methods to print and already can handle the deltas. Those event types are less than __TRACE_LAST_TYPE. If the event type is greater than that, then the print_fields() output is forced. Cc: stable(a)vger.kernel.org Fixes: 07714b4bb3f98 ("tracing: Handle old buffer mappings for event strings and functions") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace.c | 9 +++++++++ kernel/trace/trace_output.c | 3 ++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index be62f0ea1814..6581cb2bc67f 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -4353,6 +4353,15 @@ static enum print_line_t print_trace_fmt(struct trace_iterator *iter) if (event) { if (tr->trace_flags & TRACE_ITER_FIELDS) return print_event_fields(iter, event); + /* + * For TRACE_EVENT() events, the print_fmt is not + * safe to use if the array has delta offsets + * Force printing via the fields. + */ + if ((tr->text_delta || tr->data_delta) && + event->type > __TRACE_LAST_TYPE) + return print_event_fields(iter, event); + return event->funcs->trace(iter, sym_flags, event); } diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c index da748b7cbc4d..0a5d12dd860f 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -853,6 +853,7 @@ static void print_fields(struct trace_iterator *iter, struct trace_event_call *c struct list_head *head) { struct ftrace_event_field *field; + long delta = iter->tr->text_delta; int offset; int len; int ret; @@ -889,7 +890,7 @@ static void print_fields(struct trace_iterator *iter, struct trace_event_call *c case FILTER_PTR_STRING: if (!iter->fmt_size) trace_iter_expand_format(iter); - pos = *(void **)pos; + pos = (*(void **)pos) + delta; ret = strncpy_from_kernel_nofault(iter->fmt, pos, iter->fmt_size); if (ret < 0) -- 2.45.2

6 months

1
0
0 0

[PATCH 2/3] trace/ring-buffer: Do not create module or dynamic events in boot mapped buffers

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> When a ring buffer is mapped across boots, an delta is saved between the addresses of the previous kernel and the current kernel. But this does not handle module events nor dynamic events. Simply do not create module or dynamic events to a boot mapped instance. This will keep them from ever being enabled and therefore not part of the previous kernel trace. Cc: stable(a)vger.kernel.org Fixes: e645535a954ad ("tracing: Add option to use memmapped memory for trace boot instance") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_events.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 77e68efbd43e..d6359318d5c1 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -2984,6 +2984,12 @@ trace_create_new_event(struct trace_event_call *call, if (!event_in_systems(call, tr->system_names)) return NULL; + /* Boot mapped instances cannot use modules or dynamic events */ + if (tr->flags & TRACE_ARRAY_FL_BOOT) { + if ((call->flags & TRACE_EVENT_FL_DYNAMIC) || call->module) + return NULL; + } + file = kmem_cache_alloc(file_cachep, GFP_TRACE); if (!file) return ERR_PTR(-ENOMEM); -- 2.45.2

6 months

1
0
0 0

[PATCH 1/1] arm64: dts: qcom: x1e80100: Fix up BAR space size for PCIe6a

by Qiang Yu

As per memory map table, the region for PCIe6a is 64MByte. Hence, set the size of 32 bit non-prefetchable memory region beginning on address 0x70300000 as 0x3d00000 so that BAR space assigned to BAR registers can be allocated from 0x70300000 to 0x74000000. Fixes: 7af141850012 ("arm64: dts: qcom: x1e80100: Fix up BAR spaces") Cc: stable(a)vger.kernel.org Signed-off-by: Qiang Yu <quic_qianyu(a)quicinc.com> --- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi index f044921457d0..90ddac606719 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi @@ -3126,7 +3126,7 @@ pcie6a: pci@1bf8000 { #address-cells = <3>; #size-cells = <2>; ranges = <0x01000000 0x0 0x00000000 0x0 0x70200000 0x0 0x100000>, - <0x02000000 0x0 0x70300000 0x0 0x70300000 0x0 0x1d00000>; + <0x02000000 0x0 0x70300000 0x0 0x70300000 0x0 0x3d00000>; bus-range = <0x00 0xff>; dma-coherent; -- 2.34.1

6 months

3
2
0 0

[PATCH v2 1/2] soc: qcom: pmic_glink: fix scope of __pmic_glink_lock in pmic_glink_rpmsg_probe()

by Krzysztof Kozlowski

File-scope "__pmic_glink_lock" mutex protects the filke-scope "__pmic_glink", thus reference to it should be obtained under the lock, just like pmic_glink_rpmsg_remove() is doing. Otherwise we have a race during if PMIC GLINK device removal: the pmic_glink_rpmsg_probe() function could store local reference before mutex in driver removal is acquired. Fixes: 58ef4ece1e41 ("soc: qcom: pmic_glink: Introduce base PMIC GLINK driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Changes in v2: 1. None --- drivers/soc/qcom/pmic_glink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/soc/qcom/pmic_glink.c b/drivers/soc/qcom/pmic_glink.c index 9606222993fd..452f30a9354d 100644 --- a/drivers/soc/qcom/pmic_glink.c +++ b/drivers/soc/qcom/pmic_glink.c @@ -217,10 +217,11 @@ static void pmic_glink_pdr_callback(int state, char *svc_path, void *priv) static int pmic_glink_rpmsg_probe(struct rpmsg_device *rpdev) { - struct pmic_glink *pg = __pmic_glink; + struct pmic_glink *pg; int ret = 0; mutex_lock(&__pmic_glink_lock); + pg = __pmic_glink; if (!pg) { ret = dev_err_probe(&rpdev->dev, -ENODEV, "no pmic_glink device to attach to\n"); goto out_unlock; -- 2.43.0

6 months

2
1
0 0

Re: [RFC PATCH] epoll: Add synchronous wakeup support for ep_poll_callback

by Brian Geffon

On Wed, Oct 16, 2024 at 03:10:34PM +0200, Christian Brauner wrote: > On Fri, 26 Apr 2024 16:05:48 +0800, Xuewen Yan wrote: > > Now, the epoll only use wake_up() interface to wake up task. > > However, sometimes, there are epoll users which want to use > > the synchronous wakeup flag to hint the scheduler, such as > > Android binder driver. > > So add a wake_up_sync() define, and use the wake_up_sync() > > when the sync is true in ep_poll_callback(). > > > > [...] > > Applied to the vfs.misc branch of the vfs/vfs.git tree. > Patches in the vfs.misc branch should appear in linux-next soon. > > Please report any outstanding bugs that were missed during review in a > new review to the original patch series allowing us to drop it. > > It's encouraged to provide Acked-bys and Reviewed-bys even though the > patch has now been applied. If possible patch trailers will be updated. > > Note that commit hashes shown below are subject to change due to rebase, > trailer updates or similar. If in doubt, please check the listed branch. > > tree: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git > branch: vfs.misc This is a bug that's been present for all of time, so I think we should: Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org I sent a patch which adds a benchmark for nonblocking pipes using epoll: https://lore.kernel.org/lkml/20241016190009.866615-1-bgeffon@google.com/ Using this new benchmark I get the following results without this fix and with this fix: $ tools/perf/perf bench sched pipe -n # Running 'sched/pipe' benchmark: # Executed 1000000 pipe operations between two processes Total time: 12.194 [sec] 12.194376 usecs/op 82005 ops/sec $ tools/perf/perf bench sched pipe -n # Running 'sched/pipe' benchmark: # Executed 1000000 pipe operations between two processes Total time: 9.229 [sec] 9.229738 usecs/op 108345 ops/sec > > [1/1] epoll: Add synchronous wakeup support for ep_poll_callback > https://git.kernel.org/vfs/vfs/c/2ce0e17660a7

6 months

2
4
0 0

[for-linus v2][PATCH 1/2] fgraph: Still initialize idle shadow stacks when starting

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> A bug was discovered where the idle shadow stacks were not initialized for offline CPUs when starting function graph tracer, and when they came online they were not traced due to the missing shadow stack. To fix this, the idle task shadow stack initialization was moved to using the CPU hotplug callbacks. But it removed the initialization when the function graph was enabled. The problem here is that the hotplug callbacks are called when the CPUs come online, but the idle shadow stack initialization only happens if function graph is currently active. This caused the online CPUs to not get their shadow stack initialized. The idle shadow stack initialization still needs to be done when the function graph is registered, as they will not be allocated if function graph is not registered. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20241211135335.094ba282@batman.local.home Fixes: 2c02f7375e65 ("fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks") Reported-by: Linus Walleij <linus.walleij(a)linaro.org> Tested-by: Linus Walleij <linus.walleij(a)linaro.org> Closes: https://lore.kernel.org/all/CACRpkdaTBrHwRbbrphVy-=SeDz6MSsXhTKypOtLrTQ+DgG… Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/fgraph.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/kernel/trace/fgraph.c b/kernel/trace/fgraph.c index 0bf78517b5d4..ddedcb50917f 100644 --- a/kernel/trace/fgraph.c +++ b/kernel/trace/fgraph.c @@ -1215,7 +1215,7 @@ void fgraph_update_pid_func(void) static int start_graph_tracing(void) { unsigned long **ret_stack_list; - int ret; + int ret, cpu; ret_stack_list = kcalloc(FTRACE_RETSTACK_ALLOC_SIZE, sizeof(*ret_stack_list), GFP_KERNEL); @@ -1223,6 +1223,12 @@ static int start_graph_tracing(void) if (!ret_stack_list) return -ENOMEM; + /* The cpu_boot init_task->ret_stack will never be freed */ + for_each_online_cpu(cpu) { + if (!idle_task(cpu)->ret_stack) + ftrace_graph_init_idle_task(idle_task(cpu), cpu); + } + do { ret = alloc_retstack_tasklist(ret_stack_list); } while (ret == -EAGAIN); -- 2.45.2

6 months

1
0
0 0

[PATCH v2] RDMA/srp: Fix error handling in srp_add_port

by Ma Ke

Once device_add() failed, we should call only put_device() to decrement reference count for cleanup. We should not call device_del() before put_device(). As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: c8e4c2397655 ("RDMA/srp: Rework the srp_add_port() error path") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- Changes in v2: - modified the bug description as suggestions. --- drivers/infiniband/ulp/srp/ib_srp.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c index 2916e77f589b..7289ae0b83ac 100644 --- a/drivers/infiniband/ulp/srp/ib_srp.c +++ b/drivers/infiniband/ulp/srp/ib_srp.c @@ -3978,7 +3978,6 @@ static struct srp_host *srp_add_port(struct srp_device *device, u32 port) return host; put_host: - device_del(&host->dev); put_device(&host->dev); return NULL; } -- 2.25.1

6 months

2
1
0 0

[PATCH] usb: fix reference leak in usb_new_device()

by Ma Ke

When device_add(&udev->dev) failed, calling put_device() to explicitly release udev->dev. Otherwise, it could cause double free problem. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 9f8b17e643fe ("USB: make usbdevices export their device nodes instead of using a separate class") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- drivers/usb/core/hub.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 4b93c0bd1d4b..05b778d2ad63 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -2651,6 +2651,7 @@ int usb_new_device(struct usb_device *udev) err = device_add(&udev->dev); if (err) { dev_err(&udev->dev, "can't device_add, error %d\n", err); + put_device(&udev->dev); goto fail; } @@ -2683,6 +2684,9 @@ int usb_new_device(struct usb_device *udev) pm_runtime_put_sync_autosuspend(&udev->dev); return err; +out_del_dev: + device_del(&udev->dev); + put_device(&udev->dev); fail: usb_set_device_state(udev, USB_STATE_NOTATTACHED); pm_runtime_disable(&udev->dev); -- 2.25.1

6 months

3
2
0 0

FAILED: patch "[PATCH] ALSA: usb-audio: Fix a DMA to stack memory bug" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f7d306b47a24367302bd4fe846854e07752ffcd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121040-distant-throng-b534@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f7d306b47a24367302bd4fe846854e07752ffcd9 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Mon, 2 Dec 2024 15:57:54 +0300 Subject: [PATCH] ALSA: usb-audio: Fix a DMA to stack memory bug The usb_get_descriptor() function does DMA so we're not allowed to use a stack buffer for that. Doing DMA to the stack is not portable all architectures. Move the "new_device_descriptor" from being stored on the stack and allocate it with kmalloc() instead. Fixes: b909df18ce2a ("ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices") Cc: stable(a)kernel.org Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Link: https://patch.msgid.link/60e3aa09-039d-46d2-934c-6f123026c2eb@stanley.mount… Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c index 8bc959b60be3..7c9d352864da 100644 --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -555,7 +555,7 @@ int snd_usb_create_quirk(struct snd_usb_audio *chip, static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interface *intf) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; if (le16_to_cpu(get_cfg_desc(config)->wTotalLength) == EXTIGY_FIRMWARE_SIZE_OLD || @@ -566,15 +566,19 @@ static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interfac 0x10, 0x43, 0x0001, 0x000a, NULL, 0); if (err < 0) dev_dbg(&dev->dev, "error sending boot message: %d\n", err); + + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0) dev_dbg(&dev->dev, "error usb_reset_configuration: %d\n", err); @@ -906,7 +910,7 @@ static void mbox2_setup_48_24_magic(struct usb_device *dev) static int snd_usb_mbox2_boot_quirk(struct usb_device *dev) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; u8 bootresponse[0x12]; int fwsize; @@ -941,15 +945,19 @@ static int snd_usb_mbox2_boot_quirk(struct usb_device *dev) dev_dbg(&dev->dev, "device initialised!\n"); + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; + err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0) @@ -1259,7 +1267,7 @@ static void mbox3_setup_defaults(struct usb_device *dev) static int snd_usb_mbox3_boot_quirk(struct usb_device *dev) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; int descriptor_size; @@ -1272,15 +1280,19 @@ static int snd_usb_mbox3_boot_quirk(struct usb_device *dev) dev_dbg(&dev->dev, "MBOX3: device initialised!\n"); + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; + err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "MBOX3: error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "MBOX3: error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0)

6 months

4
8
0 0

FAILED: patch "[PATCH] ALSA: usb-audio: Fix a DMA to stack memory bug" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f7d306b47a24367302bd4fe846854e07752ffcd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121041-unread-utilize-cae6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f7d306b47a24367302bd4fe846854e07752ffcd9 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Mon, 2 Dec 2024 15:57:54 +0300 Subject: [PATCH] ALSA: usb-audio: Fix a DMA to stack memory bug The usb_get_descriptor() function does DMA so we're not allowed to use a stack buffer for that. Doing DMA to the stack is not portable all architectures. Move the "new_device_descriptor" from being stored on the stack and allocate it with kmalloc() instead. Fixes: b909df18ce2a ("ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices") Cc: stable(a)kernel.org Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Link: https://patch.msgid.link/60e3aa09-039d-46d2-934c-6f123026c2eb@stanley.mount… Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c index 8bc959b60be3..7c9d352864da 100644 --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -555,7 +555,7 @@ int snd_usb_create_quirk(struct snd_usb_audio *chip, static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interface *intf) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; if (le16_to_cpu(get_cfg_desc(config)->wTotalLength) == EXTIGY_FIRMWARE_SIZE_OLD || @@ -566,15 +566,19 @@ static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interfac 0x10, 0x43, 0x0001, 0x000a, NULL, 0); if (err < 0) dev_dbg(&dev->dev, "error sending boot message: %d\n", err); + + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0) dev_dbg(&dev->dev, "error usb_reset_configuration: %d\n", err); @@ -906,7 +910,7 @@ static void mbox2_setup_48_24_magic(struct usb_device *dev) static int snd_usb_mbox2_boot_quirk(struct usb_device *dev) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; u8 bootresponse[0x12]; int fwsize; @@ -941,15 +945,19 @@ static int snd_usb_mbox2_boot_quirk(struct usb_device *dev) dev_dbg(&dev->dev, "device initialised!\n"); + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; + err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0) @@ -1259,7 +1267,7 @@ static void mbox3_setup_defaults(struct usb_device *dev) static int snd_usb_mbox3_boot_quirk(struct usb_device *dev) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; int descriptor_size; @@ -1272,15 +1280,19 @@ static int snd_usb_mbox3_boot_quirk(struct usb_device *dev) dev_dbg(&dev->dev, "MBOX3: device initialised!\n"); + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; + err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "MBOX3: error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "MBOX3: error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0)

6 months

3
2
0 0

FAILED: patch "[PATCH] ALSA: usb-audio: Fix a DMA to stack memory bug" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f7d306b47a24367302bd4fe846854e07752ffcd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121041-floss-compactor-3b56@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f7d306b47a24367302bd4fe846854e07752ffcd9 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Mon, 2 Dec 2024 15:57:54 +0300 Subject: [PATCH] ALSA: usb-audio: Fix a DMA to stack memory bug The usb_get_descriptor() function does DMA so we're not allowed to use a stack buffer for that. Doing DMA to the stack is not portable all architectures. Move the "new_device_descriptor" from being stored on the stack and allocate it with kmalloc() instead. Fixes: b909df18ce2a ("ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices") Cc: stable(a)kernel.org Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Link: https://patch.msgid.link/60e3aa09-039d-46d2-934c-6f123026c2eb@stanley.mount… Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c index 8bc959b60be3..7c9d352864da 100644 --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -555,7 +555,7 @@ int snd_usb_create_quirk(struct snd_usb_audio *chip, static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interface *intf) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; if (le16_to_cpu(get_cfg_desc(config)->wTotalLength) == EXTIGY_FIRMWARE_SIZE_OLD || @@ -566,15 +566,19 @@ static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interfac 0x10, 0x43, 0x0001, 0x000a, NULL, 0); if (err < 0) dev_dbg(&dev->dev, "error sending boot message: %d\n", err); + + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0) dev_dbg(&dev->dev, "error usb_reset_configuration: %d\n", err); @@ -906,7 +910,7 @@ static void mbox2_setup_48_24_magic(struct usb_device *dev) static int snd_usb_mbox2_boot_quirk(struct usb_device *dev) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; u8 bootresponse[0x12]; int fwsize; @@ -941,15 +945,19 @@ static int snd_usb_mbox2_boot_quirk(struct usb_device *dev) dev_dbg(&dev->dev, "device initialised!\n"); + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; + err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0) @@ -1259,7 +1267,7 @@ static void mbox3_setup_defaults(struct usb_device *dev) static int snd_usb_mbox3_boot_quirk(struct usb_device *dev) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; int descriptor_size; @@ -1272,15 +1280,19 @@ static int snd_usb_mbox3_boot_quirk(struct usb_device *dev) dev_dbg(&dev->dev, "MBOX3: device initialised!\n"); + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; + err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "MBOX3: error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "MBOX3: error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0)

6 months

3
2
0 0

TI Ethernet Driver TI_K3_AM65_CPSW_NUSS

by Da Shi Cao

The driver of TI K3 ethernet port depends on PAGE_POOL configuration option. There should be a select PAGE_POOL under it configuration. --- a/drivers/net/ethernet/ti/Kconfig +++ b/drivers/net/ethernet/ti/Kconfig @@ -114,6 +114,7 @@ config TI_K3_AM65_CPSW_NUSS select TI_DAVINCI_MDIO select PHYLINK select TI_K3_CPPI_DESC_POOL + select PAGE_POOL imply PHY_TI_GMII_SEL depends on TI_K3_AM65_CPTS || !TI_K3_AM65_CPTS help Dashi Cao

6 months

3
2
0 0

[PATCH for v6.13-rc] ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP

by Peter Ujfalusi

The linkDMA should not be released on stop trigger since a stream re-start might happen without closing of the stream. This leaves a short time for other streams to 'steal' the linkDMA since it has been released. This issue is not easy to reproduce under normal conditions as usually after stop the stream is closed, or the same stream is restarted, but if another stream got in between the stop and start, like this: aplay -Dhw:0,3 -c2 -r48000 -fS32_LE /dev/zero -d 120 CTRL+z aplay -Dhw:0,0 -c2 -r48000 -fS32_LE /dev/zero -d 120 then the link DMA channels will be mixed up, resulting firmware error or crash. Fixes: ab5593793e90 ("ASoC: SOF: Intel: hda: Always clean up link DMA during stop") Cc: stable(a)vger.kernel.org Closes: https://github.com/thesofproject/sof/issues/9695 Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Reviewed-by: Liam Girdwood <liam.r.girdwood(a)intel.com> Reviewed-by: Bard Liao <yung-chuan.liao(a)linux.intel.com> --- sound/soc/sof/intel/hda-dai.c | 25 +++++++++++++++++++------ sound/soc/sof/intel/hda.h | 2 -- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/sound/soc/sof/intel/hda-dai.c b/sound/soc/sof/intel/hda-dai.c index 1b218d77f292..da12aabc1bb8 100644 --- a/sound/soc/sof/intel/hda-dai.c +++ b/sound/soc/sof/intel/hda-dai.c @@ -103,8 +103,10 @@ hda_dai_get_ops(struct snd_pcm_substream *substream, struct snd_soc_dai *cpu_dai return sdai->platform_private; } -int hda_link_dma_cleanup(struct snd_pcm_substream *substream, struct hdac_ext_stream *hext_stream, - struct snd_soc_dai *cpu_dai) +static int +hda_link_dma_cleanup(struct snd_pcm_substream *substream, + struct hdac_ext_stream *hext_stream, + struct snd_soc_dai *cpu_dai, bool release) { const struct hda_dai_widget_dma_ops *ops = hda_dai_get_ops(substream, cpu_dai); struct sof_intel_hda_stream *hda_stream; @@ -128,6 +130,17 @@ int hda_link_dma_cleanup(struct snd_pcm_substream *substream, struct hdac_ext_st snd_hdac_ext_bus_link_clear_stream_id(hlink, stream_tag); } + if (!release) { + /* + * Force stream reconfiguration without releasing the channel on + * subsequent stream restart (without free), including LinkDMA + * reset. + * The stream is released via hda_dai_hw_free() + */ + hext_stream->link_prepared = 0; + return 0; + } + if (ops->release_hext_stream) ops->release_hext_stream(sdev, cpu_dai, substream); @@ -211,7 +224,7 @@ static int __maybe_unused hda_dai_hw_free(struct snd_pcm_substream *substream, if (!hext_stream) return 0; - return hda_link_dma_cleanup(substream, hext_stream, cpu_dai); + return hda_link_dma_cleanup(substream, hext_stream, cpu_dai, true); } static int __maybe_unused hda_dai_hw_params_data(struct snd_pcm_substream *substream, @@ -304,7 +317,8 @@ static int __maybe_unused hda_dai_trigger(struct snd_pcm_substream *substream, i switch (cmd) { case SNDRV_PCM_TRIGGER_STOP: case SNDRV_PCM_TRIGGER_SUSPEND: - ret = hda_link_dma_cleanup(substream, hext_stream, dai); + ret = hda_link_dma_cleanup(substream, hext_stream, dai, + cmd == SNDRV_PCM_TRIGGER_STOP ? false : true); if (ret < 0) { dev_err(sdev->dev, "%s: failed to clean up link DMA\n", __func__); return ret; @@ -672,8 +686,7 @@ static int hda_dai_suspend(struct hdac_bus *bus) } ret = hda_link_dma_cleanup(hext_stream->link_substream, - hext_stream, - cpu_dai); + hext_stream, cpu_dai, true); if (ret < 0) return ret; } diff --git a/sound/soc/sof/intel/hda.h b/sound/soc/sof/intel/hda.h index 22bd9c3c8216..ee4ccc1a5490 100644 --- a/sound/soc/sof/intel/hda.h +++ b/sound/soc/sof/intel/hda.h @@ -1038,8 +1038,6 @@ const struct hda_dai_widget_dma_ops * hda_select_dai_widget_ops(struct snd_sof_dev *sdev, struct snd_sof_widget *swidget); int hda_dai_config(struct snd_soc_dapm_widget *w, unsigned int flags, struct snd_sof_dai_config_data *data); -int hda_link_dma_cleanup(struct snd_pcm_substream *substream, struct hdac_ext_stream *hext_stream, - struct snd_soc_dai *cpu_dai); static inline struct snd_sof_dev *widget_to_sdev(struct snd_soc_dapm_widget *w) { -- 2.47.1

6 months

2
1
0 0

[PATCH] spi: fix reference leak in spi_register_controller()

by Ma Ke

Once device_add() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. Found by code review. Cc: stable(a)vger.kernel.org Fixes: f9981d4f50b4 ("spi: spi_register_controller(): free bus id on error paths") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- drivers/spi/spi.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index ff1add2ecb91..6477c2f4ae82 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -3339,8 +3339,10 @@ int spi_register_controller(struct spi_controller *ctlr) ctlr->last_cs[idx] = SPI_INVALID_CS; status = device_add(&ctlr->dev); - if (status < 0) + if (status < 0) { + put_device(&ctlr->dev); goto free_bus_id; + } dev_dbg(dev, "registered %s %s\n", spi_controller_is_target(ctlr) ? "target" : "host", dev_name(&ctlr->dev)); @@ -3356,6 +3358,7 @@ int spi_register_controller(struct spi_controller *ctlr) status = spi_controller_initialize_queue(ctlr); if (status) { device_del(&ctlr->dev); + put_device(&ctlr->dev); goto free_bus_id; } } -- 2.25.1

6 months

3
2
0 0

[PATCH v2] arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu()

by Mark Brown

In commit 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}") we moved access to ZCR, SMCR and SMIDR later in the boot process in order to ensure that we don't attempt to interact with them if SVE or SME is disabled on the command line. Unfortunately when initialising the boot CPU in init_cpu_features() we work on a copy of the struct cpuinfo_arm64 for the boot CPU used only during boot, not the percpu copy used by the sysfs code. The expectation of the feature identification code was that the ID registers would be read in __cpuinfo_store_cpu() and the values not modified by init_cpu_features(). The main reason for the original change was to avoid early accesses to ZCR on practical systems that were seen shipping with SVE reported in ID registers but traps enabled at EL3 and handled as fatal errors, SME was rolled in due to the similarity with SVE. Since then we have removed the early accesses to ZCR and SMCR in commits: abef0695f9665c3d ("arm64/sve: Remove ZCR pseudo register from cpufeature code") 391208485c3ad50f ("arm64/sve: Remove SMCR pseudo register from cpufeature code") so only the SMIDR_EL1 part of the change remains. Since SMIDR_EL1 is only trapped via FEAT_IDST and not the SME trap it is less likely to be affected by similar issues, and the factors that lead to issues with SVE are less likely to apply to SME. Since we have not yet seen practical SME systems that need to use a command line override (and are only just beginning to see SME systems at all) let's just remove the override and store SMIDR_EL1 along with all the other ID register reads in __cpuinfo_store_cpu(). This issue wasn't apparent when testing on emulated platforms that do not report values in SMIDR_EL1. Fixes: 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}") Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- Changes in v2: - Move the ID register read back to __cpuinfo_store_cpu(). - Remove the command line option for SME ID register override. - Link to v1: https://lore.kernel.org/r/20241214-arm64-fix-boot-cpu-smidr-v1-1-0745c40772… --- Documentation/admin-guide/kernel-parameters.txt | 3 --- arch/arm64/kernel/cpufeature.c | 13 ------------- arch/arm64/kernel/cpuinfo.c | 10 ++++++++++ arch/arm64/kernel/pi/idreg-override.c | 16 ---------------- 4 files changed, 10 insertions(+), 32 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index dc663c0ca67067d041cf9a3767117eec765ccca8..d29dee978e933245e0db0f654f17eef3e414bb64 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -458,9 +458,6 @@ arm64.nopauth [ARM64] Unconditionally disable Pointer Authentication support - arm64.nosme [ARM64] Unconditionally disable Scalable Matrix - Extension support - arm64.nosve [ARM64] Unconditionally disable Scalable Vector Extension support diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 6ce71f444ed84f9056196bb21bbfac61c9687e30..818aca922ca6066eb4bdf79e153cccb24246c61b 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1167,12 +1167,6 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info) id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) { unsigned long cpacr = cpacr_save_enable_kernel_sme(); - /* - * We mask out SMPS since even if the hardware - * supports priorities the kernel does not at present - * and we block access to them. - */ - info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; vec_init_vq_map(ARM64_VEC_SME); cpacr_restore(cpacr); @@ -1423,13 +1417,6 @@ void update_cpu_features(int cpu, id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) { unsigned long cpacr = cpacr_save_enable_kernel_sme(); - /* - * We mask out SMPS since even if the hardware - * supports priorities the kernel does not at present - * and we block access to them. - */ - info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; - /* Probe vector lengths */ if (!system_capabilities_finalized()) vec_update_vq_map(ARM64_VEC_SME); diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index d79e88fccdfce427507e7a34c5959ce6309cbd12..c45633b5ae233fe78607fce3d623efb28a9f341a 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -482,6 +482,16 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info) if (id_aa64pfr0_mpam(info->reg_id_aa64pfr0)) info->reg_mpamidr = read_cpuid(MPAMIDR_EL1); + if (IS_ENABLED(CONFIG_ARM64_SME) && + id_aa64pfr1_sme(info->reg_id_aa64pfr1)) { + /* + * We mask out SMPS since even if the hardware + * supports priorities the kernel does not at present + * and we block access to them. + */ + info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; + } + cpuinfo_detect_icache_policy(info); } diff --git a/arch/arm64/kernel/pi/idreg-override.c b/arch/arm64/kernel/pi/idreg-override.c index 22159251eb3a6a5efea90ebda2910ebcfff52b8f..15dca48332c9b83b55752e474854d8fc45b0989b 100644 --- a/arch/arm64/kernel/pi/idreg-override.c +++ b/arch/arm64/kernel/pi/idreg-override.c @@ -122,21 +122,6 @@ static const struct ftr_set_desc pfr0 __prel64_initconst = { }, }; -static bool __init pfr1_sme_filter(u64 val) -{ - /* - * Similarly to SVE, disabling SME also means disabling all - * the features that are associated with it. Just set - * id_aa64smfr0_el1 to 0 and don't look back. - */ - if (!val) { - id_aa64smfr0_override.val = 0; - id_aa64smfr0_override.mask = GENMASK(63, 0); - } - - return true; -} - static const struct ftr_set_desc pfr1 __prel64_initconst = { .name = "id_aa64pfr1", .override = &id_aa64pfr1_override, @@ -144,7 +129,6 @@ static const struct ftr_set_desc pfr1 __prel64_initconst = { FIELD("bt", ID_AA64PFR1_EL1_BT_SHIFT, NULL ), FIELD("gcs", ID_AA64PFR1_EL1_GCS_SHIFT, NULL), FIELD("mte", ID_AA64PFR1_EL1_MTE_SHIFT, NULL), - FIELD("sme", ID_AA64PFR1_EL1_SME_SHIFT, pfr1_sme_filter), {} }, }; --- base-commit: fac04efc5c793dccbd07e2d59af9f90b7fc0dca4 change-id: 20241213-arm64-fix-boot-cpu-smidr-386b8db292b2 Best regards, -- Mark Brown <broonie(a)kernel.org>

6 months

2
2
0 0

[PATCH] pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking

by Evgenii Shatokhin

If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6 __irq_set_trigger+0x56/0x172 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 ... We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C). The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex. However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock. It seems, the internal regmap locks are not needed in this driver at all. mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set. mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock(). The accesses to the regmap from mcp23s08_probe_one() do not need additional locking. In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock. This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above. Fixes: 8f38910ba4f6 ("pinctrl: mcp23s08: switch to regmap caching") Cc: stable(a)vger.kernel.org Signed-off-by: Evgenii Shatokhin <e.shatokhin(a)yadro.com> --- drivers/pinctrl/pinctrl-mcp23s08.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/pinctrl/pinctrl-mcp23s08.c b/drivers/pinctrl/pinctrl-mcp23s08.c index d66c3a3e8429..b96e6368a956 100644 --- a/drivers/pinctrl/pinctrl-mcp23s08.c +++ b/drivers/pinctrl/pinctrl-mcp23s08.c @@ -86,6 +86,7 @@ const struct regmap_config mcp23x08_regmap = { .num_reg_defaults = ARRAY_SIZE(mcp23x08_defaults), .cache_type = REGCACHE_FLAT, .max_register = MCP_OLAT, + .disable_locking = true, /* mcp->lock protects the regmap */ }; EXPORT_SYMBOL_GPL(mcp23x08_regmap); @@ -132,6 +133,7 @@ const struct regmap_config mcp23x17_regmap = { .num_reg_defaults = ARRAY_SIZE(mcp23x17_defaults), .cache_type = REGCACHE_FLAT, .val_format_endian = REGMAP_ENDIAN_LITTLE, + .disable_locking = true, /* mcp->lock protects the regmap */ }; EXPORT_SYMBOL_GPL(mcp23x17_regmap); @@ -228,7 +230,9 @@ static int mcp_pinconf_get(struct pinctrl_dev *pctldev, unsigned int pin, switch (param) { case PIN_CONFIG_BIAS_PULL_UP: + mutex_lock(&mcp->lock); ret = mcp_read(mcp, MCP_GPPU, &data); + mutex_unlock(&mcp->lock); if (ret < 0) return ret; status = (data & BIT(pin)) ? 1 : 0; @@ -257,7 +261,9 @@ static int mcp_pinconf_set(struct pinctrl_dev *pctldev, unsigned int pin, switch (param) { case PIN_CONFIG_BIAS_PULL_UP: + mutex_lock(&mcp->lock); ret = mcp_set_bit(mcp, MCP_GPPU, pin, arg); + mutex_unlock(&mcp->lock); break; default: dev_dbg(mcp->dev, "Invalid config param %04x\n", param); -- 2.34.1

6 months

2
1
0 0

[tip: x86/urgent] x86/fred: Clear WFE in missing-ENDBRANCH #CPs

by tip-bot2 for Xin Li (Intel)

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: e8b345babf2ace50f6bf380af77ee8ae415d81f2 Gitweb: https://git.kernel.org/tip/e8b345babf2ace50f6bf380af77ee8ae415d81f2 Author: Xin Li (Intel) <xin(a)zytor.com> AuthorDate: Wed, 13 Nov 2024 09:59:34 -08:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Mon, 16 Dec 2024 15:44:19 -08:00 x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted across the instruction boundary. When the decoder finds an inappropriate instruction while WFE is set ENDBR, the CPU raises a #CP fault. For the "kernel IBT no ENDBR" selftest where #CPs are deliberately triggered, the WFE state of the interrupted context needs to be cleared to let execution continue. Otherwise when the CPU resumes from the instruction that just caused the previous #CP, another missing-ENDBRANCH #CP is raised and the CPU enters a dead loop. This is not a problem with IDT because it doesn't preserve WFE and IRET doesn't set WFE. But FRED provides space on the entry stack (in an expanded CS area) to save and restore the WFE state, thus the WFE state is no longer clobbered, so software must clear it. Clear WFE to avoid dead looping in ibt_clear_fred_wfe() and the !ibt_fatal code path when execution is allowed to continue. Clobbering WFE in any other circumstance is a security-relevant bug. [ dhansen: changelog rewording ] Fixes: a5f6c2ace997 ("x86/shstk: Add user control-protection fault handler") Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20241113175934.3897541-1-xin%40zytor.com --- arch/x86/kernel/cet.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c index d2c732a..303bf74 100644 --- a/arch/x86/kernel/cet.c +++ b/arch/x86/kernel/cet.c @@ -81,6 +81,34 @@ static void do_user_cp_fault(struct pt_regs *regs, unsigned long error_code) static __ro_after_init bool ibt_fatal = true; +/* + * By definition, all missing-ENDBRANCH #CPs are a result of WFE && !ENDBR. + * + * For the kernel IBT no ENDBR selftest where #CPs are deliberately triggered, + * the WFE state of the interrupted context needs to be cleared to let execution + * continue. Otherwise when the CPU resumes from the instruction that just + * caused the previous #CP, another missing-ENDBRANCH #CP is raised and the CPU + * enters a dead loop. + * + * This is not a problem with IDT because it doesn't preserve WFE and IRET doesn't + * set WFE. But FRED provides space on the entry stack (in an expanded CS area) + * to save and restore the WFE state, thus the WFE state is no longer clobbered, + * so software must clear it. + */ +static void ibt_clear_fred_wfe(struct pt_regs *regs) +{ + /* + * No need to do any FRED checks. + * + * For IDT event delivery, the high-order 48 bits of CS are pushed + * as 0s into the stack, and later IRET ignores these bits. + * + * For FRED, a test to check if fred_cs.wfe is set would be dropped + * by compilers. + */ + regs->fred_cs.wfe = 0; +} + static void do_kernel_cp_fault(struct pt_regs *regs, unsigned long error_code) { if ((error_code & CP_EC) != CP_ENDBR) { @@ -90,6 +118,7 @@ static void do_kernel_cp_fault(struct pt_regs *regs, unsigned long error_code) if (unlikely(regs->ip == (unsigned long)&ibt_selftest_noendbr)) { regs->ax = 0; + ibt_clear_fred_wfe(regs); return; } @@ -97,6 +126,7 @@ static void do_kernel_cp_fault(struct pt_regs *regs, unsigned long error_code) if (!ibt_fatal) { printk(KERN_DEFAULT CUT_HERE); __warn(__FILE__, __LINE__, (void *)regs->ip, TAINT_WARN, regs, NULL); + ibt_clear_fred_wfe(regs); return; } BUG();

6 months

1
0
0 0

[tip: irq/urgent] PCI/MSI: Handle lack of irqdomain gracefully

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: a60b990798eb17433d0283788280422b1bd94b18 Gitweb: https://git.kernel.org/tip/a60b990798eb17433d0283788280422b1bd94b18 Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Sat, 14 Dec 2024 12:50:18 +01:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 16 Dec 2024 10:59:47 +01:00 PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV uses hierarchical interrupt domains and correctly does not implement the legacy fallback. The warning triggers from the legacy fallback stub. That warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent domain is associated with the device or not. There is a check for MSI-X, which has a legacy assumption. But that legacy fallback assumption is only valid when legacy support is enabled, but otherwise the check should simply return -ENOTSUPP. Loongarch tripped over the same problem and blindly enabled legacy support without implementing the legacy fallbacks. There are weak implementations which return an error, so the problem was papered over. Correct pci_msi_domain_supports() to evaluate the legacy mode and add the missing supported check into the MSI enable path to complete it. Fixes: d2a463b29741 ("PCI/MSI: Reject multi-MSI early") Reported-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/87ed2a8ow5.ffs@tglx --- drivers/pci/msi/irqdomain.c | 7 +++++-- drivers/pci/msi/msi.c | 4 ++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/pci/msi/irqdomain.c b/drivers/pci/msi/irqdomain.c index 5691257..d7ba879 100644 --- a/drivers/pci/msi/irqdomain.c +++ b/drivers/pci/msi/irqdomain.c @@ -350,8 +350,11 @@ bool pci_msi_domain_supports(struct pci_dev *pdev, unsigned int feature_mask, domain = dev_get_msi_domain(&pdev->dev); - if (!domain || !irq_domain_is_hierarchy(domain)) - return mode == ALLOW_LEGACY; + if (!domain || !irq_domain_is_hierarchy(domain)) { + if (IS_ENABLED(CONFIG_PCI_MSI_ARCH_FALLBACKS)) + return mode == ALLOW_LEGACY; + return false; + } if (!irq_domain_is_msi_parent(domain)) { /* diff --git a/drivers/pci/msi/msi.c b/drivers/pci/msi/msi.c index 3a45879..2f647ca 100644 --- a/drivers/pci/msi/msi.c +++ b/drivers/pci/msi/msi.c @@ -433,6 +433,10 @@ int __pci_enable_msi_range(struct pci_dev *dev, int minvec, int maxvec, if (WARN_ON_ONCE(dev->msi_enabled)) return -EINVAL; + /* Test for the availability of MSI support */ + if (!pci_msi_domain_supports(dev, 0, ALLOW_LEGACY)) + return -ENOTSUPP; + nvec = pci_msi_vec_count(dev); if (nvec < 0) return nvec;

6 months

1
0
0 0

[PATCH v3 0/7] of: fix bugs and improve codes

by Zijun Hu

This patch series is to fix bugs and improve codes for drivers/of/*. Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v3: - Drop 2 applied patches and pick up patch 4/7 again - Fix build error for patch 6/7. - Include of_private.h instead of function declaration for patch 2/7 - Correct tile and commit messages. - Link to v2: https://lore.kernel.org/r/20241216-of_core_fix-v2-0-e69b8f60da63@quicinc.com Changes in v2: - Drop applied/conflict/TBD patches. - Correct based on Rob's comments. - Link to v1: https://lore.kernel.org/r/20241206-of_core_fix-v1-0-dc28ed56bec3@quicinc.com --- Zijun Hu (7): of: Correct child specifier used as input of the 2nd nexus node of: Do not expose of_alias_scan() and correct its comments of: Make of_property_present() applicable to all kinds of property of: property: Use of_property_present() for of_fwnode_property_present() of: Fix available buffer size calculating error in API of_device_uevent_modalias() of: Fix potential wrong MODALIAS uevent value of: Do not expose of_modalias() drivers/of/base.c | 7 ++-- drivers/of/device.c | 33 +++++++-------- drivers/of/module.c | 109 +++++++++++++++++++++++++++++------------------- drivers/of/of_private.h | 4 ++ drivers/of/pdt.c | 2 + drivers/of/property.c | 2 +- include/linux/of.h | 31 ++++++-------- 7 files changed, 102 insertions(+), 86 deletions(-) --- base-commit: 0f7ca6f69354e0c3923bbc28c92d0ecab4d50a3e change-id: 20241206-of_core_fix-dc3021a06418 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

6 months

1
1
0 0

[PATCH stable 6.6 v2 0/2] Fix BPF selftests compilation error

by Shung-Hsi Yu

Currently the BPF selftests in fails to compile due to use of test helpers that were not backported, namely: - netlink_helpers.h - __xlated() The 1st patch adds netlink helper files, and the 2nd patch removes the use of __xlated() helper. Note this series simply fix the compilation failure. Even with this series is applied the BPF selftests fails to run to completion due to kernel panic in the dummy_st_ops tests. Changes since v1 <https://lore.kernel.org/all/20241126072137.823699-1-shung-hsi.yu@suse.com>: - drop dependencies of __xlated() helper, and opt to remove its use instead. Daniel Borkmann (1): selftests/bpf: Add netlink helper library Shung-Hsi Yu (1): selftests/bpf: remove use of __xlated() tools/testing/selftests/bpf/Makefile | 19 +- tools/testing/selftests/bpf/netlink_helpers.c | 358 ++++++++++++++++++ tools/testing/selftests/bpf/netlink_helpers.h | 46 +++ .../selftests/bpf/progs/verifier_scalar_ids.c | 16 - 4 files changed, 418 insertions(+), 21 deletions(-) create mode 100644 tools/testing/selftests/bpf/netlink_helpers.c create mode 100644 tools/testing/selftests/bpf/netlink_helpers.h -- 2.47.1

6 months

3
6
0 0

FAILED: patch "[PATCH] ALSA: usb-audio: Fix a DMA to stack memory bug" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f7d306b47a24367302bd4fe846854e07752ffcd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121039-starch-convent-cb20@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f7d306b47a24367302bd4fe846854e07752ffcd9 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Mon, 2 Dec 2024 15:57:54 +0300 Subject: [PATCH] ALSA: usb-audio: Fix a DMA to stack memory bug The usb_get_descriptor() function does DMA so we're not allowed to use a stack buffer for that. Doing DMA to the stack is not portable all architectures. Move the "new_device_descriptor" from being stored on the stack and allocate it with kmalloc() instead. Fixes: b909df18ce2a ("ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices") Cc: stable(a)kernel.org Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Link: https://patch.msgid.link/60e3aa09-039d-46d2-934c-6f123026c2eb@stanley.mount… Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c index 8bc959b60be3..7c9d352864da 100644 --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -555,7 +555,7 @@ int snd_usb_create_quirk(struct snd_usb_audio *chip, static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interface *intf) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; if (le16_to_cpu(get_cfg_desc(config)->wTotalLength) == EXTIGY_FIRMWARE_SIZE_OLD || @@ -566,15 +566,19 @@ static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interfac 0x10, 0x43, 0x0001, 0x000a, NULL, 0); if (err < 0) dev_dbg(&dev->dev, "error sending boot message: %d\n", err); + + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0) dev_dbg(&dev->dev, "error usb_reset_configuration: %d\n", err); @@ -906,7 +910,7 @@ static void mbox2_setup_48_24_magic(struct usb_device *dev) static int snd_usb_mbox2_boot_quirk(struct usb_device *dev) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; u8 bootresponse[0x12]; int fwsize; @@ -941,15 +945,19 @@ static int snd_usb_mbox2_boot_quirk(struct usb_device *dev) dev_dbg(&dev->dev, "device initialised!\n"); + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; + err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0) @@ -1259,7 +1267,7 @@ static void mbox3_setup_defaults(struct usb_device *dev) static int snd_usb_mbox3_boot_quirk(struct usb_device *dev) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; int descriptor_size; @@ -1272,15 +1280,19 @@ static int snd_usb_mbox3_boot_quirk(struct usb_device *dev) dev_dbg(&dev->dev, "MBOX3: device initialised!\n"); + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; + err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "MBOX3: error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "MBOX3: error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0)

6 months

3
2
0 0

FAILED: patch "[PATCH] ALSA: usb-audio: Fix a DMA to stack memory bug" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f7d306b47a24367302bd4fe846854e07752ffcd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121038-scratch-explore-9597@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f7d306b47a24367302bd4fe846854e07752ffcd9 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Mon, 2 Dec 2024 15:57:54 +0300 Subject: [PATCH] ALSA: usb-audio: Fix a DMA to stack memory bug The usb_get_descriptor() function does DMA so we're not allowed to use a stack buffer for that. Doing DMA to the stack is not portable all architectures. Move the "new_device_descriptor" from being stored on the stack and allocate it with kmalloc() instead. Fixes: b909df18ce2a ("ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices") Cc: stable(a)kernel.org Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Link: https://patch.msgid.link/60e3aa09-039d-46d2-934c-6f123026c2eb@stanley.mount… Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c index 8bc959b60be3..7c9d352864da 100644 --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -555,7 +555,7 @@ int snd_usb_create_quirk(struct snd_usb_audio *chip, static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interface *intf) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; if (le16_to_cpu(get_cfg_desc(config)->wTotalLength) == EXTIGY_FIRMWARE_SIZE_OLD || @@ -566,15 +566,19 @@ static int snd_usb_extigy_boot_quirk(struct usb_device *dev, struct usb_interfac 0x10, 0x43, 0x0001, 0x000a, NULL, 0); if (err < 0) dev_dbg(&dev->dev, "error sending boot message: %d\n", err); + + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0) dev_dbg(&dev->dev, "error usb_reset_configuration: %d\n", err); @@ -906,7 +910,7 @@ static void mbox2_setup_48_24_magic(struct usb_device *dev) static int snd_usb_mbox2_boot_quirk(struct usb_device *dev) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; u8 bootresponse[0x12]; int fwsize; @@ -941,15 +945,19 @@ static int snd_usb_mbox2_boot_quirk(struct usb_device *dev) dev_dbg(&dev->dev, "device initialised!\n"); + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; + err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0) @@ -1259,7 +1267,7 @@ static void mbox3_setup_defaults(struct usb_device *dev) static int snd_usb_mbox3_boot_quirk(struct usb_device *dev) { struct usb_host_config *config = dev->actconfig; - struct usb_device_descriptor new_device_descriptor; + struct usb_device_descriptor *new_device_descriptor __free(kfree) = NULL; int err; int descriptor_size; @@ -1272,15 +1280,19 @@ static int snd_usb_mbox3_boot_quirk(struct usb_device *dev) dev_dbg(&dev->dev, "MBOX3: device initialised!\n"); + new_device_descriptor = kmalloc(sizeof(*new_device_descriptor), GFP_KERNEL); + if (!new_device_descriptor) + return -ENOMEM; + err = usb_get_descriptor(dev, USB_DT_DEVICE, 0, - &new_device_descriptor, sizeof(new_device_descriptor)); + new_device_descriptor, sizeof(*new_device_descriptor)); if (err < 0) dev_dbg(&dev->dev, "MBOX3: error usb_get_descriptor: %d\n", err); - if (new_device_descriptor.bNumConfigurations > dev->descriptor.bNumConfigurations) + if (new_device_descriptor->bNumConfigurations > dev->descriptor.bNumConfigurations) dev_dbg(&dev->dev, "MBOX3: error too large bNumConfigurations: %d\n", - new_device_descriptor.bNumConfigurations); + new_device_descriptor->bNumConfigurations); else - memcpy(&dev->descriptor, &new_device_descriptor, sizeof(dev->descriptor)); + memcpy(&dev->descriptor, new_device_descriptor, sizeof(dev->descriptor)); err = usb_reset_configuration(dev); if (err < 0)

6 months

3
2
0 0

[PATCH stable 6.6 v3 0/2] Fix BPF selftests compilation error

by Shung-Hsi Yu

Currently the BPF selftests in fails to compile due to use of test helpers that were not backported, namely: - netlink_helpers.h - __xlated() The 1st patch adds netlink helper files, and the 2nd patch removes the use of __xlated() helper. Note this series simply fix the compilation failure. Even with this series is applied the BPF selftests fails to run to completion due to kernel panic in the dummy_st_ops tests. Changes since v2 <https://lore.kernel.org/all/20241217072821.43545-1-shung-hsi.yu@suse.com>: - minor reword of patch 2, dropping the "downstream patch" line and add a Fixes tag Changes since v1 <https://lore.kernel.org/all/20241126072137.823699-1-shung-hsi.yu@suse.com>: - drop dependencies of __xlated() helper, and opt to remove its use instead. Daniel Borkmann (1): selftests/bpf: Add netlink helper library Shung-Hsi Yu (1): selftests/bpf: remove use of __xlated() tools/testing/selftests/bpf/Makefile | 19 +- tools/testing/selftests/bpf/netlink_helpers.c | 358 ++++++++++++++++++ tools/testing/selftests/bpf/netlink_helpers.h | 46 +++ .../selftests/bpf/progs/verifier_scalar_ids.c | 16 - 4 files changed, 418 insertions(+), 21 deletions(-) create mode 100644 tools/testing/selftests/bpf/netlink_helpers.c create mode 100644 tools/testing/selftests/bpf/netlink_helpers.h -- 2.47.1

6 months

2
4
0 0

[PATCH stable 6.6 6.1 5.15 5.10] bpf: sync_linked_regs() must preserve subreg_def

by Shung-Hsi Yu

From: Eduard Zingerman <eddyz87(a)gmail.com> [ Upstream commit e9bd9c498cb0f5843996dbe5cbce7a1836a83c70 ] Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set: 0: call bpf_ktime_get_ns call bpf_ktime_get_ns 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff 2: w1 = w0 rewrites w1 = w0 3: if w0 < 10 goto +0 --------------> r11 = 0x2f5674a6 (r) 4: r1 >>= 32 r11 <<= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: exit; if w0 < 0xa goto pc+0 r1 >>= 32 r0 = r1 exit (or zero extension of w1 at (2) is missing for architectures that require zero extension for upper register half). The following happens w/o this patch: - r0 is marked as not a subreg at (0); - w1 is marked as subreg at (2); - w1 subreg_def is overridden at (3) by copy_register_state(); - w1 is read at (5) but mark_insn_zext() does not mark (2) for zero extension, because w1 subreg_def is not set; - because of BPF_F_TEST_RND_HI32 flag verifier inserts random value for hi32 bits of (2) (marked (r)); - this random value is read at (5). Fixes: 75748837b7e5 ("bpf: Propagate scalar ranges through register assignments.") Reported-by: Lonial Con <kongln9170(a)gmail.com> Signed-off-by: Lonial Con <kongln9170(a)gmail.com> Signed-off-by: Eduard Zingerman <eddyz87(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Closes: https://lore.kernel.org/bpf/7e2aa30a62d740db182c170fdd8f81c596df280d.camel@… Link: https://lore.kernel.org/bpf/20240924210844.1758441-1-eddyz87@gmail.com shung-hsi.yu: sync_linked_regs() was called find_equal_scalars() before commit 4bf79f9be434 ("bpf: Track equal scalars history on per-instruction level"), and modification is done because there is only a single call to copy_register_state() before commit 98d7ca374ba4 ("bpf: Track delta between "linked" registers."). Signed-off-by: Shung-Hsi Yu <shung-hsi.yu(a)suse.com> --- kernel/bpf/verifier.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 3f47cfa17141..a3c3c66ca047 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -14497,8 +14497,11 @@ static void find_equal_scalars(struct bpf_verifier_state *vstate, struct bpf_reg_state *reg; bpf_for_each_reg_in_vstate(vstate, state, reg, ({ - if (reg->type == SCALAR_VALUE && reg->id == known_reg->id) + if (reg->type == SCALAR_VALUE && reg->id == known_reg->id) { + s32 saved_subreg_def = reg->subreg_def; copy_register_state(reg, known_reg); + reg->subreg_def = saved_subreg_def; + } })); } -- 2.47.1

6 months

2
1
0 0

[PATCH v2] net: ethernet: fix NULL dereference in nixge_recv()

by Ma Ke

Due to the failure of allocating the variable 'priv' in netdev_priv(ndev), this could result in 'priv->rx_bd_v' not being set during the allocation process of netdev_priv(ndev), which could lead to a null pointer dereference. Move while() loop with 'priv->rx_bd_v' dereference after the check for its validity. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 492caffa8a1a ("net: ethernet: nixge: Add support for National Instruments XGE netdev") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- Changes in v2: - modified the bug description as suggestions; - modified the patch as the code style suggested. --- drivers/net/ethernet/ni/nixge.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/ni/nixge.c b/drivers/net/ethernet/ni/nixge.c index 230d5ff99dd7..41acce878af0 100644 --- a/drivers/net/ethernet/ni/nixge.c +++ b/drivers/net/ethernet/ni/nixge.c @@ -604,6 +604,9 @@ static int nixge_recv(struct net_device *ndev, int budget) cur_p = &priv->rx_bd_v[priv->rx_bd_ci]; + if (!priv->rx_bd_v) + return 0; + while ((cur_p->status & XAXIDMA_BD_STS_COMPLETE_MASK && budget > packets)) { tail_p = priv->rx_bd_p + sizeof(*priv->rx_bd_v) * -- 2.25.1

6 months

2
1
0 0

[PATCH V6] mm, compaction: don't use ALLOC_CMA in long term GUP flow

by yangge1116＠126.com

From: yangge <yangge1116(a)126.com> Since commit 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") allow compaction to proceed when free pages required for compaction reside in the CMA pageblocks, it's possible that __compaction_suitable() always returns true, and in some cases, it's not acceptable. There are 4 NUMA nodes on my machine, and each NUMA node has 32GB of memory. I have configured 16GB of CMA memory on each NUMA node, and starting a 32GB virtual machine with device passthrough is extremely slow, taking almost an hour. During the start-up of the virtual machine, it will call pin_user_pages_remote(..., FOLL_LONGTERM, ...) to allocate memory. Long term GUP cannot allocate memory from CMA area, so a maximum of 16 GB of no-CMA memory on a NUMA node can be used as virtual machine memory. Since there is 16G of free CMA memory on the NUMA node, watermark for order-0 always be met for compaction, so __compaction_suitable() always returns true, even if the node is unable to allocate non-CMA memory for the virtual machine. For costly allocations, because __compaction_suitable() always returns true, __alloc_pages_slowpath() can't exit at the appropriate place, resulting in excessively long virtual machine startup times. Call trace: __alloc_pages_slowpath if (compact_result == COMPACT_SKIPPED || compact_result == COMPACT_DEFERRED) goto nopage; // should exit __alloc_pages_slowpath() from here In order to quickly fall back to remote node, we should remove ALLOC_CMA both in __compaction_suitable() and __isolate_free_page() in long term GUP flow. After this fix, starting a 32GB virtual machine with device passthrough takes only a few seconds. Fixes: 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") Cc: <stable(a)vger.kernel.org> Signed-off-by: yangge <yangge1116(a)126.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> --- V6: -- update cc->alloc_flags to keep the original loginc V5: - add 'alloc_flags' parameter for __isolate_free_page() - remove 'usa_cma' variable V4: - rich the commit log description V3: - fix build errors - add ALLOC_CMA both in should_continue_reclaim() and compaction_ready() V2: - using the 'cc->alloc_flags' to determin if 'ALLOC_CMA' is needed - rich the commit log description include/linux/compaction.h | 6 ++++-- mm/compaction.c | 26 +++++++++++++++----------- mm/internal.h | 3 ++- mm/page_alloc.c | 7 +++++-- mm/page_isolation.c | 3 ++- mm/page_reporting.c | 2 +- mm/vmscan.c | 4 ++-- 7 files changed, 31 insertions(+), 20 deletions(-) diff --git a/include/linux/compaction.h b/include/linux/compaction.h index e947764..b4c3ac3 100644 --- a/include/linux/compaction.h +++ b/include/linux/compaction.h @@ -90,7 +90,8 @@ extern enum compact_result try_to_compact_pages(gfp_t gfp_mask, struct page **page); extern void reset_isolation_suitable(pg_data_t *pgdat); extern bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx); + int highest_zoneidx, + unsigned int alloc_flags); extern void compaction_defer_reset(struct zone *zone, int order, bool alloc_success); @@ -108,7 +109,8 @@ static inline void reset_isolation_suitable(pg_data_t *pgdat) } static inline bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx) + int highest_zoneidx, + unsigned int alloc_flags) { return false; } diff --git a/mm/compaction.c b/mm/compaction.c index 07bd227..d92ba6c 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -655,7 +655,7 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, /* Found a free page, will break it into order-0 pages */ order = buddy_order(page); - isolated = __isolate_free_page(page, order); + isolated = __isolate_free_page(page, order, cc->alloc_flags); if (!isolated) break; set_page_private(page, order); @@ -1634,7 +1634,7 @@ static void fast_isolate_freepages(struct compact_control *cc) /* Isolate the page if available */ if (page) { - if (__isolate_free_page(page, order)) { + if (__isolate_free_page(page, order, cc->alloc_flags)) { set_page_private(page, order); nr_isolated = 1 << order; nr_scanned += nr_isolated - 1; @@ -2381,6 +2381,7 @@ static enum compact_result compact_finished(struct compact_control *cc) static bool __compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags, unsigned long wmark_target) { unsigned long watermark; @@ -2395,25 +2396,26 @@ static bool __compaction_suitable(struct zone *zone, int order, * even if compaction succeeds. * For costly orders, we require low watermark instead of min for * compaction to proceed to increase its chances. - * ALLOC_CMA is used, as pages in CMA pageblocks are considered - * suitable migration targets + * In addition to long term GUP flow, ALLOC_CMA is used, as pages in + * CMA pageblocks are considered suitable migration targets */ watermark = (order > PAGE_ALLOC_COSTLY_ORDER) ? low_wmark_pages(zone) : min_wmark_pages(zone); watermark += compact_gap(order); return __zone_watermark_ok(zone, 0, watermark, highest_zoneidx, - ALLOC_CMA, wmark_target); + alloc_flags & ALLOC_CMA, wmark_target); } /* * compaction_suitable: Is this suitable to run compaction on this zone now? */ -bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx) +bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags) { enum compact_result compact_result; bool suitable; - suitable = __compaction_suitable(zone, order, highest_zoneidx, + suitable = __compaction_suitable(zone, order, highest_zoneidx, alloc_flags, zone_page_state(zone, NR_FREE_PAGES)); /* * fragmentation index determines if allocation failures are due to @@ -2474,7 +2476,7 @@ bool compaction_zonelist_suitable(struct alloc_context *ac, int order, available = zone_reclaimable_pages(zone) / order; available += zone_page_state_snapshot(zone, NR_FREE_PAGES); if (__compaction_suitable(zone, order, ac->highest_zoneidx, - available)) + alloc_flags, available)) return true; } @@ -2499,7 +2501,7 @@ compaction_suit_allocation_order(struct zone *zone, unsigned int order, alloc_flags)) return COMPACT_SUCCESS; - if (!compaction_suitable(zone, order, highest_zoneidx)) + if (!compaction_suitable(zone, order, highest_zoneidx, alloc_flags)) return COMPACT_SKIPPED; return COMPACT_CONTINUE; @@ -2893,6 +2895,7 @@ static int compact_node(pg_data_t *pgdat, bool proactive) struct compact_control cc = { .order = -1, .mode = proactive ? MIGRATE_SYNC_LIGHT : MIGRATE_SYNC, + .alloc_flags = ALLOC_CMA, .ignore_skip_hint = true, .whole_zone = true, .gfp_mask = GFP_KERNEL, @@ -3037,7 +3040,7 @@ static bool kcompactd_node_suitable(pg_data_t *pgdat) ret = compaction_suit_allocation_order(zone, pgdat->kcompactd_max_order, - highest_zoneidx, ALLOC_WMARK_MIN); + highest_zoneidx, ALLOC_CMA | ALLOC_WMARK_MIN); if (ret == COMPACT_CONTINUE) return true; } @@ -3058,6 +3061,7 @@ static void kcompactd_do_work(pg_data_t *pgdat) .search_order = pgdat->kcompactd_max_order, .highest_zoneidx = pgdat->kcompactd_highest_zoneidx, .mode = MIGRATE_SYNC_LIGHT, + .alloc_flags = ALLOC_CMA | ALLOC_WMARK_MIN, .ignore_skip_hint = false, .gfp_mask = GFP_KERNEL, }; @@ -3078,7 +3082,7 @@ static void kcompactd_do_work(pg_data_t *pgdat) continue; ret = compaction_suit_allocation_order(zone, - cc.order, zoneid, ALLOC_WMARK_MIN); + cc.order, zoneid, cc.alloc_flags); if (ret != COMPACT_CONTINUE) continue; diff --git a/mm/internal.h b/mm/internal.h index 3922788..6d257c8 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -662,7 +662,8 @@ static inline void clear_zone_contiguous(struct zone *zone) zone->contiguous = false; } -extern int __isolate_free_page(struct page *page, unsigned int order); +extern int __isolate_free_page(struct page *page, unsigned int order, + unsigned int alloc_flags); extern void __putback_isolated_page(struct page *page, unsigned int order, int mt); extern void memblock_free_pages(struct page *page, unsigned long pfn, diff --git a/mm/page_alloc.c b/mm/page_alloc.c index dde19db..1bfdca3 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2809,7 +2809,8 @@ void split_page(struct page *page, unsigned int order) } EXPORT_SYMBOL_GPL(split_page); -int __isolate_free_page(struct page *page, unsigned int order) +int __isolate_free_page(struct page *page, unsigned int order, + unsigned int alloc_flags) { struct zone *zone = page_zone(page); int mt = get_pageblock_migratetype(page); @@ -2823,7 +2824,8 @@ int __isolate_free_page(struct page *page, unsigned int order) * exists. */ watermark = zone->_watermark[WMARK_MIN] + (1UL << order); - if (!zone_watermark_ok(zone, 0, watermark, 0, ALLOC_CMA)) + if (!zone_watermark_ok(zone, 0, watermark, 0, + alloc_flags & ALLOC_CMA)) return 0; } @@ -6454,6 +6456,7 @@ int alloc_contig_range_noprof(unsigned long start, unsigned long end, .order = -1, .zone = page_zone(pfn_to_page(start)), .mode = MIGRATE_SYNC, + .alloc_flags = ALLOC_CMA, .ignore_skip_hint = true, .no_set_skip_hint = true, .alloc_contig = true, diff --git a/mm/page_isolation.c b/mm/page_isolation.c index c608e9d..a1f2c79 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -229,7 +229,8 @@ static void unset_migratetype_isolate(struct page *page, int migratetype) buddy = find_buddy_page_pfn(page, page_to_pfn(page), order, NULL); if (buddy && !is_migrate_isolate_page(buddy)) { - isolated_page = !!__isolate_free_page(page, order); + isolated_page = !!__isolate_free_page(page, order, + ALLOC_CMA); /* * Isolating a free page in an isolated pageblock * is expected to always work as watermarks don't diff --git a/mm/page_reporting.c b/mm/page_reporting.c index e4c428e..fd3813b 100644 --- a/mm/page_reporting.c +++ b/mm/page_reporting.c @@ -198,7 +198,7 @@ page_reporting_cycle(struct page_reporting_dev_info *prdev, struct zone *zone, /* Attempt to pull page from list and place in scatterlist */ if (*offset) { - if (!__isolate_free_page(page, order)) { + if (!__isolate_free_page(page, order, ALLOC_CMA)) { next = page; break; } diff --git a/mm/vmscan.c b/mm/vmscan.c index 5e03a61..33f5b46 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -5815,7 +5815,7 @@ static inline bool should_continue_reclaim(struct pglist_data *pgdat, sc->reclaim_idx, 0)) return false; - if (compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; } @@ -6043,7 +6043,7 @@ static inline bool compaction_ready(struct zone *zone, struct scan_control *sc) return true; /* Compaction cannot yet proceed. Do reclaim. */ - if (!compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (!compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; /* -- 2.7.4

6 months

4
8
0 0

[PATCH v3 0/9] driver core: class: Fix bug and code improvements for class APIs

by Zijun Hu

This patch series is to fix bugs and improve codes regarding various driver core device iterating APIs Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v3: - Correct commit message, add fix tag, and correct pr_crit() message for 1st patch - Add more patches regarding driver core device iterating APIs. - Link to v2: https://lore.kernel.org/r/20241112-class_fix-v2-0-73d198d0a0d5@quicinc.com Changes in v2: - Remove both fix and stable tag for patch 1/3 - drop patch 3/3 - Link to v1: https://lore.kernel.org/r/20241105-class_fix-v1-0-80866f9994a5@quicinc.com --- Zijun Hu (9): driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() blk-cgroup: Fix class @block_class's subsystem refcount leakage driver core: bus: Move true expression out of if condition in API bus_find_device() driver core: Move true expression out of if condition in API driver_find_device() driver core: Move true expression out of if condition in API device_find_child() driver core: Rename declaration parameter name for API device_find_child() cluster driver core: Correct parameter check for API device_for_each_child_reverse_from() driver core: Correct API device_for_each_child_reverse_from() prototype driver core: Introduce device_iter_t for device iterating APIs block/blk-cgroup.c | 1 + drivers/base/bus.c | 9 ++++++--- drivers/base/class.c | 11 +++++++++-- drivers/base/core.c | 17 ++++++++++------- drivers/base/driver.c | 9 ++++++--- drivers/cxl/core/hdm.c | 2 +- drivers/cxl/core/region.c | 2 +- include/linux/device.h | 14 +++++++------- include/linux/device/bus.h | 7 +++++-- include/linux/device/class.h | 4 ++-- include/linux/device/driver.h | 2 +- 11 files changed, 49 insertions(+), 29 deletions(-) --- base-commit: cdd30ebb1b9f36159d66f088b61aee264e649d7a change-id: 20241104-class_fix-f176bd9eba22 prerequisite-change-id: 20241201-const_dfc_done-aaec71e3bbea:v4 prerequisite-patch-id: 536aa56c0d055f644a1f71ab5c88b7cac9510162 prerequisite-patch-id: 39b0cf088c72853d9ce60c9e633ad2070a0278a8 prerequisite-patch-id: 60b22c42b67ad56a3d2a7b80a30ad588cbe740ec prerequisite-patch-id: 119a167d7248481987b5e015db0e4fdb0d6edab8 prerequisite-patch-id: 133248083f3d3c57beb16473c2a4c62b3abc5fd0 prerequisite-patch-id: 4cda541f55165650bfa69fb19cbe0524eff0cb85 prerequisite-patch-id: 2b4193c6ea6370c07e6b66de04be89fb09448f54 prerequisite-patch-id: 73c675db18330c89fd8ca4790914d1d486ce0db8 prerequisite-patch-id: 88c50fc851fd7077797fd4e63fb12966b1b601bd prerequisite-patch-id: 47b93916c1b5fb809d7c99aeaa05c729b1af01c5 prerequisite-patch-id: 52ffb42b5aae69cae708332e0ddc7016139999f1 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

6 months

2
2
0 0

[PATCH] drm/amdgpu: Make the submission path memory reclaim safe

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> As commit 746ae46c1113 ("drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM") points out, ever since a6149f039369 ("drm/sched: Convert drm scheduler to use a work queue rather than kthread"), any workqueue flushing done from the job submission path must only involve memory reclaim safe workqueues to be safe against reclaim deadlocks. This is also pointed out by workqueue sanity checks: [ ] workqueue: WQ_MEM_RECLAIM sdma0:drm_sched_run_job_work [gpu_sched] is flushing !WQ_MEM_RECLAIM events:amdgpu_device_delay_enable_gfx_off [amdgpu] ... [ ] Workqueue: sdma0 drm_sched_run_job_work [gpu_sched] ... [ ] Call Trace: [ ] <TASK> ... [ ] ? check_flush_dependency+0xf5/0x110 ... [ ] cancel_delayed_work_sync+0x6e/0x80 [ ] amdgpu_gfx_off_ctrl+0xab/0x140 [amdgpu] [ ] amdgpu_ring_alloc+0x40/0x50 [amdgpu] [ ] amdgpu_ib_schedule+0xf4/0x810 [amdgpu] [ ] ? drm_sched_run_job_work+0x22c/0x430 [gpu_sched] [ ] amdgpu_job_run+0xaa/0x1f0 [amdgpu] [ ] drm_sched_run_job_work+0x257/0x430 [gpu_sched] [ ] process_one_work+0x217/0x720 ... [ ] </TASK> Fix this by creating a memory reclaim safe driver workqueue and make the submission path use it. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> References: 746ae46c1113 ("drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM") Fixes: a6149f039369 ("drm/sched: Convert drm scheduler to use a work queue rather than kthread") Cc: stable(a)vger.kernel.org Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: Philipp Stanner <pstanner(a)redhat.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 25 +++++++++++++++++++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 5 +++-- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h index 7645e498faa4..a6aad687537e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h @@ -268,6 +268,8 @@ extern int amdgpu_agp; extern int amdgpu_wbrf; +extern struct workqueue_struct *amdgpu_reclaim_wq; + #define AMDGPU_VM_MAX_NUM_CTX 4096 #define AMDGPU_SG_THRESHOLD (256*1024*1024) #define AMDGPU_WAIT_IDLE_TIMEOUT_IN_MS 3000 diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c index 38686203bea6..f5b7172e8042 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -255,6 +255,8 @@ struct amdgpu_watchdog_timer amdgpu_watchdog_timer = { .period = 0x0, /* default to 0x0 (timeout disable) */ }; +struct workqueue_struct *amdgpu_reclaim_wq; + /** * DOC: vramlimit (int) * Restrict the total amount of VRAM in MiB for testing. The default is 0 (Use full VRAM). @@ -2971,6 +2973,21 @@ static struct pci_driver amdgpu_kms_pci_driver = { .dev_groups = amdgpu_sysfs_groups, }; +static int amdgpu_wq_init(void) +{ + amdgpu_reclaim_wq = + alloc_workqueue("amdgpu-reclaim", WQ_MEM_RECLAIM, 0); + if (!amdgpu_reclaim_wq) + return -ENOMEM; + + return 0; +} + +static void amdgpu_wq_fini(void) +{ + destroy_workqueue(amdgpu_reclaim_wq); +} + static int __init amdgpu_init(void) { int r; @@ -2978,6 +2995,10 @@ static int __init amdgpu_init(void) if (drm_firmware_drivers_only()) return -EINVAL; + r = amdgpu_wq_init(); + if (r) + goto error_wq; + r = amdgpu_sync_init(); if (r) goto error_sync; @@ -3006,6 +3027,9 @@ static int __init amdgpu_init(void) amdgpu_sync_fini(); error_sync: + amdgpu_wq_fini(); + +error_wq: return r; } @@ -3017,6 +3041,7 @@ static void __exit amdgpu_exit(void) amdgpu_acpi_release(); amdgpu_sync_fini(); amdgpu_fence_slab_fini(); + amdgpu_wq_fini(); mmu_notifier_synchronize(); amdgpu_xcp_drv_release(); } diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c index 2f3f09dfb1fd..f8fd71d9382f 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c @@ -790,8 +790,9 @@ void amdgpu_gfx_off_ctrl(struct amdgpu_device *adev, bool enable) AMD_IP_BLOCK_TYPE_GFX, true)) adev->gfx.gfx_off_state = true; } else { - schedule_delayed_work(&adev->gfx.gfx_off_delay_work, - delay); + queue_delayed_work(amdgpu_reclaim_wq, + &adev->gfx.gfx_off_delay_work, + delay); } } } else { -- 2.46.0

6 months

6
9
0 0

[PATCH 1/2] xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic

by Mathias Nyman

xHC hosts from several vendors have the same issue where endpoints start so slowly that a later queued 'Stop Endpoint' command may complete before endpoint is up and running. The 'Stop Endpoint' command fails with context state error as the endpoint still appears as stopped. See commit 42b758137601 ("usb: xhci: Limit Stop Endpoint retries") for details CC: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-ring.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 4cf5363875c7..09b05a62375e 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1199,8 +1199,6 @@ static void xhci_handle_cmd_stop_ep(struct xhci_hcd *xhci, int slot_id, * Keep retrying until the EP starts and stops again, on * chips where this is known to help. Wait for 100ms. */ - if (!(xhci->quirks & XHCI_NEC_HOST)) - break; if (time_is_before_jiffies(ep->stop_time + msecs_to_jiffies(100))) break; fallthrough; -- 2.25.1

