- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] mptcp: pm: only mark 'subflow' endp as available" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 322ea3778965da72862cca2a0c50253aacf65fe6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082627-devotion-chewer-87af@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 322ea3778965 ("mptcp: pm: only mark 'subflow' endp as available") f448451aa62d ("mptcp: pm: remove mptcp_pm_remove_subflow()") ef34a6ea0cab ("mptcp: pm: re-using ID of unused flushed subflows") edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") 9bbec87ecfe8 ("mptcp: unify pm get_local_id interfaces") dc886bce753c ("mptcp: export local_address") 8b1c94da1e48 ("mptcp: only send RM_ADDR in nl_cmd_remove") 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") c157bbe776b7 ("mptcp: allow the in kernel PM to set MPC subflow priority") 843b5e75efff ("mptcp: fix local endpoint accounting") d9a4594edabf ("mptcp: netlink: Add MPTCP_PM_CMD_REMOVE") 9ab4807c84a4 ("mptcp: netlink: Add MPTCP_PM_CMD_ANNOUNCE") 982f17ba1a25 ("mptcp: netlink: split mptcp_pm_parse_addr into two functions") 8b20137012d9 ("mptcp: read attributes of addr entries managed by userspace PMs") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") 0530020a7c8f ("mptcp: track and update contiguous data status") 0348c690ed37 ("mptcp: add the fallback check") 1761fed25678 ("mptcp: don't send RST for single subflow") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 322ea3778965da72862cca2a0c50253aacf65fe6 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:26 +0200 Subject: [PATCH] mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARN_ON_ONCE(msk->pm.local_addr_used == 0) ... before decrementing the local_addr_used counter helped to find a bug when running the "remove single address" subtest from the mptcp_join.sh selftests. Removing a 'signal' endpoint will trigger the removal of all subflows linked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with rm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used counter, which is wrong in this case because this counter is linked to 'subflow' endpoints, and here it is a 'signal' endpoint that is being removed. Now, the counter is decremented, only if the ID is being used outside of mptcp_pm_nl_rm_addr_or_subflow(), only for 'subflow' endpoints, and if the ID is not 0 -- local_addr_used is not taking into account these ones. This marking of the ID as being available, and the decrement is done no matter if a subflow using this ID is currently available, because the subflow could have been closed before. Fixes: 06faa2271034 ("mptcp: remove multi addresses and subflows in PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-8-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 44fc1c5959ac..4cf7cc851f80 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -833,10 +833,10 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMSUBFLOW) __MPTCP_INC_STATS(sock_net(sk), rm_type); } - if (rm_type == MPTCP_MIB_RMSUBFLOW) - __set_bit(rm_id ? rm_id : msk->mpc_endpoint_id, msk->pm.id_avail_bitmap); - else if (rm_type == MPTCP_MIB_RMADDR) + + if (rm_type == MPTCP_MIB_RMADDR) __MPTCP_INC_STATS(sock_net(sk), rm_type); + if (!removed) continue; @@ -846,8 +846,6 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMADDR) { msk->pm.add_addr_accepted--; WRITE_ONCE(msk->pm.accept_addr, true); - } else if (rm_type == MPTCP_MIB_RMSUBFLOW) { - msk->pm.local_addr_used--; } } } @@ -1441,6 +1439,14 @@ static bool mptcp_pm_remove_anno_addr(struct mptcp_sock *msk, return ret; } +static void __mark_subflow_endp_available(struct mptcp_sock *msk, u8 id) +{ + /* If it was marked as used, and not ID 0, decrement local_addr_used */ + if (!__test_and_set_bit(id ? : msk->mpc_endpoint_id, msk->pm.id_avail_bitmap) && + id && !WARN_ON_ONCE(msk->pm.local_addr_used == 0)) + msk->pm.local_addr_used--; +} + static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, const struct mptcp_pm_addr_entry *entry) { @@ -1474,11 +1480,11 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, spin_lock_bh(&msk->pm.lock); mptcp_pm_nl_rm_subflow_received(msk, &list); spin_unlock_bh(&msk->pm.lock); - } else if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { - /* If the subflow has been used, but now closed */ + } + + if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { spin_lock_bh(&msk->pm.lock); - if (!__test_and_set_bit(entry->addr.id, msk->pm.id_avail_bitmap)) - msk->pm.local_addr_used--; + __mark_subflow_endp_available(msk, list.ids[0]); spin_unlock_bh(&msk->pm.lock); } @@ -1516,6 +1522,7 @@ static int mptcp_nl_remove_id_zero_address(struct net *net, spin_lock_bh(&msk->pm.lock); mptcp_pm_remove_addr(msk, &list); mptcp_pm_nl_rm_subflow_received(msk, &list); + __mark_subflow_endp_available(msk, 0); spin_unlock_bh(&msk->pm.lock); release_sock(sk); @@ -1917,6 +1924,7 @@ static void mptcp_pm_nl_fullmesh(struct mptcp_sock *msk, spin_lock_bh(&msk->pm.lock); mptcp_pm_nl_rm_subflow_received(msk, &list); + __mark_subflow_endp_available(msk, list.ids[0]); mptcp_pm_create_subflow_or_signal_addr(msk); spin_unlock_bh(&msk->pm.lock); }

8 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: re-using ID of unused removed subflows" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x edd8b5d868a4d459f3065493001e293901af758d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082613-gerbil-channel-c3e1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 33397b83eee6 ("selftests: mptcp: add backup with port testcase") 09f12c3ab7a5 ("mptcp: allow to use port and non-signal in set_flags") 6a0653b96f5d ("selftests: mptcp: add fullmesh setting tests") 327b9a94e2a8 ("selftests: mptcp: more stable join tests-cases") 6bb3ab4913e9 ("selftests: mptcp: add MP_FAIL mibs check") f444fea7896d ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From edd8b5d868a4d459f3065493001e293901af758d Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:21 +0200 Subject: [PATCH] mptcp: pm: re-using ID of unused removed subflows If no subflow is attached to the 'subflow' endpoint that is being removed, the addr ID will not be marked as available again. Mark the linked ID as available when removing the 'subflow' endpoint if no subflow is attached to it. While at it, the local_addr_used counter is decremented if the ID was marked as being used to reflect the reality, but also to allow adding new endpoints after that. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-3-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 26f0329e16bb..8b232a210a06 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1469,8 +1469,17 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, remove_subflow = lookup_subflow_by_saddr(&msk->conn_list, addr); mptcp