6 months

1
0
0 0

[PATCH 5.10 000/459] 5.10.231-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.231 release. There are 459 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 14 Dec 2024 14:41:35 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.231-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.231-rc1 Dan Carpenter <dan.carpenter(a)oracle.com> octeontx2-pf: Fix otx2_get_fecparam() David S. Miller <davem(a)davemloft.net> octeontx2: Fix condition. Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> media: uvcvideo: Require entities to have a non-zero unique ID Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix out of bounds reads when finding clock sources Damien Le Moal <damien.lemoal(a)wdc.com> scsi: core: Fix scsi_mode_select() buffer length handling Damien Le Moal <damien.lemoal(a)wdc.com> scsi: sd: Fix sd_do_mode_sense() buffer length handling Damien Le Moal <dlemoal(a)kernel.org> PCI: rockchip-ep: Fix address translation unit programming Zhang Zekun <zhangzekun11(a)huawei.com> Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" Thomas Gleixner <tglx(a)linutronix.de> modpost: Add .irqentry.text to OTHER_SECTIONS Heming Zhao <heming.zhao(a)suse.com> ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check BIOS images before it is used Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Fix STALL transfer event handling Richard Weinberger <richard(a)nod.at> jffs2: Fix rtime decompressor Kinsey Moore <kinsey.moore(a)oarcorp.com> jffs2: Prevent rtime decompress memory corruption Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Jing Zhang <jingzhangos(a)google.com> KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Linus Torvalds <torvalds(a)linux-foundation.org> Revert "unicode: Don't special case ignorable code points" Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing snapshot drew unlock when root is dead during swap activation K Prateek Nayak <kprateek.nayak(a)amd.com> sched/core: Prevent wakeup of ksoftirqd during idle load balance K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy Valentin Schneider <valentin.schneider(a)arm.com> sched/fair: Add NOHZ balancer flag for nohz.next_balance updates Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Trigger the update of blocked load on newly idle cpu Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Merge for each idle cpu loop of ILB Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Remove unused parameter of update_nohz_stats Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Remove update of blocked load from newidle_balance K Prateek Nayak <kprateek.nayak(a)amd.com> sched/core: Remove the unnecessary need_resched() check in nohz_csd_func() Parker Newman <pnewman(a)connecttech.com> misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle Michael Ellerman <mpe(a)ellerman.id.au> powerpc/prom_init: Fixup missing powermac #size-cells Xi Ruoyao <xry111(a)xry111.site> MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: handle USB Error Interrupt if IOC not set Defa Li <defa.li(a)mediatek.com> i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock Mengyuan Lou <mengyuanlou(a)net-swift.com> PCI: Add ACS quirk for Wangxun FF5xxx NICs Keith Busch <kbusch(a)kernel.org> PCI: Add 'reset_subordinate' to reset hierarchy below bridge Qi Han <hanqi(a)vivo.com> f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. Yi Yang <yiyang13(a)huawei.com> nvdimm: rectify the illogical code within nd_dax_probe() Barnabás Czémán <barnabas.czeman(a)mainlining.org> pinctrl: qcom-pmic-gpio: add support for PM8937 Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't modify unknown block number in MTIOCGET Mukesh Ojha <quic_mojha(a)quicinc.com> leds: class: Protect brightness_show() with led_cdev->led_access mutex Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Add cond_resched() for no forced preemption model Uros Bizjak <ubizjak(a)gmail.com> tracing: Use atomic64_inc_return() in trace_clock_counter() Esben Haabendal <esben(a)geanix.com> pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in __netpoll_setup Jakub Kicinski <kuba(a)kernel.org> net/neighbor: clear error in case strict check is not set Dmitry Antipov <dmantipov(a)yandex.ru> rocker: fix link status detection in rocker_carrier_init() Jonas Karlman <jonas(a)kwiboo.se> ASoC: hdmi-codec: reorder channel allocation list Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables Norbert van Bolhuis <nvbolhuis(a)gmail.com> wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> wifi: ipw2x00: libipw_rx_any(): fix bad alignment Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: set the right AMDGPU sg segment limitation Victor Zhao <Victor.Zhao(a)amd.com> drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov Nihar Chaithanya <niharchaithanya(a)gmail.com> jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: fix array-index-out-of-bounds in jfs_readdir Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: fix shift-out-of-bounds in dbSplit Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: array-index-out-of-bounds fix in dtReadFirst Levi Yun <yeoreum.yun(a)arm.com> dma-debug: fix a possible deadlock on radix_lock Lang Yu <lang.yu(a)amd.com> drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr Rosen Penev <rosenp(a)gmail.com> wifi: ath5k: add PCI ID for Arcadyan devices Rosen Penev <rosenp(a)gmail.com> wifi: ath5k: add PCI ID for SX76X Ignat Korchagin <ignat(a)cloudflare.com> net: inet6: do not leave a dangling sk pointer in inet6_create() Ignat Korchagin <ignat(a)cloudflare.com> net: inet: do not leave a dangling sk pointer in inet_create() Ignat Korchagin <ignat(a)cloudflare.com> net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() Ignat Korchagin <ignat(a)cloudflare.com> net: af_can: do not leave a dangling sk pointer in can_create() Ignat Korchagin <ignat(a)cloudflare.com> Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() Ignat Korchagin <ignat(a)cloudflare.com> af_packet: avoid erroring out after sock_init_data() in packet_create() Elena Salomatkina <esalomatkina(a)ispras.ru> net/sched: cbs: Fix integer overflow in cbs_set_port_rate() Simon Horman <horms(a)kernel.org> net: ethernet: fs_enet: Use %pa to format resource_size_t Simon Horman <horms(a)kernel.org> net: fec_mpc52xx_phy: Use %pa to format resource_size_t Zhu Jun <zhujun2(a)cmss.chinamobile.com> samples/bpf: Fix a resource leak Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't apply UDP padding quirk on RTL8126A Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() Liao Chen <liaochen4(a)huawei.com> drm/mcde: Enable module autoloading Joaquín Ignacio Aramendía <samsagax(a)gmail.com> drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Set AXI panic modes for the HVS Rohan Barar <rohan.barar(a)gmail.com> media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 David Given <dg(a)cowlark.com> media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera Marco Elver <elver(a)google.com> kcsan: Turn report_filterlist_lock into a raw_spinlock Mark Brown <broonie(a)kernel.org> kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all() Qu Wenruo <wqu(a)suse.com> btrfs: avoid unnecessary device path update for the same device Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Handle CPU hotplug remove during sampling Pratyush Brahma <quic_pbrahma(a)quicinc.com> iommu/arm-smmu: Defer probe of clients after smmu device bound Wengang Wang <wen.gang.wang(a)oracle.com> ocfs2: update seq_file index in ocfs2_dlm_seq_next Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Further prevent card detect during shutdown Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet Cosmin Tanislav <demonsingur(a)gmail.com> regmap: detach regmap from dev on regmap_exit Christian König <christian.koenig(a)amd.com> dma-buf: fix dma_fence_array_signaled v4 Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> bpf: fix OOB devmap writes when deleting elements Liequan Che <cheliequan(a)inspur.com> bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix use after free on unload Anil Gurumurthy <agurumurthy(a)marvell.com> scsi: qla2xxx: Supported speed displayed incorrectly for VPorts Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix NVMe and NPIV connect issue Sahas Leelodharry <sahas.leelodharry(a)mail.mcgill.ca> ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 Marie Ramlow <me(a)nycode.dev> ALSA: usb-audio: add mixer mapping for Corsair HS80 Mark Rutland <mark.rutland(a)arm.com> arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Kuan-Wei Chiu <visitorckw(a)gmail.com> tracing: Fix cmp_entries_dup() to respect sort() comparison rules Alexander Sverdlin <alexander.sverdlin(a)siemens.com> watchdog: rti: of: honor timeout-sec property WangYuli <wangyuli(a)uniontech.com> HID: wacom: fix when get product name maybe null pointer Hou Tao <houtao1(a)huawei.com> bpf: Fix exact match conditions in trie_get_next_key() Hou Tao <houtao1(a)huawei.com> bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> ocfs2: free inode when ocfs2_get_init_inode() fails Pei Xiao <xiaopei01(a)kylinos.cn> spi: mpc52xx: Add cancel_work_sync before module remove Zijian Zhang <zijianzhang(a)bytedance.com> tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg Pei Xiao <xiaopei01(a)kylinos.cn> drm/sti: Add __iomem for mixer_dbg_mxn's parameter Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix dynamic address leak when 'assigned-address' is present Frank Li <Frank.Li(a)nxp.com> i3c: master: Extend address status bit to 4 and add I3C_ADDR_SLOT_EXT_DESIRED Frank Li <Frank.Li(a)nxp.com> i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS Jamie Iles <quic_jiles(a)quicinc.com> i3c: fix incorrect address slot lookup on 64-bit Michal Simek <michal.simek(a)amd.com> dt-bindings: serial: rs485: Fix rs485-rts-delay property Lino Sanfilippo <l.sanfilippo(a)kunbus.com> dt_bindings: rs485: Correct delay values Charles Han <hanchunchao(a)inspur.com> gpio: grgpio: Add NULL check in grgpio_probe Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: grgpio: use a helper variable to store the address of ofdev->dev Eric Dumazet <edumazet(a)google.com> geneve: do not assume mac header is set in geneve_xmit_skb() Kory Maincent <kory.maincent(a)bootlin.com> ethtool: Fix wrong mod state in case of verbose and no_mask bitset Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: skip duplicated elements pending gc run Phil Sutter <phil(a)nwl.cc> netfilter: ipset: Hold module reference while requesting a module Xin Long <lucien.xin(a)gmail.com> net: sched: fix erspan_opt settings in cls_flower Yuan Can <yuancan(a)huawei.com> igb: Fix potential invalid memory access in igb_init_module() Louis Leseur <louis.leseur(a)gmail.com> net/qed: allow old cards not supporting "num_images" to work Kuniyuki Iwashima <kuniyu(a)amazon.com> tipc: Fix use-after-free of kernel socket in cleanup_bearer(). Ivan Solodovnikov <solodovnikov.ia(a)phystech.edu> dccp: Fix memory leak in dccp_feat_change_recv Jiri Wiesner <jwiesner(a)suse.de> net/ipv6: release expired exception dst cached in socket Dmitry Antipov <dmantipov(a)yandex.ru> can: j1939: j1939_session_new(): fix skb reference counting Eric Dumazet <edumazet(a)google.com> net: hsr: avoid potential out-of-bound access in fill_frame_info() Martin Ottens <martin.ottens(a)fau.de> net/sched: tbf: correct backlog statistic for GSO packets Ajay Kaher <ajay.kaher(a)broadcom.com> ptp: Add error handling for adjfine callback in ptp_clock_adjtime Dmitry Antipov <dmantipov(a)yandex.ru> netfilter: x_tables: fix LED ID check in led_tg_check() Jinghao Jia <jinghao7(a)illinois.edu> ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL Yassine Oudjana <y.oudjana(a)protonmail.com> watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() Oleksandr Ocheretnyi <oocheret(a)cisco.com> iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: flush shader L1 cache after user commandstream Josef Bacik <josef(a)toxicpanda.com> btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() Yang Erkun <yangerkun(a)huawei.com> nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur Yang Erkun <yangerkun(a)huawei.com> nfsd: make sure exp active before svc_export_show Yuan Can <yuancan(a)huawei.com> dm thin: Add missing destroy_work_on_stack() Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add link up check to ks_pcie_other_map_bus() Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Fix hibern8 notify callbacks Alexandru Ardelean <aardelean(a)baylibre.com> util_macros.h: fix/rework find_closest() macros Zicheng Qu <quzicheng(a)huawei.com> ad7780: fix division by zero in ad7780_write_raw() Filipe Manana <fdmanana(a)suse.com> btrfs: ref-verify: fix use-after-free after invalid ref action Ojaswin Mujoo <ojaswin(a)linux.ibm.com> quota: flush quota_release_work upon quota writeback Gustavo A. R. Silva <gustavoars(a)kernel.org> octeontx2-pf: Fix out-of-bounds read in otx2_get_fecparam() Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_micfil: fix the naming style for mask definition Dan Carpenter <dan.carpenter(a)linaro.org> sh: intc: Fix use-after-free bug in register_intc_controller() Liu Jian <liujian56(a)huawei.com> sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE Thiago Rafael Becker <trbecker(a)gmail.com> sunrpc: remove unnecessary test in rpc_task_set_client() Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Convert rpc_client refcount to use refcount_t Calum Mackay <calum.mackay(a)oracle.com> SUNRPC: correct error code comment in xs_tcp_setup_socket() Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when mounting nfs Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove incorrect code in do_eisa_entry() Maxime Chevallier <maxime.chevallier(a)bootlin.com> rtc: ab-eoz9: don't fail temperature reads on undervoltage notification Alex Zenla <alex(a)edera.dev> 9p/xen: fix release of IRQ Alex Zenla <alex(a)edera.dev> 9p/xen: fix init sequence Christoph Hellwig <hch(a)lst.de> block: return unsigned int from bdev_io_min Qingfang Deng <qingfang.deng(a)siflower.com.cn> jffs2: fix use of uninitialized variable Waqar Hameed <waqar.hameed(a)axis.com> ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix duplicate slab cache names while attaching Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Correct the total block count by deducting journal reservation Yongliang Gao <leonylgao(a)tencent.com> rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Nobuhiro Iwamatsu <iwamatsu(a)nigauri.org> rtc: abx80x: Fix WDT bit position of the status register Jinjie Ruan <ruanjinjie(a)huawei.com> rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.0: Fix a use-after-free problem in the asynchronous open() Tiwei Bie <tiwei.btw(a)antgroup.com> um: Always dump trace for specified task in show_stack Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the return value of elf_core_copy_task_fpregs Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix potential integer overflow during physmem setup Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Propagate TX failures in intentless mode as well Yang Erkun <yangerkun(a)huawei.com> SUNRPC: make sure cache entry active before cache_show Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent a potential integer overflow Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> lib: string_helpers: silence snprintf() output truncation warning Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix looping of queued SG entries Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix checking for number of TRBs left Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Apply quirk for Medion E15433 Dinesh Kumar <desikumar81(a)gmail.com> ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Set PCBeep to default value for ALC274 Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC225 depop procedure Hans Verkuil <hverkuil(a)xs4all.nl> media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Qiu-ji Chen <chenqiuji666(a)gmail.com> media: wl128x: Fix atomicity violation in fmc_send_cmd() Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Muchun Song <songmuchun(a)bytedance.com> block: fix ordering between checking BLK_MQ_S_STOPPED request adding Will Deacon <will(a)kernel.org> arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Huacai Chen <chenhuacai(a)loongson.cn> sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Do not use drvdata in release Bin Liu <b-liu(a)ti.com> serial: 8250: omap: Move pm_runtime_get_sync Tiwei Bie <tiwei.btw(a)antgroup.com> um: net: Do not use drvdata in release Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Do not use drvdata in release Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: wl: Put source PEB into correct list if trying locking LEB failed Javier Carrasco <javier.carrasco.cruz(a)gmail.com> platform/chrome: cros_ec_typec: fix missing fwnode reference decrement Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> spi: Fix acpi deferred irq probe Jeongjun Park <aha310510(a)gmail.com> netfilter: ipset: add missing range check in bitmap_ip_uadt Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Michal Vrastil <michal.vrastil(a)hidglobal.com> Revert "usb: gadget: composite: fix OS descriptors w_value logic" Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Fix double free in driver API bus_register() Andrej Shadura <andrew.shadura(a)collabora.co.uk> Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix uninit-value in __exfat_get_dentry_set Ahmed Ehab <bottaawesome633(a)gmail.com> locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Jinjie Ruan <ruanjinjie(a)huawei.com> apparmor: test: Fix memory leak for aa_unpack_strdup() Jann Horn <jannh(a)google.com> comedi: Flush partial mappings in error case Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix sending inotify event with unexpected filename Lukas Wunner <lukas(a)wunner.de> PCI: Fix use-after-free of slot->bus on hot remove Raghavendra Rao Ananta <rananta(a)google.com> KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status Eric Biggers <ebiggers(a)google.com> crypto: x86/aegis128 - access 32-bit arguments as 32-bit Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix buffer full but size is 0 case Qiu-ji Chen <chenqiuji666(a)gmail.com> ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Artem Sadovnikov <ancowi69(a)gmail.com> jfs: xattr: check invalid xattr size more strictly Theodore Ts'o <tytso(a)mit.edu> ext4: fix FS_IOC_GETFSMAP handling Jeongjun Park <aha310510(a)gmail.com> ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Benoît Sevens <bsevens(a)google.com> ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-spear: fix call balance of sehci clk handling routines Qiu-ji Chen <chenqiuji666(a)gmail.com> xen: Fix the issue of resource not being properly released in xenbus_dev_probe() chao liu <liuzgyid(a)outlook.com> apparmor: fix 'Do simple duplicate message elimination' Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC256 depop procedure Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add type for ALC287 Johan Hovold <johan(a)kernel.org> staging: greybus: uart: clean up TIOCGSERIAL Jinjie Ruan <ruanjinjie(a)huawei.com> misc: apds990x: Fix missing pm_runtime_disable() Edward Adam Davis <eadavis(a)qq.com> USB: chaoskey: Fix possible deadlock chaoskey_list_lock Oliver Neukum <oneukum(a)suse.com> USB: chaoskey: fail open after removal Oliver Neukum <oneukum(a)suse.com> usb: yurex: make waiting on yurex_write interruptible Jeongjun Park <aha310510(a)gmail.com> usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: light: al3010: Fix an error handling path in al3010_probe() Paolo Abeni <pabeni(a)redhat.com> ipmr: fix tables suspicious RCU usage Eric Dumazet <edumazet(a)google.com> ipmr: convert /proc handlers to rcu_read_lock() Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Eric Dumazet <edumazet(a)google.com> net: hsr: fix hsr_init_sk() vs network/transport headers. Alexander Lobakin <alobakin(a)pm.me> net: introduce a netdev feature for UDP GRO forwarding Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Fix register name in verbose logging function Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Vitalii Mordan <mordan(a)ispras.ru> marvell: pxa168_eth: fix call balance of pep->clk handling routines Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Pavan Chebbi <pavan.chebbi(a)broadcom.com> tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Barnabás Czémán <barnabas.czeman(a)mainlining.org> power: supply: bq27xxx: Fix registers of bq27426 Hermes Zhang <chenhuiz(a)axis.com> power: supply: bq27xxx: Support CHARGE_NOW for bq27z561/bq28z610/bq34z100 Bart Van Assche <bvanassche(a)acm.org> power: supply: core: Remove might_sleep() from power_supply_put() Randy Dunlap <rdunlap(a)infradead.org> fs_parser: update mount_api doc to match function signature Avihai Horon <avihaih(a)nvidia.com> vfio/pci: Properly hide first-in-list PCIe extended capability Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix suboptimal range on iotlb iteration Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_shutdown_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Sibi Sankar <quic_sibis(a)quicinc.com> remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Jonathan Marek <jonathan(a)marek.ca> rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Fix GLINK command prefix Arun Kumar Neelakantam <aneela(a)codeaurora.org> rpmsg: glink: Send READ_NOTIFY command in FIFO full case Arun Kumar Neelakantam <aneela(a)codeaurora.org> rpmsg: glink: Add TX_DATA_CONT command while sending Benjamin Peterson <benjamin(a)engflow.com> perf trace: Avoid garbage when not printing a syscall's arguments Benjamin Peterson <benjamin(a)engflow.com> perf trace: Do not lose last events in a race Antonio Quartulli <antonio(a)mandelbit.com> m68k: coldfire/device.c: only build FEC when HW macros are defined Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Benjamin Peterson <benjamin(a)engflow.com> perf trace: avoid garbage when not printing a trace event's arguments Yongpeng Yang <yangyongpeng1(a)oppo.com> f2fs: check curseg->inited before write_sum_page in change_curseg Christoph Hellwig <hch(a)lst.de> f2fs: remove the unused flush argument to change_curseg Christoph Hellwig <hch(a)lst.de> f2fs: open code allocate_segment_by_default Christoph Hellwig <hch(a)lst.de> f2fs: remove struct segment_allocation default_salloc_ops Chao Yu <chao(a)kernel.org> f2fs: avoid using native allocate_segment_by_default() LongPing Wei <weilongping(a)oppo.com> f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: cpqphp: Fix PCIBIOS_* return value confusion weiyufeng <weiyufeng(a)kylinos.cn> PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads Leo Yan <leo.yan(a)arm.com> perf probe: Correct demangled symbols in C++ program Ian Rogers <irogers(a)google.com> perf probe: Fix libdw memory leak James Clark <james.clark(a)linaro.org> perf cs-etm: Don't flush when packet_queue fills up Nuno Sa <nuno.sa(a)analog.com> clk: clk-axi-clkgen: make sure to enable the AXI bus clock Alexandru Ardelean <alexandru.ardelean(a)analog.com> clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand Nuno Sa <nuno.sa(a)analog.com> dt-bindings: clock: axi-clkgen: include AXI clk Alexandru Ardelean <alexandru.ardelean(a)analog.com> dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format Zhen Lei <thunder.leizhen(a)huawei.com> fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/sh7760fb: Alloc DMA memory from hardware device Zhang Zekun <zhangzekun11(a)huawei.com> powerpc/kexec: Fix return of uninitialized variable Michal Suchanek <msuchanek(a)suse.de> powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix uninitialized value in ocfs2_file_read_iter() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Zeng Heng <zengheng4(a)huawei.com> scsi: fusion: Remove unused variable 'rc' Ye Bin <yebin10(a)huawei.com> scsi: bfa: Fix use-after-free in bfad_im_module_exit() Zhang Changzhong <zhangchangzhong(a)huawei.com> mfd: rt5033: Fix missing regmap_del_irq_chip() Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Michael Ellerman <mpe(a)ellerman.id.au> powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: atmel: Fix possible memory leak Yuan Can <yuancan(a)huawei.com> cpufreq: loongson2: Unregister platform_driver on failure Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use dev_err_probe() Marcus Folkesson <marcus.folkesson(a)gmail.com> mfd: da9052-spi: Change read-mask to write-mask Jinjie Ruan <ruanjinjie(a)huawei.com> mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Flag VDSO64 entry points as functions Levi Yun <yeoreum.yun(a)arm.com> trace/trace_event_perf: remove duplicate samples on the first tracepoint event Hangbin Liu <liuhangbin(a)gmail.com> wireguard: selftests: load nf_conntrack if not present Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in netpoll_poll_lock Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: fix use-after-free in device_for_each_child() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> driver core: Introduce device_find_any_child() helper Takashi Iwai <tiwai(a)suse.de> ALSA: 6fire: Release resources at card release Takashi Iwai <tiwai(a)suse.de> ALSA: caiaq: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: us122l: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: usx2y: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: usx2y: Cleanup probe and disconnect callbacks Takashi Iwai <tiwai(a)suse.de> ALSA: usx2y: Coding style fixes Takashi Iwai <tiwai(a)suse.de> ALSA: usx2y: Fix spaces Mingwei Zheng <zmw12306(a)gmail.com> net: rfkill: gpio: Add check for clk_enable() Yuan Can <yuancan(a)huawei.com> drm/amdkfd: Fix wrong usage of INIT_WORK() Paolo Abeni <pabeni(a)redhat.com> selftests: net: really check for bg process completion Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Fix sk_msg_reset_curr Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_pop_data Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_push_data Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap Liu Jian <liujian56(a)huawei.com> selftests, bpf: Add one test for sockmap with strparser Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix SENDPAGE data logic in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap Maurice Lambert <mauricelambert434(a)gmail.com> netlink: typographical error in nlmsg_type constants definition Zichen Xie <zichenxie0106(a)gmail.com> drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() Yuan Can <yuancan(a)huawei.com> wifi: wfx: Fix error handling in wfx_core_init() Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: hold GPU lock across perfmon sampling Doug Brown <doug(a)schmorgal.com> drm/etnaviv: fix power register offset on GC300 Marc Kleine-Budde <mkl(a)pengutronix.de> drm/etnaviv: dump: fix sparse warnings Xiaolei Wang <xiaolei.wang(a)windriver.com> drm/etnaviv: Request pages from DMA32 zone on addressing_limited Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: rework linear window offset calculation Jinjie Ruan <ruanjinjie(a)huawei.com> drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() Steven Price <steven.price(a)arm.com> drm/panfrost: Remove unused id_mask from struct panfrost_model Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Christina Jacob <cjacob(a)marvell.com> octeontx2-pf: ethtool fec mode support Felix Manlunas <fmanlunas(a)marvell.com> octeontx2-af: Add new CGX_CMD to get PHY FEC statistics Christina Jacob <cjacob(a)marvell.com> octeontx2-af: forward error correction configuration Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: Calculate LBK link instead of hardcoding Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Mbox changes for 98xx Matthias Schiffer <matthias.schiffer(a)tq-group.com> drm: fsl-dcu: enable PIXCLK on LS1021A Thomas Zimmermann <tzimmermann(a)suse.de> drm/fsl-dcu: Convert to Linux IRQ interfaces Alper Nebi Yasak <alpernebiyasak(a)gmail.com> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix msg_verify_data in test_sockmap Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: tc358767: Fix link properties discovery Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: copy addresses for both in and out paths Leon Romanovsky <leon(a)kernel.org> netdevsim: rely on XFRM state direction instead of flags Leon Romanovsky <leon(a)kernel.org> xfrm: store and rely on direction to construct offload flags Leon Romanovsky <leon(a)kernel.org> xfrm: rename xfrm_state_offload struct to allow reuse Yuan Chen <chenyuan(a)kylinos.cn> bpf: Fix the xdp_adjust_tail sample prog issue Macpaul Lin <macpaul.lin(a)mediatek.com> ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_micfil: fix regmap_write_bits usage Sascha Hauer <s.hauer(a)pengutronix.de> ASoC: fsl_micfil: use GENMASK to define register bit fields Sascha Hauer <s.hauer(a)pengutronix.de> ASoC: fsl_micfil: do not define SHIFT/MASK for single bits Sascha Hauer <s.hauer(a)pengutronix.de> ASoC: fsl_micfil: Drop unnecessary register read Igor Prusov <ivprusov(a)salutedevices.com> dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 Maíra Canal <mcanal(a)igalia.com> drm/v3d: Address race-condition in MMU flush Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix locking in omap_gem_new_dmabuf() Jeongjun Park <aha310510(a)gmail.com> wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Li Huafei <lihuafei1(a)huawei.com> media: atomisp: Add check for rgby_data memory allocation failure Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: atomisp: remove #ifdef HAS_NO_HMEM Luo Qiu <luoqiu(a)kylinsec.com.cn> firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Protect against array overrun during iMC config parsing Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> regmap: irq: Set lockdep class for hierarchical IRQ domains Zhang Zekun <zhangzekun11(a)huawei.com> pmdomain: ti-sci: Add missing of_node_put() for args.np Andre Przywara <andre.przywara(a)arm.com> ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Clark Wang <xiaoning.wang(a)nxp.com> pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Chen Ridong <chenridong(a)huawei.com> cgroup/bpf: only cgroup v2 can be attached by bpf programs Chen Ridong <chenridong(a)huawei.com> Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 Gregory Price <gourry(a)gourry.net> tpm: fix signed/unsigned bug when checking event logs Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mmc: mmc_spi: drop buggy snprintf() Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Jinjie Ruan <ruanjinjie(a)huawei.com> soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() Alexander Stein <alexander.stein(a)ew.tq-group.com> spi: spi-fsl-lpspi: downgrade log level for pio mode Mark Brown <broonie(a)kernel.org> clocksource/drivers:sp804: Make user selectable Arnd Bergmann <arnd(a)arndb.de> clkdev: remove CONFIG_CLKDEV_LOOKUP Marco Elver <elver(a)google.com> kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Miguel Ojeda <ojeda(a)kernel.org> time: Fix references to _msecs_to_jiffies() handling of values Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Chen Ridong <chenridong(a)huawei.com> crypto: bcm - add error check in the ahash_hmac_init function Chen Ridong <chenridong(a)huawei.com> crypto: caam - add error check to caam_rsa_set_priv_key_form Everest K.C <everestkc(a)everestkc.com.np> crypto: cavium - Fix the if condition to exit loop after timeout Yi Yang <yiyang13(a)huawei.com> crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Priyanka Singh <priyanka.singh(a)nxp.com> EDAC/fsl_ddr: Fix bad bit shift operations David Thompson <davthompson(a)nvidia.com> EDAC/bluefield: Fix potential integer overflow Yuan Can <yuancan(a)huawei.com> firmware: google: Unregister driver_info on failure Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: caam - Fix the pointer passed to caam_qi_shutdown() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> hfsplus: don't query the device logical block size multiple times Masahiro Yamada <masahiroy(a)kernel.org> s390/syscalls: Avoid creation of arch/arch/ directory Aleksandr Mishin <amishin(a)t-argos.ru> acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Masahiro Yamada <masahiroy(a)kernel.org> arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Reinstate early console Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: mvme16x: Add and use "mvme16x.h" Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Fix SCSI controller IRQ numbers Christoph Hellwig <hch(a)lst.de> nvme-pci: fix freeing of the HMB descriptor table David Disseldorp <ddiss(a)suse.de> initramfs: avoid filename buffer overrun Jonas Gorski <jonas.gorski(a)gmail.com> mips: asm: fix warning when disabling MIPS_FP_SUPPORT Josh Poimboeuf <jpoimboe(a)redhat.com> x86/xen/pvh: Annotate indirect branch as safe Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: mte: fix printf type warnings about longs Borislav Petkov (AMD) <bp(a)alien8.de> x86/barrier: Do not serialize MSR accesses on AMD Puranjay Mohan <pjy(a)amazon.com> nvme: fix metadata handling in nvme-passthrough Pali Rohár <pali(a)kernel.org> cifs: Fix buffer overflow when parsing NFS reparse points Ard Biesheuvel <ardb(a)kernel.org> x86/stackprotector: Work around strict Clang TLS symbol requirements Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Idle tasks on offline CPUs are in quiescent states Breno Leitao <leitao(a)debian.org> ipmr: Fix access to mfc_cache_list without lock held Eryk Zagorski <erykzagorski(a)gmail.com> ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry David Wang <00107082(a)163.com> proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: fix error in J1939 documentation. Mikhail Rudenko <mike.rudenko(a)gmail.com> regulator: rk808: Add apply_bit for BUCK3 on RK809 Charles Han <hanchunchao(a)inspur.com> soc: qcom: Add check devm_kasprintf() returned value Benoît Monin <benoit.monin(a)gmx.fr> net: usb: qmi_wwan: add Quectel RG650V Arnd Bergmann <arnd(a)arndb.de> x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Piyush Raj Chouhan <piyushchouhan1598(a)gmail.com> ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 Li Zhijian <lizhijian(a)fujitsu.com> selftests/watchdog-test: Fix system accidentally reset after watchdog-test Ben Greear <greearb(a)candelatech.com> mac80211: fix user-power when emulating chanctx Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: resolve faulty mmap_region() error path behaviour Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: unconditionally close VMAs on error Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: avoid unsafe VMA hook invocation when error arises on mmap hook Andrew Morton <akpm(a)linux-foundation.org> mm: revert "mm: shmem: fix data-race in shmem_getattr()" Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never decrement pending_async_copies on error Chuck Lever <chuck.lever(a)oracle.com> NFSD: Initialize struct nfsd4_copy earlier Chuck Lever <chuck.lever(a)oracle.com> NFSD: Limit the number of concurrent async COPY operations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Async COPY result needs to return a write verifier Dai Ngo <dai.ngo(a)oracle.com> NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Yang Yingliang <yangyingliang(a)huawei.com> mmc: core: fix return value check in devm_mmc_alloc_host() Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: Fix DSI command tx Aurelien Jarno <aurelien(a)aurel32.net> Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix UBSAN warning in ocfs2_verify_volume() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Sean Christopherson <seanjc(a)google.com> KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix PA offset with unaligned starting iotlb map Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: uncache inode which has failed entering the group Baoquan He <bhe(a)redhat.com> x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: kTLS, Fix incorrect page refcounting Mark Bloch <mbloch(a)nvidia.com> net/mlx5: fs, lock FTE when checking if active Jakub Kicinski <kuba(a)kernel.org> netlink: terminate outstanding dump on socket close Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-qcs404: fix initial rate of GPLL3 Michal Vokáč <michal.vokac(a)ysoft.com> leds: lp55xx: Remove redundant test for invalid channel number guoweikang <guoweikang.kernel(a)gmail.com> ftrace: Fix regression with module command in stack_trace_filter Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: Filter invalid inodes with missing lookup function Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Stop stream during unregister Gaosheng Cui <cuigaosheng1(a)huawei.com> media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() Jinjie Ruan <ruanjinjie(a)huawei.com> media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() Jinjie Ruan <ruanjinjie(a)huawei.com> media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled Li Zetao <lizetao1(a)huawei.com> media: ts2020: fix null-ptr-deref in ts2020_probe() Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: tc358743: Fix crash in the probe error path when using polling Dragan Simic <dsimic(a)manjaro.org> arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer ------------- Diffstat: Documentation/ABI/testing/sysfs-bus-pci | 11 + .../devicetree/bindings/clock/adi,axi-clkgen.yaml | 67 + .../devicetree/bindings/clock/axi-clkgen.txt | 25 - .../devicetree/bindings/serial/rs485.yaml | 19 +- .../devicetree/bindings/sound/mt6359.yaml | 10 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Documentation/filesystems/mount_api.rst | 3 +- Documentation/networking/j1939.rst | 2 +- Makefile | 4 +- arch/arm/Kconfig | 2 - arch/arm/boot/dts/sun9i-a80-cubieboard4.dts | 4 +- .../boot/dts/allwinner/sun50i-a64-pinephone.dtsi | 3 + arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi | 8 + .../boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 +- arch/arm64/include/asm/mman.h | 10 +- arch/arm64/kernel/process.c | 2 +- arch/arm64/kernel/ptrace.c | 6 +- arch/arm64/kernel/vmlinux.lds.S | 6 +- arch/arm64/kvm/pmu-emul.c | 1 - arch/arm64/kvm/vgic/vgic-its.c | 32 +- arch/arm64/kvm/vgic/vgic.h | 24 + arch/m68k/coldfire/device.c | 8 +- arch/m68k/include/asm/mcfgpio.h | 2 +- arch/m68k/include/asm/mvme147hw.h | 4 +- arch/m68k/kernel/early_printk.c | 9 +- arch/m68k/mvme147/config.c | 30 + arch/m68k/mvme147/mvme147.h | 6 + arch/m68k/mvme16x/config.c | 2 + arch/m68k/mvme16x/mvme16x.h | 6 + arch/mips/Kconfig | 3 - arch/mips/boot/dts/loongson/ls7a-pch.dtsi | 73 +- arch/mips/include/asm/switch_to.h | 2 +- arch/mips/pic32/Kconfig | 1 - arch/powerpc/include/asm/dtl.h | 4 +- arch/powerpc/include/asm/sstep.h | 5 - arch/powerpc/include/asm/vdso.h | 1 + arch/powerpc/kernel/prom_init.c | 29 +- arch/powerpc/kexec/file_load_64.c | 9 +- arch/powerpc/lib/sstep.c | 12 +- arch/powerpc/platforms/pseries/dtl.c | 8 +- arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/s390/kernel/perf_cpum_sf.c | 4 +- arch/s390/kernel/syscalls/Makefile | 2 +- arch/sh/Kconfig | 1 - arch/sh/kernel/cpu/proc.c | 2 +- arch/um/drivers/net_kern.c | 2 +- arch/um/drivers/ubd_kern.c | 2 +- arch/um/drivers/vector_kern.c | 3 +- arch/um/kernel/physmem.c | 6 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/sysrq.c | 2 +- arch/x86/Makefile | 3 +- arch/x86/crypto/aegis128-aesni-asm.S | 29 +- arch/x86/entry/entry.S | 15 + arch/x86/events/intel/pt.c | 11 +- arch/x86/events/intel/pt.h | 2 + arch/x86/include/asm/amd_nb.h | 5 +- arch/x86/include/asm/asm-prototypes.h | 3 + arch/x86/include/asm/barrier.h | 18 - arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/processor.h | 18 + arch/x86/kernel/cpu/amd.c | 3 + arch/x86/kernel/cpu/common.c | 9 + arch/x86/kernel/cpu/hygon.c | 3 + arch/x86/kernel/vmlinux.lds.S | 3 + arch/x86/kvm/vmx/vmx.c | 4 +- arch/x86/mm/ioremap.c | 6 +- arch/x86/platform/pvh/head.S | 2 + block/blk-mq.c | 6 + block/blk-mq.h | 13 + crypto/pcrypt.c | 12 +- drivers/acpi/arm64/gtdt.c | 2 +- drivers/base/bus.c | 2 + drivers/base/core.c | 20 + drivers/base/regmap/regmap-irq.c | 4 + drivers/base/regmap/regmap.c | 12 + drivers/bluetooth/btusb.c | 2 + drivers/clk/Kconfig | 6 +- drivers/clk/Makefile | 3 +- drivers/clk/clk-axi-clkgen.c | 26 +- drivers/clk/qcom/gcc-qcs404.c | 1 + drivers/clocksource/Kconfig | 9 +- drivers/cpufreq/loongson2_cpufreq.c | 4 +- drivers/crypto/bcm/cipher.c | 5 +- drivers/crypto/caam/caampkc.c | 11 +- drivers/crypto/caam/qi.c | 2 +- drivers/crypto/cavium/cpt/cptpf_main.c | 6 +- drivers/dma-buf/dma-fence-array.c | 28 +- drivers/edac/bluefield_edac.c | 2 +- drivers/edac/fsl_ddr_edac.c | 22 +- drivers/firmware/arm_scpi.c | 3 + drivers/firmware/efi/tpm.c | 17 +- drivers/firmware/google/gsmi.c | 6 +- drivers/gpio/gpio-grgpio.c | 26 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 5 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 14 + drivers/gpu/drm/bridge/tc358767.c | 7 + drivers/gpu/drm/bridge/tc358768.c | 21 +- drivers/gpu/drm/drm_mm.c | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 3 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 + drivers/gpu/drm/etnaviv/etnaviv_dump.c | 13 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 100 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.h | 21 + drivers/gpu/drm/fsl-dcu/Kconfig | 1 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 143 +- drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 3 + drivers/gpu/drm/imx/dcss/dcss-crtc.c | 6 +- drivers/gpu/drm/imx/ipuv3-crtc.c | 6 +- drivers/gpu/drm/mcde/mcde_drv.c | 1 + drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 2 +- drivers/gpu/drm/omapdrm/omap_gem.c | 10 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 - drivers/gpu/drm/radeon/r600_cs.c | 2 +- drivers/gpu/drm/sti/sti_mixer.c | 2 +- drivers/gpu/drm/v3d/v3d_mmu.c | 29 +- drivers/gpu/drm/vc4/vc4_hvs.c | 11 + drivers/hid/wacom_sys.c | 3 +- drivers/hid/wacom_wac.c | 4 +- drivers/i3c/master.c | 88 +- drivers/iio/adc/ad7780.c | 2 +- drivers/iio/light/al3010.c | 11 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 7 +- drivers/iommu/arm/arm-smmu/arm-smmu.c | 11 + drivers/leds/led-class.c | 14 +- drivers/leds/leds-lp55xx-common.c | 3 - drivers/md/bcache/super.c | 2 +- drivers/md/dm-thin.c | 1 + drivers/media/dvb-core/dvbdev.c | 15 +- drivers/media/dvb-frontends/ts2020.c | 8 +- drivers/media/i2c/adv7604.c | 5 +- drivers/media/i2c/adv7842.c | 13 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/platform/qcom/venus/core.c | 2 +- drivers/media/radio/wl128x/fmdrv_common.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 2 + drivers/media/usb/gspca/ov534.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 106 +- drivers/media/v4l2-core/v4l2-dv-timings.c | 132 +- drivers/message/fusion/mptsas.c | 4 +- drivers/mfd/da9052-spi.c | 2 +- drivers/mfd/intel_soc_pmic_bxtwc.c | 208 +- drivers/mfd/rt5033.c | 4 +- drivers/mfd/tps65010.c | 8 +- drivers/misc/apds990x.c | 12 +- drivers/misc/eeprom/eeprom_93cx6.c | 10 + drivers/mmc/core/bus.c | 2 + drivers/mmc/core/core.c | 3 + drivers/mmc/core/host.c | 6 +- drivers/mmc/host/Kconfig | 4 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/mmc_spi.c | 9 +- drivers/mmc/host/sdhci-pci-core.c | 72 + drivers/mmc/host/sdhci-pci.h | 1 + drivers/mtd/nand/raw/atmel/pmecc.c | 8 +- drivers/mtd/nand/raw/atmel/pmecc.h | 2 - drivers/mtd/ubi/attach.c | 12 +- drivers/mtd/ubi/wl.c | 9 +- drivers/net/can/sun4i_can.c | 22 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +- drivers/net/ethernet/broadcom/tg3.c | 3 + drivers/net/ethernet/freescale/fec_mpc52xx_phy.c | 2 +- .../net/ethernet/freescale/fs_enet/mii-bitbang.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 + drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 88 + drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 8 + .../net/ethernet/marvell/octeontx2/af/cgx_fw_if.h | 22 +- drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 86 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 85 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 4 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 65 + .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 4 + .../net/ethernet/marvell/octeontx2/af/rvu_reg.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_struct.h | 2 + .../ethernet/marvell/octeontx2/nic/otx2_common.c | 28 +- .../ethernet/marvell/octeontx2/nic/otx2_common.h | 8 + .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 170 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 3 + drivers/net/ethernet/marvell/pxa168_eth.c | 14 +- .../ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 19 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 4 +- drivers/net/ethernet/realtek/r8169_main.c | 14 +- drivers/net/ethernet/rocker/rocker_main.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 + drivers/net/geneve.c | 2 +- drivers/net/netdevsim/ipsec.c | 11 +- drivers/net/usb/lan78xx.c | 11 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/ath/ath10k/mac.c | 4 +- drivers/net/wireless/ath/ath5k/pci.c | 2 + drivers/net/wireless/ath/ath9k/htc_hst.c | 3 + .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 2 +- drivers/net/wireless/intel/ipw2x00/libipw_rx.c | 8 +- drivers/net/wireless/intersil/p54/p54spi.c | 4 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/main.c | 4 +- drivers/nvdimm/dax_devs.c | 4 +- drivers/nvdimm/nd.h | 7 + drivers/nvme/host/core.c | 7 +- drivers/nvme/host/pci.c | 16 +- drivers/pci/controller/dwc/pci-keystone.c | 11 + drivers/pci/controller/pcie-rockchip-ep.c | 18 +- drivers/pci/controller/pcie-rockchip.h | 4 + drivers/pci/hotplug/cpqphp_pci.c | 19 +- drivers/pci/pci-sysfs.c | 26 + drivers/pci/pci.c | 2 +- drivers/pci/pci.h | 1 + drivers/pci/quirks.c | 15 +- drivers/pci/slot.c | 4 +- drivers/pinctrl/freescale/Kconfig | 2 +- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 + drivers/platform/chrome/cros_ec_typec.c | 1 + drivers/platform/x86/intel_bxtwc_tmu.c | 22 +- drivers/power/supply/bq27xxx_battery.c | 72 +- drivers/power/supply/power_supply_core.c | 2 - drivers/ptp/ptp_clock.c | 3 +- drivers/pwm/pwm-imx27.c | 98 +- drivers/regulator/rk808-regulator.c | 2 + drivers/remoteproc/qcom_q6v5_mss.c | 3 + drivers/rpmsg/qcom_glink_native.c | 175 +- drivers/rtc/interface.c | 7 +- drivers/rtc/rtc-ab-eoz9.c | 7 - drivers/rtc/rtc-abx80x.c | 2 +- drivers/rtc/rtc-st-lpc.c | 5 +- drivers/scsi/bfa/bfad.c | 3 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 1 + drivers/scsi/qedf/qedf_main.c | 1 + drivers/scsi/qedi/qedi_main.c | 1 + drivers/scsi/qla2xxx/qla_attr.c | 1 + drivers/scsi/qla2xxx/qla_bsg.c | 10 - drivers/scsi/qla2xxx/qla_mid.c | 1 + drivers/scsi/qla2xxx/qla_os.c | 15 +- drivers/scsi/scsi_lib.c | 21 +- drivers/scsi/sd.c | 7 + drivers/scsi/st.c | 31 +- drivers/scsi/ufs/ufs-exynos.c | 16 +- drivers/sh/intc/core.c | 2 +- drivers/soc/qcom/qcom-geni-se.c | 3 +- drivers/soc/qcom/socinfo.c | 8 +- drivers/soc/ti/smartreflex.c | 4 +- drivers/soc/ti/ti_sci_pm_domains.c | 4 + drivers/spi/atmel-quadspi.c | 2 +- drivers/spi/spi-fsl-lpspi.c | 14 +- drivers/spi/spi-mpc52xx.c | 1 + drivers/spi/spi.c | 13 +- drivers/staging/board/Kconfig | 2 +- drivers/staging/comedi/comedi_fops.c | 12 + drivers/staging/greybus/uart.c | 3 - drivers/staging/media/allegro-dvt/allegro-core.c | 4 +- .../pci/isp/kernels/bh/bh_2/ia_css_bh.host.c | 2 - .../raw_aa_binning_1.0/ia_css_raa.host.c | 2 - .../pci/isp/kernels/s3a/s3a_1.0/ia_css_s3a.host.c | 5 - .../media/atomisp/pci/runtime/binary/src/binary.c | 4 - drivers/staging/media/atomisp/pci/sh_css_params.c | 12 +- drivers/staging/wfx/main.c | 17 +- drivers/tty/serial/8250/8250_omap.c | 4 +- drivers/tty/tty_ldisc.c | 2 +- drivers/usb/chipidea/udc.c | 2 +- drivers/usb/dwc3/gadget.c | 15 +- drivers/usb/gadget/composite.c | 18 +- drivers/usb/host/ehci-spear.c | 7 +- drivers/usb/host/xhci-dbgcap.c | 135 +- drivers/usb/host/xhci-dbgcap.h | 2 +- drivers/usb/misc/chaoskey.c | 35 +- drivers/usb/misc/iowarrior.c | 50 +- drivers/usb/misc/yurex.c | 5 +- drivers/usb/typec/tcpm/wcove.c | 4 - drivers/vdpa/mlx5/core/mr.c | 12 +- drivers/vfio/pci/vfio_pci_config.c | 16 +- drivers/video/fbdev/sh7760fb.c | 11 +- drivers/watchdog/iTCO_wdt.c | 21 +- drivers/watchdog/mtk_wdt.c | 6 + drivers/watchdog/rti_wdt.c | 3 +- drivers/xen/xenbus/xenbus_probe.c | 8 +- fs/btrfs/extent-tree.c | 1 - fs/btrfs/inode.c | 1 + fs/btrfs/ref-verify.c | 1 + fs/btrfs/volumes.c | 38 +- fs/cifs/smb2ops.c | 6 + fs/exfat/namei.c | 1 + fs/ext4/fsmap.c | 54 +- fs/ext4/mballoc.c | 18 +- fs/ext4/mballoc.h | 1 + fs/ext4/super.c | 8 +- fs/f2fs/f2fs.h | 2 +- fs/f2fs/file.c | 2 +- fs/f2fs/inode.c | 4 +- fs/f2fs/segment.c | 92 +- fs/f2fs/segment.h | 6 - fs/hfsplus/hfsplus_fs.h | 3 +- fs/hfsplus/wrapper.c | 2 + fs/jffs2/compr_rtime.c | 3 + fs/jffs2/erase.c | 7 +- fs/jfs/jfs_dmap.c | 6 + fs/jfs/jfs_dtree.c | 15 + fs/jfs/xattr.c | 2 +- fs/nfs/internal.h | 2 +- fs/nfs/nfs4proc.c | 8 +- fs/nfsd/export.c | 5 +- fs/nfsd/netns.h | 1 + fs/nfsd/nfs4callback.c | 16 +- fs/nfsd/nfs4proc.c | 43 +- fs/nfsd/nfs4recover.c | 3 +- fs/nfsd/nfs4state.c | 20 + fs/nfsd/xdr4.h | 1 + fs/nilfs2/btnode.c | 2 - fs/nilfs2/dir.c | 2 +- fs/nilfs2/gcinode.c | 4 +- fs/nilfs2/mdt.c | 1 - fs/nilfs2/page.c | 2 +- fs/notify/fsnotify.c | 23 +- fs/ocfs2/aops.h | 2 + fs/ocfs2/dlmglue.c | 1 + fs/ocfs2/file.c | 4 + fs/ocfs2/localalloc.c | 19 - fs/ocfs2/namei.c | 4 +- fs/ocfs2/resize.c | 2 + fs/ocfs2/super.c | 13 +- fs/overlayfs/util.c | 3 + fs/proc/softirqs.c | 2 +- fs/quota/dquot.c | 2 + fs/ubifs/super.c | 6 +- fs/ubifs/tnc_commit.c | 2 + fs/unicode/mkutf8data.c | 70 + fs/unicode/utf8data.h_shipped | 6703 ++++++++++---------- include/linux/blkdev.h | 2 +- include/linux/device.h | 2 + include/linux/eeprom_93cx6.h | 11 + include/linux/i3c/master.h | 9 +- include/linux/jiffies.h | 2 +- include/linux/leds.h | 2 +- include/linux/lockdep.h | 2 +- include/linux/mman.h | 7 +- include/linux/netdev_features.h | 4 +- include/linux/netpoll.h | 2 +- include/linux/seqlock.h | 12 +- include/linux/sunrpc/clnt.h | 3 +- include/linux/sunrpc/xprtsock.h | 1 + include/linux/util_macros.h | 56 +- include/media/v4l2-dv-timings.h | 18 +- include/net/xfrm.h | 16 +- include/uapi/linux/rtnetlink.h | 2 +- init/initramfs.c | 15 + kernel/bpf/devmap.c | 6 +- kernel/bpf/lpm_trie.c | 27 +- kernel/cgroup/cgroup.c | 21 +- kernel/dma/debug.c | 8 +- kernel/kcsan/debugfs.c | 74 +- kernel/rcu/tasks.h | 2 +- kernel/sched/core.c | 6 +- kernel/sched/fair.c | 113 +- kernel/sched/idle.c | 6 + kernel/sched/sched.h | 15 +- kernel/time/time.c | 2 +- kernel/trace/ftrace.c | 3 + kernel/trace/trace_clock.c | 2 +- kernel/trace/trace_event_perf.c | 6 + kernel/trace/tracing_map.c | 6 +- lib/string_helpers.c | 2 +- mm/internal.h | 19 + mm/mmap.c | 82 +- mm/nommu.c | 9 +- mm/shmem.c | 5 - mm/util.c | 33 + net/9p/trans_xen.c | 9 +- net/bluetooth/hci_sysfs.c | 15 +- net/bluetooth/l2cap_sock.c | 1 + net/bluetooth/rfcomm/sock.c | 10 +- net/can/af_can.c | 1 + net/can/j1939/transport.c | 2 +- net/core/filter.c | 88 +- net/core/neighbour.c | 1 + net/core/netpoll.c | 2 +- net/dccp/feat.c | 6 +- net/ethtool/bitset.c | 48 +- net/ethtool/common.c | 1 + net/hsr/hsr_device.c | 4 +- net/hsr/hsr_forward.c | 2 + net/ieee802154/socket.c | 12 +- net/ipv4/af_inet.c | 22 +- net/ipv4/ipmr.c | 50 +- net/ipv4/ipmr_base.c | 3 +- net/ipv4/tcp_bpf.c | 11 +- net/ipv6/af_inet6.c | 22 +- net/ipv6/ip6mr.c | 8 +- net/ipv6/route.c | 6 +- net/mac80211/main.c | 2 + net/netfilter/ipset/ip_set_bitmap_ip.c | 7 +- net/netfilter/ipset/ip_set_core.c | 5 + net/netfilter/ipvs/ip_vs_proto.c | 4 +- net/netfilter/nft_set_hash.c | 16 + net/netfilter/xt_LED.c | 4 +- net/netlink/af_netlink.c | 31 +- net/netlink/af_netlink.h | 2 - net/packet/af_packet.c | 12 +- net/rfkill/rfkill-gpio.c | 8 +- net/sched/cls_flower.c | 5 +- net/sched/sch_cbs.c | 2 +- net/sched/sch_tbf.c | 18 +- net/sunrpc/auth_gss/gss_rpc_upcall.c | 2 +- net/sunrpc/cache.c | 4 +- net/sunrpc/clnt.c | 53 +- net/sunrpc/debugfs.c | 2 +- net/sunrpc/rpc_pipe.c | 2 +- net/sunrpc/xprtsock.c | 29 +- net/tipc/udp_media.c | 2 +- net/xfrm/xfrm_device.c | 10 +- net/xfrm/xfrm_state.c | 4 +- net/xfrm/xfrm_user.c | 5 +- samples/bpf/test_cgrp2_sock.c | 4 +- samples/bpf/xdp_adjust_tail_kern.c | 1 + scripts/mod/file2alias.c | 5 +- scripts/mod/modpost.c | 2 +- security/apparmor/capability.c | 2 + security/apparmor/policy_unpack_test.c | 6 + sound/pci/hda/patch_realtek.c | 166 +- sound/soc/codecs/da7219.c | 9 +- sound/soc/codecs/hdmi-codec.c | 144 +- sound/soc/dwc/Kconfig | 2 +- sound/soc/fsl/fsl_micfil.c | 74 +- sound/soc/fsl/fsl_micfil.h | 270 +- sound/soc/intel/boards/bytcr_rt5640.c | 15 + sound/soc/rockchip/Kconfig | 14 +- sound/soc/stm/stm32_sai_sub.c | 6 +- sound/usb/6fire/chip.c | 10 +- sound/usb/caiaq/audio.c | 10 +- sound/usb/caiaq/audio.h | 1 + sound/usb/caiaq/device.c | 19 +- sound/usb/caiaq/input.c | 12 +- sound/usb/caiaq/input.h | 1 + sound/usb/clock.c | 32 +- sound/usb/mixer_maps.c | 10 + sound/usb/quirks-table.h | 14 +- sound/usb/quirks.c | 19 +- sound/usb/usx2y/us122l.c | 66 +- sound/usb/usx2y/us122l.h | 2 +- sound/usb/usx2y/usX2Yhwdep.c | 84 +- sound/usb/usx2y/usX2Yhwdep.h | 2 +- sound/usb/usx2y/usb_stream.c | 75 +- sound/usb/usx2y/usb_stream.h | 23 +- sound/usb/usx2y/usbus428ctldefs.h | 18 +- sound/usb/usx2y/usbusx2y.c | 227 +- sound/usb/usx2y/usbusx2y.h | 8 +- sound/usb/usx2y/usbusx2yaudio.c | 344 +- sound/usb/usx2y/usx2yhwdeppcm.c | 305 +- tools/perf/builtin-trace.c | 16 +- tools/perf/util/cs-etm.c | 25 +- tools/perf/util/probe-finder.c | 21 +- tools/perf/util/probe-finder.h | 4 +- .../selftests/arm64/mte/check_tags_inclusion.c | 4 +- tools/testing/selftests/arm64/pauth/pac.c | 3 + tools/testing/selftests/bpf/test_sockmap.c | 194 +- tools/testing/selftests/net/pmtu.sh | 2 +- tools/testing/selftests/resctrl/resctrl_val.c | 3 +- tools/testing/selftests/vDSO/parse_vdso.c | 3 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + tools/testing/selftests/wireguard/netns.sh | 1 + 466 files changed, 8576 insertions(+), 6114 deletions(-)

6 months

10
471
0 0

Fwd: [PATCH] drm/amdgpu: Make the submission path memory reclaim safe

by Christian König

Sending it out to the mailing lists once more because AMD mail servers tried to convert it to HTML :( Am 17.12.24 um 01:26 schrieb Matthew Brost: > On Fri, Nov 22, 2024 at 02:36:59PM +0000, Tvrtko Ursulin wrote: >> [SNIP] >>>>>> Do we have system wide workqueues for that? It seems a bit >>>>>> overkill that amdgpu has to allocate one on his own. >>>>> I wondered the same but did not find any. Only ones I am aware >>>>> of are system_wq&co created in workqueue_init_early(). >>>> Gentle ping on this. I don't have any better ideas that creating a >>>> new wq. >>> It took me a moment to realize, but I now think this warning message is >>> a false positive. >>> >>> What happens is that the code calls cancel_delayed_work_sync(). >>> >>> If the work item never run because of lack of memory then it can just be >>> canceled. >>> >>> If the work item is running then we will block for it to finish. >>> > Apologies for the late reply. Alex responded to another thread and CC'd > me, which reminded me to reply here. > > The execution of the non-reclaim worker could have led to a few scenarios: > > - It might have triggered reclaim through its own memory allocation. That is unrelated and has nothing todo with WQ_MEM_RECLAIM. What we should do is to make sure that the lockdep annotation covers all workers who play a role in fence signaling. > - It could have been running and then context-switched out, with reclaim > being triggered elsewhere in the mean time, pausing the execution of > the non-reclaim worker. As far as I know non-reclaim workers are not paused because a reclaim worker is running, that would be really new to me. What happens is that here (from workqueue.c): * Workqueue rescuer thread function. There's one rescuer for each * workqueue which has WQ_MEM_RECLAIM set. * * Regular work processing on a pool may block trying to create a new * worker which uses GFP_KERNEL allocation which has slight chance of * developing into deadlock if some works currently on the same queue * need to be processed to satisfy the GFP_KERNEL allocation. This is * the problem rescuer solves. > In either case, during reclaim, if you wait on a DMA fence that depends > on the DRM scheduler worker,and that worker attempts to flush the above > non-reclaim worker, it will result in a deadlock. Well that is only partially correct. It's true that the worker we wait for can't wait for DMA-fence or do memory allocations who wait for DMA-fences. But WQ_MEM_RECLAIM is not related to any DMA fence annotation. What happens instead is that the kernel always keeps a kernel thread pre-allocated so that it can guarantee that the worker can start without allocating memory. As soon as the worker runs there shouldn't be any difference in the handling as far as I know. > The annotation appears correct to me, and I believe Tvrtko's patch is > indeed accurate. For what it's worth, we encountered several similar > bugs in Xe that emerged once we added the correct work queue > annotations. I think you mean something different. This is the lockdep annotation for the workers and not WQ_MEM_RECLAIM. Regards, Christian. >>> There is no need to use WQ_MEM_RECLAIM for the workqueue or do I miss >>> something? >>> >>> If I'm not completely mistaken you stumbled over a bug in the warning >>> code instead :) >> Hmm your thinking sounds convincing. >> >> Adding Tejun if he has time to help brainstorm this. >> > Tejun could likely provide insight into whether my above assessment is > correct. > Matt > >> Question is - does check_flush_dependency() need to skip the !WQ_MEM_RECLAIM >> flushing WQ_MEM_RECLAIM warning *if* the work is already running *and* it >> was called from cancel_delayed_work_sync()? >> >> Regards, >> >> Tvrtko >> >>>>>> Apart from that looks good to me. >>>>>> >>>>>> Regards, >>>>>> Christian. >>>>>> >>>>>>> Signed-off-by: Tvrtko Ursulin<tvrtko.ursulin(a)igalia.com> >>>>>>> References: 746ae46c1113 ("drm/sched: Mark scheduler >>>>>>> work queues with WQ_MEM_RECLAIM") >>>>>>> Fixes: a6149f039369 ("drm/sched: Convert drm scheduler >>>>>>> to use a work queue rather than kthread") >>>>>>> Cc:stable@vger.kernel.org >>>>>>> Cc: Matthew Brost<matthew.brost(a)intel.com> >>>>>>> Cc: Danilo Krummrich<dakr(a)kernel.org> >>>>>>> Cc: Philipp Stanner<pstanner(a)redhat.com> >>>>>>> Cc: Alex Deucher<alexander.deucher(a)amd.com> >>>>>>> Cc: Christian König<christian.koenig(a)amd.com> >>>>>>> --- >>>>>>> drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 ++ >>>>>>> drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 25 >>>>>>> +++++++++++++++++++++++++ >>>>>>> drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 5 +++-- >>>>>>> 3 files changed, 30 insertions(+), 2 deletions(-) >>>>>>> >>>>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h >>>>>>> b/drivers/gpu/drm/amd/amdgpu/amdgpu.h >>>>>>> index 7645e498faa4..a6aad687537e 100644 >>>>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h >>>>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h >>>>>>> @@ -268,6 +268,8 @@ extern int amdgpu_agp; >>>>>>> extern int amdgpu_wbrf; >>>>>>> +extern struct workqueue_struct *amdgpu_reclaim_wq; >>>>>>> + >>>>>>> #define AMDGPU_VM_MAX_NUM_CTX 4096 >>>>>>> #define AMDGPU_SG_THRESHOLD (256*1024*1024) >>>>>>> #define AMDGPU_WAIT_IDLE_TIMEOUT_IN_MS 3000 >>>>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c >>>>>>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c >>>>>>> index 38686203bea6..f5b7172e8042 100644 >>>>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c >>>>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c >>>>>>> @@ -255,6 +255,8 @@ struct amdgpu_watchdog_timer >>>>>>> amdgpu_watchdog_timer = { >>>>>>> .period = 0x0, /* default to 0x0 (timeout disable) */ >>>>>>> }; >>>>>>> +struct workqueue_struct *amdgpu_reclaim_wq; >>>>>>> + >>>>>>> /** >>>>>>> * DOC: vramlimit (int) >>>>>>> * Restrict the total amount of VRAM in MiB for >>>>>>> testing. The default is 0 (Use full VRAM). >>>>>>> @@ -2971,6 +2973,21 @@ static struct pci_driver >>>>>>> amdgpu_kms_pci_driver = { >>>>>>> .dev_groups = amdgpu_sysfs_groups, >>>>>>> }; >>>>>>> +static int amdgpu_wq_init(void) >>>>>>> +{ >>>>>>> + amdgpu_reclaim_wq = >>>>>>> + alloc_workqueue("amdgpu-reclaim", WQ_MEM_RECLAIM, 0); >>>>>>> + if (!amdgpu_reclaim_wq) >>>>>>> + return -ENOMEM; >>>>>>> + >>>>>>> + return 0; >>>>>>> +} >>>>>>> + >>>>>>> +static void amdgpu_wq_fini(void) >>>>>>> +{ >>>>>>> + destroy_workqueue(amdgpu_reclaim_wq); >>>>>>> +} >>>>>>> + >>>>>>> static int __init amdgpu_init(void) >>>>>>> { >>>>>>> int r; >>>>>>> @@ -2978,6 +2995,10 @@ static int __init amdgpu_init(void) >>>>>>> if (drm_firmware_drivers_only()) >>>>>>> return -EINVAL; >>>>>>> + r = amdgpu_wq_init(); >>>>>>> + if (r) >>>>>>> + goto error_wq; >>>>>>> + >>>>>>> r = amdgpu_sync_init(); >>>>>>> if (r) >>>>>>> goto error_sync; >>>>>>> @@ -3006,6 +3027,9 @@ static int __init amdgpu_init(void) >>>>>>> amdgpu_sync_fini(); >>>>>>> error_sync: >>>>>>> + amdgpu_wq_fini(); >>>>>>> + >>>>>>> +error_wq: >>>>>>> return r; >>>>>>> } >>>>>>> @@ -3017,6 +3041,7 @@ static void __exit amdgpu_exit(void) >>>>>>> amdgpu_acpi_release(); >>>>>>> amdgpu_sync_fini(); >>>>>>> amdgpu_fence_slab_fini(); >>>>>>> + amdgpu_wq_fini(); >>>>>>> mmu_notifier_synchronize(); >>>>>>> amdgpu_xcp_drv_release(); >>>>>>> } >>>>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c >>>>>>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c >>>>>>> index 2f3f09dfb1fd..f8fd71d9382f 100644 >>>>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c >>>>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c >>>>>>> @@ -790,8 +790,9 @@ void amdgpu_gfx_off_ctrl(struct >>>>>>> amdgpu_device *adev, bool enable) >>>>>>> AMD_IP_BLOCK_TYPE_GFX, true)) >>>>>>> adev->gfx.gfx_off_state = true; >>>>>>> } else { >>>>>>> - schedule_delayed_work(&adev->gfx.gfx_off_delay_work, >>>>>>> - delay); >>>>>>> + queue_delayed_work(amdgpu_reclaim_wq, >>>>>>> + &adev->gfx.gfx_off_delay_work, >>>>>>> + delay); >>>>>>> } >>>>>>> } >>>>>>> } else {

6 months

1
0
0 0

[PATCH 5.15 000/565] 5.15.174-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.174 release. There are 565 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 14 Dec 2024 14:41:35 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.174-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.174-rc1 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix calling mgmt_device_connected Karsten Graul <kgraul(a)linux.ibm.com> net/smc: Fix af_ops of child socket pointing to released memory Ameer Hamza <amhamza.mgc(a)gmail.com> media: venus: vdec: fixed possible memory leak issue Arnd Bergmann <arnd(a)arndb.de> serial: amba-pl011: fix build regression Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: rework resume handling for display (v2) Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX Tristram Ha <Tristram.Ha(a)microchip.com> net: dsa: microchip: correct KSZ8795 static MAC table access Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix uaf in l2cap_connect Mark Rutland <mark.rutland(a)arm.com> arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint Mark Brown <broonie(a)kernel.org> arm64/sve: Discard stale CPU state when handling SVE traps Ziwei Xiao <ziweixiao(a)google.com> gve: Fixes for napi_poll when budget is 0 Damien Le Moal <damien.lemoal(a)wdc.com> scsi: core: Fix scsi_mode_select() buffer length handling Zhang Zekun <zhangzekun11(a)huawei.com> Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" Willem de Bruijn <willemb(a)google.com> fou: remove warn in gue_gro_receive on unsupported protocol Stefan Berger <stefanb(a)linux.ibm.com> ima: Fix use-after-free on a dentry's dname.name Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - inject error before stopping queue Heming Zhao <heming.zhao(a)suse.com> ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check BIOS images before it is used Andy-ld Lu <andy-ld.lu(a)mediatek.com> mmc: mtk-sd: Fix error handle of probe function Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Fix STALL transfer event handling Zheng Yejian <zhengyejian(a)huaweicloud.com> mm/damon/vaddr: fix issue in damon_va_evenly_split_region() SeongJae Park <sj(a)kernel.org> mm/damon/vaddr-test: split a test function having >1024 bytes frame size Richard Weinberger <richard(a)nod.at> jffs2: Fix rtime decompressor Kinsey Moore <kinsey.moore(a)oarcorp.com> jffs2: Prevent rtime decompress memory corruption Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Jing Zhang <jingzhangos(a)google.com> KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Linus Torvalds <torvalds(a)linux-foundation.org> Revert "unicode: Don't special case ignorable code points" Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/eprobe: Fix to release eprobe when failed to add dyn_event Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing snapshot drew unlock when root is dead during swap activation K Prateek Nayak <kprateek.nayak(a)amd.com> sched/core: Prevent wakeup of ksoftirqd during idle load balance K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy Valentin Schneider <valentin.schneider(a)arm.com> sched/fair: Add NOHZ balancer flag for nohz.next_balance updates K Prateek Nayak <kprateek.nayak(a)amd.com> sched/core: Remove the unnecessary need_resched() check in nohz_csd_func() Thomas Gleixner <tglx(a)linutronix.de> modpost: Add .irqentry.text to OTHER_SECTIONS Nathan Chancellor <nathan(a)kernel.org> modpost: Include '.text.*' in TEXT_SECTIONS Parker Newman <pnewman(a)connecttech.com> misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle Michael Ellerman <mpe(a)ellerman.id.au> powerpc/prom_init: Fixup missing powermac #size-cells Xi Ruoyao <xry111(a)xry111.site> MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: handle USB Error Interrupt if IOC not set Defa Li <defa.li(a)mediatek.com> i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock Mengyuan Lou <mengyuanlou(a)net-swift.com> PCI: Add ACS quirk for Wangxun FF5xxx NICs Keith Busch <kbusch(a)kernel.org> PCI: Add 'reset_subordinate' to reset hierarchy below bridge Esther Shimanovich <eshimanovich(a)chromium.org> PCI: Detect and trust built-in Thunderbolt chips Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request Qi Han <hanqi(a)vivo.com> f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. Yi Yang <yiyang13(a)huawei.com> nvdimm: rectify the illogical code within nd_dax_probe() Barnabás Czémán <barnabas.czeman(a)mainlining.org> pinctrl: qcom-pmic-gpio: add support for PM8937 Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't modify unknown block number in MTIOCGET Mukesh Ojha <quic_mojha(a)quicinc.com> leds: class: Protect brightness_show() with led_cdev->led_access mutex Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Add cond_resched() for no forced preemption model Uros Bizjak <ubizjak(a)gmail.com> tracing: Use atomic64_inc_return() in trace_clock_counter() Esben Haabendal <esben(a)geanix.com> pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in __netpoll_setup Jakub Kicinski <kuba(a)kernel.org> net/neighbor: clear error in case strict check is not set Dmitry Antipov <dmantipov(a)yandex.ru> rocker: fix link status detection in rocker_carrier_init() Jonas Karlman <jonas(a)kwiboo.se> ASoC: hdmi-codec: reorder channel allocation list Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet Norbert van Bolhuis <nvbolhuis(a)gmail.com> wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> wifi: ipw2x00: libipw_rx_any(): fix bad alignment Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: set the right AMDGPU sg segment limitation Victor Zhao <Victor.Zhao(a)amd.com> drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov Nihar Chaithanya <niharchaithanya(a)gmail.com> jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: fix array-index-out-of-bounds in jfs_readdir Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: fix shift-out-of-bounds in dbSplit Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: array-index-out-of-bounds fix in dtReadFirst Levi Yun <yeoreum.yun(a)arm.com> dma-debug: fix a possible deadlock on radix_lock Lang Yu <lang.yu(a)amd.com> drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: Dereference the ATCS ACPI buffer Victor Lu <victorchengchi.lu(a)amd.com> drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih Manikandan Muralidharan <manikandan.m(a)microchip.com> drm/panel: simple: Add Microchip AC69T88A LVDS Display panel Rosen Penev <rosenp(a)gmail.com> wifi: ath5k: add PCI ID for Arcadyan devices Rosen Penev <rosenp(a)gmail.com> wifi: ath5k: add PCI ID for SX76X Ignat Korchagin <ignat(a)cloudflare.com> net: inet6: do not leave a dangling sk pointer in inet6_create() Ignat Korchagin <ignat(a)cloudflare.com> net: inet: do not leave a dangling sk pointer in inet_create() Ignat Korchagin <ignat(a)cloudflare.com> net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() Ignat Korchagin <ignat(a)cloudflare.com> net: af_can: do not leave a dangling sk pointer in can_create() Ignat Korchagin <ignat(a)cloudflare.com> Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() Ignat Korchagin <ignat(a)cloudflare.com> af_packet: avoid erroring out after sock_init_data() in packet_create() Elena Salomatkina <esalomatkina(a)ispras.ru> net/sched: cbs: Fix integer overflow in cbs_set_port_rate() Simon Horman <horms(a)kernel.org> net: ethernet: fs_enet: Use %pa to format resource_size_t Simon Horman <horms(a)kernel.org> net: fec_mpc52xx_phy: Use %pa to format resource_size_t Zhu Jun <zhujun2(a)cmss.chinamobile.com> samples/bpf: Fix a resource leak Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't apply UDP padding quirk on RTL8126A Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() Liao Chen <liaochen4(a)huawei.com> drm/mcde: Enable module autoloading Joaquín Ignacio Aramendía <samsagax(a)gmail.com> drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Set AXI panic modes for the HVS Marek Vasut <marex(a)denx.de> soc: imx8m: Probe the SoC driver as platform driver Rohan Barar <rohan.barar(a)gmail.com> media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 David Given <dg(a)cowlark.com> media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera Marco Elver <elver(a)google.com> kcsan: Turn report_filterlist_lock into a raw_spinlock Mark Brown <broonie(a)kernel.org> kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all() Qu Wenruo <wqu(a)suse.com> btrfs: avoid unnecessary device path update for the same device Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Handle CPU hotplug remove during sampling Christian Brauner <brauner(a)kernel.org> epoll: annotate racy check Pratyush Brahma <quic_pbrahma(a)quicinc.com> iommu/arm-smmu: Defer probe of clients after smmu device bound Wengang Wang <wen.gang.wang(a)oracle.com> ocfs2: update seq_file index in ocfs2_dlm_seq_next Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Further prevent card detect during shutdown Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet Cosmin Tanislav <demonsingur(a)gmail.com> regmap: detach regmap from dev on regmap_exit Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: fix OOB map writes when deleting elements Christian König <christian.koenig(a)amd.com> dma-buf: fix dma_fence_array_signaled v4 Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> bpf: fix OOB devmap writes when deleting elements Liequan Che <cheliequan(a)inspur.com> bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Gwendal Grignou <gwendal(a)chromium.org> scsi: ufs: core: sysfs: Prevent div by zero Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix use after free on unload Anil Gurumurthy <agurumurthy(a)marvell.com> scsi: qla2xxx: Supported speed displayed incorrectly for VPorts Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix NVMe and NPIV connect issue Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix abort in bsg timeout Sahas Leelodharry <sahas.leelodharry(a)mail.mcgill.ca> ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 Marie Ramlow <me(a)nycode.dev> ALSA: usb-audio: add mixer mapping for Corsair HS80 Mark Rutland <mark.rutland(a)arm.com> arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Kuan-Wei Chiu <visitorckw(a)gmail.com> tracing: Fix cmp_entries_dup() to respect sort() comparison rules Marc Kleine-Budde <mkl(a)pengutronix.de> can: dev: can_set_termination(): allow sleeping GPIOs Alexander Sverdlin <alexander.sverdlin(a)siemens.com> watchdog: rti: of: honor timeout-sec property WangYuli <wangyuli(a)uniontech.com> HID: wacom: fix when get product name maybe null pointer Hou Tao <houtao1(a)huawei.com> bpf: Fix exact match conditions in trie_get_next_key() Hou Tao <houtao1(a)huawei.com> bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> ocfs2: free inode when ocfs2_get_init_inode() fails Maíra Canal <mcanal(a)igalia.com> drm/v3d: Enable Performance Counters before clearing them Pei Xiao <xiaopei01(a)kylinos.cn> spi: mpc52xx: Add cancel_work_sync before module remove Björn Töpel <bjorn(a)rivosinc.com> tools: Override makefile ARCH variable if defined, but empty Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Notify xrun for low-latency mode Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Avoid reference to status->state Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Add more disconnection checks at file ops Zijian Zhang <zijianzhang(a)bytedance.com> tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg Pei Xiao <xiaopei01(a)kylinos.cn> drm/sti: Add __iomem for mixer_dbg_mxn's parameter Amir Mohammadi <amirmohammadi1999.am(a)gmail.com> bpftool: fix potential NULL pointer dereferencing in prog_dump() Quentin Monnet <quentin(a)isovalent.com> bpftool: Remove asserts from JIT disassembler Kartik Rajput <kkartik(a)nvidia.com> serial: amba-pl011: Fix RX stall when DMA is used Thomas Gleixner <tglx(a)linutronix.de> serial: amba-pl011: Use port lock wrappers Michal Simek <michal.simek(a)amd.com> dt-bindings: serial: rs485: Fix rs485-rts-delay property Lino Sanfilippo <l.sanfilippo(a)kunbus.com> dt_bindings: rs485: Correct delay values Charles Han <hanchunchao(a)inspur.com> gpio: grgpio: Add NULL check in grgpio_probe Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: grgpio: use a helper variable to store the address of ofdev->dev Eric Dumazet <edumazet(a)google.com> geneve: do not assume mac header is set in geneve_xmit_skb() Kory Maincent <kory.maincent(a)bootlin.com> ethtool: Fix wrong mod state in case of verbose and no_mask bitset Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: skip duplicated elements pending gc run Phil Sutter <phil(a)nwl.cc> netfilter: ipset: Hold module reference while requesting a module Xin Long <lucien.xin(a)gmail.com> net: sched: fix erspan_opt settings in cls_flower Yuan Can <yuancan(a)huawei.com> igb: Fix potential invalid memory access in igb_init_module() Louis Leseur <louis.leseur(a)gmail.com> net/qed: allow old cards not supporting "num_images" to work Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix LGR and link use-after-free issue D. Wythe <alibuda(a)linux.alibaba.com> net/smc: Limit backlog connections Kuniyuki Iwashima <kuniyu(a)amazon.com> tipc: Fix use-after-free of kernel socket in cleanup_bearer(). Ivan Solodovnikov <solodovnikov.ia(a)phystech.edu> dccp: Fix memory leak in dccp_feat_change_recv Jiri Wiesner <jwiesner(a)suse.de> net/ipv6: release expired exception dst cached in socket Dmitry Antipov <dmantipov(a)yandex.ru> can: j1939: j1939_session_new(): fix skb reference counting Eric Dumazet <edumazet(a)google.com> net: hsr: avoid potential out-of-bound access in fill_frame_info() Martin Ottens <martin.ottens(a)fau.de> net/sched: tbf: correct backlog statistic for GSO packets Ajay Kaher <ajay.kaher(a)broadcom.com> ptp: Add error handling for adjfine callback in ptp_clock_adjtime Dmitry Antipov <dmantipov(a)yandex.ru> netfilter: x_tables: fix LED ID check in led_tg_check() Jinghao Jia <jinghao7(a)illinois.edu> ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: do not increase rx statistics when generating a CAN rx error message frame Stephane Grosjean <s.grosjean(a)peak-system.com> can: peak_usb: CANFD: store 64-bits hw timestamps Yassine Oudjana <y.oudjana(a)protonmail.com> watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() Oleksandr Ocheretnyi <oocheret(a)cisco.com> iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: flush shader L1 cache after user commandstream Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check Josef Bacik <josef(a)toxicpanda.com> btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() Yang Erkun <yangerkun(a)huawei.com> nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur Yang Erkun <yangerkun(a)huawei.com> nfsd: make sure exp active before svc_export_show Damien Le Moal <dlemoal(a)kernel.org> PCI: rockchip-ep: Fix address translation unit programming Yuan Can <yuancan(a)huawei.com> dm thin: Add missing destroy_work_on_stack() Oleksandr Tymoshenko <ovt(a)google.com> ovl: properly handle large files in ovl_security_fileattr Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add link up check to ks_pcie_other_map_bus() Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Fix hibern8 notify callbacks Alexandru Ardelean <aardelean(a)baylibre.com> util_macros.h: fix/rework find_closest() macros Vasily Gorbik <gor(a)linux.ibm.com> s390/entry: Mark IRQ entries to fix stack depot warnings Zicheng Qu <quzicheng(a)huawei.com> ad7780: fix division by zero in ad7780_write_raw() Filipe Manana <fdmanana(a)suse.com> btrfs: ref-verify: fix use-after-free after invalid ref action Lizhi Xu <lizhi.xu(a)windriver.com> btrfs: add a sanity check for btrfs root in btrfs_search_slot() ChenXiaoSong <chenxiaosong2(a)huawei.com> btrfs: add might_sleep() annotations Ojaswin Mujoo <ojaswin(a)linux.ibm.com> quota: flush quota_release_work upon quota writeback Long Li <leo.lilong(a)huawei.com> xfs: remove unknown compat feature check in superblock write validation Darrick J. Wong <djwong(a)kernel.org> xfs: fix log recovery when unknown rocompat bits are set Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_micfil: fix the naming style for mask definition Dan Carpenter <dan.carpenter(a)linaro.org> sh: intc: Fix use-after-free bug in register_intc_controller() Liu Jian <liujian56(a)huawei.com> sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE Thiago Rafael Becker <trbecker(a)gmail.com> sunrpc: remove unnecessary test in rpc_task_set_client() Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when mounting nfs Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove incorrect code in do_eisa_entry() Maxime Chevallier <maxime.chevallier(a)bootlin.com> rtc: ab-eoz9: don't fail temperature reads on undervoltage notification Alex Zenla <alex(a)edera.dev> 9p/xen: fix release of IRQ Alex Zenla <alex(a)edera.dev> 9p/xen: fix init sequence Christoph Hellwig <hch(a)lst.de> block: return unsigned int from bdev_io_min Qingfang Deng <qingfang.deng(a)siflower.com.cn> jffs2: fix use of uninitialized variable Waqar Hameed <waqar.hameed(a)axis.com> ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix duplicate slab cache names while attaching Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Correct the total block count by deducting journal reservation Yongliang Gao <leonylgao(a)tencent.com> rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Nobuhiro Iwamatsu <iwamatsu(a)nigauri.org> rtc: abx80x: Fix WDT bit position of the status register Jinjie Ruan <ruanjinjie(a)huawei.com> rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.0: Fix a use-after-free problem in the asynchronous open() Tiwei Bie <tiwei.btw(a)antgroup.com> um: Always dump trace for specified task in show_stack Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the return value of elf_core_copy_task_fpregs Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix potential integer overflow during physmem setup Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Propagate TX failures in intentless mode as well Yang Erkun <yangerkun(a)huawei.com> SUNRPC: make sure cache entry active before cache_show Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent a potential integer overflow Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> lib: string_helpers: silence snprintf() output truncation warning Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix looping of queued SG entries Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix checking for number of TRBs left Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Apply quirk for Medion E15433 Dinesh Kumar <desikumar81(a)gmail.com> ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Set PCBeep to default value for ALC274 Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC225 depop procedure Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Add sanity NULL check for the default mmap fault handler Hans Verkuil <hverkuil(a)xs4all.nl> media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() Qiu-ji Chen <chenqiuji666(a)gmail.com> media: wl128x: Fix atomicity violation in fmc_send_cmd() Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Muchun Song <songmuchun(a)bytedance.com> block: fix ordering between checking BLK_MQ_S_STOPPED request adding Will Deacon <will(a)kernel.org> arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Huacai Chen <chenhuacai(a)kernel.org> sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Do not use drvdata in release Bin Liu <b-liu(a)ti.com> serial: 8250: omap: Move pm_runtime_get_sync Tiwei Bie <tiwei.btw(a)antgroup.com> um: net: Do not use drvdata in release Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Do not use drvdata in release Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: wl: Put source PEB into correct list if trying locking LEB failed Javier Carrasco <javier.carrasco.cruz(a)gmail.com> platform/chrome: cros_ec_typec: fix missing fwnode reference decrement Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() Cheng Ming Lin <chengminglin(a)mxic.com.tw> mtd: spi-nor: core: replace dummy buswidth from addr to data Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> spi: Fix acpi deferred irq probe Jeongjun Park <aha310510(a)gmail.com> netfilter: ipset: add missing range check in bitmap_ip_uadt Sai Kumar Cholleti <skmr537(a)gmail.com> gpio: exar: set value when external pull-up or pull-down is present Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Michal Vrastil <michal.vrastil(a)hidglobal.com> Revert "usb: gadget: composite: fix OS descriptors w_value logic" Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Fix double free in driver API bus_register() Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix TD invalidation under pending Set TR Dequeue Andrej Shadura <andrew.shadura(a)collabora.co.uk> Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix uninit-value in __exfat_get_dentry_set Ahmed Ehab <bottaawesome633(a)gmail.com> locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Jinjie Ruan <ruanjinjie(a)huawei.com> apparmor: test: Fix memory leak for aa_unpack_strdup() Jann Horn <jannh(a)google.com> comedi: Flush partial mappings in error case Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix sending inotify event with unexpected filename Lukas Wunner <lukas(a)wunner.de> PCI: Fix use-after-free of slot->bus on hot remove Raghavendra Rao Ananta <rananta(a)google.com> KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status Gautam Menghani <gautam(a)linux.ibm.com> powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector Eric Biggers <ebiggers(a)google.com> crypto: x86/aegis128 - access 32-bit arguments as 32-bit Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix buffer full but size is 0 case Qiu-ji Chen <chenqiuji666(a)gmail.com> ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Artem Sadovnikov <ancowi69(a)gmail.com> jfs: xattr: check invalid xattr size more strictly Theodore Ts'o <tytso(a)mit.edu> ext4: fix FS_IOC_GETFSMAP handling Jeongjun Park <aha310510(a)gmail.com> ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Benoît Sevens <bsevens(a)google.com> ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: sst: Fix used of uninitialized ctx to log an error Joel Guittet <jguittet(a)witekio.com> Revert "drivers: clk: zynqmp: update divider round rate logic" Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-spear: fix call balance of sehci clk handling routines Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix out of bounds reads when finding clock sources Qiu-ji Chen <chenqiuji666(a)gmail.com> xen: Fix the issue of resource not being properly released in xenbus_dev_probe() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp Mikulas Patocka <mpatocka(a)redhat.com> parisc: fix a possible DMA corruption chao liu <liuzgyid(a)outlook.com> apparmor: fix 'Do simple duplicate message elimination' Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC256 depop procedure Jiasheng Jiang <jiashengjiangcool(a)gmail.com> counter: stm32-timer-cnt: Add check for clk_enable() Jinjie Ruan <ruanjinjie(a)huawei.com> misc: apds990x: Fix missing pm_runtime_disable() Edward Adam Davis <eadavis(a)qq.com> USB: chaoskey: Fix possible deadlock chaoskey_list_lock Oliver Neukum <oneukum(a)suse.com> USB: chaoskey: fail open after removal Oliver Neukum <oneukum(a)suse.com> usb: yurex: make waiting on yurex_write interruptible Jeongjun Park <aha310510(a)gmail.com> usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: light: al3010: Fix an error handling path in al3010_probe() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix use-after-free of nreq in reqsk_timer_handler(). Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Eric Dumazet <edumazet(a)google.com> net: hsr: fix hsr_init_sk() vs network/transport headers. Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Fix register name in verbose logging function Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: Fix mismatch in lmac type Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Vitalii Mordan <mordan(a)ispras.ru> marvell: pxa168_eth: fix call balance of pep->clk handling routines Rosen Penev <rosenp(a)gmail.com> net: mdio-ipq4019: add missing error check Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Pavan Chebbi <pavan.chebbi(a)broadcom.com> tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Barnabás Czémán <barnabas.czeman(a)mainlining.org> power: supply: bq27xxx: Fix registers of bq27426 Bart Van Assche <bvanassche(a)acm.org> power: supply: core: Remove might_sleep() from power_supply_put() Randy Dunlap <rdunlap(a)infradead.org> fs_parser: update mount_api doc to match function signature Avihai Horon <avihaih(a)nvidia.com> vfio/pci: Properly hide first-in-list PCIe extended capability Michael Ellerman <mpe(a)ellerman.id.au> selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix suboptimal range on iotlb iteration Murad Masimov <m.masimov(a)maxima.ru> hwmon: (tps23861) Fix reporting of negative temperatures Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_shutdown_copy() Ye Bin <yebin10(a)huawei.com> svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() Luis Chamberlain <mcgrof(a)kernel.org> sunrpc: simplify two-level sysctl registration for svcrdma_parm_table Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Sibi Sankar <quic_sibis(a)quicinc.com> remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Jonathan Marek <jonathan(a)marek.ca> rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Fix GLINK command prefix Arun Kumar Neelakantam <aneela(a)codeaurora.org> rpmsg: glink: Send READ_NOTIFY command in FIFO full case Arun Kumar Neelakantam <aneela(a)codeaurora.org> rpmsg: glink: Add TX_DATA_CONT command while sending Benjamin Peterson <benjamin(a)engflow.com> perf trace: Avoid garbage when not printing a syscall's arguments Benjamin Peterson <benjamin(a)engflow.com> perf trace: Do not lose last events in a race Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Address an integer overflow Antonio Quartulli <antonio(a)mandelbit.com> m68k: coldfire/device.c: only build FEC when HW macros are defined Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Benjamin Peterson <benjamin(a)engflow.com> perf trace: avoid garbage when not printing a trace event's arguments Yongpeng Yang <yangyongpeng1(a)oppo.com> f2fs: check curseg->inited before write_sum_page in change_curseg Christoph Hellwig <hch(a)lst.de> f2fs: remove the unused flush argument to change_curseg Christoph Hellwig <hch(a)lst.de> f2fs: open code allocate_segment_by_default Christoph Hellwig <hch(a)lst.de> f2fs: remove struct segment_allocation default_salloc_ops LongPing Wei <weilongping(a)oppo.com> f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: cpqphp: Fix PCIBIOS_* return value confusion weiyufeng <weiyufeng(a)kylinos.cn> PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads Leo Yan <leo.yan(a)arm.com> perf probe: Correct demangled symbols in C++ program Ian Rogers <irogers(a)google.com> perf probe: Fix libdw memory leak Todd Kjos <tkjos(a)google.com> PCI: Fix reset_method_store() memory leak James Clark <james.clark(a)linaro.org> perf cs-etm: Don't flush when packet_queue fills up Dan Carpenter <dan.carpenter(a)linaro.org> mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() zhang jiao <zhangjiao2(a)cmss.chinamobile.com> pinctrl: k210: Undef K210_PC_DEFAULT Nuno Sa <nuno.sa(a)analog.com> clk: clk-axi-clkgen: make sure to enable the AXI bus clock Nuno Sa <nuno.sa(a)analog.com> dt-bindings: clock: axi-clkgen: include AXI clk Zhen Lei <thunder.leizhen(a)huawei.com> fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/sh7760fb: Alloc DMA memory from hardware device Zhang Zekun <zhangzekun11(a)huawei.com> powerpc/kexec: Fix return of uninitialized variable Michal Suchanek <msuchanek(a)suse.de> powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix uninitialized value in ocfs2_file_read_iter() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix out-of-order issue of requester when setting FENCE Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Zeng Heng <zengheng4(a)huawei.com> scsi: fusion: Remove unused variable 'rc' Ye Bin <yebin10(a)huawei.com> scsi: bfa: Fix use-after-free in bfad_im_module_exit() Zhang Changzhong <zhangchangzhong(a)huawei.com> mfd: rt5033: Fix missing regmap_del_irq_chip() Dong Aisheng <aisheng.dong(a)nxp.com> clk: imx: clk-scu: fix clk enable state save and restore Peng Fan <peng.fan(a)nxp.com> clk: imx: lpcg-scu: SW workaround for errata (e10858) Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Michael Ellerman <mpe(a)ellerman.id.au> powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/mm/fault: Fix kfence page fault reporting Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: atmel: Fix possible memory leak Yuan Can <yuancan(a)huawei.com> cpufreq: loongson2: Unregister platform_driver on failure Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use dev_err_probe() Marcus Folkesson <marcus.folkesson(a)gmail.com> mfd: da9052-spi: Change read-mask to write-mask Jinjie Ruan <ruanjinjie(a)huawei.com> mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Flag VDSO64 entry points as functions Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: zynqmp: drop excess struct member description Levi Yun <yeoreum.yun(a)arm.com> trace/trace_event_perf: remove duplicate samples on the first tracepoint event Jiayuan Chen <mrpre(a)163.com> bpf: fix recursive lock when verdict program return SK_PASS Hangbin Liu <liuhangbin(a)gmail.com> wireguard: selftests: load nf_conntrack if not present Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in netpoll_poll_lock Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: fix use-after-free in device_for_each_child() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> driver core: Introduce device_find_any_child() helper Takashi Iwai <tiwai(a)suse.de> ALSA: 6fire: Release resources at card release Takashi Iwai <tiwai(a)suse.de> ALSA: caiaq: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: us122l: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: usx2y: Use snd_card_free_when_closed() at disconnection Mingwei Zheng <zmw12306(a)gmail.com> net: rfkill: gpio: Add check for clk_enable() Yuan Can <yuancan(a)huawei.com> drm/amdkfd: Fix wrong usage of INIT_WORK() Paolo Abeni <pabeni(a)redhat.com> selftests: net: really check for bg process completion Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Fix sk_msg_reset_curr Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_pop_data Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_push_data Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap Liu Jian <liujian56(a)huawei.com> selftests, bpf: Add one test for sockmap with strparser Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix SENDPAGE data logic in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap Maurice Lambert <mauricelambert434(a)gmail.com> netlink: typographical error in nlmsg_type constants definition Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: must hold rcu read lock while iterating object type list Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip transaction if update object is not implemented Zichen Xie <zichenxie0106(a)gmail.com> drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() Yuan Can <yuancan(a)huawei.com> wifi: wfx: Fix error handling in wfx_core_init() Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: hold GPU lock across perfmon sampling Doug Brown <doug(a)schmorgal.com> drm/etnaviv: fix power register offset on GC300 Xiaolei Wang <xiaolei.wang(a)windriver.com> drm/etnaviv: Request pages from DMA32 zone on addressing_limited Jinjie Ruan <ruanjinjie(a)huawei.com> drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() Steven Price <steven.price(a)arm.com> drm/panfrost: Remove unused id_mask from struct panfrost_model Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Matthias Schiffer <matthias.schiffer(a)tq-group.com> drm: fsl-dcu: enable PIXCLK on LS1021A Alper Nebi Yasak <alpernebiyasak(a)gmail.com> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix msg_verify_data in test_sockmap Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: tc358767: Fix link properties discovery Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: copy addresses for both in and out paths Leon Romanovsky <leon(a)kernel.org> netdevsim: rely on XFRM state direction instead of flags Leon Romanovsky <leon(a)kernel.org> xfrm: store and rely on direction to construct offload flags Leon Romanovsky <leon(a)kernel.org> xfrm: rename xfrm_state_offload struct to allow reuse Andrii Nakryiko <andrii(a)kernel.org> libbpf: fix sym_is_subprog() logic for weak global subprogs Yuan Chen <chenyuan(a)kylinos.cn> bpf: Fix the xdp_adjust_tail sample prog issue Tony Ambardar <tony.ambardar(a)gmail.com> libbpf: Fix output .symtab byte-order during linking Pin-yen Lin <treapking(a)chromium.org> drm/bridge: anx7625: Drop EDID cache on bridge power off Macpaul Lin <macpaul.lin(a)mediatek.com> ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_micfil: fix regmap_write_bits usage Sascha Hauer <s.hauer(a)pengutronix.de> ASoC: fsl_micfil: use GENMASK to define register bit fields Sascha Hauer <s.hauer(a)pengutronix.de> ASoC: fsl_micfil: do not define SHIFT/MASK for single bits Sascha Hauer <s.hauer(a)pengutronix.de> ASoC: fsl_micfil: Drop unnecessary register read Igor Prusov <ivprusov(a)salutedevices.com> dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 Maíra Canal <mcanal(a)igalia.com> drm/v3d: Address race-condition in MMU flush Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix locking in omap_gem_new_dmabuf() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix possible NULL dereference Jeongjun Park <aha310510(a)gmail.com> wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Yao Zi <ziyao(a)disroot.org> platform/x86: panasonic-laptop: Return errno correctly in show callback Qing Wang <wangqing(a)vivo.com> platform/x86: panasonic-laptop: Replace snprintf in show functions with sysfs_emit Li Huafei <lihuafei1(a)huawei.com> media: atomisp: Add check for rgby_data memory allocation failure Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: atomisp: remove #ifdef HAS_NO_HMEM Sergey Senozhatsky <senozhatsky(a)chromium.org> media: venus: provide ctx queue lock for ioctl synchronization Dikshita Agarwal <quic_dikshita(a)quicinc.com> venus: venc: add handling for VIDIOC_ENCODER_CMD Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus : Addition of support for VIDIOC_TRY_ENCODER_CMD Viswanath Boma <quic_vboma(a)quicinc.com> media: venus : Addition of EOS Event support for Encoder Mansur Alisha Shaik <mansur(a)codeaurora.org> media: venus: vdec: decoded picture buffer handling during reconfig sequence Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: venc: Use pmruntime autosuspend Luo Qiu <luoqiu(a)kylinsec.com.cn> firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Protect against array overrun during iMC config parsing Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8183: jacuzzi: Move panel under aux-bus Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8183: jacuzzi: remove unused ddc-i2c-bus Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> regmap: irq: Set lockdep class for hierarchical IRQ domains Jinjie Ruan <ruanjinjie(a)huawei.com> spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: Avoid shift-out-of-bounds Zhang Zekun <zhangzekun11(a)huawei.com> pmdomain: ti-sci: Add missing of_node_put() for args.np Andre Przywara <andre.przywara(a)arm.com> ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Clark Wang <xiaoning.wang(a)nxp.com> pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns Chen Ridong <chenridong(a)huawei.com> cgroup/bpf: only cgroup v2 can be attached by bpf programs Chen Ridong <chenridong(a)huawei.com> Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4 Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 Gregory Price <gourry(a)gourry.net> tpm: fix signed/unsigned bug when checking event logs Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mmc: mmc_spi: drop buggy snprintf() Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Jinjie Ruan <ruanjinjie(a)huawei.com> soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() Alexander Stein <alexander.stein(a)ew.tq-group.com> spi: spi-fsl-lpspi: downgrade log level for pio mode Mark Brown <broonie(a)kernel.org> clocksource/drivers:sp804: Make user selectable Marco Elver <elver(a)google.com> kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Marco Elver <elver(a)google.com> kcsan, seqlock: Support seqcount_latch_t Peter Zijlstra <peterz(a)infradead.org> seqlock/latch: Provide raw_read_seqcount_latch_retry() Thomas Gleixner <tglx(a)linutronix.de> timekeeping: Consolidate fast timekeeper Miguel Ojeda <ojeda(a)kernel.org> time: Fix references to _msecs_to_jiffies() handling of values Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Chen Ridong <chenridong(a)huawei.com> crypto: bcm - add error check in the ahash_hmac_init function Chen Ridong <chenridong(a)huawei.com> crypto: caam - add error check to caam_rsa_set_priv_key_form Lifeng Zheng <zhenglifeng1(a)huawei.com> ACPI: CPPC: Fix _CPC register setting issue Orange Kao <orange(a)aiven.io> EDAC/igen6: Avoid segmentation fault on module unload Everest K.C <everestkc(a)everestkc.com.np> crypto: cavium - Fix the if condition to exit loop after timeout Yi Yang <yiyang13(a)huawei.com> crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Priyanka Singh <priyanka.singh(a)nxp.com> EDAC/fsl_ddr: Fix bad bit shift operations Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Initialize thermal zones before registering them Ahsan Atta <ahsan.atta(a)intel.com> crypto: qat - remove faulty arbiter config reset David Thompson <davthompson(a)nvidia.com> EDAC/bluefield: Fix potential integer overflow Yuan Can <yuancan(a)huawei.com> firmware: google: Unregister driver_info on failure Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: caam - Fix the pointer passed to caam_qi_shutdown() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> hfsplus: don't query the device logical block size multiple times Masahiro Yamada <masahiroy(a)kernel.org> s390/syscalls: Avoid creation of arch/arch/ directory Aleksandr Mishin <amishin(a)t-argos.ru> acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Masahiro Yamada <masahiroy(a)kernel.org> arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Reinstate early console Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: mvme16x: Add and use "mvme16x.h" Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Fix SCSI controller IRQ numbers Christoph Hellwig <hch(a)lst.de> nvme-pci: fix freeing of the HMB descriptor table David Disseldorp <ddiss(a)suse.de> initramfs: avoid filename buffer overrun Jonas Gorski <jonas.gorski(a)gmail.com> mips: asm: fix warning when disabling MIPS_FP_SUPPORT Yang Erkun <yangerkun(a)huawei.com> brd: defer automatic disk creation until module initialization succeeds Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> brd: remove brd_devices_mutex mutex Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Do not unregister the subchannel based on DNV Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: mte: fix printf type warnings about longs Borislav Petkov (AMD) <bp(a)alien8.de> x86/barrier: Do not serialize MSR accesses on AMD Puranjay Mohan <pjy(a)amazon.com> nvme: fix metadata handling in nvme-passthrough Pali Rohár <pali(a)kernel.org> cifs: Fix buffer overflow when parsing NFS reparse points Ard Biesheuvel <ardb(a)kernel.org> x86/stackprotector: Work around strict Clang TLS symbol requirements Paul E. McKenney <paulmck(a)kernel.org> rcu-tasks: Idle tasks on offline CPUs are in quiescent states Breno Leitao <leitao(a)debian.org> ipmr: Fix access to mfc_cache_list without lock held Harith G <harith.g(a)alifsemi.com> ARM: 9420/1: smp: Fix SMP for xip kernels Eryk Zagorski <erykzagorski(a)gmail.com> ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry David Wang <00107082(a)163.com> proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: fix error in J1939 documentation. Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-base: Handle META key Lock/Unlock events Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-smbios-base: Extends support to Alienware products Mikhail Rudenko <mike.rudenko(a)gmail.com> regulator: rk808: Add apply_bit for BUCK3 on RK809 Charles Han <hanchunchao(a)inspur.com> soc: qcom: Add check devm_kasprintf() returned value Benoît Monin <benoit.monin(a)gmx.fr> net: usb: qmi_wwan: add Quectel RG650V Arnd Bergmann <arnd(a)arndb.de> x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Piyush Raj Chouhan <piyushchouhan1598(a)gmail.com> ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 Li Zhijian <lizhijian(a)fujitsu.com> selftests/watchdog-test: Fix system accidentally reset after watchdog-test Benjamin Große <ste3ls(a)gmail.com> usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver Ben Greear <greearb(a)candelatech.com> mac80211: fix user-power when emulating chanctx Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: Use the sync timepoint API in suspend Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: sst: Support LPE0F28 ACPI HID Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: nfs_async_write_reschedule_io must not recurse into the writeback code Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: resolve faulty mmap_region() error path behaviour Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: unconditionally close VMAs on error Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: avoid unsafe VMA hook invocation when error arises on mmap hook Andrew Morton <akpm(a)linux-foundation.org> mm: revert "mm: shmem: fix data-race in shmem_getattr()" Paolo Abeni <pabeni(a)redhat.com> mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never decrement pending_async_copies on error Chuck Lever <chuck.lever(a)oracle.com> NFSD: Initialize struct nfsd4_copy earlier Chuck Lever <chuck.lever(a)oracle.com> NFSD: Limit the number of concurrent async COPY operations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Async COPY result needs to return a write verifier Dai Ngo <dai.ngo(a)oracle.com> NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Jiri Olsa <jolsa(a)kernel.org> lib/buildid: Fix build ID parsing logic Andre Przywara <andre.przywara(a)arm.com> mmc: sunxi-mmc: Fix A100 compatible description Samuel Holland <samuel(a)sholland.org> mmc: sunxi-mmc: Add D1 MMC variant Francesco Dolcini <francesco.dolcini(a)toradex.com> drm/bridge: tc358768: Fix DSI command tx Aurelien Jarno <aurelien(a)aurel32.net> Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix UBSAN warning in ocfs2_verify_volume() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Sean Christopherson <seanjc(a)google.com> KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix PA offset with unaligned starting iotlb map Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: uncache inode which has failed entering the group Jinjiang Tu <tujinjiang(a)huawei.com> mm: fix NULL pointer dereference in alloc_pages_bulk_noprof Baoquan He <bhe(a)redhat.com> x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y Harith G <harith.g(a)alifsemi.com> ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels Wei Fang <wei.fang(a)nxp.com> samples: pktgen: correct dev to DEV Moshe Shemesh <moshe(a)nvidia.com> net/mlx5e: CT: Fix null-ptr-deref in add rule err flow Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: kTLS, Fix incorrect page refcounting Mark Bloch <mbloch(a)nvidia.com> net/mlx5: fs, lock FTE when checking if active Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop: Fix a dereferenced before check warning Jakub Kicinski <kuba(a)kernel.org> netlink: terminate outstanding dump on socket close Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-qcs404: fix initial rate of GPLL3 Michal Vokáč <michal.vokac(a)ysoft.com> leds: lp55xx: Remove redundant test for invalid channel number Mostafa Saleh <smostafa(a)google.com> iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables MengEn Sun <mengensun(a)tencent.com> vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event guoweikang <guoweikang.kernel(a)gmail.com> ftrace: Fix regression with module command in stack_trace_filter Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: Filter invalid inodes with missing lookup function Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> media: uvcvideo: Require entities to have a non-zero unique ID Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Stop stream during unregister Gaosheng Cui <cuigaosheng1(a)huawei.com> media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() Jinjie Ruan <ruanjinjie(a)huawei.com> media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() Jinjie Ruan <ruanjinjie(a)huawei.com> media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled Li Zetao <lizetao1(a)huawei.com> media: ts2020: fix null-ptr-deref in ts2020_probe() Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Ensure power suppliers be suspended before detach them Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: tc358743: Fix crash in the probe error path when using polling Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Set video drvdata before register video device Dragan Simic <dsimic(a)manjaro.org> arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer ------------- Diffstat: Documentation/ABI/testing/sysfs-bus-pci | 11 + .../devicetree/bindings/clock/adi,axi-clkgen.yaml | 22 +- .../devicetree/bindings/serial/rs485.yaml | 19 +- .../devicetree/bindings/sound/mt6359.yaml | 10 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Documentation/filesystems/mount_api.rst | 3 +- Documentation/locking/seqlock.rst | 2 +- Documentation/networking/j1939.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/sun9i-a80-cubieboard4.dts | 4 +- arch/arm/kernel/head.S | 12 +- arch/arm/kernel/psci_smp.c | 7 + arch/arm/mm/idmap.c | 7 + arch/arm/mm/mmu.c | 34 +- .../boot/dts/allwinner/sun50i-a64-pinephone.dtsi | 3 + arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi | 8 + .../dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts | 3 + .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 3 + .../dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi | 3 + .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 57 +- .../boot/dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 +- .../boot/dts/mediatek/mt8183-kukui-kodama.dtsi | 4 +- .../boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 +- arch/arm64/include/asm/mman.h | 10 +- arch/arm64/kernel/fpsimd.c | 1 + arch/arm64/kernel/process.c | 2 +- arch/arm64/kernel/ptrace.c | 6 +- arch/arm64/kernel/smccc-call.S | 35 +- arch/arm64/kernel/vmlinux.lds.S | 6 +- arch/arm64/kvm/pmu-emul.c | 1 - arch/arm64/kvm/vgic/vgic-its.c | 32 +- arch/arm64/kvm/vgic/vgic.h | 24 + arch/m68k/coldfire/device.c | 8 +- arch/m68k/include/asm/mcfgpio.h | 2 +- arch/m68k/include/asm/mvme147hw.h | 4 +- arch/m68k/kernel/early_printk.c | 9 +- arch/m68k/mvme147/config.c | 30 + arch/m68k/mvme147/mvme147.h | 6 + arch/m68k/mvme16x/config.c | 2 + arch/m68k/mvme16x/mvme16x.h | 6 + arch/mips/boot/dts/loongson/ls7a-pch.dtsi | 73 +- arch/mips/include/asm/switch_to.h | 2 +- arch/parisc/Kconfig | 1 + arch/parisc/include/asm/cache.h | 11 +- arch/powerpc/include/asm/dtl.h | 4 +- arch/powerpc/include/asm/sstep.h | 5 - arch/powerpc/include/asm/vdso.h | 1 + arch/powerpc/kernel/prom_init.c | 29 +- arch/powerpc/kernel/setup_64.c | 1 + arch/powerpc/kexec/file_load_64.c | 9 +- arch/powerpc/lib/sstep.c | 12 +- arch/powerpc/mm/fault.c | 10 +- arch/powerpc/platforms/pseries/dtl.c | 8 +- arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/s390/kernel/entry.S | 4 + arch/s390/kernel/kprobes.c | 6 + arch/s390/kernel/perf_cpum_sf.c | 4 +- arch/s390/kernel/syscalls/Makefile | 2 +- arch/sh/kernel/cpu/proc.c | 2 +- arch/um/drivers/net_kern.c | 2 +- arch/um/drivers/ubd_kern.c | 2 +- arch/um/drivers/vector_kern.c | 3 +- arch/um/kernel/physmem.c | 6 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/sysrq.c | 2 +- arch/x86/Makefile | 3 +- arch/x86/crypto/aegis128-aesni-asm.S | 29 +- arch/x86/entry/entry.S | 15 + arch/x86/events/intel/pt.c | 11 +- arch/x86/events/intel/pt.h | 2 + arch/x86/include/asm/amd_nb.h | 5 +- arch/x86/include/asm/asm-prototypes.h | 3 + arch/x86/include/asm/barrier.h | 18 - arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/processor.h | 18 + arch/x86/kernel/cpu/amd.c | 3 + arch/x86/kernel/cpu/common.c | 9 + arch/x86/kernel/cpu/hygon.c | 3 + arch/x86/kernel/vmlinux.lds.S | 3 + arch/x86/kvm/vmx/nested.c | 30 +- arch/x86/kvm/vmx/vmx.c | 6 +- arch/x86/mm/ioremap.c | 6 +- arch/x86/pci/acpi.c | 119 + block/blk-mq.c | 6 + block/blk-mq.h | 13 + crypto/pcrypt.c | 12 +- drivers/acpi/arm64/gtdt.c | 2 +- drivers/acpi/cppc_acpi.c | 1 - drivers/base/bus.c | 2 + drivers/base/core.c | 20 + drivers/base/regmap/regmap-irq.c | 4 + drivers/base/regmap/regmap.c | 12 + drivers/block/brd.c | 99 +- drivers/clk/clk-axi-clkgen.c | 22 +- drivers/clk/imx/clk-lpcg-scu.c | 37 +- drivers/clk/imx/clk-scu.c | 2 +- drivers/clk/qcom/gcc-qcs404.c | 1 + drivers/clk/zynqmp/divider.c | 66 +- drivers/clocksource/Kconfig | 3 +- drivers/comedi/comedi_fops.c | 12 + drivers/counter/stm32-timer-cnt.c | 16 +- drivers/cpufreq/loongson2_cpufreq.c | 4 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +- drivers/crypto/bcm/cipher.c | 5 +- drivers/crypto/caam/caampkc.c | 11 +- drivers/crypto/caam/qi.c | 2 +- drivers/crypto/cavium/cpt/cptpf_main.c | 6 +- drivers/crypto/hisilicon/qm.c | 51 +- drivers/crypto/qat/qat_common/adf_hw_arbiter.c | 4 - drivers/dma-buf/dma-fence-array.c | 28 +- drivers/edac/bluefield_edac.c | 2 +- drivers/edac/fsl_ddr_edac.c | 22 +- drivers/edac/igen6_edac.c | 2 + drivers/firmware/arm_scpi.c | 3 + drivers/firmware/efi/tpm.c | 17 +- drivers/firmware/google/gsmi.c | 6 +- drivers/firmware/smccc/smccc.c | 4 - drivers/gpio/gpio-exar.c | 10 +- drivers/gpio/gpio-grgpio.c | 26 +- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 48 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 +- drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 27 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 14 + drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/tc358767.c | 7 + drivers/gpu/drm/bridge/tc358768.c | 21 +- drivers/gpu/drm/drm_mm.c | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 3 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 + drivers/gpu/drm/etnaviv/etnaviv_dump.c | 7 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 48 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.h | 21 + drivers/gpu/drm/fsl-dcu/Kconfig | 1 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 15 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 3 + drivers/gpu/drm/imx/dcss/dcss-crtc.c | 6 +- drivers/gpu/drm/imx/ipuv3-crtc.c | 6 +- drivers/gpu/drm/mcde/mcde_drv.c | 1 + drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 2 +- drivers/gpu/drm/omapdrm/dss/base.c | 25 +- drivers/gpu/drm/omapdrm/dss/omapdss.h | 3 +- drivers/gpu/drm/omapdrm/omap_drv.c | 4 +- drivers/gpu/drm/omapdrm/omap_gem.c | 10 +- drivers/gpu/drm/panel/panel-simple.c | 28 + drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 - drivers/gpu/drm/radeon/r600_cs.c | 2 +- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 8 +- drivers/gpu/drm/sti/sti_cursor.c | 3 + drivers/gpu/drm/sti/sti_gdp.c | 3 + drivers/gpu/drm/sti/sti_hqvdp.c | 3 + drivers/gpu/drm/sti/sti_mixer.c | 2 +- drivers/gpu/drm/v3d/v3d_mmu.c | 29 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 2 +- drivers/gpu/drm/vc4/vc4_hvs.c | 11 + drivers/hid/wacom_sys.c | 3 +- drivers/hid/wacom_wac.c | 4 +- drivers/hwmon/tps23861.c | 2 +- drivers/i3c/master.c | 5 +- drivers/i3c/master/mipi-i3c-hci/dma.c | 2 +- drivers/iio/adc/ad7780.c | 2 +- drivers/iio/light/al3010.c | 11 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 2 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 + drivers/infiniband/hw/hns/hns_roce_mr.c | 7 +- drivers/iommu/arm/arm-smmu/arm-smmu.c | 11 + drivers/iommu/io-pgtable-arm.c | 18 +- drivers/leds/led-class.c | 14 +- drivers/leds/leds-lp55xx-common.c | 3 - drivers/mailbox/arm_mhuv2.c | 8 +- drivers/md/bcache/super.c | 2 +- drivers/md/dm-thin.c | 1 + drivers/media/dvb-core/dvbdev.c | 15 +- drivers/media/dvb-frontends/ts2020.c | 8 +- drivers/media/i2c/adv7604.c | 5 +- drivers/media/i2c/adv7842.c | 13 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/platform/allegro-dvt/allegro-core.c | 4 +- drivers/media/platform/imx-jpeg/mxc-jpeg.c | 4 +- drivers/media/platform/qcom/venus/core.c | 2 +- drivers/media/platform/qcom/venus/core.h | 12 + drivers/media/platform/qcom/venus/helpers.c | 53 +- drivers/media/platform/qcom/venus/helpers.h | 3 + drivers/media/platform/qcom/venus/vdec.c | 11 +- drivers/media/platform/qcom/venus/venc.c | 191 +- drivers/media/radio/wl128x/fmdrv_common.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 2 + drivers/media/usb/gspca/ov534.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 113 +- drivers/media/v4l2-core/v4l2-dv-timings.c | 132 +- drivers/message/fusion/mptsas.c | 4 +- drivers/mfd/da9052-spi.c | 2 +- drivers/mfd/intel_soc_pmic_bxtwc.c | 208 +- drivers/mfd/rt5033.c | 4 +- drivers/mfd/tps65010.c | 8 +- drivers/misc/apds990x.c | 12 +- drivers/misc/eeprom/eeprom_93cx6.c | 10 + drivers/mmc/core/bus.c | 2 + drivers/mmc/core/core.c | 3 + drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/mmc_spi.c | 9 +- drivers/mmc/host/mtk-sd.c | 9 +- drivers/mmc/host/sdhci-pci-core.c | 72 + drivers/mmc/host/sdhci-pci.h | 1 + drivers/mmc/host/sunxi-mmc.c | 15 +- drivers/mtd/nand/raw/atmel/pmecc.c | 8 +- drivers/mtd/nand/raw/atmel/pmecc.h | 2 - drivers/mtd/spi-nor/core.c | 2 +- drivers/mtd/ubi/attach.c | 12 +- drivers/mtd/ubi/wl.c | 9 +- drivers/net/can/at91_can.c | 6 - drivers/net/can/c_can/c_can_main.c | 31 +- drivers/net/can/cc770/cc770.c | 3 - drivers/net/can/dev/dev.c | 6 +- drivers/net/can/dev/rx-offload.c | 6 +- drivers/net/can/ifi_canfd/ifi_canfd.c | 63 +- drivers/net/can/kvaser_pciefd.c | 5 - drivers/net/can/m_can/m_can.c | 38 +- drivers/net/can/mscan/mscan.c | 9 +- drivers/net/can/pch_can.c | 3 - drivers/net/can/peak_canfd/peak_canfd.c | 4 - drivers/net/can/rcar/rcar_can.c | 6 +- drivers/net/can/rcar/rcar_canfd.c | 4 - drivers/net/can/sja1000/sja1000.c | 2 - drivers/net/can/sun4i_can.c | 29 +- drivers/net/can/usb/ems_usb.c | 60 +- drivers/net/can/usb/esd_usb2.c | 2 - drivers/net/can/usb/etas_es58x/es58x_core.c | 7 - drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 - drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 8 - drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 - drivers/net/can/usb/peak_usb/pcan_usb.c | 2 - drivers/net/can/usb/peak_usb/pcan_usb_core.c | 13 + drivers/net/can/usb/peak_usb/pcan_usb_core.h | 1 + drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 12 +- drivers/net/can/usb/peak_usb/pcan_usb_pro.c | 2 - drivers/net/can/usb/ucan.c | 6 +- drivers/net/can/usb/usb_8dev.c | 2 - drivers/net/can/xilinx_can.c | 9 +- drivers/net/dsa/microchip/ksz8795.c | 18 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +- drivers/net/ethernet/broadcom/tg3.c | 3 + drivers/net/ethernet/freescale/fec_mpc52xx_phy.c | 2 +- .../net/ethernet/freescale/fs_enet/mii-bitbang.c | 2 +- drivers/net/ethernet/google/gve/gve_main.c | 7 + drivers/net/ethernet/google/gve/gve_rx.c | 4 - drivers/net/ethernet/google/gve/gve_tx.c | 4 - drivers/net/ethernet/intel/igb/igb_main.c | 4 + drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 2 +- drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 5 + .../ethernet/marvell/octeontx2/nic/otx2_common.c | 4 + .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 + drivers/net/ethernet/marvell/pxa168_eth.c | 14 +- drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 19 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 4 +- drivers/net/ethernet/realtek/r8169_main.c | 14 +- drivers/net/ethernet/rocker/rocker_main.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 + drivers/net/geneve.c | 2 +- drivers/net/mdio/mdio-ipq4019.c | 5 +- drivers/net/netdevsim/ipsec.c | 11 +- drivers/net/usb/lan78xx.c | 11 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/r8152.c | 1 + drivers/net/wireless/ath/ath10k/mac.c | 4 +- drivers/net/wireless/ath/ath5k/pci.c | 2 + drivers/net/wireless/ath/ath9k/htc_hst.c | 3 + .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 2 +- drivers/net/wireless/intel/ipw2x00/libipw_rx.c | 8 +- drivers/net/wireless/intel/iwlwifi/fw/init.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 + drivers/net/wireless/intersil/p54/p54spi.c | 4 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/main.c | 4 +- drivers/nvdimm/dax_devs.c | 4 +- drivers/nvdimm/nd.h | 7 + drivers/nvme/host/ioctl.c | 7 +- drivers/nvme/host/pci.c | 16 +- drivers/pci/controller/dwc/pci-keystone.c | 11 + drivers/pci/controller/pcie-rockchip-ep.c | 16 +- drivers/pci/controller/pcie-rockchip.h | 4 + drivers/pci/hotplug/cpqphp_pci.c | 19 +- drivers/pci/pci-sysfs.c | 26 + drivers/pci/pci.c | 7 +- drivers/pci/pci.h | 1 + drivers/pci/probe.c | 30 +- drivers/pci/quirks.c | 15 +- drivers/pci/slot.c | 4 +- drivers/pinctrl/freescale/Kconfig | 2 +- drivers/pinctrl/pinctrl-k210.c | 2 +- drivers/pinctrl/pinctrl-zynqmp.c | 1 - drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 + drivers/platform/chrome/cros_ec_typec.c | 1 + drivers/platform/x86/dell/dell-smbios-base.c | 1 + drivers/platform/x86/dell/dell-wmi-base.c | 6 + drivers/platform/x86/intel/bxtwc_tmu.c | 22 +- drivers/platform/x86/panasonic-laptop.c | 26 +- drivers/power/supply/bq27xxx_battery.c | 37 +- drivers/power/supply/power_supply_core.c | 2 - drivers/ptp/ptp_clock.c | 3 +- drivers/pwm/pwm-imx27.c | 98 +- drivers/regulator/rk808-regulator.c | 2 + drivers/remoteproc/qcom_q6v5_mss.c | 3 + drivers/rpmsg/qcom_glink_native.c | 175 +- drivers/rtc/interface.c | 7 +- drivers/rtc/rtc-ab-eoz9.c | 7 - drivers/rtc/rtc-abx80x.c | 2 +- drivers/rtc/rtc-st-lpc.c | 5 +- drivers/s390/cio/cio.c | 6 +- drivers/s390/cio/device.c | 18 +- drivers/scsi/bfa/bfad.c | 3 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 1 + drivers/scsi/qedf/qedf_main.c | 1 + drivers/scsi/qedi/qedi_main.c | 1 + drivers/scsi/qla2xxx/qla_attr.c | 1 + drivers/scsi/qla2xxx/qla_bsg.c | 124 +- drivers/scsi/qla2xxx/qla_mid.c | 1 + drivers/scsi/qla2xxx/qla_os.c | 15 +- drivers/scsi/scsi_lib.c | 21 +- drivers/scsi/st.c | 31 +- drivers/scsi/ufs/ufs-exynos.c | 16 +- drivers/scsi/ufs/ufs-sysfs.c | 6 + drivers/sh/intc/core.c | 2 +- drivers/soc/fsl/rcpm.c | 1 + drivers/soc/imx/soc-imx8m.c | 107 +- drivers/soc/qcom/qcom-geni-se.c | 3 +- drivers/soc/qcom/socinfo.c | 8 +- drivers/soc/ti/smartreflex.c | 4 +- drivers/soc/ti/ti_sci_pm_domains.c | 4 + drivers/spi/atmel-quadspi.c | 2 +- drivers/spi/spi-fsl-lpspi.c | 14 +- drivers/spi/spi-mpc52xx.c | 1 + drivers/spi/spi-tegra210-quad.c | 2 +- drivers/spi/spi-zynqmp-gqspi.c | 2 + drivers/spi/spi.c | 13 +- .../pci/isp/kernels/bh/bh_2/ia_css_bh.host.c | 2 - .../raw_aa_binning_1.0/ia_css_raa.host.c | 2 - .../pci/isp/kernels/s3a/s3a_1.0/ia_css_s3a.host.c | 5 - .../media/atomisp/pci/runtime/binary/src/binary.c | 4 - drivers/staging/media/atomisp/pci/sh_css_params.c | 12 +- drivers/staging/wfx/main.c | 17 +- drivers/thermal/thermal_core.c | 2 +- drivers/tty/serial/8250/8250_omap.c | 4 +- drivers/tty/serial/amba-pl011.c | 79 +- drivers/tty/tty_ldisc.c | 2 +- drivers/usb/chipidea/udc.c | 2 +- drivers/usb/dwc3/gadget.c | 15 +- drivers/usb/gadget/composite.c | 18 +- drivers/usb/host/ehci-spear.c | 7 +- drivers/usb/host/xhci-dbgcap.c | 135 +- drivers/usb/host/xhci-dbgcap.h | 2 +- drivers/usb/host/xhci-ring.c | 18 +- drivers/usb/misc/chaoskey.c | 35 +- drivers/usb/misc/iowarrior.c | 50 +- drivers/usb/misc/yurex.c | 5 +- drivers/usb/typec/tcpm/wcove.c | 4 - drivers/vdpa/mlx5/core/mr.c | 12 +- drivers/vfio/pci/vfio_pci_config.c | 16 +- drivers/video/fbdev/sh7760fb.c | 11 +- drivers/watchdog/iTCO_wdt.c | 21 +- drivers/watchdog/mtk_wdt.c | 6 + drivers/watchdog/rti_wdt.c | 3 +- drivers/xen/xenbus/xenbus_probe.c | 8 +- fs/btrfs/ctree.c | 10 +- fs/btrfs/extent-tree.c | 1 - fs/btrfs/inode.c | 1 + fs/btrfs/ref-verify.c | 1 + fs/btrfs/volumes.c | 38 +- fs/cifs/smb2ops.c | 6 + fs/eventpoll.c | 6 +- fs/exfat/namei.c | 1 + fs/ext4/fsmap.c | 54 +- fs/ext4/mballoc.c | 18 +- fs/ext4/mballoc.h | 1 + fs/ext4/super.c | 8 +- fs/f2fs/inode.c | 4 +- fs/f2fs/segment.c | 74 +- fs/f2fs/segment.h | 6 - fs/hfsplus/hfsplus_fs.h | 3 +- fs/hfsplus/wrapper.c | 2 + fs/jffs2/compr_rtime.c | 3 + fs/jffs2/erase.c | 7 +- fs/jfs/jfs_dmap.c | 6 + fs/jfs/jfs_dtree.c | 15 + fs/jfs/xattr.c | 2 +- fs/ksmbd/server.c | 4 +- fs/nfs/internal.h | 2 +- fs/nfs/nfs4proc.c | 8 +- fs/nfs/write.c | 2 - fs/nfsd/export.c | 5 +- fs/nfsd/netns.h | 1 + fs/nfsd/nfs4callback.c | 16 +- fs/nfsd/nfs4proc.c | 43 +- fs/nfsd/nfs4recover.c | 3 +- fs/nfsd/nfs4state.c | 20 + fs/nfsd/xdr4.h | 1 + fs/nilfs2/btnode.c | 2 - fs/nilfs2/dir.c | 2 +- fs/nilfs2/gcinode.c | 4 +- fs/nilfs2/mdt.c | 1 - fs/nilfs2/page.c | 2 +- fs/notify/fsnotify.c | 23 +- fs/ocfs2/aops.h | 2 + fs/ocfs2/dlmglue.c | 1 + fs/ocfs2/file.c | 4 + fs/ocfs2/localalloc.c | 19 - fs/ocfs2/namei.c | 4 +- fs/ocfs2/resize.c | 2 + fs/ocfs2/super.c | 13 +- fs/overlayfs/inode.c | 7 +- fs/overlayfs/util.c | 3 + fs/proc/softirqs.c | 2 +- fs/quota/dquot.c | 2 + fs/ubifs/super.c | 6 +- fs/ubifs/tnc_commit.c | 2 + fs/unicode/mkutf8data.c | 70 + fs/unicode/utf8data.h_shipped | 6703 ++++++++++---------- fs/xfs/libxfs/xfs_sb.c | 10 +- fs/xfs/xfs_log.c | 17 - include/linux/arm-smccc.h | 30 +- include/linux/blkdev.h | 2 +- include/linux/device.h | 2 + include/linux/eeprom_93cx6.h | 11 + include/linux/eventpoll.h | 2 +- include/linux/jiffies.h | 2 +- include/linux/leds.h | 2 +- include/linux/lockdep.h | 2 +- include/linux/mman.h | 7 +- include/linux/netpoll.h | 2 +- include/linux/pci.h | 6 + include/linux/rbtree_latch.h | 2 +- include/linux/seqlock.h | 107 +- include/linux/sunrpc/xprtsock.h | 1 + include/linux/util_macros.h | 56 +- include/media/v4l2-dv-timings.h | 18 +- include/net/xfrm.h | 16 +- include/sound/pcm.h | 20 +- include/uapi/linux/rtnetlink.h | 2 +- init/initramfs.c | 15 + kernel/bpf/devmap.c | 6 +- kernel/bpf/lpm_trie.c | 27 +- kernel/cgroup/cgroup.c | 21 +- kernel/dma/debug.c | 8 +- kernel/kcsan/debugfs.c | 74 +- kernel/printk/printk.c | 2 +- kernel/rcu/tasks.h | 2 +- kernel/sched/core.c | 4 +- kernel/sched/fair.c | 26 +- kernel/sched/sched.h | 8 +- kernel/time/sched_clock.c | 2 +- kernel/time/time.c | 2 +- kernel/time/timekeeping.c | 24 +- kernel/trace/ftrace.c | 3 + kernel/trace/trace_clock.c | 2 +- kernel/trace/trace_eprobe.c | 5 + kernel/trace/trace_event_perf.c | 6 + kernel/trace/tracing_map.c | 6 +- lib/buildid.c | 2 +- lib/string_helpers.c | 2 +- mm/damon/vaddr-test.h | 94 +- mm/damon/vaddr.c | 4 +- mm/internal.h | 19 + mm/mmap.c | 86 +- mm/nommu.c | 9 +- mm/page_alloc.c | 3 +- mm/shmem.c | 5 - mm/util.c | 33 + mm/vmstat.c | 1 + net/9p/trans_xen.c | 9 +- net/bluetooth/hci_core.c | 13 +- net/bluetooth/hci_event.c | 2 +- net/bluetooth/hci_sysfs.c | 15 +- net/bluetooth/l2cap_core.c | 9 - net/bluetooth/l2cap_sock.c | 1 + net/bluetooth/rfcomm/sock.c | 10 +- net/can/af_can.c | 1 + net/can/j1939/transport.c | 2 +- net/core/filter.c | 88 +- net/core/neighbour.c | 1 + net/core/netpoll.c | 2 +- net/core/skmsg.c | 4 +- net/dccp/feat.c | 6 +- net/ethtool/bitset.c | 48 +- net/hsr/hsr_device.c | 4 +- net/hsr/hsr_forward.c | 2 + net/ieee802154/socket.c | 12 +- net/ipv4/af_inet.c | 22 +- net/ipv4/fou.c | 2 +- net/ipv4/inet_connection_sock.c | 2 +- net/ipv4/ipmr_base.c | 3 +- net/ipv4/tcp_bpf.c | 11 +- net/ipv6/af_inet6.c | 22 +- net/ipv6/route.c | 6 +- net/mac80211/main.c | 2 + net/mptcp/protocol.c | 3 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 7 +- net/netfilter/ipset/ip_set_core.c | 5 + net/netfilter/ipvs/ip_vs_proto.c | 4 +- net/netfilter/nf_tables_api.c | 19 +- net/netfilter/nft_set_hash.c | 16 + net/netfilter/xt_LED.c | 4 +- net/netlink/af_netlink.c | 31 +- net/netlink/af_netlink.h | 2 - net/packet/af_packet.c | 12 +- net/rfkill/rfkill-gpio.c | 8 +- net/sched/cls_flower.c | 5 +- net/sched/sch_cbs.c | 2 +- net/sched/sch_tbf.c | 18 +- net/smc/af_smc.c | 57 + net/smc/smc.h | 6 +- net/sunrpc/cache.c | 4 +- net/sunrpc/clnt.c | 33 +- net/sunrpc/xprtrdma/svc_rdma.c | 40 +- net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +- net/sunrpc/xprtsock.c | 23 +- net/tipc/udp_media.c | 2 +- net/xdp/xskmap.c | 2 +- net/xfrm/xfrm_device.c | 10 +- net/xfrm/xfrm_state.c | 4 +- net/xfrm/xfrm_user.c | 5 +- samples/bpf/test_cgrp2_sock.c | 4 +- samples/bpf/xdp_adjust_tail_kern.c | 1 + samples/pktgen/pktgen_sample01_simple.sh | 2 +- scripts/mod/file2alias.c | 5 +- scripts/mod/modpost.c | 6 +- security/apparmor/capability.c | 2 + security/apparmor/policy_unpack_test.c | 6 + security/integrity/ima/ima_api.c | 16 +- security/integrity/ima/ima_template_lib.c | 17 +- sound/core/oss/pcm_oss.c | 42 +- sound/core/pcm.c | 9 +- sound/core/pcm_compat.c | 4 +- sound/core/pcm_lib.c | 16 +- sound/core/pcm_native.c | 132 +- sound/hda/intel-dsp-config.c | 4 + sound/pci/hda/patch_realtek.c | 157 +- sound/soc/codecs/da7219.c | 9 +- sound/soc/codecs/hdmi-codec.c | 144 +- sound/soc/fsl/fsl_micfil.c | 74 +- sound/soc/fsl/fsl_micfil.h | 270 +- sound/soc/intel/atom/sst/sst_acpi.c | 64 +- sound/soc/intel/boards/bytcr_rt5640.c | 48 +- sound/soc/stm/stm32_sai_sub.c | 6 +- sound/usb/6fire/chip.c | 10 +- sound/usb/caiaq/audio.c | 10 +- sound/usb/caiaq/audio.h | 1 + sound/usb/caiaq/device.c | 19 +- sound/usb/caiaq/input.c | 12 +- sound/usb/caiaq/input.h | 1 + sound/usb/clock.c | 24 +- sound/usb/endpoint.c | 14 +- sound/usb/mixer_maps.c | 10 + sound/usb/quirks-table.h | 14 +- sound/usb/quirks.c | 19 +- sound/usb/usx2y/us122l.c | 5 +- sound/usb/usx2y/usbusx2y.c | 2 +- tools/bpf/bpftool/jit_disasm.c | 51 +- tools/bpf/bpftool/main.h | 25 +- tools/bpf/bpftool/map.c | 1 - tools/bpf/bpftool/prog.c | 22 +- tools/lib/bpf/libbpf.c | 2 +- tools/lib/bpf/linker.c | 2 + tools/perf/builtin-trace.c | 16 +- tools/perf/util/cs-etm.c | 25 +- tools/perf/util/probe-finder.c | 21 +- tools/perf/util/probe-finder.h | 4 +- tools/scripts/Makefile.arch | 4 +- .../selftests/arm64/mte/check_tags_inclusion.c | 4 +- tools/testing/selftests/arm64/pauth/pac.c | 3 + tools/testing/selftests/bpf/test_sockmap.c | 194 +- .../selftests/mount_setattr/mount_setattr_test.c | 2 +- tools/testing/selftests/net/pmtu.sh | 2 +- tools/testing/selftests/resctrl/resctrl_val.c | 3 +- tools/testing/selftests/vDSO/parse_vdso.c | 3 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + tools/testing/selftests/wireguard/netns.sh | 1 + 586 files changed, 9034 insertions(+), 6190 deletions(-)

6 months

11
576
0 0

[PATCH 6.6 resubmit 0/3] Fix PPS channel routing

by Csókás, Bence

On certain i.MX8 series parts [1], the PPS channel 0 is routed internally to eDMA, and the external PPS pin is available on channel 1. In addition, on certain boards, the PPS may be wired on the PCB to an EVENTOUTn pin other than 0. On these systems it is necessary that the PPS channel be able to be configured from the Device Tree. [1] https://lore.kernel.org/all/ZrPYOWA3FESx197L@lizhi-Precision-Tower-5810/ Francesco Dolcini (3): dt-bindings: net: fec: add pps channel property net: fec: refactor PPS channel configuration net: fec: make PPS channel configurable Documentation/devicetree/bindings/net/fsl,fec.yaml | 7 +++++++ drivers/net/ethernet/freescale/fec_ptp.c | 11 ++++++----- 2 files changed, 13 insertions(+), 5 deletions(-) -- 2.34.1

6 months

4
12
0 0

Re: Patch "module: Convert default symbol namespace to string literal" has been added to the 6.12-stable tree

by Andy Shevchenko

On Sun, Dec 15, 2024 at 11:54:50AM -0500, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > module: Convert default symbol namespace to string literal > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > module-convert-default-symbol-namespace-to-string-li.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. IIUC if you take this one, you would want to take more that are fixing documentation generation and other noticed regressions. -- With Best Regards, Andy Shevchenko

6 months

2
1
0 0

Re: Patch "gpio: idio-16: Actually make use of the GPIO_IDIO_16 symbol namespace" has been added to the 6.12-stable tree

by Uwe Kleine-König

On Sun, Dec 15, 2024 at 11:54:56AM -0500, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > gpio: idio-16: Actually make use of the GPIO_IDIO_16 symbol namespace > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > gpio-idio-16-actually-make-use-of-the-gpio_idio_16-s.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 8845b746c447c715080e448d62aeed25f73fb205 > Author: Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> > Date: Tue Dec 3 18:26:30 2024 +0100 > > gpio: idio-16: Actually make use of the GPIO_IDIO_16 symbol namespace > > [ Upstream commit 9ac4b58fcef0f9fc03fa6e126a5f53c1c71ada8a ] > > DEFAULT_SYMBOL_NAMESPACE must already be defined when <linux/export.h> > is included. So move the define above the include block. > > Fixes: b9b1fc1ae119 ("gpio: idio-16: Introduce the ACCES IDIO-16 GPIO library module") > Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> > Acked-by: William Breathitt Gray <wbg(a)kernel.org> > Link: https://lore.kernel.org/r/20241203172631.1647792-2-u.kleine-koenig@baylibre… > Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> Hmm, I don't think the advantages here are very relevant. The only problem fixed here is that the symbols provided by the driver are not in the expected namespace. So this is nothing a user would wail about as everything works as intended. The big upside of dropping this patch is that you can (I think) also drop the backport of commit ceb8bf2ceaa7 ("module: Convert default symbol namespace to string literal"). Even if you want to fix the namespace issue in the gpio-idio-16 driver, I'd suggest to just move the definition of DEFAULT_SYMBOL_NAMESPACE without the quotes for stable as I think this is easy enough to not justify taking the intrusive ceb8bf2ceaa7. Also ceb8bf2ceaa7 might be an annoyance for out-of-tree code. I know we don't care much about these, still I think not adding to their burden is another small argument for not taking ceb8bf2ceaa7. Best regards Uwe

6 months

2
1
0 0

[PATCH] [SCSI] raid class: Fix error handling in raid_component_add

by Ma Ke

The reference count of the device incremented in device_initialize() is not decremented when device_add() fails. Add a put_device() call before returning from the function to decrement reference count for cleanup. Or it could cause memory leak. As comment of device_add() says, if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count. Found by code review. Cc: stable(a)vger.kernel.org Fixes: ed542bed126c ("[SCSI] raid class: handle component-add errors") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- drivers/scsi/raid_class.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/raid_class.c b/drivers/scsi/raid_class.c index 898a0bdf8df6..2cb2949a78c6 100644 --- a/drivers/scsi/raid_class.c +++ b/drivers/scsi/raid_class.c @@ -251,6 +251,7 @@ int raid_component_add(struct raid_template *r,struct device *raid_dev, list_del(&rc->node); rd->component_count--; put_device(component_dev); + put_device(&rc->dev); kfree(rc); return err; } -- 2.25.1

6 months

1
0
0 0

[PATCH] phy: Fix error handling in tegra_xusb_port_init

by Ma Ke

The reference count of the device incremented in device_initialize() is not decremented when device_add() fails. Add a put_device() call before returning from the function to decrement reference count for cleanup. Or it could cause memory leak. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 53d2a715c240 ("phy: Add Tegra XUSB pad controller support") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- drivers/phy/tegra/xusb.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/phy/tegra/xusb.c b/drivers/phy/tegra/xusb.c index 79d4814d758d..c89df95aa6ca 100644 --- a/drivers/phy/tegra/xusb.c +++ b/drivers/phy/tegra/xusb.c @@ -548,16 +548,16 @@ static int tegra_xusb_port_init(struct tegra_xusb_port *port, err = dev_set_name(&port->dev, "%s-%u", name, index); if (err < 0) - goto unregister; + goto put_device; err = device_add(&port->dev); if (err < 0) - goto unregister; + goto put_device; return 0; -unregister: - device_unregister(&port->dev); +put_device: + put_device(&port->dev); return err; } -- 2.25.1

6 months

1
0
0 0

[PATCH v2] virtio: fix reference leak in register_virtio_device()

by Ma Ke

The reference count of the device incremented in device_initialize() is not decremented when device_add() fails. Add a put_device() call before returning from the function. Found by code review. Cc: stable(a)vger.kernel.org Fixes: f2b44cde7e16 ("virtio: split device_register into device_initialize and device_add") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- Changes in v2: - modified the fixes tag according to suggestions; - modified the bug description. --- drivers/virtio/virtio.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index b9095751e43b..ac721b5597e8 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -503,6 +503,7 @@ int register_virtio_device(struct virtio_device *dev) out_of_node_put: of_node_put(dev->dev.of_node); + put_device(&dev->dev); out_ida_remove: ida_free(&virtio_index_ida, dev->index); out: -- 2.25.1

6 months

1
0
0 0

[PATCH v2] usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe()

by Joe Hattori

Current implementation of ci_hdrc_imx_driver does not decrement the refcount of the device obtained in usbmisc_get_init_data(). Add a put_device() call in .remove() and in .probe() before returning an error. This bug was found by an experimental static analysis tool that I am developing. Cc: stable(a)vger.kernel.org Fixes: f40017e0f332 ("chipidea: usbmisc_imx: Add USB support for VF610 SoCs") Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> --- Changes in v2: - Put the device in .remove() as well. --- drivers/usb/chipidea/ci_hdrc_imx.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index f2801700be8e..1a7fc638213e 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -370,25 +370,29 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) data->pinctrl = devm_pinctrl_get(dev); if (PTR_ERR(data->pinctrl) == -ENODEV) data->pinctrl = NULL; - else if (IS_ERR(data->pinctrl)) - return dev_err_probe(dev, PTR_ERR(data->pinctrl), + else if (IS_ERR(data->pinctrl)) { + ret = dev_err_probe(dev, PTR_ERR(data->pinctrl), "pinctrl get failed\n"); + goto err_put; + } data->hsic_pad_regulator = devm_regulator_get_optional(dev, "hsic"); if (PTR_ERR(data->hsic_pad_regulator) == -ENODEV) { /* no pad regulator is needed */ data->hsic_pad_regulator = NULL; - } else if (IS_ERR(data->hsic_pad_regulator)) - return dev_err_probe(dev, PTR_ERR(data->hsic_pad_regulator), + } else if (IS_ERR(data->hsic_pad_regulator)) { + ret = dev_err_probe(dev, PTR_ERR(data->hsic_pad_regulator), "Get HSIC pad regulator error\n"); + goto err_put; + } if (data->hsic_pad_regulator) { ret = regulator_enable(data->hsic_pad_regulator); if (ret) { dev_err(dev, "Failed to enable HSIC pad regulator\n"); - return ret; + goto err_put; } } } @@ -402,13 +406,14 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) dev_err(dev, "pinctrl_hsic_idle lookup failed, err=%ld\n", PTR_ERR(pinctrl_hsic_idle)); - return PTR_ERR(pinctrl_hsic_idle); + ret = PTR_ERR(pinctrl_hsic_idle); + goto err_put; } ret = pinctrl_select_state(data->pinctrl, pinctrl_hsic_idle); if (ret) { dev_err(dev, "hsic_idle select failed, err=%d\n", ret); - return ret; + goto err_put; } data->pinctrl_hsic_active = pinctrl_lookup_state(data->pinctrl, @@ -417,7 +422,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) dev_err(dev, "pinctrl_hsic_active lookup failed, err=%ld\n", PTR_ERR(data->pinctrl_hsic_active)); - return PTR_ERR(data->pinctrl_hsic_active); + ret = PTR_ERR(data->pinctrl_hsic_active); + goto err_put; } } @@ -527,6 +533,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) if (pdata.flags & CI_HDRC_PMQOS) cpu_latency_qos_remove_request(&data->pm_qos_req); data->ci_pdev = NULL; +err_put: + put_device(data->usbmisc_data->dev); return ret; } @@ -551,6 +559,7 @@ static void ci_hdrc_imx_remove(struct platform_device *pdev) if (data->hsic_pad_regulator) regulator_disable(data->hsic_pad_regulator); } + put_device(data->usbmisc_data->dev); } static void ci_hdrc_imx_shutdown(struct platform_device *pdev) -- 2.34.1

6 months

2
1
0 0

[PATCH stable 6.6 0/8] Fix BPF selftests compilation error

by Shung-Hsi Yu

Currently the BPF selftests in fails to compile (with tools/testing/selftests/bpf/vmtest.sh) due to use of test helpers that were not backported, namely: - netlink_helpers.h - __xlated() The 1st patch in the series adds netlink_helpers.h, and the 8th patch in the series adds the __xlated() helper. Patch 2-7 are pulled as context for the __xlated() helper. Cupertino Miranda (1): selftests/bpf: Support checks against a regular expression Daniel Borkmann (1): selftests/bpf: Add netlink helper library Eduard Zingerman (5): selftests/bpf: extract utility function for BPF disassembly selftests/bpf: print correct offset for pseudo calls in disasm_insn() selftests/bpf: no need to track next_match_pos in struct test_loader selftests/bpf: extract test_loader->expect_msgs as a data structure selftests/bpf: allow checking xlated programs in verifier_* tests Hou Tao (1): selftests/bpf: Factor out get_xlated_program() helper tools/testing/selftests/bpf/Makefile | 20 +- tools/testing/selftests/bpf/disasm_helpers.c | 69 ++++ tools/testing/selftests/bpf/disasm_helpers.h | 12 + tools/testing/selftests/bpf/netlink_helpers.c | 358 ++++++++++++++++++ tools/testing/selftests/bpf/netlink_helpers.h | 46 +++ .../selftests/bpf/prog_tests/ctx_rewrite.c | 118 +----- tools/testing/selftests/bpf/progs/bpf_misc.h | 16 +- tools/testing/selftests/bpf/test_loader.c | 235 +++++++++--- tools/testing/selftests/bpf/test_progs.h | 1 - tools/testing/selftests/bpf/test_verifier.c | 47 +-- tools/testing/selftests/bpf/testing_helpers.c | 43 +++ tools/testing/selftests/bpf/testing_helpers.h | 6 + 12 files changed, 759 insertions(+), 212 deletions(-) create mode 100644 tools/testing/selftests/bpf/disasm_helpers.c create mode 100644 tools/testing/selftests/bpf/disasm_helpers.h create mode 100644 tools/testing/selftests/bpf/netlink_helpers.c create mode 100644 tools/testing/selftests/bpf/netlink_helpers.h -- 2.47.0

6 months

2
11
0 0

[PATCH] virtio: fix reference leak in register_virtio_device()

by Ma Ke

When device_add(&dev->dev) failed, calling put_device() to explicitly release dev->dev. Otherwise, it could cause double free problem. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 694a1116b405 ("virtio: Bind virtio device to device-tree node") Signed-off-by: Ma Ke <make_ruc2021(a)163.com> --- drivers/virtio/virtio.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index b9095751e43b..ac721b5597e8 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -503,6 +503,7 @@ int register_virtio_device(struct virtio_device *dev) out_of_node_put: of_node_put(dev->dev.of_node); + put_device(&dev->dev); out_ida_remove: ida_free(&virtio_index_ida, dev->index); out: -- 2.25.1

6 months

3
2
0 0

[PATCH V5] mm, compaction: don't use ALLOC_CMA in long term GUP flow

by yangge1116＠126.com

From: yangge <yangge1116(a)126.com> Since commit 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") allow compaction to proceed when free pages required for compaction reside in the CMA pageblocks, it's possible that __compaction_suitable() always returns true, and in some cases, it's not acceptable. There are 4 NUMA nodes on my machine, and each NUMA node has 32GB of memory. I have configured 16GB of CMA memory on each NUMA node, and starting a 32GB virtual machine with device passthrough is extremely slow, taking almost an hour. During the start-up of the virtual machine, it will call pin_user_pages_remote(..., FOLL_LONGTERM, ...) to allocate memory. Long term GUP cannot allocate memory from CMA area, so a maximum of 16 GB of no-CMA memory on a NUMA node can be used as virtual machine memory. Since there is 16G of free CMA memory on the NUMA node, watermark for order-0 always be met for compaction, so __compaction_suitable() always returns true, even if the node is unable to allocate non-CMA memory for the virtual machine. For costly allocations, because __compaction_suitable() always returns true, __alloc_pages_slowpath() can't exit at the appropriate place, resulting in excessively long virtual machine startup times. Call trace: __alloc_pages_slowpath if (compact_result == COMPACT_SKIPPED || compact_result == COMPACT_DEFERRED) goto nopage; // should exit __alloc_pages_slowpath() from here In order to quickly fall back to remote node, we should remove ALLOC_CMA both in __compaction_suitable() and __isolate_free_page() in long term GUP flow. After this fix, starting a 32GB virtual machine with device passthrough takes only a few seconds. Fixes: 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") Cc: <stable(a)vger.kernel.org> Signed-off-by: yangge <yangge1116(a)126.com> --- V5: - add 'alloc_flags' parameter for __isolate_free_page() - remove 'usa_cma' variable V4: - rich the commit log description V3: - fix build errors - add ALLOC_CMA both in should_continue_reclaim() and compaction_ready() V2: - using the 'cc->alloc_flags' to determin if 'ALLOC_CMA' is needed - rich the commit log description include/linux/compaction.h | 6 ++++-- mm/compaction.c | 20 +++++++++++--------- mm/internal.h | 3 ++- mm/page_alloc.c | 6 ++++-- mm/page_isolation.c | 3 ++- mm/page_reporting.c | 2 +- mm/vmscan.c | 4 ++-- 7 files changed, 26 insertions(+), 18 deletions(-) diff --git a/include/linux/compaction.h b/include/linux/compaction.h index e947764..b4c3ac3 100644 --- a/include/linux/compaction.h +++ b/include/linux/compaction.h @@ -90,7 +90,8 @@ extern enum compact_result try_to_compact_pages(gfp_t gfp_mask, struct page **page); extern void reset_isolation_suitable(pg_data_t *pgdat); extern bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx); + int highest_zoneidx, + unsigned int alloc_flags); extern void compaction_defer_reset(struct zone *zone, int order, bool alloc_success); @@ -108,7 +109,8 @@ static inline void reset_isolation_suitable(pg_data_t *pgdat) } static inline bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx) + int highest_zoneidx, + unsigned int alloc_flags) { return false; } diff --git a/mm/compaction.c b/mm/compaction.c index 07bd227..b10d921 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -655,7 +655,7 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, /* Found a free page, will break it into order-0 pages */ order = buddy_order(page); - isolated = __isolate_free_page(page, order); + isolated = __isolate_free_page(page, order, cc->alloc_flags); if (!isolated) break; set_page_private(page, order); @@ -1634,7 +1634,7 @@ static void fast_isolate_freepages(struct compact_control *cc) /* Isolate the page if available */ if (page) { - if (__isolate_free_page(page, order)) { + if (__isolate_free_page(page, order, cc->alloc_flags)) { set_page_private(page, order); nr_isolated = 1 << order; nr_scanned += nr_isolated - 1; @@ -2381,6 +2381,7 @@ static enum compact_result compact_finished(struct compact_control *cc) static bool __compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags, unsigned long wmark_target) { unsigned long watermark; @@ -2395,25 +2396,26 @@ static bool __compaction_suitable(struct zone *zone, int order, * even if compaction succeeds. * For costly orders, we require low watermark instead of min for * compaction to proceed to increase its chances. - * ALLOC_CMA is used, as pages in CMA pageblocks are considered - * suitable migration targets + * In addition to long term GUP flow, ALLOC_CMA is used, as pages in + * CMA pageblocks are considered suitable migration targets */ watermark = (order > PAGE_ALLOC_COSTLY_ORDER) ? low_wmark_pages(zone) : min_wmark_pages(zone); watermark += compact_gap(order); return __zone_watermark_ok(zone, 0, watermark, highest_zoneidx, - ALLOC_CMA, wmark_target); + alloc_flags & ALLOC_CMA, wmark_target); } /* * compaction_suitable: Is this suitable to run compaction on this zone now? */ -bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx) +bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags) { enum compact_result compact_result; bool suitable; - suitable = __compaction_suitable(zone, order, highest_zoneidx, + suitable = __compaction_suitable(zone, order, highest_zoneidx, alloc_flags, zone_page_state(zone, NR_FREE_PAGES)); /* * fragmentation index determines if allocation failures are due to @@ -2474,7 +2476,7 @@ bool compaction_zonelist_suitable(struct alloc_context *ac, int order, available = zone_reclaimable_pages(zone) / order; available += zone_page_state_snapshot(zone, NR_FREE_PAGES); if (__compaction_suitable(zone, order, ac->highest_zoneidx, - available)) + alloc_flags, available)) return true; } @@ -2499,7 +2501,7 @@ compaction_suit_allocation_order(struct zone *zone, unsigned int order, alloc_flags)) return COMPACT_SUCCESS; - if (!compaction_suitable(zone, order, highest_zoneidx)) + if (!compaction_suitable(zone, order, highest_zoneidx, alloc_flags)) return COMPACT_SKIPPED; return COMPACT_CONTINUE; diff --git a/mm/internal.h b/mm/internal.h index 3922788..6d257c8 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -662,7 +662,8 @@ static inline void clear_zone_contiguous(struct zone *zone) zone->contiguous = false; } -extern int __isolate_free_page(struct page *page, unsigned int order); +extern int __isolate_free_page(struct page *page, unsigned int order, + unsigned int alloc_flags); extern void __putback_isolated_page(struct page *page, unsigned int order, int mt); extern void memblock_free_pages(struct page *page, unsigned long pfn, diff --git a/mm/page_alloc.c b/mm/page_alloc.c index dde19db..ecb2fd7 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2809,7 +2809,8 @@ void split_page(struct page *page, unsigned int order) } EXPORT_SYMBOL_GPL(split_page); -int __isolate_free_page(struct page *page, unsigned int order) +int __isolate_free_page(struct page *page, unsigned int order, + unsigned int alloc_flags) { struct zone *zone = page_zone(page); int mt = get_pageblock_migratetype(page); @@ -2823,7 +2824,8 @@ int __isolate_free_page(struct page *page, unsigned int order) * exists. */ watermark = zone->_watermark[WMARK_MIN] + (1UL << order); - if (!zone_watermark_ok(zone, 0, watermark, 0, ALLOC_CMA)) + if (!zone_watermark_ok(zone, 0, watermark, 0, + alloc_flags & ALLOC_CMA)) return 0; } diff --git a/mm/page_isolation.c b/mm/page_isolation.c index c608e9d..a1f2c79 100644 --- a/mm/page_isolation.c +++ b/mm/page_isolation.c @@ -229,7 +229,8 @@ static void unset_migratetype_isolate(struct page *page, int migratetype) buddy = find_buddy_page_pfn(page, page_to_pfn(page), order, NULL); if (buddy && !is_migrate_isolate_page(buddy)) { - isolated_page = !!__isolate_free_page(page, order); + isolated_page = !!__isolate_free_page(page, order, + ALLOC_CMA); /* * Isolating a free page in an isolated pageblock * is expected to always work as watermarks don't diff --git a/mm/page_reporting.c b/mm/page_reporting.c index e4c428e..fd3813b 100644 --- a/mm/page_reporting.c +++ b/mm/page_reporting.c @@ -198,7 +198,7 @@ page_reporting_cycle(struct page_reporting_dev_info *prdev, struct zone *zone, /* Attempt to pull page from list and place in scatterlist */ if (*offset) { - if (!__isolate_free_page(page, order)) { + if (!__isolate_free_page(page, order, ALLOC_CMA)) { next = page; break; } diff --git a/mm/vmscan.c b/mm/vmscan.c index 5e03a61..33f5b46 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -5815,7 +5815,7 @@ static inline bool should_continue_reclaim(struct pglist_data *pgdat, sc->reclaim_idx, 0)) return false; - if (compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; } @@ -6043,7 +6043,7 @@ static inline bool compaction_ready(struct zone *zone, struct scan_control *sc) return true; /* Compaction cannot yet proceed. Do reclaim. */ - if (!compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (!compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; /* -- 2.7.4

6 months

4
4
0 0

[stable-kernel][5.15.y][PATCH 0/5] Fix a regression on sc16is7xx

by Hui Wang

Recently we found the fifo_read() and fifo_write() are broken in our 5.15 kernel after rebase to the latest 5.15.y, the 5.15.y integrated the commit e635f652696e ("serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO"), but it forgot to integrate a prerequisite commit 3837a0379533 ("serial: sc16is7xx: improve regmap debugfs by using one regmap per port"). And about the prerequisite commit, there are also 4 commits to fix it, So in total, I backported 5 patches to 5.15.y to fix this regression. 0002-xxx and 0004-xxx could be cleanly applied to 5.15.y, the remaining 3 patches need to resolve some conflict. Hugo Villeneuve (5): serial: sc16is7xx: improve regmap debugfs by using one regmap per port serial: sc16is7xx: remove wasteful static buffer in sc16is7xx_regmap_name() serial: sc16is7xx: remove global regmap from struct sc16is7xx_port serial: sc16is7xx: remove unused line structure member serial: sc16is7xx: change EFR lock to operate on each channels drivers/tty/serial/sc16is7xx.c | 185 +++++++++++++++++++-------------- 1 file changed, 107 insertions(+), 78 deletions(-) -- 2.34.1

6 months

4
14
0 0

[PATCH 4/4] tracing: Check "%s" dereference via the field and not the TP_printk format

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The TP_printk() portion of a trace event is executed at the time a event is read from the trace. This can happen seconds, minutes, hours, days, months, years possibly later since the event was recorded. If the print format contains a dereference to a string via "%s", and that string was allocated, there's a chance that string could be freed before it is read by the trace file. To protect against such bugs, there are two functions that verify the event. The first one is test_event_printk(), which is called when the event is created. It reads the TP_printk() format as well as its arguments to make sure nothing may be dereferencing a pointer that was not copied into the ring buffer along with the event. If it is, it will trigger a WARN_ON(). For strings that use "%s", it is not so easy. The string may not reside in the ring buffer but may still be valid. Strings that are static and part of the kernel proper which will not be freed for the life of the running system, are safe to dereference. But to know if it is a pointer to a static string or to something on the heap can not be determined until the event is triggered. This brings us to the second function that tests for the bad dereferencing of strings, trace_check_vprintf(). It would walk through the printf format looking for "%s", and when it finds it, it would validate that the pointer is safe to read. If not, it would produces a WARN_ON() as well and write into the ring buffer "[UNSAFE-MEMORY]". The problem with this is how it used va_list to have vsnprintf() handle all the cases that it didn't need to check. Instead of re-implementing vsnprintf(), it would make a copy of the format up to the %s part, and call vsnprintf() with the current va_list ap variable, where the ap would then be ready to point at the string in question. For architectures that passed va_list by reference this was possible. For architectures that passed it by copy it was not. A test_can_verify() function was used to differentiate between the two, and if it wasn't possible, it would disable it. Even for architectures where this was feasible, it was a stretch to rely on such a method that is undocumented, and could cause issues later on with new optimizations of the compiler. Instead, the first function test_event_printk() was updated to look at "%s" as well. If the "%s" argument is a pointer outside the event in the ring buffer, it would find the field type of the event that is the problem and mark the structure with a new flag called "needs_test". The event itself will be marked by TRACE_EVENT_FL_TEST_STR to let it be known that this event has a field that needs to be verified before the event can be printed using the printf format. When the event fields are created from the field type structure, the fields would copy the field type's "needs_test" value. Finally, before being printed, a new function ignore_event() is called which will check if the event has the TEST_STR flag set (if not, it returns false). If the flag is set, it then iterates through the events fields looking for the ones that have the "needs_test" flag set. Then it uses the offset field from the field structure to find the pointer in the ring buffer event. It runs the tests to make sure that pointer is safe to print and if not, it triggers the WARN_ON() and also adds to the trace output that the event in question has an unsafe memory access. The ignore_event() makes the trace_check_vprintf() obsolete so it is removed. Link: https://lore.kernel.org/all/CAHk-=wh3uOnqnZPpR0PeLZZtyWbZLboZ7cHLCKRWsocvs9… Cc: stable(a)vger.kernel.org Fixes: 5013f454a352c ("tracing: Add check of trace event print fmts for dereferencing pointers") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- include/linux/trace_events.h | 6 +- kernel/trace/trace.c | 255 ++++++++--------------------------- kernel/trace/trace.h | 6 +- kernel/trace/trace_events.c | 32 +++-- kernel/trace/trace_output.c | 6 +- 5 files changed, 88 insertions(+), 217 deletions(-) diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h index 2a5df5b62cfc..91b8ffbdfa8c 100644 --- a/include/linux/trace_events.h +++ b/include/linux/trace_events.h @@ -273,7 +273,8 @@ struct trace_event_fields { const char *name; const int size; const int align; - const int is_signed; + const unsigned int is_signed:1; + unsigned int needs_test:1; const int filter_type; const int len; }; @@ -324,6 +325,7 @@ enum { TRACE_EVENT_FL_EPROBE_BIT, TRACE_EVENT_FL_FPROBE_BIT, TRACE_EVENT_FL_CUSTOM_BIT, + TRACE_EVENT_FL_TEST_STR_BIT, }; /* @@ -340,6 +342,7 @@ enum { * CUSTOM - Event is a custom event (to be attached to an exsiting tracepoint) * This is set when the custom event has not been attached * to a tracepoint yet, then it is cleared when it is. + * TEST_STR - The event has a "%s" that points to a string outside the event */ enum { TRACE_EVENT_FL_CAP_ANY = (1 << TRACE_EVENT_FL_CAP_ANY_BIT), @@ -352,6 +355,7 @@ enum { TRACE_EVENT_FL_EPROBE = (1 << TRACE_EVENT_FL_EPROBE_BIT), TRACE_EVENT_FL_FPROBE = (1 << TRACE_EVENT_FL_FPROBE_BIT), TRACE_EVENT_FL_CUSTOM = (1 << TRACE_EVENT_FL_CUSTOM_BIT), + TRACE_EVENT_FL_TEST_STR = (1 << TRACE_EVENT_FL_TEST_STR_BIT), }; #define TRACE_EVENT_FL_UKPROBE (TRACE_EVENT_FL_KPROBE | TRACE_EVENT_FL_UPROBE) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index be62f0ea1814..7cc18b9bce27 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3611,17 +3611,12 @@ char *trace_iter_expand_format(struct trace_iterator *iter) } /* Returns true if the string is safe to dereference from an event */ -static bool trace_safe_str(struct trace_iterator *iter, const char *str, - bool star, int len) +static bool trace_safe_str(struct trace_iterator *iter, const char *str) { unsigned long addr = (unsigned long)str; struct trace_event *trace_event; struct trace_event_call *event; - /* Ignore strings with no length */ - if (star && !len) - return true; - /* OK if part of the event data */ if ((addr >= (unsigned long)iter->ent) && (addr < (unsigned long)iter->ent + iter->ent_size)) @@ -3661,181 +3656,69 @@ static bool trace_safe_str(struct trace_iterator *iter, const char *str, return false; } -static DEFINE_STATIC_KEY_FALSE(trace_no_verify); - -static int test_can_verify_check(const char *fmt, ...) -{ - char buf[16]; - va_list ap; - int ret; - - /* - * The verifier is dependent on vsnprintf() modifies the va_list - * passed to it, where it is sent as a reference. Some architectures - * (like x86_32) passes it by value, which means that vsnprintf() - * does not modify the va_list passed to it, and the verifier - * would then need to be able to understand all the values that - * vsnprintf can use. If it is passed by value, then the verifier - * is disabled. - */ - va_start(ap, fmt); - vsnprintf(buf, 16, "%d", ap); - ret = va_arg(ap, int); - va_end(ap); - - return ret; -} - -static void test_can_verify(void) -{ - if (!test_can_verify_check("%d %d", 0, 1)) { - pr_info("trace event string verifier disabled\n"); - static_branch_inc(&trace_no_verify); - } -} - /** - * trace_check_vprintf - Check dereferenced strings while writing to the seq buffer + * ignore_event - Check dereferenced fields while writing to the seq buffer * @iter: The iterator that holds the seq buffer and the event being printed - * @fmt: The format used to print the event - * @ap: The va_list holding the data to print from @fmt. * - * This writes the data into the @iter->seq buffer using the data from - * @fmt and @ap. If the format has a %s, then the source of the string - * is examined to make sure it is safe to print, otherwise it will - * warn and print "[UNSAFE MEMORY]" in place of the dereferenced string - * pointer. + * At boot up, test_event_printk() will flag any event that dereferences + * a string with "%s" that does exist in the ring buffer. It may still + * be valid, as the string may point to a static string in the kernel + * rodata that never gets freed. But if the string pointer is pointing + * to something that was allocated, there's a chance that it can be freed + * by the time the user reads the trace. This would cause a bad memory + * access by the kernel and possibly crash the system. + * + * This function will check if the event has any fields flagged as needing + * to be checked at runtime and perform those checks. + * + * If it is found that a field is unsafe, it will write into the @iter->seq + * a message stating what was found to be unsafe. + * + * @return: true if the event is unsafe and should be ignored, + * false otherwise. */ -void trace_check_vprintf(struct trace_iterator *iter, const char *fmt, - va_list ap) +bool ignore_event(struct trace_iterator *iter) { - long text_delta = 0; - long data_delta = 0; - const char *p = fmt; - const char *str; - bool good; - int i, j; + struct ftrace_event_field *field; + struct trace_event *trace_event; + struct trace_event_call *event; + struct list_head *head; + struct trace_seq *seq; + const void *ptr; - if (WARN_ON_ONCE(!fmt)) - return; + trace_event = ftrace_find_event(iter->ent->type); - if (static_branch_unlikely(&trace_no_verify)) - goto print; + seq = &iter->seq; - /* - * When the kernel is booted with the tp_printk command line - * parameter, trace events go directly through to printk(). - * It also is checked by this function, but it does not - * have an associated trace_array (tr) for it. - */ - if (iter->tr) { - text_delta = iter->tr->text_delta; - data_delta = iter->tr->data_delta; + if (!trace_event) { + trace_seq_printf(seq, "EVENT ID %d NOT FOUND?\n", iter->ent->type); + return true; } - /* Don't bother checking when doing a ftrace_dump() */ - if (iter->fmt == static_fmt_buf) - goto print; - - while (*p) { - bool star = false; - int len = 0; - - j = 0; - - /* - * We only care about %s and variants - * as well as %p[sS] if delta is non-zero - */ - for (i = 0; p[i]; i++) { - if (i + 1 >= iter->fmt_size) { - /* - * If we can't expand the copy buffer, - * just print it. - */ - if (!trace_iter_expand_format(iter)) - goto print; - } - - if (p[i] == '\\' && p[i+1]) { - i++; - continue; - } - if (p[i] == '%') { - /* Need to test cases like %08.*s */ - for (j = 1; p[i+j]; j++) { - if (isdigit(p[i+j]) || - p[i+j] == '.') - continue; - if (p[i+j] == '*') { - star = true; - continue; - } - break; - } - if (p[i+j] == 's') - break; - - if (text_delta && p[i+1] == 'p' && - ((p[i+2] == 's' || p[i+2] == 'S'))) - break; - - star = false; - } - j = 0; - } - /* If no %s found then just print normally */ - if (!p[i]) - break; - - /* Copy up to the %s, and print that */ - strncpy(iter->fmt, p, i); - iter->fmt[i] = '\0'; - trace_seq_vprintf(&iter->seq, iter->fmt, ap); + event = container_of(trace_event, struct trace_event_call, event); + if (!(event->flags & TRACE_EVENT_FL_TEST_STR)) + return false; - /* Add delta to %pS pointers */ - if (p[i+1] == 'p') { - unsigned long addr; - char fmt[4]; + head = trace_get_fields(event); + if (!head) { + trace_seq_printf(seq, "FIELDS FOR EVENT '%s' NOT FOUND?\n", + trace_event_name(event)); + return true; + } - fmt[0] = '%'; - fmt[1] = 'p'; - fmt[2] = p[i+2]; /* Either %ps or %pS */ - fmt[3] = '\0'; + /* Offsets are from the iter->ent that points to the raw event */ + ptr = iter->ent; - addr = va_arg(ap, unsigned long); - addr += text_delta; - trace_seq_printf(&iter->seq, fmt, (void *)addr); + list_for_each_entry(field, head, link) { + const char *str; + bool good; - p += i + 3; + if (!field->needs_test) continue; - } - /* - * If iter->seq is full, the above call no longer guarantees - * that ap is in sync with fmt processing, and further calls - * to va_arg() can return wrong positional arguments. - * - * Ensure that ap is no longer used in this case. - */ - if (iter->seq.full) { - p = ""; - break; - } - - if (star) - len = va_arg(ap, int); - - /* The ap now points to the string data of the %s */ - str = va_arg(ap, const char *); + str = *(const char **)(ptr + field->offset); - good = trace_safe_str(iter, str, star, len); - - /* Could be from the last boot */ - if (data_delta && !good) { - str += data_delta; - good = trace_safe_str(iter, str, star, len); - } + good = trace_safe_str(iter, str); /* * If you hit this warning, it is likely that the @@ -3846,44 +3729,14 @@ void trace_check_vprintf(struct trace_iterator *iter, const char *fmt, * instead. See samples/trace_events/trace-events-sample.h * for reference. */ - if (WARN_ONCE(!good, "fmt: '%s' current_buffer: '%s'", - fmt, seq_buf_str(&iter->seq.seq))) { - int ret; - - /* Try to safely read the string */ - if (star) { - if (len + 1 > iter->fmt_size) - len = iter->fmt_size - 1; - if (len < 0) - len = 0; - ret = copy_from_kernel_nofault(iter->fmt, str, len); - iter->fmt[len] = 0; - star = false; - } else { - ret = strncpy_from_kernel_nofault(iter->fmt, str, - iter->fmt_size); - } - if (ret < 0) - trace_seq_printf(&iter->seq, "(0x%px)", str); - else - trace_seq_printf(&iter->seq, "(0x%px:%s)", - str, iter->fmt); - str = "[UNSAFE-MEMORY]"; - strcpy(iter->fmt, "%s"); - } else { - strncpy(iter->fmt, p + i, j + 1); - iter->fmt[j+1] = '\0'; + if (WARN_ONCE(!good, "event '%s' has unsafe pointer field '%s'", + trace_event_name(event), field->name)) { + trace_seq_printf(seq, "EVENT %s: HAS UNSAFE POINTER FIELD '%s'\n", + trace_event_name(event), field->name); + return true; } - if (star) - trace_seq_printf(&iter->seq, iter->fmt, len, str); - else - trace_seq_printf(&iter->seq, iter->fmt, str); - - p += i + j + 1; } - print: - if (*p) - trace_seq_vprintf(&iter->seq, p, ap); + return false; } const char *trace_event_format(struct trace_iterator *iter, const char *fmt) @@ -10777,8 +10630,6 @@ __init static int tracer_alloc_buffers(void) register_snapshot_cmd(); - test_can_verify(); - return 0; out_free_pipe_cpumask: diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 266740b4e121..9691b47b5f3d 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -667,9 +667,8 @@ void trace_buffer_unlock_commit_nostack(struct trace_buffer *buffer, bool trace_is_tracepoint_string(const char *str); const char *trace_event_format(struct trace_iterator *iter, const char *fmt); -void trace_check_vprintf(struct trace_iterator *iter, const char *fmt, - va_list ap) __printf(2, 0); char *trace_iter_expand_format(struct trace_iterator *iter); +bool ignore_event(struct trace_iterator *iter); int trace_empty(struct trace_iterator *iter); @@ -1413,7 +1412,8 @@ struct ftrace_event_field { int filter_type; int offset; int size; - int is_signed; + unsigned int is_signed:1; + unsigned int needs_test:1; int len; }; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 521ad2fd1fe7..1545cc8b49d0 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -82,7 +82,7 @@ static int system_refcount_dec(struct event_subsystem *system) } static struct ftrace_event_field * -__find_event_field(struct list_head *head, char *name) +__find_event_field(struct list_head *head, const char *name) { struct ftrace_event_field *field; @@ -114,7 +114,8 @@ trace_find_event_field(struct trace_event_call *call, char *name) static int __trace_define_field(struct list_head *head, const char *type, const char *name, int offset, int size, - int is_signed, int filter_type, int len) + int is_signed, int filter_type, int len, + int need_test) { struct ftrace_event_field *field; @@ -133,6 +134,7 @@ static int __trace_define_field(struct list_head *head, const char *type, field->offset = offset; field->size = size; field->is_signed = is_signed; + field->needs_test = need_test; field->len = len; list_add(&field->link, head); @@ -151,13 +153,13 @@ int trace_define_field(struct trace_event_call *call, const char *type, head = trace_get_fields(call); return __trace_define_field(head, type, name, offset, size, - is_signed, filter_type, 0); + is_signed, filter_type, 0, 0); } EXPORT_SYMBOL_GPL(trace_define_field); static int trace_define_field_ext(struct trace_event_call *call, const char *type, const char *name, int offset, int size, int is_signed, - int filter_type, int len) + int filter_type, int len, int need_test) { struct list_head *head; @@ -166,13 +168,13 @@ static int trace_define_field_ext(struct trace_event_call *call, const char *typ head = trace_get_fields(call); return __trace_define_field(head, type, name, offset, size, - is_signed, filter_type, len); + is_signed, filter_type, len, need_test); } #define __generic_field(type, item, filter_type) \ ret = __trace_define_field(&ftrace_generic_fields, #type, \ #item, 0, 0, is_signed_type(type), \ - filter_type, 0); \ + filter_type, 0, 0); \ if (ret) \ return ret; @@ -181,7 +183,8 @@ static int trace_define_field_ext(struct trace_event_call *call, const char *typ "common_" #item, \ offsetof(typeof(ent), item), \ sizeof(ent.item), \ - is_signed_type(type), FILTER_OTHER, 0); \ + is_signed_type(type), FILTER_OTHER, \ + 0, 0); \ if (ret) \ return ret; @@ -332,6 +335,7 @@ static bool process_pointer(const char *fmt, int len, struct trace_event_call *c /* Return true if the string is safe */ static bool process_string(const char *fmt, int len, struct trace_event_call *call) { + struct trace_event_fields *field; const char *r, *e, *s; e = fmt + len; @@ -372,8 +376,16 @@ static bool process_string(const char *fmt, int len, struct trace_event_call *ca if (process_pointer(fmt, len, call)) return true; - /* Make sure the field is found, and consider it OK for now if it is */ - return find_event_field(fmt, call) != NULL; + /* Make sure the field is found */ + field = find_event_field(fmt, call); + if (!field) + return false; + + /* Test this field's string before printing the event */ + call->flags |= TRACE_EVENT_FL_TEST_STR; + field->needs_test = 1; + + return true; } /* @@ -2586,7 +2598,7 @@ event_define_fields(struct trace_event_call *call) ret = trace_define_field_ext(call, field->type, field->name, offset, field->size, field->is_signed, field->filter_type, - field->len); + field->len, field->needs_test); if (WARN_ON_ONCE(ret)) { pr_err("error code is %d\n", ret); break; diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c index da748b7cbc4d..03d56f711ad1 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -317,10 +317,14 @@ EXPORT_SYMBOL(trace_raw_output_prep); void trace_event_printf(struct trace_iterator *iter, const char *fmt, ...) { + struct trace_seq *s = &iter->seq; va_list ap; + if (ignore_event(iter)) + return; + va_start(ap, fmt); - trace_check_vprintf(iter, trace_event_format(iter, fmt), ap); + trace_seq_vprintf(s, trace_event_format(iter, fmt), ap); va_end(ap); } EXPORT_SYMBOL(trace_event_printf); -- 2.45.2

6 months

1
0
0 0

[PATCH 3/4] tracing: Add "%s" check in test_event_printk()

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The test_event_printk() code makes sure that when a trace event is registered, any dereferenced pointers in from the event's TP_printk() are pointing to content in the ring buffer. But currently it does not handle "%s", as there's cases where the string pointer saved in the ring buffer points to a static string in the kernel that will never be freed. As that is a valid case, the pointer needs to be checked at runtime. Currently the runtime check is done via trace_check_vprintf(), but to not have to replicate everything in vsnprintf() it does some logic with the va_list that may not be reliable across architectures. In order to get rid of that logic, more work in the test_event_printk() needs to be done. Some of the strings can be validated at this time when it is obvious the string is valid because the string will be saved in the ring buffer content. Do all the validation of strings in the ring buffer at boot in test_event_printk(), and make sure that the field of the strings that point into the kernel are accessible. This will allow adding checks at runtime that will validate the fields themselves and not rely on paring the TP_printk() format at runtime. Cc: stable(a)vger.kernel.org Fixes: 5013f454a352c ("tracing: Add check of trace event print fmts for dereferencing pointers") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_events.c | 104 ++++++++++++++++++++++++++++++------ 1 file changed, 89 insertions(+), 15 deletions(-) diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index df75c06bb23f..521ad2fd1fe7 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -244,19 +244,16 @@ int trace_event_get_offsets(struct trace_event_call *call) return tail->offset + tail->size; } -/* - * Check if the referenced field is an array and return true, - * as arrays are OK to dereference. - */ -static bool test_field(const char *fmt, struct trace_event_call *call) + +static struct trace_event_fields *find_event_field(const char *fmt, + struct trace_event_call *call) { struct trace_event_fields *field = call->class->fields_array; - const char *array_descriptor; const char *p = fmt; int len; if (!(len = str_has_prefix(fmt, "REC->"))) - return false; + return NULL; fmt += len; for (p = fmt; *p; p++) { if (!isalnum(*p) && *p != '_') @@ -267,11 +264,26 @@ static bool test_field(const char *fmt, struct trace_event_call *call) for (; field->type; field++) { if (strncmp(field->name, fmt, len) || field->name[len]) continue; - array_descriptor = strchr(field->type, '['); - /* This is an array and is OK to dereference. */ - return array_descriptor != NULL; + + return field; } - return false; + return NULL; +} + +/* + * Check if the referenced field is an array and return true, + * as arrays are OK to dereference. + */ +static bool test_field(const char *fmt, struct trace_event_call *call) +{ + struct trace_event_fields *field; + + field = find_event_field(fmt, call); + if (!field) + return false; + + /* This is an array and is OK to dereference. */ + return strchr(field->type, '[') != NULL; } /* Look for a string within an argument */ @@ -317,6 +329,53 @@ static bool process_pointer(const char *fmt, int len, struct trace_event_call *c return false; } +/* Return true if the string is safe */ +static bool process_string(const char *fmt, int len, struct trace_event_call *call) +{ + const char *r, *e, *s; + + e = fmt + len; + + /* + * There are several helper functions that return strings. + * If the argument contains a function, then assume its field is valid. + * It is considered that the argument has a function if it has: + * alphanumeric or '_' before a parenthesis. + */ + s = fmt; + do { + r = strstr(s, "("); + if (!r || r >= e) + break; + for (int i = 1; r - i >= s; i++) { + char ch = *(r - i); + if (isspace(ch)) + continue; + if (isalnum(ch) || ch == '_') + return true; + /* Anything else, this isn't a function */ + break; + } + /* A function could be wrapped in parethesis, try the next one */ + s = r + 1; + } while (s < e); + + /* + * If there's any strings in the argument consider this arg OK as it + * could be: REC->field ? "foo" : "bar" and we don't want to get into + * verifying that logic here. + */ + if (find_print_string(fmt, "\"", e)) + return true; + + /* Dereferenced strings are also valid like any other pointer */ + if (process_pointer(fmt, len, call)) + return true; + + /* Make sure the field is found, and consider it OK for now if it is */ + return find_event_field(fmt, call) != NULL; +} + /* * Examine the print fmt of the event looking for unsafe dereference * pointers using %p* that could be recorded in the trace event and @@ -326,6 +385,7 @@ static bool process_pointer(const char *fmt, int len, struct trace_event_call *c static void test_event_printk(struct trace_event_call *call) { u64 dereference_flags = 0; + u64 string_flags = 0; bool first = true; const char *fmt; int parens = 0; @@ -416,8 +476,16 @@ static void test_event_printk(struct trace_event_call *call) star = true; continue; } - if ((fmt[i + j] == 's') && star) - arg++; + if ((fmt[i + j] == 's')) { + if (star) + arg++; + if (WARN_ONCE(arg == 63, + "Too many args for event: %s", + trace_event_name(call))) + return; + dereference_flags |= 1ULL << arg; + string_flags |= 1ULL << arg; + } break; } break; @@ -464,7 +532,10 @@ static void test_event_printk(struct trace_event_call *call) } if (dereference_flags & (1ULL << arg)) { - if (process_pointer(fmt + start_arg, e - start_arg, call)) + if (string_flags & (1ULL << arg)) { + if (process_string(fmt + start_arg, e - start_arg, call)) + dereference_flags &= ~(1ULL << arg); + } else if (process_pointer(fmt + start_arg, e - start_arg, call)) dereference_flags &= ~(1ULL << arg); } @@ -476,7 +547,10 @@ static void test_event_printk(struct trace_event_call *call) } if (dereference_flags & (1ULL << arg)) { - if (process_pointer(fmt + start_arg, i - start_arg, call)) + if (string_flags & (1ULL << arg)) { + if (process_string(fmt + start_arg, i - start_arg, call)) + dereference_flags &= ~(1ULL << arg); + } else if (process_pointer(fmt + start_arg, i - start_arg, call)) dereference_flags &= ~(1ULL << arg); } -- 2.45.2

6 months

1
0
0 0

[PATCH 2/4] tracing: Add missing helper functions in event pointer dereference check

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The process_pointer() helper function looks to see if various trace event macros are used. These macros are for storing data in the event. This makes it safe to dereference as the dereference will then point into the event on the ring buffer where the content of the data stays with the event itself. A few helper functions were missing. Those were: __get_rel_dynamic_array() __get_dynamic_array_len() __get_rel_dynamic_array_len() __get_rel_sockaddr() Also add a helper function find_print_string() to not need to use a middle man variable to test if the string exists. Cc: stable(a)vger.kernel.org Fixes: 5013f454a352c ("tracing: Add check of trace event print fmts for dereferencing pointers") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_events.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 14e160a5b905..df75c06bb23f 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -274,6 +274,15 @@ static bool test_field(const char *fmt, struct trace_event_call *call) return false; } +/* Look for a string within an argument */ +static bool find_print_string(const char *arg, const char *str, const char *end) +{ + const char *r; + + r = strstr(arg, str); + return r && r < end; +} + /* Return true if the argument pointer is safe */ static bool process_pointer(const char *fmt, int len, struct trace_event_call *call) { @@ -292,9 +301,17 @@ static bool process_pointer(const char *fmt, int len, struct trace_event_call *c a = strchr(fmt, '&'); if ((a && (a < r)) || test_field(r, call)) return true; - } else if ((r = strstr(fmt, "__get_dynamic_array(")) && r < e) { + } else if (find_print_string(fmt, "__get_dynamic_array(", e)) { + return true; + } else if (find_print_string(fmt, "__get_rel_dynamic_array(", e)) { + return true; + } else if (find_print_string(fmt, "__get_dynamic_array_len(", e)) { + return true; + } else if (find_print_string(fmt, "__get_rel_dynamic_array_len(", e)) { + return true; + } else if (find_print_string(fmt, "__get_sockaddr(", e)) { return true; - } else if ((r = strstr(fmt, "__get_sockaddr(")) && r < e) { + } else if (find_print_string(fmt, "__get_rel_sockaddr(", e)) { return true; } return false; -- 2.45.2

6 months

1
0
0 0

[PATCH 1/4] tracing: Fix test_event_printk() to process entire print argument

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The test_event_printk() analyzes print formats of trace events looking for cases where it may dereference a pointer that is not in the ring buffer which can possibly be a bug when the trace event is read from the ring buffer and the content of that pointer no longer exists. The function needs to accurately go from one print format argument to the next. It handles quotes and parenthesis that may be included in an argument. When it finds the start of the next argument, it uses a simple "c = strstr(fmt + i, ',')" to find the end of that argument! In order to include "%s" dereferencing, it needs to process the entire content of the print format argument and not just the content of the first ',' it finds. As there may be content like: ({ const char *saved_ptr = trace_seq_buffer_ptr(p); static const char *access_str[] = { "---", "--x", "w--", "w-x", "-u-", "-ux", "wu-", "wux" }; union kvm_mmu_page_role role; role.word = REC->role; trace_seq_printf(p, "sp gen %u gfn %llx l%u %u-byte q%u%s %s%s" " %snxe %sad root %u %s%c", REC->mmu_valid_gen, REC->gfn, role.level, role.has_4_byte_gpte ? 4 : 8, role.quadrant, role.direct ? " direct" : "", access_str[role.access], role.invalid ? " invalid" : "", role.efer_nx ? "" : "!", role.ad_disabled ? "!" : "", REC->root_count, REC->unsync ? "unsync" : "sync", 0); saved_ptr; }) Which is an example of a full argument of an existing event. As the code already handles finding the next print format argument, process the argument at the end of it and not the start of it. This way it has both the start of the argument as well as the end of it. Add a helper function "process_pointer()" that will do the processing during the loop as well as at the end. It also makes the code cleaner and easier to read. Cc: stable(a)vger.kernel.org Fixes: 5013f454a352c ("tracing: Add check of trace event print fmts for dereferencing pointers") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_events.c | 82 ++++++++++++++++++++++++------------- 1 file changed, 53 insertions(+), 29 deletions(-) diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 77e68efbd43e..14e160a5b905 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -265,8 +265,7 @@ static bool test_field(const char *fmt, struct trace_event_call *call) len = p - fmt; for (; field->type; field++) { - if (strncmp(field->name, fmt, len) || - field->name[len]) + if (strncmp(field->name, fmt, len) || field->name[len]) continue; array_descriptor = strchr(field->type, '['); /* This is an array and is OK to dereference. */ @@ -275,6 +274,32 @@ static bool test_field(const char *fmt, struct trace_event_call *call) return false; } +/* Return true if the argument pointer is safe */ +static bool process_pointer(const char *fmt, int len, struct trace_event_call *call) +{ + const char *r, *e, *a; + + e = fmt + len; + + /* Find the REC-> in the argument */ + r = strstr(fmt, "REC->"); + if (r && r < e) { + /* + * Addresses of events on the buffer, or an array on the buffer is + * OK to dereference. There's ways to fool this, but + * this is to catch common mistakes, not malicious code. + */ + a = strchr(fmt, '&'); + if ((a && (a < r)) || test_field(r, call)) + return true; + } else if ((r = strstr(fmt, "__get_dynamic_array(")) && r < e) { + return true; + } else if ((r = strstr(fmt, "__get_sockaddr(")) && r < e) { + return true; + } + return false; +} + /* * Examine the print fmt of the event looking for unsafe dereference * pointers using %p* that could be recorded in the trace event and @@ -285,12 +310,12 @@ static void test_event_printk(struct trace_event_call *call) { u64 dereference_flags = 0; bool first = true; - const char *fmt, *c, *r, *a; + const char *fmt; int parens = 0; char in_quote = 0; int start_arg = 0; int arg = 0; - int i; + int i, e; fmt = call->print_fmt; @@ -403,42 +428,41 @@ static void test_event_printk(struct trace_event_call *call) case ',': if (in_quote || parens) continue; + e = i; i++; while (isspace(fmt[i])) i++; - start_arg = i; - if (!(dereference_flags & (1ULL << arg))) - goto next_arg; - /* Find the REC-> in the argument */ - c = strchr(fmt + i, ','); - r = strstr(fmt + i, "REC->"); - if (r && (!c || r < c)) { - /* - * Addresses of events on the buffer, - * or an array on the buffer is - * OK to dereference. - * There's ways to fool this, but - * this is to catch common mistakes, - * not malicious code. - */ - a = strchr(fmt + i, '&'); - if ((a && (a < r)) || test_field(r, call)) + /* + * If start_arg is zero, then this is the start of the + * first argument. The processing of the argument happens + * when the end of the argument is found, as it needs to + * handle paranthesis and such. + */ + if (!start_arg) { + start_arg = i; + /* Balance out the i++ in the for loop */ + i--; + continue; + } + + if (dereference_flags & (1ULL << arg)) { + if (process_pointer(fmt + start_arg, e - start_arg, call)) dereference_flags &= ~(1ULL << arg); - } else if ((r = strstr(fmt + i, "__get_dynamic_array(")) && - (!c || r < c)) { - dereference_flags &= ~(1ULL << arg); - } else if ((r = strstr(fmt + i, "__get_sockaddr(")) && - (!c || r < c)) { - dereference_flags &= ~(1ULL << arg); } - next_arg: - i--; + start_arg = i; arg++; + /* Balance out the i++ in the for loop */ + i--; } } + if (dereference_flags & (1ULL << arg)) { + if (process_pointer(fmt + start_arg, i - start_arg, call)) + dereference_flags &= ~(1ULL << arg); + } + /* * If you triggered the below warning, the trace event reported * uses an unsafe dereference pointer %p*. As the data stored -- 2.45.2

6 months

1
0
0 0

[PATCHSET] xfs: bug fixes for 6.13

by Darrick J. Wong

Hi all, Bug fixes for 6.13. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. This has been running on the djcloud for months with no problems. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=xf… xfsprogs git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfsprogs-dev.git/log/?h… --- Commits in this patchset: * xfs: fix off-by-one error in fsmap's end_daddr usage * xfs: metapath scrubber should use the already loaded inodes * xfs: keep quota directory inode loaded * xfs: return a 64-bit block count from xfs_btree_count_blocks * xfs: don't drop errno values when we fail to ficlone the entire range * xfs: separate healthy clearing mask during repair * xfs: set XFS_SICK_INO_SYMLINK_ZAPPED explicitly when zapping a symlink * xfs: mark metadir repair tempfiles with IRECOVERY * xfs: fix null bno_hint handling in xfs_rtallocate_rtg * xfs: fix error bailout in xfs_rtginode_create * xfs: update btree keys correctly when _insrec splits an inode root block * xfs: fix scrub tracepoints when inode-rooted btrees are involved * xfs: unlock inodes when erroring out of xfs_trans_alloc_dir * xfs: only run precommits once per transaction object * xfs: remove recursion in __xfs_trans_commit * xfs: don't lose solo superblock counter update transactions * xfs: don't lose solo dquot update transactions * xfs: separate dquot buffer reads from xfs_dqflush * xfs: clean up log item accesses in xfs_qm_dqflush{,_done} * xfs: attach dquot buffer to dquot log item buffer * xfs: convert quotacheck to attach dquot buffers --- fs/xfs/libxfs/xfs_btree.c | 33 +++++-- fs/xfs/libxfs/xfs_btree.h | 2 fs/xfs/libxfs/xfs_ialloc_btree.c | 4 + fs/xfs/libxfs/xfs_rtgroup.c | 2 fs/xfs/scrub/agheader.c | 6 + fs/xfs/scrub/agheader_repair.c | 6 + fs/xfs/scrub/fscounters.c | 2 fs/xfs/scrub/health.c | 57 +++++++----- fs/xfs/scrub/ialloc.c | 4 - fs/xfs/scrub/metapath.c | 68 +++++--------- fs/xfs/scrub/refcount.c | 2 fs/xfs/scrub/scrub.h | 6 + fs/xfs/scrub/symlink_repair.c | 3 - fs/xfs/scrub/tempfile.c | 10 ++ fs/xfs/scrub/trace.h | 2 fs/xfs/xfs_bmap_util.c | 2 fs/xfs/xfs_dquot.c | 185 ++++++++++++++++++++++++++++++++------ fs/xfs/xfs_dquot.h | 5 + fs/xfs/xfs_dquot_item.c | 51 ++++++++-- fs/xfs/xfs_dquot_item.h | 7 + fs/xfs/xfs_file.c | 8 ++ fs/xfs/xfs_fsmap.c | 38 +++++--- fs/xfs/xfs_inode.h | 2 fs/xfs/xfs_qm.c | 92 +++++++++++++------ fs/xfs/xfs_qm.h | 1 fs/xfs/xfs_quota.h | 7 + fs/xfs/xfs_rtalloc.c | 2 fs/xfs/xfs_trans.c | 58 ++++++------ fs/xfs/xfs_trans_ail.c | 2 fs/xfs/xfs_trans_dquot.c | 31 +++++- 30 files changed, 475 insertions(+), 223 deletions(-)

6 months

3
25
0 0

[PATCH v1 v1] drm/nouveau: Fix memory leak in nvbios_iccsense_parse

by Zhanxin Qi

The nvbios_iccsense_parse function allocates memory for sensor data but fails to free it when the function exits, leading to a memory leak. Add proper cleanup to free the allocated memory. Fixes: 39b7e6e547ff ("drm/nouveau/nvbios/iccsense: add parsing of the SENSE table") Cc: stable(a)vger.kernel.org Signed-off-by: Zhanxin Qi <zhanxin(a)nfschina.com> Signed-off-by: Duanjun Li <duanjun(a)nfschina.com> Signed-off-by: Danilo Krummrich <dakr(a)redhat.com> --- .../include/nvkm/subdev/bios/iccsense.h | 2 ++ .../drm/nouveau/nvkm/subdev/bios/iccsense.c | 20 +++++++++++++++++++ .../drm/nouveau/nvkm/subdev/iccsense/base.c | 3 +++ 3 files changed, 25 insertions(+) diff --git a/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/iccsense.h b/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/iccsense.h index 4c108fd2c805..8bfc28c3f7a7 100644 --- a/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/iccsense.h +++ b/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/iccsense.h @@ -20,4 +20,6 @@ struct nvbios_iccsense { }; int nvbios_iccsense_parse(struct nvkm_bios *, struct nvbios_iccsense *); + +void nvbios_iccsense_cleanup(struct nvbios_iccsense *iccsense); #endif diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/iccsense.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/iccsense.c index dea444d48f94..38fcc91ffea6 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/iccsense.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/iccsense.c @@ -56,6 +56,19 @@ nvbios_iccsense_table(struct nvkm_bios *bios, u8 *ver, u8 *hdr, u8 *cnt, return 0; } +/** + * nvbios_iccsense_parse - Parse ICCSENSE table from VBIOS + * @bios: VBIOS base pointer + * @iccsense: ICCSENSE table structure to fill + * + * Parses the ICCSENSE table from VBIOS and fills the provided structure. + * The caller must invoke nvbios_iccsense_cleanup() after successful parsing + * to free the allocated rail resources. + * + * Returns: + * 0 - Success + * -ENODEV - Table not found + */ int nvbios_iccsense_parse(struct nvkm_bios *bios, struct nvbios_iccsense *iccsense) { @@ -127,3 +140,10 @@ nvbios_iccsense_parse(struct nvkm_bios *bios, struct nvbios_iccsense *iccsense) return 0; } + +void +nvbios_iccsense_cleanup(struct nvbios_iccsense *iccsense) +{ + kfree(iccsense->rail); + iccsense->rail = NULL; +} diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/iccsense/base.c b/drivers/gpu/drm/nouveau/nvkm/subdev/iccsense/base.c index 8f0ccd3664eb..4c1759ecce38 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/iccsense/base.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/iccsense/base.c @@ -291,6 +291,9 @@ nvkm_iccsense_oneinit(struct nvkm_subdev *subdev) list_add_tail(&rail->head, &iccsense->rails); } } + + nvbios_iccsense_cleanup(&stbl); + return 0; } -- 2.30.2

6 months

2
2
0 0

[PATCH] KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status

by Raghavendra Rao Ananta

commit 54bbee190d42166209185d89070c58a343bf514b upstream. DDI0487K.a D13.3.1 describes the PMU overflow condition, which evaluates to true if any counter's global enable (PMCR_EL0.E), overflow flag (PMOVSSET_EL0[n]), and interrupt enable (PMINTENSET_EL1[n]) are all 1. Of note, this does not require a counter to be enabled (i.e. PMCNTENSET_EL0[n] = 1) to generate an overflow. Align kvm_pmu_overflow_status() with the reality of the architecture and stop using PMCNTENSET_EL0 as part of the overflow condition. The bug was discovered while running an SBSA PMU test [*], which only sets PMCR.E, PMOVSSET<0>, PMINTENSET<0>, and expects an overflow interrupt. Cc: stable(a)vger.kernel.org Fixes: 76d883c4e640 ("arm64: KVM: Add access handler for PMOVSSET and PMOVSCLR register") Link: https://github.com/ARM-software/sbsa-acs/blob/master/test_pool/pmu/operatin… Signed-off-by: Raghavendra Rao Ananta <rananta(a)google.com> [ oliver: massaged changelog ] Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20241120005230.2335682-2-oliver.upton@linux.dev Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- virt/kvm/arm/pmu.c | 1 - 1 file changed, 1 deletion(-) diff --git a/virt/kvm/arm/pmu.c b/virt/kvm/arm/pmu.c index 4c08fd009768..9732c5e0ed22 100644 --- a/virt/kvm/arm/pmu.c +++ b/virt/kvm/arm/pmu.c @@ -357,7 +357,6 @@ static u64 kvm_pmu_overflow_status(struct kvm_vcpu *vcpu) if ((__vcpu_sys_reg(vcpu, PMCR_EL0) & ARMV8_PMU_PMCR_E)) { reg = __vcpu_sys_reg(vcpu, PMOVSSET_EL0); - reg &= __vcpu_sys_reg(vcpu, PMCNTENSET_EL0); reg &= __vcpu_sys_reg(vcpu, PMINTENSET_EL1); reg &= kvm_pmu_valid_counter_mask(vcpu); } base-commit: 6708005a36cfdb32aa991ebd9ea172e1183231ef -- 2.47.1.613.gc27f4b7a9f-goog

6 months

2
1
0 0

ext4 damage suspected in between 5.15.167 - 5.15.170

by Nikolai Zhubr

Hi, This is to report that after jumping from generic kernel 5.15.167 to 5.15.170 I apparently observe ext4 damage. After some few days of regular daily use of 5.15.170, one morning my ext4 partition refused to mount complaining about corrupted system area (-117). There were no unusual events preceding this. The device in question is a laptop with healthy battery, also connected to AC permanently. The laptop is privately owned by me, in daily use at home, so I am 100% aware of everything happening with it. The filesystem in question lives on md raid1 with very assymmetric members (ssd+hdd) so one would not possibly expect that in the event of emergency cpu halt or some other abnormal stop while filesystem was actively writing data, raid members could stay in perfect sync. After the incident, I've run raid1 check multiple times and run memtest multiple times from different boot media and certainly consulted startctl. Nothing. No issues whatsoever except for this spontaneous ext4 damage. Looking at git log for ext4 changes between 5.15.167 and 5.15.170 shows a few commits. All landed in 5.15.168. Interestingly, one of them is a comeback of the (in)famous 91562895f803 "properly sync file size update after O_SYNC ..." which caused some blowup 1 year ago due to "subtle interaction". I've no idea if 91562895f803 is related to damage this time or not, but most definitely it looks like some problem was introduced between 5.15.167 and 5.15.170 anyway. And because there are apparently 0 commits to ext4 in 5.15 since 5.15.168 at the moment, I thought I'd report. Please CC me if you want me to see your reply and/or need more info (I'm not subscribed to the normal flow). Take care, Nick

6 months

4
7
0 0

[Regression] 6.1.120, 6.6.66 and 6.12.5 crashes on Vega with a Null pointer deference

by Philip Müller

Hi Greg, Due to backporting 2320c9e of to 6.1.120, 6.6.66 and 6.12.5 kernel series we have the following bug report: https://gitlab.freedesktop.org/drm/amd/-/issues/3831 The commit 47f402a3e08113e0f5d8e1e6fcc197667a16022f should be backported to 6.1, 6.6 and 6.12 stable branches. -- Best, Philip

6 months

3
5
0 0

+ mm-hugetlb-independent-pmd-page-table-shared-count.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: hugetlb: independent PMD page table shared count has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-independent-pmd-page-table-shared-count.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Liu Shixin <liushixin2(a)huawei.com> Subject: mm: hugetlb: independent PMD page table shared count Date: Mon, 16 Dec 2024 15:11:47 +0800 The folio refcount may be increased unexpectly through try_get_folio() by caller such as split_huge_pages. In huge_pmd_unshare(), we use refcount to check whether a pmd page table is shared. The check is incorrect if the refcount is increased by the above caller, and this can cause the page table leaked: BUG: Bad page state in process sh pfn:109324 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x66 pfn:0x109324 flags: 0x17ffff800000000(node=0|zone=2|lastcpupid=0xfffff) page_type: f2(table) raw: 017ffff800000000 0000000000000000 0000000000000000 0000000000000000 raw: 0000000000000066 0000000000000000 00000000f2000000 0000000000000000 page dumped because: nonzero mapcount ... CPU: 31 UID: 0 PID: 7515 Comm: sh Kdump: loaded Tainted: G B 6.13.0-rc2master+ #7 Tainted: [B]=BAD_PAGE Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 Call trace: show_stack+0x20/0x38 (C) dump_stack_lvl+0x80/0xf8 dump_stack+0x18/0x28 bad_page+0x8c/0x130 free_page_is_bad_report+0xa4/0xb0 free_unref_page+0x3cc/0x620 __folio_put+0xf4/0x158 split_huge_pages_all+0x1e0/0x3e8 split_huge_pages_write+0x25c/0x2d8 full_proxy_write+0x64/0xd8 vfs_write+0xcc/0x280 ksys_write+0x70/0x110 __arm64_sys_write+0x24/0x38 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x34/0x128 el0t_64_sync_handler+0xc8/0xd0 el0t_64_sync+0x190/0x198 The issue may be triggered by damon, offline_page, page_idle, etc, which will increase the refcount of page table. Fix it by introducing independent PMD page table shared count. As described by comment, pt_index/pt_mm/pt_frag_refcount are used for s390 gmap, x86 pgds and powerpc, pt_share_count is used for x86/arm64/riscv pmds, so we can reuse the field as pt_share_count. Link: https://lkml.kernel.org/r/20241216071147.3984217-1-liushixin2@huawei.com Fixes: 39dde65c9940 ("[PATCH] shared page table for hugetlb page") Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Ken Chen <kenneth.w.chen(a)intel.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 1 + include/linux/mm_types.h | 30 ++++++++++++++++++++++++++++++ mm/hugetlb.c | 16 +++++++--------- 3 files changed, 38 insertions(+), 9 deletions(-) --- a/include/linux/mm.h~mm-hugetlb-independent-pmd-page-table-shared-count +++ a/include/linux/mm.h @@ -3125,6 +3125,7 @@ static inline bool pagetable_pmd_ctor(st if (!pmd_ptlock_init(ptdesc)) return false; __folio_set_pgtable(folio); + ptdesc_pmd_pts_init(ptdesc); lruvec_stat_add_folio(folio, NR_PAGETABLE); return true; } --- a/include/linux/mm_types.h~mm-hugetlb-independent-pmd-page-table-shared-count +++ a/include/linux/mm_types.h @@ -445,6 +445,7 @@ FOLIO_MATCH(compound_head, _head_2a); * @pt_index: Used for s390 gmap. * @pt_mm: Used for x86 pgds. * @pt_frag_refcount: For fragmented page table tracking. Powerpc only. + * @pt_share_count: Used for HugeTLB PMD page table share count. * @_pt_pad_2: Padding to ensure proper alignment. * @ptl: Lock for the page table. * @__page_type: Same as page->page_type. Unused for page tables. @@ -471,6 +472,9 @@ struct ptdesc { pgoff_t pt_index; struct mm_struct *pt_mm; atomic_t pt_frag_refcount; +#ifdef CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING + atomic_t pt_share_count; +#endif }; union { @@ -516,6 +520,32 @@ static_assert(sizeof(struct ptdesc) <= s const struct page *: (const struct ptdesc *)(p), \ struct page *: (struct ptdesc *)(p))) +#ifdef CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING +static inline void ptdesc_pmd_pts_init(struct ptdesc *ptdesc) +{ + atomic_set(&ptdesc->pt_share_count, 0); +} + +static inline void ptdesc_pmd_pts_inc(struct ptdesc *ptdesc) +{ + atomic_inc(&ptdesc->pt_share_count); +} + +static inline void ptdesc_pmd_pts_dec(struct ptdesc *ptdesc) +{ + atomic_dec(&ptdesc->pt_share_count); +} + +static inline int ptdesc_pmd_pts_count(struct ptdesc *ptdesc) +{ + return atomic_read(&ptdesc->pt_share_count); +} +#else +static inline void ptdesc_pmd_pts_init(struct ptdesc *ptdesc) +{ +} +#endif + /* * Used for sizing the vmemmap region on some architectures */ --- a/mm/hugetlb.c~mm-hugetlb-independent-pmd-page-table-shared-count +++ a/mm/hugetlb.c @@ -7211,7 +7211,7 @@ pte_t *huge_pmd_share(struct mm_struct * spte = hugetlb_walk(svma, saddr, vma_mmu_pagesize(svma)); if (spte) { - get_page(virt_to_page(spte)); + ptdesc_pmd_pts_inc(virt_to_ptdesc(spte)); break; } } @@ -7226,7 +7226,7 @@ pte_t *huge_pmd_share(struct mm_struct * (pmd_t *)((unsigned long)spte & PAGE_MASK)); mm_inc_nr_pmds(mm); } else { - put_page(virt_to_page(spte)); + ptdesc_pmd_pts_dec(virt_to_ptdesc(spte)); } spin_unlock(&mm->page_table_lock); out: @@ -7238,10 +7238,6 @@ out: /* * unmap huge page backed by shared pte. * - * Hugetlb pte page is ref counted at the time of mapping. If pte is shared - * indicated by page_count > 1, unmap is achieved by clearing pud and - * decrementing the ref count. If count == 1, the pte page is not shared. - * * Called with page table lock held. * * returns: 1 successfully unmapped a shared pte page @@ -7250,18 +7246,20 @@ out: int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { + unsigned long sz = huge_page_size(hstate_vma(vma)); pgd_t *pgd = pgd_offset(mm, addr); p4d_t *p4d = p4d_offset(pgd, addr); pud_t *pud = pud_offset(p4d, addr); i_mmap_assert_write_locked(vma->vm_file->f_mapping); hugetlb_vma_assert_locked(vma); - BUG_ON(page_count(virt_to_page(ptep)) == 0); - if (page_count(virt_to_page(ptep)) == 1) + if (sz != PMD_SIZE) + return 0; + if (!ptdesc_pmd_pts_count(virt_to_ptdesc(ptep))) return 0; pud_clear(pud); - put_page(virt_to_page(ptep)); + ptdesc_pmd_pts_dec(virt_to_ptdesc(ptep)); mm_dec_nr_pmds(mm); return 1; } _ Patches currently in -mm which might be from liushixin2(a)huawei.com are mm-hugetlb-independent-pmd-page-table-shared-count.patch

6 months

1
0
0 0

+ mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm, compaction: don't use ALLOC_CMA in long term GUP flow has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: yangge <yangge1116(a)126.com> Subject: mm, compaction: don't use ALLOC_CMA in long term GUP flow Date: Mon, 16 Dec 2024 19:54:04 +0800 Since commit 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") allow compaction to proceed when free pages required for compaction reside in the CMA pageblocks, it's possible that __compaction_suitable() always returns true, and in some cases, it's not acceptable. There are 4 NUMA nodes on my machine, and each NUMA node has 32GB of memory. I have configured 16GB of CMA memory on each NUMA node, and starting a 32GB virtual machine with device passthrough is extremely slow, taking almost an hour. During the start-up of the virtual machine, it will call pin_user_pages_remote(..., FOLL_LONGTERM, ...) to allocate memory. Long term GUP cannot allocate memory from CMA area, so a maximum of 16 GB of no-CMA memory on a NUMA node can be used as virtual machine memory. Since there is 16G of free CMA memory on the NUMA node, watermark for order-0 always be met for compaction, so __compaction_suitable() always returns true, even if the node is unable to allocate non-CMA memory for the virtual machine. For costly allocations, because __compaction_suitable() always returns true, __alloc_pages_slowpath() can't exit at the appropriate place, resulting in excessively long virtual machine startup times. Call trace: __alloc_pages_slowpath if (compact_result == COMPACT_SKIPPED || compact_result == COMPACT_DEFERRED) goto nopage; // should exit __alloc_pages_slowpath() from here In order to quickly fall back to remote node, we should remove ALLOC_CMA both in __compaction_suitable() and __isolate_free_page() in long term GUP flow. After this fix, starting a 32GB virtual machine with device passthrough takes only a few seconds. Link: https://lkml.kernel.org/r/1734350044-12928-1-git-send-email-yangge1116@126.… Fixes: 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") Signed-off-by: yangge <yangge1116(a)126.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compaction.h | 6 ++++-- mm/compaction.c | 20 +++++++++++--------- mm/internal.h | 3 ++- mm/page_alloc.c | 6 ++++-- mm/page_isolation.c | 3 ++- mm/page_reporting.c | 2 +- mm/vmscan.c | 4 ++-- 7 files changed, 26 insertions(+), 18 deletions(-) --- a/include/linux/compaction.h~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/include/linux/compaction.h @@ -90,7 +90,8 @@ extern enum compact_result try_to_compac struct page **page); extern void reset_isolation_suitable(pg_data_t *pgdat); extern bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx); + int highest_zoneidx, + unsigned int alloc_flags); extern void compaction_defer_reset(struct zone *zone, int order, bool alloc_success); @@ -108,7 +109,8 @@ static inline void reset_isolation_suita } static inline bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx) + int highest_zoneidx, + unsigned int alloc_flags) { return false; } --- a/mm/compaction.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/compaction.c @@ -654,7 +654,7 @@ static unsigned long isolate_freepages_b /* Found a free page, will break it into order-0 pages */ order = buddy_order(page); - isolated = __isolate_free_page(page, order); + isolated = __isolate_free_page(page, order, cc->alloc_flags); if (!isolated) break; set_page_private(page, order); @@ -1633,7 +1633,7 @@ static void fast_isolate_freepages(struc /* Isolate the page if available */ if (page) { - if (__isolate_free_page(page, order)) { + if (__isolate_free_page(page, order, cc->alloc_flags)) { set_page_private(page, order); nr_isolated = 1 << order; nr_scanned += nr_isolated - 1; @@ -2379,6 +2379,7 @@ static enum compact_result compact_finis static bool __compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags, unsigned long wmark_target) { unsigned long watermark; @@ -2393,25 +2394,26 @@ static bool __compaction_suitable(struct * even if compaction succeeds. * For costly orders, we require low watermark instead of min for * compaction to proceed to increase its chances. - * ALLOC_CMA is used, as pages in CMA pageblocks are considered - * suitable migration targets + * In addition to long term GUP flow, ALLOC_CMA is used, as pages in + * CMA pageblocks are considered suitable migration targets */ watermark = (order > PAGE_ALLOC_COSTLY_ORDER) ? low_wmark_pages(zone) : min_wmark_pages(zone); watermark += compact_gap(order); return __zone_watermark_ok(zone, 0, watermark, highest_zoneidx, - ALLOC_CMA, wmark_target); + alloc_flags & ALLOC_CMA, wmark_target); } /* * compaction_suitable: Is this suitable to run compaction on this zone now? */ -bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx) +bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags) { enum compact_result compact_result; bool suitable; - suitable = __compaction_suitable(zone, order, highest_zoneidx, + suitable = __compaction_suitable(zone, order, highest_zoneidx, alloc_flags, zone_page_state(zone, NR_FREE_PAGES)); /* * fragmentation index determines if allocation failures are due to @@ -2472,7 +2474,7 @@ bool compaction_zonelist_suitable(struct available = zone_reclaimable_pages(zone) / order; available += zone_page_state_snapshot(zone, NR_FREE_PAGES); if (__compaction_suitable(zone, order, ac->highest_zoneidx, - available)) + alloc_flags, available)) return true; } @@ -2497,7 +2499,7 @@ compaction_suit_allocation_order(struct alloc_flags)) return COMPACT_SUCCESS; - if (!compaction_suitable(zone, order, highest_zoneidx)) + if (!compaction_suitable(zone, order, highest_zoneidx, alloc_flags)) return COMPACT_SKIPPED; return COMPACT_CONTINUE; --- a/mm/internal.h~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/internal.h @@ -662,7 +662,8 @@ static inline void clear_zone_contiguous zone->contiguous = false; } -extern int __isolate_free_page(struct page *page, unsigned int order); +extern int __isolate_free_page(struct page *page, unsigned int order, + unsigned int alloc_flags); extern void __putback_isolated_page(struct page *page, unsigned int order, int mt); extern void memblock_free_pages(struct page *page, unsigned long pfn, --- a/mm/page_alloc.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/page_alloc.c @@ -2808,7 +2808,8 @@ void split_page(struct page *page, unsig } EXPORT_SYMBOL_GPL(split_page); -int __isolate_free_page(struct page *page, unsigned int order) +int __isolate_free_page(struct page *page, unsigned int order, + unsigned int alloc_flags) { struct zone *zone = page_zone(page); int mt = get_pageblock_migratetype(page); @@ -2822,7 +2823,8 @@ int __isolate_free_page(struct page *pag * exists. */ watermark = zone->_watermark[WMARK_MIN] + (1UL << order); - if (!zone_watermark_ok(zone, 0, watermark, 0, ALLOC_CMA)) + if (!zone_watermark_ok(zone, 0, watermark, 0, + alloc_flags & ALLOC_CMA)) return 0; } --- a/mm/page_isolation.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/page_isolation.c @@ -229,7 +229,8 @@ static void unset_migratetype_isolate(st buddy = find_buddy_page_pfn(page, page_to_pfn(page), order, NULL); if (buddy && !is_migrate_isolate_page(buddy)) { - isolated_page = !!__isolate_free_page(page, order); + isolated_page = !!__isolate_free_page(page, order, + ALLOC_CMA); /* * Isolating a free page in an isolated pageblock * is expected to always work as watermarks don't --- a/mm/page_reporting.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/page_reporting.c @@ -198,7 +198,7 @@ page_reporting_cycle(struct page_reporti /* Attempt to pull page from list and place in scatterlist */ if (*offset) { - if (!__isolate_free_page(page, order)) { + if (!__isolate_free_page(page, order, ALLOC_CMA)) { next = page; break; } --- a/mm/vmscan.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/vmscan.c @@ -5861,7 +5861,7 @@ static inline bool should_continue_recla sc->reclaim_idx, 0)) return false; - if (compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; } @@ -6089,7 +6089,7 @@ static inline bool compaction_ready(stru return true; /* Compaction cannot yet proceed. Do reclaim. */ - if (!compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (!compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; /* _ Patches currently in -mm which might be from yangge1116(a)126.com are mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow.patch

6 months

1
0
0 0

[PATCH 6.12 000/467] 6.12.5-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.5 release. There are 467 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 15 Dec 2024 14:57:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.5-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.5-rc2 K Prateek Nayak <kprateek.nayak(a)amd.com> softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel Thomas Gleixner <tglx(a)linutronix.de> clocksource: Make negative motion detection more robust Thomas Gleixner <tglx(a)linutronix.de> timekeeping: Remove CONFIG_DEBUG_TIMEKEEPING Colin Ian King <colin.i.king(a)gmail.com> ALSA: hda/realtek: Fix spelling mistake "Firelfy" -> "Firefly" Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd/display: parse umc_info or vram_info based on ASIC" Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Fix build error without CONFIG_SND_DEBUG Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: rework resume handling for display (v2) Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init() Sebastian Ott <sebott(a)redhat.com> net/mlx5: unique names for per device caches Heming Zhao <heming.zhao(a)suse.com> ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" Bingbu Cao <bingbu.cao(a)intel.com> media: ipu6: use the IPU6 DMA mapping APIs to do mapping Richard Weinberger <richard(a)nod.at> jffs2: Fix rtime decompressor Kinsey Moore <kinsey.moore(a)oarcorp.com> jffs2: Prevent rtime decompress memory corruption Nikolay Kuratov <kniv(a)yandex-team.ru> KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn from kvm_faultin_pfn() Hari Bathini <hbathini(a)linux.ibm.com> selftests/ftrace: adjust offset for kprobe syntax error test Yishai Hadas <yishaih(a)nvidia.com> vfio/mlx5: Align the page tracking max message size with the device capability Linus Torvalds <torvalds(a)linux-foundation.org> Revert "unicode: Don't special case ignorable code points" Damien Le Moal <dlemoal(a)kernel.org> x86: Fix build regression with CONFIG_KEXEC_JUMP enabled Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/eprobe: Fix to release eprobe when failed to add dyn_event Haoyu Li <lihaoyu499(a)gmail.com> clk: en7523: Initialize num before accessing hws in en7523_register_clocks() Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing snapshot drew unlock when root is dead during swap activation Qu Wenruo <wqu(a)suse.com> btrfs: fix mount failure due to remount races David Sterba <dsterba(a)suse.com> btrfs: drop unused parameter data from btrfs_fill_super() David Sterba <dsterba(a)suse.com> btrfs: drop unused parameter options from open_ctree() Wander Lairson Costa <wander(a)redhat.com> sched/deadline: Fix warning in migrate_enable for boosted tasks K Prateek Nayak <kprateek.nayak(a)amd.com> sched/core: Prevent wakeup of ksoftirqd during idle load balance K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy K Prateek Nayak <kprateek.nayak(a)amd.com> sched/core: Remove the unnecessary need_resched() check in nohz_csd_func() Josh Don <joshdon(a)google.com> sched: fix warning in sched_setaffinity Sung Lee <Sung.Lee(a)amd.com> drm/amd/display: Add option to retrieve detile buffer size Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe/devcoredump: Update handling of xe_force_wake_get return Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain() John Harrison <John.C.Harrison(a)Intel.com> drm/xe/guc: Copy GuC log prior to dumping John Harrison <John.C.Harrison(a)Intel.com> drm/xe/devcoredump: Add ASCII85 dump helper function John Harrison <John.C.Harrison(a)Intel.com> drm/xe/devcoredump: Improve section headings and add tile info John Harrison <John.C.Harrison(a)Intel.com> drm/xe/devcoredump: Use drm_puts and already cached local variables Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() Jens Axboe <axboe(a)kernel.dk> io_uring/tctx: work around xa_store() allocation error issue Rasmus Villemoes <linux(a)rasmusvillemoes.dk> setlocalversion: work around "git describe" performance Paulo Alcantara <pc(a)manguebit.com> smb: client: don't try following DFS links in cifs_tree_connect() Zhou Wang <wangzhou1(a)hisilicon.com> irqchip/gicv3-its: Add workaround for hip09 ITS erratum 162100801 Nilay Shroff <nilay(a)linux.ibm.com> Revert "nvme: make keep-alive synchronous operation" Inochi Amaoto <inochiama(a)gmail.com> serial: 8250_dw: Add Sophgo SG2044 quirk Dmitry Torokhov <dmitry.torokhov(a)gmail.com> rtc: cmos: avoid taking rtc_lock for extended period of time Parker Newman <pnewman(a)connecttech.com> misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle Michael Ellerman <mpe(a)ellerman.id.au> powerpc/prom_init: Fixup missing powermac #size-cells Uwe Kleine-König <ukleinek(a)debian.org> ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW Xi Ruoyao <xry111(a)xry111.site> MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Xiang Liu <xiang.liu(a)amd.com> drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 Alex Far <anf1980(a)gmail.com> ASoC: amd: yc: fix internal mic on Redmi G 2022 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> usb: typec: ucsi: glink: be more precise on orientation-aware ports Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: light: ltr501: Add LTER0303 to the supported devices Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad7192: properly check spi_get_device_match_data() Saranya Gopal <saranya.gopal(a)intel.com> usb: typec: ucsi: Do not call ACPI _DSM method for UCSI read operations Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: handle USB Error Interrupt if IOC not set Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: create bounce buffer for problem sglist entries if possible Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: limit usb request length to max 16KB Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag Melody Olvera <quic_molvera(a)quicinc.com> regulator: qcom-rpmh: Update ranges for FTSMPS525 Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix case when unmarked clusters intersect with zone Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix warning in ni_fiemap Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix sleeping in atomic context for PREEMPT_RT Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 Chao Yu <chao(a)kernel.org> f2fs: add a sysfs node to limit max read extent count per-inode Chao Yu <chao(a)kernel.org> f2fs: fix to shrink read extent node in batches Chao Yu <chao(a)kernel.org> f2fs: print message if fscorrupted was found in f2fs_new_node_page() Defa Li <defa.li(a)mediatek.com> i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> remoteproc: qcom: pas: enable SAR2130P audio DSP support Mengyuan Lou <mengyuanlou(a)net-swift.com> PCI: Add ACS quirk for Wangxun FF5xxx NICs Keith Busch <kbusch(a)kernel.org> PCI: Add 'reset_subordinate' to reset hierarchy below bridge Mayank Rana <quic_mrana(a)quicinc.com> PCI: starfive: Enable controller runtime PM before probing host bridge Esther Shimanovich <eshimanovich(a)chromium.org> PCI: Detect and trust built-in Thunderbolt chips Jian-Hong Pan <jhp(a)endlessos.org> PCI: vmd: Set devices to D0 before enabling PM L1 Substates Nirmal Patel <nirmal.patel(a)linux.ntel.com> PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs devi priya <quic_devipriy(a)quicinc.com> PCI: qcom: Add support for IPQ9574 Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request Qianqiang Liu <qianqiang.liu(a)163.com> KMSAN: uninit-value in inode_go_dump (5) Qi Han <hanqi(a)vivo.com> f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. Adam Young <admiyo(a)os.amperecomputing.com> mailbox: pcc: Check before sending MCTP PCC response ACK Gabriele Monaco <gmonaco(a)redhat.com> verification/dot2: Improve dot parser robustness furkanonder <furkanonder(a)protonmail.com> tools/rtla: Enhance argument parsing in timerlat_load.py Tatsuya S <tatsuya.s2862(a)gmail.com> tracing: Fix function name for trampoline Kees Cook <kees(a)kernel.org> smb: client: memcpy() with surrounding object base address Yi Yang <yiyang13(a)huawei.com> nvdimm: rectify the illogical code within nd_dax_probe() Barnabás Czémán <barnabas.czeman(a)mainlining.org> thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens Barnabás Czémán <barnabas.czeman(a)mainlining.org> pinctrl: qcom: spmi-mpp: Add PM8937 compatible Barnabás Czémán <barnabas.czeman(a)mainlining.org> pinctrl: qcom-pmic-gpio: add support for PM8937 Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't modify unknown block number in MTIOCGET Mukesh Ojha <quic_mojha(a)quicinc.com> leds: class: Protect brightness_show() with led_cdev->led_access mutex Devi Priya <quic_devipriy(a)quicinc.com> clk: qcom: clk-alpha-pll: Add NSS HUAYRA ALPHA PLL support for ipq9574 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: enable support for SAR2130P Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: tcsrcc-sm8550: add SAR2130P support Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: rpmh: add support for SAR2130P Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: rcg2: add clk_rcg2_shared_floor_ops Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths Andrii Nakryiko <andrii(a)kernel.org> bpf: put bpf_link's program when link is safe to be deallocated Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Fix corruption when mapping large pages from 0 Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Make DMA mask configuration more flexible Mukesh Ojha <quic_mojha(a)quicinc.com> pinmux: Use sequential access to access desc->pinmux data Petr Pavlu <petr.pavlu(a)suse.com> ring-buffer: Limit time with disabled interrupts in rb_check_pages() Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Create all dump files during debugfs initialization Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Add cond_resched() for no forced preemption model Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat: Make timerlat_hist_cpu->*_count unsigned long long Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat: Make timerlat_top_cpu->*_count unsigned long long Jan Stancek <jstancek(a)redhat.com> tools/rtla: fix collision with glibc sched_attr/sched_set_attr Uros Bizjak <ubizjak(a)gmail.com> tracing: Use atomic64_inc_return() in trace_clock_counter() Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> tracing/ftrace: disable preemption in syscall probe Gabriele Monaco <gmonaco(a)redhat.com> rtla: Fix consistency in getopt_long for timerlat_hist Esben Haabendal <esben(a)geanix.com> pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in __netpoll_setup Jakub Kicinski <kuba(a)kernel.org> net/neighbor: clear error in case strict check is not set Dmitry Antipov <dmantipov(a)yandex.ru> rocker: fix link status detection in rocker_carrier_init() Jonas Karlman <jonas(a)kwiboo.se> ASoC: hdmi-codec: reorder channel allocation list Jiande Lu <jiande.lu(a)mediatek.com> Bluetooth: btusb: Add 3 HWIDs for MT7925 Jonathan McCrohan <jmccrohan(a)gmail.com> Bluetooth: btusb: Add new VID/PID 0489/e124 for MT7925 Hao Qin <hao.qin(a)mediatek.com> Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 Danil Pylaev <danstiv404(a)gmail.com> Bluetooth: Set quirks for ATS2851 Danil Pylaev <danstiv404(a)gmail.com> Bluetooth: Support new quirks for ATS2851 Danil Pylaev <danstiv404(a)gmail.com> Bluetooth: Add new quirks for ATS2851 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Use disable_delayed_work_sync Jiande Lu <jiande.lu(a)mediatek.com> Bluetooth: btusb: Add USB HW IDs for MT7920/MT7925 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables Markus Elfring <elfring(a)users.sourceforge.net> Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: i801: Add support for Intel Panther Lake Andrew Lunn <andrew(a)lunn.ch> dsa: qca8k: Use nested lock to avoid splat Dmitry Kandybka <d.kandybka(a)gmail.com> mptcp: fix possible integer overflow in mptcp_reset_tout_timer Hou Tao <houtao1(a)huawei.com> bpf: Call free_htab_elem() after htab_unlock_bucket() Norbert van Bolhuis <nvbolhuis(a)gmail.com> wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> wifi: ipw2x00: libipw_rx_any(): fix bad alignment Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: set the right AMDGPU sg segment limitation Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Make mic volume workarounds globally applicable Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> virtio-net: fix overflow inside virtnet_rq_alloc Victor Zhao <Victor.Zhao(a)amd.com> drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Prune Invalid Modes For HDMI Output Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: parse umc_info or vram_info based on ASIC Ausef Yousof <Ausef.Yousof(a)amd.com> drm/amd/display: Remove hw w/a toggle if on DP2/HPO Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Add ABGR2101010 support Dmitry Safonov <0x7f454c46(a)gmail.com> net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals Aleksandr Mishin <amishin(a)t-argos.ru> fsl/fman: Validate cell-index value obtained from Device Tree Nihar Chaithanya <niharchaithanya(a)gmail.com> jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: fix array-index-out-of-bounds in jfs_readdir Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: fix shift-out-of-bounds in dbSplit Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: array-index-out-of-bounds fix in dtReadFirst Levi Yun <yeoreum.yun(a)arm.com> dma-debug: fix a possible deadlock on radix_lock Gang Yan <yangang(a)kylinos.cn> mptcp: annotate data-races around subflow->fully_established Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix underflow when playing 8K video in full screen mode Mac Chiang <mac.chiang(a)intel.com> ASoC: Intel: soc-acpi-intel-arl-match: Add rt722 and rt1320 support Mac Chiang <mac.chiang(a)intel.com> ASoC: sdw_utils: Add quirk to exclude amplifier function Lang Yu <lang.yu(a)amd.com> drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr Donald Hunter <donald.hunter(a)gmail.com> netlink: specs: Add missing bitset attrs to ethtool spec Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: Dereference the ATCS ACPI buffer Victor Lu <victorchengchi.lu(a)amd.com> drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu/gfx9: Add cleaner shader for GFX9.4.2 Leo Chen <leo.chen(a)amd.com> drm/amd/display: Adding array index check to prevent memory corruption Philipp Stanner <pstanner(a)redhat.com> drm/sched: memset() 'job' in drm_sched_job_init() Abhishek Chauhan <quic_abchauha(a)quicinc.com> net: stmmac: Programming sequence for VLAN packets with split header Shengyu Qu <wiagn233(a)outlook.com> net: sfp: change quirks for Alcatel Lucent G-010S-P Manikandan Muralidharan <manikandan.m(a)microchip.com> drm/panel: simple: Add Microchip AC69T88A LVDS Display panel Badal Nilawar <badal.nilawar(a)intel.com> drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Add quirks for some new Lenovo laptops Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Add quirk for cs42l43 system using host DMICs Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: sdw_utils: Add a quirk to allow the cs42l43 mic DAI to be ignored Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: sdw_utils: Add support for exclusion DAI quirks Leon Hwang <leon.hwang(a)linux.dev> bpf: Prevent tailcall infinite loop caused by freplace Amir Goldstein <amir73il(a)gmail.com> fanotify: allow reporting errors on failure to open fd Rosen Penev <rosenp(a)gmail.com> wifi: ath5k: add PCI ID for Arcadyan devices Rosen Penev <rosenp(a)gmail.com> wifi: ath5k: add PCI ID for SX76X Kang Yang <quic_kangyang(a)quicinc.com> wifi: ath10k: avoid NULL pointer error during sdio remove Ignat Korchagin <ignat(a)cloudflare.com> net: inet6: do not leave a dangling sk pointer in inet6_create() Ignat Korchagin <ignat(a)cloudflare.com> net: inet: do not leave a dangling sk pointer in inet_create() Ignat Korchagin <ignat(a)cloudflare.com> net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() Ignat Korchagin <ignat(a)cloudflare.com> net: af_can: do not leave a dangling sk pointer in can_create() Ignat Korchagin <ignat(a)cloudflare.com> Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() Ignat Korchagin <ignat(a)cloudflare.com> Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() Ignat Korchagin <ignat(a)cloudflare.com> af_packet: avoid erroring out after sock_init_data() in packet_create() Elena Salomatkina <esalomatkina(a)ispras.ru> net/sched: cbs: Fix integer overflow in cbs_set_port_rate() Simon Horman <horms(a)kernel.org> net: ethernet: fs_enet: Use %pa to format resource_size_t Simon Horman <horms(a)kernel.org> net: fec_mpc52xx_phy: Use %pa to format resource_size_t Leo Chen <leo.chen(a)amd.com> drm/amd/display: Full exit out of IPS2 when all allow signals have been cleared Jeffrey Hugo <quic_jhugo(a)quicinc.com> accel/qaic: Add AIC080 support Kalle Valo <quic_kvalo(a)quicinc.com> wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() Zhu Jun <zhujun2(a)cmss.chinamobile.com> samples/bpf: Fix a resource leak Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't apply UDP padding quirk on RTL8126A Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Use codec SSID matching for Lenovo devices Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Use the new codec SSID matching Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Use own quirk lookup helper Brahmajit Das <brahmajit.xyz(a)gmail.com> drm/display: Fix building with GCC 15 Gustavo Sousa <gustavo.sousa(a)intel.com> drm/xe/xe3: Add initial set of workarounds Shekhar Chauhan <shekhar.chauhan(a)intel.com> drm/xe/ptl: L3bank mask is not available on the media GT Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: disable SG displays on cyan skillfish Zhongwei <Zhongwei.Zhang(a)amd.com> drm/amd/display: Fix garbage or black screen when resetting otg Fudongwang <Fudong.Wang(a)amd.com> drm/amd/display: skip disable CRTC in seemless bootup case Alexander Aring <aahringo(a)redhat.com> dlm: fix possible lkb_resource null dereference Balamurugan C <balamurugan.c(a)intel.com> ASoC: Intel: sof_rt5682: Add HDMI-In capture with rt5682 support for MTL. Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: check return value of ieee80211_probereq_get() for RNR Liao Chen <liaochen4(a)huawei.com> drm/mcde: Enable module autoloading Liao Chen <liaochen4(a)huawei.com> drm/bridge: it6505: Enable module autoloading Joaquín Ignacio Aramendía <samsagax(a)gmail.com> drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK Joaquín Ignacio Aramendía <samsagax(a)gmail.com> drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition Joaquín Ignacio Aramendía <samsagax(a)gmail.com> drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/xe/pciid: Add new PCI id for ARL Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe/pciids: Add PVC's PCI device ID macros Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Set AXI panic modes for the HVS Dom Cobley <popcornmix(a)gmail.com> drm/vc4: hdmi: Avoid log spam for audio start failure Jani Nikula <jani.nikula(a)intel.com> drm/xe/pciids: separate ARL and MTL PCI IDs Jani Nikula <jani.nikula(a)intel.com> drm/xe/pciids: separate RPL-U and RPL-P PCI IDs Callahan Kovacs <callahankovacs(a)gmail.com> HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support Changwoo Min <multics69(a)gmail.com> sched_ext: add a missing rcu_read_lock/unlock pair at scx_select_cpu_dfl() Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Protect against array overflow when reading strings Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> regmap: maple: Provide lockdep (sub)class for maple tree's internal lock Marek Vasut <marex(a)denx.de> soc: imx8m: Probe the SoC driver as platform driver Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> firmware: qcom: scm: Allow QSEECOM on Dell XPS 13 9345 Peng Fan <peng.fan(a)nxp.com> mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED Keita Aihara <keita.aihara(a)sony.com> mmc: core: Add SD card quirk for broken poweroff notification Rohan Barar <rohan.barar(a)gmail.com> media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Force UVC version to 1.0a for 0408:4033 David Given <dg(a)cowlark.com> media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera Dmitry Perchanov <dmitry.perchanov(a)intel.com> media: uvcvideo: RealSense D421 Depth module metadata Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: pd-mapper: Add QCM6490 PD maps Maya Matuszczyk <maccraft123mc(a)gmail.com> firmware: qcom: scm: Allow QSEECOM on Lenovo Yoga Slim 7x Benjamin Tissoires <bentiss(a)kernel.org> HID: add per device quirk to force bind to hid-generic Konrad Dybcio <quic_kdybcio(a)quicinc.com> soc: qcom: llcc: Use designated initializers for LLC settings Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Adjust type of scldiv Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: free irqs that are still requested when the chip is being removed Thomas Gleixner <tglx(a)linutronix.de> timekeeping: Always check for negative motion Stephen Rothwell <sfr(a)canb.auug.org.au> iio: magnetometer: fix if () scoped_guard() formatting Przemek Kitszel <przemyslaw.kitszel(a)intel.com> cleanup: Adjust scoped_guard() macros to avoid potential warning Breno Leitao <leitao(a)debian.org> perf/x86/amd: Warn only on new bits set Jonathan Denose <jdenose(a)google.com> ACPI: video: force native for Apple MacbookPro11,2 and Air7,2 Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() Hans de Goede <hdegoede(a)redhat.com> ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID Sarah Maedel <sarah.maedel(a)hetzner-cloud.de> hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list Marco Elver <elver(a)google.com> kcsan: Turn report_filterlist_lock into a raw_spinlock Lukas Wunner <lukas(a)wunner.de> crypto: ecdsa - Avoid signed integer overflow on signature decoding Brian Foster <bfoster(a)redhat.com> ext4: partial zero eof block on unaligned inode size extension Mark Brown <broonie(a)kernel.org> kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all() Boris Burkov <boris(a)bur.io> btrfs: do not clear read-only when adding sprout device Qu Wenruo <wqu(a)suse.com> btrfs: canonicalize the device path before adding it Qu Wenruo <wqu(a)suse.com> btrfs: avoid unnecessary device path update for the same device Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: don't take dev_replace rwsem on task already holding it Damien Le Moal <dlemoal(a)kernel.org> block: RCU protect disk->conv_zones_bitmap Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Handle CPU hotplug remove during sampling Mark Brown <broonie(a)kernel.org> kselftest/arm64: Log fp-stress child startup errors to stdout Christian Brauner <brauner(a)kernel.org> epoll: annotate racy check Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Ignore RID for isolated VFs Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Use topology ID for multi-function devices Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Sort PCI functions prior to creating virtual busses Gary Guo <gary(a)garyguo.net> rust: enable arbitrary_self_types and remove `Receiver` Mike Rapoport (Microsoft) <rppt(a)kernel.org> memblock: allow zero threshold in validate_numa_converage() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() Kalesh Singh <kaleshsingh(a)google.com> mm: respect mmap hint address when aligning for THP Andrii Nakryiko <andrii(a)kernel.org> mm: fix vrealloc()'s KASAN poisoning logic Matthew Wilcox (Oracle) <willy(a)infradead.org> mm: open-code page_folio() in dump_page() Matthew Wilcox (Oracle) <willy(a)infradead.org> mm: open-code PageTail in folio_flags() and const_folio_flags() John Sperbeck <jsperbeck(a)google.com> mm: memcg: declare do_memsw_account inline Akinobu Mita <akinobu.mita(a)gmail.com> mm/damon: fix order of arguments in damos_before_apply tracepoint David Woodhouse <dwmw(a)amazon.co.uk> x86/mm: Add _PAGE_NOPTISHADOW bit to avoid updating userspace page tables Fernando Fernandez Mancera <ffmancera(a)riseup.net> x86/cpu/topology: Remove limit of CPUs due to disabled IO/APIC David Hildenbrand <david(a)redhat.com> mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM John Hubbard <jhubbard(a)nvidia.com> mm/gup: handle NULL pages in unpin_user_pages() Jared Kangas <jkangas(a)redhat.com> kasan: make report_lock a raw spinlock Adrian Huang <ahuang12(a)lenovo.com> sched/numa: fix memory leak due to the overwritten vma->numab_state Kees Cook <kees(a)kernel.org> lib: stackinit: hide never-taken branch from compiler Marco Elver <elver(a)google.com> stackdepot: fix stack_depot_save_flags() in NMI context Wengang Wang <wen.gang.wang(a)oracle.com> ocfs2: update seq_file index in ocfs2_dlm_seq_next Len Brown <len.brown(a)intel.com> x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Further prevent card detect during shutdown Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet Marc Zyngier <maz(a)kernel.org> arch_numa: Restore nid checks before registering a memblock with a node Cosmin Tanislav <demonsingur(a)gmail.com> regmap: detach regmap from dev on regmap_exit Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: fix OOB map writes when deleting elements Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> dma-fence: Use kernel's sort for merging fences Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> dma-fence: Fix reference leak on fence merge failure path Christian König <christian.koenig(a)amd.com> dma-buf: fix dma_fence_array_signaled v4 Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> bpf: fix OOB devmap writes when deleting elements David Woodhouse <dwmw(a)amazon.co.uk> x86/kexec: Restore GDT on return from ::preserve_context kexec Thomas Gleixner <tglx(a)linutronix.de> modpost: Add .irqentry.text to OTHER_SECTIONS Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp5.2: do a posting read when flushing HDP Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp7.0: do a posting read when flushing HDP Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp5.0: do a posting read when flushing HDP Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp4.0: do a posting read when flushing HDP Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp6.0: do a posting read when flushing HDP Peterson Guo <peterson.guo(a)amd.com> drm/amd/display: Add a left edge pixel if in YCbCr422 or YCbCr420 and odm Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Limit VTotal range to max hw cap minus fp Lo-an Chen <lo-an.chen(a)amd.com> drm/amd/display: Correct prefetch calculation Imre Deak <imre.deak(a)intel.com> drm/dp_mst: Fix resetting msg rx state after topology removal Imre Deak <imre.deak(a)intel.com> drm/dp_mst: Verify request type in the corresponding down message reply Alex Deucher <alexander.deucher(a)amd.com> drm/amd/pm: fix and simplify workload handling Sreekant Somasekharan <sreekant.somasekharan(a)amd.com> drm/amdkfd: add MEC version that supports no PCIe atomics for GFX12 Imre Deak <imre.deak(a)intel.com> drm/dp_mst: Fix MST sideband message body length check David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: hard-code cacheline for gc943,gc944 Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> x86/cacheinfo: Delete global num_cache_leaves Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU Mark Brown <broonie(a)kernel.org> selftest: hugetlb_dio: fix test naming Maximilian Heyne <mheyne(a)amazon.de> selftests/damon: add _damon_sysfs.py to TEST_FILES Shengjiu Wang <shengjiu.wang(a)nxp.com> pmdomain: imx: gpcv2: Adjust delay after power up handshake Jan Kara <jack(a)suse.cz> Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" Liequan Che <cheliequan(a)inspur.com> bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Bernd Schubert <bschubert(a)ddn.com> io_uring: Change res2 parameter type in io_uring_cmd_done Steve French <stfrench(a)microsoft.com> smb3.1.1: fix posix mounts to older servers Ralph Boehme <slow(a)samba.org> fs/smb/client: cifs_prime_dcache() for SMB3 POSIX reparse points Ralph Boehme <slow(a)samba.org> fs/smb/client: Implement new SMB3 POSIX type Ralph Boehme <slow(a)samba.org> fs/smb/client: avoid querying SMB2_OP_QUERY_WSL_EA for SMB3 POSIX Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Add missing post notify for power mode change Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: core: Cancel RTC work during ufshcd_remove() Gwendal Grignou <gwendal(a)chromium.org> scsi: ufs: core: sysfs: Prevent div by zero Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix use after free on unload Anil Gurumurthy <agurumurthy(a)marvell.com> scsi: qla2xxx: Supported speed displayed incorrectly for VPorts Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix NVMe and NPIV connect issue Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix abort in bsg timeout Sahas Leelodharry <sahas.leelodharry(a)mail.mcgill.ca> ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 Marie Ramlow <me(a)nycode.dev> ALSA: usb-audio: add mixer mapping for Corsair HS80 Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek: fix micmute LEDs don't work on HP Laptops Asahi Lina <lina(a)asahilina.net> ALSA: usb-audio: Add extra PID for RME Digiface USB Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix a DMA to stack memory bug Mark Rutland <mark.rutland(a)arm.com> arm64: ptrace: fix partial SETREGSET for NT_ARM_POE Mark Rutland <mark.rutland(a)arm.com> arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Mark Rutland <mark.rutland(a)arm.com> arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Catalin Marinas <catalin.marinas(a)arm.com> arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs Yang Shi <yang(a)os.amperecomputing.com> arm64: mm: Fix zone_dma_limit calculation Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix out_fput in iommufd_fault_alloc() Shradha Gupta <shradhagupta(a)linux.microsoft.com> net :mana :Request a V2 response version for MANA_QUERY_GF_STAT Kuan-Wei Chiu <visitorckw(a)gmail.com> tracing: Fix cmp_entries_dup() to respect sort() comparison rules Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6. Marc Kleine-Budde <mkl(a)pengutronix.de> can: dev: can_set_termination(): allow sleeping GPIOs Alexander Sverdlin <alexander.sverdlin(a)siemens.com> watchdog: rti: of: honor timeout-sec property Jordy Zomer <jordyzomer(a)google.com> ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write Jordy Zomer <jordyzomer(a)google.com> ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read Huacai Chen <chenhuacai(a)kernel.org> LoongArch: KVM: Protect kvm_check_requests() with SRCU Bibo Mao <maobibo(a)loongson.cn> LoongArch: Add architecture specific huge_pte_clear() WangYuli <wangyuli(a)uniontech.com> HID: wacom: fix when get product name maybe null pointer Kenny Levinsen <kl(a)kl.wtf> HID: i2c-hid: Revert to using power commands to wake on resume Miguel Ojeda <ojeda(a)kernel.org> rust: allow `clippy::needless_lifetimes` Sean Christopherson <seanjc(a)google.com> x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails Hou Tao <houtao1(a)huawei.com> bpf: Fix exact match conditions in trie_get_next_key() Hou Tao <houtao1(a)huawei.com> bpf: Handle in-place update for full LPM trie correctly Hou Tao <houtao1(a)huawei.com> bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem Hou Tao <houtao1(a)huawei.com> bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential race in cifs_put_tcon() Jakob Hauser <jahau(a)rocketmail.com> iio: magnetometer: yas530: use signed integer type for clamp limits Randy Dunlap <rdunlap(a)infradead.org> scatterlist: fix incorrect func name in kernel-doc Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> ocfs2: free inode when ocfs2_get_init_inode() fails Maíra Canal <mcanal(a)igalia.com> drm/v3d: Enable Performance Counters before clearing them Nícolas F. R. A. Prado <nfraprado(a)collabora.com> ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec John Garry <john.g.garry(a)oracle.com> scsi: scsi_debug: Fix hrtimer support for ndelay Suraj Sonawane <surajsonawane0215(a)gmail.com> scsi: sg: Fix slab-use-after-free read in sg_release() Chunguang.xu <chunguang.xu(a)shopee.com> nvme-rdma: unquiesce admin_q before destroy it Chunguang.xu <chunguang.xu(a)shopee.com> nvme-tcp: fix the memleak while create new ctrl failed Maurizio Lombardi <mlombard(a)redhat.com> nvme-fabrics: handle zero MAXCMD without closing the connection Tao Lyu <tao.lyu(a)epfl.ch> bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc Will Deacon <will(a)kernel.org> drivers/virt: pkvm: Don't fail ioremap() call if MMIO_GUARD fails Geert Uytterhoeven <geert+renesas(a)glider.be> irqchip/stm32mp-exti: CONFIG_STM32MP_EXTI should not default to y when compile-testing Tao Lyu <tao.lyu(a)epfl.ch> bpf: Ensure reg is PTR_TO_STACK in process_iter_arg Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> x86/pkeys: Ensure updated PKRU value is XRSTOR'd Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> x86/pkeys: Change caller of update_pkru_in_sigframe() Christoph Hellwig <hch(a)lst.de> nvme: don't apply NVME_QUIRK_DEALLOCATE_ZEROES when DSM is not supported Ulf Hansson <ulf.hansson(a)linaro.org> pmdomain: core: Fix error path in pm_genpd_init() when ida alloc fails Ulf Hansson <ulf.hansson(a)linaro.org> pmdomain: core: Add missing put_device() Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index Pei Xiao <xiaopei01(a)kylinos.cn> spi: mpc52xx: Add cancel_work_sync before module remove Björn Töpel <bjorn(a)rivosinc.com> tools: Override makefile ARCH variable if defined, but empty Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Notify xrun for low-latency mode Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Fix seq port updates per FB info notify Zijian Zhang <zijianzhang(a)bytedance.com> tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg Pei Xiao <xiaopei01(a)kylinos.cn> drm/sti: Add __iomem for mixer_dbg_mxn's parameter Amir Mohammadi <amirmohammadi1999.am(a)gmail.com> bpftool: fix potential NULL pointer dereferencing in prog_dump() Larysa Zaremba <larysa.zaremba(a)intel.com> xsk: always clear DMA mapping information when unmapping the pool Michal Luczaj <mhal(a)rbox.co> bpf, vsock: Invoke proto::close on close() Michal Luczaj <mhal(a)rbox.co> bpf, vsock: Fix poll() missing a queue Ziqi Chen <quic_ziqichen(a)quicinc.com> scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Always initialize the UIC done completion Chris Park <chris.park(a)amd.com> drm/amd/display: Ignore scalar validation failure if pipe is phantom Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: calculate final viewport before TAP optimization Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix dynamic address leak when 'assigned-address' is present Frank Li <Frank.Li(a)nxp.com> i3c: master: Extend address status bit to 4 and add I3C_ADDR_SLOT_EXT_DESIRED Frank Li <Frank.Li(a)nxp.com> i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS Chao Yu <chao(a)kernel.org> f2fs: fix to requery extent which cross boundary of inquiry Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to adjust appropriate length for fiemap Chao Yu <chao(a)kernel.org> f2fs: clean up w/ F2FS_{BLK_TO_BYTES,BTYES_TO_BLK} Marcelo Dalmas <marcelo.dalmas(a)ge.com> ntp: Remove invalid cast in time offset math Sergey Senozhatsky <senozhatsky(a)chromium.org> zram: clear IDLE flag in mark_idle() Sergey Senozhatsky <senozhatsky(a)chromium.org> zram: do not mark idle slots that cannot be idle Avri Altman <avri.altman(a)wdc.com> mmc: core: Use GFP_NOIO in ACMD22 Avri Altman <avri.altman(a)wdc.com> mmc: core: Adjust ACMD22 to SDUC Avri Altman <avri.altman(a)wdc.com> mmc: sd: SDUC Support Recognition Andy-ld Lu <andy-ld.lu(a)mediatek.com> mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting Rosen Penev <rosenp(a)gmail.com> mmc: mtk-sd: fix devm_clk_get_optional usage Andy-ld Lu <andy-ld.lu(a)mediatek.com> mmc: mtk-sd: Fix error handle of probe function Rosen Penev <rosenp(a)gmail.com> mmc: mtk-sd: use devm_mmc_alloc_host Charles Han <hanchunchao(a)inspur.com> gpio: grgpio: Add NULL check in grgpio_probe Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: grgpio: use a helper variable to store the address of ofdev->dev Eric Dumazet <edumazet(a)google.com> net: avoid potential UAF in default_operstate() Konstantin Shkolnyy <kshk(a)linux.ibm.com> vsock/test: fix parameter types in SO_VM_SOCKETS_* calls Konstantin Shkolnyy <kshk(a)linux.ibm.com> vsock/test: fix failures due to wrong SO_RCVLOWAT parameter Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Remove workaround to avoid syndrome for internal port Tariq Toukan <tariqt(a)nvidia.com> net/mlx5e: SD, Use correct mdev to build channel param Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: HWS: Properly set bwc queue locks lock classes Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: HWS: Fix memory leak in mlx5hws_definer_calc_layout Eric Dumazet <edumazet(a)google.com> geneve: do not assume mac header is set in geneve_xmit_skb() Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_flex_keys: Use correct key block on Spectrum-4 Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mlxsw: spectrum_acl_flex_keys: Constify struct mlxsw_afk_element_inst Kory Maincent <kory.maincent(a)bootlin.com> ethtool: Fix wrong mod state in case of verbose and no_mask bitset Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: skip duplicated elements pending gc run Phil Sutter <phil(a)nwl.cc> netfilter: ipset: Hold module reference while requesting a module Xin Long <lucien.xin(a)gmail.com> net: sched: fix erspan_opt settings in cls_flower Fernando Fernandez Mancera <ffmancera(a)riseup.net> Revert "udp: avoid calling sock_def_readable() if possible" Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_inner: incorrect percpu area handling under softirq Yuan Can <yuancan(a)huawei.com> igb: Fix potential invalid memory access in igb_init_module() Tore Amundsen <tore(a)amundsen.org> ixgbe: Correct BASE-BX10 compliance code Jacob Keller <jacob.e.keller(a)intel.com> ixgbe: downgrade logging of unsupported VF API version to debug Jacob Keller <jacob.e.keller(a)intel.com> ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 Joshua Hay <joshua.a.hay(a)intel.com> idpf: set completion tag for "empty" bufs associated with a packet Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix VLAN pruning in switchdev mode Przemyslaw Korba <przemyslaw.korba(a)intel.com> ice: fix PHY timestamp extraction for ETH56G Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix PHY Clock Recovery availability check Eric Dumazet <edumazet(a)google.com> net: hsr: must allocate more bytes for RedBox support Louis Leseur <louis.leseur(a)gmail.com> net/qed: allow old cards not supporting "num_images" to work Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix LGR and link use-after-free issue Wen Gu <guwen(a)linux.alibaba.com> net/smc: initialize close_work early to avoid warning Kuniyuki Iwashima <kuniyu(a)amazon.com> tipc: Fix use-after-free of kernel socket in cleanup_bearer(). Ivan Solodovnikov <solodovnikov.ia(a)phystech.edu> dccp: Fix memory leak in dccp_feat_change_recv Jiri Wiesner <jwiesner(a)suse.de> net/ipv6: release expired exception dst cached in socket Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: Reset LAN88xx PHY to ensure clean link state on LAN7800/7850 Armin Wolf <W_Armin(a)gmx.de> platform/x86: asus-wmi: Ignore return value when writing thermal policy Dmitry Antipov <dmantipov(a)yandex.ru> can: j1939: j1939_session_new(): fix skb reference counting Eric Dumazet <edumazet(a)google.com> ipv6: avoid possible NULL deref in modify_prefix_route() Dong Chenchen <dongchenchen2(a)huawei.com> net: Fix icmp host relookup triggering ip_rt_bug Daniel Xu <dxu(a)dxuuu.xyz> bnxt_en: ethtool: Supply ntuple rss context action Eric Dumazet <edumazet(a)google.com> net: hsr: avoid potential out-of-bound access in fill_frame_info() Martin Ottens <martin.ottens(a)fau.de> net/sched: tbf: correct backlog statistic for GSO packets Ajay Kaher <ajay.kaher(a)broadcom.com> ptp: Add error handling for adjfine callback in ptp_clock_adjtime Wei Fang <wei.fang(a)nxp.com> net: enetc: Do not configure preemptible TCs if SIs do not support Maximilian Heyne <mheyne(a)amazon.de> selftests: hid: fix typo and exit code Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level Dmitry Antipov <dmantipov(a)yandex.ru> netfilter: x_tables: fix LED ID check in led_tg_check() Jinghao Jia <jinghao7(a)illinois.edu> ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: f81604: f81604_handle_can_bus_errors(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: hi311x: hi3110_can_ist(): fix potential use-after-free Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails Alexander Kozhinov <ak.alexander.kozhinov(a)gmail.com> can: gs_usb: add usb endpoint address detection at driver probe step Yassine Oudjana <y.oudjana(a)protonmail.com> watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() Nick Chan <towinchenmi(a)gmail.com> watchdog: apple: Actually flush writes after requesting watchdog restart Harini T <harini.t(a)amd.com> watchdog: xilinx_wwdt: Calculate max_hw_heartbeat_ms using clock frequency Oleksandr Ocheretnyi <oocheret(a)cisco.com> iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call ------------- Diffstat: Documentation/ABI/testing/sysfs-bus-pci | 11 + Documentation/ABI/testing/sysfs-fs-f2fs | 6 + Documentation/accel/qaic/aic080.rst | 14 + Documentation/accel/qaic/index.rst | 1 + Documentation/arch/arm64/silicon-errata.rst | 2 + Documentation/i2c/busses/i2c-i801.rst | 1 + Documentation/netlink/specs/ethtool.yaml | 7 +- Makefile | 5 +- arch/arm64/Kconfig | 11 + arch/arm64/kernel/ptrace.c | 10 +- arch/arm64/mm/context.c | 4 +- arch/arm64/mm/init.c | 17 +- arch/loongarch/include/asm/hugetlb.h | 10 + arch/loongarch/kvm/vcpu.c | 4 +- arch/loongarch/mm/tlb.c | 2 +- arch/mips/boot/dts/loongson/ls7a-pch.dtsi | 73 +- arch/powerpc/kernel/prom_init.c | 29 +- arch/riscv/configs/defconfig | 1 - arch/s390/include/asm/pci.h | 14 +- arch/s390/include/asm/pci_clp.h | 8 +- arch/s390/kernel/perf_cpum_sf.c | 4 +- arch/s390/pci/pci.c | 88 +- arch/s390/pci/pci_bus.c | 48 +- arch/s390/pci/pci_clp.c | 17 +- arch/s390/pci/pci_event.c | 19 +- arch/x86/Kconfig | 1 - arch/x86/events/amd/core.c | 10 +- arch/x86/include/asm/pgtable_types.h | 8 +- arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/cpu/cacheinfo.c | 43 +- arch/x86/kernel/cpu/intel.c | 4 +- arch/x86/kernel/cpu/topology.c | 6 +- arch/x86/kernel/fpu/signal.c | 20 +- arch/x86/kernel/fpu/xstate.h | 27 +- arch/x86/kernel/relocate_kernel_64.S | 8 + arch/x86/kvm/mmu/mmu.c | 10 +- arch/x86/kvm/mmu/paging_tmpl.h | 5 +- arch/x86/mm/ident_map.c | 6 +- arch/x86/mm/pti.c | 2 +- arch/x86/pci/acpi.c | 119 + block/blk-zoned.c | 43 +- crypto/ecdsa.c | 19 +- drivers/accel/qaic/qaic_drv.c | 4 +- drivers/acpi/video_detect.c | 16 + drivers/acpi/x86/utils.c | 85 +- drivers/base/arch_numa.c | 4 + drivers/base/cacheinfo.c | 14 +- drivers/base/regmap/internal.h | 1 + drivers/base/regmap/regcache-maple.c | 3 + drivers/base/regmap/regmap.c | 13 + drivers/block/zram/zram_drv.c | 29 +- drivers/bluetooth/btusb.c | 26 + drivers/clk/clk-en7523.c | 4 +- drivers/clk/qcom/Kconfig | 4 +- drivers/clk/qcom/clk-alpha-pll.c | 11 + drivers/clk/qcom/clk-alpha-pll.h | 1 + drivers/clk/qcom/clk-rcg.h | 1 + drivers/clk/qcom/clk-rcg2.c | 48 +- drivers/clk/qcom/clk-rpmh.c | 13 + drivers/clk/qcom/dispcc-sm8550.c | 18 +- drivers/clk/qcom/tcsrcc-sm8550.c | 18 +- drivers/dma-buf/dma-fence-array.c | 28 +- drivers/dma-buf/dma-fence-unwrap.c | 126 +- drivers/firmware/qcom/qcom_scm.c | 2 + drivers/gpio/gpio-grgpio.c | 26 +- drivers/gpio/gpiolib.c | 41 + drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 48 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 12 + .../gpu/drm/amd/amdgpu/gfx_v9_0_cleaner_shader.h | 44 +- .../drm/amd/amdgpu/gfx_v9_4_2_cleaner_shader.asm | 153 + drivers/gpu/drm/amd/amdgpu/hdp_v4_0.c | 12 +- drivers/gpu/drm/amd/amdgpu/hdp_v5_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/hdp_v5_2.c | 6 +- drivers/gpu/drm/amd/amdgpu/hdp_v6_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/hdp_v7_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 30 +- drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 27 + drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 6 + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 25 +- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 17 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 18 + drivers/gpu/drm/amd/display/dc/core/dc_debug.c | 40 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 57 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 6 +- drivers/gpu/drm/amd/display/dc/dc.h | 3 + drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 6 +- .../dc/dio/dcn314/dcn314_dio_stream_encoder.c | 10 + .../drm/amd/display/dc/dml2/display_mode_core.c | 1 + .../dc/dml2/dml21/dml21_translation_helper.c | 29 +- .../drm/amd/display/dc/hwss/dcn314/dcn314_hwseq.c | 20 +- drivers/gpu/drm/amd/display/dc/inc/core_status.h | 2 + drivers/gpu/drm/amd/display/dc/inc/core_types.h | 1 + .../amd/display/dc/resource/dcn20/dcn20_resource.c | 23 + .../amd/display/dc/resource/dcn21/dcn21_resource.c | 2 +- .../amd/display/dc/resource/dcn30/dcn30_resource.c | 1 + .../display/dc/resource/dcn302/dcn302_resource.c | 1 + .../display/dc/resource/dcn303/dcn303_resource.c | 1 + .../amd/display/dc/resource/dcn31/dcn31_resource.c | 7 + .../amd/display/dc/resource/dcn31/dcn31_resource.h | 3 + .../display/dc/resource/dcn314/dcn314_resource.c | 1 + .../display/dc/resource/dcn315/dcn315_resource.c | 1 + .../display/dc/resource/dcn316/dcn316_resource.c | 1 + .../amd/display/dc/resource/dcn32/dcn32_resource.c | 1 + .../display/dc/resource/dcn321/dcn321_resource.c | 1 + .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 + .../display/dc/resource/dcn351/dcn351_resource.c | 2 + .../display/dc/resource/dcn401/dcn401_resource.c | 1 + drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h | 3 +- .../drm/amd/display/modules/freesync/freesync.c | 13 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 6 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 148 +- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 15 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 190 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 181 +- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 182 +- drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 41 +- drivers/gpu/drm/amd/pm/swsmu/smu12/renoir_ppt.c | 43 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 169 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 152 +- .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 172 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 25 + drivers/gpu/drm/amd/pm/swsmu/smu_cmn.h | 4 + drivers/gpu/drm/bridge/ite-it6505.c | 1 + drivers/gpu/drm/display/drm_dp_dual_mode_helper.c | 4 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 55 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 18 + drivers/gpu/drm/drm_panic.c | 10 + drivers/gpu/drm/mcde/mcde_drv.c | 1 + drivers/gpu/drm/panel/panel-simple.c | 28 + drivers/gpu/drm/radeon/r600_cs.c | 2 +- drivers/gpu/drm/scheduler/sched_main.c | 8 + drivers/gpu/drm/sti/sti_mixer.c | 2 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 2 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vc4/vc4_hvs.c | 11 + drivers/gpu/drm/xe/regs/xe_engine_regs.h | 1 + drivers/gpu/drm/xe/regs/xe_gt_regs.h | 3 + drivers/gpu/drm/xe/xe_devcoredump.c | 146 +- drivers/gpu/drm/xe/xe_devcoredump.h | 6 + drivers/gpu/drm/xe/xe_devcoredump_types.h | 3 +- drivers/gpu/drm/xe/xe_device.c | 1 + drivers/gpu/drm/xe/xe_force_wake.h | 16 + drivers/gpu/drm/xe/xe_gt_topology.c | 14 + drivers/gpu/drm/xe/xe_guc_ct.c | 18 + drivers/gpu/drm/xe/xe_guc_log.c | 40 +- drivers/gpu/drm/xe/xe_guc_submit.c | 2 +- drivers/gpu/drm/xe/xe_hw_engine.c | 1 - drivers/gpu/drm/xe/xe_pci.c | 2 + drivers/gpu/drm/xe/xe_query.c | 42 +- drivers/gpu/drm/xe/xe_wa.c | 47 + drivers/gpu/drm/xe/xe_wa_oob.rules | 2 + drivers/hid/hid-core.c | 5 +- drivers/hid/hid-generic.c | 3 + drivers/hid/hid-ids.h | 1 + drivers/hid/hid-magicmouse.c | 56 +- drivers/hid/i2c-hid/i2c-hid-core.c | 20 +- drivers/hid/wacom_sys.c | 3 +- drivers/hwmon/nct6775-platform.c | 2 + drivers/i2c/busses/Kconfig | 1 + drivers/i2c/busses/i2c-i801.c | 6 + drivers/i3c/master.c | 85 +- drivers/i3c/master/mipi-i3c-hci/dma.c | 2 +- drivers/iio/adc/ad7192.c | 3 + drivers/iio/light/ltr501.c | 2 + drivers/iio/magnetometer/af8133j.c | 3 +- drivers/iio/magnetometer/yamaha-yas530.c | 13 +- drivers/iommu/amd/io_pgtable.c | 11 +- drivers/iommu/iommufd/fault.c | 2 - drivers/irqchip/Kconfig | 2 +- drivers/irqchip/irq-gic-v3-its.c | 50 +- drivers/leds/led-class.c | 14 +- drivers/mailbox/pcc.c | 61 +- drivers/md/bcache/super.c | 2 +- drivers/media/pci/intel/ipu6/Kconfig | 2 +- drivers/media/pci/intel/ipu6/ipu6-isys-queue.c | 66 +- drivers/media/pci/intel/ipu6/ipu6-isys-queue.h | 1 + drivers/media/pci/intel/ipu6/ipu6-isys.c | 19 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 2 + drivers/media/usb/uvc/uvc_driver.c | 31 + drivers/misc/eeprom/eeprom_93cx6.c | 10 + drivers/mmc/core/block.c | 26 +- drivers/mmc/core/bus.c | 6 +- drivers/mmc/core/card.h | 10 + drivers/mmc/core/core.c | 3 + drivers/mmc/core/quirks.h | 9 + drivers/mmc/core/sd.c | 30 +- drivers/mmc/core/sd.h | 2 +- drivers/mmc/core/sdio.c | 2 +- drivers/mmc/host/mtk-sd.c | 64 +- drivers/mmc/host/sdhci-esdhc-imx.c | 6 + drivers/mmc/host/sdhci-pci-core.c | 72 + drivers/mmc/host/sdhci-pci.h | 1 + drivers/net/can/c_can/c_can_main.c | 26 +- drivers/net/can/dev/dev.c | 2 +- drivers/net/can/ifi_canfd/ifi_canfd.c | 58 +- drivers/net/can/m_can/m_can.c | 33 +- drivers/net/can/sja1000/sja1000.c | 65 +- drivers/net/can/spi/hi311x.c | 48 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 29 +- drivers/net/can/sun4i_can.c | 22 +- drivers/net/can/usb/ems_usb.c | 58 +- drivers/net/can/usb/f81604.c | 10 +- drivers/net/can/usb/gs_usb.c | 25 +- drivers/net/dsa/qca/qca8k-8xxx.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 8 +- drivers/net/ethernet/freescale/enetc/enetc.c | 3 + drivers/net/ethernet/freescale/fec_mpc52xx_phy.c | 2 +- drivers/net/ethernet/freescale/fman/fman.c | 1 - drivers/net/ethernet/freescale/fman/fman.h | 3 + drivers/net/ethernet/freescale/fman/mac.c | 5 + .../net/ethernet/freescale/fs_enet/mii-bitbang.c | 2 +- drivers/net/ethernet/intel/ice/ice_common.c | 25 +- drivers/net/ethernet/intel/ice/ice_main.c | 8 +- drivers/net/ethernet/intel/ice/ice_ptp_hw.c | 3 +- drivers/net/ethernet/intel/ice/ice_ptp_hw.h | 5 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 1 + drivers/net/ethernet/intel/igb/igb_main.c | 4 + drivers/net/ethernet/intel/ixgbe/ixgbe_common.h | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 +- drivers/net/ethernet/intel/ixgbevf/ipsec.c | 1 - .../ethernet/mellanox/mlx5/core/en/tc_tun_encap.c | 13 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 32 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 7 +- .../mlx5/core/steering/hws/mlx5hws_bwc_complex.c | 2 + .../mellanox/mlx5/core/steering/hws/mlx5hws_send.c | 1 + .../ethernet/mellanox/mlxsw/core_acl_flex_keys.c | 6 +- .../ethernet/mellanox/mlxsw/core_acl_flex_keys.h | 2 +- .../mellanox/mlxsw/spectrum_acl_flex_keys.c | 72 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 1 + drivers/net/ethernet/qlogic/qed/qed_mcp.c | 4 +- drivers/net/ethernet/realtek/r8169_main.c | 14 +- drivers/net/ethernet/rocker/rocker_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4.h | 5 + drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 5 + drivers/net/geneve.c | 2 +- drivers/net/phy/microchip.c | 21 + drivers/net/phy/sfp.c | 3 +- drivers/net/virtio_net.c | 12 +- drivers/net/wireless/ath/ath10k/sdio.c | 6 +- drivers/net/wireless/ath/ath12k/mac.c | 18 +- drivers/net/wireless/ath/ath5k/pci.c | 2 + .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 2 +- drivers/net/wireless/intel/ipw2x00/libipw_rx.c | 8 +- drivers/net/wireless/realtek/rtw88/sdio.c | 6 +- drivers/net/wireless/realtek/rtw88/usb.c | 5 +- drivers/net/wireless/realtek/rtw89/fw.c | 3 + drivers/nvdimm/dax_devs.c | 4 +- drivers/nvdimm/nd.h | 7 + drivers/nvme/host/core.c | 25 +- drivers/nvme/host/rdma.c | 8 +- drivers/nvme/host/tcp.c | 2 +- drivers/pci/controller/dwc/pcie-qcom.c | 1 + drivers/pci/controller/plda/pcie-starfive.c | 10 +- drivers/pci/controller/vmd.c | 17 +- drivers/pci/pci-sysfs.c | 26 + drivers/pci/pci.c | 2 +- drivers/pci/pci.h | 1 + drivers/pci/probe.c | 30 +- drivers/pci/quirks.c | 15 +- drivers/pinctrl/core.c | 3 + drivers/pinctrl/core.h | 1 + drivers/pinctrl/freescale/Kconfig | 2 +- drivers/pinctrl/pinmux.c | 173 +- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 + drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 1 + drivers/platform/x86/asus-wmi.c | 11 +- drivers/pmdomain/core.c | 37 +- drivers/pmdomain/imx/gpcv2.c | 2 +- drivers/ptp/ptp_clock.c | 3 +- drivers/regulator/qcom-rpmh-regulator.c | 83 +- drivers/remoteproc/qcom_q6v5_pas.c | 1 + drivers/rtc/rtc-cmos.c | 37 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 100 +- drivers/scsi/lpfc/lpfc_ct.c | 21 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 36 +- drivers/scsi/lpfc/lpfc_init.c | 2 + drivers/scsi/lpfc/lpfc_sli.c | 41 +- drivers/scsi/qla2xxx/qla_attr.c | 1 + drivers/scsi/qla2xxx/qla_bsg.c | 124 +- drivers/scsi/qla2xxx/qla_mid.c | 1 + drivers/scsi/qla2xxx/qla_os.c | 15 +- drivers/scsi/scsi_debug.c | 2 +- drivers/scsi/sg.c | 2 +- drivers/scsi/st.c | 31 +- drivers/soc/imx/soc-imx8m.c | 107 +- drivers/soc/qcom/llcc-qcom.c | 2644 +++++++- drivers/soc/qcom/qcom_pd_mapper.c | 1 + drivers/spi/spi-fsl-lpspi.c | 7 +- drivers/spi/spi-mpc52xx.c | 1 + drivers/thermal/qcom/tsens-v1.c | 21 +- drivers/thermal/qcom/tsens.c | 3 + drivers/thermal/qcom/tsens.h | 2 +- drivers/tty/serial/8250/8250_dw.c | 5 +- drivers/ufs/core/ufs-sysfs.c | 6 + drivers/ufs/core/ufs_bsg.c | 2 +- drivers/ufs/core/ufshcd-priv.h | 1 + drivers/ufs/core/ufshcd.c | 59 +- drivers/ufs/host/cdns-pltfrm.c | 4 +- drivers/ufs/host/tc-dwc-g210-pltfrm.c | 5 +- drivers/ufs/host/ufs-exynos.c | 3 +- drivers/ufs/host/ufs-hisi.c | 4 +- drivers/ufs/host/ufs-mediatek.c | 5 +- drivers/ufs/host/ufs-qcom.c | 7 +- drivers/ufs/host/ufs-renesas.c | 13 +- drivers/ufs/host/ufs-sprd.c | 5 +- drivers/ufs/host/ufshcd-pltfrm.c | 16 + drivers/ufs/host/ufshcd-pltfrm.h | 1 + drivers/usb/chipidea/ci.h | 2 + drivers/usb/chipidea/ci_hdrc_imx.c | 1 + drivers/usb/chipidea/core.c | 2 + drivers/usb/chipidea/udc.c | 156 +- drivers/usb/chipidea/udc.h | 2 + drivers/usb/typec/ucsi/ucsi_acpi.c | 56 +- drivers/usb/typec/ucsi/ucsi_glink.c | 10 +- drivers/vfio/pci/mlx5/cmd.c | 47 +- drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c | 6 +- drivers/watchdog/apple_wdt.c | 2 +- drivers/watchdog/iTCO_wdt.c | 21 +- drivers/watchdog/mtk_wdt.c | 6 + drivers/watchdog/rti_wdt.c | 3 +- drivers/watchdog/xilinx_wwdt.c | 75 +- fs/btrfs/dev-replace.c | 2 + fs/btrfs/disk-io.c | 3 +- fs/btrfs/disk-io.h | 3 +- fs/btrfs/fs.h | 2 + fs/btrfs/inode.c | 1 + fs/btrfs/super.c | 73 +- fs/btrfs/volumes.c | 137 +- fs/dlm/lock.c | 10 +- fs/eventpoll.c | 6 +- fs/ext4/extents.c | 7 +- fs/ext4/inode.c | 53 +- fs/f2fs/data.c | 82 +- fs/f2fs/extent_cache.c | 74 +- fs/f2fs/f2fs.h | 4 + fs/f2fs/inode.c | 4 +- fs/f2fs/node.c | 7 +- fs/f2fs/sysfs.c | 10 + fs/gfs2/super.c | 2 + fs/jffs2/compr_rtime.c | 3 + fs/jfs/jfs_dmap.c | 6 + fs/jfs/jfs_dtree.c | 15 + fs/nilfs2/dir.c | 2 +- fs/notify/fanotify/fanotify_user.c | 85 +- fs/ntfs3/attrib.c | 9 +- fs/ntfs3/frecord.c | 103 +- fs/ntfs3/ntfs_fs.h | 3 +- fs/ntfs3/run.c | 40 +- fs/ocfs2/dlmglue.c | 1 + fs/ocfs2/localalloc.c | 19 - fs/ocfs2/namei.c | 4 +- fs/smb/client/cifsproto.h | 1 + fs/smb/client/cifssmb.c | 2 +- fs/smb/client/connect.c | 4 +- fs/smb/client/dfs.c | 188 +- fs/smb/client/inode.c | 94 +- fs/smb/client/readdir.c | 54 +- fs/smb/client/reparse.c | 90 +- fs/smb/client/smb2inode.c | 3 +- fs/smb/server/smb2pdu.c | 6 + fs/unicode/mkutf8data.c | 70 + fs/unicode/utf8data.c_shipped | 6703 ++++++++++---------- include/acpi/pcc.h | 7 + include/drm/display/drm_dp_mst_helper.h | 7 + include/drm/intel/xe_pciids.h | 31 +- include/linux/blkdev.h | 2 +- include/linux/bpf.h | 17 +- include/linux/cleanup.h | 48 +- include/linux/clocksource.h | 2 + include/linux/eeprom_93cx6.h | 11 + include/linux/eventpoll.h | 2 +- include/linux/f2fs_fs.h | 1 + include/linux/fanotify.h | 1 + include/linux/hid.h | 2 + include/linux/i3c/master.h | 9 +- include/linux/io_uring/cmd.h | 4 +- include/linux/leds.h | 2 +- include/linux/mmc/card.h | 3 +- include/linux/mmc/sd.h | 1 + include/linux/page-flags.h | 4 +- include/linux/pci.h | 6 + include/linux/scatterlist.h | 2 +- include/linux/stackdepot.h | 6 +- include/linux/timekeeper_internal.h | 15 - include/linux/usb/chipidea.h | 1 + include/net/bluetooth/hci.h | 14 + include/net/bluetooth/hci_core.h | 10 +- include/net/netfilter/nf_tables_core.h | 1 + include/net/tcp_ao.h | 3 +- include/sound/soc_sdw_utils.h | 2 + include/trace/events/damon.h | 2 +- include/trace/trace_events.h | 36 +- include/uapi/drm/xe_drm.h | 4 +- include/uapi/linux/fanotify.h | 1 + include/ufs/ufshcd.h | 19 +- io_uring/tctx.c | 13 +- io_uring/uring_cmd.c | 2 +- kernel/bpf/arraymap.c | 26 +- kernel/bpf/core.c | 1 + kernel/bpf/devmap.c | 6 +- kernel/bpf/hashtab.c | 56 +- kernel/bpf/lpm_trie.c | 55 +- kernel/bpf/syscall.c | 29 +- kernel/bpf/trampoline.c | 47 +- kernel/bpf/verifier.c | 15 +- kernel/dma/debug.c | 8 +- kernel/kcsan/debugfs.c | 74 +- kernel/sched/core.c | 4 +- kernel/sched/deadline.c | 1 + kernel/sched/ext.c | 9 + kernel/sched/fair.c | 14 +- kernel/sched/syscalls.c | 2 +- kernel/softirq.c | 15 +- kernel/time/Kconfig | 5 - kernel/time/clocksource.c | 11 +- kernel/time/ntp.c | 2 +- kernel/time/timekeeping.c | 114 +- kernel/time/timekeeping_internal.h | 15 +- kernel/trace/ring_buffer.c | 98 +- kernel/trace/trace.c | 33 +- kernel/trace/trace.h | 7 + kernel/trace/trace_clock.c | 2 +- kernel/trace/trace_eprobe.c | 5 + kernel/trace/trace_output.c | 4 + kernel/trace/trace_syscalls.c | 12 + kernel/trace/tracing_map.c | 6 +- lib/Kconfig.debug | 13 - lib/stackdepot.c | 10 +- lib/stackinit_kunit.c | 1 + mm/debug.c | 7 +- mm/gup.c | 11 +- mm/kasan/report.c | 6 +- mm/memblock.c | 4 +- mm/memcontrol-v1.h | 2 +- mm/mempolicy.c | 4 + mm/mmap.c | 1 + mm/readahead.c | 5 +- mm/vmalloc.c | 3 +- net/bluetooth/hci_conn.c | 19 +- net/bluetooth/hci_core.c | 13 +- net/bluetooth/hci_event.c | 7 + net/bluetooth/hci_sync.c | 9 +- net/bluetooth/l2cap_sock.c | 1 + net/bluetooth/rfcomm/sock.c | 10 +- net/can/af_can.c | 1 + net/can/j1939/transport.c | 2 +- net/core/link_watch.c | 7 +- net/core/neighbour.c | 1 + net/core/netpoll.c | 2 +- net/dccp/feat.c | 6 +- net/ethtool/bitset.c | 48 +- net/hsr/hsr_device.c | 19 +- net/hsr/hsr_forward.c | 2 + net/ieee802154/socket.c | 12 +- net/ipv4/af_inet.c | 22 +- net/ipv4/icmp.c | 3 + net/ipv4/tcp_ao.c | 42 +- net/ipv4/tcp_bpf.c | 11 +- net/ipv4/tcp_ipv4.c | 3 +- net/ipv4/udp.c | 14 +- net/ipv6/addrconf.c | 13 +- net/ipv6/af_inet6.c | 22 +- net/ipv6/route.c | 6 +- net/ipv6/tcp_ipv6.c | 4 +- net/mptcp/diag.c | 2 +- net/mptcp/options.c | 4 +- net/mptcp/protocol.c | 6 +- net/mptcp/protocol.h | 6 +- net/mptcp/subflow.c | 4 +- net/netfilter/ipset/ip_set_core.c | 5 + net/netfilter/ipvs/ip_vs_proto.c | 4 +- net/netfilter/nft_inner.c | 59 +- net/netfilter/nft_set_hash.c | 16 + net/netfilter/nft_socket.c | 2 +- net/netfilter/xt_LED.c | 4 +- net/packet/af_packet.c | 12 +- net/sched/cls_flower.c | 5 +- net/sched/sch_cbs.c | 2 +- net/sched/sch_tbf.c | 18 +- net/smc/af_smc.c | 6 +- net/tipc/udp_media.c | 2 +- net/vmw_vsock/af_vsock.c | 70 +- net/xdp/xsk_buff_pool.c | 5 +- net/xdp/xskmap.c | 2 +- rust/kernel/lib.rs | 2 +- rust/kernel/list/arc.rs | 3 - rust/kernel/sync/arc.rs | 6 - samples/bpf/test_cgrp2_sock.c | 4 +- scripts/Makefile.build | 2 +- scripts/mod/modpost.c | 2 +- scripts/setlocalversion | 54 +- sound/core/seq/seq_ump_client.c | 6 +- sound/pci/hda/hda_auto_parser.c | 61 +- sound/pci/hda/hda_local.h | 28 +- sound/pci/hda/patch_analog.c | 6 +- sound/pci/hda/patch_cirrus.c | 8 +- sound/pci/hda/patch_conexant.c | 36 +- sound/pci/hda/patch_cs8409-tables.c | 2 +- sound/pci/hda/patch_cs8409.h | 2 +- sound/pci/hda/patch_realtek.c | 126 +- sound/pci/hda/patch_sigmatel.c | 22 +- sound/pci/hda/patch_via.c | 2 +- sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/hdmi-codec.c | 144 +- sound/soc/intel/avs/pcm.c | 2 +- sound/soc/intel/boards/sof_rt5682.c | 7 + sound/soc/intel/boards/sof_sdw.c | 41 + sound/soc/intel/common/soc-acpi-intel-arl-match.c | 63 + sound/soc/intel/common/soc-acpi-intel-mtl-match.c | 7 + sound/soc/mediatek/mt8188/mt8188-mt6359.c | 4 +- sound/soc/sdw_utils/soc_sdw_utils.c | 7 +- sound/soc/sof/ipc3-topology.c | 31 +- sound/usb/endpoint.c | 14 +- sound/usb/mixer.c | 58 +- sound/usb/mixer_maps.c | 10 + sound/usb/mixer_quirks.c | 1 + sound/usb/quirks-table.h | 341 +- sound/usb/quirks.c | 75 +- sound/usb/usbaudio.h | 4 + tools/bpf/bpftool/prog.c | 17 +- tools/scripts/Makefile.arch | 4 +- tools/testing/selftests/arm64/fp/fp-stress.c | 15 +- tools/testing/selftests/arm64/pauth/pac.c | 3 + .../selftests/bpf/progs/verifier_bits_iter.c | 4 +- tools/testing/selftests/damon/Makefile | 2 +- .../ftrace/test.d/kprobe/kprobe_syntax_errors.tc | 2 +- tools/testing/selftests/hid/run-hid-tools-tests.sh | 16 +- tools/testing/selftests/mm/hugetlb_dio.c | 14 +- tools/testing/selftests/resctrl/resctrl_val.c | 4 +- tools/testing/selftests/resctrl/resctrlfs.c | 2 +- .../testing/selftests/wireguard/qemu/debug.config | 1 - tools/testing/vsock/vsock_perf.c | 10 +- tools/testing/vsock/vsock_test.c | 26 +- tools/tracing/rtla/sample/timerlat_load.py | 9 +- tools/tracing/rtla/src/timerlat_hist.c | 20 +- tools/tracing/rtla/src/timerlat_top.c | 8 +- tools/tracing/rtla/src/utils.c | 4 +- tools/tracing/rtla/src/utils.h | 2 + tools/verification/dot2/automata.py | 18 +- 543 files changed, 13114 insertions(+), 7179 deletions(-)

6 months

11
10
0 0

[PATCH 6.1 000/772] 6.1.120-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.120 release. There are 772 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 15 Dec 2024 14:57:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.120-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.120-rc2 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix possible deadlocks Kaixin Wang <kxwang23(a)m.fudan.edu.cn> i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Sequential field availability check in mi_enum_attr() Randy Dunlap <rdunlap(a)infradead.org> drm/msm: DEVFREQ_GOV_SIMPLE_ONDEMAND is no longer needed Rob Clark <robdclark(a)chromium.org> PM / devfreq: Fix build issues with devfreq disabled Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix possible assignment of the same address to two devices Frank Li <Frank.Li(a)nxp.com> i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin Arnd Bergmann <arnd(a)arndb.de> serial: amba-pl011: fix build regression Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: ep0: Don't reset resource alloc flag Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: rework resume handling for display (v2) Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Make sure the mapped tt pages are decrypted when needed Peilin Ye <peilin.ye(a)bytedance.com> veth: Use tstats per-CPU traffic counters Peilin Ye <peilin.ye(a)bytedance.com> bpf: Fix dev's rx stats for bpf_redirect_peer traffic Daniel Borkmann <daniel(a)iogearbox.net> net: Move {l,t,d}stats allocation to core and convert veth & vrf Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix helper writes to read-only maps Shu Han <ebpqwerty472123(a)gmail.com> mm: call the security_mmap_file() LSM hook in remap_file_pages() Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init() Mark Rutland <mark.rutland(a)arm.com> arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint Mark Brown <broonie(a)kernel.org> arm64/sve: Discard stale CPU state when handling SVE traps Ziwei Xiao <ziweixiao(a)google.com> gve: Fixes for napi_poll when budget is 0 Zhang Zekun <zhangzekun11(a)huawei.com> Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" Heming Zhao <heming.zhao(a)suse.com> ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check BIOS images before it is used Andy-ld Lu <andy-ld.lu(a)mediatek.com> mmc: mtk-sd: Fix error handle of probe function Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Fix STALL transfer event handling Pavel Begunkov <asml.silence(a)gmail.com> io_uring: wake up optimisations Zheng Yejian <zhengyejian(a)huaweicloud.com> mm/damon/vaddr: fix issue in damon_va_evenly_split_region() Richard Weinberger <richard(a)nod.at> jffs2: Fix rtime decompressor Kinsey Moore <kinsey.moore(a)oarcorp.com> jffs2: Prevent rtime decompress memory corruption Nikolay Kuratov <kniv(a)yandex-team.ru> KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn from kvm_faultin_pfn() Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Jing Zhang <jingzhangos(a)google.com> KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Jan Kara <jack(a)suse.cz> udf: Fold udf_getblk() into udf_bread() Yishai Hadas <yishaih(a)nvidia.com> vfio/mlx5: Align the page tracking max message size with the device capability Linus Torvalds <torvalds(a)linux-foundation.org> Revert "unicode: Don't special case ignorable code points" Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/eprobe: Fix to release eprobe when failed to add dyn_event Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing snapshot drew unlock when root is dead during swap activation K Prateek Nayak <kprateek.nayak(a)amd.com> sched/core: Prevent wakeup of ksoftirqd during idle load balance K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy K Prateek Nayak <kprateek.nayak(a)amd.com> sched/core: Remove the unnecessary need_resched() check in nohz_csd_func() Jared Kangas <jkangas(a)redhat.com> kasan: make report_lock a raw spinlock Andrey Konovalov <andreyknvl(a)gmail.com> kasan: suppress recursive reports for HW_TAGS Jens Axboe <axboe(a)kernel.dk> io_uring/tctx: work around xa_store() allocation error issue Inochi Amaoto <inochiama(a)gmail.com> serial: 8250_dw: Add Sophgo SG2044 quirk Dmitry Torokhov <dmitry.torokhov(a)gmail.com> rtc: cmos: avoid taking rtc_lock for extended period of time Parker Newman <pnewman(a)connecttech.com> misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle Michael Ellerman <mpe(a)ellerman.id.au> powerpc/prom_init: Fixup missing powermac #size-cells Uwe Kleine-König <ukleinek(a)debian.org> ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW Xi Ruoyao <xry111(a)xry111.site> MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: light: ltr501: Add LTER0303 to the supported devices Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: handle USB Error Interrupt if IOC not set Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix sleeping in atomic context for PREEMPT_RT Defa Li <defa.li(a)mediatek.com> i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock Mengyuan Lou <mengyuanlou(a)net-swift.com> PCI: Add ACS quirk for Wangxun FF5xxx NICs Keith Busch <kbusch(a)kernel.org> PCI: Add 'reset_subordinate' to reset hierarchy below bridge Esther Shimanovich <eshimanovich(a)chromium.org> PCI: Detect and trust built-in Thunderbolt chips Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request Qi Han <hanqi(a)vivo.com> f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. Gabriele Monaco <gmonaco(a)redhat.com> verification/dot2: Improve dot parser robustness Kees Cook <kees(a)kernel.org> smb: client: memcpy() with surrounding object base address Yi Yang <yiyang13(a)huawei.com> nvdimm: rectify the illogical code within nd_dax_probe() Barnabás Czémán <barnabas.czeman(a)mainlining.org> pinctrl: qcom: spmi-mpp: Add PM8937 compatible Barnabás Czémán <barnabas.czeman(a)mainlining.org> pinctrl: qcom-pmic-gpio: add support for PM8937 Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't modify unknown block number in MTIOCGET Mukesh Ojha <quic_mojha(a)quicinc.com> leds: class: Protect brightness_show() with led_cdev->led_access mutex Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Make DMA mask configuration more flexible Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Add cond_resched() for no forced preemption model Jan Stancek <jstancek(a)redhat.com> tools/rtla: fix collision with glibc sched_attr/sched_set_attr Uros Bizjak <ubizjak(a)gmail.com> tracing: Use atomic64_inc_return() in trace_clock_counter() Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> tracing/ftrace: disable preemption in syscall probe Esben Haabendal <esben(a)geanix.com> pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in __netpoll_setup Jakub Kicinski <kuba(a)kernel.org> net/neighbor: clear error in case strict check is not set Dmitry Antipov <dmantipov(a)yandex.ru> rocker: fix link status detection in rocker_carrier_init() Jonas Karlman <jonas(a)kwiboo.se> ASoC: hdmi-codec: reorder channel allocation list Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables Andrew Lunn <andrew(a)lunn.ch> dsa: qca8k: Use nested lock to avoid splat Norbert van Bolhuis <nvbolhuis(a)gmail.com> wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> wifi: ipw2x00: libipw_rx_any(): fix bad alignment Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: set the right AMDGPU sg segment limitation Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Make mic volume workarounds globally applicable Victor Zhao <Victor.Zhao(a)amd.com> drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov Nihar Chaithanya <niharchaithanya(a)gmail.com> jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: fix array-index-out-of-bounds in jfs_readdir Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: fix shift-out-of-bounds in dbSplit Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: array-index-out-of-bounds fix in dtReadFirst Levi Yun <yeoreum.yun(a)arm.com> dma-debug: fix a possible deadlock on radix_lock Lang Yu <lang.yu(a)amd.com> drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: Dereference the ATCS ACPI buffer Victor Lu <victorchengchi.lu(a)amd.com> drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih Philipp Stanner <pstanner(a)redhat.com> drm/sched: memset() 'job' in drm_sched_job_init() Shengyu Qu <wiagn233(a)outlook.com> net: sfp: change quirks for Alcatel Lucent G-010S-P Manikandan Muralidharan <manikandan.m(a)microchip.com> drm/panel: simple: Add Microchip AC69T88A LVDS Display panel Rosen Penev <rosenp(a)gmail.com> wifi: ath5k: add PCI ID for Arcadyan devices Rosen Penev <rosenp(a)gmail.com> wifi: ath5k: add PCI ID for SX76X Ignat Korchagin <ignat(a)cloudflare.com> net: inet6: do not leave a dangling sk pointer in inet6_create() Ignat Korchagin <ignat(a)cloudflare.com> net: inet: do not leave a dangling sk pointer in inet_create() Ignat Korchagin <ignat(a)cloudflare.com> net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() Ignat Korchagin <ignat(a)cloudflare.com> net: af_can: do not leave a dangling sk pointer in can_create() Ignat Korchagin <ignat(a)cloudflare.com> Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() Ignat Korchagin <ignat(a)cloudflare.com> Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() Ignat Korchagin <ignat(a)cloudflare.com> af_packet: avoid erroring out after sock_init_data() in packet_create() Elena Salomatkina <esalomatkina(a)ispras.ru> net/sched: cbs: Fix integer overflow in cbs_set_port_rate() Simon Horman <horms(a)kernel.org> net: ethernet: fs_enet: Use %pa to format resource_size_t Simon Horman <horms(a)kernel.org> net: fec_mpc52xx_phy: Use %pa to format resource_size_t Zhu Jun <zhujun2(a)cmss.chinamobile.com> samples/bpf: Fix a resource leak Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't apply UDP padding quirk on RTL8126A Brahmajit Das <brahmajit.xyz(a)gmail.com> drm/display: Fix building with GCC 15 Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() Liao Chen <liaochen4(a)huawei.com> drm/mcde: Enable module autoloading Liao Chen <liaochen4(a)huawei.com> drm/bridge: it6505: Enable module autoloading Joaquín Ignacio Aramendía <samsagax(a)gmail.com> drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK Joaquín Ignacio Aramendía <samsagax(a)gmail.com> drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition Joaquín Ignacio Aramendía <samsagax(a)gmail.com> drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Set AXI panic modes for the HVS Dom Cobley <popcornmix(a)gmail.com> drm/vc4: hdmi: Avoid log spam for audio start failure Callahan Kovacs <callahankovacs(a)gmail.com> HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support Marek Vasut <marex(a)denx.de> soc: imx8m: Probe the SoC driver as platform driver Keita Aihara <keita.aihara(a)sony.com> mmc: core: Add SD card quirk for broken poweroff notification Rohan Barar <rohan.barar(a)gmail.com> media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 David Given <dg(a)cowlark.com> media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera Breno Leitao <leitao(a)debian.org> perf/x86/amd: Warn only on new bits set Marco Elver <elver(a)google.com> kcsan: Turn report_filterlist_lock into a raw_spinlock Mark Brown <broonie(a)kernel.org> kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all() Boris Burkov <boris(a)bur.io> btrfs: do not clear read-only when adding sprout device Qu Wenruo <wqu(a)suse.com> btrfs: avoid unnecessary device path update for the same device Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Handle CPU hotplug remove during sampling Christian Brauner <brauner(a)kernel.org> epoll: annotate racy check Pratyush Brahma <quic_pbrahma(a)quicinc.com> iommu/arm-smmu: Defer probe of clients after smmu device bound Kees Cook <kees(a)kernel.org> lib: stackinit: hide never-taken branch from compiler Wengang Wang <wen.gang.wang(a)oracle.com> ocfs2: update seq_file index in ocfs2_dlm_seq_next Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Further prevent card detect during shutdown Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet Cosmin Tanislav <demonsingur(a)gmail.com> regmap: detach regmap from dev on regmap_exit Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: fix OOB map writes when deleting elements Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> dma-fence: Use kernel's sort for merging fences Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> dma-fence: Fix reference leak on fence merge failure path Christian König <christian.koenig(a)amd.com> dma-buf: fix dma_fence_array_signaled v4 Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> bpf: fix OOB devmap writes when deleting elements Thomas Gleixner <tglx(a)linutronix.de> modpost: Add .irqentry.text to OTHER_SECTIONS Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp5.2: do a posting read when flushing HDP Imre Deak <imre.deak(a)intel.com> drm/dp_mst: Fix resetting msg rx state after topology removal Imre Deak <imre.deak(a)intel.com> drm/dp_mst: Verify request type in the corresponding down message reply Imre Deak <imre.deak(a)intel.com> drm/dp_mst: Fix MST sideband message body length check Liequan Che <cheliequan(a)inspur.com> bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Add missing post notify for power mode change Gwendal Grignou <gwendal(a)chromium.org> scsi: ufs: core: sysfs: Prevent div by zero Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix use after free on unload Anil Gurumurthy <agurumurthy(a)marvell.com> scsi: qla2xxx: Supported speed displayed incorrectly for VPorts Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix NVMe and NPIV connect issue Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix abort in bsg timeout Sahas Leelodharry <sahas.leelodharry(a)mail.mcgill.ca> ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 Marie Ramlow <me(a)nycode.dev> ALSA: usb-audio: add mixer mapping for Corsair HS80 Mark Rutland <mark.rutland(a)arm.com> arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Catalin Marinas <catalin.marinas(a)arm.com> arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs Kuan-Wei Chiu <visitorckw(a)gmail.com> tracing: Fix cmp_entries_dup() to respect sort() comparison rules Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6. Marc Kleine-Budde <mkl(a)pengutronix.de> can: dev: can_set_termination(): allow sleeping GPIOs Alexander Sverdlin <alexander.sverdlin(a)siemens.com> watchdog: rti: of: honor timeout-sec property Jordy Zomer <jordyzomer(a)google.com> ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write Jordy Zomer <jordyzomer(a)google.com> ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read Bibo Mao <maobibo(a)loongson.cn> LoongArch: Add architecture specific huge_pte_clear() WangYuli <wangyuli(a)uniontech.com> HID: wacom: fix when get product name maybe null pointer Roman Gushchin <roman.gushchin(a)linux.dev> mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Hou Tao <houtao1(a)huawei.com> bpf: Fix exact match conditions in trie_get_next_key() Hou Tao <houtao1(a)huawei.com> bpf: Handle in-place update for full LPM trie correctly Hou Tao <houtao1(a)huawei.com> bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem Hou Tao <houtao1(a)huawei.com> bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie Jakob Hauser <jahau(a)rocketmail.com> iio: magnetometer: yas530: use signed integer type for clamp limits Randy Dunlap <rdunlap(a)infradead.org> scatterlist: fix incorrect func name in kernel-doc Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> ocfs2: free inode when ocfs2_get_init_inode() fails Maíra Canal <mcanal(a)igalia.com> drm/v3d: Enable Performance Counters before clearing them John Garry <john.g.garry(a)oracle.com> scsi: scsi_debug: Fix hrtimer support for ndelay Pei Xiao <xiaopei01(a)kylinos.cn> spi: mpc52xx: Add cancel_work_sync before module remove Björn Töpel <bjorn(a)rivosinc.com> tools: Override makefile ARCH variable if defined, but empty Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Notify xrun for low-latency mode Zijian Zhang <zijianzhang(a)bytedance.com> tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg Pei Xiao <xiaopei01(a)kylinos.cn> drm/sti: Add __iomem for mixer_dbg_mxn's parameter Amir Mohammadi <amirmohammadi1999.am(a)gmail.com> bpftool: fix potential NULL pointer dereferencing in prog_dump() Quentin Monnet <quentin(a)isovalent.com> bpftool: Remove asserts from JIT disassembler Larysa Zaremba <larysa.zaremba(a)intel.com> xsk: always clear DMA mapping information when unmapping the pool Chen-Yu Tsai <wenst(a)chromium.org> drm/bridge: it6505: Fix inverted reset polarity Kuro Chung <kuro.chung(a)ite.com.tw> drm/bridge: it6505: update usleep_range for RC circuit charge time Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error paths Jonathan Cameron <Jonathan.Cameron(a)huawei.com> device property: Introduce device_for_each_child_node_scoped() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> device property: Add cleanup.h based fwnode_handle_put() scope based cleanup. Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> device property: Constify device child node APIs Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() Manivannan Sadhasivam <mani(a)kernel.org> PCI: endpoint: Use a separate lock for protecting epc->pci_epf list Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix dynamic address leak when 'assigned-address' is present Frank Li <Frank.Li(a)nxp.com> i3c: master: Extend address status bit to 4 and add I3C_ADDR_SLOT_EXT_DESIRED Frank Li <Frank.Li(a)nxp.com> i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter Carlos Song <carlos.song(a)nxp.com> i3c: master: svc: use slow speed for first broadcast address Carlos Song <carlos.song(a)nxp.com> i3c: master: support to adjust first broadcast address speed Frank Li <Frank.Li(a)nxp.com> i3c: master: fix kernel-doc check warning Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: add hot join support Frank Li <Frank.Li(a)nxp.com> i3c: master: add enable(disable) hot join in sys entry Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> i3c: Make i3c_master_unregister() return void Saravana Kannan <saravanak(a)google.com> driver core: fw_devlink: Stop trying to optimize cycle detection logic Saravana Kannan <saravanak(a)google.com> driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link Saravana Kannan <saravanak(a)google.com> driver core: fw_devlink: Improve logs for cycle detection Marcelo Dalmas <marcelo.dalmas(a)ge.com> ntp: Remove invalid cast in time offset math Nathan Chancellor <nathan(a)kernel.org> powerpc/vdso: Drop -mstack-protector-guard flags in 32-bit files with clang Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Refactor CFLAGS for CVDSO build Nathan Chancellor <nathan(a)kernel.org> powerpc/vdso: Include CLANG_FLAGS explicitly in ldflags-y Nathan Chancellor <nathan(a)kernel.org> powerpc/vdso: Remove an unsupported flag from vgettimeofday-32.o with clang Nathan Chancellor <nathan(a)kernel.org> powerpc/vdso: Improve linker flags Nathan Chancellor <nathan(a)kernel.org> powerpc/vdso: Remove unused '-s' flag from ASFLAGS Sathvika Vasireddy <sv(a)linux.ibm.com> powerpc/vdso: Skip objtool from running on VDSO files Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc3: ep0: Don't reset resource alloc flag (including ep0) Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Rewrite endpoint allocation flow Kartik Rajput <kkartik(a)nvidia.com> serial: amba-pl011: Fix RX stall when DMA is used Thomas Gleixner <tglx(a)linutronix.de> serial: amba-pl011: Use port lock wrappers Charles Han <hanchunchao(a)inspur.com> gpio: grgpio: Add NULL check in grgpio_probe Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: grgpio: use a helper variable to store the address of ofdev->dev Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Don't retire aborted MMIO instruction Fuad Tabba <tabba(a)google.com> KVM: arm64: Change kvm_handle_mmio_return() return polarity Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Remove workaround to avoid syndrome for internal port Eric Dumazet <edumazet(a)google.com> geneve: do not assume mac header is set in geneve_xmit_skb() Kory Maincent <kory.maincent(a)bootlin.com> ethtool: Fix wrong mod state in case of verbose and no_mask bitset Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: skip duplicated elements pending gc run Phil Sutter <phil(a)nwl.cc> netfilter: ipset: Hold module reference while requesting a module Xin Long <lucien.xin(a)gmail.com> net: sched: fix erspan_opt settings in cls_flower Yuan Can <yuancan(a)huawei.com> igb: Fix potential invalid memory access in igb_init_module() Jacob Keller <jacob.e.keller(a)intel.com> ixgbe: downgrade logging of unsupported VF API version to debug Jacob Keller <jacob.e.keller(a)intel.com> ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 Louis Leseur <louis.leseur(a)gmail.com> net/qed: allow old cards not supporting "num_images" to work Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix LGR and link use-after-free issue Kuniyuki Iwashima <kuniyu(a)amazon.com> tipc: Fix use-after-free of kernel socket in cleanup_bearer(). Ivan Solodovnikov <solodovnikov.ia(a)phystech.edu> dccp: Fix memory leak in dccp_feat_change_recv Jiri Wiesner <jwiesner(a)suse.de> net/ipv6: release expired exception dst cached in socket Vadim Fedorenko <vadfed(a)meta.com> net-timestamp: make sk_tskey more predictable in error path Dmitry Antipov <dmantipov(a)yandex.ru> can: j1939: j1939_session_new(): fix skb reference counting Eric Dumazet <edumazet(a)google.com> net: hsr: avoid potential out-of-bound access in fill_frame_info() Martin Ottens <martin.ottens(a)fau.de> net/sched: tbf: correct backlog statistic for GSO packets Ajay Kaher <ajay.kaher(a)broadcom.com> ptp: Add error handling for adjfine callback in ptp_clock_adjtime Jacob Keller <jacob.e.keller(a)intel.com> ptp: convert remaining drivers to adjfine interface Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level Dmitry Antipov <dmantipov(a)yandex.ru> netfilter: x_tables: fix LED ID check in led_tg_check() Jinghao Jia <jinghao7(a)illinois.edu> ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: hi311x: hi3110_can_ist(): fix potential use-after-free Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails Alexander Kozhinov <ak.alexander.kozhinov(a)gmail.com> can: gs_usb: add usb endpoint address detection at driver probe step Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: add VID/PID for Xylanta SAINT3 product family Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: uniformly use "parent" as variable name for struct gs_usb Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_usb_probe(): align block comment Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: remove leading space from goto labels Yassine Oudjana <y.oudjana(a)protonmail.com> watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() Nick Chan <towinchenmi(a)gmail.com> watchdog: apple: Actually flush writes after requesting watchdog restart Oleksandr Ocheretnyi <oocheret(a)cisco.com> iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call Umio Yasuno <coelacanth_dream(a)protonmail.com> drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: flush shader L1 cache after user commandstream Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check Ma Ke <make24(a)iscas.ac.cn> drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check Josef Bacik <josef(a)toxicpanda.com> btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() Nathan Chancellor <nathan(a)kernel.org> powerpc: Adjust adding stack protector flags to KBUILD_CLAGS for clang Nathan Chancellor <nathan(a)kernel.org> powerpc: Fix stack protector Kconfig test for clang Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer Zicheng Qu <quzicheng(a)huawei.com> iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() Yang Erkun <yangerkun(a)huawei.com> nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur Yang Erkun <yangerkun(a)huawei.com> nfsd: make sure exp active before svc_export_show Damien Le Moal <dlemoal(a)kernel.org> PCI: rockchip-ep: Fix address translation unit programming Yuan Can <yuancan(a)huawei.com> dm thin: Add missing destroy_work_on_stack() Oleksandr Tymoshenko <ovt(a)google.com> ovl: properly handle large files in ovl_security_fileattr Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: int3400: Fix reading of current_uuid for active policy Jiri Olsa <jolsa(a)kernel.org> fs/proc/kcore.c: Clear ret value in read_kcore_iter after successful iov_iter_zero Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add link up check to ks_pcie_other_map_bus() Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() Jinjie Ruan <ruanjinjie(a)huawei.com> i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Fix hibern8 notify callbacks Alexandru Ardelean <aardelean(a)baylibre.com> util_macros.h: fix/rework find_closest() macros Patrick Donnelly <pdonnell(a)redhat.com> ceph: extract entity name from device id Linus Walleij <linus.walleij(a)linaro.org> ARM: 9431/1: mm: Pair atomic_set_release() with _read_acquire() Linus Walleij <linus.walleij(a)linaro.org> ARM: 9430/1: entry: Do a dummy read from VMAP shadow Vasily Gorbik <gor(a)linux.ibm.com> s390/entry: Mark IRQ entries to fix stack depot warnings Linus Walleij <linus.walleij(a)linaro.org> ARM: 9429/1: ioremap: Sync PGDs for VMALLOC shadow Zicheng Qu <quzicheng(a)huawei.com> ad7780: fix division by zero in ad7780_write_raw() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-qcs404: fix initial rate of GPLL3 Michal Vokáč <michal.vokac(a)ysoft.com> leds: lp55xx: Remove redundant test for invalid channel number Mostafa Saleh <smostafa(a)google.com> iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables MengEn Sun <mengensun(a)tencent.com> vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event guoweikang <guoweikang.kernel(a)gmail.com> ftrace: Fix regression with module command in stack_trace_filter Wei Yang <richard.weiyang(a)gmail.com> maple_tree: refine mas_store_root() on storing NULL Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: Filter invalid inodes with missing lookup function Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> media: uvcvideo: Require entities to have a non-zero unique ID Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Stop stream during unregister Gaosheng Cui <cuigaosheng1(a)huawei.com> media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() Jinjie Ruan <ruanjinjie(a)huawei.com> media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() Jinjie Ruan <ruanjinjie(a)huawei.com> media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled Jinjie Ruan <ruanjinjie(a)huawei.com> media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available Li Zetao <lizetao1(a)huawei.com> media: ts2020: fix null-ptr-deref in ts2020_probe() Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Ensure power suppliers be suspended before detach them Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: tc358743: Fix crash in the probe error path when using polling Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay Jinjie Ruan <ruanjinjie(a)huawei.com> media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled Ming Qian <ming.qian(a)nxp.com> media: imx-jpeg: Set video drvdata before register video device Ming Qian <ming.qian(a)nxp.com> media: amphion: Set video drvdata before register video device Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay Dragan Simic <dsimic(a)manjaro.org> arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer Filipe Manana <fdmanana(a)suse.com> btrfs: ref-verify: fix use-after-free after invalid ref action Lizhi Xu <lizhi.xu(a)windriver.com> btrfs: add a sanity check for btrfs root in btrfs_search_slot() ChenXiaoSong <chenxiaosong2(a)huawei.com> btrfs: add might_sleep() annotations Filipe Manana <fdmanana(a)suse.com> btrfs: don't loop for nowait writes when checking for cross references Ojaswin Mujoo <ojaswin(a)linux.ibm.com> quota: flush quota_release_work upon quota writeback Long Li <leo.lilong(a)huawei.com> xfs: remove unknown compat feature check in superblock write validation Dan Carpenter <dan.carpenter(a)linaro.org> sh: intc: Fix use-after-free bug in register_intc_controller() Liu Jian <liujian56(a)huawei.com> sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when mounting nfs Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove incorrect code in do_eisa_entry() Maxime Chevallier <maxime.chevallier(a)bootlin.com> rtc: ab-eoz9: don't fail temperature reads on undervoltage notification Namhyung Kim <namhyung(a)kernel.org> perf/arm-cmn: Ensure port and device id bits are set properly Chun-Tse Shao <ctshao(a)google.com> perf/arm-smmuv3: Fix lockdep assert in ->event_init() Alex Zenla <alex(a)edera.dev> 9p/xen: fix release of IRQ Alex Zenla <alex(a)edera.dev> 9p/xen: fix init sequence Christoph Hellwig <hch(a)lst.de> block: return unsigned int from bdev_io_min Wolfram Sang <wsa+renesas(a)sang-engineering.com> rtc: rzn1: fix BCD to rtc_time conversion errors Qingfang Deng <qingfang.deng(a)siflower.com.cn> jffs2: fix use of uninitialized variable Waqar Hameed <waqar.hameed(a)axis.com> ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix duplicate slab cache names while attaching Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Correct the total block count by deducting journal reservation Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty Yongliang Gao <leonylgao(a)tencent.com> rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Nobuhiro Iwamatsu <iwamatsu(a)nigauri.org> rtc: abx80x: Fix WDT bit position of the status register Jinjie Ruan <ruanjinjie(a)huawei.com> rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.0: Fix a use-after-free problem in the asynchronous open() Tiwei Bie <tiwei.btw(a)antgroup.com> um: Always dump trace for specified task in show_stack Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the return value of elf_core_copy_task_fpregs Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix potential integer overflow during physmem setup Yang Erkun <yangerkun(a)huawei.com> SUNRPC: make sure cache entry active before cache_show Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent a potential integer overflow Ma Wupeng <mawupeng1(a)huawei.com> ipc: fix memleak if msg_init_ns failed in create_ipc_ns Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> lib: string_helpers: silence snprintf() output truncation warning Ming Lei <ming.lei(a)redhat.com> ublk: fix error code for unsupported command Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix looping of queued SG entries Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix checking for number of TRBs left Hubert Wiśniewski <hubert.wisniewski.25632(a)gmail.com> usb: musb: Fix hardware lockup on first Rx endpoint request Steve French <stfrench(a)microsoft.com> smb3: request handle caching when caching directories Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Apply quirk for Medion E15433 Dinesh Kumar <desikumar81(a)gmail.com> ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Set PCBeep to default value for ALC274 Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC225 depop procedure Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Add sanity NULL check for the default mmap fault handler Hans Verkuil <hverkuil(a)xs4all.nl> media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() Qiu-ji Chen <chenqiuji666(a)gmail.com> media: wl128x: Fix atomicity violation in fmc_send_cmd() Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Muchun Song <muchun.song(a)linux.dev> block: fix ordering between checking BLK_MQ_S_STOPPED request adding Will Deacon <will(a)kernel.org> arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Ming Lei <ming.lei(a)redhat.com> ublk: fix ublk_ch_mmap() for 64K page size Huacai Chen <chenhuacai(a)kernel.org> sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Do not use drvdata in release Bin Liu <b-liu(a)ti.com> serial: 8250: omap: Move pm_runtime_get_sync Filip Brozovic <fbrozovic(a)gmail.com> serial: 8250_fintek: Add support for F81216E Michal Simek <michal.simek(a)amd.com> dt-bindings: serial: rs485: Fix rs485-rts-delay property Tiwei Bie <tiwei.btw(a)antgroup.com> um: net: Do not use drvdata in release Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Do not use drvdata in release Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: wl: Put source PEB into correct list if trying locking LEB failed Javier Carrasco <javier.carrasco.cruz(a)gmail.com> platform/chrome: cros_ec_typec: fix missing fwnode reference decrement Josh Poimboeuf <jpoimboe(a)kernel.org> parisc/ftrace: Fix function graph tracing disablement Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() Cheng Ming Lin <chengminglin(a)mxic.com.tw> mtd: spi-nor: core: replace dummy buswidth from addr to data Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> spi: Fix acpi deferred irq probe Jeongjun Park <aha310510(a)gmail.com> netfilter: ipset: add missing range check in bitmap_ip_uadt Sai Kumar Cholleti <skmr537(a)gmail.com> gpio: exar: set value when external pull-up or pull-down is present Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Michal Vrastil <michal.vrastil(a)hidglobal.com> Revert "usb: gadget: composite: fix OS descriptors w_value logic" Javier Carrasco <javier.carrasco.cruz(a)gmail.com> wifi: brcmfmac: release 'root' node in all execution paths Guilherme G. Piccoli <gpiccoli(a)igalia.com> wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Fix double free in driver API bus_register() Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix TD invalidation under pending Set TR Dequeue Andrej Shadura <andrew.shadura(a)collabora.co.uk> Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix uninit-value in __exfat_get_dentry_set Angelo Dureghello <adureghello(a)baylibre.com> dt-bindings: iio: dac: ad3552r: fix maximum spi speed Johan Hovold <johan+linaro(a)kernel.org> pinctrl: qcom: spmi: fix debugfs drive strength Ahmed Ehab <bottaawesome633(a)gmail.com> locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Jinjie Ruan <ruanjinjie(a)huawei.com> apparmor: test: Fix memory leak for aa_unpack_strdup() Jann Horn <jannh(a)google.com> comedi: Flush partial mappings in error case Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix sending inotify event with unexpected filename Lukas Wunner <lukas(a)wunner.de> PCI: Fix use-after-free of slot->bus on hot remove Raghavendra Rao Ananta <rananta(a)google.com> KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR Gautam Menghani <gautam(a)linux.ibm.com> powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE Eric Biggers <ebiggers(a)google.com> crypto: x86/aegis128 - access 32-bit arguments as 32-bit Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix buffer full but size is 0 case Qiu-ji Chen <chenqiuji666(a)gmail.com> ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Ilya Zverev <ilya(a)zverev.info> ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 Artem Sadovnikov <ancowi69(a)gmail.com> jfs: xattr: check invalid xattr size more strictly Theodore Ts'o <tytso(a)mit.edu> ext4: fix FS_IOC_GETFSMAP handling Jeongjun Park <aha310510(a)gmail.com> ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: sst: Fix used of uninitialized ctx to log an error Catalin Marinas <catalin.marinas(a)arm.com> dma: allow dma_get_cache_alignment() to be overridden by the arch code Catalin Marinas <catalin.marinas(a)arm.com> powerpc: move the ARCH_DMA_MINALIGN definition to asm/cache.h Catalin Marinas <catalin.marinas(a)arm.com> mm/slab: decouple ARCH_KMALLOC_MINALIGN from ARCH_DMA_MINALIGN Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled Chen-Yu Tsai <wenst(a)chromium.org> Revert "arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled" Benoît Sevens <bsevens(a)google.com> ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Hide Topdown metrics events if the feature is not enumerated Boris Burkov <boris(a)bur.io> btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Zqiang <qiang.zhang1211(a)gmail.com> rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb() Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check phantom_stream before it is used Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: avoid NULL pointer dereference Jammy Huang <jammy_huang(a)aspeedtech.com> media: aspeed: Fix memory overwrite if timing is 1600x900 Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-spear: fix call balance of sehci clk handling routines Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix out of bounds reads when finding clock sources Qiu-ji Chen <chenqiuji666(a)gmail.com> xen: Fix the issue of resource not being properly released in xenbus_dev_probe() lei lu <llfamsec(a)gmail.com> xfs: add bounds checking to xlog_recover_process_data Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths lei lu <llfamsec(a)gmail.com> ntfs3: Add bounds checking to mi_enum_attr() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fixed overflow check in mi_enum_attr() Jason-JH.Lin <jason-jh.lin(a)mediatek.com> mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry chao liu <liuzgyid(a)outlook.com> apparmor: fix 'Do simple duplicate message elimination' Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC256 depop procedure Jiasheng Jiang <jiashengjiangcool(a)gmail.com> counter: ti-ecap-capture: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> counter: stm32-timer-cnt: Add check for clk_enable() Jinjie Ruan <ruanjinjie(a)huawei.com> misc: apds990x: Fix missing pm_runtime_disable() Edward Adam Davis <eadavis(a)qq.com> USB: chaoskey: Fix possible deadlock chaoskey_list_lock Oliver Neukum <oneukum(a)suse.com> USB: chaoskey: fail open after removal Oliver Neukum <oneukum(a)suse.com> usb: yurex: make waiting on yurex_write interruptible Jeongjun Park <aha310510(a)gmail.com> usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: light: al3010: Fix an error handling path in al3010_probe() Paolo Abeni <pabeni(a)redhat.com> ipmr: fix tables suspicious RCU usage Paolo Abeni <pabeni(a)redhat.com> ip6mr: fix tables suspicious RCU usage Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix use-after-free of nreq in reqsk_timer_handler(). Michal Luczaj <mhal(a)rbox.co> rxrpc: Improve setsockopt() handling of malformed user input Michal Luczaj <mhal(a)rbox.co> llc: Improve setsockopt() handling of malformed user input Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Add crypto_clone_tfm Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Add crypto_tfm_get Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Eric Dumazet <edumazet(a)google.com> net: hsr: fix hsr_init_sk() vs network/transport headers. Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Fix register name in verbose logging function Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: Fix mismatch in lmac type Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Vitalii Mordan <mordan(a)ispras.ru> marvell: pxa168_eth: fix call balance of pep->clk handling routines Rosen Penev <rosenp(a)gmail.com> net: mdio-ipq4019: add missing error check Hangbin Liu <liuhangbin(a)gmail.com> net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged Sidraya Jayagond <sidraya(a)linux.ibm.com> s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Pavan Chebbi <pavan.chebbi(a)broadcom.com> tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Fix double free issue with interrupt buffer allocation Barnabás Czémán <barnabas.czeman(a)mainlining.org> power: supply: bq27xxx: Fix registers of bq27426 Bart Van Assche <bvanassche(a)acm.org> power: supply: core: Remove might_sleep() from power_supply_put() Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: BPF: Sign-extend return values Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Fix build failure with GCC 15 (-std=gnu23) WANG Xuerui <git(a)xen0n.name> LoongArch: Tweak CFLAGS for Clang compatibility Randy Dunlap <rdunlap(a)infradead.org> fs_parser: update mount_api doc to match function signature Avihai Horon <avihaih(a)nvidia.com> vfio/pci: Properly hide first-in-list PCIe extended capability Michael Ellerman <mpe(a)ellerman.id.au> selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix suboptimal range on iotlb iteration Murad Masimov <m.masimov(a)maxima.ru> hwmon: (tps23861) Fix reporting of negative temperatures Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_shutdown_copy() Ye Bin <yebin10(a)huawei.com> svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() Luis Chamberlain <mcgrof(a)kernel.org> sunrpc: simplify two-level sysctl registration for svcrdma_parm_table Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Sibi Sankar <quic_sibis(a)quicinc.com> remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Jonathan Marek <jonathan(a)marek.ca> rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Fix GLINK command prefix Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> remoteproc: qcom: pas: add minidump_id to SM8350 resources Abel Vesa <abel.vesa(a)linaro.org> remoteproc: qcom: q6v5: Use _clk_get_optional for aggre2_clk Benjamin Peterson <benjamin(a)engflow.com> perf trace: Avoid garbage when not printing a syscall's arguments Benjamin Peterson <benjamin(a)engflow.com> perf trace: Do not lose last events in a race Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Address an integer overflow Antonio Quartulli <antonio(a)mandelbit.com> m68k: coldfire/device.c: only build FEC when HW macros are defined Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Benjamin Peterson <benjamin(a)engflow.com> perf trace: avoid garbage when not printing a trace event's arguments Chao Yu <chao(a)kernel.org> f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID Yongpeng Yang <yangyongpeng1(a)oppo.com> f2fs: check curseg->inited before write_sum_page in change_curseg Christoph Hellwig <hch(a)lst.de> f2fs: remove the unused flush argument to change_curseg Christoph Hellwig <hch(a)lst.de> f2fs: open code allocate_segment_by_default Christoph Hellwig <hch(a)lst.de> f2fs: remove struct segment_allocation default_salloc_ops LongPing Wei <weilongping(a)oppo.com> f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Arnaldo Carvalho de Melo <acme(a)kernel.org> perf ftrace latency: Fix unit on histogram first entry when using --use-nsec Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: cpqphp: Fix PCIBIOS_* return value confusion weiyufeng <weiyufeng(a)kylinos.cn> PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads Leo Yan <leo.yan(a)arm.com> perf probe: Correct demangled symbols in C++ program Ian Rogers <irogers(a)google.com> perf probe: Fix libdw memory leak Chao Yu <chao(a)kernel.org> f2fs: fix to account dirty data in __get_secs_required() Qi Han <hanqi(a)vivo.com> f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks Ian Rogers <irogers(a)google.com> perf stat: Fix affinity memory leaks on error path Levi Yun <yeoreum.yun(a)arm.com> perf stat: Close cork_fd when create_perf_stat_counter() failed Todd Kjos <tkjos(a)google.com> PCI: Fix reset_method_store() memory leak James Clark <james.clark(a)linaro.org> perf cs-etm: Don't flush when packet_queue fills up Dan Carpenter <dan.carpenter(a)linaro.org> mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() Paul Aurich <paul(a)darkrain42.org> smb: cached directories can be more than root file handle zhang jiao <zhangjiao2(a)cmss.chinamobile.com> pinctrl: k210: Undef K210_PC_DEFAULT Nuno Sa <nuno.sa(a)analog.com> clk: clk-axi-clkgen: make sure to enable the AXI bus clock Nuno Sa <nuno.sa(a)analog.com> dt-bindings: clock: axi-clkgen: include AXI clk Charles Han <hanchunchao(a)inspur.com> clk: clk-apple-nco: Add NULL check in applnco_probe Zhen Lei <thunder.leizhen(a)huawei.com> fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/sh7760fb: Alloc DMA memory from hardware device Zhang Zekun <zhangzekun11(a)huawei.com> powerpc/kexec: Fix return of uninitialized variable Michal Suchanek <msuchanek(a)suse.de> powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> dax: delete a stale directory pmem Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix uninitialized value in ocfs2_file_read_iter() Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix out-of-order issue of requester when setting FENCE Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Zeng Heng <zengheng4(a)huawei.com> scsi: fusion: Remove unused variable 'rc' Ye Bin <yebin10(a)huawei.com> scsi: bfa: Fix use-after-free in bfad_im_module_exit() Mirsad Todorovac <mtodorovac69(a)gmail.com> fs/proc/kcore.c: fix coccinelle reported ERROR instances Zhang Changzhong <zhangchangzhong(a)huawei.com> mfd: rt5033: Fix missing regmap_del_irq_chip() Zhenzhong Duan <zhenzhong.duan(a)intel.com> iommu/vt-d: Fix checks and print in pgtable_walk() Zhenzhong Duan <zhenzhong.duan(a)intel.com> iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes() Dong Aisheng <aisheng.dong(a)nxp.com> clk: imx: clk-scu: fix clk enable state save and restore Peng Fan <peng.fan(a)nxp.com> clk: imx: fracn-gppll: fix pll power up Peng Fan <peng.fan(a)nxp.com> clk: imx: fracn-gppll: correct PLL initialization flow Peng Fan <peng.fan(a)nxp.com> clk: imx: lpcg-scu: SW workaround for errata (e10858) Biju Das <biju.das.jz(a)bp.renesas.com> clk: renesas: rzg2l: Fix FOUTPOSTDIV clk Andre Przywara <andre.przywara(a)arm.com> clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix cpu stuck caused by printings during reset Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Remove unnecessary QP type checks Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Use dev_* printings in hem code instead of ibdev_* Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Add clear_hem return value to log wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/mm/fault: Fix kfence page fault reporting Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: atmel: Fix possible memory leak Biju Das <biju.das.jz(a)bp.renesas.com> mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mtd: hyperbus: rpc-if: Convert to platform remove callback returning void Geert Uytterhoeven <geert+renesas(a)glider.be> memory: renesas-rpc-if: Remove Runtime PM wrappers Geert Uytterhoeven <geert+renesas(a)glider.be> memory: renesas-rpc-if: Pass device instead of rpcif to rpcif_*() Geert Uytterhoeven <geert+renesas(a)glider.be> memory: renesas-rpc-if: Improve Runtime PM handling Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/fadump: Refactor and prepare fadump_cma_init for late init Yuan Can <yuancan(a)huawei.com> cpufreq: loongson2: Unregister platform_driver on failure Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device Marcus Folkesson <marcus.folkesson(a)gmail.com> mfd: da9052-spi: Change read-mask to write-mask Jinjie Ruan <ruanjinjie(a)huawei.com> mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Flag VDSO64 entry points as functions Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: zynqmp: drop excess struct member description Levi Yun <yeoreum.yun(a)arm.com> trace/trace_event_perf: remove duplicate samples on the first tracepoint event André Almeida <andrealmeid(a)igalia.com> unicode: Fix utf8_load() error path Jiayuan Chen <mrpre(a)163.com> bpf: fix recursive lock when verdict program return SK_PASS Hangbin Liu <liuhangbin(a)gmail.com> wireguard: selftests: load nf_conntrack if not present Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in netpoll_poll_lock Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: fix use-after-free in device_for_each_child() Takashi Iwai <tiwai(a)suse.de> ALSA: 6fire: Release resources at card release Takashi Iwai <tiwai(a)suse.de> ALSA: caiaq: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: us122l: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: usx2y: Use snd_card_free_when_closed() at disconnection Mingwei Zheng <zmw12306(a)gmail.com> net: rfkill: gpio: Add check for clk_enable() Yuan Can <yuancan(a)huawei.com> drm/amdkfd: Fix wrong usage of INIT_WORK() Paolo Abeni <pabeni(a)redhat.com> selftests: net: really check for bg process completion Paolo Abeni <pabeni(a)redhat.com> ipv6: release nexthop on device removal Eric Dumazet <edumazet(a)google.com> net: use unrcu_pointer() helper Eric Dumazet <edumazet(a)google.com> sock_diag: allow concurrent operation in sock_diag_rcv_msg() Eric Dumazet <edumazet(a)google.com> sock_diag: allow concurrent operations Eric Dumazet <edumazet(a)google.com> sock_diag: add module pointer to "struct sock_diag_handler" Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Fix sk_msg_reset_curr Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_pop_data Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_push_data Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix SENDPAGE data logic in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap Maurice Lambert <mauricelambert434(a)gmail.com> netlink: typographical error in nlmsg_type constants definition Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: must hold rcu read lock while iterating object type list Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip transaction if update object is not implemented Zichen Xie <zichenxie0106(a)gmail.com> drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() Yuan Can <yuancan(a)huawei.com> wifi: wfx: Fix error handling in wfx_core_init() Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: hold GPU lock across perfmon sampling Doug Brown <doug(a)schmorgal.com> drm/etnaviv: fix power register offset on GC300 Xiaolei Wang <xiaolei.wang(a)windriver.com> drm/etnaviv: Request pages from DMA32 zone on addressing_limited Lukasz Luba <lukasz.luba(a)arm.com> drm/msm/gpu: Check the status of registration to PM QoS Rob Clark <robdclark(a)chromium.org> drm/msm/gpu: Bypass PM QoS constraint for idle clamp Rob Clark <robdclark(a)chromium.org> drm/msm/gpu: Add devfreq tuning debugfs Jinjie Ruan <ruanjinjie(a)huawei.com> drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Remove garbage frame for struct_ops trampoline Steven Price <steven.price(a)arm.com> drm/panfrost: Remove unused id_mask from struct panfrost_model Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Matthias Schiffer <matthias.schiffer(a)tq-group.com> drm: fsl-dcu: enable PIXCLK on LS1021A Alper Nebi Yasak <alpernebiyasak(a)gmail.com> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix msg_verify_data in test_sockmap Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: tc358767: Fix link properties discovery Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: copy addresses for both in and out paths Andrii Nakryiko <andrii(a)kernel.org> libbpf: never interpret subprogs in .text as entry programs Andrii Nakryiko <andrii(a)kernel.org> libbpf: fix sym_is_subprog() logic for weak global subprogs Alexis Lothoré (eBPF Foundation) <alexis.lothore(a)bootlin.com> selftests/bpf: add missing header include for htons Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: Fix backtrace printing for selftests crashes Stanislav Fomichev <sdf(a)google.com> selftests/bpf: Add csum helpers Yuan Chen <chenyuan(a)kylinos.cn> bpf: Fix the xdp_adjust_tail sample prog issue Tony Ambardar <tony.ambardar(a)gmail.com> libbpf: Fix output .symtab byte-order during linking Pin-yen Lin <treapking(a)chromium.org> drm/bridge: anx7625: Drop EDID cache on bridge power off Macpaul Lin <macpaul.lin(a)mediatek.com> ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_micfil: fix regmap_write_bits usage Igor Prusov <ivprusov(a)salutedevices.com> dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 Maíra Canal <mcanal(a)igalia.com> drm/v3d: Address race-condition in MMU flush Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix locking in omap_gem_new_dmabuf() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix possible NULL dereference Jeongjun Park <aha310510(a)gmail.com> wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Correct logic on stopping an HVS channel Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer Dom Cobley <popcornmix(a)gmail.com> drm/vc4: hdmi: Avoid hang with debug registers when suspended Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Don't write gamma luts on 2711 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Yao Zi <ziyao(a)disroot.org> platform/x86: panasonic-laptop: Return errno correctly in show callback Li Huafei <lihuafei1(a)huawei.com> media: atomisp: Add check for rgby_data memory allocation failure Sergey Senozhatsky <senozhatsky(a)chromium.org> media: venus: provide ctx queue lock for ioctl synchronization Dikshita Agarwal <quic_dikshita(a)quicinc.com> venus: venc: add handling for VIDIOC_ENCODER_CMD Luo Qiu <luoqiu(a)kylinsec.com.cn> firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Protect against array overrun during iMC config parsing Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8183: jacuzzi: Move panel under aux-bus Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> regmap: irq: Set lockdep class for hierarchical IRQ domains Jinjie Ruan <ruanjinjie(a)huawei.com> spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: Avoid shift-out-of-bounds Zhang Zekun <zhangzekun11(a)huawei.com> pmdomain: ti-sci: Add missing of_node_put() for args.np Andre Przywara <andre.przywara(a)arm.com> ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Clark Wang <xiaoning.wang(a)nxp.com> pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns Chen Ridong <chenridong(a)huawei.com> cgroup/bpf: only cgroup v2 can be attached by bpf programs Chen Ridong <chenridong(a)huawei.com> Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4 Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 Gregory Price <gourry(a)gourry.net> tpm: fix signed/unsigned bug when checking event logs Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mmc: mmc_spi: drop buggy snprintf() Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Jinjie Ruan <ruanjinjie(a)huawei.com> soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node Michal Simek <michal.simek(a)amd.com> microblaze: Export xmb_manager functions Gaosheng Cui <cuigaosheng1(a)huawei.com> drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() Alexander Stein <alexander.stein(a)ew.tq-group.com> spi: spi-fsl-lpspi: downgrade log level for pio mode Javier Carrasco <javier.carrasco.cruz(a)gmail.com> clocksource/drivers/timer-ti-dm: Fix child node refcount handling Mark Brown <broonie(a)kernel.org> clocksource/drivers:sp804: Make user selectable Marco Elver <elver(a)google.com> kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Marco Elver <elver(a)google.com> kcsan, seqlock: Support seqcount_latch_t Peter Zijlstra <peterz(a)infradead.org> seqlock/latch: Provide raw_read_seqcount_latch_retry() Miguel Ojeda <ojeda(a)kernel.org> time: Fix references to _msecs_to_jiffies() handling of values Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/lib: Fix memory leak on error in thermal_genl_auto() Daniel Lezcano <daniel.lezcano(a)linaro.org> tools/lib/thermal: Make more generic the command encoding function Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Chen Ridong <chenridong(a)huawei.com> crypto: bcm - add error check in the ahash_hmac_init function Chen Ridong <chenridong(a)huawei.com> crypto: caam - add error check to caam_rsa_set_priv_key_form Lifeng Zheng <zhenglifeng1(a)huawei.com> ACPI: CPPC: Fix _CPC register setting issue Pei Xiao <xiaopei01(a)kylinos.cn> hwmon: (nct6775-core) Fix overflows seen when writing limit attributes Baruch Siach <baruch(a)tkos.co.il> doc: rcu: update printed dynticks counter bits Li Huafei <lihuafei1(a)huawei.com> crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() Orange Kao <orange(a)aiven.io> EDAC/igen6: Avoid segmentation fault on module unload Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - disable same error report before resetting Everest K.C <everestkc(a)everestkc.com.np> crypto: cavium - Fix the if condition to exit loop after timeout Yi Yang <yiyang13(a)huawei.com> crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Priyanka Singh <priyanka.singh(a)nxp.com> EDAC/fsl_ddr: Fix bad bit shift operations Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Initialize thermal zones before registering them Ahsan Atta <ahsan.atta(a)intel.com> crypto: qat - remove faulty arbiter config reset David Thompson <davthompson(a)nvidia.com> EDAC/bluefield: Fix potential integer overflow Yuan Can <yuancan(a)huawei.com> firmware: google: Unregister driver_info on failure Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: caam - Fix the pointer passed to caam_qi_shutdown() Christoph Hellwig <hch(a)lst.de> virtio_blk: reverse request order in virtio_queue_rqs Christoph Hellwig <hch(a)lst.de> nvme-pci: reverse request order in nvme_queue_rqs Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> hfsplus: don't query the device logical block size multiple times Masahiro Yamada <masahiroy(a)kernel.org> s390/syscalls: Avoid creation of arch/arch/ directory Christoph Hellwig <hch(a)lst.de> block: fix bio_split_rw_at to take zone_write_granularity into account Zizhi Wo <wozizhi(a)huawei.com> netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter() Aleksandr Mishin <amishin(a)t-argos.ru> acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Masahiro Yamada <masahiroy(a)kernel.org> arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Reinstate early console Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: mvme16x: Add and use "mvme16x.h" Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Fix SCSI controller IRQ numbers Christoph Hellwig <hch(a)lst.de> nvme-pci: fix freeing of the HMB descriptor table David Disseldorp <ddiss(a)suse.de> initramfs: avoid filename buffer overrun Jonas Gorski <jonas.gorski(a)gmail.com> mips: asm: fix warning when disabling MIPS_FP_SUPPORT Jan Kara <jack(a)suse.cz> ext4: avoid remount errors with 'abort' mount option Jan Kara <jack(a)suse.cz> ext4: make 'abort' mount option handling standard Yang Erkun <yangerkun(a)huawei.com> brd: defer automatic disk creation until module initialization succeeds Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Do not unregister the subchannel based on DNV Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: mte: fix printf type warnings about longs Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: mte: fix printf type warnings about __u64 Borislav Petkov (AMD) <bp(a)alien8.de> x86/barrier: Do not serialize MSR accesses on AMD Li Zhijian <lizhijian(a)fujitsu.com> fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize denominators' default to 1 Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: avoid to add interface to list twice when SER Dmitry Kandybka <d.kandybka(a)gmail.com> mptcp: fix possible integer overflow in mptcp_reset_tout_timer Thomas Weißschuh <linux(a)weissschuh.net> fbdev: efifb: Register sysfs groups through driver core Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix possible crash on mgmt_index_removed Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null-initialized variables Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func Marco Pagani <marpagan(a)redhat.com> fpga: manager: add owner module and take its refcount Marco Pagani <marpagan(a)redhat.com> fpga: bridge: add owner module and take its refcount Pali Rohár <pali(a)kernel.org> cifs: Fix buffer overflow when parsing NFS reparse points Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix invalid FIFO access with special register set Wang Liang <wangliang74(a)huawei.com> net: fix crash when config small gso_max_size/gso_ipv4_max_size Kent Overstreet <kent.overstreet(a)linux.dev> closures: Change BUG_ON() to WARN_ON() Breno Leitao <leitao(a)debian.org> ipmr: Fix access to mfc_cache_list without lock held Harith G <harith.g(a)alifsemi.com> ARM: 9420/1: smp: Fix SMP for xip kernels Eryk Zagorski <erykzagorski(a)gmail.com> ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Define a default value for VM_DATA_DEFAULT_FLAGS John Watts <contact(a)jookia.org> ASoC: audio-graph-card2: Purge absent supplies for device tree nodes David Wang <00107082(a)163.com> proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Hans de Goede <hdegoede(a)redhat.com> drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() Markus Petri <mp(a)mpetri.org> ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 Vishnu Sankar <vishnuocv(a)gmail.com> platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: fix error in J1939 documentation. zhang jiao <zhangjiao2(a)cmss.chinamobile.com> tools/lib/thermal: Remove the thermal.h soft link when doing make clean Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-base: Handle META key Lock/Unlock events Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-smbios-base: Extends support to Alienware products Mikhail Rudenko <mike.rudenko(a)gmail.com> regulator: rk808: Add apply_bit for BUCK3 on RK809 Charles Han <hanchunchao(a)inspur.com> soc: qcom: Add check devm_kasprintf() returned value Benoît Monin <benoit.monin(a)gmx.fr> net: usb: qmi_wwan: add Quectel RG650V Jiayuan Chen <mrpre(a)163.com> bpf: fix filed access without lock Arnd Bergmann <arnd(a)arndb.de> x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Piyush Raj Chouhan <piyushchouhan1598(a)gmail.com> ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 Li Zhijian <lizhijian(a)fujitsu.com> selftests/watchdog-test: Fix system accidentally reset after watchdog-test Benjamin Große <ste3ls(a)gmail.com> usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver Ben Greear <greearb(a)candelatech.com> mac80211: fix user-power when emulating chanctx Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: Use the sync timepoint API in suspend Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: sst: Support LPE0F28 ACPI HID Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec ------------- Diffstat: Documentation/ABI/testing/sysfs-bus-pci | 11 + Documentation/ABI/testing/sysfs-fs-f2fs | 7 +- Documentation/RCU/stallwarn.rst | 2 +- .../devicetree/bindings/clock/adi,axi-clkgen.yaml | 22 +- .../devicetree/bindings/iio/dac/adi,ad3552r.yaml | 2 +- .../devicetree/bindings/serial/rs485.yaml | 19 +- .../devicetree/bindings/sound/mt6359.yaml | 10 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Documentation/driver-api/fpga/fpga-bridge.rst | 7 +- Documentation/driver-api/fpga/fpga-mgr.rst | 34 +- Documentation/filesystems/mount_api.rst | 3 +- Documentation/locking/seqlock.rst | 2 +- Documentation/networking/j1939.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/sun9i-a80-cubieboard4.dts | 4 +- arch/arm/kernel/entry-armv.S | 8 + arch/arm/kernel/head.S | 4 + arch/arm/kernel/psci_smp.c | 7 + arch/arm/mm/idmap.c | 7 + arch/arm/mm/ioremap.c | 35 +- .../boot/dts/allwinner/sun50i-a64-pinephone.dtsi | 3 + arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx8mp-verdin.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi | 8 + .../dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts | 3 + .../dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts | 2 + .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 3 + .../dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi | 3 + .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 56 +- .../boot/dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 +- .../boot/dts/mediatek/mt8183-kukui-kodama.dtsi | 4 +- .../boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 +- arch/arm64/kernel/fpsimd.c | 1 + arch/arm64/kernel/process.c | 2 +- arch/arm64/kernel/ptrace.c | 6 +- arch/arm64/kernel/smccc-call.S | 35 +- arch/arm64/kernel/vmlinux.lds.S | 6 +- arch/arm64/kvm/arm.c | 2 +- arch/arm64/kvm/mmio.c | 36 +- arch/arm64/kvm/pmu-emul.c | 1 - arch/arm64/kvm/vgic/vgic-its.c | 32 +- arch/arm64/kvm/vgic/vgic-mmio-v3.c | 7 +- arch/arm64/kvm/vgic/vgic.h | 24 + arch/arm64/mm/context.c | 4 +- arch/arm64/net/bpf_jit_comp.c | 47 +- arch/loongarch/Makefile | 21 +- arch/loongarch/include/asm/hugetlb.h | 10 + arch/loongarch/include/asm/page.h | 5 +- arch/loongarch/include/asm/percpu.h | 6 +- arch/loongarch/mm/tlb.c | 2 +- arch/loongarch/net/bpf_jit.c | 2 +- arch/loongarch/vdso/Makefile | 2 +- arch/m68k/coldfire/device.c | 8 +- arch/m68k/include/asm/mcfgpio.h | 2 +- arch/m68k/include/asm/mvme147hw.h | 4 +- arch/m68k/kernel/early_printk.c | 9 +- arch/m68k/mvme147/config.c | 30 + arch/m68k/mvme147/mvme147.h | 6 + arch/m68k/mvme16x/config.c | 2 + arch/m68k/mvme16x/mvme16x.h | 6 + arch/microblaze/kernel/microblaze_ksyms.c | 10 + arch/mips/boot/dts/loongson/ls7a-pch.dtsi | 73 +- arch/mips/include/asm/switch_to.h | 2 +- arch/parisc/kernel/ftrace.c | 2 +- arch/powerpc/Kconfig | 4 +- arch/powerpc/Makefile | 13 +- arch/powerpc/include/asm/cache.h | 4 + arch/powerpc/include/asm/dtl.h | 4 +- arch/powerpc/include/asm/fadump.h | 7 + arch/powerpc/include/asm/page_32.h | 4 - arch/powerpc/include/asm/sstep.h | 5 - arch/powerpc/include/asm/vdso.h | 1 + arch/powerpc/kernel/fadump.c | 23 +- arch/powerpc/kernel/prom_init.c | 29 +- arch/powerpc/kernel/setup-common.c | 6 +- arch/powerpc/kernel/setup_64.c | 1 + arch/powerpc/kernel/vdso/Makefile | 55 +- arch/powerpc/kexec/file_load_64.c | 9 +- arch/powerpc/kvm/book3s_hv.c | 10 +- arch/powerpc/kvm/book3s_hv_nested.c | 14 +- arch/powerpc/lib/sstep.c | 12 +- arch/powerpc/mm/fault.c | 10 +- arch/powerpc/platforms/pseries/dtl.c | 8 +- arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/s390/kernel/entry.S | 4 + arch/s390/kernel/kprobes.c | 6 + arch/s390/kernel/perf_cpum_sf.c | 4 +- arch/s390/kernel/syscalls/Makefile | 2 +- arch/sh/kernel/cpu/proc.c | 2 +- arch/um/drivers/net_kern.c | 2 +- arch/um/drivers/ubd_kern.c | 2 +- arch/um/drivers/vector_kern.c | 3 +- arch/um/kernel/physmem.c | 6 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/sysrq.c | 2 +- arch/x86/crypto/aegis128-aesni-asm.S | 29 +- arch/x86/events/amd/core.c | 10 +- arch/x86/events/intel/core.c | 34 +- arch/x86/events/intel/pt.c | 11 +- arch/x86/events/intel/pt.h | 2 + arch/x86/include/asm/amd_nb.h | 5 +- arch/x86/include/asm/barrier.h | 18 - arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/processor.h | 18 + arch/x86/kernel/cpu/amd.c | 3 + arch/x86/kernel/cpu/common.c | 7 + arch/x86/kernel/cpu/hygon.c | 3 + arch/x86/kvm/mmu/mmu.c | 5 +- arch/x86/kvm/mmu/paging_tmpl.h | 5 +- arch/x86/kvm/mmu/spte.c | 18 +- arch/x86/pci/acpi.c | 119 + block/blk-merge.c | 10 +- block/blk-mq.c | 6 + block/blk-mq.h | 13 + crypto/api.c | 63 +- crypto/internal.h | 8 + crypto/pcrypt.c | 12 +- drivers/acpi/arm64/gtdt.c | 2 +- drivers/acpi/cppc_acpi.c | 1 - drivers/base/bus.c | 2 + drivers/base/core.c | 69 +- drivers/base/property.c | 6 +- drivers/base/regmap/regmap-irq.c | 4 + drivers/base/regmap/regmap.c | 12 + drivers/block/brd.c | 66 +- drivers/block/ublk_drv.c | 17 +- drivers/block/virtio_blk.c | 46 +- drivers/bluetooth/btusb.c | 2 + drivers/clk/clk-apple-nco.c | 3 + drivers/clk/clk-axi-clkgen.c | 22 +- drivers/clk/imx/clk-fracn-gppll.c | 10 +- drivers/clk/imx/clk-lpcg-scu.c | 37 +- drivers/clk/imx/clk-scu.c | 2 +- drivers/clk/qcom/gcc-qcs404.c | 1 + drivers/clk/renesas/rzg2l-cpg.c | 11 +- drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 2 +- drivers/clocksource/Kconfig | 3 +- drivers/clocksource/timer-ti-dm-systimer.c | 4 +- drivers/comedi/comedi_fops.c | 12 + drivers/counter/stm32-timer-cnt.c | 16 +- drivers/counter/ti-ecap-capture.c | 7 +- drivers/cpufreq/cppc_cpufreq.c | 6 + drivers/cpufreq/loongson2_cpufreq.c | 4 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +- drivers/crypto/bcm/cipher.c | 5 +- drivers/crypto/caam/caampkc.c | 11 +- drivers/crypto/caam/qi.c | 2 +- drivers/crypto/cavium/cpt/cptpf_main.c | 6 +- drivers/crypto/hisilicon/hpre/hpre_main.c | 35 +- drivers/crypto/hisilicon/qm.c | 47 +- drivers/crypto/hisilicon/sec2/sec_main.c | 35 +- drivers/crypto/hisilicon/zip/zip_main.c | 35 +- drivers/crypto/inside-secure/safexcel_hash.c | 2 +- drivers/crypto/qat/qat_common/adf_hw_arbiter.c | 4 - drivers/dax/pmem/Makefile | 7 - drivers/dax/pmem/pmem.c | 10 - drivers/dma-buf/dma-fence-array.c | 28 +- drivers/dma-buf/dma-fence-unwrap.c | 126 +- drivers/edac/bluefield_edac.c | 2 +- drivers/edac/fsl_ddr_edac.c | 22 +- drivers/edac/igen6_edac.c | 2 + drivers/firmware/arm_scpi.c | 3 + drivers/firmware/efi/tpm.c | 17 +- drivers/firmware/google/gsmi.c | 6 +- drivers/firmware/smccc/smccc.c | 4 - drivers/fpga/fpga-bridge.c | 57 +- drivers/fpga/fpga-mgr.c | 82 +- drivers/gpio/gpio-exar.c | 10 +- drivers/gpio/gpio-grgpio.c | 26 +- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 48 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 +- drivers/gpu/drm/amd/amdgpu/hdp_v5_2.c | 6 +- drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 27 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 5 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 14 + drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 3 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 7 +- drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 11 +- .../gpu/drm/amd/display/dc/dcn32/dcn32_resource.c | 3 + .../display/dc/dml/dcn20/display_rq_dlg_calc_20.c | 2 +- .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 7 +- .../amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 2 + drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 11 +- drivers/gpu/drm/bridge/tc358767.c | 7 + drivers/gpu/drm/display/drm_dp_dual_mode_helper.c | 4 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 55 +- drivers/gpu/drm/drm_mm.c | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 19 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 3 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 + drivers/gpu/drm/etnaviv/etnaviv_dump.c | 7 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 48 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.h | 21 + drivers/gpu/drm/fsl-dcu/Kconfig | 1 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 15 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 3 + drivers/gpu/drm/imx/dcss/dcss-crtc.c | 6 +- drivers/gpu/drm/imx/ipuv3-crtc.c | 6 +- drivers/gpu/drm/mcde/mcde_drv.c | 1 + drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 2 +- drivers/gpu/drm/msm/msm_debugfs.c | 12 + drivers/gpu/drm/msm/msm_drv.h | 9 + drivers/gpu/drm/msm/msm_gpu.h | 15 +- drivers/gpu/drm/msm/msm_gpu_devfreq.c | 148 +- drivers/gpu/drm/omapdrm/dss/base.c | 25 +- drivers/gpu/drm/omapdrm/dss/omapdss.h | 3 +- drivers/gpu/drm/omapdrm/omap_drv.c | 4 +- drivers/gpu/drm/omapdrm/omap_gem.c | 10 +- drivers/gpu/drm/panel/panel-simple.c | 28 + drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 - drivers/gpu/drm/radeon/r600_cs.c | 2 +- drivers/gpu/drm/scheduler/sched_main.c | 8 + drivers/gpu/drm/sti/sti_cursor.c | 3 + drivers/gpu/drm/sti/sti_gdp.c | 3 + drivers/gpu/drm/sti/sti_hqvdp.c | 3 + drivers/gpu/drm/sti/sti_mixer.c | 2 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/gpu/drm/ttm/ttm_tt.c | 12 + drivers/gpu/drm/v3d/v3d_mmu.c | 29 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 2 +- drivers/gpu/drm/vc4/vc4_drv.h | 1 + drivers/gpu/drm/vc4/vc4_hdmi.c | 6 +- drivers/gpu/drm/vc4/vc4_hvs.c | 31 +- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-magicmouse.c | 56 +- drivers/hid/wacom_sys.c | 3 +- drivers/hid/wacom_wac.c | 4 +- drivers/hwmon/nct6775-core.c | 7 +- drivers/hwmon/tps23861.c | 2 +- drivers/i3c/master.c | 201 +- drivers/i3c/master/dw-i3c-master.c | 5 +- drivers/i3c/master/i3c-master-cdns.c | 5 +- drivers/i3c/master/mipi-i3c-hci/core.c | 4 +- drivers/i3c/master/mipi-i3c-hci/dma.c | 2 +- drivers/i3c/master/svc-i3c-master.c | 148 +- drivers/iio/adc/ad7780.c | 2 +- drivers/iio/adc/ad7923.c | 4 +- drivers/iio/inkern.c | 2 +- drivers/iio/light/al3010.c | 11 +- drivers/iio/light/ltr501.c | 2 + drivers/iio/magnetometer/yamaha-yas530.c | 13 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/infiniband/hw/hns/hns_roce_cq.c | 4 +- drivers/infiniband/hw/hns/hns_roce_device.h | 1 + drivers/infiniband/hw/hns/hns_roce_hem.c | 74 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 172 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 6 + drivers/infiniband/hw/hns/hns_roce_mr.c | 11 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 56 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 4 +- drivers/iommu/arm/arm-smmu/arm-smmu.c | 11 + drivers/iommu/intel/iommu.c | 40 +- drivers/iommu/io-pgtable-arm.c | 18 +- drivers/leds/flash/leds-mt6360.c | 3 +- drivers/leds/led-class.c | 14 +- drivers/leds/leds-lp55xx-common.c | 3 - drivers/mailbox/arm_mhuv2.c | 8 +- drivers/mailbox/mtk-cmdq-mailbox.c | 12 +- drivers/md/bcache/closure.c | 10 +- drivers/md/bcache/super.c | 2 +- drivers/md/dm-thin.c | 1 + drivers/media/dvb-frontends/ts2020.c | 8 +- drivers/media/i2c/adv7604.c | 5 +- drivers/media/i2c/adv7842.c | 13 +- drivers/media/i2c/dw9768.c | 10 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/platform/allegro-dvt/allegro-core.c | 4 +- drivers/media/platform/amphion/vpu_drv.c | 2 +- drivers/media/platform/amphion/vpu_v4l2.c | 2 +- drivers/media/platform/aspeed/aspeed-video.c | 4 +- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 4 +- drivers/media/platform/qcom/venus/core.c | 2 +- drivers/media/platform/qcom/venus/core.h | 11 + drivers/media/platform/qcom/venus/vdec.c | 4 + drivers/media/platform/qcom/venus/venc.c | 72 + .../media/platform/samsung/exynos4-is/media-dev.h | 5 +- drivers/media/radio/wl128x/fmdrv_common.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 2 + drivers/media/usb/gspca/ov534.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 113 +- drivers/media/v4l2-core/v4l2-dv-timings.c | 132 +- drivers/memory/renesas-rpc-if.c | 42 +- drivers/message/fusion/mptsas.c | 4 +- drivers/mfd/da9052-spi.c | 2 +- drivers/mfd/intel_soc_pmic_bxtwc.c | 138 +- drivers/mfd/rt5033.c | 4 +- drivers/mfd/tps65010.c | 8 +- drivers/misc/apds990x.c | 12 +- drivers/misc/eeprom/eeprom_93cx6.c | 10 + drivers/mmc/core/bus.c | 2 + drivers/mmc/core/card.h | 7 + drivers/mmc/core/core.c | 3 + drivers/mmc/core/quirks.h | 9 + drivers/mmc/core/sd.c | 2 +- drivers/mmc/host/mmc_spi.c | 9 +- drivers/mmc/host/mtk-sd.c | 9 +- drivers/mmc/host/sdhci-pci-core.c | 72 + drivers/mmc/host/sdhci-pci.h | 1 + drivers/mtd/hyperbus/rpc-if.c | 31 +- drivers/mtd/nand/raw/atmel/pmecc.c | 8 +- drivers/mtd/nand/raw/atmel/pmecc.h | 2 - drivers/mtd/spi-nor/core.c | 2 +- drivers/mtd/ubi/attach.c | 12 +- drivers/mtd/ubi/fastmap-wl.c | 19 +- drivers/mtd/ubi/wl.c | 11 +- drivers/mtd/ubi/wl.h | 3 +- drivers/net/can/c_can/c_can_main.c | 26 +- drivers/net/can/dev/dev.c | 2 +- drivers/net/can/ifi_canfd/ifi_canfd.c | 58 +- drivers/net/can/m_can/m_can.c | 33 +- drivers/net/can/sja1000/sja1000.c | 65 +- drivers/net/can/spi/hi311x.c | 48 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 29 +- drivers/net/can/sun4i_can.c | 22 +- drivers/net/can/usb/ems_usb.c | 58 +- drivers/net/can/usb/gs_usb.c | 104 +- drivers/net/dsa/qca/qca8k-8xxx.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 9 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +- drivers/net/ethernet/broadcom/tg3.c | 3 + drivers/net/ethernet/cavium/liquidio/lio_main.c | 11 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_ptp.c | 13 +- drivers/net/ethernet/freescale/fec_mpc52xx_phy.c | 2 +- drivers/net/ethernet/freescale/fec_ptp.c | 13 +- .../net/ethernet/freescale/fs_enet/mii-bitbang.c | 2 +- drivers/net/ethernet/google/gve/gve_main.c | 7 + drivers/net/ethernet/google/gve/gve_rx.c | 4 - drivers/net/ethernet/google/gve/gve_tx.c | 4 - drivers/net/ethernet/intel/igb/igb_main.c | 4 + drivers/net/ethernet/intel/ixgbe/ixgbe_common.h | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 +- drivers/net/ethernet/intel/ixgbevf/ipsec.c | 1 - drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 2 +- drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 5 + .../ethernet/marvell/octeontx2/nic/otx2_common.c | 4 + .../ethernet/marvell/octeontx2/nic/otx2_dcbnl.c | 5 + .../ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c | 9 + .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 + .../ethernet/marvell/octeontx2/nic/otx2_flows.c | 10 + drivers/net/ethernet/marvell/pxa168_eth.c | 14 +- .../ethernet/mellanox/mlx5/core/en/tc_tun_encap.c | 13 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 1 + drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | 5 + .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 4 +- drivers/net/ethernet/qlogic/qede/qede_ptp.c | 13 +- drivers/net/ethernet/realtek/r8169_main.c | 14 +- drivers/net/ethernet/rocker/rocker_main.c | 2 +- drivers/net/ethernet/sfc/ptp.c | 7 +- drivers/net/ethernet/sfc/siena/ptp.c | 7 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 + drivers/net/ethernet/ti/am65-cpts.c | 5 +- drivers/net/geneve.c | 2 +- drivers/net/mdio/mdio-ipq4019.c | 5 +- drivers/net/netdevsim/ipsec.c | 11 +- drivers/net/phy/sfp.c | 3 +- drivers/net/usb/lan78xx.c | 42 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/r8152.c | 1 + drivers/net/veth.c | 44 +- drivers/net/vrf.c | 24 +- drivers/net/wireless/ath/ath10k/mac.c | 4 +- drivers/net/wireless/ath/ath5k/pci.c | 2 + drivers/net/wireless/ath/ath9k/htc_hst.c | 3 + .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 3 +- drivers/net/wireless/intel/ipw2x00/libipw_rx.c | 8 +- drivers/net/wireless/intel/iwlwifi/fw/init.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 12 +- drivers/net/wireless/intersil/p54/p54spi.c | 4 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/main.c | 4 +- drivers/net/wireless/realtek/rtlwifi/efuse.c | 11 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw89/util.h | 18 + drivers/net/wireless/silabs/wfx/main.c | 17 +- drivers/nvdimm/dax_devs.c | 4 +- drivers/nvdimm/nd.h | 7 + drivers/nvme/host/pci.c | 55 +- drivers/pci/controller/dwc/pci-keystone.c | 12 + drivers/pci/controller/pcie-rockchip-ep.c | 16 +- drivers/pci/controller/pcie-rockchip.h | 4 + drivers/pci/endpoint/pci-epc-core.c | 13 +- drivers/pci/hotplug/cpqphp_pci.c | 19 +- drivers/pci/pci-sysfs.c | 26 + drivers/pci/pci.c | 7 +- drivers/pci/pci.h | 1 + drivers/pci/probe.c | 30 +- drivers/pci/quirks.c | 15 +- drivers/pci/slot.c | 4 +- drivers/perf/arm-cmn.c | 4 +- drivers/perf/arm_smmuv3_pmu.c | 19 +- drivers/pinctrl/freescale/Kconfig | 2 +- drivers/pinctrl/pinctrl-k210.c | 2 +- drivers/pinctrl/pinctrl-zynqmp.c | 1 - drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 4 +- drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 1 + drivers/platform/chrome/cros_ec_typec.c | 1 + drivers/platform/x86/dell/dell-smbios-base.c | 1 + drivers/platform/x86/dell/dell-wmi-base.c | 6 + drivers/platform/x86/intel/bxtwc_tmu.c | 22 +- drivers/platform/x86/panasonic-laptop.c | 10 +- drivers/platform/x86/thinkpad_acpi.c | 28 +- drivers/power/supply/bq27xxx_battery.c | 37 +- drivers/power/supply/power_supply_core.c | 2 - drivers/ptp/ptp_clock.c | 3 +- drivers/ptp/ptp_dte.c | 5 +- drivers/pwm/pwm-imx27.c | 98 +- drivers/regulator/rk808-regulator.c | 2 + drivers/remoteproc/qcom_q6v5_mss.c | 6 +- drivers/remoteproc/qcom_q6v5_pas.c | 44 +- drivers/rpmsg/qcom_glink_native.c | 101 +- drivers/rtc/interface.c | 7 +- drivers/rtc/rtc-ab-eoz9.c | 7 - drivers/rtc/rtc-abx80x.c | 2 +- drivers/rtc/rtc-cmos.c | 37 +- drivers/rtc/rtc-rzn1.c | 8 +- drivers/rtc/rtc-st-lpc.c | 5 +- drivers/s390/cio/cio.c | 6 +- drivers/s390/cio/device.c | 18 +- drivers/scsi/bfa/bfad.c | 3 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 1 + drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 11 + drivers/scsi/qedf/qedf_main.c | 1 + drivers/scsi/qedi/qedi_main.c | 1 + drivers/scsi/qla2xxx/qla_attr.c | 1 + drivers/scsi/qla2xxx/qla_bsg.c | 124 +- drivers/scsi/qla2xxx/qla_mid.c | 1 + drivers/scsi/qla2xxx/qla_os.c | 15 +- drivers/scsi/scsi_debug.c | 2 +- drivers/scsi/st.c | 31 +- drivers/sh/intc/core.c | 2 +- drivers/soc/fsl/rcpm.c | 1 + drivers/soc/imx/soc-imx8m.c | 107 +- drivers/soc/qcom/qcom-geni-se.c | 3 +- drivers/soc/qcom/socinfo.c | 8 +- drivers/soc/ti/smartreflex.c | 4 +- drivers/soc/ti/ti_sci_pm_domains.c | 4 + drivers/soc/xilinx/xlnx_event_manager.c | 4 +- drivers/spi/atmel-quadspi.c | 2 +- drivers/spi/spi-fsl-lpspi.c | 14 +- drivers/spi/spi-mpc52xx.c | 1 + drivers/spi/spi-rpc-if.c | 14 +- drivers/spi/spi-tegra210-quad.c | 2 +- drivers/spi/spi-zynqmp-gqspi.c | 2 + drivers/spi/spi.c | 13 +- drivers/staging/media/atomisp/pci/sh_css_params.c | 2 + .../intel/int340x_thermal/int3400_thermal.c | 2 +- drivers/thermal/thermal_core.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 5 +- drivers/tty/serial/8250/8250_fintek.c | 14 +- drivers/tty/serial/8250/8250_omap.c | 4 +- drivers/tty/serial/amba-pl011.c | 79 +- drivers/tty/serial/sc16is7xx.c | 5 + drivers/tty/tty_ldisc.c | 2 +- drivers/ufs/core/ufs-sysfs.c | 6 + drivers/ufs/core/ufshcd.c | 11 +- drivers/ufs/host/ufs-exynos.c | 16 +- drivers/ufs/host/ufs-renesas.c | 9 +- drivers/usb/chipidea/udc.c | 2 +- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/ep0.c | 7 +- drivers/usb/dwc3/gadget.c | 104 +- drivers/usb/dwc3/gadget.h | 1 + drivers/usb/gadget/composite.c | 18 +- drivers/usb/host/ehci-spear.c | 7 +- drivers/usb/host/xhci-dbgcap.c | 135 +- drivers/usb/host/xhci-dbgcap.h | 2 +- drivers/usb/host/xhci-ring.c | 18 +- drivers/usb/misc/chaoskey.c | 35 +- drivers/usb/misc/iowarrior.c | 50 +- drivers/usb/misc/yurex.c | 5 +- drivers/usb/musb/musb_gadget.c | 13 +- drivers/usb/typec/tcpm/wcove.c | 4 - drivers/vdpa/mlx5/core/mr.c | 4 +- drivers/vfio/pci/mlx5/cmd.c | 47 +- drivers/vfio/pci/vfio_pci_config.c | 16 +- drivers/video/fbdev/efifb.c | 11 +- drivers/video/fbdev/sh7760fb.c | 11 +- drivers/watchdog/apple_wdt.c | 2 +- drivers/watchdog/iTCO_wdt.c | 21 +- drivers/watchdog/mtk_wdt.c | 6 + drivers/watchdog/rti_wdt.c | 3 +- drivers/xen/xenbus/xenbus_probe.c | 8 +- fs/btrfs/ctree.c | 10 +- fs/btrfs/ctree.h | 2 - fs/btrfs/extent-tree.c | 3 +- fs/btrfs/inode.c | 14 +- fs/btrfs/ioctl.c | 36 +- fs/btrfs/ref-verify.c | 1 + fs/btrfs/root-tree.c | 10 - fs/btrfs/volumes.c | 42 +- fs/cachefiles/ondemand.c | 4 +- fs/ceph/super.c | 10 +- fs/eventpoll.c | 6 +- fs/exfat/namei.c | 1 + fs/ext4/ext4.h | 1 + fs/ext4/fsmap.c | 54 +- fs/ext4/mballoc.c | 18 +- fs/ext4/mballoc.h | 1 + fs/ext4/super.c | 33 +- fs/f2fs/file.c | 8 +- fs/f2fs/gc.c | 2 + fs/f2fs/inode.c | 4 +- fs/f2fs/segment.c | 74 +- fs/f2fs/segment.h | 41 +- fs/fscache/volume.c | 3 +- fs/hfsplus/hfsplus_fs.h | 3 +- fs/hfsplus/wrapper.c | 2 + fs/inode.c | 10 +- fs/jffs2/compr_rtime.c | 3 + fs/jffs2/erase.c | 7 +- fs/jfs/jfs_dmap.c | 6 + fs/jfs/jfs_dtree.c | 15 + fs/jfs/xattr.c | 2 +- fs/nfs/internal.h | 2 +- fs/nfs/nfs4proc.c | 8 +- fs/nfsd/export.c | 5 +- fs/nfsd/nfs4callback.c | 16 +- fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4recover.c | 3 +- fs/nfsd/nfs4state.c | 19 + fs/nilfs2/dir.c | 2 +- fs/notify/fsnotify.c | 23 +- fs/ntfs3/record.c | 32 +- fs/ocfs2/aops.h | 2 + fs/ocfs2/dlmglue.c | 1 + fs/ocfs2/file.c | 4 + fs/ocfs2/localalloc.c | 19 - fs/ocfs2/namei.c | 4 +- fs/overlayfs/inode.c | 7 +- fs/overlayfs/util.c | 3 + fs/proc/kcore.c | 11 +- fs/proc/softirqs.c | 2 +- fs/quota/dquot.c | 2 + fs/smb/client/cached_dir.c | 2 +- fs/smb/client/cifssmb.c | 2 +- fs/smb/client/smb2ops.c | 8 +- fs/smb/server/smb2pdu.c | 6 + fs/ubifs/super.c | 6 +- fs/ubifs/tnc_commit.c | 2 + fs/udf/inode.c | 46 +- fs/unicode/mkutf8data.c | 70 + fs/unicode/utf8-core.c | 2 +- fs/unicode/utf8data.c_shipped | 6703 ++++++++++---------- fs/xfs/libxfs/xfs_sb.c | 7 - fs/xfs/xfs_log_recover.c | 5 +- include/drm/display/drm_dp_mst_helper.h | 7 + include/drm/ttm/ttm_tt.h | 7 + include/linux/arm-smccc.h | 30 +- include/linux/blkdev.h | 2 +- include/linux/bpf.h | 7 +- include/linux/cache.h | 6 + include/linux/crypto.h | 1 + include/linux/devfreq.h | 7 +- include/linux/dma-mapping.h | 5 +- include/linux/eeprom_93cx6.h | 11 + include/linux/eventpoll.h | 2 +- include/linux/fpga/fpga-bridge.h | 10 +- include/linux/fpga/fpga-mgr.h | 26 +- include/linux/fwnode.h | 2 + include/linux/hisi_acc_qm.h | 8 +- include/linux/i3c/master.h | 35 +- include/linux/jiffies.h | 2 +- include/linux/leds.h | 2 +- include/linux/lockdep.h | 2 +- include/linux/mmc/card.h | 1 + include/linux/netdevice.h | 30 +- include/linux/netpoll.h | 2 +- include/linux/pci-epc.h | 2 + include/linux/pci.h | 6 + include/linux/property.h | 20 +- include/linux/rbtree_latch.h | 2 +- include/linux/scatterlist.h | 2 +- include/linux/seqlock.h | 107 +- include/linux/slab.h | 14 +- include/linux/sock_diag.h | 10 +- include/linux/util_macros.h | 56 +- include/media/v4l2-dv-timings.h | 18 +- include/memory/renesas-rpc-if.h | 18 +- include/net/bluetooth/hci_sync.h | 12 + include/net/sock.h | 2 +- include/trace/trace_events.h | 36 +- include/uapi/linux/rtnetlink.h | 2 +- include/ufs/ufshcd.h | 19 +- init/initramfs.c | 15 + io_uring/io_uring.c | 12 +- io_uring/tctx.c | 13 +- ipc/namespace.c | 4 +- kernel/bpf/devmap.c | 6 +- kernel/bpf/helpers.c | 6 +- kernel/bpf/lpm_trie.c | 55 +- kernel/bpf/syscall.c | 3 +- kernel/bpf/verifier.c | 41 +- kernel/cgroup/cgroup.c | 21 +- kernel/dma/debug.c | 8 +- kernel/kcsan/debugfs.c | 74 +- kernel/printk/printk.c | 2 +- kernel/rcu/tasks.h | 82 +- kernel/sched/core.c | 4 +- kernel/sched/fair.c | 2 +- kernel/time/ntp.c | 2 +- kernel/time/sched_clock.c | 2 +- kernel/time/time.c | 2 +- kernel/time/timekeeping.c | 4 +- kernel/trace/bpf_trace.c | 6 +- kernel/trace/ftrace.c | 3 + kernel/trace/trace_clock.c | 2 +- kernel/trace/trace_eprobe.c | 5 + kernel/trace/trace_event_perf.c | 6 + kernel/trace/trace_syscalls.c | 12 + kernel/trace/tracing_map.c | 6 +- lib/maple_tree.c | 13 +- lib/stackinit_kunit.c | 1 + lib/string_helpers.c | 2 +- mm/damon/vaddr-test.h | 1 + mm/damon/vaddr.c | 4 +- mm/kasan/report.c | 65 +- mm/mmap.c | 4 + mm/page_alloc.c | 15 + mm/swap.c | 20 - mm/vmstat.c | 1 + net/9p/trans_xen.c | 9 +- net/bluetooth/hci_core.c | 13 +- net/bluetooth/hci_sync.c | 132 +- net/bluetooth/hci_sysfs.c | 15 +- net/bluetooth/l2cap_sock.c | 1 + net/bluetooth/mgmt.c | 61 +- net/bluetooth/rfcomm/sock.c | 20 +- net/can/af_can.c | 1 + net/can/j1939/transport.c | 2 +- net/core/dev.c | 61 +- net/core/filter.c | 95 +- net/core/gen_estimator.c | 2 +- net/core/neighbour.c | 1 + net/core/netpoll.c | 2 +- net/core/rtnetlink.c | 2 +- net/core/skmsg.c | 4 +- net/core/sock_diag.c | 114 +- net/dccp/feat.c | 6 +- net/ethtool/bitset.c | 48 +- net/hsr/hsr_device.c | 4 +- net/hsr/hsr_forward.c | 2 + net/ieee802154/socket.c | 12 +- net/ipv4/af_inet.c | 22 +- net/ipv4/cipso_ipv4.c | 2 +- net/ipv4/inet_connection_sock.c | 2 +- net/ipv4/inet_diag.c | 11 +- net/ipv4/ip_output.c | 13 +- net/ipv4/ipmr.c | 44 +- net/ipv4/ipmr_base.c | 3 +- net/ipv4/tcp.c | 2 +- net/ipv4/tcp_bpf.c | 18 +- net/ipv4/tcp_fastopen.c | 7 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 41 +- net/ipv6/af_inet6.c | 24 +- net/ipv6/ip6_fib.c | 2 +- net/ipv6/ip6_output.c | 13 +- net/ipv6/ip6mr.c | 40 +- net/ipv6/ipv6_sockglue.c | 3 +- net/ipv6/route.c | 16 +- net/iucv/af_iucv.c | 26 +- net/llc/af_llc.c | 2 +- net/mac80211/main.c | 2 + net/mptcp/protocol.c | 4 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 7 +- net/netfilter/ipset/ip_set_core.c | 5 + net/netfilter/ipvs/ip_vs_proto.c | 4 +- net/netfilter/nf_tables_api.c | 19 +- net/netfilter/nft_set_hash.c | 16 + net/netfilter/nft_socket.c | 2 +- net/netfilter/xt_LED.c | 4 +- net/netlink/diag.c | 1 + net/packet/af_packet.c | 12 +- net/packet/diag.c | 1 + net/rfkill/rfkill-gpio.c | 8 +- net/rxrpc/af_rxrpc.c | 7 +- net/sched/act_api.c | 2 +- net/sched/cls_flower.c | 5 +- net/sched/sch_cbs.c | 2 +- net/sched/sch_tbf.c | 18 +- net/smc/af_smc.c | 2 + net/smc/smc_diag.c | 1 + net/sunrpc/cache.c | 4 +- net/sunrpc/xprtrdma/svc_rdma.c | 40 +- net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +- net/sunrpc/xprtsock.c | 1 + net/tipc/diag.c | 1 + net/tipc/udp_media.c | 2 +- net/unix/diag.c | 1 + net/vmw_vsock/diag.c | 1 + net/xdp/xsk_buff_pool.c | 5 +- net/xdp/xsk_diag.c | 1 + net/xdp/xskmap.c | 2 +- samples/bpf/test_cgrp2_sock.c | 4 +- samples/bpf/xdp_adjust_tail_kern.c | 1 + scripts/mod/file2alias.c | 5 +- scripts/mod/modpost.c | 4 +- security/apparmor/capability.c | 2 + security/apparmor/policy_unpack_test.c | 6 + sound/core/pcm_native.c | 6 +- sound/hda/intel-dsp-config.c | 4 + sound/pci/hda/patch_realtek.c | 157 +- sound/soc/amd/yc/acp6x-mach.c | 39 +- sound/soc/codecs/da7219.c | 9 +- sound/soc/codecs/hdmi-codec.c | 144 +- sound/soc/fsl/fsl_micfil.c | 4 +- sound/soc/generic/audio-graph-card2.c | 3 + sound/soc/intel/atom/sst/sst_acpi.c | 64 +- sound/soc/intel/avs/pcm.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 48 +- sound/soc/stm/stm32_sai_sub.c | 6 +- sound/usb/6fire/chip.c | 10 +- sound/usb/caiaq/audio.c | 10 +- sound/usb/caiaq/audio.h | 1 + sound/usb/caiaq/device.c | 19 +- sound/usb/caiaq/input.c | 12 +- sound/usb/caiaq/input.h | 1 + sound/usb/clock.c | 24 +- sound/usb/endpoint.c | 14 +- sound/usb/mixer.c | 58 +- sound/usb/mixer_maps.c | 10 + sound/usb/quirks-table.h | 14 +- sound/usb/quirks.c | 58 +- sound/usb/usbaudio.h | 4 + sound/usb/usx2y/us122l.c | 5 +- sound/usb/usx2y/usbusx2y.c | 2 +- tools/bpf/bpftool/jit_disasm.c | 51 +- tools/bpf/bpftool/main.h | 25 +- tools/bpf/bpftool/map.c | 1 - tools/bpf/bpftool/prog.c | 22 +- tools/lib/bpf/libbpf.c | 4 +- tools/lib/bpf/linker.c | 2 + tools/lib/thermal/Makefile | 4 +- tools/lib/thermal/commands.c | 52 +- tools/perf/builtin-ftrace.c | 2 +- tools/perf/builtin-stat.c | 52 +- tools/perf/builtin-trace.c | 16 +- tools/perf/util/cs-etm.c | 25 +- tools/perf/util/evlist.c | 19 +- tools/perf/util/evlist.h | 1 + tools/perf/util/probe-finder.c | 21 +- tools/perf/util/probe-finder.h | 4 +- tools/scripts/Makefile.arch | 4 +- .../selftests/arm64/mte/check_tags_inclusion.c | 4 +- .../testing/selftests/arm64/mte/mte_common_util.c | 4 +- tools/testing/selftests/arm64/pauth/pac.c | 3 + tools/testing/selftests/bpf/network_helpers.h | 44 + tools/testing/selftests/bpf/test_progs.c | 9 +- tools/testing/selftests/bpf/test_sockmap.c | 165 +- .../selftests/mount_setattr/mount_setattr_test.c | 2 +- tools/testing/selftests/net/pmtu.sh | 2 +- tools/testing/selftests/resctrl/resctrl_val.c | 3 +- tools/testing/selftests/vDSO/parse_vdso.c | 3 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + tools/testing/selftests/wireguard/netns.sh | 1 + tools/tracing/rtla/src/utils.c | 4 +- tools/tracing/rtla/src/utils.h | 2 + tools/verification/dot2/automata.py | 18 +- 773 files changed, 11354 insertions(+), 7074 deletions(-)

6 months

8
7
0 0

[PATCH 5.4 000/316] 5.4.287-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.287 release. There are 316 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 15 Dec 2024 14:57:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.287-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.287-rc2 John Fastabend <john.fastabend(a)gmail.com> bpf, xdp: Update devmap comments to reflect napi/rcu usage Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix out of bounds reads when finding clock sources Damien Le Moal <dlemoal(a)kernel.org> PCI: rockchip-ep: Fix address translation unit programming Zhang Zekun <zhangzekun11(a)huawei.com> Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" Thomas Gleixner <tglx(a)linutronix.de> modpost: Add .irqentry.text to OTHER_SECTIONS Heming Zhao <heming.zhao(a)suse.com> ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" Richard Weinberger <richard(a)nod.at> jffs2: Fix rtime decompressor Kinsey Moore <kinsey.moore(a)oarcorp.com> jffs2: Prevent rtime decompress memory corruption Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Jing Zhang <jingzhangos(a)google.com> KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix buffer full but size is 0 case Linus Torvalds <torvalds(a)linux-foundation.org> Revert "unicode: Don't special case ignorable code points" Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> bpf: fix OOB devmap writes when deleting elements Björn Töpel <bjorn.topel(a)intel.com> xdp: Simplify devmap cleanup Parker Newman <pnewman(a)connecttech.com> misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle Michael Ellerman <mpe(a)ellerman.id.au> powerpc/prom_init: Fixup missing powermac #size-cells Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: handle USB Error Interrupt if IOC not set Defa Li <defa.li(a)mediatek.com> i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock Mengyuan Lou <mengyuanlou(a)net-swift.com> PCI: Add ACS quirk for Wangxun FF5xxx NICs Keith Busch <kbusch(a)kernel.org> PCI: Add 'reset_subordinate' to reset hierarchy below bridge Qi Han <hanqi(a)vivo.com> f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. Yi Yang <yiyang13(a)huawei.com> nvdimm: rectify the illogical code within nd_dax_probe() Barnabás Czémán <barnabas.czeman(a)mainlining.org> pinctrl: qcom-pmic-gpio: add support for PM8937 Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Don't modify unknown block number in MTIOCGET Mukesh Ojha <quic_mojha(a)quicinc.com> leds: class: Protect brightness_show() with led_cdev->led_access mutex Uros Bizjak <ubizjak(a)gmail.com> tracing: Use atomic64_inc_return() in trace_clock_counter() Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in __netpoll_setup Jakub Kicinski <kuba(a)kernel.org> net/neighbor: clear error in case strict check is not set Dmitry Antipov <dmantipov(a)yandex.ru> rocker: fix link status detection in rocker_carrier_init() Jonas Karlman <jonas(a)kwiboo.se> ASoC: hdmi-codec: reorder channel allocation list Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables Norbert van Bolhuis <nvbolhuis(a)gmail.com> wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> wifi: ipw2x00: libipw_rx_any(): fix bad alignment Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: set the right AMDGPU sg segment limitation Nihar Chaithanya <niharchaithanya(a)gmail.com> jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: fix array-index-out-of-bounds in jfs_readdir Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: fix shift-out-of-bounds in dbSplit Ghanshyam Agrawal <ghanshyam1898(a)gmail.com> jfs: array-index-out-of-bounds fix in dtReadFirst Rosen Penev <rosenp(a)gmail.com> wifi: ath5k: add PCI ID for Arcadyan devices Rosen Penev <rosenp(a)gmail.com> wifi: ath5k: add PCI ID for SX76X Ignat Korchagin <ignat(a)cloudflare.com> net: inet6: do not leave a dangling sk pointer in inet6_create() Ignat Korchagin <ignat(a)cloudflare.com> net: inet: do not leave a dangling sk pointer in inet_create() Ignat Korchagin <ignat(a)cloudflare.com> net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() Ignat Korchagin <ignat(a)cloudflare.com> net: af_can: do not leave a dangling sk pointer in can_create() Ignat Korchagin <ignat(a)cloudflare.com> Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() Ignat Korchagin <ignat(a)cloudflare.com> af_packet: avoid erroring out after sock_init_data() in packet_create() Elena Salomatkina <esalomatkina(a)ispras.ru> net/sched: cbs: Fix integer overflow in cbs_set_port_rate() Simon Horman <horms(a)kernel.org> net: ethernet: fs_enet: Use %pa to format resource_size_t Simon Horman <horms(a)kernel.org> net: fec_mpc52xx_phy: Use %pa to format resource_size_t Zhu Jun <zhujun2(a)cmss.chinamobile.com> samples/bpf: Fix a resource leak Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() Liao Chen <liaochen4(a)huawei.com> drm/mcde: Enable module autoloading Joaquín Ignacio Aramendía <samsagax(a)gmail.com> drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model Rohan Barar <rohan.barar(a)gmail.com> media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 David Given <dg(a)cowlark.com> media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Handle CPU hotplug remove during sampling Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Further prevent card detect during shutdown Cosmin Tanislav <demonsingur(a)gmail.com> regmap: detach regmap from dev on regmap_exit Christian König <christian.koenig(a)amd.com> dma-buf: fix dma_fence_array_signaled v4 Liequan Che <cheliequan(a)inspur.com> bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt Anil Gurumurthy <agurumurthy(a)marvell.com> scsi: qla2xxx: Supported speed displayed incorrectly for VPorts Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix NVMe and NPIV connect issue Wengang Wang <wen.gang.wang(a)oracle.com> ocfs2: update seq_file index in ocfs2_dlm_seq_next Kuan-Wei Chiu <visitorckw(a)gmail.com> tracing: Fix cmp_entries_dup() to respect sort() comparison rules WangYuli <wangyuli(a)uniontech.com> HID: wacom: fix when get product name maybe null pointer Hou Tao <houtao1(a)huawei.com> bpf: Fix exact match conditions in trie_get_next_key() Hou Tao <houtao1(a)huawei.com> bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> ocfs2: free inode when ocfs2_get_init_inode() fails Pei Xiao <xiaopei01(a)kylinos.cn> spi: mpc52xx: Add cancel_work_sync before module remove Zijian Zhang <zijianzhang(a)bytedance.com> tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg Pei Xiao <xiaopei01(a)kylinos.cn> drm/sti: Add __iomem for mixer_dbg_mxn's parameter Charles Han <hanchunchao(a)inspur.com> gpio: grgpio: Add NULL check in grgpio_probe Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: grgpio: use a helper variable to store the address of ofdev->dev Eric Biggers <ebiggers(a)google.com> crypto: x86/aegis128 - access 32-bit arguments as 32-bit Jiri Slaby <jslaby(a)suse.cz> x86/asm: Reorder early variables Qiu-ji Chen <chenqiuji666(a)gmail.com> xen: Fix the issue of resource not being properly released in xenbus_dev_probe() Juergen Gross <jgross(a)suse.com> xen/xenbus: fix locking SeongJae Park <sjpark(a)amazon.de> xenbus/backend: Protect xenbus callback with lock SeongJae Park <sjpark(a)amazon.de> xenbus/backend: Add memory pressure handler callback Paul Durrant <pdurrant(a)amazon.com> xen/xenbus: reference count registered modules Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_hash: skip duplicated elements pending gc run Phil Sutter <phil(a)nwl.cc> netfilter: ipset: Hold module reference while requesting a module Yuan Can <yuancan(a)huawei.com> igb: Fix potential invalid memory access in igb_init_module() Louis Leseur <louis.leseur(a)gmail.com> net/qed: allow old cards not supporting "num_images" to work Kuniyuki Iwashima <kuniyu(a)amazon.com> tipc: Fix use-after-free of kernel socket in cleanup_bearer(). Tuong Lien <tuong.t.lien(a)dektech.com.au> tipc: add new AEAD key structure for user API Tuong Lien <tuong.t.lien(a)dektech.com.au> tipc: enable creating a "preliminary" node Tuong Lien <tuong.t.lien(a)dektech.com.au> tipc: add reference counter to bearer Ivan Solodovnikov <solodovnikov.ia(a)phystech.edu> dccp: Fix memory leak in dccp_feat_change_recv Jiri Wiesner <jwiesner(a)suse.de> net/ipv6: release expired exception dst cached in socket Dmitry Antipov <dmantipov(a)yandex.ru> can: j1939: j1939_session_new(): fix skb reference counting Martin Ottens <martin.ottens(a)fau.de> net/sched: tbf: correct backlog statistic for GSO packets Dmitry Antipov <dmantipov(a)yandex.ru> netfilter: x_tables: fix LED ID check in led_tg_check() Jinghao Jia <jinghao7(a)illinois.edu> ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics Dario Binacchi <dario.binacchi(a)amarulasolutions.com> can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL Yassine Oudjana <y.oudjana(a)protonmail.com> watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() Oleksandr Ocheretnyi <oocheret(a)cisco.com> iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: flush shader L1 cache after user commandstream Yang Erkun <yangerkun(a)huawei.com> nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur Yang Erkun <yangerkun(a)huawei.com> nfsd: make sure exp active before svc_export_show Yuan Can <yuancan(a)huawei.com> dm thin: Add missing destroy_work_on_stack() Frank Li <Frank.Li(a)nxp.com> i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() Alexandru Ardelean <aardelean(a)baylibre.com> util_macros.h: fix/rework find_closest() macros Zicheng Qu <quzicheng(a)huawei.com> ad7780: fix division by zero in ad7780_write_raw() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-qcs404: fix initial rate of GPLL3 guoweikang <guoweikang.kernel(a)gmail.com> ftrace: Fix regression with module command in stack_trace_filter Vasiliy Kovalev <kovalev(a)altlinux.org> ovl: Filter invalid inodes with missing lookup function Gaosheng Cui <cuigaosheng1(a)huawei.com> media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() Jinjie Ruan <ruanjinjie(a)huawei.com> media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() Jinjie Ruan <ruanjinjie(a)huawei.com> media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled Li Zetao <lizetao1(a)huawei.com> media: ts2020: fix null-ptr-deref in ts2020_probe() Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: tc358743: Fix crash in the probe error path when using polling Filipe Manana <fdmanana(a)suse.com> btrfs: ref-verify: fix use-after-free after invalid ref action Ojaswin Mujoo <ojaswin(a)linux.ibm.com> quota: flush quota_release_work upon quota writeback Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_micfil: fix the naming style for mask definition Dan Carpenter <dan.carpenter(a)linaro.org> sh: intc: Fix use-after-free bug in register_intc_controller() Liu Jian <liujian56(a)huawei.com> sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE Calum Mackay <calum.mackay(a)oracle.com> SUNRPC: correct error code comment in xs_tcp_setup_socket() Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove incorrect code in do_eisa_entry() Maxime Chevallier <maxime.chevallier(a)bootlin.com> rtc: ab-eoz9: don't fail temperature reads on undervoltage notification Alex Zenla <alex(a)edera.dev> 9p/xen: fix release of IRQ Alex Zenla <alex(a)edera.dev> 9p/xen: fix init sequence Christoph Hellwig <hch(a)lst.de> block: return unsigned int from bdev_io_min Qingfang Deng <qingfang.deng(a)siflower.com.cn> jffs2: fix use of uninitialized variable Waqar Hameed <waqar.hameed(a)axis.com> ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix duplicate slab cache names while attaching Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Correct the total block count by deducting journal reservation Yongliang Gao <leonylgao(a)tencent.com> rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Nobuhiro Iwamatsu <iwamatsu(a)nigauri.org> rtc: abx80x: Fix WDT bit position of the status register Jinjie Ruan <ruanjinjie(a)huawei.com> rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.0: Fix a use-after-free problem in the asynchronous open() Tiwei Bie <tiwei.btw(a)antgroup.com> um: Always dump trace for specified task in show_stack Johannes Berg <johannes.berg(a)intel.com> um: Clean up stacktrace dump Dmitry Safonov <0x7f454c46(a)gmail.com> um: add show_stack_loglvl() Dmitry Safonov <0x7f454c46(a)gmail.com> um/sysrq: remove needless variable sp Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the return value of elf_core_copy_task_fpregs Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix potential integer overflow during physmem setup Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Propagate TX failures in intentless mode as well Yang Erkun <yangerkun(a)huawei.com> SUNRPC: make sure cache entry active before cache_show Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent a potential integer overflow Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> lib: string_helpers: silence snprintf() output truncation warning Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix checking for number of TRBs left Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Apply quirk for Medion E15433 Dinesh Kumar <desikumar81(a)gmail.com> ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Set PCBeep to default value for ALC274 Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC225 depop procedure Qiu-ji Chen <chenqiuji666(a)gmail.com> media: wl128x: Fix atomicity violation in fmc_send_cmd() Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Muchun Song <songmuchun(a)bytedance.com> block: fix ordering between checking BLK_MQ_S_STOPPED request adding Will Deacon <will(a)kernel.org> arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Huacai Chen <chenhuacai(a)loongson.cn> sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Do not use drvdata in release Bin Liu <b-liu(a)ti.com> serial: 8250: omap: Move pm_runtime_get_sync Tiwei Bie <tiwei.btw(a)antgroup.com> um: net: Do not use drvdata in release Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Do not use drvdata in release Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: wl: Put source PEB into correct list if trying locking LEB failed Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> spi: Fix acpi deferred irq probe Jeongjun Park <aha310510(a)gmail.com> netfilter: ipset: add missing range check in bitmap_ip_uadt Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Michal Vrastil <michal.vrastil(a)hidglobal.com> Revert "usb: gadget: composite: fix OS descriptors w_value logic" Andrej Shadura <andrew.shadura(a)collabora.co.uk> Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Jann Horn <jannh(a)google.com> comedi: Flush partial mappings in error case Lukas Wunner <lukas(a)wunner.de> PCI: Fix use-after-free of slot->bus on hot remove Qiu-ji Chen <chenqiuji666(a)gmail.com> ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Artem Sadovnikov <ancowi69(a)gmail.com> jfs: xattr: check invalid xattr size more strictly Theodore Ts'o <tytso(a)mit.edu> ext4: fix FS_IOC_GETFSMAP handling Jeongjun Park <aha310510(a)gmail.com> ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Benoît Sevens <bsevens(a)google.com> ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() Waiman Long <longman(a)redhat.com> cgroup: Move rcu_head up near the top of cgroup_root Yafang Shao <laoar.shao(a)gmail.com> cgroup: Make operations on the cgroup root_list RCU safe Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-spear: fix call balance of sehci clk handling routines chao liu <liuzgyid(a)outlook.com> apparmor: fix 'Do simple duplicate message elimination' Johan Hovold <johan(a)kernel.org> staging: greybus: uart: clean up TIOCGSERIAL Jinjie Ruan <ruanjinjie(a)huawei.com> misc: apds990x: Fix missing pm_runtime_disable() Edward Adam Davis <eadavis(a)qq.com> USB: chaoskey: Fix possible deadlock chaoskey_list_lock Oliver Neukum <oneukum(a)suse.com> USB: chaoskey: fail open after removal Oliver Neukum <oneukum(a)suse.com> usb: yurex: make waiting on yurex_write interruptible Jeongjun Park <aha310510(a)gmail.com> usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Paolo Abeni <pabeni(a)redhat.com> ipmr: fix tables suspicious RCU usage Eric Dumazet <edumazet(a)google.com> ipmr: convert /proc handlers to rcu_read_lock() Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Vitalii Mordan <mordan(a)ispras.ru> marvell: pxa168_eth: fix call balance of pep->clk handling routines Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Pavan Chebbi <pavan.chebbi(a)broadcom.com> tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Bart Van Assche <bvanassche(a)acm.org> power: supply: core: Remove might_sleep() from power_supply_put() Avihai Horon <avihaih(a)nvidia.com> vfio/pci: Properly hide first-in-list PCIe extended capability Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_shutdown_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Jonathan Marek <jonathan(a)marek.ca> rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Fix GLINK command prefix Arun Kumar Neelakantam <aneela(a)codeaurora.org> rpmsg: glink: Send READ_NOTIFY command in FIFO full case Arun Kumar Neelakantam <aneela(a)codeaurora.org> rpmsg: glink: Add TX_DATA_CONT command while sending Benjamin Peterson <benjamin(a)engflow.com> perf trace: Avoid garbage when not printing a syscall's arguments Benjamin Peterson <benjamin(a)engflow.com> perf trace: Do not lose last events in a race Antonio Quartulli <antonio(a)mandelbit.com> m68k: coldfire/device.c: only build FEC when HW macros are defined Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: cpqphp: Fix PCIBIOS_* return value confusion weiyufeng <weiyufeng(a)kylinos.cn> PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads Leo Yan <leo.yan(a)arm.com> perf probe: Correct demangled symbols in C++ program James Clark <james.clark(a)linaro.org> perf cs-etm: Don't flush when packet_queue fills up Nuno Sa <nuno.sa(a)analog.com> clk: clk-axi-clkgen: make sure to enable the AXI bus clock Alexandru Ardelean <alexandru.ardelean(a)analog.com> clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand Nuno Sa <nuno.sa(a)analog.com> dt-bindings: clock: axi-clkgen: include AXI clk Alexandru Ardelean <alexandru.ardelean(a)analog.com> dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format Zhen Lei <thunder.leizhen(a)huawei.com> fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/sh7760fb: Alloc DMA memory from hardware device Michal Suchanek <msuchanek(a)suse.de> powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix uninitialized value in ocfs2_file_read_iter() Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Zeng Heng <zengheng4(a)huawei.com> scsi: fusion: Remove unused variable 'rc' Ye Bin <yebin10(a)huawei.com> scsi: bfa: Fix use-after-free in bfad_im_module_exit() Zhang Changzhong <zhangchangzhong(a)huawei.com> mfd: rt5033: Fix missing regmap_del_irq_chip() Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: atmel: Fix possible memory leak Yuan Can <yuancan(a)huawei.com> cpufreq: loongson2: Unregister platform_driver on failure Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use dev_err_probe() Marcus Folkesson <marcus.folkesson(a)gmail.com> mfd: da9052-spi: Change read-mask to write-mask Jinjie Ruan <ruanjinjie(a)huawei.com> mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Flag VDSO64 entry points as functions Levi Yun <yeoreum.yun(a)arm.com> trace/trace_event_perf: remove duplicate samples on the first tracepoint event Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in netpoll_poll_lock Takashi Iwai <tiwai(a)suse.de> ALSA: 6fire: Release resources at card release Takashi Iwai <tiwai(a)suse.de> ALSA: caiaq: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: us122l: Use snd_card_free_when_closed() at disconnection Mingwei Zheng <zmw12306(a)gmail.com> net: rfkill: gpio: Add check for clk_enable() Paolo Abeni <pabeni(a)redhat.com> selftests: net: really check for bg process completion Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Fix sk_msg_reset_curr Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_pop_data Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_push_data Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: hold GPU lock across perfmon sampling Doug Brown <doug(a)schmorgal.com> drm/etnaviv: fix power register offset on GC300 Marc Kleine-Budde <mkl(a)pengutronix.de> drm/etnaviv: dump: fix sparse warnings Jinjie Ruan <ruanjinjie(a)huawei.com> drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() Steven Price <steven.price(a)arm.com> drm/panfrost: Remove unused id_mask from struct panfrost_model Alper Nebi Yasak <alpernebiyasak(a)gmail.com> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Yuan Chen <chenyuan(a)kylinos.cn> bpf: Fix the xdp_adjust_tail sample prog issue Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_micfil: fix regmap_write_bits usage Sascha Hauer <s.hauer(a)pengutronix.de> ASoC: fsl_micfil: use GENMASK to define register bit fields Sascha Hauer <s.hauer(a)pengutronix.de> ASoC: fsl_micfil: do not define SHIFT/MASK for single bits Sascha Hauer <s.hauer(a)pengutronix.de> ASoC: fsl_micfil: Drop unnecessary register read Igor Prusov <ivprusov(a)salutedevices.com> dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix locking in omap_gem_new_dmabuf() Jeongjun Park <aha310510(a)gmail.com> wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Luo Qiu <luoqiu(a)kylinsec.com.cn> firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> regmap: irq: Set lockdep class for hierarchical IRQ domains Andre Przywara <andre.przywara(a)arm.com> ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Gregory Price <gourry(a)gourry.net> tpm: fix signed/unsigned bug when checking event logs Jerry Snitselaar <jsnitsel(a)redhat.com> efi/tpm: Pass correct address to memblock_reserve Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mmc: mmc_spi: drop buggy snprintf() Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Jinjie Ruan <ruanjinjie(a)huawei.com> soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Miguel Ojeda <ojeda(a)kernel.org> time: Fix references to _msecs_to_jiffies() handling of values Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Chen Ridong <chenridong(a)huawei.com> crypto: bcm - add error check in the ahash_hmac_init function Everest K.C <everestkc(a)everestkc.com.np> crypto: cavium - Fix the if condition to exit loop after timeout Yi Yang <yiyang13(a)huawei.com> crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Priyanka Singh <priyanka.singh(a)nxp.com> EDAC/fsl_ddr: Fix bad bit shift operations David Thompson <davthompson(a)nvidia.com> EDAC/bluefield: Fix potential integer overflow Yuan Can <yuancan(a)huawei.com> firmware: google: Unregister driver_info on failure Arthur Heymans <arthur(a)aheymans.xyz> firmware: google: Unregister driver_info on failure and exit in gsmi Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> hfsplus: don't query the device logical block size multiple times Masahiro Yamada <masahiroy(a)kernel.org> s390/syscalls: Avoid creation of arch/arch/ directory Aleksandr Mishin <amishin(a)t-argos.ru> acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Reinstate early console Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: mvme16x: Add and use "mvme16x.h" Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Fix SCSI controller IRQ numbers Christoph Hellwig <hch(a)lst.de> nvme-pci: fix freeing of the HMB descriptor table David Disseldorp <ddiss(a)suse.de> initramfs: avoid filename buffer overrun Jonas Gorski <jonas.gorski(a)gmail.com> mips: asm: fix warning when disabling MIPS_FP_SUPPORT Josh Poimboeuf <jpoimboe(a)redhat.com> x86/xen/pvh: Annotate indirect branch as safe Puranjay Mohan <pjy(a)amazon.com> nvme: fix metadata handling in nvme-passthrough Chuck Lever <chuck.lever(a)oracle.com> NFSD: Force all NFSv4.2 COPY requests to be synchronous Pali Rohár <pali(a)kernel.org> cifs: Fix buffer overflow when parsing NFS reparse points Breno Leitao <leitao(a)debian.org> ipmr: Fix access to mfc_cache_list without lock held David Wang <00107082(a)163.com> proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() Mikhail Rudenko <mike.rudenko(a)gmail.com> regulator: rk808: Add apply_bit for BUCK3 on RK809 Charles Han <hanchunchao(a)inspur.com> soc: qcom: Add check devm_kasprintf() returned value Benoît Monin <benoit.monin(a)gmx.fr> net: usb: qmi_wwan: add Quectel RG650V Arnd Bergmann <arnd(a)arndb.de> x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Piyush Raj Chouhan <piyushchouhan1598(a)gmail.com> ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 Li Zhijian <lizhijian(a)fujitsu.com> selftests/watchdog-test: Fix system accidentally reset after watchdog-test Ben Greear <greearb(a)candelatech.com> mac80211: fix user-power when emulating chanctx Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Andrew Morton <akpm(a)linux-foundation.org> mm: revert "mm: shmem: fix data-race in shmem_getattr()" Chris Down <chris(a)chrisdown.name> kbuild: Use uname for LINUX_COMPILE_HOST detection Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Aurelien Jarno <aurelien(a)aurel32.net> Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix UBSAN warning in ocfs2_verify_volume() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Sean Christopherson <seanjc(a)google.com> KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: uncache inode which has failed entering the group Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: kTLS, Fix incorrect page refcounting Mark Bloch <mbloch(a)nvidia.com> net/mlx5: fs, lock FTE when checking if active Jakub Kicinski <kuba(a)kernel.org> netlink: terminate outstanding dump on socket close ------------- Diffstat: Documentation/ABI/testing/sysfs-bus-pci | 11 + .../devicetree/bindings/clock/adi,axi-clkgen.yaml | 67 + .../devicetree/bindings/clock/axi-clkgen.txt | 25 - .../devicetree/bindings/vendor-prefixes.yaml | 2 + Makefile | 4 +- arch/arm/boot/dts/sun9i-a80-cubieboard4.dts | 4 +- arch/arm64/kernel/process.c | 2 +- arch/m68k/coldfire/device.c | 8 +- arch/m68k/include/asm/mcfgpio.h | 2 +- arch/m68k/include/asm/mvme147hw.h | 4 +- arch/m68k/kernel/early_printk.c | 9 +- arch/m68k/mvme147/config.c | 30 + arch/m68k/mvme147/mvme147.h | 6 + arch/m68k/mvme16x/config.c | 2 + arch/m68k/mvme16x/mvme16x.h | 6 + arch/mips/include/asm/switch_to.h | 2 +- arch/powerpc/include/asm/sstep.h | 5 - arch/powerpc/include/asm/vdso.h | 1 + arch/powerpc/kernel/prom_init.c | 29 +- arch/powerpc/lib/sstep.c | 12 +- arch/s390/kernel/perf_cpum_sf.c | 4 +- arch/s390/kernel/syscalls/Makefile | 2 +- arch/sh/kernel/cpu/proc.c | 2 +- arch/um/drivers/net_kern.c | 2 +- arch/um/drivers/ubd_kern.c | 2 +- arch/um/drivers/vector_kern.c | 3 +- arch/um/kernel/physmem.c | 6 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/sysrq.c | 24 +- arch/x86/crypto/aegis128-aesni-asm.S | 29 +- arch/x86/events/intel/pt.c | 11 +- arch/x86/events/intel/pt.h | 2 + arch/x86/include/asm/amd_nb.h | 5 +- arch/x86/kernel/head_64.S | 11 +- arch/x86/kvm/vmx/vmx.c | 4 +- arch/x86/platform/pvh/head.S | 2 + block/blk-mq.c | 6 + block/blk-mq.h | 13 + crypto/pcrypt.c | 12 +- drivers/acpi/arm64/gtdt.c | 2 +- drivers/base/regmap/regmap-irq.c | 4 + drivers/base/regmap/regmap.c | 12 + drivers/bluetooth/btusb.c | 2 + drivers/clk/clk-axi-clkgen.c | 26 +- drivers/clk/qcom/gcc-qcs404.c | 1 + drivers/cpufreq/loongson2_cpufreq.c | 4 +- drivers/crypto/bcm/cipher.c | 5 +- drivers/crypto/cavium/cpt/cptpf_main.c | 6 +- drivers/dma-buf/dma-fence-array.c | 28 +- drivers/edac/bluefield_edac.c | 2 +- drivers/edac/fsl_ddr_edac.c | 22 +- drivers/firmware/arm_scpi.c | 3 + drivers/firmware/efi/tpm.c | 19 +- drivers/firmware/google/gsmi.c | 10 +- drivers/gpio/gpio-grgpio.c | 26 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/drm_mm.c | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 3 +- drivers/gpu/drm/etnaviv/etnaviv_dump.c | 13 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 40 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.h | 21 + drivers/gpu/drm/imx/ipuv3-crtc.c | 6 +- drivers/gpu/drm/mcde/mcde_drv.c | 1 + drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 +- drivers/gpu/drm/omapdrm/omap_gem.c | 10 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 - drivers/gpu/drm/radeon/r600_cs.c | 2 +- drivers/gpu/drm/sti/sti_mixer.c | 2 +- drivers/hid/wacom_sys.c | 3 +- drivers/hid/wacom_wac.c | 4 +- drivers/i3c/master.c | 5 +- drivers/iio/adc/ad7780.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/leds/led-class.c | 14 +- drivers/md/bcache/super.c | 2 +- drivers/md/dm-thin.c | 1 + drivers/media/dvb-core/dvbdev.c | 15 +- drivers/media/dvb-frontends/ts2020.c | 8 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/platform/qcom/venus/core.c | 2 +- drivers/media/radio/wl128x/fmdrv_common.c | 3 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 2 + drivers/media/usb/gspca/ov534.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 11 + drivers/message/fusion/mptsas.c | 4 +- drivers/mfd/da9052-spi.c | 2 +- drivers/mfd/intel_soc_pmic_bxtwc.c | 208 +- drivers/mfd/rt5033.c | 4 +- drivers/mfd/tps65010.c | 8 +- drivers/misc/apds990x.c | 12 +- drivers/misc/eeprom/eeprom_93cx6.c | 10 + drivers/mmc/core/bus.c | 2 + drivers/mmc/core/core.c | 3 + drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/mmc_spi.c | 9 +- drivers/mtd/nand/raw/atmel/pmecc.c | 8 +- drivers/mtd/nand/raw/atmel/pmecc.h | 2 - drivers/mtd/ubi/attach.c | 12 +- drivers/mtd/ubi/wl.c | 9 +- drivers/net/can/sun4i_can.c | 22 +- drivers/net/ethernet/broadcom/tg3.c | 3 + drivers/net/ethernet/freescale/fec_mpc52xx_phy.c | 2 +- .../net/ethernet/freescale/fs_enet/mii-bitbang.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 + drivers/net/ethernet/marvell/pxa168_eth.c | 13 +- .../ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 19 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 4 +- drivers/net/ethernet/rocker/rocker_main.c | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 + drivers/net/usb/lan78xx.c | 11 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/ath/ath5k/pci.c | 2 + drivers/net/wireless/ath/ath9k/htc_hst.c | 3 + .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 2 +- drivers/net/wireless/intel/ipw2x00/libipw_rx.c | 8 +- drivers/net/wireless/intersil/p54/p54spi.c | 4 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/main.c | 4 +- drivers/nvdimm/dax_devs.c | 4 +- drivers/nvdimm/nd.h | 7 + drivers/nvme/host/core.c | 7 +- drivers/nvme/host/pci.c | 16 +- drivers/pci/controller/pcie-rockchip-ep.c | 18 +- drivers/pci/controller/pcie-rockchip.h | 4 + drivers/pci/hotplug/cpqphp_pci.c | 19 +- drivers/pci/pci-sysfs.c | 26 + drivers/pci/pci.c | 2 +- drivers/pci/pci.h | 1 + drivers/pci/quirks.c | 15 +- drivers/pci/slot.c | 4 +- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 + drivers/platform/x86/intel_bxtwc_tmu.c | 22 +- drivers/power/avs/smartreflex.c | 4 +- drivers/power/supply/power_supply_core.c | 2 - drivers/regulator/rk808-regulator.c | 2 + drivers/rpmsg/qcom_glink_native.c | 175 +- drivers/rtc/interface.c | 7 +- drivers/rtc/rtc-ab-eoz9.c | 7 - drivers/rtc/rtc-abx80x.c | 2 +- drivers/rtc/rtc-st-lpc.c | 5 +- drivers/scsi/bfa/bfad.c | 3 +- drivers/scsi/qedf/qedf_main.c | 1 + drivers/scsi/qedi/qedi_main.c | 1 + drivers/scsi/qla2xxx/qla_attr.c | 1 + drivers/scsi/qla2xxx/qla_bsg.c | 10 - drivers/scsi/qla2xxx/qla_mid.c | 1 + drivers/scsi/st.c | 31 +- drivers/sh/intc/core.c | 2 +- drivers/soc/qcom/qcom-geni-se.c | 3 +- drivers/soc/qcom/socinfo.c | 8 +- drivers/spi/spi-mpc52xx.c | 1 + drivers/spi/spi.c | 13 +- drivers/staging/comedi/comedi_fops.c | 12 + drivers/staging/greybus/uart.c | 3 - drivers/staging/media/allegro-dvt/allegro-core.c | 4 +- drivers/tty/serial/8250/8250_omap.c | 4 +- drivers/tty/tty_ldisc.c | 2 +- drivers/usb/chipidea/udc.c | 2 +- drivers/usb/dwc3/gadget.c | 9 +- drivers/usb/gadget/composite.c | 18 +- drivers/usb/host/ehci-spear.c | 7 +- drivers/usb/misc/chaoskey.c | 35 +- drivers/usb/misc/iowarrior.c | 50 +- drivers/usb/misc/yurex.c | 5 +- drivers/usb/typec/tcpm/wcove.c | 4 - drivers/vfio/pci/vfio_pci_config.c | 16 +- drivers/video/fbdev/sh7760fb.c | 11 +- drivers/watchdog/iTCO_wdt.c | 21 +- drivers/watchdog/mtk_wdt.c | 6 + drivers/xen/xenbus/xenbus_probe.c | 31 +- drivers/xen/xenbus/xenbus_probe_backend.c | 39 + fs/btrfs/ref-verify.c | 1 + fs/cifs/smb2ops.c | 6 + fs/ext4/fsmap.c | 54 +- fs/ext4/mballoc.c | 18 +- fs/ext4/mballoc.h | 1 + fs/ext4/super.c | 8 +- fs/f2fs/inode.c | 4 +- fs/hfsplus/hfsplus_fs.h | 3 +- fs/hfsplus/wrapper.c | 2 + fs/jffs2/compr_rtime.c | 3 + fs/jffs2/erase.c | 7 +- fs/jfs/jfs_dmap.c | 6 + fs/jfs/jfs_dtree.c | 15 + fs/jfs/xattr.c | 2 +- fs/nfs/nfs4proc.c | 8 +- fs/nfsd/export.c | 5 +- fs/nfsd/nfs4callback.c | 16 +- fs/nfsd/nfs4proc.c | 14 +- fs/nfsd/nfs4recover.c | 3 +- fs/nfsd/nfs4state.c | 19 + fs/nilfs2/btnode.c | 2 - fs/nilfs2/dir.c | 2 +- fs/nilfs2/gcinode.c | 4 +- fs/nilfs2/mdt.c | 1 - fs/nilfs2/page.c | 2 +- fs/ocfs2/aops.h | 2 + fs/ocfs2/dlmglue.c | 1 + fs/ocfs2/file.c | 4 + fs/ocfs2/localalloc.c | 19 - fs/ocfs2/namei.c | 4 +- fs/ocfs2/resize.c | 2 + fs/ocfs2/super.c | 13 +- fs/overlayfs/util.c | 3 + fs/proc/softirqs.c | 2 +- fs/quota/dquot.c | 2 + fs/ubifs/super.c | 6 +- fs/ubifs/tnc_commit.c | 2 + fs/unicode/mkutf8data.c | 70 + fs/unicode/utf8data.h_shipped | 6703 ++++++++++---------- include/linux/blkdev.h | 2 +- include/linux/cgroup-defs.h | 7 +- include/linux/eeprom_93cx6.h | 11 + include/linux/jiffies.h | 2 +- include/linux/leds.h | 2 +- include/linux/netpoll.h | 2 +- include/linux/sunrpc/xprtsock.h | 1 + include/linux/util_macros.h | 56 +- include/uapi/linux/tipc.h | 21 + include/xen/xenbus.h | 3 + init/initramfs.c | 15 + kernel/bpf/devmap.c | 68 +- kernel/bpf/lpm_trie.c | 27 +- kernel/cgroup/cgroup-internal.h | 3 +- kernel/cgroup/cgroup.c | 23 +- kernel/time/time.c | 2 +- kernel/trace/ftrace.c | 3 + kernel/trace/trace_clock.c | 2 +- kernel/trace/trace_event_perf.c | 6 + kernel/trace/tracing_map.c | 6 +- lib/string_helpers.c | 2 +- mm/shmem.c | 2 - net/9p/trans_xen.c | 9 +- net/bluetooth/l2cap_sock.c | 1 + net/bluetooth/rfcomm/sock.c | 10 +- net/can/af_can.c | 1 + net/can/j1939/transport.c | 2 +- net/core/filter.c | 85 +- net/core/neighbour.c | 1 + net/core/netpoll.c | 2 +- net/dccp/feat.c | 6 +- net/ieee802154/socket.c | 12 +- net/ipv4/af_inet.c | 22 +- net/ipv4/ipmr.c | 50 +- net/ipv4/ipmr_base.c | 3 +- net/ipv4/tcp_bpf.c | 11 +- net/ipv6/af_inet6.c | 22 +- net/ipv6/ip6mr.c | 8 +- net/ipv6/route.c | 6 +- net/mac80211/main.c | 2 + net/netfilter/ipset/ip_set_bitmap_ip.c | 7 +- net/netfilter/ipset/ip_set_core.c | 5 + net/netfilter/ipvs/ip_vs_proto.c | 4 +- net/netfilter/nft_set_hash.c | 16 + net/netfilter/xt_LED.c | 4 +- net/netlink/af_netlink.c | 31 +- net/netlink/af_netlink.h | 2 - net/packet/af_packet.c | 12 +- net/rfkill/rfkill-gpio.c | 8 +- net/sched/sch_cbs.c | 2 +- net/sched/sch_tbf.c | 18 +- net/sunrpc/cache.c | 4 +- net/sunrpc/xprtsock.c | 29 +- net/tipc/bearer.c | 14 +- net/tipc/bearer.h | 3 + net/tipc/node.c | 99 +- net/tipc/node.h | 1 + net/tipc/udp_media.c | 2 +- samples/bpf/test_cgrp2_sock.c | 4 +- samples/bpf/xdp_adjust_tail_kern.c | 1 + scripts/mkcompile_h | 2 +- scripts/mod/file2alias.c | 5 +- scripts/mod/modpost.c | 2 +- security/apparmor/capability.c | 2 + sound/pci/hda/patch_realtek.c | 113 +- sound/soc/codecs/da7219.c | 9 +- sound/soc/codecs/hdmi-codec.c | 144 +- sound/soc/fsl/fsl_micfil.c | 74 +- sound/soc/fsl/fsl_micfil.h | 270 +- sound/soc/intel/boards/bytcr_rt5640.c | 15 + sound/soc/stm/stm32_sai_sub.c | 6 +- sound/usb/6fire/chip.c | 10 +- sound/usb/caiaq/audio.c | 10 +- sound/usb/caiaq/audio.h | 1 + sound/usb/caiaq/device.c | 19 +- sound/usb/caiaq/input.c | 12 +- sound/usb/caiaq/input.h | 1 + sound/usb/clock.c | 32 +- sound/usb/quirks.c | 19 +- sound/usb/usx2y/us122l.c | 5 +- tools/perf/builtin-trace.c | 14 +- tools/perf/util/cs-etm.c | 25 +- tools/perf/util/probe-finder.c | 17 +- tools/testing/selftests/net/pmtu.sh | 2 +- tools/testing/selftests/vDSO/parse_vdso.c | 3 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + virt/kvm/arm/vgic/vgic-its.c | 32 +- virt/kvm/arm/vgic/vgic.h | 24 + 302 files changed, 5801 insertions(+), 4763 deletions(-)

6 months

7
6
0 0

patch "iio: adc: ti-ads1119: fix sample size in scan struct for triggered" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ti-ads1119: fix sample size in scan struct for triggered to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 54d394905c92b9ecc65c1f9b2692c8e10716d8e1 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Mon, 2 Dec 2024 20:18:44 +0100 Subject: iio: adc: ti-ads1119: fix sample size in scan struct for triggered buffer This device returns signed, 16-bit samples as stated in its datasheet (see 8.5.2 Data Format). That is in line with the scan_type definition for the IIO_VOLTAGE channel, but 'unsigned int' is being used to read and push the data to userspace. Given that the size of that type depends on the architecture (at least 2 bytes to store values up to 65535, but its actual size is often 4 bytes), use the 's16' type to provide the same structure in all cases. Fixes: a9306887eba4 ("iio: adc: ti-ads1119: Add driver") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Reviewed-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> Link: https://patch.msgid.link/20241202-ti-ads1119_s16_chan-v1-1-fafe3136dc90@gma… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ti-ads1119.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/ti-ads1119.c b/drivers/iio/adc/ti-ads1119.c index 2615a275acb3..c268e27eec12 100644 --- a/drivers/iio/adc/ti-ads1119.c +++ b/drivers/iio/adc/ti-ads1119.c @@ -500,7 +500,7 @@ static irqreturn_t ads1119_trigger_handler(int irq, void *private) struct iio_dev *indio_dev = pf->indio_dev; struct ads1119_state *st = iio_priv(indio_dev); struct { - unsigned int sample; + s16 sample; s64 timestamp __aligned(8); } scan; unsigned int index; -- 2.47.1

6 months

1
0
0 0

patch "iio: inkern: call iio_device_put() only on mapped devices" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: inkern: call iio_device_put() only on mapped devices to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 64f43895b4457532a3cc524ab250b7a30739a1b1 Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Wed, 4 Dec 2024 20:13:42 +0900 Subject: iio: inkern: call iio_device_put() only on mapped devices In the error path of iio_channel_get_all(), iio_device_put() is called on all IIO devices, which can cause a refcount imbalance. Fix this error by calling iio_device_put() only on IIO devices whose refcounts were previously incremented by iio_device_get(). Fixes: 314be14bb893 ("iio: Rename _st_ functions to loose the bit that meant the staging version.") Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Link: https://patch.msgid.link/20241204111342.1246706-1-joe@pf.is.s.u-tokyo.ac.jp Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/inkern.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/inkern.c b/drivers/iio/inkern.c index 136b225b6bc8..9050a59129e6 100644 --- a/drivers/iio/inkern.c +++ b/drivers/iio/inkern.c @@ -500,7 +500,7 @@ struct iio_channel *iio_channel_get_all(struct device *dev) return_ptr(chans); error_free_chans: - for (i = 0; i < nummaps; i++) + for (i = 0; i < mapind; i++) iio_device_put(chans[i].indio_dev); return ERR_PTR(ret); } -- 2.47.1

6 months

1
0
0 0

patch "iio: adc: at91: call input_free_device() on allocated iio_dev" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: at91: call input_free_device() on allocated iio_dev to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From de6a73bad1743e9e81ea5a24c178c67429ff510b Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Sat, 7 Dec 2024 13:30:45 +0900 Subject: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input. Fixes: 84882b060301 ("iio: adc: at91_adc: Add support for touchscreens without TSMR") Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Link: https://patch.msgid.link/20241207043045.1255409-1-joe@pf.is.s.u-tokyo.ac.jp Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/at91_adc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c index a3f0a2321666..5927756b749a 100644 --- a/drivers/iio/adc/at91_adc.c +++ b/drivers/iio/adc/at91_adc.c @@ -979,7 +979,7 @@ static int at91_ts_register(struct iio_dev *idev, return ret; err: - input_free_device(st->ts_input); + input_free_device(input); return ret; } -- 2.47.1

6 months

1
0
0 0

patch "iio: adc: ad7173: fix using shared static info struct" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7173: fix using shared static info struct to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 36a44e05cd807a54e5ffad4b96d0d67f68ad8576 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Wed, 27 Nov 2024 14:01:53 -0600 Subject: iio: adc: ad7173: fix using shared static info struct MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix a possible race condition during driver probe in the ad7173 driver due to using a shared static info struct. If more that one instance of the driver is probed at the same time, some of the info could be overwritten by the other instance, leading to incorrect operation. To fix this, make the static info struct const so that it is read-only and make a copy of the info struct for each instance of the driver that can be modified. Reported-by: Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> Fixes: 76a1e6a42802 ("iio: adc: ad7173: add AD7173 driver") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Tested-by: Guillaume Ranquet <granquet(a)baylibre.com> Link: https://patch.msgid.link/20241127-iio-adc-ad7313-fix-non-const-info-struct-… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7173.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/iio/adc/ad7173.c b/drivers/iio/adc/ad7173.c index 8a0c931ca83a..8b03c1e5567e 100644 --- a/drivers/iio/adc/ad7173.c +++ b/drivers/iio/adc/ad7173.c @@ -200,6 +200,7 @@ struct ad7173_channel { struct ad7173_state { struct ad_sigma_delta sd; + struct ad_sigma_delta_info sigma_delta_info; const struct ad7173_device_info *info; struct ad7173_channel *channels; struct regulator_bulk_data regulators[3]; @@ -753,7 +754,7 @@ static int ad7173_disable_one(struct ad_sigma_delta *sd, unsigned int chan) return ad_sd_write_reg(sd, AD7173_REG_CH(chan), 2, 0); } -static struct ad_sigma_delta_info ad7173_sigma_delta_info = { +static const struct ad_sigma_delta_info ad7173_sigma_delta_info = { .set_channel = ad7173_set_channel, .append_status = ad7173_append_status, .disable_all = ad7173_disable_all, @@ -1403,7 +1404,7 @@ static int ad7173_fw_parse_device_config(struct iio_dev *indio_dev) if (ret < 0) return dev_err_probe(dev, ret, "Interrupt 'rdy' is required\n"); - ad7173_sigma_delta_info.irq_line = ret; + st->sigma_delta_info.irq_line = ret; return ad7173_fw_parse_channel_config(indio_dev); } @@ -1436,8 +1437,9 @@ static int ad7173_probe(struct spi_device *spi) spi->mode = SPI_MODE_3; spi_setup(spi); - ad7173_sigma_delta_info.num_slots = st->info->num_configs; - ret = ad_sd_init(&st->sd, indio_dev, spi, &ad7173_sigma_delta_info); + st->sigma_delta_info = ad7173_sigma_delta_info; + st->sigma_delta_info.num_slots = st->info->num_configs; + ret = ad_sd_init(&st->sd, indio_dev, spi, &st->sigma_delta_info); if (ret) return ret; -- 2.47.1

6 months

1
0
0 0

patch "iio: adc: ti-ads1298: Add NULL check in ads1298_init" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ti-ads1298: Add NULL check in ads1298_init to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From bcb394bb28e55312cace75362b8e489eb0e02a30 Mon Sep 17 00:00:00 2001 From: Charles Han <hanchunchao(a)inspur.com> Date: Mon, 18 Nov 2024 17:02:08 +0800 Subject: iio: adc: ti-ads1298: Add NULL check in ads1298_init devm_kasprintf() can return a NULL pointer on failure. A check on the return value of such a call in ads1298_init() is missing. Add it. Fixes: 00ef7708fa60 ("iio: adc: ti-ads1298: Add driver") Signed-off-by: Charles Han <hanchunchao(a)inspur.com> Link: https://patch.msgid.link/20241118090208.14586-1-hanchunchao@inspur.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ti-ads1298.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/ti-ads1298.c b/drivers/iio/adc/ti-ads1298.c index 36d43495f603..03f762415fa5 100644 --- a/drivers/iio/adc/ti-ads1298.c +++ b/drivers/iio/adc/ti-ads1298.c @@ -613,6 +613,8 @@ static int ads1298_init(struct iio_dev *indio_dev) } indio_dev->name = devm_kasprintf(dev, GFP_KERNEL, "ads129%u%s", indio_dev->num_channels, suffix); + if (!indio_dev->name) + return -ENOMEM; /* Enable internal test signal, double amplitude, double frequency */ ret = regmap_write(priv->regmap, ADS1298_REG_CONFIG2, -- 2.47.1

6 months

1
0
0 0

patch "iio: gyro: fxas21002c: Fix missing data update in trigger handler" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: gyro: fxas21002c: Fix missing data update in trigger handler to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From fa13ac6cdf9b6c358e7d77c29fb60145c7a87965 Mon Sep 17 00:00:00 2001 From: Carlos Song <carlos.song(a)nxp.com> Date: Sat, 16 Nov 2024 10:29:45 -0500 Subject: iio: gyro: fxas21002c: Fix missing data update in trigger handler The fxas21002c_trigger_handler() may fail to acquire sample data because the runtime PM enters the autosuspend state and sensor can not return sample data in standby mode.. Resume the sensor before reading the sample data into the buffer within the trigger handler. After the data is read, place the sensor back into the autosuspend state. Fixes: a0701b6263ae ("iio: gyro: add core driver for fxas21002c") Signed-off-by: Carlos Song <carlos.song(a)nxp.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://patch.msgid.link/20241116152945.4006374-1-Frank.Li@nxp.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/gyro/fxas21002c_core.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/iio/gyro/fxas21002c_core.c b/drivers/iio/gyro/fxas21002c_core.c index 0391c78c2f18..754c8a564ba4 100644 --- a/drivers/iio/gyro/fxas21002c_core.c +++ b/drivers/iio/gyro/fxas21002c_core.c @@ -730,14 +730,21 @@ static irqreturn_t fxas21002c_trigger_handler(int irq, void *p) int ret; mutex_lock(&data->lock); - ret = regmap_bulk_read(data->regmap, FXAS21002C_REG_OUT_X_MSB, - data->buffer, CHANNEL_SCAN_MAX * sizeof(s16)); + ret = fxas21002c_pm_get(data); if (ret < 0) goto out_unlock; + ret = regmap_bulk_read(data->regmap, FXAS21002C_REG_OUT_X_MSB, + data->buffer, CHANNEL_SCAN_MAX * sizeof(s16)); + if (ret < 0) + goto out_pm_put; + iio_push_to_buffers_with_timestamp(indio_dev, data->buffer, data->timestamp); +out_pm_put: + fxas21002c_pm_put(data); + out_unlock: mutex_unlock(&data->lock); -- 2.47.1

6 months

1
0
0 0

patch "iio: adc: ad7124: Disable all channels at probe time" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7124: Disable all channels at probe time to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 4be339af334c283a1a1af3cb28e7e448a0aa8a7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig(a)baylibre.com> Date: Mon, 4 Nov 2024 11:19:04 +0100 Subject: iio: adc: ad7124: Disable all channels at probe time MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When during a measurement two channels are enabled, two measurements are done that are reported sequencially in the DATA register. As the code triggered by reading one of the sysfs properties expects that only one channel is enabled it only reads the first data set which might or might not belong to the intended channel. To prevent this situation disable all channels during probe. This fixes a problem in practise because the reset default for channel 0 is enabled. So all measurements before the first measurement on channel 0 (which disables channel 0 at the end) might report wrong values. Fixes: 7b8d045e497a ("iio: adc: ad7124: allow more than 8 channels") Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> Link: https://patch.msgid.link/20241104101905.845737-2-u.kleine-koenig@baylibre.c… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7124.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c index 7314fb32bdec..3d678c420cbf 100644 --- a/drivers/iio/adc/ad7124.c +++ b/drivers/iio/adc/ad7124.c @@ -917,6 +917,9 @@ static int ad7124_setup(struct ad7124_state *st) * set all channels to this default value. */ ad7124_set_channel_odr(st, i, 10); + + /* Disable all channels to prevent unintended conversions. */ + ad_sd_write_reg(&st->sd, AD7124_CHANNEL(i), 2, 0); } ret = ad_sd_write_reg(&st->sd, AD7124_ADC_CONTROL, 2, st->adc_control); -- 2.47.1

6 months

1
0
0 0

[PATCH] arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu()

by Mark Brown

In commit 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}") we moved access to ZCR, SMCR and SMIDR later in the boot process in order to ensure that we don't attempt to interact with them if SVE or SME is disabled on the command line. Unfortunately when initialising the boot CPU in init_cpu_features() we work on a copy of the struct cpuinfo_arm64 for the boot CPU used only during boot, not the percpu copy used by the sysfs code. Fix this by moving the handling for SMIDR_EL1 for the boot CPU to cpuinfo_store_boot_cpu() so it can operate on the percpu copy of the data. This reduces the potential for error that could come from having both the percpu and boot CPU copies in init_cpu_features(). This issue wasn't apparent when testing on emulated platforms that do not report values in this ID register. Fixes: 892f7237b3ff ("arm64: Delay initialisation of cpuinfo_arm64::reg_{zcr,smcr}") Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kernel/cpufeature.c | 6 ------ arch/arm64/kernel/cpuinfo.c | 11 +++++++++++ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 6ce71f444ed84f9056196bb21bbfac61c9687e30..b88102fd2c20f77e25af6df513fda09a484e882e 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1167,12 +1167,6 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info) id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) { unsigned long cpacr = cpacr_save_enable_kernel_sme(); - /* - * We mask out SMPS since even if the hardware - * supports priorities the kernel does not at present - * and we block access to them. - */ - info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; vec_init_vq_map(ARM64_VEC_SME); cpacr_restore(cpacr); diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index d79e88fccdfce427507e7a34c5959ce6309cbd12..b7d403da71e5a01ed3943eb37e7a00af238771a2 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -499,4 +499,15 @@ void __init cpuinfo_store_boot_cpu(void) boot_cpu_data = *info; init_cpu_features(&boot_cpu_data); + + /* SMIDR_EL1 needs to be stored in the percpu data for sysfs */ + if (IS_ENABLED(CONFIG_ARM64_SME) && + id_aa64pfr1_sme(read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1))) { + /* + * We mask out SMPS since even if the hardware + * supports priorities the kernel does not at present + * and we block access to them. + */ + info->reg_smidr = read_cpuid(SMIDR_EL1) & ~SMIDR_EL1_SMPS; + } } --- base-commit: fac04efc5c793dccbd07e2d59af9f90b7fc0dca4 change-id: 20241213-arm64-fix-boot-cpu-smidr-386b8db292b2 Best regards, -- Mark Brown <broonie(a)kernel.org>

6 months

3
13
0 0

[PATCH v6.12] KVM: arm64: Disable MPAM visibility by default and ignore VMM writes

by Marc Zyngier

From: James Morse <james.morse(a)arm.com> commit 6685f5d572c22e1003e7c0d089afe1c64340ab1f upstream. commit 011e5f5bf529f ("arm64/cpufeature: Add remaining feature bits in ID_AA64PFR0 register") exposed the MPAM field of AA64PFR0_EL1 to guests, but didn't add trap handling. A previous patch supplied the missing trap handling. Existing VMs that have the MPAM field of ID_AA64PFR0_EL1 set need to be migratable, but there is little point enabling the MPAM CPU interface on new VMs until there is something a guest can do with it. Clear the MPAM field from the guest's ID_AA64PFR0_EL1 and on hardware that supports MPAM, politely ignore the VMMs attempts to set this bit. Guests exposed to this bug have the sanitised value of the MPAM field, so only the correct value needs to be ignored. This means the field can continue to be used to block migration to incompatible hardware (between MPAM=1 and MPAM=5), and the VMM can't rely on the field being ignored. Signed-off-by: James Morse <james.morse(a)arm.com> Co-developed-by: Joey Gouly <joey.gouly(a)arm.com> Signed-off-by: Joey Gouly <joey.gouly(a)arm.com> Reviewed-by: Gavin Shan <gshan(a)redhat.com> Tested-by: Shameer Kolothum <shameerali.kolothum.thodi(a)huawei.com> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20241030160317.2528209-7-joey.gouly@arm.com Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> [maz: adapted to lack of ID_FILTERED()] Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kvm/sys_regs.c | 55 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 52 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index ff8c4e1b847ed..fbed433283c9b 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1535,6 +1535,7 @@ static u64 __kvm_read_sanitised_id_reg(const struct kvm_vcpu *vcpu, val &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_MTEX); val &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_DF2); val &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_PFAR); + val &= ~ARM64_FEATURE_MASK(ID_AA64PFR1_EL1_MPAM_frac); break; case SYS_ID_AA64PFR2_EL1: /* We only expose FPMR */ @@ -1724,6 +1725,13 @@ static u64 read_sanitised_id_aa64pfr0_el1(struct kvm_vcpu *vcpu, val &= ~ID_AA64PFR0_EL1_AMU_MASK; + /* + * MPAM is disabled by default as KVM also needs a set of PARTID to + * program the MPAMVPMx_EL2 PARTID remapping registers with. But some + * older kernels let the guest see the ID bit. + */ + val &= ~ID_AA64PFR0_EL1_MPAM_MASK; + return val; } @@ -1834,6 +1842,42 @@ static int set_id_dfr0_el1(struct kvm_vcpu *vcpu, return set_id_reg(vcpu, rd, val); } +static int set_id_aa64pfr0_el1(struct kvm_vcpu *vcpu, + const struct sys_reg_desc *rd, u64 user_val) +{ + u64 hw_val = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1); + u64 mpam_mask = ID_AA64PFR0_EL1_MPAM_MASK; + + /* + * Commit 011e5f5bf529f ("arm64/cpufeature: Add remaining feature bits + * in ID_AA64PFR0 register") exposed the MPAM field of AA64PFR0_EL1 to + * guests, but didn't add trap handling. KVM doesn't support MPAM and + * always returns an UNDEF for these registers. The guest must see 0 + * for this field. + * + * But KVM must also accept values from user-space that were provided + * by KVM. On CPUs that support MPAM, permit user-space to write + * the sanitizied value to ID_AA64PFR0_EL1.MPAM, but ignore this field. + */ + if ((hw_val & mpam_mask) == (user_val & mpam_mask)) + user_val &= ~ID_AA64PFR0_EL1_MPAM_MASK; + + return set_id_reg(vcpu, rd, user_val); +} + +static int set_id_aa64pfr1_el1(struct kvm_vcpu *vcpu, + const struct sys_reg_desc *rd, u64 user_val) +{ + u64 hw_val = read_sanitised_ftr_reg(SYS_ID_AA64PFR1_EL1); + u64 mpam_mask = ID_AA64PFR1_EL1_MPAM_frac_MASK; + + /* See set_id_aa64pfr0_el1 for comment about MPAM */ + if ((hw_val & mpam_mask) == (user_val & mpam_mask)) + user_val &= ~ID_AA64PFR1_EL1_MPAM_frac_MASK; + + return set_id_reg(vcpu, rd, user_val); +} + /* * cpufeature ID register user accessors * @@ -2377,7 +2421,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_ID_AA64PFR0_EL1), .access = access_id_reg, .get_user = get_id_reg, - .set_user = set_id_reg, + .set_user = set_id_aa64pfr0_el1, .reset = read_sanitised_id_aa64pfr0_el1, .val = ~(ID_AA64PFR0_EL1_AMU | ID_AA64PFR0_EL1_MPAM | @@ -2385,7 +2429,12 @@ static const struct sys_reg_desc sys_reg_descs[] = { ID_AA64PFR0_EL1_RAS | ID_AA64PFR0_EL1_AdvSIMD | ID_AA64PFR0_EL1_FP), }, - ID_WRITABLE(ID_AA64PFR1_EL1, ~(ID_AA64PFR1_EL1_PFAR | + { SYS_DESC(SYS_ID_AA64PFR1_EL1), + .access = access_id_reg, + .get_user = get_id_reg, + .set_user = set_id_aa64pfr1_el1, + .reset = kvm_read_sanitised_id_reg, + .val = ~(ID_AA64PFR1_EL1_PFAR | ID_AA64PFR1_EL1_DF2 | ID_AA64PFR1_EL1_MTEX | ID_AA64PFR1_EL1_THE | @@ -2397,7 +2446,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { ID_AA64PFR1_EL1_RES0 | ID_AA64PFR1_EL1_MPAM_frac | ID_AA64PFR1_EL1_RAS_frac | - ID_AA64PFR1_EL1_MTE)), + ID_AA64PFR1_EL1_MTE), }, ID_WRITABLE(ID_AA64PFR2_EL1, ID_AA64PFR2_EL1_FPMR), ID_UNALLOCATED(4,3), ID_WRITABLE(ID_AA64ZFR0_EL1, ~ID_AA64ZFR0_EL1_RES0), -- 2.39.2

6 months

2
1
0 0

[PATCH v2 5.4 5.15 6.6] tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe()

by Nikolay Kuratov

commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols") avoids checking number_of_same_symbols() for module symbol in __trace_kprobe_create(), but create_local_trace_kprobe() should avoid this check too. Doing this check leads to ENOENT for module_name:symbol_name constructions passed over perf_event_open. No bug in newer kernels as it was fixed more generally by commit 9d8616034f16 ("tracing/kprobes: Add symbol counting check when module loads") Link: https://lore.kernel.org/linux-trace-kernel/20240705161030.b3ddb33a8167013b9… Fixes: b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols") Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru> --- v1 -> v2: * Reword commit title and message * Send for stable instead of mainline kernel/trace/trace_kprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c index 12d997bb3e78..94cb09d44115 100644 --- a/kernel/trace/trace_kprobe.c +++ b/kernel/trace/trace_kprobe.c @@ -1814,7 +1814,7 @@ create_local_trace_kprobe(char *func, void *addr, unsigned long offs, int ret; char *event; - if (func) { + if (func && !strchr(func, ':')) { unsigned int count; count = number_of_same_symbols(func); -- 2.34.1

6 months

2
1
0 0

[PATCH] usb: phy-tahvo: fix call balance for tu->ick handling routines

by Vitalii Mordan

If the clock tu->ick was not enabled in tahvo_usb_probe, it may still hold a non-error pointer, potentially causing the clock to be incorrectly disabled later in the function. Use the devm_clk_get_enabled helper function to ensure proper call balance for tu->ick. Found by Linux Verification Center (linuxtesting.org) with Klever. Fixes: 9ba96ae5074c ("usb: omap1: Tahvo USB transceiver driver") Cc: stable(a)vger.kernel.org Signed-off-by: Vitalii Mordan <mordan(a)ispras.ru> --- v2: Corrected a typo in the error handling of the devm_clk_get_enabled call. This issue was reported by Dan Carpenter <dan.carpenter(a)linaro.org>. drivers/usb/phy/phy-tahvo.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/drivers/usb/phy/phy-tahvo.c b/drivers/usb/phy/phy-tahvo.c index ae7bf3ff89ee..4182e86dc450 100644 --- a/drivers/usb/phy/phy-tahvo.c +++ b/drivers/usb/phy/phy-tahvo.c @@ -341,9 +341,11 @@ static int tahvo_usb_probe(struct platform_device *pdev) mutex_init(&tu->serialize); - tu->ick = devm_clk_get(&pdev->dev, "usb_l4_ick"); - if (!IS_ERR(tu->ick)) - clk_enable(tu->ick); + tu->ick = devm_clk_get_enabled(&pdev->dev, "usb_l4_ick"); + if (IS_ERR(tu->ick)) { + dev_err(&pdev->dev, "failed to get and enable clock\n"); + return PTR_ERR(tu->ick); + } /* * Set initial state, so that we generate kevents only on state changes. @@ -353,15 +355,14 @@ static int tahvo_usb_probe(struct platform_device *pdev) tu->extcon = devm_extcon_dev_allocate(&pdev->dev, tahvo_cable); if (IS_ERR(tu->extcon)) { dev_err(&pdev->dev, "failed to allocate memory for extcon\n"); - ret = PTR_ERR(tu->extcon); - goto err_disable_clk; + return PTR_ERR(tu->extcon); } ret = devm_extcon_dev_register(&pdev->dev, tu->extcon); if (ret) { dev_err(&pdev->dev, "could not register extcon device: %d\n", ret); - goto err_disable_clk; + return ret; } /* Set the initial cable state. */ @@ -384,7 +385,7 @@ static int tahvo_usb_probe(struct platform_device *pdev) if (ret < 0) { dev_err(&pdev->dev, "cannot register USB transceiver: %d\n", ret); - goto err_disable_clk; + return ret; } dev_set_drvdata(&pdev->dev, tu); @@ -405,9 +406,6 @@ static int tahvo_usb_probe(struct platform_device *pdev) err_remove_phy: usb_remove_phy(&tu->phy); -err_disable_clk: - if (!IS_ERR(tu->ick)) - clk_disable(tu->ick); return ret; } @@ -418,8 +416,6 @@ static void tahvo_usb_remove(struct platform_device *pdev) free_irq(tu->irq, tu); usb_remove_phy(&tu->phy); - if (!IS_ERR(tu->ick)) - clk_disable(tu->ick); } static struct platform_driver tahvo_usb_driver = { -- 2.25.1

6 months

1
0
0 0

[PATCH] usb: phy-tahvo: fix call balance for tu->ick handling routines

by Vitalii Mordan

If the clock tu->ick was not enabled in tahvo_usb_probe, it may still hold a non-error pointer, potentially causing the clock to be incorrectly disabled later in the function. Use the devm_clk_get_enabled helper function to ensure proper call balance for tu->ick. Found by Linux Verification Center (linuxtesting.org) with Klever. Fixes: 9ba96ae5074c ("usb: omap1: Tahvo USB transceiver driver") Cc: stable(a)vger.kernel.org Signed-off-by: Vitalii Mordan <mordan(a)ispras.ru> --- drivers/usb/phy/phy-tahvo.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/drivers/usb/phy/phy-tahvo.c b/drivers/usb/phy/phy-tahvo.c index ae7bf3ff89ee..d393308d23d4 100644 --- a/drivers/usb/phy/phy-tahvo.c +++ b/drivers/usb/phy/phy-tahvo.c @@ -341,9 +341,11 @@ static int tahvo_usb_probe(struct platform_device *pdev) mutex_init(&tu->serialize); - tu->ick = devm_clk_get(&pdev->dev, "usb_l4_ick"); - if (!IS_ERR(tu->ick)) - clk_enable(tu->ick); + tu->ick = devm_clk_get_enabled(&pdev->dev, "usb_l4_ick"); + if (!IS_ERR(tu->ick)) { + dev_err(&pdev->dev, "failed to get and enable clock\n"); + return PTR_ERR(tu->ick); + } /* * Set initial state, so that we generate kevents only on state changes. @@ -353,15 +355,14 @@ static int tahvo_usb_probe(struct platform_device *pdev) tu->extcon = devm_extcon_dev_allocate(&pdev->dev, tahvo_cable); if (IS_ERR(tu->extcon)) { dev_err(&pdev->dev, "failed to allocate memory for extcon\n"); - ret = PTR_ERR(tu->extcon); - goto err_disable_clk; + return PTR_ERR(tu->extcon); } ret = devm_extcon_dev_register(&pdev->dev, tu->extcon); if (ret) { dev_err(&pdev->dev, "could not register extcon device: %d\n", ret); - goto err_disable_clk; + return ret; } /* Set the initial cable state. */ @@ -384,7 +385,7 @@ static int tahvo_usb_probe(struct platform_device *pdev) if (ret < 0) { dev_err(&pdev->dev, "cannot register USB transceiver: %d\n", ret); - goto err_disable_clk; + return ret; } dev_set_drvdata(&pdev->dev, tu); @@ -405,9 +406,6 @@ static int tahvo_usb_probe(struct platform_device *pdev) err_remove_phy: usb_remove_phy(&tu->phy); -err_disable_clk: - if (!IS_ERR(tu->ick)) - clk_disable(tu->ick); return ret; } @@ -418,8 +416,6 @@ static void tahvo_usb_remove(struct platform_device *pdev) free_irq(tu->irq, tu); usb_remove_phy(&tu->phy); - if (!IS_ERR(tu->ick)) - clk_disable(tu->ick); } static struct platform_driver tahvo_usb_driver = { -- 2.25.1

6 months

3
2
0 0

[PATCH v5 1/5] libfs: Return ENOSPC when the directory offset range is exhausted

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> Testing shows that the EBUSY error return from mtree_alloc_cyclic() leaks into user space. The ERRORS section of "man creat(2)" says: > EBUSY O_EXCL was specified in flags and pathname refers > to a block device that is in use by the system > (e.g., it is mounted). ENOSPC is closer to what applications expect in this situation. Note that the normal range of simple directory offset values is 2..2^63, so hitting this error is going to be rare to impossible. Fixes: 6faddda69f62 ("libfs: Add directory operations for stable offsets") Cc: <stable(a)vger.kernel.org> # v6.9+ Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Reviewed-by: Yang Erkun <yangerkun(a)huawei.com> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- fs/libfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/libfs.c b/fs/libfs.c index 748ac5923154..f6d04c69f195 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -292,7 +292,9 @@ int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry) ret = mtree_alloc_cyclic(&octx->mt, &offset, dentry, DIR_OFFSET_MIN, LONG_MAX, &octx->next_offset, GFP_KERNEL); - if (ret < 0) + if (unlikely(ret == -EBUSY)) + return -ENOSPC; + if (unlikely(ret < 0)) return ret; offset_set(dentry, offset); -- 2.47.0

6 months

4
3
0 0

[PATCH v1 v1] drm/nouveau: Fix memory leak in nvbios_iccsense_parse

by Zhanxin Qi

The nvbios_iccsense_parse function allocates memory for sensor data but fails to free it when the function exits, leading to a memory leak. Add proper cleanup to free the allocated memory. Fixes: 39b7e6e547ff ("drm/nouveau/nvbios/iccsense: add parsing of the SENSE table") Signed-off-by: Zhanxin Qi <zhanxin(a)nfschina.com> Signed-off-by: Duanjun Li <duanjun(a)nfschina.com> Signed-off-by: Danilo Krummrich <dakr(a)redhat.com> --- .../include/nvkm/subdev/bios/iccsense.h | 2 ++ .../drm/nouveau/nvkm/subdev/bios/iccsense.c | 20 +++++++++++++++++++ .../drm/nouveau/nvkm/subdev/iccsense/base.c | 3 +++ 3 files changed, 25 insertions(+) diff --git a/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/iccsense.h b/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/iccsense.h index 4c108fd2c805..8bfc28c3f7a7 100644 --- a/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/iccsense.h +++ b/drivers/gpu/drm/nouveau/include/nvkm/subdev/bios/iccsense.h @@ -20,4 +20,6 @@ struct nvbios_iccsense { }; int nvbios_iccsense_parse(struct nvkm_bios *, struct nvbios_iccsense *); + +void nvbios_iccsense_cleanup(struct nvbios_iccsense *iccsense); #endif diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/iccsense.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/iccsense.c index dea444d48f94..38fcc91ffea6 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/iccsense.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/iccsense.c @@ -56,6 +56,19 @@ nvbios_iccsense_table(struct nvkm_bios *bios, u8 *ver, u8 *hdr, u8 *cnt, return 0; } +/** + * nvbios_iccsense_parse - Parse ICCSENSE table from VBIOS + * @bios: VBIOS base pointer + * @iccsense: ICCSENSE table structure to fill + * + * Parses the ICCSENSE table from VBIOS and fills the provided structure. + * The caller must invoke nvbios_iccsense_cleanup() after successful parsing + * to free the allocated rail resources. + * + * Returns: + * 0 - Success + * -ENODEV - Table not found + */ int nvbios_iccsense_parse(struct nvkm_bios *bios, struct nvbios_iccsense *iccsense) { @@ -127,3 +140,10 @@ nvbios_iccsense_parse(struct nvkm_bios *bios, struct nvbios_iccsense *iccsense) return 0; } + +void +nvbios_iccsense_cleanup(struct nvbios_iccsense *iccsense) +{ + kfree(iccsense->rail); + iccsense->rail = NULL; +} diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/iccsense/base.c b/drivers/gpu/drm/nouveau/nvkm/subdev/iccsense/base.c index 8f0ccd3664eb..4c1759ecce38 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/iccsense/base.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/iccsense/base.c @@ -291,6 +291,9 @@ nvkm_iccsense_oneinit(struct nvkm_subdev *subdev) list_add_tail(&rail->head, &iccsense->rails); } } + + nvbios_iccsense_cleanup(&stbl); + return 0; } -- 2.30.2

6 months

2
1
0 0

FAILED: patch "[PATCH] bpf,perf: Fix invalid prog_array access in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 978c4486cca5c7b9253d3ab98a88c8e769cb9bbd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121506-pancreas-mosaic-0ae0@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 978c4486cca5c7b9253d3ab98a88c8e769cb9bbd Mon Sep 17 00:00:00 2001 From: Jiri Olsa <jolsa(a)kernel.org> Date: Sun, 8 Dec 2024 15:25:07 +0100 Subject: [PATCH] bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog Syzbot reported [1] crash that happens for following tracing scenario: - create tracepoint perf event with attr.inherit=1, attach it to the process and set bpf program to it - attached process forks -> chid creates inherited event the new child event shares the parent's bpf program and tp_event (hence prog_array) which is global for tracepoint - exit both process and its child -> release both events - first perf_event_detach_bpf_prog call will release tp_event->prog_array and second perf_event_detach_bpf_prog will crash, because tp_event->prog_array is NULL The fix makes sure the perf_event_detach_bpf_prog checks prog_array is valid before it tries to remove the bpf program from it. [1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc9… Fixes: 0ee288e69d03 ("bpf,perf: Fix perf_event_detach_bpf_prog error handling") Reported-by: syzbot+2e0d2840414ce817aaac(a)syzkaller.appspotmail.com Signed-off-by: Jiri Olsa <jolsa(a)kernel.org> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20241208142507.1207698-1-jolsa@kernel.org diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index a403b05a7091..1b8db5aee9d3 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2250,6 +2250,9 @@ void perf_event_detach_bpf_prog(struct perf_event *event) goto unlock; old_array = bpf_event_rcu_dereference(event->tp_event->prog_array); + if (!old_array) + goto put; + ret = bpf_prog_array_copy(old_array, event->prog, NULL, 0, &new_array); if (ret < 0) { bpf_prog_array_delete_safe(old_array, event->prog); @@ -2258,6 +2261,7 @@ void perf_event_detach_bpf_prog(struct perf_event *event) bpf_prog_array_free_sleepable(old_array); } +put: /* * It could be that the bpf_prog is not sleepable (and will be freed * via normal RCU), but is called from a point that supports sleepable

6 months

2
2
0 0

[PATCH V4] mm, compaction: don't use ALLOC_CMA in long term GUP flow

by yangge1116＠126.com

From: yangge <yangge1116(a)126.com> Since commit 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") allow compaction to proceed when free pages required for compaction reside in the CMA pageblocks, it's possible that __compaction_suitable() always returns true, and in some cases, it's not acceptable. There are 4 NUMA nodes on my machine, and each NUMA node has 32GB of memory. I have configured 16GB of CMA memory on each NUMA node, and starting a 32GB virtual machine with device passthrough is extremely slow, taking almost an hour. During the start-up of the virtual machine, it will call pin_user_pages_remote(..., FOLL_LONGTERM, ...) to allocate memory. Long term GUP cannot allocate memory from CMA area, so a maximum of 16 GB of no-CMA memory on a NUMA node can be used as virtual machine memory. Since there is 16G of free CMA memory on the NUMA node, watermark for order-0 always be met for compaction, so __compaction_suitable() always returns true, even if the node is unable to allocate non-CMA memory for the virtual machine. For costly allocations, because __compaction_suitable() always returns true, __alloc_pages_slowpath() can't exit at the appropriate place, resulting in excessively long virtual machine startup times. Call trace: __alloc_pages_slowpath if (compact_result == COMPACT_SKIPPED || compact_result == COMPACT_DEFERRED) goto nopage; // should exit __alloc_pages_slowpath() from here In order to quickly fall back to remote node, we should remove ALLOC_CMA both in __compaction_suitable() and __isolate_free_page() in long term GUP flow. After this fix, starting a 32GB virtual machine with device passthrough takes only a few seconds. Fixes: 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") Cc: <stable(a)vger.kernel.org> Signed-off-by: yangge <yangge1116(a)126.com> --- V4: - rich the commit log description V3: - fix build errors - add ALLOC_CMA both in should_continue_reclaim() and compaction_ready() V2: - using the 'cc->alloc_flags' to determin if 'ALLOC_CMA' is needed - rich the commit log description include/linux/compaction.h | 6 ++++-- mm/compaction.c | 18 +++++++++++------- mm/page_alloc.c | 4 +++- mm/vmscan.c | 4 ++-- 4 files changed, 20 insertions(+), 12 deletions(-) diff --git a/include/linux/compaction.h b/include/linux/compaction.h index e947764..b4c3ac3 100644 --- a/include/linux/compaction.h +++ b/include/linux/compaction.h @@ -90,7 +90,8 @@ extern enum compact_result try_to_compact_pages(gfp_t gfp_mask, struct page **page); extern void reset_isolation_suitable(pg_data_t *pgdat); extern bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx); + int highest_zoneidx, + unsigned int alloc_flags); extern void compaction_defer_reset(struct zone *zone, int order, bool alloc_success); @@ -108,7 +109,8 @@ static inline void reset_isolation_suitable(pg_data_t *pgdat) } static inline bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx) + int highest_zoneidx, + unsigned int alloc_flags) { return false; } diff --git a/mm/compaction.c b/mm/compaction.c index 07bd227..585f5ab 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -2381,9 +2381,11 @@ static enum compact_result compact_finished(struct compact_control *cc) static bool __compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags, unsigned long wmark_target) { unsigned long watermark; + bool use_cma; /* * Watermarks for order-0 must be met for compaction to be able to * isolate free pages for migration targets. This means that the @@ -2395,25 +2397,27 @@ static bool __compaction_suitable(struct zone *zone, int order, * even if compaction succeeds. * For costly orders, we require low watermark instead of min for * compaction to proceed to increase its chances. - * ALLOC_CMA is used, as pages in CMA pageblocks are considered - * suitable migration targets + * In addition to long term GUP flow, ALLOC_CMA is used, as pages in + * CMA pageblocks are considered suitable migration targets */ watermark = (order > PAGE_ALLOC_COSTLY_ORDER) ? low_wmark_pages(zone) : min_wmark_pages(zone); watermark += compact_gap(order); + use_cma = !!(alloc_flags & ALLOC_CMA); return __zone_watermark_ok(zone, 0, watermark, highest_zoneidx, - ALLOC_CMA, wmark_target); + use_cma ? ALLOC_CMA : 0, wmark_target); } /* * compaction_suitable: Is this suitable to run compaction on this zone now? */ -bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx) +bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags) { enum compact_result compact_result; bool suitable; - suitable = __compaction_suitable(zone, order, highest_zoneidx, + suitable = __compaction_suitable(zone, order, highest_zoneidx, alloc_flags, zone_page_state(zone, NR_FREE_PAGES)); /* * fragmentation index determines if allocation failures are due to @@ -2474,7 +2478,7 @@ bool compaction_zonelist_suitable(struct alloc_context *ac, int order, available = zone_reclaimable_pages(zone) / order; available += zone_page_state_snapshot(zone, NR_FREE_PAGES); if (__compaction_suitable(zone, order, ac->highest_zoneidx, - available)) + alloc_flags, available)) return true; } @@ -2499,7 +2503,7 @@ compaction_suit_allocation_order(struct zone *zone, unsigned int order, alloc_flags)) return COMPACT_SUCCESS; - if (!compaction_suitable(zone, order, highest_zoneidx)) + if (!compaction_suitable(zone, order, highest_zoneidx, alloc_flags)) return COMPACT_SKIPPED; return COMPACT_CONTINUE; diff --git a/mm/page_alloc.c b/mm/page_alloc.c index dde19db..9a5dfda 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2813,6 +2813,7 @@ int __isolate_free_page(struct page *page, unsigned int order) { struct zone *zone = page_zone(page); int mt = get_pageblock_migratetype(page); + bool pin; if (!is_migrate_isolate(mt)) { unsigned long watermark; @@ -2823,7 +2824,8 @@ int __isolate_free_page(struct page *page, unsigned int order) * exists. */ watermark = zone->_watermark[WMARK_MIN] + (1UL << order); - if (!zone_watermark_ok(zone, 0, watermark, 0, ALLOC_CMA)) + pin = !!(current->flags & PF_MEMALLOC_PIN); + if (!zone_watermark_ok(zone, 0, watermark, 0, pin ? 0 : ALLOC_CMA)) return 0; } diff --git a/mm/vmscan.c b/mm/vmscan.c index 5e03a61..33f5b46 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -5815,7 +5815,7 @@ static inline bool should_continue_reclaim(struct pglist_data *pgdat, sc->reclaim_idx, 0)) return false; - if (compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; } @@ -6043,7 +6043,7 @@ static inline bool compaction_ready(struct zone *zone, struct scan_control *sc) return true; /* Compaction cannot yet proceed. Do reclaim. */ - if (!compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (!compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; /* -- 2.7.4

6 months

3
2
0 0

[PATCH] drm/mediatek: only touch DISP_REG_OVL_PITCH_MSB if AFBC is supported

by Daniel Golle

Touching DISP_REG_OVL_PITCH_MSB leads to video overlay on MT2701, MT7623N and probably other older SoCs being broken. Only touching it on hardware which actually supports AFBC like it was before commit c410fa9b07c3 ("drm/mediatek: Add AFBC support to Mediatek DRM driver") fixes it. Fixes: c410fa9b07c3 ("drm/mediatek: Add AFBC support to Mediatek DRM driver") Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Golle <daniel(a)makrotopia.org> --- drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c index f731d4fbe8b6..321b40a387cd 100644 --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c @@ -545,7 +545,7 @@ void mtk_ovl_layer_config(struct device *dev, unsigned int idx, &ovl->cmdq_reg, ovl->regs, DISP_REG_OVL_PITCH_MSB(idx)); mtk_ddp_write_relaxed(cmdq_pkt, hdr_pitch, &ovl->cmdq_reg, ovl->regs, DISP_REG_OVL_HDR_PITCH(ovl, idx)); - } else { + } else if (ovl->data->supports_afbc) { mtk_ddp_write_relaxed(cmdq_pkt, overlay_pitch.split_pitch.msb, &ovl->cmdq_reg, ovl->regs, DISP_REG_OVL_PITCH_MSB(idx)); -- 2.47.1

6 months

2
1
0 0

[PATCHv3] drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get()

by Karol Przybylski

This patch fixes a potential integer overflow in the zynqmp_dp_rate_get() The issue comes up when the expression drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000 is evaluated using 32-bit Now the constant is a compatible 64-bit type. Resolves coverity issues: CID 1636340 and CID 1635811 Cc: stable(a)vger.kernel.org Fixes: 28edaacb821c6 ("drm: zynqmp_dp: Add debugfs interface for compliance testing") Signed-off-by: Karol Przybylski <karprzy7(a)gmail.com> --- Changes from previous versions: Added Fixes tag Added Cc for stable kernel version Fixed formatting drivers/gpu/drm/xlnx/zynqmp_dp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xlnx/zynqmp_dp.c b/drivers/gpu/drm/xlnx/zynqmp_dp.c index 25c5dc61ee88..56a261a40ea3 100644 --- a/drivers/gpu/drm/xlnx/zynqmp_dp.c +++ b/drivers/gpu/drm/xlnx/zynqmp_dp.c @@ -2190,7 +2190,7 @@ static int zynqmp_dp_rate_get(void *data, u64 *val) struct zynqmp_dp *dp = data; mutex_lock(&dp->lock); - *val = drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000; + *val = drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000ULL; mutex_unlock(&dp->lock); return 0; } -- 2.34.1

6 months

3
2
0 0

[PATCH v4 1/2] drm/xe: Use non-interruptible wait when moving BO to system

by Nirmoy Das

Ensure a non-interruptible wait is used when moving a bo to XE_PL_SYSTEM. This prevents dma_mappings from being removed prematurely while a GPU job is still in progress, even if the CPU receives a signal during the operation. Fixes: 75521e8b56e8 ("drm/xe: Perform dma_map when moving system buffer objects to TT") Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.11+ Suggested-by: Matthew Auld <matthew.auld(a)intel.com> Signed-off-by: Nirmoy Das <nirmoy.das(a)intel.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> --- drivers/gpu/drm/xe/xe_bo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 283cd0294570..06931df876ab 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -733,7 +733,7 @@ static int xe_bo_move(struct ttm_buffer_object *ttm_bo, bool evict, new_mem->mem_type == XE_PL_SYSTEM) { long timeout = dma_resv_wait_timeout(ttm_bo->base.resv, DMA_RESV_USAGE_BOOKKEEP, - true, + false, MAX_SCHEDULE_TIMEOUT); if (timeout < 0) { ret = timeout; -- 2.46.0

6 months

2
2
0 0

[PATCH v4 1/3] Drivers: hv: vmbus: Disable Suspend-to-Idle for VMBus

by Erni Sri Satya Vennela

This change is specific to Hyper-V VM user. If the Virtual Machine Connection window is focused, a Hyper-V VM user can unintentionally touch the keyboard/mouse when the VM is hibernating or resuming, and consequently the hibernation or resume operation can be aborted unexpectedly. Fix the issue by no longer registering the keyboard/mouse as wakeup devices (see the other two patches for the changes to drivers/input/serio/hyperv-keyboard.c and drivers/hid/hid-hyperv.c). The keyboard/mouse were registered as wakeup devices because the VM needs to be woken up from the Suspend-to-Idle state after a user runs "echo freeze > /sys/power/state". It seems like the Suspend-to-Idle feature has no real users in practice, so let's no longer support that by returning -EOPNOTSUPP if a user tries to use that. Fixes: 1a06d017fb3f ("Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM") Cc: stable(a)vger.kernel.org Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Signed-off-by: Erni Sri Satya Vennela <ernis(a)linux.microsoft.com>> --- Changes in v4: * No change Changes in v3: * Add "Cc: stable(a)vger.kernel.org" in sign-off area. Changes in v2: * Add "#define vmbus_freeze NULL" when CONFIG_PM_SLEEP is not enabled. --- drivers/hv/vmbus_drv.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 6d89d37b069a..4df6b12bf6a1 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -900,6 +900,19 @@ static void vmbus_shutdown(struct device *child_device) } #ifdef CONFIG_PM_SLEEP +/* + * vmbus_freeze - Suspend-to-Idle + */ +static int vmbus_freeze(struct device *child_device) +{ +/* + * Do not support Suspend-to-Idle ("echo freeze > /sys/power/state") as + * that would require registering the Hyper-V synthetic mouse/keyboard + * devices as wakeup devices, which can abort hibernation/resume unexpectedly. + */ + return -EOPNOTSUPP; +} + /* * vmbus_suspend - Suspend a vmbus device */ @@ -938,6 +951,7 @@ static int vmbus_resume(struct device *child_device) return drv->resume(dev); } #else +#define vmbus_freeze NULL #define vmbus_suspend NULL #define vmbus_resume NULL #endif /* CONFIG_PM_SLEEP */ @@ -969,7 +983,7 @@ static void vmbus_device_release(struct device *device) */ static const struct dev_pm_ops vmbus_pm = { - .suspend_noirq = NULL, + .suspend_noirq = vmbus_freeze, .resume_noirq = NULL, .freeze_noirq = vmbus_suspend, .thaw_noirq = vmbus_resume, -- 2.34.1

6 months

1
0
0 0

[nacked] mm-hugetlb-change-enospc-to-enomem-in-alloc_hugetlb_folio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: change ENOSPC to ENOMEM in alloc_hugetlb_folio has been removed from the -mm tree. Its filename was mm-hugetlb-change-enospc-to-enomem-in-alloc_hugetlb_folio.patch This patch was dropped because it was nacked ------------------------------------------------------ From: Dafna Hirschfeld <dafna.hirschfeld(a)intel.com> Subject: mm/hugetlb: change ENOSPC to ENOMEM in alloc_hugetlb_folio Date: Sun, 1 Dec 2024 03:03:41 +0200 The error ENOSPC is translated in vmf_error to VM_FAULT_SIGBUS which is further translated in EFAULT in i.e. pin/get_user_pages. But when running out of pages/hugepages we expect to see ENOMEM and not EFAULT. Link: https://lkml.kernel.org/r/20241201010341.1382431-1-dafna.hirschfeld@intel.c… Fixes: 8f34af6f93ae ("mm, hugetlb: move the error handle logic out of normal code path") Signed-off-by: Dafna Hirschfeld <dafna.hirschfeld(a)intel.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/hugetlb.c~mm-hugetlb-change-enospc-to-enomem-in-alloc_hugetlb_folio +++ a/mm/hugetlb.c @@ -3113,7 +3113,7 @@ out_end_reservation: if (!memcg_charge_ret) mem_cgroup_cancel_charge(memcg, nr_pages); mem_cgroup_put(memcg); - return ERR_PTR(-ENOSPC); + return ERR_PTR(-ENOMEM); } int alloc_bootmem_huge_page(struct hstate *h, int nid) _ Patches currently in -mm which might be from dafna.hirschfeld(a)intel.com are

6 months, 1 week

1
0
0 0

+ maple_tree-reload-mas-before-the-second-call-for-mas_empty_area.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: maple_tree: reload mas before the second call for mas_empty_area has been added to the -mm mm-unstable branch. Its filename is maple_tree-reload-mas-before-the-second-call-for-mas_empty_area.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yang Erkun <yangerkun(a)huawei.com> Subject: maple_tree: reload mas before the second call for mas_empty_area Date: Sat, 14 Dec 2024 17:30:05 +0800 Change the LONG_MAX in simple_offset_add to 1024, and do latter: [root@fedora ~]# mkdir /tmp/dir [root@fedora ~]# for i in {1..1024}; do touch /tmp/dir/$i; done touch: cannot touch '/tmp/dir/1024': Device or resource busy [root@fedora ~]# rm /tmp/dir/123 [root@fedora ~]# touch /tmp/dir/1024 [root@fedora ~]# rm /tmp/dir/100 [root@fedora ~]# touch /tmp/dir/1025 touch: cannot touch '/tmp/dir/1025': Device or resource busy After we delete file 100, actually this is a empty entry, but the latter create failed unexpected. mas_alloc_cyclic has two chance to find empty entry. First find the entry with range range_lo and range_hi, if no empty entry exist, and range_lo > min, retry find with range min and range_hi. However, the first call mas_empty_area may mark mas as EBUSY, and the second call for mas_empty_area will return false directly. Fix this by reload mas before second call for mas_empty_area. Link: https://lkml.kernel.org/r/20241214093005.72284-1-yangerkun@huaweicloud.com Fixes: 9b6713cc7522 ("maple_tree: Add mtree_alloc_cyclic()") Signed-off-by: Yang Erkun <yangerkun(a)huawei.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Chuck Lever <chuck.lever(a)oracle.com> says: Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 2 ++ 1 file changed, 2 insertions(+) --- a/lib/maple_tree.c~maple_tree-reload-mas-before-the-second-call-for-mas_empty_area +++ a/lib/maple_tree.c @@ -4335,6 +4335,7 @@ int mas_alloc_cyclic(struct ma_state *ma { unsigned long min = range_lo; int ret = 0; + struct ma_state m = *mas; range_lo = max(min, *next); ret = mas_empty_area(mas, range_lo, range_hi, 1); @@ -4343,6 +4344,7 @@ int mas_alloc_cyclic(struct ma_state *ma ret = 1; } if (ret < 0 && range_lo > min) { + *mas = m; ret = mas_empty_area(mas, min, range_hi, 1); if (ret == 0) ret = 1; _ Patches currently in -mm which might be from yangerkun(a)huawei.com are maple_tree-reload-mas-before-the-second-call-for-mas_empty_area.patch

6 months, 1 week

1
0
0 0

+ ocfs2-handle-a-symlink-read-error-correctly.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: handle a symlink read error correctly has been added to the -mm mm-nonmm-unstable branch. Its filename is ocfs2-handle-a-symlink-read-error-correctly.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: ocfs2: handle a symlink read error correctly Date: Thu, 5 Dec 2024 17:16:29 +0000 Patch series "Convert ocfs2 to use folios". Mark did a conversion of ocfs2 to use folios and sent it to me as a giant patch for review ;-) So I've redone it as individual patches, and credited Mark for the patches where his code is substantially the same. It's not a bad way to do it; his patch had some bugs and my patches had some bugs. Hopefully all our bugs were different from each other. And hopefully Mark likes all the changes I made to his code! This patch (of 23): If we can't read the buffer, be sure to unlock the page before returning. Link: https://lkml.kernel.org/r/20241205171653.3179945-1-willy@infradead.org Link: https://lkml.kernel.org/r/20241205171653.3179945-2-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Mark Tinguely <mark.tinguely(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/symlink.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/fs/ocfs2/symlink.c~ocfs2-handle-a-symlink-read-error-correctly +++ a/fs/ocfs2/symlink.c @@ -65,7 +65,7 @@ static int ocfs2_fast_symlink_read_folio if (status < 0) { mlog_errno(status); - return status; + goto out; } fe = (struct ocfs2_dinode *) bh->b_data; @@ -76,9 +76,10 @@ static int ocfs2_fast_symlink_read_folio memcpy(kaddr, link, len + 1); kunmap_atomic(kaddr); SetPageUptodate(page); +out: unlock_page(page); brelse(bh); - return 0; + return status; } const struct address_space_operations ocfs2_fast_symlink_aops = { _ Patches currently in -mm which might be from willy(a)infradead.org are vmalloc-fix-accounting-with-i915.patch mm-page_alloc-cache-page_zone-result-in-free_unref_page.patch mm-make-alloc_pages_mpol-static.patch mm-page_alloc-export-free_frozen_pages-instead-of-free_unref_page.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-post_alloc_hook.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-prep_new_page.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-get_page_from_freelist.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_cpuset_fallback.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_may_oom.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_direct_compact.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_direct_reclaim.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_slowpath.patch mm-page_alloc-move-set_page_refcounted-to-end-of-__alloc_pages.patch mm-page_alloc-add-__alloc_frozen_pages.patch mm-mempolicy-add-alloc_frozen_pages.patch slab-allocate-frozen-pages.patch ocfs2-handle-a-symlink-read-error-correctly.patch ocfs2-convert-ocfs2_page_mkwrite-to-use-a-folio.patch ocfs2-pass-mmap_folio-around-instead-of-mmap_page.patch ocfs2-convert-ocfs2_read_inline_data-to-take-a-folio.patch ocfs2-use-a-folio-in-ocfs2_fast_symlink_read_folio.patch ocfs2-remove-ocfs2_start_walk_page_trans-prototype.patch

6 months, 1 week

1
0
0 0

+ mm-readahead-fix-large-folio-support-in-async-readahead.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/readahead: fix large folio support in async readahead has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-readahead-fix-large-folio-support-in-async-readahead.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yafang Shao <laoar.shao(a)gmail.com> Subject: mm/readahead: fix large folio support in async readahead Date: Fri, 6 Dec 2024 16:30:25 +0800 When testing large folio support with XFS on our servers, we observed that only a few large folios are mapped when reading large files via mmap. After a thorough analysis, I identified it was caused by the `/sys/block/*/queue/read_ahead_kb` setting. On our test servers, this parameter is set to 128KB. After I tune it to 2MB, the large folio can work as expected. However, I believe the large folio behavior should not be dependent on the value of read_ahead_kb. It would be more robust if the kernel can automatically adopt to it. With /sys/block/*/queue/read_ahead_kb set to 128KB and performing a sequential read on a 1GB file using MADV_HUGEPAGE, the differences in /proc/meminfo are as follows: - before this patch FileHugePages: 18432 kB FilePmdMapped: 4096 kB - after this patch FileHugePages: 1067008 kB FilePmdMapped: 1048576 kB This shows that after applying the patch, the entire 1GB file is mapped to huge pages. The stable list is CCed, as without this patch, large folios don't function optimally in the readahead path. It's worth noting that if read_ahead_kb is set to a larger value that isn't aligned with huge page sizes (e.g., 4MB + 128KB), it may still fail to map to hugepages. Link: https://lkml.kernel.org/r/20241108141710.9721-1-laoar.shao@gmail.com Link: https://lkml.kernel.org/r/20241206083025.3478-1-laoar.shao@gmail.com Fixes: 4687fdbb805a ("mm/filemap: Support VM_HUGEPAGE for file mappings") Signed-off-by: Yafang Shao <laoar.shao(a)gmail.com> Tested-by: kernel test robot <oliver.sang(a)intel.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/readahead.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/mm/readahead.c~mm-readahead-fix-large-folio-support-in-async-readahead +++ a/mm/readahead.c @@ -646,7 +646,11 @@ void page_cache_async_ra(struct readahea 1UL << order); if (index == expected) { ra->start += ra->size; - ra->size = get_next_ra_size(ra, max_pages); + /* + * In the case of MADV_HUGEPAGE, the actual size might exceed + * the readahead window. + */ + ra->size = max(ra->size, get_next_ra_size(ra, max_pages)); ra->async_size = ra->size; goto readit; } _ Patches currently in -mm which might be from laoar.shao(a)gmail.com are mm-readahead-fix-large-folio-support-in-async-readahead.patch

6 months, 1 week

1
0
0 0

[to-be-updated] mm-readahead-fix-large-folio-support-in-async-readahead.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/readahead: fix large folio support in async readahead has been removed from the -mm tree. Its filename was mm-readahead-fix-large-folio-support-in-async-readahead.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Yafang Shao <laoar.shao(a)gmail.com> Subject: mm/readahead: fix large folio support in async readahead Date: Fri, 8 Nov 2024 22:17:10 +0800 When testing large folio support with XFS on our servers, we observed that only a few large folios are mapped when reading large files via mmap. After a thorough analysis, I identified it was caused by the `/sys/block/*/queue/read_ahead_kb` setting. On our test servers, this parameter is set to 128KB. After I tune it to 2MB, the large folio can work as expected. However, I believe the large folio behavior should not be dependent on the value of read_ahead_kb. It would be more robust if the kernel can automatically adopt to it. With /sys/block/*/queue/read_ahead_kb set to 128KB and performing a sequential read on a 1GB file using MADV_HUGEPAGE, the differences in /proc/meminfo are as follows: - before this patch FileHugePages: 18432 kB FilePmdMapped: 4096 kB - after this patch FileHugePages: 1067008 kB FilePmdMapped: 1048576 kB This shows that after applying the patch, the entire 1GB file is mapped to huge pages. The stable list is CCed, as without this patch, large folios don't function optimally in the readahead path. It's worth noting that if read_ahead_kb is set to a larger value that isn't aligned with huge page sizes (e.g., 4MB + 128KB), it may still fail to map to hugepages. Link: https://lkml.kernel.org/r/20241108141710.9721-1-laoar.shao@gmail.com Fixes: 4687fdbb805a ("mm/filemap: Support VM_HUGEPAGE for file mappings") Suggested-by: Matthew Wilcox <willy(a)infradead.org> Signed-off-by: Yafang Shao <laoar.shao(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/readahead.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/readahead.c~mm-readahead-fix-large-folio-support-in-async-readahead +++ a/mm/readahead.c @@ -390,6 +390,8 @@ static unsigned long get_next_ra_size(st return 4 * cur; if (cur <= max / 2) return 2 * cur; + if (cur > max) + return cur; return max; } _ Patches currently in -mm which might be from laoar.shao(a)gmail.com are mm-readahead-fix-large-folio-support-in-async-readahead-v3.patch

6 months, 1 week

1
0
0 0

[nacked] zram-panic-when-use-ext4-over-zram.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: zram: fix panic when using ext4 over zram has been removed from the -mm tree. Its filename was zram-panic-when-use-ext4-over-zram.patch This patch was dropped because it was nacked ------------------------------------------------------ From: caiqingfu <caiqingfu(a)ruijie.com.cn> Subject: zram: fix panic when using ext4 over zram Date: Fri, 29 Nov 2024 19:57:35 +0800 [ 52.073080 ] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 52.073511 ] Modules linked in: [ 52.074094 ] CPU: 0 UID: 0 PID: 3825 Comm: a.out Not tainted 6.12.0-07749-g28eb75e178d3-dirty #3 [ 52.074672 ] Hardware name: linux,dummy-virt (DT) [ 52.075128 ] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 52.075619 ] pc : obj_malloc+0x5c/0x160 [ 52.076402 ] lr : zs_malloc+0x200/0x570 [ 52.076630 ] sp : ffff80008dd335f0 [ 52.076797 ] x29: ffff80008dd335f0 x28: ffff000004104a00 x27: ffff000004dfc400 [ 52.077319 ] x26: 000000000000ca18 x25: ffff00003fcaf0e0 x24: ffff000006925cf0 [ 52.077785 ] x23: 0000000000000c0a x22: ffff0000032ee780 x21: ffff000006925cf0 [ 52.078257 ] x20: 0000000000088000 x19: 0000000000000000 x18: 0000000000fffc18 [ 52.078701 ] x17: 00000000fffffffd x16: 0000000000000803 x15: 00000000fffffffe [ 52.079203 ] x14: 000000001824429d x13: ffff000006e84000 x12: ffff000006e83fec [ 52.079711 ] x11: ffff000006e83000 x10: 00000000000002a5 x9 : ffff000006e83ff3 [ 52.080269 ] x8 : 0000000000000001 x7 : 0000000017e80000 x6 : 0000000000017e80 [ 52.080724 ] x5 : 0000000000000003 x4 : ffff00000402a5e8 x3 : 0000000000000066 [ 52.081081 ] x2 : ffff000006925cf0 x1 : ffff00000402a5e8 x0 : ffff000004104a00 [ 52.081595 ] Call trace: [ 52.081925 ] obj_malloc+0x5c/0x160 (P) [ 52.082220 ] zs_malloc+0x200/0x570 (L) [ 52.082504 ] zs_malloc+0x200/0x570 [ 52.082716 ] zram_submit_bio+0x788/0x9e8 [ 52.083017 ] __submit_bio+0x1c4/0x338 [ 52.083343 ] submit_bio_noacct_nocheck+0x128/0x2c0 [ 52.083518 ] submit_bio_noacct+0x1c8/0x308 [ 52.083722 ] submit_bio+0xa8/0x14c [ 52.083942 ] submit_bh_wbc+0x140/0x1bc [ 52.084088 ] __block_write_full_folio+0x23c/0x5f0 [ 52.084232 ] block_write_full_folio+0x134/0x21c [ 52.084524 ] write_cache_pages+0x64/0xd4 [ 52.084778 ] blkdev_writepages+0x50/0x8c [ 52.085040 ] do_writepages+0x80/0x2b0 [ 52.085292 ] filemap_fdatawrite_wbc+0x6c/0x90 [ 52.085597 ] __filemap_fdatawrite_range+0x64/0x94 [ 52.085900 ] filemap_fdatawrite+0x1c/0x28 [ 52.086158 ] sync_bdevs+0x170/0x17c [ 52.086374 ] ksys_sync+0x6c/0xb8 [ 52.086597 ] __arm64_sys_sync+0x10/0x20 [ 52.086847 ] invoke_syscall+0x44/0x100 [ 52.087230 ] el0_svc_common.constprop.0+0x40/0xe0 [ 52.087550 ] do_el0_svc+0x1c/0x28 [ 52.087690 ] el0_svc+0x30/0xd0 [ 52.087818 ] el0t_64_sync_handler+0xc8/0xcc [ 52.088046 ] el0t_64_sync+0x198/0x19c [ 52.088500 ] Code: 110004a5 6b0500df f9401273 54000160 (f9401664) [ 52.089097 ] ---[ end trace 0000000000000000 ]--- When using ext4 on zram, the following panic occasionally occurs under high memory usage The reason is that when the handle is obtained using the slow path, it will be re-compressed. If the data in the page changes, the compressed length may exceed the previous one. Overflow occurred when writing to zs_object, which then caused the panic. Comment the fast path and force the slow path. Adding a large number of read and write file systems can quickly reproduce it. The solution is to re-obtain the handle after re-compression if the length is different from the previous one. [senozhatsky(a)chromium.org: simplify zram_write_page() -ENOMEM return] Link: https://lkml.kernel.org/r/20241210093835.GN16709@google.com Link: https://lkml.kernel.org/r/20241129115735.136033-1-baicaiaichibaicai@gmail.c… Signed-off-by: caiqingfu <caiqingfu(a)ruijie.com.cn> Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: Minchan Kim <minchan(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: caiqingfu <caiqingfu(a)ruijie.com.cn> Cc: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/drivers/block/zram/zram_drv.c~zram-panic-when-use-ext4-over-zram +++ a/drivers/block/zram/zram_drv.c @@ -1633,6 +1633,7 @@ static int zram_write_page(struct zram * unsigned long alloced_pages; unsigned long handle = -ENOMEM; unsigned int comp_len = 0; + unsigned int last_comp_len = 0; void *src, *dst, *mem; struct zcomp_strm *zstrm; unsigned long element = 0; @@ -1664,6 +1665,11 @@ compress_again: if (comp_len >= huge_class_size) comp_len = PAGE_SIZE; + + if (last_comp_len && (last_comp_len != comp_len)) { + zs_free(zram->mem_pool, handle); + handle = -ENOMEM; + } /* * handle allocation has 2 paths: * a) fast path is executed with preemption disabled (for @@ -1692,8 +1698,10 @@ compress_again: if (IS_ERR_VALUE(handle)) return PTR_ERR((void *)handle); - if (comp_len != PAGE_SIZE) + if (comp_len != PAGE_SIZE) { + last_comp_len = comp_len; goto compress_again; + } /* * If the page is not compressible, you need to acquire the * lock and execute the code below. The zcomp_stream_get() _ Patches currently in -mm which might be from caiqingfu(a)ruijie.com.cn are

6 months, 1 week

1
0
0 0

+ mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm, compaction: don't use ALLOC_CMA in long term GUP flow has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: yangge <yangge1116(a)126.com> Subject: mm, compaction: don't use ALLOC_CMA in long term GUP flow Date: Sun, 15 Dec 2024 18:01:07 +0800 Since commit 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") allow compaction to proceed when free pages required for compaction reside in the CMA pageblocks, it's possible that __compaction_suitable() always returns true, and in some cases, it's not acceptable. There are 4 NUMA nodes on my machine, and each NUMA node has 32GB of memory. I have configured 16GB of CMA memory on each NUMA node, and starting a 32GB virtual machine with device passthrough is extremely slow, taking almost an hour. During the start-up of the virtual machine, it will call pin_user_pages_remote(..., FOLL_LONGTERM, ...) to allocate memory. Long term GUP cannot allocate memory from CMA area, so a maximum of 16 GB of no-CMA memory on a NUMA node can be used as virtual machine memory. Since there is 16G of free CMA memory on the NUMA node, watermark for order-0 always be met for compaction, so __compaction_suitable() always returns true, even if the node is unable to allocate non-CMA memory for the virtual machine. For costly allocations, because __compaction_suitable() always returns true, __alloc_pages_slowpath() can't exit at the appropriate place, resulting in excessively long virtual machine startup times. Call trace: __alloc_pages_slowpath if (compact_result == COMPACT_SKIPPED || compact_result == COMPACT_DEFERRED) goto nopage; // should exit __alloc_pages_slowpath() from here In order to quickly fall back to remote node, we should remove ALLOC_CMA both in __compaction_suitable() and __isolate_free_page() in long term GUP flow. After this fix, starting a 32GB virtual machine with device passthrough takes only a few seconds. Link: https://lkml.kernel.org/r/1734256867-19614-1-git-send-email-yangge1116@126.… Fixes: 984fdba6a32e ("mm, compaction: use proper alloc_flags in __compaction_suitable()") Signed-off-by: yangge <yangge1116(a)126.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compaction.h | 6 ++++-- mm/compaction.c | 18 +++++++++++------- mm/page_alloc.c | 4 +++- mm/vmscan.c | 4 ++-- 4 files changed, 20 insertions(+), 12 deletions(-) --- a/include/linux/compaction.h~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/include/linux/compaction.h @@ -90,7 +90,8 @@ extern enum compact_result try_to_compac struct page **page); extern void reset_isolation_suitable(pg_data_t *pgdat); extern bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx); + int highest_zoneidx, + unsigned int alloc_flags); extern void compaction_defer_reset(struct zone *zone, int order, bool alloc_success); @@ -108,7 +109,8 @@ static inline void reset_isolation_suita } static inline bool compaction_suitable(struct zone *zone, int order, - int highest_zoneidx) + int highest_zoneidx, + unsigned int alloc_flags) { return false; } --- a/mm/compaction.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/compaction.c @@ -2379,9 +2379,11 @@ static enum compact_result compact_finis static bool __compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags, unsigned long wmark_target) { unsigned long watermark; + bool use_cma; /* * Watermarks for order-0 must be met for compaction to be able to * isolate free pages for migration targets. This means that the @@ -2393,25 +2395,27 @@ static bool __compaction_suitable(struct * even if compaction succeeds. * For costly orders, we require low watermark instead of min for * compaction to proceed to increase its chances. - * ALLOC_CMA is used, as pages in CMA pageblocks are considered - * suitable migration targets + * In addition to long term GUP flow, ALLOC_CMA is used, as pages in + * CMA pageblocks are considered suitable migration targets */ watermark = (order > PAGE_ALLOC_COSTLY_ORDER) ? low_wmark_pages(zone) : min_wmark_pages(zone); watermark += compact_gap(order); + use_cma = !!(alloc_flags & ALLOC_CMA); return __zone_watermark_ok(zone, 0, watermark, highest_zoneidx, - ALLOC_CMA, wmark_target); + use_cma ? ALLOC_CMA : 0, wmark_target); } /* * compaction_suitable: Is this suitable to run compaction on this zone now? */ -bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx) +bool compaction_suitable(struct zone *zone, int order, int highest_zoneidx, + unsigned int alloc_flags) { enum compact_result compact_result; bool suitable; - suitable = __compaction_suitable(zone, order, highest_zoneidx, + suitable = __compaction_suitable(zone, order, highest_zoneidx, alloc_flags, zone_page_state(zone, NR_FREE_PAGES)); /* * fragmentation index determines if allocation failures are due to @@ -2472,7 +2476,7 @@ bool compaction_zonelist_suitable(struct available = zone_reclaimable_pages(zone) / order; available += zone_page_state_snapshot(zone, NR_FREE_PAGES); if (__compaction_suitable(zone, order, ac->highest_zoneidx, - available)) + alloc_flags, available)) return true; } @@ -2497,7 +2501,7 @@ compaction_suit_allocation_order(struct alloc_flags)) return COMPACT_SUCCESS; - if (!compaction_suitable(zone, order, highest_zoneidx)) + if (!compaction_suitable(zone, order, highest_zoneidx, alloc_flags)) return COMPACT_SKIPPED; return COMPACT_CONTINUE; --- a/mm/page_alloc.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/page_alloc.c @@ -2812,6 +2812,7 @@ int __isolate_free_page(struct page *pag { struct zone *zone = page_zone(page); int mt = get_pageblock_migratetype(page); + bool pin; if (!is_migrate_isolate(mt)) { unsigned long watermark; @@ -2822,7 +2823,8 @@ int __isolate_free_page(struct page *pag * exists. */ watermark = zone->_watermark[WMARK_MIN] + (1UL << order); - if (!zone_watermark_ok(zone, 0, watermark, 0, ALLOC_CMA)) + pin = !!(current->flags & PF_MEMALLOC_PIN); + if (!zone_watermark_ok(zone, 0, watermark, 0, pin ? 0 : ALLOC_CMA)) return 0; } --- a/mm/vmscan.c~mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow +++ a/mm/vmscan.c @@ -5861,7 +5861,7 @@ static inline bool should_continue_recla sc->reclaim_idx, 0)) return false; - if (compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; } @@ -6089,7 +6089,7 @@ static inline bool compaction_ready(stru return true; /* Compaction cannot yet proceed. Do reclaim. */ - if (!compaction_suitable(zone, sc->order, sc->reclaim_idx)) + if (!compaction_suitable(zone, sc->order, sc->reclaim_idx, ALLOC_CMA)) return false; /* _ Patches currently in -mm which might be from yangge1116(a)126.com are mm-compaction-dont-use-alloc_cma-in-long-term-gup-flow.patch

6 months, 1 week

1
0
0 0

[PATCH v2] selinux: ignore unknown extended permissions

by Thiébaud Weksteen

When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels. Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") Cc: stable(a)vger.kernel.org Signed-off-by: Thiébaud Weksteen <tweek(a)google.com> --- v2: Add pr_warn_once, remove other BUG() call for key.specified security/selinux/ss/services.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 971c45d576ba..3d5c563cfc4c 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -979,7 +979,10 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd, return; break; default: - BUG(); + pr_warn_once( + "SELinux: unknown extended permission (%u) will be ignored\n", + node->datum.u.xperms->specified); + return; } if (node->key.specified == AVTAB_XPERMS_ALLOWED) { @@ -998,7 +1001,8 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd, &node->datum.u.xperms->perms, xpermd->dontaudit); } else { - BUG(); + pr_warn_once("SELinux: unknown specified key (%u)\n", + node->key.specified); } } -- 2.47.0.338.g60cca15819-goog

6 months, 1 week

2
1
0 0

[PATCH v2 0/7] of: fix bugs and improve codes

by Zijun Hu

This patch series is to fix bugs and improve codes for drivers/of/*. Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v2: - Drop applied/conflict/TBD patches. - Correct based on Rob's comments. - Link to v1: https://lore.kernel.org/r/20241206-of_core_fix-v1-0-dc28ed56bec3@quicinc.com --- Zijun Hu (7): of: Fix API of_find_node_opts_by_path() finding OF device node failure of: unittest: Add a test case for API of_find_node_opts_by_path() of: Correct child specifier used as input of the 2nd nexus node of: Exchange implementation between of_property_present() and of_property_read_bool() of: Fix available buffer size calculating error in API of_device_uevent_modalias() of: Fix potential wrong MODALIAS uevent value of: Do not expose of_alias_scan() and correct its comments drivers/of/base.c | 13 +++--- drivers/of/device.c | 33 +++++++--------- drivers/of/module.c | 103 +++++++++++++++++++++++++++++------------------- drivers/of/of_private.h | 2 + drivers/of/pdt.c | 2 + drivers/of/unittest.c | 9 +++++ include/linux/of.h | 29 +++++++------- 7 files changed, 109 insertions(+), 82 deletions(-) --- base-commit: 0f7ca6f69354e0c3923bbc28c92d0ecab4d50a3e change-id: 20241206-of_core_fix-dc3021a06418 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

6 months, 1 week

1
2
0 0

[PATCH 6.1.y 1/2] exfat: support dynamic allocate bh for exfat_entry_set_cache

by Harshit Mogalapalli

From: Yuezhang Mo <Yuezhang.Mo(a)sony.com> [ Upstream commit a3ff29a95fde16906304455aa8c0bd84eb770258 ] In special cases, a file or a directory may occupied more than 19 directory entries, pre-allocating 3 bh is not enough. Such as - Support vendor secondary directory entry in the future. - Since file directory entry is damaged, the SecondaryCount field is bigger than 18. So this commit supports dynamic allocation of bh. Signed-off-by: Yuezhang Mo <Yuezhang.Mo(a)sony.com> Reviewed-by: Andy Wu <Andy.Wu(a)sony.com> Reviewed-by: Aoyama Wataru <wataru.aoyama(a)sony.com> Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> (cherry picked from commit a3ff29a95fde16906304455aa8c0bd84eb770258) [Harshit: Backport - clean cherry-pick to 6.1.y] Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- This is already in 5.10.y and 5.15.y, let us apply this to 6.1.y, this also has a fix commit: 89fc548767a2 ("exfat: fix potential deadlock on __exfat_get_dentry_set"). Both apply cleanly on 6.1.y and builds fine. No exfat specific testing is done. --- fs/exfat/dir.c | 15 +++++++++++++++ fs/exfat/exfat_fs.h | 5 ++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/fs/exfat/dir.c b/fs/exfat/dir.c index 51b03b0dd5f7..6fd9a06cc7d0 100644 --- a/fs/exfat/dir.c +++ b/fs/exfat/dir.c @@ -613,6 +613,10 @@ int exfat_free_dentry_set(struct exfat_entry_set_cache *es, int sync) bforget(es->bh[i]); else brelse(es->bh[i]); + + if (IS_DYNAMIC_ES(es)) + kfree(es->bh); + kfree(es); return err; } @@ -845,6 +849,7 @@ struct exfat_entry_set_cache *exfat_get_dentry_set(struct super_block *sb, /* byte offset in sector */ off = EXFAT_BLK_OFFSET(byte_offset, sb); es->start_off = off; + es->bh = es->__bh; /* sector offset in cluster */ sec = EXFAT_B_TO_BLK(byte_offset, sb); @@ -864,6 +869,16 @@ struct exfat_entry_set_cache *exfat_get_dentry_set(struct super_block *sb, es->num_entries = num_entries; num_bh = EXFAT_B_TO_BLK_ROUND_UP(off + num_entries * DENTRY_SIZE, sb); + if (num_bh > ARRAY_SIZE(es->__bh)) { + es->bh = kmalloc_array(num_bh, sizeof(*es->bh), GFP_KERNEL); + if (!es->bh) { + brelse(bh); + kfree(es); + return NULL; + } + es->bh[0] = bh; + } + for (i = 1; i < num_bh; i++) { /* get the next sector */ if (exfat_is_last_sector_in_cluster(sbi, sec)) { diff --git a/fs/exfat/exfat_fs.h b/fs/exfat/exfat_fs.h index e0af6ace633c..c79c78bf265b 100644 --- a/fs/exfat/exfat_fs.h +++ b/fs/exfat/exfat_fs.h @@ -169,10 +169,13 @@ struct exfat_entry_set_cache { bool modified; unsigned int start_off; int num_bh; - struct buffer_head *bh[DIR_CACHE_SIZE]; + struct buffer_head *__bh[DIR_CACHE_SIZE]; + struct buffer_head **bh; unsigned int num_entries; }; +#define IS_DYNAMIC_ES(es) ((es)->__bh != (es)->bh) + struct exfat_dir_entry { struct exfat_chain dir; int entry; -- 2.46.0

6 months, 1 week

2
3
0 0

FAILED: patch "[PATCH] rust: kbuild: set `bindgen`'s Rust target version" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 7a5f93ea5862da91488975acaa0c7abd508f192b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121500-switch-jab-65fc@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a5f93ea5862da91488975acaa0c7abd508f192b Mon Sep 17 00:00:00 2001 From: Miguel Ojeda <ojeda(a)kernel.org> Date: Sat, 23 Nov 2024 19:03:23 +0100 Subject: [PATCH] rust: kbuild: set `bindgen`'s Rust target version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Each `bindgen` release may upgrade the list of Rust targets. For instance, currently, in their master branch [1], the latest ones are: Nightly => { vectorcall_abi: #124485, ptr_metadata: #81513, layout_for_ptr: #69835, }, Stable_1_77(77) => { offset_of: #106655 }, Stable_1_73(73) => { thiscall_abi: #42202 }, Stable_1_71(71) => { c_unwind_abi: #106075 }, Stable_1_68(68) => { abi_efiapi: #105795 }, By default, the highest stable release in their list is used, and users are expected to set one if they need to support older Rust versions (e.g. see [2]). Thus, over time, new Rust features are used by default, and at some point, it is likely that `bindgen` will emit Rust code that requires a Rust version higher than our minimum (or perhaps enabling an unstable feature). Currently, there is no problem because the maximum they have, as seen above, is Rust 1.77.0, and our current minimum is Rust 1.78.0. Therefore, set a Rust target explicitly now to prevent going forward in time too much and thus getting potential build failures at some point. Since we also support a minimum `bindgen` version, and since `bindgen` does not support passing unknown Rust target versions, we need to use the list of our minimum `bindgen` version, rather than the latest. So, since `bindgen` 0.65.1 had this list [3], we need to use Rust 1.68.0: /// Rust stable 1.64 /// * `core_ffi_c` ([Tracking issue](https://github.com/rust-lang/rust/issues/94501)) => Stable_1_64 => 1.64; /// Rust stable 1.68 /// * `abi_efiapi` calling convention ([Tracking issue](https://github.com/rust-lang/rust/issues/65815)) => Stable_1_68 => 1.68; /// Nightly rust /// * `thiscall` calling convention ([Tracking issue](https://github.com/rust-lang/rust/issues/42202)) /// * `vectorcall` calling convention (no tracking issue) /// * `c_unwind` calling convention ([Tracking issue](https://github.com/rust-lang/rust/issues/74990)) => Nightly => nightly; ... /// Latest stable release of Rust pub const LATEST_STABLE_RUST: RustTarget = RustTarget::Stable_1_68; Thus add the `--rust-target 1.68` parameter. Add a comment as well explaining this. An alternative would be to use the currently running (i.e. actual) `rustc` and `bindgen` versions to pick a "better" Rust target version. However, that would introduce more moving parts depending on the user setup and is also more complex to implement. Starting with `bindgen` 0.71.0 [4], we will be able to set any future Rust version instead, i.e. we will be able to set here our minimum supported Rust version. Christian implemented it [5] after seeing this patch. Thanks! Cc: Christian Poveda <git(a)pvdrz.com> Cc: Emilio Cobos Álvarez <emilio(a)crisal.io> Cc: stable(a)vger.kernel.org # needed for 6.12.y; unneeded for 6.6.y; do not apply to 6.1.y Fixes: c844fa64a2d4 ("rust: start supporting several `bindgen` versions") Link: https://github.com/rust-lang/rust-bindgen/blob/21c60f473f4e824d4aa9b2b50805… [1] Link: https://github.com/rust-lang/rust-bindgen/issues/2960 [2] Link: https://github.com/rust-lang/rust-bindgen/blob/7d243056d335fdc4537f7bca73c0… [3] Link: https://github.com/rust-lang/rust-bindgen/blob/main/CHANGELOG.md#0710-2024-… [4] Link: https://github.com/rust-lang/rust-bindgen/pull/2993 [5] Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Link: https://lore.kernel.org/r/20241123180323.255997-1-ojeda@kernel.org Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/Makefile b/rust/Makefile index 9da9042fd627..a40a3936126d 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -280,9 +280,22 @@ endif # architecture instead of generating `usize`. bindgen_c_flags_final = $(bindgen_c_flags_lto) -fno-builtin -D__BINDGEN__ +# Each `bindgen` release may upgrade the list of Rust target versions. By +# default, the highest stable release in their list is used. Thus we need to set +# a `--rust-target` to avoid future `bindgen` releases emitting code that +# `rustc` may not understand. On top of that, `bindgen` does not support passing +# an unknown Rust target version. +# +# Therefore, the Rust target for `bindgen` can be only as high as the minimum +# Rust version the kernel supports and only as high as the greatest stable Rust +# target supported by the minimum `bindgen` version the kernel supports (that +# is, if we do not test the actual `rustc`/`bindgen` versions running). +# +# Starting with `bindgen` 0.71.0, we will be able to set any future Rust version +# instead, i.e. we will be able to set here our minimum supported Rust version. quiet_cmd_bindgen = BINDGEN $@ cmd_bindgen = \ - $(BINDGEN) $< $(bindgen_target_flags) \ + $(BINDGEN) $< $(bindgen_target_flags) --rust-target 1.68 \ --use-core --with-derive-default --ctypes-prefix ffi --no-layout-tests \ --no-debug '.*' --enable-function-attribute-detection \ -o $@ -- $(bindgen_c_flags_final) -DMODULE \

6 months, 1 week

3
2
0 0

[PATCH] fbdev/udlfb: Remove world-writability from EDID attribute

by Thomas Weißschuh

It should not be possible for every user to override the EDID. Limit it to the system administrator. Fixes: 8ef8cc4fca4a ("staging: udlfb: support for writing backup EDID to sysfs file") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- The EDID passed through sysfs is only used as a fallback if the hardware does not provide one. To me it still feels incorrect to have this world-writable. --- drivers/video/fbdev/udlfb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/video/fbdev/udlfb.c b/drivers/video/fbdev/udlfb.c index 71ac9e36f67c68aa7a54dce32323047a2a9a48bf..391bdb71197549caa839d862f0ce7456dc7bf9ec 100644 --- a/drivers/video/fbdev/udlfb.c +++ b/drivers/video/fbdev/udlfb.c @@ -1480,7 +1480,7 @@ static ssize_t metrics_reset_store(struct device *fbdev, static const struct bin_attribute edid_attr = { .attr.name = "edid", - .attr.mode = 0666, + .attr.mode = 0644, .size = EDID_LENGTH, .read = edid_show, .write = edid_store --- base-commit: 2d8308bf5b67dff50262d8a9260a50113b3628c6 change-id: 20241215-udlfb-perms-bb6ed270facf Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

6 months, 1 week

2
1
0 0

[PATCH v4] iio: light: as73211: fix channel handling in only-color triggered buffer

by Javier Carrasco

The channel index is off by one unit if AS73211_SCAN_MASK_ALL is not set (optimized path for color channel readings), and it must be shifted instead of leaving an empty channel for the temperature when it is off. Once the channel index is fixed, the uninitialized channel must be set to zero to avoid pushing uninitialized data. Add available_scan_masks for all channels and only-color channels to let the IIO core demux and repack the enabled channels. Cc: stable(a)vger.kernel.org Fixes: 403e5586b52e ("iio: light: as73211: New driver") Tested-by: Christian Eggers <ceggers(a)arri.de> Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- This issue was found after attempting to make the same mistake for a driver I maintain, which was fortunately spotted by Jonathan [1]. Keeping old sensor values if the channel configuration changes is known and not considered an issue, which is also mentioned in [1], so it has not been addressed by this series. That keeps most of the drivers out of the way because they store the scan element in iio private data, which is kzalloc() allocated. This series only addresses cases where uninitialized i.e. unknown data is pushed to the userspace, either due to holes in structs or uninitialized struct members/array elements. While analyzing involved functions, I found and fixed some triviality (wrong function name) in the documentation of iio_dev_opaque. Link: https://lore.kernel.org/linux-iio/20241123151634.303aa860@jic23-huawei/ [1] --- Changes in v4: - Fix as73211_scan_masks[] (first MASK_COLOR, then MASK_ALL, no comma after 0 i.e. the last element). - Link to v3: https://lore.kernel.org/r/20241212-iio_memset_scan_holes-v3-1-7f496b6f7222@… Changes in v3: - as73211.c: add available_scan_masks for all channels and only-color channels to let the IIO core demux and repack the enabled channels. - Link to v2: https://lore.kernel.org/r/20241204-iio_memset_scan_holes-v2-0-3f941592a76d@… Changes in v2: - as73211.c: shift channels if no temperature is available and initialize chan[3] to zero. - Link to v1: https://lore.kernel.org/r/20241125-iio_memset_scan_holes-v1-0-0cb6e98d895c@… --- drivers/iio/light/as73211.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c index be0068081ebb..11fbdcdd26d6 100644 --- a/drivers/iio/light/as73211.c +++ b/drivers/iio/light/as73211.c @@ -177,6 +177,12 @@ struct as73211_data { BIT(AS73211_SCAN_INDEX_TEMP) | \ AS73211_SCAN_MASK_COLOR) +static const unsigned long as73211_scan_masks[] = { + AS73211_SCAN_MASK_COLOR, + AS73211_SCAN_MASK_ALL, + 0 +}; + static const struct iio_chan_spec as73211_channels[] = { { .type = IIO_TEMP, @@ -672,9 +678,12 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p) /* AS73211 starts reading at address 2 */ ret = i2c_master_recv(data->client, - (char *)&scan.chan[1], 3 * sizeof(scan.chan[1])); + (char *)&scan.chan[0], 3 * sizeof(scan.chan[0])); if (ret < 0) goto done; + + /* Avoid pushing uninitialized data */ + scan.chan[3] = 0; } if (data_result) { @@ -682,9 +691,15 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p) * Saturate all channels (in case of overflows). Temperature channel * is not affected by overflows. */ - scan.chan[1] = cpu_to_le16(U16_MAX); - scan.chan[2] = cpu_to_le16(U16_MAX); - scan.chan[3] = cpu_to_le16(U16_MAX); + if (*indio_dev->active_scan_mask == AS73211_SCAN_MASK_ALL) { + scan.chan[1] = cpu_to_le16(U16_MAX); + scan.chan[2] = cpu_to_le16(U16_MAX); + scan.chan[3] = cpu_to_le16(U16_MAX); + } else { + scan.chan[0] = cpu_to_le16(U16_MAX); + scan.chan[1] = cpu_to_le16(U16_MAX); + scan.chan[2] = cpu_to_le16(U16_MAX); + } } iio_push_to_buffers_with_timestamp(indio_dev, &scan, iio_get_time_ns(indio_dev)); @@ -758,6 +773,7 @@ static int as73211_probe(struct i2c_client *client) indio_dev->channels = data->spec_dev->channels; indio_dev->num_channels = data->spec_dev->num_channels; indio_dev->modes = INDIO_DIRECT_MODE; + indio_dev->available_scan_masks = as73211_scan_masks; ret = i2c_smbus_read_byte_data(data->client, AS73211_REG_OSR); if (ret < 0) --- base-commit: 91e71d606356e50f238d7a87aacdee4abc427f07 change-id: 20241123-iio_memset_scan_holes-a673833ef932 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

6 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040834-magazine-audience-8aa4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") ff7d80a9f271 ("cifs: fix session state transition to avoid use-after-free issue") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 943fb67b0902 ("cifs: missing lock when updating session status") bc962159e8e3 ("cifs: avoid race conditions with parallel reconnects") 1bcd548d935a ("cifs: prevent data race in cifs_reconnect_tcon()") e77978de4765 ("cifs: update ip_addr for ses only for primary chan setup") 3c0070f54b31 ("cifs: prevent data race in smb2_reconnect()") 05844bd661d9 ("cifs: print last update time for interface list") 25cf01b7c920 ("cifs: set correct status of tcon ipc when reconnecting") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

6 months, 1 week

6
12
0 0

FAILED: patch "[PATCH] bpf, sockmap: Fix race between element replace and close()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ed1fc5d76b81a4d681211333c026202cad4d5649 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121501-smuggler-daycare-dad0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed1fc5d76b81a4d681211333c026202cad4d5649 Mon Sep 17 00:00:00 2001 From: Michal Luczaj <mhal(a)rbox.co> Date: Mon, 2 Dec 2024 12:29:25 +0100 Subject: [PATCH] bpf, sockmap: Fix race between element replace and close() Element replace (with a socket different from the one stored) may race with socket's close() link popping & unlinking. __sock_map_delete() unconditionally unrefs the (wrong) element: // set map[0] = s0 map_update_elem(map, 0, s0) // drop fd of s0 close(s0) sock_map_close() lock_sock(sk) (s0!) sock_map_remove_links(sk) link = sk_psock_link_pop() sock_map_unlink(sk, link) sock_map_delete_from_link // replace map[0] with s1 map_update_elem(map, 0, s1) sock_map_update_elem (s1!) lock_sock(sk) sock_map_update_common psock = sk_psock(sk) spin_lock(&stab->lock) osk = stab->sks[idx] sock_map_add_link(..., &stab->sks[idx]) sock_map_unref(osk, &stab->sks[idx]) psock = sk_psock(osk) sk_psock_put(sk, psock) if (refcount_dec_and_test(&psock)) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) unlock_sock(sk) __sock_map_delete spin_lock(&stab->lock) sk = *psk // s1 replaced s0; sk == s1 if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch sk = xchg(psk, NULL) if (sk) sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle psock = sk_psock(sk) sk_psock_put(sk, psock) if (refcount_dec_and_test()) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) release_sock(sk) Then close(map) enqueues bpf_map_free_deferred, which finally calls sock_map_free(). This results in some refcount_t warnings along with a KASAN splat [1]. Fix __sock_map_delete(), do not allow sock_map_unref() on elements that may have been replaced. [1]: BUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330 Write of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred Call Trace: <TASK> dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 kasan_report+0xb9/0x190 kasan_check_range+0x10f/0x1e0 sock_map_free+0x10e/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1202: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 unix_create1+0x88/0x8a0 unix_create+0xc5/0x180 __sock_create+0x241/0x650 __sys_socketpair+0x1ce/0x420 __x64_sys_socketpair+0x92/0x100 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 46: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 sk_psock_destroy+0x73e/0xa50 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 The buggy address belongs to the object at ffff88811f5b9080 which belongs to the cache UNIX-STREAM of size 1984 The buggy address is located 128 bytes inside of freed 1984-byte region [ffff88811f5b9080, ffff88811f5b9840) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f5b8 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 memcg:ffff888127d49401 flags: 0x17ffffc0000040(head|node=0|zone=2|lastcpupid=0x1fffff) page_type: f5(slab) raw: 0017ffffc0000040 ffff8881042e4500 dead000000000122 0000000000000000 raw: 0000000000000000 00000000800f000f 00000001f5000000 ffff888127d49401 head: 0017ffffc0000040 ffff8881042e4500 dead000000000122 0000000000000000 head: 0000000000000000 00000000800f000f 00000001f5000000 ffff888127d49401 head: 0017ffffc0000003 ffffea00047d6e01 ffffffffffffffff 0000000000000000 head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88811f5b9000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88811f5b9080: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88811f5b9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88811f5b9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Disabling lock debugging due to kernel taint refcount_t: addition on 0; use-after-free. WARNING: CPU: 14 PID: 1063 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Tainted: G B 6.12.0+ #125 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred RIP: 0010:refcount_warn_saturate+0xce/0x150 Code: 34 73 eb 03 01 e8 82 53 ad fe 0f 0b eb b1 80 3d 27 73 eb 03 00 75 a8 48 c7 c7 80 bd 95 84 c6 05 17 73 eb 03 01 e8 62 53 ad fe <0f> 0b eb 91 80 3d 06 73 eb 03 00 75 88 48 c7 c7 e0 bd 95 84 c6 05 RSP: 0018:ffff88815c49fc70 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88811f5b9100 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 RBP: 0000000000000002 R08: 0000000000000001 R09: ffffed10bcde6349 R10: ffff8885e6f31a4b R11: 0000000000000000 R12: ffff88813be0b000 R13: ffff88811f5b9100 R14: ffff88811f5b9080 R15: ffff88813be0b024 FS: 0000000000000000(0000) GS:ffff8885e6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055dda99b0250 CR3: 000000015dbac000 CR4: 0000000000752ef0 PKRU: 55555554 Call Trace: <TASK> ? __warn.cold+0x5f/0x1ff ? refcount_warn_saturate+0xce/0x150 ? report_bug+0x1ec/0x390 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0xce/0x150 sock_map_free+0x2e5/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> irq event stamp: 10741 hardirqs last enabled at (10741): [<ffffffff84400ec6>] asm_sysvec_apic_timer_interrupt+0x16/0x20 hardirqs last disabled at (10740): [<ffffffff811e532d>] handle_softirqs+0x60d/0x770 softirqs last enabled at (10506): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 softirqs last disabled at (10301): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 refcount_t: underflow; use-after-free. WARNING: CPU: 14 PID: 1063 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Tainted: G B W 6.12.0+ #125 Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred RIP: 0010:refcount_warn_saturate+0xee/0x150 Code: 17 73 eb 03 01 e8 62 53 ad fe 0f 0b eb 91 80 3d 06 73 eb 03 00 75 88 48 c7 c7 e0 bd 95 84 c6 05 f6 72 eb 03 01 e8 42 53 ad fe <0f> 0b e9 6e ff ff ff 80 3d e6 72 eb 03 00 0f 85 61 ff ff ff 48 c7 RSP: 0018:ffff88815c49fc70 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88811f5b9100 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed10bcde6349 R10: ffff8885e6f31a4b R11: 0000000000000000 R12: ffff88813be0b000 R13: ffff88811f5b9100 R14: ffff88811f5b9080 R15: ffff88813be0b024 FS: 0000000000000000(0000) GS:ffff8885e6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055dda99b0250 CR3: 000000015dbac000 CR4: 0000000000752ef0 PKRU: 55555554 Call Trace: <TASK> ? __warn.cold+0x5f/0x1ff ? refcount_warn_saturate+0xee/0x150 ? report_bug+0x1ec/0x390 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0xee/0x150 sock_map_free+0x2d3/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> irq event stamp: 10741 hardirqs last enabled at (10741): [<ffffffff84400ec6>] asm_sysvec_apic_timer_interrupt+0x16/0x20 hardirqs last disabled at (10740): [<ffffffff811e532d>] handle_softirqs+0x60d/0x770 softirqs last enabled at (10506): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 softirqs last disabled at (10301): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Michal Luczaj <mhal(a)rbox.co> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Reviewed-by: John Fastabend <john.fastabend(a)gmail.com> Link: https://lore.kernel.org/bpf/20241202-sockmap-replace-v1-3-1e88579e7bd5@rbox… diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 20b348b1964a..f1b9b3958792 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -412,12 +412,11 @@ static void *sock_map_lookup_sys(struct bpf_map *map, void *key) static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test, struct sock **psk) { - struct sock *sk; + struct sock *sk = NULL; int err = 0; spin_lock_bh(&stab->lock); - sk = *psk; - if (!sk_test || sk_test == sk) + if (!sk_test || sk_test == *psk) sk = xchg(psk, NULL); if (likely(sk))

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] bpf, sockmap: Fix race between element replace and close()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ed1fc5d76b81a4d681211333c026202cad4d5649 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121558-greeter-gigabyte-0c2a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed1fc5d76b81a4d681211333c026202cad4d5649 Mon Sep 17 00:00:00 2001 From: Michal Luczaj <mhal(a)rbox.co> Date: Mon, 2 Dec 2024 12:29:25 +0100 Subject: [PATCH] bpf, sockmap: Fix race between element replace and close() Element replace (with a socket different from the one stored) may race with socket's close() link popping & unlinking. __sock_map_delete() unconditionally unrefs the (wrong) element: // set map[0] = s0 map_update_elem(map, 0, s0) // drop fd of s0 close(s0) sock_map_close() lock_sock(sk) (s0!) sock_map_remove_links(sk) link = sk_psock_link_pop() sock_map_unlink(sk, link) sock_map_delete_from_link // replace map[0] with s1 map_update_elem(map, 0, s1) sock_map_update_elem (s1!) lock_sock(sk) sock_map_update_common psock = sk_psock(sk) spin_lock(&stab->lock) osk = stab->sks[idx] sock_map_add_link(..., &stab->sks[idx]) sock_map_unref(osk, &stab->sks[idx]) psock = sk_psock(osk) sk_psock_put(sk, psock) if (refcount_dec_and_test(&psock)) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) unlock_sock(sk) __sock_map_delete spin_lock(&stab->lock) sk = *psk // s1 replaced s0; sk == s1 if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch sk = xchg(psk, NULL) if (sk) sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle psock = sk_psock(sk) sk_psock_put(sk, psock) if (refcount_dec_and_test()) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) release_sock(sk) Then close(map) enqueues bpf_map_free_deferred, which finally calls sock_map_free(). This results in some refcount_t warnings along with a KASAN splat [1]. Fix __sock_map_delete(), do not allow sock_map_unref() on elements that may have been replaced. [1]: BUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330 Write of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred Call Trace: <TASK> dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 kasan_report+0xb9/0x190 kasan_check_range+0x10f/0x1e0 sock_map_free+0x10e/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1202: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 unix_create1+0x88/0x8a0 unix_create+0xc5/0x180 __sock_create+0x241/0x650 __sys_socketpair+0x1ce/0x420 __x64_sys_socketpair+0x92/0x100 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 46: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 sk_psock_destroy+0x73e/0xa50 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 The buggy address belongs to the object at ffff88811f5b9080 which belongs to the cache UNIX-STREAM of size 1984 The buggy address is located 128 bytes inside of freed 1984-byte region [ffff88811f5b9080, ffff88811f5b9840) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f5b8 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 memcg:ffff888127d49401 flags: 0x17ffffc0000040(head|node=0|zone=2|lastcpupid=0x1fffff) page_type: f5(slab) raw: 0017ffffc0000040 ffff8881042e4500 dead000000000122 0000000000000000 raw: 0000000000000000 00000000800f000f 00000001f5000000 ffff888127d49401 head: 0017ffffc0000040 ffff8881042e4500 dead000000000122 0000000000000000 head: 0000000000000000 00000000800f000f 00000001f5000000 ffff888127d49401 head: 0017ffffc0000003 ffffea00047d6e01 ffffffffffffffff 0000000000000000 head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88811f5b9000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88811f5b9080: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88811f5b9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88811f5b9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Disabling lock debugging due to kernel taint refcount_t: addition on 0; use-after-free. WARNING: CPU: 14 PID: 1063 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Tainted: G B 6.12.0+ #125 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred RIP: 0010:refcount_warn_saturate+0xce/0x150 Code: 34 73 eb 03 01 e8 82 53 ad fe 0f 0b eb b1 80 3d 27 73 eb 03 00 75 a8 48 c7 c7 80 bd 95 84 c6 05 17 73 eb 03 01 e8 62 53 ad fe <0f> 0b eb 91 80 3d 06 73 eb 03 00 75 88 48 c7 c7 e0 bd 95 84 c6 05 RSP: 0018:ffff88815c49fc70 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88811f5b9100 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 RBP: 0000000000000002 R08: 0000000000000001 R09: ffffed10bcde6349 R10: ffff8885e6f31a4b R11: 0000000000000000 R12: ffff88813be0b000 R13: ffff88811f5b9100 R14: ffff88811f5b9080 R15: ffff88813be0b024 FS: 0000000000000000(0000) GS:ffff8885e6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055dda99b0250 CR3: 000000015dbac000 CR4: 0000000000752ef0 PKRU: 55555554 Call Trace: <TASK> ? __warn.cold+0x5f/0x1ff ? refcount_warn_saturate+0xce/0x150 ? report_bug+0x1ec/0x390 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0xce/0x150 sock_map_free+0x2e5/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> irq event stamp: 10741 hardirqs last enabled at (10741): [<ffffffff84400ec6>] asm_sysvec_apic_timer_interrupt+0x16/0x20 hardirqs last disabled at (10740): [<ffffffff811e532d>] handle_softirqs+0x60d/0x770 softirqs last enabled at (10506): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 softirqs last disabled at (10301): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 refcount_t: underflow; use-after-free. WARNING: CPU: 14 PID: 1063 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Tainted: G B W 6.12.0+ #125 Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred RIP: 0010:refcount_warn_saturate+0xee/0x150 Code: 17 73 eb 03 01 e8 62 53 ad fe 0f 0b eb 91 80 3d 06 73 eb 03 00 75 88 48 c7 c7 e0 bd 95 84 c6 05 f6 72 eb 03 01 e8 42 53 ad fe <0f> 0b e9 6e ff ff ff 80 3d e6 72 eb 03 00 0f 85 61 ff ff ff 48 c7 RSP: 0018:ffff88815c49fc70 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88811f5b9100 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed10bcde6349 R10: ffff8885e6f31a4b R11: 0000000000000000 R12: ffff88813be0b000 R13: ffff88811f5b9100 R14: ffff88811f5b9080 R15: ffff88813be0b024 FS: 0000000000000000(0000) GS:ffff8885e6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055dda99b0250 CR3: 000000015dbac000 CR4: 0000000000752ef0 PKRU: 55555554 Call Trace: <TASK> ? __warn.cold+0x5f/0x1ff ? refcount_warn_saturate+0xee/0x150 ? report_bug+0x1ec/0x390 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0xee/0x150 sock_map_free+0x2d3/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> irq event stamp: 10741 hardirqs last enabled at (10741): [<ffffffff84400ec6>] asm_sysvec_apic_timer_interrupt+0x16/0x20 hardirqs last disabled at (10740): [<ffffffff811e532d>] handle_softirqs+0x60d/0x770 softirqs last enabled at (10506): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 softirqs last disabled at (10301): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Michal Luczaj <mhal(a)rbox.co> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Reviewed-by: John Fastabend <john.fastabend(a)gmail.com> Link: https://lore.kernel.org/bpf/20241202-sockmap-replace-v1-3-1e88579e7bd5@rbox… diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 20b348b1964a..f1b9b3958792 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -412,12 +412,11 @@ static void *sock_map_lookup_sys(struct bpf_map *map, void *key) static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test, struct sock **psk) { - struct sock *sk; + struct sock *sk = NULL; int err = 0; spin_lock_bh(&stab->lock); - sk = *psk; - if (!sk_test || sk_test == sk) + if (!sk_test || sk_test == *psk) sk = xchg(psk, NULL); if (likely(sk))

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] bpf, sockmap: Fix race between element replace and close()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ed1fc5d76b81a4d681211333c026202cad4d5649 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121554-tightly-prayer-0638@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed1fc5d76b81a4d681211333c026202cad4d5649 Mon Sep 17 00:00:00 2001 From: Michal Luczaj <mhal(a)rbox.co> Date: Mon, 2 Dec 2024 12:29:25 +0100 Subject: [PATCH] bpf, sockmap: Fix race between element replace and close() Element replace (with a socket different from the one stored) may race with socket's close() link popping & unlinking. __sock_map_delete() unconditionally unrefs the (wrong) element: // set map[0] = s0 map_update_elem(map, 0, s0) // drop fd of s0 close(s0) sock_map_close() lock_sock(sk) (s0!) sock_map_remove_links(sk) link = sk_psock_link_pop() sock_map_unlink(sk, link) sock_map_delete_from_link // replace map[0] with s1 map_update_elem(map, 0, s1) sock_map_update_elem (s1!) lock_sock(sk) sock_map_update_common psock = sk_psock(sk) spin_lock(&stab->lock) osk = stab->sks[idx] sock_map_add_link(..., &stab->sks[idx]) sock_map_unref(osk, &stab->sks[idx]) psock = sk_psock(osk) sk_psock_put(sk, psock) if (refcount_dec_and_test(&psock)) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) unlock_sock(sk) __sock_map_delete spin_lock(&stab->lock) sk = *psk // s1 replaced s0; sk == s1 if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch sk = xchg(psk, NULL) if (sk) sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle psock = sk_psock(sk) sk_psock_put(sk, psock) if (refcount_dec_and_test()) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) release_sock(sk) Then close(map) enqueues bpf_map_free_deferred, which finally calls sock_map_free(). This results in some refcount_t warnings along with a KASAN splat [1]. Fix __sock_map_delete(), do not allow sock_map_unref() on elements that may have been replaced. [1]: BUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330 Write of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred Call Trace: <TASK> dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 kasan_report+0xb9/0x190 kasan_check_range+0x10f/0x1e0 sock_map_free+0x10e/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1202: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 unix_create1+0x88/0x8a0 unix_create+0xc5/0x180 __sock_create+0x241/0x650 __sys_socketpair+0x1ce/0x420 __x64_sys_socketpair+0x92/0x100 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 46: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 sk_psock_destroy+0x73e/0xa50 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 The buggy address belongs to the object at ffff88811f5b9080 which belongs to the cache UNIX-STREAM of size 1984 The buggy address is located 128 bytes inside of freed 1984-byte region [ffff88811f5b9080, ffff88811f5b9840) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f5b8 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 memcg:ffff888127d49401 flags: 0x17ffffc0000040(head|node=0|zone=2|lastcpupid=0x1fffff) page_type: f5(slab) raw: 0017ffffc0000040 ffff8881042e4500 dead000000000122 0000000000000000 raw: 0000000000000000 00000000800f000f 00000001f5000000 ffff888127d49401 head: 0017ffffc0000040 ffff8881042e4500 dead000000000122 0000000000000000 head: 0000000000000000 00000000800f000f 00000001f5000000 ffff888127d49401 head: 0017ffffc0000003 ffffea00047d6e01 ffffffffffffffff 0000000000000000 head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88811f5b9000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88811f5b9080: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88811f5b9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88811f5b9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Disabling lock debugging due to kernel taint refcount_t: addition on 0; use-after-free. WARNING: CPU: 14 PID: 1063 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Tainted: G B 6.12.0+ #125 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred RIP: 0010:refcount_warn_saturate+0xce/0x150 Code: 34 73 eb 03 01 e8 82 53 ad fe 0f 0b eb b1 80 3d 27 73 eb 03 00 75 a8 48 c7 c7 80 bd 95 84 c6 05 17 73 eb 03 01 e8 62 53 ad fe <0f> 0b eb 91 80 3d 06 73 eb 03 00 75 88 48 c7 c7 e0 bd 95 84 c6 05 RSP: 0018:ffff88815c49fc70 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88811f5b9100 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 RBP: 0000000000000002 R08: 0000000000000001 R09: ffffed10bcde6349 R10: ffff8885e6f31a4b R11: 0000000000000000 R12: ffff88813be0b000 R13: ffff88811f5b9100 R14: ffff88811f5b9080 R15: ffff88813be0b024 FS: 0000000000000000(0000) GS:ffff8885e6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055dda99b0250 CR3: 000000015dbac000 CR4: 0000000000752ef0 PKRU: 55555554 Call Trace: <TASK> ? __warn.cold+0x5f/0x1ff ? refcount_warn_saturate+0xce/0x150 ? report_bug+0x1ec/0x390 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0xce/0x150 sock_map_free+0x2e5/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> irq event stamp: 10741 hardirqs last enabled at (10741): [<ffffffff84400ec6>] asm_sysvec_apic_timer_interrupt+0x16/0x20 hardirqs last disabled at (10740): [<ffffffff811e532d>] handle_softirqs+0x60d/0x770 softirqs last enabled at (10506): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 softirqs last disabled at (10301): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 refcount_t: underflow; use-after-free. WARNING: CPU: 14 PID: 1063 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Tainted: G B W 6.12.0+ #125 Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred RIP: 0010:refcount_warn_saturate+0xee/0x150 Code: 17 73 eb 03 01 e8 62 53 ad fe 0f 0b eb 91 80 3d 06 73 eb 03 00 75 88 48 c7 c7 e0 bd 95 84 c6 05 f6 72 eb 03 01 e8 42 53 ad fe <0f> 0b e9 6e ff ff ff 80 3d e6 72 eb 03 00 0f 85 61 ff ff ff 48 c7 RSP: 0018:ffff88815c49fc70 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88811f5b9100 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed10bcde6349 R10: ffff8885e6f31a4b R11: 0000000000000000 R12: ffff88813be0b000 R13: ffff88811f5b9100 R14: ffff88811f5b9080 R15: ffff88813be0b024 FS: 0000000000000000(0000) GS:ffff8885e6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055dda99b0250 CR3: 000000015dbac000 CR4: 0000000000752ef0 PKRU: 55555554 Call Trace: <TASK> ? __warn.cold+0x5f/0x1ff ? refcount_warn_saturate+0xee/0x150 ? report_bug+0x1ec/0x390 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0xee/0x150 sock_map_free+0x2d3/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> irq event stamp: 10741 hardirqs last enabled at (10741): [<ffffffff84400ec6>] asm_sysvec_apic_timer_interrupt+0x16/0x20 hardirqs last disabled at (10740): [<ffffffff811e532d>] handle_softirqs+0x60d/0x770 softirqs last enabled at (10506): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 softirqs last disabled at (10301): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Michal Luczaj <mhal(a)rbox.co> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Reviewed-by: John Fastabend <john.fastabend(a)gmail.com> Link: https://lore.kernel.org/bpf/20241202-sockmap-replace-v1-3-1e88579e7bd5@rbox… diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 20b348b1964a..f1b9b3958792 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -412,12 +412,11 @@ static void *sock_map_lookup_sys(struct bpf_map *map, void *key) static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test, struct sock **psk) { - struct sock *sk; + struct sock *sk = NULL; int err = 0; spin_lock_bh(&stab->lock); - sk = *psk; - if (!sk_test || sk_test == sk) + if (!sk_test || sk_test == *psk) sk = xchg(psk, NULL); if (likely(sk))

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] bpf, sockmap: Fix race between element replace and close()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ed1fc5d76b81a4d681211333c026202cad4d5649 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121551-chasing-tilt-a0c8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed1fc5d76b81a4d681211333c026202cad4d5649 Mon Sep 17 00:00:00 2001 From: Michal Luczaj <mhal(a)rbox.co> Date: Mon, 2 Dec 2024 12:29:25 +0100 Subject: [PATCH] bpf, sockmap: Fix race between element replace and close() Element replace (with a socket different from the one stored) may race with socket's close() link popping & unlinking. __sock_map_delete() unconditionally unrefs the (wrong) element: // set map[0] = s0 map_update_elem(map, 0, s0) // drop fd of s0 close(s0) sock_map_close() lock_sock(sk) (s0!) sock_map_remove_links(sk) link = sk_psock_link_pop() sock_map_unlink(sk, link) sock_map_delete_from_link // replace map[0] with s1 map_update_elem(map, 0, s1) sock_map_update_elem (s1!) lock_sock(sk) sock_map_update_common psock = sk_psock(sk) spin_lock(&stab->lock) osk = stab->sks[idx] sock_map_add_link(..., &stab->sks[idx]) sock_map_unref(osk, &stab->sks[idx]) psock = sk_psock(osk) sk_psock_put(sk, psock) if (refcount_dec_and_test(&psock)) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) unlock_sock(sk) __sock_map_delete spin_lock(&stab->lock) sk = *psk // s1 replaced s0; sk == s1 if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch sk = xchg(psk, NULL) if (sk) sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle psock = sk_psock(sk) sk_psock_put(sk, psock) if (refcount_dec_and_test()) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) release_sock(sk) Then close(map) enqueues bpf_map_free_deferred, which finally calls sock_map_free(). This results in some refcount_t warnings along with a KASAN splat [1]. Fix __sock_map_delete(), do not allow sock_map_unref() on elements that may have been replaced. [1]: BUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330 Write of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred Call Trace: <TASK> dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 kasan_report+0xb9/0x190 kasan_check_range+0x10f/0x1e0 sock_map_free+0x10e/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1202: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 unix_create1+0x88/0x8a0 unix_create+0xc5/0x180 __sock_create+0x241/0x650 __sys_socketpair+0x1ce/0x420 __x64_sys_socketpair+0x92/0x100 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 46: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 sk_psock_destroy+0x73e/0xa50 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 The buggy address belongs to the object at ffff88811f5b9080 which belongs to the cache UNIX-STREAM of size 1984 The buggy address is located 128 bytes inside of freed 1984-byte region [ffff88811f5b9080, ffff88811f5b9840) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f5b8 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 memcg:ffff888127d49401 flags: 0x17ffffc0000040(head|node=0|zone=2|lastcpupid=0x1fffff) page_type: f5(slab) raw: 0017ffffc0000040 ffff8881042e4500 dead000000000122 0000000000000000 raw: 0000000000000000 00000000800f000f 00000001f5000000 ffff888127d49401 head: 0017ffffc0000040 ffff8881042e4500 dead000000000122 0000000000000000 head: 0000000000000000 00000000800f000f 00000001f5000000 ffff888127d49401 head: 0017ffffc0000003 ffffea00047d6e01 ffffffffffffffff 0000000000000000 head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88811f5b9000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88811f5b9080: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88811f5b9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88811f5b9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Disabling lock debugging due to kernel taint refcount_t: addition on 0; use-after-free. WARNING: CPU: 14 PID: 1063 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Tainted: G B 6.12.0+ #125 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred RIP: 0010:refcount_warn_saturate+0xce/0x150 Code: 34 73 eb 03 01 e8 82 53 ad fe 0f 0b eb b1 80 3d 27 73 eb 03 00 75 a8 48 c7 c7 80 bd 95 84 c6 05 17 73 eb 03 01 e8 62 53 ad fe <0f> 0b eb 91 80 3d 06 73 eb 03 00 75 88 48 c7 c7 e0 bd 95 84 c6 05 RSP: 0018:ffff88815c49fc70 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88811f5b9100 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 RBP: 0000000000000002 R08: 0000000000000001 R09: ffffed10bcde6349 R10: ffff8885e6f31a4b R11: 0000000000000000 R12: ffff88813be0b000 R13: ffff88811f5b9100 R14: ffff88811f5b9080 R15: ffff88813be0b024 FS: 0000000000000000(0000) GS:ffff8885e6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055dda99b0250 CR3: 000000015dbac000 CR4: 0000000000752ef0 PKRU: 55555554 Call Trace: <TASK> ? __warn.cold+0x5f/0x1ff ? refcount_warn_saturate+0xce/0x150 ? report_bug+0x1ec/0x390 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0xce/0x150 sock_map_free+0x2e5/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> irq event stamp: 10741 hardirqs last enabled at (10741): [<ffffffff84400ec6>] asm_sysvec_apic_timer_interrupt+0x16/0x20 hardirqs last disabled at (10740): [<ffffffff811e532d>] handle_softirqs+0x60d/0x770 softirqs last enabled at (10506): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 softirqs last disabled at (10301): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 refcount_t: underflow; use-after-free. WARNING: CPU: 14 PID: 1063 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Tainted: G B W 6.12.0+ #125 Tainted: [B]=BAD_PAGE, [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred RIP: 0010:refcount_warn_saturate+0xee/0x150 Code: 17 73 eb 03 01 e8 62 53 ad fe 0f 0b eb 91 80 3d 06 73 eb 03 00 75 88 48 c7 c7 e0 bd 95 84 c6 05 f6 72 eb 03 01 e8 42 53 ad fe <0f> 0b e9 6e ff ff ff 80 3d e6 72 eb 03 00 0f 85 61 ff ff ff 48 c7 RSP: 0018:ffff88815c49fc70 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88811f5b9100 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed10bcde6349 R10: ffff8885e6f31a4b R11: 0000000000000000 R12: ffff88813be0b000 R13: ffff88811f5b9100 R14: ffff88811f5b9080 R15: ffff88813be0b024 FS: 0000000000000000(0000) GS:ffff8885e6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055dda99b0250 CR3: 000000015dbac000 CR4: 0000000000752ef0 PKRU: 55555554 Call Trace: <TASK> ? __warn.cold+0x5f/0x1ff ? refcount_warn_saturate+0xee/0x150 ? report_bug+0x1ec/0x390 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0xee/0x150 sock_map_free+0x2d3/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> irq event stamp: 10741 hardirqs last enabled at (10741): [<ffffffff84400ec6>] asm_sysvec_apic_timer_interrupt+0x16/0x20 hardirqs last disabled at (10740): [<ffffffff811e532d>] handle_softirqs+0x60d/0x770 softirqs last enabled at (10506): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 softirqs last disabled at (10301): [<ffffffff811e55a9>] __irq_exit_rcu+0x109/0x210 Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Michal Luczaj <mhal(a)rbox.co> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Reviewed-by: John Fastabend <john.fastabend(a)gmail.com> Link: https://lore.kernel.org/bpf/20241202-sockmap-replace-v1-3-1e88579e7bd5@rbox… diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 20b348b1964a..f1b9b3958792 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -412,12 +412,11 @@ static void *sock_map_lookup_sys(struct bpf_map *map, void *key) static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test, struct sock **psk) { - struct sock *sk; + struct sock *sk = NULL; int err = 0; spin_lock_bh(&stab->lock); - sk = *psk; - if (!sk_test || sk_test == sk) + if (!sk_test || sk_test == *psk) sk = xchg(psk, NULL); if (likely(sk))

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] bpf: Check size for BTF-based ctx access of pointer members" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 659b9ba7cb2d7adb64618b87ddfaa528a143766e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121504-cloak-campfire-b8a9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 659b9ba7cb2d7adb64618b87ddfaa528a143766e Mon Sep 17 00:00:00 2001 From: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Date: Thu, 12 Dec 2024 01:20:49 -0800 Subject: [PATCH] bpf: Check size for BTF-based ctx access of pointer members Robert Morris reported the following program type which passes the verifier in [0]: SEC("struct_ops/bpf_cubic_init") void BPF_PROG(bpf_cubic_init, struct sock *sk) { asm volatile("r2 = *(u16*)(r1 + 0)"); // verifier should demand u64 asm volatile("*(u32 *)(r2 +1504) = 0"); // 1280 in some configs } The second line may or may not work, but the first instruction shouldn't pass, as it's a narrow load into the context structure of the struct ops callback. The code falls back to btf_ctx_access to ensure correctness and obtaining the types of pointers. Ensure that the size of the access is correctly checked to be 8 bytes, otherwise the verifier thinks the narrow load obtained a trusted BTF pointer and will permit loads/stores as it sees fit. Perform the check on size after we've verified that the load is for a pointer field, as for scalar values narrow loads are fine. Access to structs passed as arguments to a BPF program are also treated as scalars, therefore no adjustment is needed in their case. Existing verifier selftests are broken by this change, but because they were incorrect. Verifier tests for d_path were performing narrow load into context to obtain path pointer, had this program actually run it would cause a crash. The same holds for verifier_btf_ctx_access tests. [0]: https://lore.kernel.org/bpf/51338.1732985814@localhost Fixes: 9e15db66136a ("bpf: Implement accurate raw_tp context access via BTF") Reported-by: Robert Morris <rtm(a)mit.edu> Signed-off-by: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Link: https://lore.kernel.org/r/20241212092050.3204165-2-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index e7a59e6462a9..a63a03582f02 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -6543,6 +6543,12 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, return false; } + if (size != sizeof(u64)) { + bpf_log(log, "func '%s' size %d must be 8\n", + tname, size); + return false; + } + /* check for PTR_TO_RDONLY_BUF_OR_NULL or PTR_TO_RDWR_BUF_OR_NULL */ for (i = 0; i < prog->aux->ctx_arg_info_size; i++) { const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i]; diff --git a/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c b/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c index a570e48b917a..bfc3bf18fed4 100644 --- a/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c +++ b/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c @@ -11,7 +11,7 @@ __success __retval(0) __naked void btf_ctx_access_accept(void) { asm volatile (" \ - r2 = *(u32*)(r1 + 8); /* load 2nd argument value (int pointer) */\ + r2 = *(u64 *)(r1 + 8); /* load 2nd argument value (int pointer) */\ r0 = 0; \ exit; \ " ::: __clobber_all); @@ -23,7 +23,7 @@ __success __retval(0) __naked void ctx_access_u32_pointer_accept(void) { asm volatile (" \ - r2 = *(u32*)(r1 + 0); /* load 1nd argument value (u32 pointer) */\ + r2 = *(u64 *)(r1 + 0); /* load 1nd argument value (u32 pointer) */\ r0 = 0; \ exit; \ " ::: __clobber_all); diff --git a/tools/testing/selftests/bpf/progs/verifier_d_path.c b/tools/testing/selftests/bpf/progs/verifier_d_path.c index ec79cbcfde91..87e51a215558 100644 --- a/tools/testing/selftests/bpf/progs/verifier_d_path.c +++ b/tools/testing/selftests/bpf/progs/verifier_d_path.c @@ -11,7 +11,7 @@ __success __retval(0) __naked void d_path_accept(void) { asm volatile (" \ - r1 = *(u32*)(r1 + 0); \ + r1 = *(u64 *)(r1 + 0); \ r2 = r10; \ r2 += -8; \ r6 = 0; \ @@ -31,7 +31,7 @@ __failure __msg("helper call is not allowed in probe") __naked void d_path_reject(void) { asm volatile (" \ - r1 = *(u32*)(r1 + 0); \ + r1 = *(u64 *)(r1 + 0); \ r2 = r10; \ r2 += -8; \ r6 = 0; \

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] bpf: Check size for BTF-based ctx access of pointer members" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 659b9ba7cb2d7adb64618b87ddfaa528a143766e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121503-footwork-harness-0128@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 659b9ba7cb2d7adb64618b87ddfaa528a143766e Mon Sep 17 00:00:00 2001 From: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Date: Thu, 12 Dec 2024 01:20:49 -0800 Subject: [PATCH] bpf: Check size for BTF-based ctx access of pointer members Robert Morris reported the following program type which passes the verifier in [0]: SEC("struct_ops/bpf_cubic_init") void BPF_PROG(bpf_cubic_init, struct sock *sk) { asm volatile("r2 = *(u16*)(r1 + 0)"); // verifier should demand u64 asm volatile("*(u32 *)(r2 +1504) = 0"); // 1280 in some configs } The second line may or may not work, but the first instruction shouldn't pass, as it's a narrow load into the context structure of the struct ops callback. The code falls back to btf_ctx_access to ensure correctness and obtaining the types of pointers. Ensure that the size of the access is correctly checked to be 8 bytes, otherwise the verifier thinks the narrow load obtained a trusted BTF pointer and will permit loads/stores as it sees fit. Perform the check on size after we've verified that the load is for a pointer field, as for scalar values narrow loads are fine. Access to structs passed as arguments to a BPF program are also treated as scalars, therefore no adjustment is needed in their case. Existing verifier selftests are broken by this change, but because they were incorrect. Verifier tests for d_path were performing narrow load into context to obtain path pointer, had this program actually run it would cause a crash. The same holds for verifier_btf_ctx_access tests. [0]: https://lore.kernel.org/bpf/51338.1732985814@localhost Fixes: 9e15db66136a ("bpf: Implement accurate raw_tp context access via BTF") Reported-by: Robert Morris <rtm(a)mit.edu> Signed-off-by: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Link: https://lore.kernel.org/r/20241212092050.3204165-2-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index e7a59e6462a9..a63a03582f02 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -6543,6 +6543,12 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, return false; } + if (size != sizeof(u64)) { + bpf_log(log, "func '%s' size %d must be 8\n", + tname, size); + return false; + } + /* check for PTR_TO_RDONLY_BUF_OR_NULL or PTR_TO_RDWR_BUF_OR_NULL */ for (i = 0; i < prog->aux->ctx_arg_info_size; i++) { const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i]; diff --git a/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c b/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c index a570e48b917a..bfc3bf18fed4 100644 --- a/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c +++ b/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c @@ -11,7 +11,7 @@ __success __retval(0) __naked void btf_ctx_access_accept(void) { asm volatile (" \ - r2 = *(u32*)(r1 + 8); /* load 2nd argument value (int pointer) */\ + r2 = *(u64 *)(r1 + 8); /* load 2nd argument value (int pointer) */\ r0 = 0; \ exit; \ " ::: __clobber_all); @@ -23,7 +23,7 @@ __success __retval(0) __naked void ctx_access_u32_pointer_accept(void) { asm volatile (" \ - r2 = *(u32*)(r1 + 0); /* load 1nd argument value (u32 pointer) */\ + r2 = *(u64 *)(r1 + 0); /* load 1nd argument value (u32 pointer) */\ r0 = 0; \ exit; \ " ::: __clobber_all); diff --git a/tools/testing/selftests/bpf/progs/verifier_d_path.c b/tools/testing/selftests/bpf/progs/verifier_d_path.c index ec79cbcfde91..87e51a215558 100644 --- a/tools/testing/selftests/bpf/progs/verifier_d_path.c +++ b/tools/testing/selftests/bpf/progs/verifier_d_path.c @@ -11,7 +11,7 @@ __success __retval(0) __naked void d_path_accept(void) { asm volatile (" \ - r1 = *(u32*)(r1 + 0); \ + r1 = *(u64 *)(r1 + 0); \ r2 = r10; \ r2 += -8; \ r6 = 0; \ @@ -31,7 +31,7 @@ __failure __msg("helper call is not allowed in probe") __naked void d_path_reject(void) { asm volatile (" \ - r1 = *(u32*)(r1 + 0); \ + r1 = *(u64 *)(r1 + 0); \ r2 = r10; \ r2 += -8; \ r6 = 0; \

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] bpf: Check size for BTF-based ctx access of pointer members" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 659b9ba7cb2d7adb64618b87ddfaa528a143766e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121502-patriarch-unguarded-b4c5@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 659b9ba7cb2d7adb64618b87ddfaa528a143766e Mon Sep 17 00:00:00 2001 From: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Date: Thu, 12 Dec 2024 01:20:49 -0800 Subject: [PATCH] bpf: Check size for BTF-based ctx access of pointer members Robert Morris reported the following program type which passes the verifier in [0]: SEC("struct_ops/bpf_cubic_init") void BPF_PROG(bpf_cubic_init, struct sock *sk) { asm volatile("r2 = *(u16*)(r1 + 0)"); // verifier should demand u64 asm volatile("*(u32 *)(r2 +1504) = 0"); // 1280 in some configs } The second line may or may not work, but the first instruction shouldn't pass, as it's a narrow load into the context structure of the struct ops callback. The code falls back to btf_ctx_access to ensure correctness and obtaining the types of pointers. Ensure that the size of the access is correctly checked to be 8 bytes, otherwise the verifier thinks the narrow load obtained a trusted BTF pointer and will permit loads/stores as it sees fit. Perform the check on size after we've verified that the load is for a pointer field, as for scalar values narrow loads are fine. Access to structs passed as arguments to a BPF program are also treated as scalars, therefore no adjustment is needed in their case. Existing verifier selftests are broken by this change, but because they were incorrect. Verifier tests for d_path were performing narrow load into context to obtain path pointer, had this program actually run it would cause a crash. The same holds for verifier_btf_ctx_access tests. [0]: https://lore.kernel.org/bpf/51338.1732985814@localhost Fixes: 9e15db66136a ("bpf: Implement accurate raw_tp context access via BTF") Reported-by: Robert Morris <rtm(a)mit.edu> Signed-off-by: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Link: https://lore.kernel.org/r/20241212092050.3204165-2-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index e7a59e6462a9..a63a03582f02 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -6543,6 +6543,12 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, return false; } + if (size != sizeof(u64)) { + bpf_log(log, "func '%s' size %d must be 8\n", + tname, size); + return false; + } + /* check for PTR_TO_RDONLY_BUF_OR_NULL or PTR_TO_RDWR_BUF_OR_NULL */ for (i = 0; i < prog->aux->ctx_arg_info_size; i++) { const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i]; diff --git a/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c b/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c index a570e48b917a..bfc3bf18fed4 100644 --- a/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c +++ b/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c @@ -11,7 +11,7 @@ __success __retval(0) __naked void btf_ctx_access_accept(void) { asm volatile (" \ - r2 = *(u32*)(r1 + 8); /* load 2nd argument value (int pointer) */\ + r2 = *(u64 *)(r1 + 8); /* load 2nd argument value (int pointer) */\ r0 = 0; \ exit; \ " ::: __clobber_all); @@ -23,7 +23,7 @@ __success __retval(0) __naked void ctx_access_u32_pointer_accept(void) { asm volatile (" \ - r2 = *(u32*)(r1 + 0); /* load 1nd argument value (u32 pointer) */\ + r2 = *(u64 *)(r1 + 0); /* load 1nd argument value (u32 pointer) */\ r0 = 0; \ exit; \ " ::: __clobber_all); diff --git a/tools/testing/selftests/bpf/progs/verifier_d_path.c b/tools/testing/selftests/bpf/progs/verifier_d_path.c index ec79cbcfde91..87e51a215558 100644 --- a/tools/testing/selftests/bpf/progs/verifier_d_path.c +++ b/tools/testing/selftests/bpf/progs/verifier_d_path.c @@ -11,7 +11,7 @@ __success __retval(0) __naked void d_path_accept(void) { asm volatile (" \ - r1 = *(u32*)(r1 + 0); \ + r1 = *(u64 *)(r1 + 0); \ r2 = r10; \ r2 += -8; \ r6 = 0; \ @@ -31,7 +31,7 @@ __failure __msg("helper call is not allowed in probe") __naked void d_path_reject(void) { asm volatile (" \ - r1 = *(u32*)(r1 + 0); \ + r1 = *(u64 *)(r1 + 0); \ r2 = r10; \ r2 += -8; \ r6 = 0; \

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: fix off-by-one error in fsmap's end_daddr usage" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a440a28ddbdcb861150987b4d6e828631656b92f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121553-prison-usage-c221@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a440a28ddbdcb861150987b4d6e828631656b92f Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:24 -0800 Subject: [PATCH] xfs: fix off-by-one error in fsmap's end_daddr usage In commit ca6448aed4f10a, we created an "end_daddr" variable to fix fsmap reporting when the end of the range requested falls in the middle of an unknown (aka free on the rmapbt) region. Unfortunately, I didn't notice that the the code sets end_daddr to the last sector of the device but then uses that quantity to compute the length of the synthesized mapping. Zizhi Wo later observed that when end_daddr isn't set, we still don't report the last fsblock on a device because in that case (aka when info->last is true), the info->high mapping that we pass to xfs_getfsmap_group_helper has a startblock that points to the last fsblock. This is also wrong because the code uses startblock to compute the length of the synthesized mapping. Fix the second problem by setting end_daddr unconditionally, and fix the first problem by setting start_daddr to one past the end of the range to query. Cc: <stable(a)vger.kernel.org> # v6.11 Fixes: ca6448aed4f10a ("xfs: Fix missing interval for missing_owner in xfs fsmap") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reported-by: Zizhi Wo <wozizhi(a)huawei.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/xfs_fsmap.c b/fs/xfs/xfs_fsmap.c index 82f2e0dd2249..3290dd8524a6 100644 --- a/fs/xfs/xfs_fsmap.c +++ b/fs/xfs/xfs_fsmap.c @@ -163,7 +163,8 @@ struct xfs_getfsmap_info { xfs_daddr_t next_daddr; /* next daddr we expect */ /* daddr of low fsmap key when we're using the rtbitmap */ xfs_daddr_t low_daddr; - xfs_daddr_t end_daddr; /* daddr of high fsmap key */ + /* daddr of high fsmap key, or the last daddr on the device */ + xfs_daddr_t end_daddr; u64 missing_owner; /* owner of holes */ u32 dev; /* device id */ /* @@ -387,8 +388,8 @@ xfs_getfsmap_group_helper( * we calculated from userspace's high key to synthesize the record. * Note that if the btree query found a mapping, there won't be a gap. */ - if (info->last && info->end_daddr != XFS_BUF_DADDR_NULL) - frec->start_daddr = info->end_daddr; + if (info->last) + frec->start_daddr = info->end_daddr + 1; else frec->start_daddr = xfs_gbno_to_daddr(xg, startblock); @@ -736,11 +737,10 @@ xfs_getfsmap_rtdev_rtbitmap_helper( * we calculated from userspace's high key to synthesize the record. * Note that if the btree query found a mapping, there won't be a gap. */ - if (info->last && info->end_daddr != XFS_BUF_DADDR_NULL) { - frec.start_daddr = info->end_daddr; - } else { + if (info->last) + frec.start_daddr = info->end_daddr + 1; + else frec.start_daddr = xfs_rtb_to_daddr(mp, start_rtb); - } frec.len_daddr = XFS_FSB_TO_BB(mp, rtbcount); return xfs_getfsmap_helper(tp, info, &frec); @@ -933,7 +933,10 @@ xfs_getfsmap( struct xfs_trans *tp = NULL; struct xfs_fsmap dkeys[2]; /* per-dev keys */ struct xfs_getfsmap_dev handlers[XFS_GETFSMAP_DEVS]; - struct xfs_getfsmap_info info = { NULL }; + struct xfs_getfsmap_info info = { + .fsmap_recs = fsmap_recs, + .head = head, + }; bool use_rmap; int i; int error = 0; @@ -998,9 +1001,6 @@ xfs_getfsmap( info.next_daddr = head->fmh_keys[0].fmr_physical + head->fmh_keys[0].fmr_length; - info.end_daddr = XFS_BUF_DADDR_NULL; - info.fsmap_recs = fsmap_recs; - info.head = head; /* For each device we support... */ for (i = 0; i < XFS_GETFSMAP_DEVS; i++) { @@ -1013,17 +1013,23 @@ xfs_getfsmap( break; /* - * If this device number matches the high key, we have - * to pass the high key to the handler to limit the - * query results. If the device number exceeds the - * low key, zero out the low key so that we get - * everything from the beginning. + * If this device number matches the high key, we have to pass + * the high key to the handler to limit the query results, and + * set the end_daddr so that we can synthesize records at the + * end of the query range or device. */ if (handlers[i].dev == head->fmh_keys[1].fmr_device) { dkeys[1] = head->fmh_keys[1]; info.end_daddr = min(handlers[i].nr_sectors - 1, dkeys[1].fmr_physical); + } else { + info.end_daddr = handlers[i].nr_sectors - 1; } + + /* + * If the device number exceeds the low key, zero out the low + * key so that we get everything from the beginning. + */ if (handlers[i].dev > head->fmh_keys[0].fmr_device) memset(&dkeys[0], 0, sizeof(struct xfs_fsmap));

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: separate healthy clearing mask during repair" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x aa7bfb537edf62085d7718845f6644b0e4efb9df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121542-fretful-identity-5931@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aa7bfb537edf62085d7718845f6644b0e4efb9df Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:27 -0800 Subject: [PATCH] xfs: separate healthy clearing mask during repair In commit d9041681dd2f53 we introduced some XFS_SICK_*ZAPPED flags so that the inode record repair code could clean up a damaged inode record enough to iget the inode but still be able to remember that the higher level repair code needs to be called. As part of that, we introduced a xchk_mark_healthy_if_clean helper that is supposed to cause the ZAPPED state to be removed if that higher level metadata actually checks out. This was done by setting additional bits in sick_mask hoping that xchk_update_health will clear all those bits after a healthy scrub. Unfortunately, that's not quite what sick_mask means -- bits in that mask are indeed cleared if the metadata is healthy, but they're set if the metadata is NOT healthy. fsck is only intended to set the ZAPPED bits explicitly. If something else sets the CORRUPT/XCORRUPT state after the xchk_mark_healthy_if_clean call, we end up marking the metadata zapped. This can happen if the following sequence happens: 1. Scrub runs, discovers that the metadata is fine but could be optimized and calls xchk_mark_healthy_if_clean on a ZAPPED flag. That causes the ZAPPED flag to be set in sick_mask because the metadata is not CORRUPT or XCORRUPT. 2. Repair runs to optimize the metadata. 3. Some other metadata used for cross-referencing in (1) becomes corrupt. 4. Post-repair scrub runs, but this time it sets CORRUPT or XCORRUPT due to the events in (3). 5. Now the xchk_health_update sets the ZAPPED flag on the metadata we just repaired. This is not the correct state. Fix this by moving the "if healthy" mask to a separate field, and only ever using it to clear the sick state. Cc: <stable(a)vger.kernel.org> # v6.8 Fixes: d9041681dd2f53 ("xfs: set inode sick state flags when we zap either ondisk fork") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/scrub/health.c b/fs/xfs/scrub/health.c index ce86bdad37fa..ccc6ca5934ca 100644 --- a/fs/xfs/scrub/health.c +++ b/fs/xfs/scrub/health.c @@ -71,7 +71,8 @@ /* Map our scrub type to a sick mask and a set of health update functions. */ enum xchk_health_group { - XHG_FS = 1, + XHG_NONE = 1, + XHG_FS, XHG_AG, XHG_INO, XHG_RTGROUP, @@ -83,6 +84,7 @@ struct xchk_health_map { }; static const struct xchk_health_map type_to_health_flag[XFS_SCRUB_TYPE_NR] = { + [XFS_SCRUB_TYPE_PROBE] = { XHG_NONE, 0 }, [XFS_SCRUB_TYPE_SB] = { XHG_AG, XFS_SICK_AG_SB }, [XFS_SCRUB_TYPE_AGF] = { XHG_AG, XFS_SICK_AG_AGF }, [XFS_SCRUB_TYPE_AGFL] = { XHG_AG, XFS_SICK_AG_AGFL }, @@ -133,7 +135,7 @@ xchk_mark_healthy_if_clean( { if (!(sc->sm->sm_flags & (XFS_SCRUB_OFLAG_CORRUPT | XFS_SCRUB_OFLAG_XCORRUPT))) - sc->sick_mask |= mask; + sc->healthy_mask |= mask; } /* @@ -189,6 +191,7 @@ xchk_update_health( { struct xfs_perag *pag; struct xfs_rtgroup *rtg; + unsigned int mask = sc->sick_mask; bool bad; /* @@ -203,50 +206,56 @@ xchk_update_health( return; } - if (!sc->sick_mask) - return; - bad = (sc->sm->sm_flags & (XFS_SCRUB_OFLAG_CORRUPT | XFS_SCRUB_OFLAG_XCORRUPT)); + if (!bad) + mask |= sc->healthy_mask; switch (type_to_health_flag[sc->sm->sm_type].group) { + case XHG_NONE: + break; case XHG_AG: + if (!mask) + return; pag = xfs_perag_get(sc->mp, sc->sm->sm_agno); if (bad) - xfs_group_mark_corrupt(pag_group(pag), sc->sick_mask); + xfs_group_mark_corrupt(pag_group(pag), mask); else - xfs_group_mark_healthy(pag_group(pag), sc->sick_mask); + xfs_group_mark_healthy(pag_group(pag), mask); xfs_perag_put(pag); break; case XHG_INO: if (!sc->ip) return; - if (bad) { - unsigned int mask = sc->sick_mask; - - /* - * If we're coming in for repairs then we don't want - * sickness flags to propagate to the incore health - * status if the inode gets inactivated before we can - * fix it. - */ - if (sc->sm->sm_flags & XFS_SCRUB_IFLAG_REPAIR) - mask |= XFS_SICK_INO_FORGET; + /* + * If we're coming in for repairs then we don't want sickness + * flags to propagate to the incore health status if the inode + * gets inactivated before we can fix it. + */ + if (sc->sm->sm_flags & XFS_SCRUB_IFLAG_REPAIR) + mask |= XFS_SICK_INO_FORGET; + if (!mask) + return; + if (bad) xfs_inode_mark_corrupt(sc->ip, mask); - } else - xfs_inode_mark_healthy(sc->ip, sc->sick_mask); + else + xfs_inode_mark_healthy(sc->ip, mask); break; case XHG_FS: + if (!mask) + return; if (bad) - xfs_fs_mark_corrupt(sc->mp, sc->sick_mask); + xfs_fs_mark_corrupt(sc->mp, mask); else - xfs_fs_mark_healthy(sc->mp, sc->sick_mask); + xfs_fs_mark_healthy(sc->mp, mask); break; case XHG_RTGROUP: + if (!mask) + return; rtg = xfs_rtgroup_get(sc->mp, sc->sm->sm_agno); if (bad) - xfs_group_mark_corrupt(rtg_group(rtg), sc->sick_mask); + xfs_group_mark_corrupt(rtg_group(rtg), mask); else - xfs_group_mark_healthy(rtg_group(rtg), sc->sick_mask); + xfs_group_mark_healthy(rtg_group(rtg), mask); xfs_rtgroup_put(rtg); break; default: diff --git a/fs/xfs/scrub/scrub.h b/fs/xfs/scrub/scrub.h index a7fda3e2b013..5dbbe93cb49b 100644 --- a/fs/xfs/scrub/scrub.h +++ b/fs/xfs/scrub/scrub.h @@ -184,6 +184,12 @@ struct xfs_scrub { */ unsigned int sick_mask; + /* + * Clear these XFS_SICK_* flags but only if the scan is ok. Useful for + * removing ZAPPED flags after a repair. + */ + unsigned int healthy_mask; + /* next time we want to cond_resched() */ struct xchk_relax relax;

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: attach dquot buffer to dquot log item buffer" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x acc8f8628c3737108f36e5637f4d5daeaf96d90e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121529-renewal-passable-b4c9@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acc8f8628c3737108f36e5637f4d5daeaf96d90e Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:38 -0800 Subject: [PATCH] xfs: attach dquot buffer to dquot log item buffer Ever since 6.12-rc1, I've observed a pile of warnings from the kernel when running fstests with quotas enabled: WARNING: CPU: 1 PID: 458580 at mm/page_alloc.c:4221 __alloc_pages_noprof+0xc9c/0xf18 CPU: 1 UID: 0 PID: 458580 Comm: xfsaild/sda3 Tainted: G W 6.12.0-rc6-djwa #rc6 6ee3e0e531f6457e2d26aa008a3b65ff184b377c <snip> Call trace: __alloc_pages_noprof+0xc9c/0xf18 alloc_pages_mpol_noprof+0x94/0x240 alloc_pages_noprof+0x68/0xf8 new_slab+0x3e0/0x568 ___slab_alloc+0x5a0/0xb88 __slab_alloc.constprop.0+0x7c/0xf8 __kmalloc_noprof+0x404/0x4d0 xfs_buf_get_map+0x594/0xde0 [xfs 384cb02810558b4c490343c164e9407332118f88] xfs_buf_read_map+0x64/0x2e0 [xfs 384cb02810558b4c490343c164e9407332118f88] xfs_trans_read_buf_map+0x1dc/0x518 [xfs 384cb02810558b4c490343c164e9407332118f88] xfs_qm_dqflush+0xac/0x468 [xfs 384cb02810558b4c490343c164e9407332118f88] xfs_qm_dquot_logitem_push+0xe4/0x148 [xfs 384cb02810558b4c490343c164e9407332118f88] xfsaild+0x3f4/0xde8 [xfs 384cb02810558b4c490343c164e9407332118f88] kthread+0x110/0x128 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- This corresponds to the line: WARN_ON_ONCE(current->flags & PF_MEMALLOC); within the NOFAIL checks. What's happening here is that the XFS AIL is trying to write a disk quota update back into the filesystem, but for that it needs to read the ondisk buffer for the dquot. The buffer is not in memory anymore, probably because it was evicted. Regardless, the buffer cache tries to allocate a new buffer, but those allocations are NOFAIL. The AIL thread has marked itself PF_MEMALLOC (aka noreclaim) since commit 43ff2122e6492b ("xfs: on-stack delayed write buffer lists") presumably because reclaim can push on XFS to push on the AIL. An easy way to fix this probably would have been to drop the NOFAIL flag from the xfs_buf allocation and open code a retry loop, but then there's still the problem that for bs>ps filesystems, the buffer itself could require up to 64k worth of pages. Inode items had similar behavior (multi-page cluster buffers that we don't want to allocate in the AIL) which we solved by making transaction precommit attach the inode cluster buffers to the dirty log item. Let's solve the dquot problem in the same way. So: Make a real precommit handler to read the dquot buffer and attach it to the log item; pass it to dqflush in the push method; and have the iodone function detach the buffer once we've flushed everything. Add a state flag to the log item to track when a thread has entered the precommit -> push mechanism to skip the detaching if it turns out that the dquot is very busy, as we don't hold the dquot lock between log item commit and AIL push). Reading and attaching the dquot buffer in the precommit hook is inspired by the work done for inode cluster buffers some time ago. Cc: <stable(a)vger.kernel.org> # v6.12 Fixes: 903edea6c53f09 ("mm: warn about illegal __GFP_NOFAIL usage in a more appropriate location and manner") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/xfs_dquot.c b/fs/xfs/xfs_dquot.c index 1dc85de58e59..708fd3358375 100644 --- a/fs/xfs/xfs_dquot.c +++ b/fs/xfs/xfs_dquot.c @@ -68,6 +68,30 @@ xfs_dquot_mark_sick( } } +/* + * Detach the dquot buffer if it's still attached, because we can get called + * through dqpurge after a log shutdown. Caller must hold the dqflock or have + * otherwise isolated the dquot. + */ +void +xfs_dquot_detach_buf( + struct xfs_dquot *dqp) +{ + struct xfs_dq_logitem *qlip = &dqp->q_logitem; + struct xfs_buf *bp = NULL; + + spin_lock(&qlip->qli_lock); + if (qlip->qli_item.li_buf) { + bp = qlip->qli_item.li_buf; + qlip->qli_item.li_buf = NULL; + } + spin_unlock(&qlip->qli_lock); + if (bp) { + list_del_init(&qlip->qli_item.li_bio_list); + xfs_buf_rele(bp); + } +} + /* * This is called to free all the memory associated with a dquot */ @@ -76,6 +100,7 @@ xfs_qm_dqdestroy( struct xfs_dquot *dqp) { ASSERT(list_empty(&dqp->q_lru)); + ASSERT(dqp->q_logitem.qli_item.li_buf == NULL); kvfree(dqp->q_logitem.qli_item.li_lv_shadow); mutex_destroy(&dqp->q_qlock); @@ -1146,6 +1171,7 @@ xfs_qm_dqflush_done( container_of(lip, struct xfs_dq_logitem, qli_item); struct xfs_dquot *dqp = qlip->qli_dquot; struct xfs_ail *ailp = lip->li_ailp; + struct xfs_buf *bp = NULL; xfs_lsn_t tail_lsn; /* @@ -1171,6 +1197,20 @@ xfs_qm_dqflush_done( } } + /* + * If this dquot hasn't been dirtied since initiating the last dqflush, + * release the buffer reference. We already unlinked this dquot item + * from the buffer. + */ + spin_lock(&qlip->qli_lock); + if (!qlip->qli_dirty) { + bp = lip->li_buf; + lip->li_buf = NULL; + } + spin_unlock(&qlip->qli_lock); + if (bp) + xfs_buf_rele(bp); + /* * Release the dq's flush lock since we're done with it. */ @@ -1197,7 +1237,7 @@ xfs_buf_dquot_io_fail( spin_lock(&bp->b_mount->m_ail->ail_lock); list_for_each_entry(lip, &bp->b_li_list, li_bio_list) - xfs_set_li_failed(lip, bp); + set_bit(XFS_LI_FAILED, &lip->li_flags); spin_unlock(&bp->b_mount->m_ail->ail_lock); } @@ -1249,6 +1289,7 @@ int xfs_dquot_read_buf( struct xfs_trans *tp, struct xfs_dquot *dqp, + xfs_buf_flags_t xbf_flags, struct xfs_buf **bpp) { struct xfs_mount *mp = dqp->q_mount; @@ -1256,7 +1297,7 @@ xfs_dquot_read_buf( int error; error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp, dqp->q_blkno, - mp->m_quotainfo->qi_dqchunklen, XBF_TRYLOCK, + mp->m_quotainfo->qi_dqchunklen, xbf_flags, &bp, &xfs_dquot_buf_ops); if (error == -EAGAIN) return error; @@ -1275,6 +1316,77 @@ xfs_dquot_read_buf( return error; } +/* + * Attach a dquot buffer to this dquot to avoid allocating a buffer during a + * dqflush, since dqflush can be called from reclaim context. + */ +int +xfs_dquot_attach_buf( + struct xfs_trans *tp, + struct xfs_dquot *dqp) +{ + struct xfs_dq_logitem *qlip = &dqp->q_logitem; + struct xfs_log_item *lip = &qlip->qli_item; + int error; + + spin_lock(&qlip->qli_lock); + if (!lip->li_buf) { + struct xfs_buf *bp = NULL; + + spin_unlock(&qlip->qli_lock); + error = xfs_dquot_read_buf(tp, dqp, 0, &bp); + if (error) + return error; + + /* + * Attach the dquot to the buffer so that the AIL does not have + * to read the dquot buffer to push this item. + */ + xfs_buf_hold(bp); + spin_lock(&qlip->qli_lock); + lip->li_buf = bp; + xfs_trans_brelse(tp, bp); + } + qlip->qli_dirty = true; + spin_unlock(&qlip->qli_lock); + + return 0; +} + +/* + * Get a new reference the dquot buffer attached to this dquot for a dqflush + * operation. + * + * Returns 0 and a NULL bp if none was attached to the dquot; 0 and a locked + * bp; or -EAGAIN if the buffer could not be locked. + */ +int +xfs_dquot_use_attached_buf( + struct xfs_dquot *dqp, + struct xfs_buf **bpp) +{ + struct xfs_buf *bp = dqp->q_logitem.qli_item.li_buf; + + /* + * A NULL buffer can happen if the dquot dirty flag was set but the + * filesystem shut down before transaction commit happened. In that + * case we're not going to flush anyway. + */ + if (!bp) { + ASSERT(xfs_is_shutdown(dqp->q_mount)); + + *bpp = NULL; + return 0; + } + + if (!xfs_buf_trylock(bp)) + return -EAGAIN; + + xfs_buf_hold(bp); + *bpp = bp; + return 0; +} + /* * Write a modified dquot to disk. * The dquot must be locked and the flush lock too taken by caller. @@ -1289,7 +1401,8 @@ xfs_qm_dqflush( struct xfs_buf *bp) { struct xfs_mount *mp = dqp->q_mount; - struct xfs_log_item *lip = &dqp->q_logitem.qli_item; + struct xfs_dq_logitem *qlip = &dqp->q_logitem; + struct xfs_log_item *lip = &qlip->qli_item; struct xfs_dqblk *dqblk; xfs_failaddr_t fa; int error; @@ -1319,8 +1432,15 @@ xfs_qm_dqflush( */ dqp->q_flags &= ~XFS_DQFLAG_DIRTY; - xfs_trans_ail_copy_lsn(mp->m_ail, &dqp->q_logitem.qli_flush_lsn, - &lip->li_lsn); + /* + * We hold the dquot lock, so nobody can dirty it while we're + * scheduling the write out. Clear the dirty-since-flush flag. + */ + spin_lock(&qlip->qli_lock); + qlip->qli_dirty = false; + spin_unlock(&qlip->qli_lock); + + xfs_trans_ail_copy_lsn(mp->m_ail, &qlip->qli_flush_lsn, &lip->li_lsn); /* * copy the lsn into the on-disk dquot now while we have the in memory diff --git a/fs/xfs/xfs_dquot.h b/fs/xfs/xfs_dquot.h index 50f8404c4117..c7e80fc90823 100644 --- a/fs/xfs/xfs_dquot.h +++ b/fs/xfs/xfs_dquot.h @@ -215,7 +215,7 @@ void xfs_dquot_to_disk(struct xfs_disk_dquot *ddqp, struct xfs_dquot *dqp); void xfs_qm_dqdestroy(struct xfs_dquot *dqp); int xfs_dquot_read_buf(struct xfs_trans *tp, struct xfs_dquot *dqp, - struct xfs_buf **bpp); + xfs_buf_flags_t flags, struct xfs_buf **bpp); int xfs_qm_dqflush(struct xfs_dquot *dqp, struct xfs_buf *bp); void xfs_qm_dqunpin_wait(struct xfs_dquot *dqp); void xfs_qm_adjust_dqtimers(struct xfs_dquot *d); @@ -239,6 +239,10 @@ void xfs_dqlockn(struct xfs_dqtrx *q); void xfs_dquot_set_prealloc_limits(struct xfs_dquot *); +int xfs_dquot_attach_buf(struct xfs_trans *tp, struct xfs_dquot *dqp); +int xfs_dquot_use_attached_buf(struct xfs_dquot *dqp, struct xfs_buf **bpp); +void xfs_dquot_detach_buf(struct xfs_dquot *dqp); + static inline struct xfs_dquot *xfs_qm_dqhold(struct xfs_dquot *dqp) { xfs_dqlock(dqp); diff --git a/fs/xfs/xfs_dquot_item.c b/fs/xfs/xfs_dquot_item.c index 56ecc5ed0193..271b195ebb93 100644 --- a/fs/xfs/xfs_dquot_item.c +++ b/fs/xfs/xfs_dquot_item.c @@ -123,8 +123,9 @@ xfs_qm_dquot_logitem_push( __releases(&lip->li_ailp->ail_lock) __acquires(&lip->li_ailp->ail_lock) { - struct xfs_dquot *dqp = DQUOT_ITEM(lip)->qli_dquot; - struct xfs_buf *bp = lip->li_buf; + struct xfs_dq_logitem *qlip = DQUOT_ITEM(lip); + struct xfs_dquot *dqp = qlip->qli_dquot; + struct xfs_buf *bp; uint rval = XFS_ITEM_SUCCESS; int error; @@ -155,11 +156,10 @@ xfs_qm_dquot_logitem_push( spin_unlock(&lip->li_ailp->ail_lock); - error = xfs_dquot_read_buf(NULL, dqp, &bp); - if (error) { - if (error == -EAGAIN) - rval = XFS_ITEM_LOCKED; + error = xfs_dquot_use_attached_buf(dqp, &bp); + if (error == -EAGAIN) { xfs_dqfunlock(dqp); + rval = XFS_ITEM_LOCKED; goto out_relock_ail; } @@ -207,12 +207,10 @@ xfs_qm_dquot_logitem_committing( } #ifdef DEBUG_EXPENSIVE -static int -xfs_qm_dquot_logitem_precommit( - struct xfs_trans *tp, - struct xfs_log_item *lip) +static void +xfs_qm_dquot_logitem_precommit_check( + struct xfs_dquot *dqp) { - struct xfs_dquot *dqp = DQUOT_ITEM(lip)->qli_dquot; struct xfs_mount *mp = dqp->q_mount; struct xfs_disk_dquot ddq = { }; xfs_failaddr_t fa; @@ -228,13 +226,24 @@ xfs_qm_dquot_logitem_precommit( xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE); ASSERT(fa == NULL); } - - return 0; } #else -# define xfs_qm_dquot_logitem_precommit NULL +# define xfs_qm_dquot_logitem_precommit_check(...) ((void)0) #endif +static int +xfs_qm_dquot_logitem_precommit( + struct xfs_trans *tp, + struct xfs_log_item *lip) +{ + struct xfs_dq_logitem *qlip = DQUOT_ITEM(lip); + struct xfs_dquot *dqp = qlip->qli_dquot; + + xfs_qm_dquot_logitem_precommit_check(dqp); + + return xfs_dquot_attach_buf(tp, dqp); +} + static const struct xfs_item_ops xfs_dquot_item_ops = { .iop_size = xfs_qm_dquot_logitem_size, .iop_precommit = xfs_qm_dquot_logitem_precommit, @@ -259,5 +268,7 @@ xfs_qm_dquot_logitem_init( xfs_log_item_init(dqp->q_mount, &lp->qli_item, XFS_LI_DQUOT, &xfs_dquot_item_ops); + spin_lock_init(&lp->qli_lock); lp->qli_dquot = dqp; + lp->qli_dirty = false; } diff --git a/fs/xfs/xfs_dquot_item.h b/fs/xfs/xfs_dquot_item.h index 794710c24474..d66e52807d76 100644 --- a/fs/xfs/xfs_dquot_item.h +++ b/fs/xfs/xfs_dquot_item.h @@ -14,6 +14,13 @@ struct xfs_dq_logitem { struct xfs_log_item qli_item; /* common portion */ struct xfs_dquot *qli_dquot; /* dquot ptr */ xfs_lsn_t qli_flush_lsn; /* lsn at last flush */ + + /* + * We use this spinlock to coordinate access to the li_buf pointer in + * the log item and the qli_dirty flag. + */ + spinlock_t qli_lock; + bool qli_dirty; /* dirtied since last flush? */ }; void xfs_qm_dquot_logitem_init(struct xfs_dquot *dqp); diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c index d9ac50a33c57..7d07d4b5c339 100644 --- a/fs/xfs/xfs_qm.c +++ b/fs/xfs/xfs_qm.c @@ -148,7 +148,7 @@ xfs_qm_dqpurge( * We don't care about getting disk errors here. We need * to purge this dquot anyway, so we go ahead regardless. */ - error = xfs_dquot_read_buf(NULL, dqp, &bp); + error = xfs_dquot_read_buf(NULL, dqp, XBF_TRYLOCK, &bp); if (error == -EAGAIN) { xfs_dqfunlock(dqp); dqp->q_flags &= ~XFS_DQFLAG_FREEING; @@ -168,6 +168,7 @@ xfs_qm_dqpurge( } xfs_dqflock(dqp); } + xfs_dquot_detach_buf(dqp); out_funlock: ASSERT(atomic_read(&dqp->q_pincount) == 0); @@ -505,7 +506,7 @@ xfs_qm_dquot_isolate( /* we have to drop the LRU lock to flush the dquot */ spin_unlock(&lru->lock); - error = xfs_dquot_read_buf(NULL, dqp, &bp); + error = xfs_dquot_read_buf(NULL, dqp, XBF_TRYLOCK, &bp); if (error) { xfs_dqfunlock(dqp); goto out_unlock_dirty; @@ -523,6 +524,8 @@ xfs_qm_dquot_isolate( xfs_buf_relse(bp); goto out_unlock_dirty; } + + xfs_dquot_detach_buf(dqp); xfs_dqfunlock(dqp); /* @@ -1510,7 +1513,7 @@ xfs_qm_flush_one( goto out_unlock; } - error = xfs_dquot_read_buf(NULL, dqp, &bp); + error = xfs_dquot_read_buf(NULL, dqp, XBF_TRYLOCK, &bp); if (error) goto out_unlock; diff --git a/fs/xfs/xfs_trans_ail.c b/fs/xfs/xfs_trans_ail.c index 8ede9d099d1f..f56d62dced97 100644 --- a/fs/xfs/xfs_trans_ail.c +++ b/fs/xfs/xfs_trans_ail.c @@ -360,7 +360,7 @@ xfsaild_resubmit_item( /* protected by ail_lock */ list_for_each_entry(lip, &bp->b_li_list, li_bio_list) { - if (bp->b_flags & _XBF_INODES) + if (bp->b_flags & (_XBF_INODES | _XBF_DQUOTS)) clear_bit(XFS_LI_FAILED, &lip->li_flags); else xfs_clear_li_failed(lip);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: don't lose solo dquot update transactions" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 07137e925fa951646325762bda6bd2503dfe64c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121515-delta-gutter-495f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07137e925fa951646325762bda6bd2503dfe64c6 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:36 -0800 Subject: [PATCH] xfs: don't lose solo dquot update transactions Quota counter updates are tracked via incore objects which hang off the xfs_trans object. These changes are then turned into dirty log items in xfs_trans_apply_dquot_deltas just prior to commiting the log items to the CIL. However, updating the incore deltas do not cause XFS_TRANS_DIRTY to be set on the transaction. In other words, a pure quota counter update will be silently discarded if there are no other dirty log items attached to the transaction. This is currently not the case anywhere in the filesystem because quota updates always dirty at least one other metadata item, but a subsequent bug fix will add dquot log item precommits, so we actually need a dirty dquot log item prior to xfs_trans_run_precommits. Also let's not leave a logic bomb. Cc: <stable(a)vger.kernel.org> # v2.6.35 Fixes: 0924378a689ccb ("xfs: split out iclog writing from xfs_trans_commit()") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/xfs_quota.h b/fs/xfs/xfs_quota.h index fa1317cc396c..d7565462af3d 100644 --- a/fs/xfs/xfs_quota.h +++ b/fs/xfs/xfs_quota.h @@ -101,7 +101,8 @@ extern void xfs_trans_free_dqinfo(struct xfs_trans *); extern void xfs_trans_mod_dquot_byino(struct xfs_trans *, struct xfs_inode *, uint, int64_t); extern void xfs_trans_apply_dquot_deltas(struct xfs_trans *); -extern void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *); +void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *tp, + bool already_locked); int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force); extern int xfs_trans_reserve_quota_bydquots(struct xfs_trans *, @@ -173,7 +174,7 @@ static inline void xfs_trans_mod_dquot_byino(struct xfs_trans *tp, { } #define xfs_trans_apply_dquot_deltas(tp) -#define xfs_trans_unreserve_and_mod_dquots(tp) +#define xfs_trans_unreserve_and_mod_dquots(tp, a) static inline int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force) diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c index 427a8ba0ab99..4cd25717c9d1 100644 --- a/fs/xfs/xfs_trans.c +++ b/fs/xfs/xfs_trans.c @@ -866,6 +866,7 @@ __xfs_trans_commit( */ if (tp->t_flags & XFS_TRANS_SB_DIRTY) xfs_trans_apply_sb_deltas(tp); + xfs_trans_apply_dquot_deltas(tp); error = xfs_trans_run_precommits(tp); if (error) @@ -894,11 +895,6 @@ __xfs_trans_commit( ASSERT(tp->t_ticket != NULL); - /* - * If we need to update the superblock, then do it now. - */ - xfs_trans_apply_dquot_deltas(tp); - xlog_cil_commit(log, tp, &commit_seq, regrant); xfs_trans_free(tp); @@ -924,7 +920,7 @@ __xfs_trans_commit( * the dqinfo portion to be. All that means is that we have some * (non-persistent) quota reservations that need to be unreserved. */ - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, true); if (tp->t_ticket) { if (regrant && !xlog_is_shutdown(log)) xfs_log_ticket_regrant(log, tp->t_ticket); @@ -1018,7 +1014,7 @@ xfs_trans_cancel( } #endif xfs_trans_unreserve_and_mod_sb(tp); - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, false); if (tp->t_ticket) { xfs_log_ticket_ungrant(log, tp->t_ticket); diff --git a/fs/xfs/xfs_trans_dquot.c b/fs/xfs/xfs_trans_dquot.c index 481ba3dc9f19..713b6d243e56 100644 --- a/fs/xfs/xfs_trans_dquot.c +++ b/fs/xfs/xfs_trans_dquot.c @@ -606,6 +606,24 @@ xfs_trans_apply_dquot_deltas( ASSERT(dqp->q_blk.reserved >= dqp->q_blk.count); ASSERT(dqp->q_ino.reserved >= dqp->q_ino.count); ASSERT(dqp->q_rtb.reserved >= dqp->q_rtb.count); + + /* + * We've applied the count changes and given back + * whatever reservation we didn't use. Zero out the + * dqtrx fields. + */ + qtrx->qt_blk_res = 0; + qtrx->qt_bcount_delta = 0; + qtrx->qt_delbcnt_delta = 0; + + qtrx->qt_rtblk_res = 0; + qtrx->qt_rtblk_res_used = 0; + qtrx->qt_rtbcount_delta = 0; + qtrx->qt_delrtb_delta = 0; + + qtrx->qt_ino_res = 0; + qtrx->qt_ino_res_used = 0; + qtrx->qt_icount_delta = 0; } } } @@ -642,7 +660,8 @@ xfs_trans_unreserve_and_mod_dquots_hook( */ void xfs_trans_unreserve_and_mod_dquots( - struct xfs_trans *tp) + struct xfs_trans *tp, + bool already_locked) { int i, j; struct xfs_dquot *dqp; @@ -671,10 +690,12 @@ xfs_trans_unreserve_and_mod_dquots( * about the number of blocks used field, or deltas. * Also we don't bother to zero the fields. */ - locked = false; + locked = already_locked; if (qtrx->qt_blk_res) { - xfs_dqlock(dqp); - locked = true; + if (!locked) { + xfs_dqlock(dqp); + locked = true; + } dqp->q_blk.reserved -= (xfs_qcnt_t)qtrx->qt_blk_res; } @@ -695,7 +716,7 @@ xfs_trans_unreserve_and_mod_dquots( dqp->q_rtb.reserved -= (xfs_qcnt_t)qtrx->qt_rtblk_res; } - if (locked) + if (locked && !already_locked) xfs_dqunlock(dqp); }

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: don't lose solo dquot update transactions" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 07137e925fa951646325762bda6bd2503dfe64c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121515-pursuant-reversion-cf82@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07137e925fa951646325762bda6bd2503dfe64c6 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:36 -0800 Subject: [PATCH] xfs: don't lose solo dquot update transactions Quota counter updates are tracked via incore objects which hang off the xfs_trans object. These changes are then turned into dirty log items in xfs_trans_apply_dquot_deltas just prior to commiting the log items to the CIL. However, updating the incore deltas do not cause XFS_TRANS_DIRTY to be set on the transaction. In other words, a pure quota counter update will be silently discarded if there are no other dirty log items attached to the transaction. This is currently not the case anywhere in the filesystem because quota updates always dirty at least one other metadata item, but a subsequent bug fix will add dquot log item precommits, so we actually need a dirty dquot log item prior to xfs_trans_run_precommits. Also let's not leave a logic bomb. Cc: <stable(a)vger.kernel.org> # v2.6.35 Fixes: 0924378a689ccb ("xfs: split out iclog writing from xfs_trans_commit()") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/xfs_quota.h b/fs/xfs/xfs_quota.h index fa1317cc396c..d7565462af3d 100644 --- a/fs/xfs/xfs_quota.h +++ b/fs/xfs/xfs_quota.h @@ -101,7 +101,8 @@ extern void xfs_trans_free_dqinfo(struct xfs_trans *); extern void xfs_trans_mod_dquot_byino(struct xfs_trans *, struct xfs_inode *, uint, int64_t); extern void xfs_trans_apply_dquot_deltas(struct xfs_trans *); -extern void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *); +void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *tp, + bool already_locked); int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force); extern int xfs_trans_reserve_quota_bydquots(struct xfs_trans *, @@ -173,7 +174,7 @@ static inline void xfs_trans_mod_dquot_byino(struct xfs_trans *tp, { } #define xfs_trans_apply_dquot_deltas(tp) -#define xfs_trans_unreserve_and_mod_dquots(tp) +#define xfs_trans_unreserve_and_mod_dquots(tp, a) static inline int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force) diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c index 427a8ba0ab99..4cd25717c9d1 100644 --- a/fs/xfs/xfs_trans.c +++ b/fs/xfs/xfs_trans.c @@ -866,6 +866,7 @@ __xfs_trans_commit( */ if (tp->t_flags & XFS_TRANS_SB_DIRTY) xfs_trans_apply_sb_deltas(tp); + xfs_trans_apply_dquot_deltas(tp); error = xfs_trans_run_precommits(tp); if (error) @@ -894,11 +895,6 @@ __xfs_trans_commit( ASSERT(tp->t_ticket != NULL); - /* - * If we need to update the superblock, then do it now. - */ - xfs_trans_apply_dquot_deltas(tp); - xlog_cil_commit(log, tp, &commit_seq, regrant); xfs_trans_free(tp); @@ -924,7 +920,7 @@ __xfs_trans_commit( * the dqinfo portion to be. All that means is that we have some * (non-persistent) quota reservations that need to be unreserved. */ - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, true); if (tp->t_ticket) { if (regrant && !xlog_is_shutdown(log)) xfs_log_ticket_regrant(log, tp->t_ticket); @@ -1018,7 +1014,7 @@ xfs_trans_cancel( } #endif xfs_trans_unreserve_and_mod_sb(tp); - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, false); if (tp->t_ticket) { xfs_log_ticket_ungrant(log, tp->t_ticket); diff --git a/fs/xfs/xfs_trans_dquot.c b/fs/xfs/xfs_trans_dquot.c index 481ba3dc9f19..713b6d243e56 100644 --- a/fs/xfs/xfs_trans_dquot.c +++ b/fs/xfs/xfs_trans_dquot.c @@ -606,6 +606,24 @@ xfs_trans_apply_dquot_deltas( ASSERT(dqp->q_blk.reserved >= dqp->q_blk.count); ASSERT(dqp->q_ino.reserved >= dqp->q_ino.count); ASSERT(dqp->q_rtb.reserved >= dqp->q_rtb.count); + + /* + * We've applied the count changes and given back + * whatever reservation we didn't use. Zero out the + * dqtrx fields. + */ + qtrx->qt_blk_res = 0; + qtrx->qt_bcount_delta = 0; + qtrx->qt_delbcnt_delta = 0; + + qtrx->qt_rtblk_res = 0; + qtrx->qt_rtblk_res_used = 0; + qtrx->qt_rtbcount_delta = 0; + qtrx->qt_delrtb_delta = 0; + + qtrx->qt_ino_res = 0; + qtrx->qt_ino_res_used = 0; + qtrx->qt_icount_delta = 0; } } } @@ -642,7 +660,8 @@ xfs_trans_unreserve_and_mod_dquots_hook( */ void xfs_trans_unreserve_and_mod_dquots( - struct xfs_trans *tp) + struct xfs_trans *tp, + bool already_locked) { int i, j; struct xfs_dquot *dqp; @@ -671,10 +690,12 @@ xfs_trans_unreserve_and_mod_dquots( * about the number of blocks used field, or deltas. * Also we don't bother to zero the fields. */ - locked = false; + locked = already_locked; if (qtrx->qt_blk_res) { - xfs_dqlock(dqp); - locked = true; + if (!locked) { + xfs_dqlock(dqp); + locked = true; + } dqp->q_blk.reserved -= (xfs_qcnt_t)qtrx->qt_blk_res; } @@ -695,7 +716,7 @@ xfs_trans_unreserve_and_mod_dquots( dqp->q_rtb.reserved -= (xfs_qcnt_t)qtrx->qt_rtblk_res; } - if (locked) + if (locked && !already_locked) xfs_dqunlock(dqp); }

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: don't lose solo dquot update transactions" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 07137e925fa951646325762bda6bd2503dfe64c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121514-bagging-surplus-f572@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07137e925fa951646325762bda6bd2503dfe64c6 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:36 -0800 Subject: [PATCH] xfs: don't lose solo dquot update transactions Quota counter updates are tracked via incore objects which hang off the xfs_trans object. These changes are then turned into dirty log items in xfs_trans_apply_dquot_deltas just prior to commiting the log items to the CIL. However, updating the incore deltas do not cause XFS_TRANS_DIRTY to be set on the transaction. In other words, a pure quota counter update will be silently discarded if there are no other dirty log items attached to the transaction. This is currently not the case anywhere in the filesystem because quota updates always dirty at least one other metadata item, but a subsequent bug fix will add dquot log item precommits, so we actually need a dirty dquot log item prior to xfs_trans_run_precommits. Also let's not leave a logic bomb. Cc: <stable(a)vger.kernel.org> # v2.6.35 Fixes: 0924378a689ccb ("xfs: split out iclog writing from xfs_trans_commit()") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/xfs_quota.h b/fs/xfs/xfs_quota.h index fa1317cc396c..d7565462af3d 100644 --- a/fs/xfs/xfs_quota.h +++ b/fs/xfs/xfs_quota.h @@ -101,7 +101,8 @@ extern void xfs_trans_free_dqinfo(struct xfs_trans *); extern void xfs_trans_mod_dquot_byino(struct xfs_trans *, struct xfs_inode *, uint, int64_t); extern void xfs_trans_apply_dquot_deltas(struct xfs_trans *); -extern void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *); +void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *tp, + bool already_locked); int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force); extern int xfs_trans_reserve_quota_bydquots(struct xfs_trans *, @@ -173,7 +174,7 @@ static inline void xfs_trans_mod_dquot_byino(struct xfs_trans *tp, { } #define xfs_trans_apply_dquot_deltas(tp) -#define xfs_trans_unreserve_and_mod_dquots(tp) +#define xfs_trans_unreserve_and_mod_dquots(tp, a) static inline int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force) diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c index 427a8ba0ab99..4cd25717c9d1 100644 --- a/fs/xfs/xfs_trans.c +++ b/fs/xfs/xfs_trans.c @@ -866,6 +866,7 @@ __xfs_trans_commit( */ if (tp->t_flags & XFS_TRANS_SB_DIRTY) xfs_trans_apply_sb_deltas(tp); + xfs_trans_apply_dquot_deltas(tp); error = xfs_trans_run_precommits(tp); if (error) @@ -894,11 +895,6 @@ __xfs_trans_commit( ASSERT(tp->t_ticket != NULL); - /* - * If we need to update the superblock, then do it now. - */ - xfs_trans_apply_dquot_deltas(tp); - xlog_cil_commit(log, tp, &commit_seq, regrant); xfs_trans_free(tp); @@ -924,7 +920,7 @@ __xfs_trans_commit( * the dqinfo portion to be. All that means is that we have some * (non-persistent) quota reservations that need to be unreserved. */ - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, true); if (tp->t_ticket) { if (regrant && !xlog_is_shutdown(log)) xfs_log_ticket_regrant(log, tp->t_ticket); @@ -1018,7 +1014,7 @@ xfs_trans_cancel( } #endif xfs_trans_unreserve_and_mod_sb(tp); - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, false); if (tp->t_ticket) { xfs_log_ticket_ungrant(log, tp->t_ticket); diff --git a/fs/xfs/xfs_trans_dquot.c b/fs/xfs/xfs_trans_dquot.c index 481ba3dc9f19..713b6d243e56 100644 --- a/fs/xfs/xfs_trans_dquot.c +++ b/fs/xfs/xfs_trans_dquot.c @@ -606,6 +606,24 @@ xfs_trans_apply_dquot_deltas( ASSERT(dqp->q_blk.reserved >= dqp->q_blk.count); ASSERT(dqp->q_ino.reserved >= dqp->q_ino.count); ASSERT(dqp->q_rtb.reserved >= dqp->q_rtb.count); + + /* + * We've applied the count changes and given back + * whatever reservation we didn't use. Zero out the + * dqtrx fields. + */ + qtrx->qt_blk_res = 0; + qtrx->qt_bcount_delta = 0; + qtrx->qt_delbcnt_delta = 0; + + qtrx->qt_rtblk_res = 0; + qtrx->qt_rtblk_res_used = 0; + qtrx->qt_rtbcount_delta = 0; + qtrx->qt_delrtb_delta = 0; + + qtrx->qt_ino_res = 0; + qtrx->qt_ino_res_used = 0; + qtrx->qt_icount_delta = 0; } } } @@ -642,7 +660,8 @@ xfs_trans_unreserve_and_mod_dquots_hook( */ void xfs_trans_unreserve_and_mod_dquots( - struct xfs_trans *tp) + struct xfs_trans *tp, + bool already_locked) { int i, j; struct xfs_dquot *dqp; @@ -671,10 +690,12 @@ xfs_trans_unreserve_and_mod_dquots( * about the number of blocks used field, or deltas. * Also we don't bother to zero the fields. */ - locked = false; + locked = already_locked; if (qtrx->qt_blk_res) { - xfs_dqlock(dqp); - locked = true; + if (!locked) { + xfs_dqlock(dqp); + locked = true; + } dqp->q_blk.reserved -= (xfs_qcnt_t)qtrx->qt_blk_res; } @@ -695,7 +716,7 @@ xfs_trans_unreserve_and_mod_dquots( dqp->q_rtb.reserved -= (xfs_qcnt_t)qtrx->qt_rtblk_res; } - if (locked) + if (locked && !already_locked) xfs_dqunlock(dqp); }

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: don't lose solo dquot update transactions" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 07137e925fa951646325762bda6bd2503dfe64c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121513-porcupine-corporate-5dfe@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07137e925fa951646325762bda6bd2503dfe64c6 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:36 -0800 Subject: [PATCH] xfs: don't lose solo dquot update transactions Quota counter updates are tracked via incore objects which hang off the xfs_trans object. These changes are then turned into dirty log items in xfs_trans_apply_dquot_deltas just prior to commiting the log items to the CIL. However, updating the incore deltas do not cause XFS_TRANS_DIRTY to be set on the transaction. In other words, a pure quota counter update will be silently discarded if there are no other dirty log items attached to the transaction. This is currently not the case anywhere in the filesystem because quota updates always dirty at least one other metadata item, but a subsequent bug fix will add dquot log item precommits, so we actually need a dirty dquot log item prior to xfs_trans_run_precommits. Also let's not leave a logic bomb. Cc: <stable(a)vger.kernel.org> # v2.6.35 Fixes: 0924378a689ccb ("xfs: split out iclog writing from xfs_trans_commit()") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/xfs_quota.h b/fs/xfs/xfs_quota.h index fa1317cc396c..d7565462af3d 100644 --- a/fs/xfs/xfs_quota.h +++ b/fs/xfs/xfs_quota.h @@ -101,7 +101,8 @@ extern void xfs_trans_free_dqinfo(struct xfs_trans *); extern void xfs_trans_mod_dquot_byino(struct xfs_trans *, struct xfs_inode *, uint, int64_t); extern void xfs_trans_apply_dquot_deltas(struct xfs_trans *); -extern void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *); +void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *tp, + bool already_locked); int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force); extern int xfs_trans_reserve_quota_bydquots(struct xfs_trans *, @@ -173,7 +174,7 @@ static inline void xfs_trans_mod_dquot_byino(struct xfs_trans *tp, { } #define xfs_trans_apply_dquot_deltas(tp) -#define xfs_trans_unreserve_and_mod_dquots(tp) +#define xfs_trans_unreserve_and_mod_dquots(tp, a) static inline int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force) diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c index 427a8ba0ab99..4cd25717c9d1 100644 --- a/fs/xfs/xfs_trans.c +++ b/fs/xfs/xfs_trans.c @@ -866,6 +866,7 @@ __xfs_trans_commit( */ if (tp->t_flags & XFS_TRANS_SB_DIRTY) xfs_trans_apply_sb_deltas(tp); + xfs_trans_apply_dquot_deltas(tp); error = xfs_trans_run_precommits(tp); if (error) @@ -894,11 +895,6 @@ __xfs_trans_commit( ASSERT(tp->t_ticket != NULL); - /* - * If we need to update the superblock, then do it now. - */ - xfs_trans_apply_dquot_deltas(tp); - xlog_cil_commit(log, tp, &commit_seq, regrant); xfs_trans_free(tp); @@ -924,7 +920,7 @@ __xfs_trans_commit( * the dqinfo portion to be. All that means is that we have some * (non-persistent) quota reservations that need to be unreserved. */ - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, true); if (tp->t_ticket) { if (regrant && !xlog_is_shutdown(log)) xfs_log_ticket_regrant(log, tp->t_ticket); @@ -1018,7 +1014,7 @@ xfs_trans_cancel( } #endif xfs_trans_unreserve_and_mod_sb(tp); - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, false); if (tp->t_ticket) { xfs_log_ticket_ungrant(log, tp->t_ticket); diff --git a/fs/xfs/xfs_trans_dquot.c b/fs/xfs/xfs_trans_dquot.c index 481ba3dc9f19..713b6d243e56 100644 --- a/fs/xfs/xfs_trans_dquot.c +++ b/fs/xfs/xfs_trans_dquot.c @@ -606,6 +606,24 @@ xfs_trans_apply_dquot_deltas( ASSERT(dqp->q_blk.reserved >= dqp->q_blk.count); ASSERT(dqp->q_ino.reserved >= dqp->q_ino.count); ASSERT(dqp->q_rtb.reserved >= dqp->q_rtb.count); + + /* + * We've applied the count changes and given back + * whatever reservation we didn't use. Zero out the + * dqtrx fields. + */ + qtrx->qt_blk_res = 0; + qtrx->qt_bcount_delta = 0; + qtrx->qt_delbcnt_delta = 0; + + qtrx->qt_rtblk_res = 0; + qtrx->qt_rtblk_res_used = 0; + qtrx->qt_rtbcount_delta = 0; + qtrx->qt_delrtb_delta = 0; + + qtrx->qt_ino_res = 0; + qtrx->qt_ino_res_used = 0; + qtrx->qt_icount_delta = 0; } } } @@ -642,7 +660,8 @@ xfs_trans_unreserve_and_mod_dquots_hook( */ void xfs_trans_unreserve_and_mod_dquots( - struct xfs_trans *tp) + struct xfs_trans *tp, + bool already_locked) { int i, j; struct xfs_dquot *dqp; @@ -671,10 +690,12 @@ xfs_trans_unreserve_and_mod_dquots( * about the number of blocks used field, or deltas. * Also we don't bother to zero the fields. */ - locked = false; + locked = already_locked; if (qtrx->qt_blk_res) { - xfs_dqlock(dqp); - locked = true; + if (!locked) { + xfs_dqlock(dqp); + locked = true; + } dqp->q_blk.reserved -= (xfs_qcnt_t)qtrx->qt_blk_res; } @@ -695,7 +716,7 @@ xfs_trans_unreserve_and_mod_dquots( dqp->q_rtb.reserved -= (xfs_qcnt_t)qtrx->qt_rtblk_res; } - if (locked) + if (locked && !already_locked) xfs_dqunlock(dqp); }

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: don't lose solo dquot update transactions" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 07137e925fa951646325762bda6bd2503dfe64c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121512-nimbly-playlist-a34e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07137e925fa951646325762bda6bd2503dfe64c6 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:36 -0800 Subject: [PATCH] xfs: don't lose solo dquot update transactions Quota counter updates are tracked via incore objects which hang off the xfs_trans object. These changes are then turned into dirty log items in xfs_trans_apply_dquot_deltas just prior to commiting the log items to the CIL. However, updating the incore deltas do not cause XFS_TRANS_DIRTY to be set on the transaction. In other words, a pure quota counter update will be silently discarded if there are no other dirty log items attached to the transaction. This is currently not the case anywhere in the filesystem because quota updates always dirty at least one other metadata item, but a subsequent bug fix will add dquot log item precommits, so we actually need a dirty dquot log item prior to xfs_trans_run_precommits. Also let's not leave a logic bomb. Cc: <stable(a)vger.kernel.org> # v2.6.35 Fixes: 0924378a689ccb ("xfs: split out iclog writing from xfs_trans_commit()") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/xfs_quota.h b/fs/xfs/xfs_quota.h index fa1317cc396c..d7565462af3d 100644 --- a/fs/xfs/xfs_quota.h +++ b/fs/xfs/xfs_quota.h @@ -101,7 +101,8 @@ extern void xfs_trans_free_dqinfo(struct xfs_trans *); extern void xfs_trans_mod_dquot_byino(struct xfs_trans *, struct xfs_inode *, uint, int64_t); extern void xfs_trans_apply_dquot_deltas(struct xfs_trans *); -extern void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *); +void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *tp, + bool already_locked); int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force); extern int xfs_trans_reserve_quota_bydquots(struct xfs_trans *, @@ -173,7 +174,7 @@ static inline void xfs_trans_mod_dquot_byino(struct xfs_trans *tp, { } #define xfs_trans_apply_dquot_deltas(tp) -#define xfs_trans_unreserve_and_mod_dquots(tp) +#define xfs_trans_unreserve_and_mod_dquots(tp, a) static inline int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force) diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c index 427a8ba0ab99..4cd25717c9d1 100644 --- a/fs/xfs/xfs_trans.c +++ b/fs/xfs/xfs_trans.c @@ -866,6 +866,7 @@ __xfs_trans_commit( */ if (tp->t_flags & XFS_TRANS_SB_DIRTY) xfs_trans_apply_sb_deltas(tp); + xfs_trans_apply_dquot_deltas(tp); error = xfs_trans_run_precommits(tp); if (error) @@ -894,11 +895,6 @@ __xfs_trans_commit( ASSERT(tp->t_ticket != NULL); - /* - * If we need to update the superblock, then do it now. - */ - xfs_trans_apply_dquot_deltas(tp); - xlog_cil_commit(log, tp, &commit_seq, regrant); xfs_trans_free(tp); @@ -924,7 +920,7 @@ __xfs_trans_commit( * the dqinfo portion to be. All that means is that we have some * (non-persistent) quota reservations that need to be unreserved. */ - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, true); if (tp->t_ticket) { if (regrant && !xlog_is_shutdown(log)) xfs_log_ticket_regrant(log, tp->t_ticket); @@ -1018,7 +1014,7 @@ xfs_trans_cancel( } #endif xfs_trans_unreserve_and_mod_sb(tp); - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, false); if (tp->t_ticket) { xfs_log_ticket_ungrant(log, tp->t_ticket); diff --git a/fs/xfs/xfs_trans_dquot.c b/fs/xfs/xfs_trans_dquot.c index 481ba3dc9f19..713b6d243e56 100644 --- a/fs/xfs/xfs_trans_dquot.c +++ b/fs/xfs/xfs_trans_dquot.c @@ -606,6 +606,24 @@ xfs_trans_apply_dquot_deltas( ASSERT(dqp->q_blk.reserved >= dqp->q_blk.count); ASSERT(dqp->q_ino.reserved >= dqp->q_ino.count); ASSERT(dqp->q_rtb.reserved >= dqp->q_rtb.count); + + /* + * We've applied the count changes and given back + * whatever reservation we didn't use. Zero out the + * dqtrx fields. + */ + qtrx->qt_blk_res = 0; + qtrx->qt_bcount_delta = 0; + qtrx->qt_delbcnt_delta = 0; + + qtrx->qt_rtblk_res = 0; + qtrx->qt_rtblk_res_used = 0; + qtrx->qt_rtbcount_delta = 0; + qtrx->qt_delrtb_delta = 0; + + qtrx->qt_ino_res = 0; + qtrx->qt_ino_res_used = 0; + qtrx->qt_icount_delta = 0; } } } @@ -642,7 +660,8 @@ xfs_trans_unreserve_and_mod_dquots_hook( */ void xfs_trans_unreserve_and_mod_dquots( - struct xfs_trans *tp) + struct xfs_trans *tp, + bool already_locked) { int i, j; struct xfs_dquot *dqp; @@ -671,10 +690,12 @@ xfs_trans_unreserve_and_mod_dquots( * about the number of blocks used field, or deltas. * Also we don't bother to zero the fields. */ - locked = false; + locked = already_locked; if (qtrx->qt_blk_res) { - xfs_dqlock(dqp); - locked = true; + if (!locked) { + xfs_dqlock(dqp); + locked = true; + } dqp->q_blk.reserved -= (xfs_qcnt_t)qtrx->qt_blk_res; } @@ -695,7 +716,7 @@ xfs_trans_unreserve_and_mod_dquots( dqp->q_rtb.reserved -= (xfs_qcnt_t)qtrx->qt_rtblk_res; } - if (locked) + if (locked && !already_locked) xfs_dqunlock(dqp); }

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: don't lose solo dquot update transactions" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 07137e925fa951646325762bda6bd2503dfe64c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121511-savings-proactive-9581@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07137e925fa951646325762bda6bd2503dfe64c6 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:36 -0800 Subject: [PATCH] xfs: don't lose solo dquot update transactions Quota counter updates are tracked via incore objects which hang off the xfs_trans object. These changes are then turned into dirty log items in xfs_trans_apply_dquot_deltas just prior to commiting the log items to the CIL. However, updating the incore deltas do not cause XFS_TRANS_DIRTY to be set on the transaction. In other words, a pure quota counter update will be silently discarded if there are no other dirty log items attached to the transaction. This is currently not the case anywhere in the filesystem because quota updates always dirty at least one other metadata item, but a subsequent bug fix will add dquot log item precommits, so we actually need a dirty dquot log item prior to xfs_trans_run_precommits. Also let's not leave a logic bomb. Cc: <stable(a)vger.kernel.org> # v2.6.35 Fixes: 0924378a689ccb ("xfs: split out iclog writing from xfs_trans_commit()") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/xfs_quota.h b/fs/xfs/xfs_quota.h index fa1317cc396c..d7565462af3d 100644 --- a/fs/xfs/xfs_quota.h +++ b/fs/xfs/xfs_quota.h @@ -101,7 +101,8 @@ extern void xfs_trans_free_dqinfo(struct xfs_trans *); extern void xfs_trans_mod_dquot_byino(struct xfs_trans *, struct xfs_inode *, uint, int64_t); extern void xfs_trans_apply_dquot_deltas(struct xfs_trans *); -extern void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *); +void xfs_trans_unreserve_and_mod_dquots(struct xfs_trans *tp, + bool already_locked); int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force); extern int xfs_trans_reserve_quota_bydquots(struct xfs_trans *, @@ -173,7 +174,7 @@ static inline void xfs_trans_mod_dquot_byino(struct xfs_trans *tp, { } #define xfs_trans_apply_dquot_deltas(tp) -#define xfs_trans_unreserve_and_mod_dquots(tp) +#define xfs_trans_unreserve_and_mod_dquots(tp, a) static inline int xfs_trans_reserve_quota_nblks(struct xfs_trans *tp, struct xfs_inode *ip, int64_t dblocks, int64_t rblocks, bool force) diff --git a/fs/xfs/xfs_trans.c b/fs/xfs/xfs_trans.c index 427a8ba0ab99..4cd25717c9d1 100644 --- a/fs/xfs/xfs_trans.c +++ b/fs/xfs/xfs_trans.c @@ -866,6 +866,7 @@ __xfs_trans_commit( */ if (tp->t_flags & XFS_TRANS_SB_DIRTY) xfs_trans_apply_sb_deltas(tp); + xfs_trans_apply_dquot_deltas(tp); error = xfs_trans_run_precommits(tp); if (error) @@ -894,11 +895,6 @@ __xfs_trans_commit( ASSERT(tp->t_ticket != NULL); - /* - * If we need to update the superblock, then do it now. - */ - xfs_trans_apply_dquot_deltas(tp); - xlog_cil_commit(log, tp, &commit_seq, regrant); xfs_trans_free(tp); @@ -924,7 +920,7 @@ __xfs_trans_commit( * the dqinfo portion to be. All that means is that we have some * (non-persistent) quota reservations that need to be unreserved. */ - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, true); if (tp->t_ticket) { if (regrant && !xlog_is_shutdown(log)) xfs_log_ticket_regrant(log, tp->t_ticket); @@ -1018,7 +1014,7 @@ xfs_trans_cancel( } #endif xfs_trans_unreserve_and_mod_sb(tp); - xfs_trans_unreserve_and_mod_dquots(tp); + xfs_trans_unreserve_and_mod_dquots(tp, false); if (tp->t_ticket) { xfs_log_ticket_ungrant(log, tp->t_ticket); diff --git a/fs/xfs/xfs_trans_dquot.c b/fs/xfs/xfs_trans_dquot.c index 481ba3dc9f19..713b6d243e56 100644 --- a/fs/xfs/xfs_trans_dquot.c +++ b/fs/xfs/xfs_trans_dquot.c @@ -606,6 +606,24 @@ xfs_trans_apply_dquot_deltas( ASSERT(dqp->q_blk.reserved >= dqp->q_blk.count); ASSERT(dqp->q_ino.reserved >= dqp->q_ino.count); ASSERT(dqp->q_rtb.reserved >= dqp->q_rtb.count); + + /* + * We've applied the count changes and given back + * whatever reservation we didn't use. Zero out the + * dqtrx fields. + */ + qtrx->qt_blk_res = 0; + qtrx->qt_bcount_delta = 0; + qtrx->qt_delbcnt_delta = 0; + + qtrx->qt_rtblk_res = 0; + qtrx->qt_rtblk_res_used = 0; + qtrx->qt_rtbcount_delta = 0; + qtrx->qt_delrtb_delta = 0; + + qtrx->qt_ino_res = 0; + qtrx->qt_ino_res_used = 0; + qtrx->qt_icount_delta = 0; } } } @@ -642,7 +660,8 @@ xfs_trans_unreserve_and_mod_dquots_hook( */ void xfs_trans_unreserve_and_mod_dquots( - struct xfs_trans *tp) + struct xfs_trans *tp, + bool already_locked) { int i, j; struct xfs_dquot *dqp; @@ -671,10 +690,12 @@ xfs_trans_unreserve_and_mod_dquots( * about the number of blocks used field, or deltas. * Also we don't bother to zero the fields. */ - locked = false; + locked = already_locked; if (qtrx->qt_blk_res) { - xfs_dqlock(dqp); - locked = true; + if (!locked) { + xfs_dqlock(dqp); + locked = true; + } dqp->q_blk.reserved -= (xfs_qcnt_t)qtrx->qt_blk_res; } @@ -695,7 +716,7 @@ xfs_trans_unreserve_and_mod_dquots( dqp->q_rtb.reserved -= (xfs_qcnt_t)qtrx->qt_rtblk_res; } - if (locked) + if (locked && !already_locked) xfs_dqunlock(dqp); }

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: convert quotacheck to attach dquot buffers" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x ca378189fdfa890a4f0622f85ee41b710bbac271 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121557-herring-copartner-3013@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ca378189fdfa890a4f0622f85ee41b710bbac271 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:39 -0800 Subject: [PATCH] xfs: convert quotacheck to attach dquot buffers Now that we've converted the dquot logging machinery to attach the dquot buffer to the li_buf pointer so that the AIL dqflush doesn't have to allocate or read buffers in a reclaim path, do the same for the quotacheck code so that the reclaim shrinker dqflush call doesn't have to do that either. Cc: <stable(a)vger.kernel.org> # v6.12 Fixes: 903edea6c53f09 ("mm: warn about illegal __GFP_NOFAIL usage in a more appropriate location and manner") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/xfs_dquot.c b/fs/xfs/xfs_dquot.c index 708fd3358375..f11d475898f2 100644 --- a/fs/xfs/xfs_dquot.c +++ b/fs/xfs/xfs_dquot.c @@ -1285,11 +1285,10 @@ xfs_qm_dqflush_check( * Requires dquot flush lock, will clear the dirty flag, delete the quota log * item from the AIL, and shut down the system if something goes wrong. */ -int +static int xfs_dquot_read_buf( struct xfs_trans *tp, struct xfs_dquot *dqp, - xfs_buf_flags_t xbf_flags, struct xfs_buf **bpp) { struct xfs_mount *mp = dqp->q_mount; @@ -1297,10 +1296,8 @@ xfs_dquot_read_buf( int error; error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp, dqp->q_blkno, - mp->m_quotainfo->qi_dqchunklen, xbf_flags, + mp->m_quotainfo->qi_dqchunklen, 0, &bp, &xfs_dquot_buf_ops); - if (error == -EAGAIN) - return error; if (xfs_metadata_is_sick(error)) xfs_dquot_mark_sick(dqp); if (error) @@ -1334,7 +1331,7 @@ xfs_dquot_attach_buf( struct xfs_buf *bp = NULL; spin_unlock(&qlip->qli_lock); - error = xfs_dquot_read_buf(tp, dqp, 0, &bp); + error = xfs_dquot_read_buf(tp, dqp, &bp); if (error) return error; diff --git a/fs/xfs/xfs_dquot.h b/fs/xfs/xfs_dquot.h index c7e80fc90823..c617bac75361 100644 --- a/fs/xfs/xfs_dquot.h +++ b/fs/xfs/xfs_dquot.h @@ -214,8 +214,6 @@ void xfs_dquot_to_disk(struct xfs_disk_dquot *ddqp, struct xfs_dquot *dqp); #define XFS_DQ_IS_DIRTY(dqp) ((dqp)->q_flags & XFS_DQFLAG_DIRTY) void xfs_qm_dqdestroy(struct xfs_dquot *dqp); -int xfs_dquot_read_buf(struct xfs_trans *tp, struct xfs_dquot *dqp, - xfs_buf_flags_t flags, struct xfs_buf **bpp); int xfs_qm_dqflush(struct xfs_dquot *dqp, struct xfs_buf *bp); void xfs_qm_dqunpin_wait(struct xfs_dquot *dqp); void xfs_qm_adjust_dqtimers(struct xfs_dquot *d); diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c index 7d07d4b5c339..69b70c3e999d 100644 --- a/fs/xfs/xfs_qm.c +++ b/fs/xfs/xfs_qm.c @@ -148,13 +148,13 @@ xfs_qm_dqpurge( * We don't care about getting disk errors here. We need * to purge this dquot anyway, so we go ahead regardless. */ - error = xfs_dquot_read_buf(NULL, dqp, XBF_TRYLOCK, &bp); + error = xfs_dquot_use_attached_buf(dqp, &bp); if (error == -EAGAIN) { xfs_dqfunlock(dqp); dqp->q_flags &= ~XFS_DQFLAG_FREEING; goto out_unlock; } - if (error) + if (!bp) goto out_funlock; /* @@ -506,8 +506,8 @@ xfs_qm_dquot_isolate( /* we have to drop the LRU lock to flush the dquot */ spin_unlock(&lru->lock); - error = xfs_dquot_read_buf(NULL, dqp, XBF_TRYLOCK, &bp); - if (error) { + error = xfs_dquot_use_attached_buf(dqp, &bp); + if (!bp || error == -EAGAIN) { xfs_dqfunlock(dqp); goto out_unlock_dirty; } @@ -1331,6 +1331,10 @@ xfs_qm_quotacheck_dqadjust( return error; } + error = xfs_dquot_attach_buf(NULL, dqp); + if (error) + return error; + trace_xfs_dqadjust(dqp); /* @@ -1513,9 +1517,13 @@ xfs_qm_flush_one( goto out_unlock; } - error = xfs_dquot_read_buf(NULL, dqp, XBF_TRYLOCK, &bp); + error = xfs_dquot_use_attached_buf(dqp, &bp); if (error) goto out_unlock; + if (!bp) { + error = -EFSCORRUPTED; + goto out_unlock; + } error = xfs_qm_dqflush(dqp, bp); if (!error)

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: fix zero byte checking in the superblock scrubber" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c004a793e0ec34047c3bd423bcd8966f5fac88dc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121523-ought-imminent-d0a7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c004a793e0ec34047c3bd423bcd8966f5fac88dc Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:42 -0800 Subject: [PATCH] xfs: fix zero byte checking in the superblock scrubber The logic to check that the region past the end of the superblock is all zeroes is wrong -- we don't want to check only the bytes past the end of the maximally sized ondisk superblock structure as currently defined in xfs_format.h; we want to check the bytes beyond the end of the ondisk as defined by the feature bits. Port the superblock size logic from xfs_repair and then put it to use in xfs_scrub. Cc: <stable(a)vger.kernel.org> # v4.15 Fixes: 21fb4cb1981ef7 ("xfs: scrub the secondary superblocks") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/scrub/agheader.c b/fs/xfs/scrub/agheader.c index 88063d67cb5f..9f8c312dfd3c 100644 --- a/fs/xfs/scrub/agheader.c +++ b/fs/xfs/scrub/agheader.c @@ -59,6 +59,32 @@ xchk_superblock_xref( /* scrub teardown will take care of sc->sa for us */ } +/* + * Calculate the ondisk superblock size in bytes given the feature set of the + * mounted filesystem (aka the primary sb). This is subtlely different from + * the logic in xfs_repair, which computes the size of a secondary sb given the + * featureset listed in the secondary sb. + */ +STATIC size_t +xchk_superblock_ondisk_size( + struct xfs_mount *mp) +{ + if (xfs_has_metadir(mp)) + return offsetofend(struct xfs_dsb, sb_pad); + if (xfs_has_metauuid(mp)) + return offsetofend(struct xfs_dsb, sb_meta_uuid); + if (xfs_has_crc(mp)) + return offsetofend(struct xfs_dsb, sb_lsn); + if (xfs_sb_version_hasmorebits(&mp->m_sb)) + return offsetofend(struct xfs_dsb, sb_bad_features2); + if (xfs_has_logv2(mp)) + return offsetofend(struct xfs_dsb, sb_logsunit); + if (xfs_has_sector(mp)) + return offsetofend(struct xfs_dsb, sb_logsectsize); + /* only support dirv2 or more recent */ + return offsetofend(struct xfs_dsb, sb_dirblklog); +} + /* * Scrub the filesystem superblock. * @@ -75,6 +101,7 @@ xchk_superblock( struct xfs_buf *bp; struct xfs_dsb *sb; struct xfs_perag *pag; + size_t sblen; xfs_agnumber_t agno; uint32_t v2_ok; __be32 features_mask; @@ -388,8 +415,8 @@ xchk_superblock( } /* Everything else must be zero. */ - if (memchr_inv(sb + 1, 0, - BBTOB(bp->b_length) - sizeof(struct xfs_dsb))) + sblen = xchk_superblock_ondisk_size(mp); + if (memchr_inv((char *)sb + sblen, 0, BBTOB(bp->b_length) - sblen)) xchk_block_set_corrupt(sc, bp); xchk_superblock_xref(sc, bp);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: fix zero byte checking in the superblock scrubber" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c004a793e0ec34047c3bd423bcd8966f5fac88dc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121523-campus-alike-0706@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c004a793e0ec34047c3bd423bcd8966f5fac88dc Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:42 -0800 Subject: [PATCH] xfs: fix zero byte checking in the superblock scrubber The logic to check that the region past the end of the superblock is all zeroes is wrong -- we don't want to check only the bytes past the end of the maximally sized ondisk superblock structure as currently defined in xfs_format.h; we want to check the bytes beyond the end of the ondisk as defined by the feature bits. Port the superblock size logic from xfs_repair and then put it to use in xfs_scrub. Cc: <stable(a)vger.kernel.org> # v4.15 Fixes: 21fb4cb1981ef7 ("xfs: scrub the secondary superblocks") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/scrub/agheader.c b/fs/xfs/scrub/agheader.c index 88063d67cb5f..9f8c312dfd3c 100644 --- a/fs/xfs/scrub/agheader.c +++ b/fs/xfs/scrub/agheader.c @@ -59,6 +59,32 @@ xchk_superblock_xref( /* scrub teardown will take care of sc->sa for us */ } +/* + * Calculate the ondisk superblock size in bytes given the feature set of the + * mounted filesystem (aka the primary sb). This is subtlely different from + * the logic in xfs_repair, which computes the size of a secondary sb given the + * featureset listed in the secondary sb. + */ +STATIC size_t +xchk_superblock_ondisk_size( + struct xfs_mount *mp) +{ + if (xfs_has_metadir(mp)) + return offsetofend(struct xfs_dsb, sb_pad); + if (xfs_has_metauuid(mp)) + return offsetofend(struct xfs_dsb, sb_meta_uuid); + if (xfs_has_crc(mp)) + return offsetofend(struct xfs_dsb, sb_lsn); + if (xfs_sb_version_hasmorebits(&mp->m_sb)) + return offsetofend(struct xfs_dsb, sb_bad_features2); + if (xfs_has_logv2(mp)) + return offsetofend(struct xfs_dsb, sb_logsunit); + if (xfs_has_sector(mp)) + return offsetofend(struct xfs_dsb, sb_logsectsize); + /* only support dirv2 or more recent */ + return offsetofend(struct xfs_dsb, sb_dirblklog); +} + /* * Scrub the filesystem superblock. * @@ -75,6 +101,7 @@ xchk_superblock( struct xfs_buf *bp; struct xfs_dsb *sb; struct xfs_perag *pag; + size_t sblen; xfs_agnumber_t agno; uint32_t v2_ok; __be32 features_mask; @@ -388,8 +415,8 @@ xchk_superblock( } /* Everything else must be zero. */ - if (memchr_inv(sb + 1, 0, - BBTOB(bp->b_length) - sizeof(struct xfs_dsb))) + sblen = xchk_superblock_ondisk_size(mp); + if (memchr_inv((char *)sb + sblen, 0, BBTOB(bp->b_length) - sblen)) xchk_block_set_corrupt(sc, bp); xchk_superblock_xref(sc, bp);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: fix zero byte checking in the superblock scrubber" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c004a793e0ec34047c3bd423bcd8966f5fac88dc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121521-unrefined-numerate-45fa@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c004a793e0ec34047c3bd423bcd8966f5fac88dc Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:42 -0800 Subject: [PATCH] xfs: fix zero byte checking in the superblock scrubber The logic to check that the region past the end of the superblock is all zeroes is wrong -- we don't want to check only the bytes past the end of the maximally sized ondisk superblock structure as currently defined in xfs_format.h; we want to check the bytes beyond the end of the ondisk as defined by the feature bits. Port the superblock size logic from xfs_repair and then put it to use in xfs_scrub. Cc: <stable(a)vger.kernel.org> # v4.15 Fixes: 21fb4cb1981ef7 ("xfs: scrub the secondary superblocks") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/scrub/agheader.c b/fs/xfs/scrub/agheader.c index 88063d67cb5f..9f8c312dfd3c 100644 --- a/fs/xfs/scrub/agheader.c +++ b/fs/xfs/scrub/agheader.c @@ -59,6 +59,32 @@ xchk_superblock_xref( /* scrub teardown will take care of sc->sa for us */ } +/* + * Calculate the ondisk superblock size in bytes given the feature set of the + * mounted filesystem (aka the primary sb). This is subtlely different from + * the logic in xfs_repair, which computes the size of a secondary sb given the + * featureset listed in the secondary sb. + */ +STATIC size_t +xchk_superblock_ondisk_size( + struct xfs_mount *mp) +{ + if (xfs_has_metadir(mp)) + return offsetofend(struct xfs_dsb, sb_pad); + if (xfs_has_metauuid(mp)) + return offsetofend(struct xfs_dsb, sb_meta_uuid); + if (xfs_has_crc(mp)) + return offsetofend(struct xfs_dsb, sb_lsn); + if (xfs_sb_version_hasmorebits(&mp->m_sb)) + return offsetofend(struct xfs_dsb, sb_bad_features2); + if (xfs_has_logv2(mp)) + return offsetofend(struct xfs_dsb, sb_logsunit); + if (xfs_has_sector(mp)) + return offsetofend(struct xfs_dsb, sb_logsectsize); + /* only support dirv2 or more recent */ + return offsetofend(struct xfs_dsb, sb_dirblklog); +} + /* * Scrub the filesystem superblock. * @@ -75,6 +101,7 @@ xchk_superblock( struct xfs_buf *bp; struct xfs_dsb *sb; struct xfs_perag *pag; + size_t sblen; xfs_agnumber_t agno; uint32_t v2_ok; __be32 features_mask; @@ -388,8 +415,8 @@ xchk_superblock( } /* Everything else must be zero. */ - if (memchr_inv(sb + 1, 0, - BBTOB(bp->b_length) - sizeof(struct xfs_dsb))) + sblen = xchk_superblock_ondisk_size(mp); + if (memchr_inv((char *)sb + sblen, 0, BBTOB(bp->b_length) - sblen)) xchk_block_set_corrupt(sc, bp); xchk_superblock_xref(sc, bp);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: fix zero byte checking in the superblock scrubber" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c004a793e0ec34047c3bd423bcd8966f5fac88dc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121522-parcel-pebble-9775@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c004a793e0ec34047c3bd423bcd8966f5fac88dc Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:42 -0800 Subject: [PATCH] xfs: fix zero byte checking in the superblock scrubber The logic to check that the region past the end of the superblock is all zeroes is wrong -- we don't want to check only the bytes past the end of the maximally sized ondisk superblock structure as currently defined in xfs_format.h; we want to check the bytes beyond the end of the ondisk as defined by the feature bits. Port the superblock size logic from xfs_repair and then put it to use in xfs_scrub. Cc: <stable(a)vger.kernel.org> # v4.15 Fixes: 21fb4cb1981ef7 ("xfs: scrub the secondary superblocks") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/scrub/agheader.c b/fs/xfs/scrub/agheader.c index 88063d67cb5f..9f8c312dfd3c 100644 --- a/fs/xfs/scrub/agheader.c +++ b/fs/xfs/scrub/agheader.c @@ -59,6 +59,32 @@ xchk_superblock_xref( /* scrub teardown will take care of sc->sa for us */ } +/* + * Calculate the ondisk superblock size in bytes given the feature set of the + * mounted filesystem (aka the primary sb). This is subtlely different from + * the logic in xfs_repair, which computes the size of a secondary sb given the + * featureset listed in the secondary sb. + */ +STATIC size_t +xchk_superblock_ondisk_size( + struct xfs_mount *mp) +{ + if (xfs_has_metadir(mp)) + return offsetofend(struct xfs_dsb, sb_pad); + if (xfs_has_metauuid(mp)) + return offsetofend(struct xfs_dsb, sb_meta_uuid); + if (xfs_has_crc(mp)) + return offsetofend(struct xfs_dsb, sb_lsn); + if (xfs_sb_version_hasmorebits(&mp->m_sb)) + return offsetofend(struct xfs_dsb, sb_bad_features2); + if (xfs_has_logv2(mp)) + return offsetofend(struct xfs_dsb, sb_logsunit); + if (xfs_has_sector(mp)) + return offsetofend(struct xfs_dsb, sb_logsectsize); + /* only support dirv2 or more recent */ + return offsetofend(struct xfs_dsb, sb_dirblklog); +} + /* * Scrub the filesystem superblock. * @@ -75,6 +101,7 @@ xchk_superblock( struct xfs_buf *bp; struct xfs_dsb *sb; struct xfs_perag *pag; + size_t sblen; xfs_agnumber_t agno; uint32_t v2_ok; __be32 features_mask; @@ -388,8 +415,8 @@ xchk_superblock( } /* Everything else must be zero. */ - if (memchr_inv(sb + 1, 0, - BBTOB(bp->b_length) - sizeof(struct xfs_dsb))) + sblen = xchk_superblock_ondisk_size(mp); + if (memchr_inv((char *)sb + sblen, 0, BBTOB(bp->b_length) - sblen)) xchk_block_set_corrupt(sc, bp); xchk_superblock_xref(sc, bp);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: fix zero byte checking in the superblock scrubber" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c004a793e0ec34047c3bd423bcd8966f5fac88dc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121521-squeegee-certified-9462@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c004a793e0ec34047c3bd423bcd8966f5fac88dc Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:42 -0800 Subject: [PATCH] xfs: fix zero byte checking in the superblock scrubber The logic to check that the region past the end of the superblock is all zeroes is wrong -- we don't want to check only the bytes past the end of the maximally sized ondisk superblock structure as currently defined in xfs_format.h; we want to check the bytes beyond the end of the ondisk as defined by the feature bits. Port the superblock size logic from xfs_repair and then put it to use in xfs_scrub. Cc: <stable(a)vger.kernel.org> # v4.15 Fixes: 21fb4cb1981ef7 ("xfs: scrub the secondary superblocks") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/scrub/agheader.c b/fs/xfs/scrub/agheader.c index 88063d67cb5f..9f8c312dfd3c 100644 --- a/fs/xfs/scrub/agheader.c +++ b/fs/xfs/scrub/agheader.c @@ -59,6 +59,32 @@ xchk_superblock_xref( /* scrub teardown will take care of sc->sa for us */ } +/* + * Calculate the ondisk superblock size in bytes given the feature set of the + * mounted filesystem (aka the primary sb). This is subtlely different from + * the logic in xfs_repair, which computes the size of a secondary sb given the + * featureset listed in the secondary sb. + */ +STATIC size_t +xchk_superblock_ondisk_size( + struct xfs_mount *mp) +{ + if (xfs_has_metadir(mp)) + return offsetofend(struct xfs_dsb, sb_pad); + if (xfs_has_metauuid(mp)) + return offsetofend(struct xfs_dsb, sb_meta_uuid); + if (xfs_has_crc(mp)) + return offsetofend(struct xfs_dsb, sb_lsn); + if (xfs_sb_version_hasmorebits(&mp->m_sb)) + return offsetofend(struct xfs_dsb, sb_bad_features2); + if (xfs_has_logv2(mp)) + return offsetofend(struct xfs_dsb, sb_logsunit); + if (xfs_has_sector(mp)) + return offsetofend(struct xfs_dsb, sb_logsectsize); + /* only support dirv2 or more recent */ + return offsetofend(struct xfs_dsb, sb_dirblklog); +} + /* * Scrub the filesystem superblock. * @@ -75,6 +101,7 @@ xchk_superblock( struct xfs_buf *bp; struct xfs_dsb *sb; struct xfs_perag *pag; + size_t sblen; xfs_agnumber_t agno; uint32_t v2_ok; __be32 features_mask; @@ -388,8 +415,8 @@ xchk_superblock( } /* Everything else must be zero. */ - if (memchr_inv(sb + 1, 0, - BBTOB(bp->b_length) - sizeof(struct xfs_dsb))) + sblen = xchk_superblock_ondisk_size(mp); + if (memchr_inv((char *)sb + sblen, 0, BBTOB(bp->b_length) - sblen)) xchk_block_set_corrupt(sc, bp); xchk_superblock_xref(sc, bp);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: fix zero byte checking in the superblock scrubber" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x c004a793e0ec34047c3bd423bcd8966f5fac88dc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121520-distract-perish-f190@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c004a793e0ec34047c3bd423bcd8966f5fac88dc Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:42 -0800 Subject: [PATCH] xfs: fix zero byte checking in the superblock scrubber The logic to check that the region past the end of the superblock is all zeroes is wrong -- we don't want to check only the bytes past the end of the maximally sized ondisk superblock structure as currently defined in xfs_format.h; we want to check the bytes beyond the end of the ondisk as defined by the feature bits. Port the superblock size logic from xfs_repair and then put it to use in xfs_scrub. Cc: <stable(a)vger.kernel.org> # v4.15 Fixes: 21fb4cb1981ef7 ("xfs: scrub the secondary superblocks") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/scrub/agheader.c b/fs/xfs/scrub/agheader.c index 88063d67cb5f..9f8c312dfd3c 100644 --- a/fs/xfs/scrub/agheader.c +++ b/fs/xfs/scrub/agheader.c @@ -59,6 +59,32 @@ xchk_superblock_xref( /* scrub teardown will take care of sc->sa for us */ } +/* + * Calculate the ondisk superblock size in bytes given the feature set of the + * mounted filesystem (aka the primary sb). This is subtlely different from + * the logic in xfs_repair, which computes the size of a secondary sb given the + * featureset listed in the secondary sb. + */ +STATIC size_t +xchk_superblock_ondisk_size( + struct xfs_mount *mp) +{ + if (xfs_has_metadir(mp)) + return offsetofend(struct xfs_dsb, sb_pad); + if (xfs_has_metauuid(mp)) + return offsetofend(struct xfs_dsb, sb_meta_uuid); + if (xfs_has_crc(mp)) + return offsetofend(struct xfs_dsb, sb_lsn); + if (xfs_sb_version_hasmorebits(&mp->m_sb)) + return offsetofend(struct xfs_dsb, sb_bad_features2); + if (xfs_has_logv2(mp)) + return offsetofend(struct xfs_dsb, sb_logsunit); + if (xfs_has_sector(mp)) + return offsetofend(struct xfs_dsb, sb_logsectsize); + /* only support dirv2 or more recent */ + return offsetofend(struct xfs_dsb, sb_dirblklog); +} + /* * Scrub the filesystem superblock. * @@ -75,6 +101,7 @@ xchk_superblock( struct xfs_buf *bp; struct xfs_dsb *sb; struct xfs_perag *pag; + size_t sblen; xfs_agnumber_t agno; uint32_t v2_ok; __be32 features_mask; @@ -388,8 +415,8 @@ xchk_superblock( } /* Everything else must be zero. */ - if (memchr_inv(sb + 1, 0, - BBTOB(bp->b_length) - sizeof(struct xfs_dsb))) + sblen = xchk_superblock_ondisk_size(mp); + if (memchr_inv((char *)sb + sblen, 0, BBTOB(bp->b_length) - sblen)) xchk_block_set_corrupt(sc, bp); xchk_superblock_xref(sc, bp);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: return from xfs_symlink_verify early on V4 filesystems" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 7f8b718c58783f3ff0810b39e2f62f50ba2549f6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121530-postwar-percent-fbe9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7f8b718c58783f3ff0810b39e2f62f50ba2549f6 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:43 -0800 Subject: [PATCH] xfs: return from xfs_symlink_verify early on V4 filesystems V4 symlink blocks didn't have headers, so return early if this is a V4 filesystem. Cc: <stable(a)vger.kernel.org> # v5.1 Fixes: 39708c20ab5133 ("xfs: miscellaneous verifier magic value fixups") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/libxfs/xfs_symlink_remote.c b/fs/xfs/libxfs/xfs_symlink_remote.c index f228127a88ff..fb47a76ead18 100644 --- a/fs/xfs/libxfs/xfs_symlink_remote.c +++ b/fs/xfs/libxfs/xfs_symlink_remote.c @@ -92,8 +92,10 @@ xfs_symlink_verify( struct xfs_mount *mp = bp->b_mount; struct xfs_dsymlink_hdr *dsl = bp->b_addr; + /* no verification of non-crc buffers */ if (!xfs_has_crc(mp)) - return __this_address; + return NULL; + if (!xfs_verify_magic(bp, dsl->sl_magic)) return __this_address; if (!uuid_equal(&dsl->sl_uuid, &mp->m_sb.sb_meta_uuid))

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: return from xfs_symlink_verify early on V4 filesystems" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 7f8b718c58783f3ff0810b39e2f62f50ba2549f6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121529-cornbread-brink-915a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7f8b718c58783f3ff0810b39e2f62f50ba2549f6 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:43 -0800 Subject: [PATCH] xfs: return from xfs_symlink_verify early on V4 filesystems V4 symlink blocks didn't have headers, so return early if this is a V4 filesystem. Cc: <stable(a)vger.kernel.org> # v5.1 Fixes: 39708c20ab5133 ("xfs: miscellaneous verifier magic value fixups") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/libxfs/xfs_symlink_remote.c b/fs/xfs/libxfs/xfs_symlink_remote.c index f228127a88ff..fb47a76ead18 100644 --- a/fs/xfs/libxfs/xfs_symlink_remote.c +++ b/fs/xfs/libxfs/xfs_symlink_remote.c @@ -92,8 +92,10 @@ xfs_symlink_verify( struct xfs_mount *mp = bp->b_mount; struct xfs_dsymlink_hdr *dsl = bp->b_addr; + /* no verification of non-crc buffers */ if (!xfs_has_crc(mp)) - return __this_address; + return NULL; + if (!xfs_verify_magic(bp, dsl->sl_magic)) return __this_address; if (!uuid_equal(&dsl->sl_uuid, &mp->m_sb.sb_meta_uuid))

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: return a 64-bit block count from xfs_btree_count_blocks" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x bd27c7bcdca25ce8067ebb94ded6ac1bd7b47317 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121541-preamble-bash-0363@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bd27c7bcdca25ce8067ebb94ded6ac1bd7b47317 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:26 -0800 Subject: [PATCH] xfs: return a 64-bit block count from xfs_btree_count_blocks With the nrext64 feature enabled, it's possible for a data fork to have 2^48 extent mappings. Even with a 64k fsblock size, that maps out to a bmbt containing more than 2^32 blocks. Therefore, this predicate must return a u64 count to avoid an integer wraparound that will cause scrub to do the wrong thing. It's unlikely that any such filesystem currently exists, because the incore bmbt would consume more than 64GB of kernel memory on its own, and so far nobody except me has driven a filesystem that far, judging from the lack of complaints. Cc: <stable(a)vger.kernel.org> # v5.19 Fixes: df9ad5cc7a5240 ("xfs: Introduce macros to represent new maximum extent counts for data/attr forks") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c index 2b5fc5fd1643..c748866ef923 100644 --- a/fs/xfs/libxfs/xfs_btree.c +++ b/fs/xfs/libxfs/xfs_btree.c @@ -5144,7 +5144,7 @@ xfs_btree_count_blocks_helper( int level, void *data) { - xfs_extlen_t *blocks = data; + xfs_filblks_t *blocks = data; (*blocks)++; return 0; @@ -5154,7 +5154,7 @@ xfs_btree_count_blocks_helper( int xfs_btree_count_blocks( struct xfs_btree_cur *cur, - xfs_extlen_t *blocks) + xfs_filblks_t *blocks) { *blocks = 0; return xfs_btree_visit_blocks(cur, xfs_btree_count_blocks_helper, diff --git a/fs/xfs/libxfs/xfs_btree.h b/fs/xfs/libxfs/xfs_btree.h index 3b739459ebb0..c5bff273cae2 100644 --- a/fs/xfs/libxfs/xfs_btree.h +++ b/fs/xfs/libxfs/xfs_btree.h @@ -484,7 +484,7 @@ typedef int (*xfs_btree_visit_blocks_fn)(struct xfs_btree_cur *cur, int level, int xfs_btree_visit_blocks(struct xfs_btree_cur *cur, xfs_btree_visit_blocks_fn fn, unsigned int flags, void *data); -int xfs_btree_count_blocks(struct xfs_btree_cur *cur, xfs_extlen_t *blocks); +int xfs_btree_count_blocks(struct xfs_btree_cur *cur, xfs_filblks_t *blocks); union xfs_btree_rec *xfs_btree_rec_addr(struct xfs_btree_cur *cur, int n, struct xfs_btree_block *block); diff --git a/fs/xfs/libxfs/xfs_ialloc_btree.c b/fs/xfs/libxfs/xfs_ialloc_btree.c index 9b34896dd1a3..6f270d8f4270 100644 --- a/fs/xfs/libxfs/xfs_ialloc_btree.c +++ b/fs/xfs/libxfs/xfs_ialloc_btree.c @@ -744,6 +744,7 @@ xfs_finobt_count_blocks( { struct xfs_buf *agbp = NULL; struct xfs_btree_cur *cur; + xfs_filblks_t blocks; int error; error = xfs_ialloc_read_agi(pag, tp, 0, &agbp); @@ -751,9 +752,10 @@ xfs_finobt_count_blocks( return error; cur = xfs_finobt_init_cursor(pag, tp, agbp); - error = xfs_btree_count_blocks(cur, tree_blocks); + error = xfs_btree_count_blocks(cur, &blocks); xfs_btree_del_cursor(cur, error); xfs_trans_brelse(tp, agbp); + *tree_blocks = blocks; return error; } diff --git a/fs/xfs/scrub/agheader.c b/fs/xfs/scrub/agheader.c index 61f80a6410c7..1d41b85478da 100644 --- a/fs/xfs/scrub/agheader.c +++ b/fs/xfs/scrub/agheader.c @@ -458,7 +458,7 @@ xchk_agf_xref_btreeblks( { struct xfs_agf *agf = sc->sa.agf_bp->b_addr; struct xfs_mount *mp = sc->mp; - xfs_agblock_t blocks; + xfs_filblks_t blocks; xfs_agblock_t btreeblks; int error; @@ -507,7 +507,7 @@ xchk_agf_xref_refcblks( struct xfs_scrub *sc) { struct xfs_agf *agf = sc->sa.agf_bp->b_addr; - xfs_agblock_t blocks; + xfs_filblks_t blocks; int error; if (!sc->sa.refc_cur) @@ -840,7 +840,7 @@ xchk_agi_xref_fiblocks( struct xfs_scrub *sc) { struct xfs_agi *agi = sc->sa.agi_bp->b_addr; - xfs_agblock_t blocks; + xfs_filblks_t blocks; int error = 0; if (!xfs_has_inobtcounts(sc->mp)) diff --git a/fs/xfs/scrub/agheader_repair.c b/fs/xfs/scrub/agheader_repair.c index 0fad0baaba2f..b45d2b32051a 100644 --- a/fs/xfs/scrub/agheader_repair.c +++ b/fs/xfs/scrub/agheader_repair.c @@ -256,7 +256,7 @@ xrep_agf_calc_from_btrees( struct xfs_agf *agf = agf_bp->b_addr; struct xfs_mount *mp = sc->mp; xfs_agblock_t btreeblks; - xfs_agblock_t blocks; + xfs_filblks_t blocks; int error; /* Update the AGF counters from the bnobt. */ @@ -946,7 +946,7 @@ xrep_agi_calc_from_btrees( if (error) goto err; if (xfs_has_inobtcounts(mp)) { - xfs_agblock_t blocks; + xfs_filblks_t blocks; error = xfs_btree_count_blocks(cur, &blocks); if (error) @@ -959,7 +959,7 @@ xrep_agi_calc_from_btrees( agi->agi_freecount = cpu_to_be32(freecount); if (xfs_has_finobt(mp) && xfs_has_inobtcounts(mp)) { - xfs_agblock_t blocks; + xfs_filblks_t blocks; cur = xfs_finobt_init_cursor(sc->sa.pag, sc->tp, agi_bp); error = xfs_btree_count_blocks(cur, &blocks); diff --git a/fs/xfs/scrub/fscounters.c b/fs/xfs/scrub/fscounters.c index 4a50f8e00040..ca23cf4db6c5 100644 --- a/fs/xfs/scrub/fscounters.c +++ b/fs/xfs/scrub/fscounters.c @@ -261,7 +261,7 @@ xchk_fscount_btreeblks( struct xchk_fscounters *fsc, xfs_agnumber_t agno) { - xfs_extlen_t blocks; + xfs_filblks_t blocks; int error; error = xchk_ag_init_existing(sc, agno, &sc->sa); diff --git a/fs/xfs/scrub/ialloc.c b/fs/xfs/scrub/ialloc.c index abad54c3621d..4dc7c83dc08a 100644 --- a/fs/xfs/scrub/ialloc.c +++ b/fs/xfs/scrub/ialloc.c @@ -650,8 +650,8 @@ xchk_iallocbt_xref_rmap_btreeblks( struct xfs_scrub *sc) { xfs_filblks_t blocks; - xfs_extlen_t inobt_blocks = 0; - xfs_extlen_t finobt_blocks = 0; + xfs_filblks_t inobt_blocks = 0; + xfs_filblks_t finobt_blocks = 0; int error; if (!sc->sa.ino_cur || !sc->sa.rmap_cur || diff --git a/fs/xfs/scrub/refcount.c b/fs/xfs/scrub/refcount.c index 2b6be75e9424..1c5e45cc6419 100644 --- a/fs/xfs/scrub/refcount.c +++ b/fs/xfs/scrub/refcount.c @@ -491,7 +491,7 @@ xchk_refcount_xref_rmap( struct xfs_scrub *sc, xfs_filblks_t cow_blocks) { - xfs_extlen_t refcbt_blocks = 0; + xfs_filblks_t refcbt_blocks = 0; xfs_filblks_t blocks; int error; diff --git a/fs/xfs/xfs_bmap_util.c b/fs/xfs/xfs_bmap_util.c index a59bbe767a7d..0836fea2d6d8 100644 --- a/fs/xfs/xfs_bmap_util.c +++ b/fs/xfs/xfs_bmap_util.c @@ -103,7 +103,7 @@ xfs_bmap_count_blocks( struct xfs_mount *mp = ip->i_mount; struct xfs_ifork *ifp = xfs_ifork_ptr(ip, whichfork); struct xfs_btree_cur *cur; - xfs_extlen_t btblocks = 0; + xfs_filblks_t btblocks = 0; int error; *nextents = 0;

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: return a 64-bit block count from xfs_btree_count_blocks" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x bd27c7bcdca25ce8067ebb94ded6ac1bd7b47317 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121541-attempt-labored-5d41@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bd27c7bcdca25ce8067ebb94ded6ac1bd7b47317 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:26 -0800 Subject: [PATCH] xfs: return a 64-bit block count from xfs_btree_count_blocks With the nrext64 feature enabled, it's possible for a data fork to have 2^48 extent mappings. Even with a 64k fsblock size, that maps out to a bmbt containing more than 2^32 blocks. Therefore, this predicate must return a u64 count to avoid an integer wraparound that will cause scrub to do the wrong thing. It's unlikely that any such filesystem currently exists, because the incore bmbt would consume more than 64GB of kernel memory on its own, and so far nobody except me has driven a filesystem that far, judging from the lack of complaints. Cc: <stable(a)vger.kernel.org> # v5.19 Fixes: df9ad5cc7a5240 ("xfs: Introduce macros to represent new maximum extent counts for data/attr forks") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c index 2b5fc5fd1643..c748866ef923 100644 --- a/fs/xfs/libxfs/xfs_btree.c +++ b/fs/xfs/libxfs/xfs_btree.c @@ -5144,7 +5144,7 @@ xfs_btree_count_blocks_helper( int level, void *data) { - xfs_extlen_t *blocks = data; + xfs_filblks_t *blocks = data; (*blocks)++; return 0; @@ -5154,7 +5154,7 @@ xfs_btree_count_blocks_helper( int xfs_btree_count_blocks( struct xfs_btree_cur *cur, - xfs_extlen_t *blocks) + xfs_filblks_t *blocks) { *blocks = 0; return xfs_btree_visit_blocks(cur, xfs_btree_count_blocks_helper, diff --git a/fs/xfs/libxfs/xfs_btree.h b/fs/xfs/libxfs/xfs_btree.h index 3b739459ebb0..c5bff273cae2 100644 --- a/fs/xfs/libxfs/xfs_btree.h +++ b/fs/xfs/libxfs/xfs_btree.h @@ -484,7 +484,7 @@ typedef int (*xfs_btree_visit_blocks_fn)(struct xfs_btree_cur *cur, int level, int xfs_btree_visit_blocks(struct xfs_btree_cur *cur, xfs_btree_visit_blocks_fn fn, unsigned int flags, void *data); -int xfs_btree_count_blocks(struct xfs_btree_cur *cur, xfs_extlen_t *blocks); +int xfs_btree_count_blocks(struct xfs_btree_cur *cur, xfs_filblks_t *blocks); union xfs_btree_rec *xfs_btree_rec_addr(struct xfs_btree_cur *cur, int n, struct xfs_btree_block *block); diff --git a/fs/xfs/libxfs/xfs_ialloc_btree.c b/fs/xfs/libxfs/xfs_ialloc_btree.c index 9b34896dd1a3..6f270d8f4270 100644 --- a/fs/xfs/libxfs/xfs_ialloc_btree.c +++ b/fs/xfs/libxfs/xfs_ialloc_btree.c @@ -744,6 +744,7 @@ xfs_finobt_count_blocks( { struct xfs_buf *agbp = NULL; struct xfs_btree_cur *cur; + xfs_filblks_t blocks; int error; error = xfs_ialloc_read_agi(pag, tp, 0, &agbp); @@ -751,9 +752,10 @@ xfs_finobt_count_blocks( return error; cur = xfs_finobt_init_cursor(pag, tp, agbp); - error = xfs_btree_count_blocks(cur, tree_blocks); + error = xfs_btree_count_blocks(cur, &blocks); xfs_btree_del_cursor(cur, error); xfs_trans_brelse(tp, agbp); + *tree_blocks = blocks; return error; } diff --git a/fs/xfs/scrub/agheader.c b/fs/xfs/scrub/agheader.c index 61f80a6410c7..1d41b85478da 100644 --- a/fs/xfs/scrub/agheader.c +++ b/fs/xfs/scrub/agheader.c @@ -458,7 +458,7 @@ xchk_agf_xref_btreeblks( { struct xfs_agf *agf = sc->sa.agf_bp->b_addr; struct xfs_mount *mp = sc->mp; - xfs_agblock_t blocks; + xfs_filblks_t blocks; xfs_agblock_t btreeblks; int error; @@ -507,7 +507,7 @@ xchk_agf_xref_refcblks( struct xfs_scrub *sc) { struct xfs_agf *agf = sc->sa.agf_bp->b_addr; - xfs_agblock_t blocks; + xfs_filblks_t blocks; int error; if (!sc->sa.refc_cur) @@ -840,7 +840,7 @@ xchk_agi_xref_fiblocks( struct xfs_scrub *sc) { struct xfs_agi *agi = sc->sa.agi_bp->b_addr; - xfs_agblock_t blocks; + xfs_filblks_t blocks; int error = 0; if (!xfs_has_inobtcounts(sc->mp)) diff --git a/fs/xfs/scrub/agheader_repair.c b/fs/xfs/scrub/agheader_repair.c index 0fad0baaba2f..b45d2b32051a 100644 --- a/fs/xfs/scrub/agheader_repair.c +++ b/fs/xfs/scrub/agheader_repair.c @@ -256,7 +256,7 @@ xrep_agf_calc_from_btrees( struct xfs_agf *agf = agf_bp->b_addr; struct xfs_mount *mp = sc->mp; xfs_agblock_t btreeblks; - xfs_agblock_t blocks; + xfs_filblks_t blocks; int error; /* Update the AGF counters from the bnobt. */ @@ -946,7 +946,7 @@ xrep_agi_calc_from_btrees( if (error) goto err; if (xfs_has_inobtcounts(mp)) { - xfs_agblock_t blocks; + xfs_filblks_t blocks; error = xfs_btree_count_blocks(cur, &blocks); if (error) @@ -959,7 +959,7 @@ xrep_agi_calc_from_btrees( agi->agi_freecount = cpu_to_be32(freecount); if (xfs_has_finobt(mp) && xfs_has_inobtcounts(mp)) { - xfs_agblock_t blocks; + xfs_filblks_t blocks; cur = xfs_finobt_init_cursor(sc->sa.pag, sc->tp, agi_bp); error = xfs_btree_count_blocks(cur, &blocks); diff --git a/fs/xfs/scrub/fscounters.c b/fs/xfs/scrub/fscounters.c index 4a50f8e00040..ca23cf4db6c5 100644 --- a/fs/xfs/scrub/fscounters.c +++ b/fs/xfs/scrub/fscounters.c @@ -261,7 +261,7 @@ xchk_fscount_btreeblks( struct xchk_fscounters *fsc, xfs_agnumber_t agno) { - xfs_extlen_t blocks; + xfs_filblks_t blocks; int error; error = xchk_ag_init_existing(sc, agno, &sc->sa); diff --git a/fs/xfs/scrub/ialloc.c b/fs/xfs/scrub/ialloc.c index abad54c3621d..4dc7c83dc08a 100644 --- a/fs/xfs/scrub/ialloc.c +++ b/fs/xfs/scrub/ialloc.c @@ -650,8 +650,8 @@ xchk_iallocbt_xref_rmap_btreeblks( struct xfs_scrub *sc) { xfs_filblks_t blocks; - xfs_extlen_t inobt_blocks = 0; - xfs_extlen_t finobt_blocks = 0; + xfs_filblks_t inobt_blocks = 0; + xfs_filblks_t finobt_blocks = 0; int error; if (!sc->sa.ino_cur || !sc->sa.rmap_cur || diff --git a/fs/xfs/scrub/refcount.c b/fs/xfs/scrub/refcount.c index 2b6be75e9424..1c5e45cc6419 100644 --- a/fs/xfs/scrub/refcount.c +++ b/fs/xfs/scrub/refcount.c @@ -491,7 +491,7 @@ xchk_refcount_xref_rmap( struct xfs_scrub *sc, xfs_filblks_t cow_blocks) { - xfs_extlen_t refcbt_blocks = 0; + xfs_filblks_t refcbt_blocks = 0; xfs_filblks_t blocks; int error; diff --git a/fs/xfs/xfs_bmap_util.c b/fs/xfs/xfs_bmap_util.c index a59bbe767a7d..0836fea2d6d8 100644 --- a/fs/xfs/xfs_bmap_util.c +++ b/fs/xfs/xfs_bmap_util.c @@ -103,7 +103,7 @@ xfs_bmap_count_blocks( struct xfs_mount *mp = ip->i_mount; struct xfs_ifork *ifp = xfs_ifork_ptr(ip, whichfork); struct xfs_btree_cur *cur; - xfs_extlen_t btblocks = 0; + xfs_filblks_t btblocks = 0; int error; *nextents = 0;

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: update btree keys correctly when _insrec splits an inode" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6d7b4bc1c3e00b1a25b7a05141a64337b4629337 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121558-humid-untagged-523e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6d7b4bc1c3e00b1a25b7a05141a64337b4629337 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:31 -0800 Subject: [PATCH] xfs: update btree keys correctly when _insrec splits an inode root block In commit 2c813ad66a72, I partially fixed a bug wherein xfs_btree_insrec would erroneously try to update the parent's key for a block that had been split if we decided to insert the new record into the new block. The solution was to detect this situation and update the in-core key value that we pass up to the caller so that the caller will (eventually) add the new block to the parent level of the tree with the correct key. However, I missed a subtlety about the way inode-rooted btrees work. If the full block was a maximally sized inode root block, we'll solve that fullness by moving the root block's records to a new block, resizing the root block, and updating the root to point to the new block. We don't pass a pointer to the new block to the caller because that work has already been done. The new record will /always/ land in the new block, so in this case we need to use xfs_btree_update_keys to update the keys. This bug can theoretically manifest itself in the very rare case that we split a bmbt root block and the new record lands in the very first slot of the new block, though I've never managed to trigger it in practice. However, it is very easy to reproduce by running generic/522 with the realtime rmapbt patchset if rtinherit=1. Cc: <stable(a)vger.kernel.org> # v4.8 Fixes: 2c813ad66a7218 ("xfs: support btrees with overlapping intervals for keys") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c index c748866ef923..68ee1c299c25 100644 --- a/fs/xfs/libxfs/xfs_btree.c +++ b/fs/xfs/libxfs/xfs_btree.c @@ -3557,14 +3557,31 @@ xfs_btree_insrec( xfs_btree_log_block(cur, bp, XFS_BB_NUMRECS); /* - * If we just inserted into a new tree block, we have to - * recalculate nkey here because nkey is out of date. + * Update btree keys to reflect the newly added record or keyptr. + * There are three cases here to be aware of. Normally, all we have to + * do is walk towards the root, updating keys as necessary. * - * Otherwise we're just updating an existing block (having shoved - * some records into the new tree block), so use the regular key - * update mechanism. + * If the caller had us target a full block for the insertion, we dealt + * with that by calling the _make_block_unfull function. If the + * "make unfull" function splits the block, it'll hand us back the key + * and pointer of the new block. We haven't yet added the new block to + * the next level up, so if we decide to add the new record to the new + * block (bp->b_bn != old_bn), we have to update the caller's pointer + * so that the caller adds the new block with the correct key. + * + * However, there is a third possibility-- if the selected block is the + * root block of an inode-rooted btree and cannot be expanded further, + * the "make unfull" function moves the root block contents to a new + * block and updates the root block to point to the new block. In this + * case, no block pointer is passed back because the block has already + * been added to the btree. In this case, we need to use the regular + * key update function, just like the first case. This is critical for + * overlapping btrees, because the high key must be updated to reflect + * the entire tree, not just the subtree accessible through the first + * child of the root (which is now two levels down from the root). */ - if (bp && xfs_buf_daddr(bp) != old_bn) { + if (!xfs_btree_ptr_is_null(cur, &nptr) && + bp && xfs_buf_daddr(bp) != old_bn) { xfs_btree_get_keys(cur, block, lkey); } else if (xfs_btree_needs_key_update(cur, optr)) { error = xfs_btree_update_keys(cur, level);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: update btree keys correctly when _insrec splits an inode" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6d7b4bc1c3e00b1a25b7a05141a64337b4629337 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121557-maker-flint-95f1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6d7b4bc1c3e00b1a25b7a05141a64337b4629337 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:31 -0800 Subject: [PATCH] xfs: update btree keys correctly when _insrec splits an inode root block In commit 2c813ad66a72, I partially fixed a bug wherein xfs_btree_insrec would erroneously try to update the parent's key for a block that had been split if we decided to insert the new record into the new block. The solution was to detect this situation and update the in-core key value that we pass up to the caller so that the caller will (eventually) add the new block to the parent level of the tree with the correct key. However, I missed a subtlety about the way inode-rooted btrees work. If the full block was a maximally sized inode root block, we'll solve that fullness by moving the root block's records to a new block, resizing the root block, and updating the root to point to the new block. We don't pass a pointer to the new block to the caller because that work has already been done. The new record will /always/ land in the new block, so in this case we need to use xfs_btree_update_keys to update the keys. This bug can theoretically manifest itself in the very rare case that we split a bmbt root block and the new record lands in the very first slot of the new block, though I've never managed to trigger it in practice. However, it is very easy to reproduce by running generic/522 with the realtime rmapbt patchset if rtinherit=1. Cc: <stable(a)vger.kernel.org> # v4.8 Fixes: 2c813ad66a7218 ("xfs: support btrees with overlapping intervals for keys") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c index c748866ef923..68ee1c299c25 100644 --- a/fs/xfs/libxfs/xfs_btree.c +++ b/fs/xfs/libxfs/xfs_btree.c @@ -3557,14 +3557,31 @@ xfs_btree_insrec( xfs_btree_log_block(cur, bp, XFS_BB_NUMRECS); /* - * If we just inserted into a new tree block, we have to - * recalculate nkey here because nkey is out of date. + * Update btree keys to reflect the newly added record or keyptr. + * There are three cases here to be aware of. Normally, all we have to + * do is walk towards the root, updating keys as necessary. * - * Otherwise we're just updating an existing block (having shoved - * some records into the new tree block), so use the regular key - * update mechanism. + * If the caller had us target a full block for the insertion, we dealt + * with that by calling the _make_block_unfull function. If the + * "make unfull" function splits the block, it'll hand us back the key + * and pointer of the new block. We haven't yet added the new block to + * the next level up, so if we decide to add the new record to the new + * block (bp->b_bn != old_bn), we have to update the caller's pointer + * so that the caller adds the new block with the correct key. + * + * However, there is a third possibility-- if the selected block is the + * root block of an inode-rooted btree and cannot be expanded further, + * the "make unfull" function moves the root block contents to a new + * block and updates the root block to point to the new block. In this + * case, no block pointer is passed back because the block has already + * been added to the btree. In this case, we need to use the regular + * key update function, just like the first case. This is critical for + * overlapping btrees, because the high key must be updated to reflect + * the entire tree, not just the subtree accessible through the first + * child of the root (which is now two levels down from the root). */ - if (bp && xfs_buf_daddr(bp) != old_bn) { + if (!xfs_btree_ptr_is_null(cur, &nptr) && + bp && xfs_buf_daddr(bp) != old_bn) { xfs_btree_get_keys(cur, block, lkey); } else if (xfs_btree_needs_key_update(cur, optr)) { error = xfs_btree_update_keys(cur, level);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: fix zero byte checking in the superblock scrubber" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c004a793e0ec34047c3bd423bcd8966f5fac88dc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121512-dazzling-encounter-7d53@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c004a793e0ec34047c3bd423bcd8966f5fac88dc Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:42 -0800 Subject: [PATCH] xfs: fix zero byte checking in the superblock scrubber The logic to check that the region past the end of the superblock is all zeroes is wrong -- we don't want to check only the bytes past the end of the maximally sized ondisk superblock structure as currently defined in xfs_format.h; we want to check the bytes beyond the end of the ondisk as defined by the feature bits. Port the superblock size logic from xfs_repair and then put it to use in xfs_scrub. Cc: <stable(a)vger.kernel.org> # v4.15 Fixes: 21fb4cb1981ef7 ("xfs: scrub the secondary superblocks") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/scrub/agheader.c b/fs/xfs/scrub/agheader.c index 88063d67cb5f..9f8c312dfd3c 100644 --- a/fs/xfs/scrub/agheader.c +++ b/fs/xfs/scrub/agheader.c @@ -59,6 +59,32 @@ xchk_superblock_xref( /* scrub teardown will take care of sc->sa for us */ } +/* + * Calculate the ondisk superblock size in bytes given the feature set of the + * mounted filesystem (aka the primary sb). This is subtlely different from + * the logic in xfs_repair, which computes the size of a secondary sb given the + * featureset listed in the secondary sb. + */ +STATIC size_t +xchk_superblock_ondisk_size( + struct xfs_mount *mp) +{ + if (xfs_has_metadir(mp)) + return offsetofend(struct xfs_dsb, sb_pad); + if (xfs_has_metauuid(mp)) + return offsetofend(struct xfs_dsb, sb_meta_uuid); + if (xfs_has_crc(mp)) + return offsetofend(struct xfs_dsb, sb_lsn); + if (xfs_sb_version_hasmorebits(&mp->m_sb)) + return offsetofend(struct xfs_dsb, sb_bad_features2); + if (xfs_has_logv2(mp)) + return offsetofend(struct xfs_dsb, sb_logsunit); + if (xfs_has_sector(mp)) + return offsetofend(struct xfs_dsb, sb_logsectsize); + /* only support dirv2 or more recent */ + return offsetofend(struct xfs_dsb, sb_dirblklog); +} + /* * Scrub the filesystem superblock. * @@ -75,6 +101,7 @@ xchk_superblock( struct xfs_buf *bp; struct xfs_dsb *sb; struct xfs_perag *pag; + size_t sblen; xfs_agnumber_t agno; uint32_t v2_ok; __be32 features_mask; @@ -388,8 +415,8 @@ xchk_superblock( } /* Everything else must be zero. */ - if (memchr_inv(sb + 1, 0, - BBTOB(bp->b_length) - sizeof(struct xfs_dsb))) + sblen = xchk_superblock_ondisk_size(mp); + if (memchr_inv((char *)sb + sblen, 0, BBTOB(bp->b_length) - sblen)) xchk_block_set_corrupt(sc, bp); xchk_superblock_xref(sc, bp);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: fix zero byte checking in the superblock scrubber" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c004a793e0ec34047c3bd423bcd8966f5fac88dc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121511-citable-photo-455b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c004a793e0ec34047c3bd423bcd8966f5fac88dc Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 2 Dec 2024 10:57:42 -0800 Subject: [PATCH] xfs: fix zero byte checking in the superblock scrubber The logic to check that the region past the end of the superblock is all zeroes is wrong -- we don't want to check only the bytes past the end of the maximally sized ondisk superblock structure as currently defined in xfs_format.h; we want to check the bytes beyond the end of the ondisk as defined by the feature bits. Port the superblock size logic from xfs_repair and then put it to use in xfs_scrub. Cc: <stable(a)vger.kernel.org> # v4.15 Fixes: 21fb4cb1981ef7 ("xfs: scrub the secondary superblocks") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/scrub/agheader.c b/fs/xfs/scrub/agheader.c index 88063d67cb5f..9f8c312dfd3c 100644 --- a/fs/xfs/scrub/agheader.c +++ b/fs/xfs/scrub/agheader.c @@ -59,6 +59,32 @@ xchk_superblock_xref( /* scrub teardown will take care of sc->sa for us */ } +/* + * Calculate the ondisk superblock size in bytes given the feature set of the + * mounted filesystem (aka the primary sb). This is subtlely different from + * the logic in xfs_repair, which computes the size of a secondary sb given the + * featureset listed in the secondary sb. + */ +STATIC size_t +xchk_superblock_ondisk_size( + struct xfs_mount *mp) +{ + if (xfs_has_metadir(mp)) + return offsetofend(struct xfs_dsb, sb_pad); + if (xfs_has_metauuid(mp)) + return offsetofend(struct xfs_dsb, sb_meta_uuid); + if (xfs_has_crc(mp)) + return offsetofend(struct xfs_dsb, sb_lsn); + if (xfs_sb_version_hasmorebits(&mp->m_sb)) + return offsetofend(struct xfs_dsb, sb_bad_features2); + if (xfs_has_logv2(mp)) + return offsetofend(struct xfs_dsb, sb_logsunit); + if (xfs_has_sector(mp)) + return offsetofend(struct xfs_dsb, sb_logsectsize); + /* only support dirv2 or more recent */ + return offsetofend(struct xfs_dsb, sb_dirblklog); +} + /* * Scrub the filesystem superblock. * @@ -75,6 +101,7 @@ xchk_superblock( struct xfs_buf *bp; struct xfs_dsb *sb; struct xfs_perag *pag; + size_t sblen; xfs_agnumber_t agno; uint32_t v2_ok; __be32 features_mask; @@ -388,8 +415,8 @@ xchk_superblock( } /* Everything else must be zero. */ - if (memchr_inv(sb + 1, 0, - BBTOB(bp->b_length) - sizeof(struct xfs_dsb))) + sblen = xchk_superblock_ondisk_size(mp); + if (memchr_inv((char *)sb + sblen, 0, BBTOB(bp->b_length) - sblen)) xchk_block_set_corrupt(sc, bp); xchk_superblock_xref(sc, bp);

6 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/pm: Initialize power profile mode" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 8eb966f2403abb844e972fb4eb1348640111f121 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024121515-quickstep-reapprove-b82d@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8eb966f2403abb844e972fb4eb1348640111f121 Mon Sep 17 00:00:00 2001 From: Lijo Lazar <lijo.lazar(a)amd.com> Date: Wed, 4 Dec 2024 13:11:28 +0530 Subject: [PATCH] drm/amd/pm: Initialize power profile mode Refactor such that individual SMU IP versions can choose the startup power profile mode. If no preference, then use the generic default power profile selection logic. Signed-off-by: Lijo Lazar <lijo.lazar(a)amd.com> Reviewed-by: Yang Wang <kevinyang.wang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org # 6.11.x diff --git a/drivers/gpu/drm/amd/include/kgd_pp_interface.h b/drivers/gpu/drm/amd/include/kgd_pp_interface.h index 67a5de573943..d7acdd42d80f 100644 --- a/drivers/gpu/drm/amd/include/kgd_pp_interface.h +++ b/drivers/gpu/drm/amd/include/kgd_pp_interface.h @@ -164,6 +164,7 @@ enum amd_pp_task { }; enum PP_SMC_POWER_PROFILE { + PP_SMC_POWER_PROFILE_UNKNOWN = -1, PP_SMC_POWER_PROFILE_BOOTUP_DEFAULT = 0x0, PP_SMC_POWER_PROFILE_FULLSCREEN3D = 0x1, PP_SMC_POWER_PROFILE_POWERSAVING = 0x2, diff --git a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c index 5eae14fe79f1..21bd635bcdfc 100644 --- a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c +++ b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c @@ -764,6 +764,7 @@ static int smu_early_init(struct amdgpu_ip_block *ip_block) smu->smu_baco.platform_support = false; smu->smu_baco.maco_support = false; smu->user_dpm_profile.fan_mode = -1; + smu->power_profile_mode = PP_SMC_POWER_PROFILE_UNKNOWN; mutex_init(&smu->message_lock); @@ -1248,6 +1249,21 @@ static bool smu_is_workload_profile_available(struct smu_context *smu, return smu->workload_map && smu->workload_map[profile].valid_mapping; } +static void smu_init_power_profile(struct smu_context *smu) +{ + if (smu->power_profile_mode == PP_SMC_POWER_PROFILE_UNKNOWN) { + if (smu->is_apu || + !smu_is_workload_profile_available( + smu, PP_SMC_POWER_PROFILE_FULLSCREEN3D)) + smu->power_profile_mode = + PP_SMC_POWER_PROFILE_BOOTUP_DEFAULT; + else + smu->power_profile_mode = + PP_SMC_POWER_PROFILE_FULLSCREEN3D; + } + smu_power_profile_mode_get(smu, smu->power_profile_mode); +} + static int smu_sw_init(struct amdgpu_ip_block *ip_block) { struct amdgpu_device *adev = ip_block->adev; @@ -1269,13 +1285,7 @@ static int smu_sw_init(struct amdgpu_ip_block *ip_block) atomic_set(&smu->smu_power.power_gate.vpe_gated, 1); atomic_set(&smu->smu_power.power_gate.umsch_mm_gated, 1); - if (smu->is_apu || - !smu_is_workload_profile_available(smu, PP_SMC_POWER_PROFILE_FULLSCREEN3D)) - smu->power_profile_mode = PP_SMC_POWER_PROFILE_BOOTUP_DEFAULT; - else - smu->power_profile_mode = PP_SMC_POWER_PROFILE_FULLSCREEN3D; - smu_power_profile_mode_get(smu, smu->power_profile_mode); - + smu_init_power_profile(smu); smu->display_config = &adev->pm.pm_display_cfg; smu->smu_dpm.dpm_level = AMD_DPM_FORCED_LEVEL_AUTO;

6 months, 1 week

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror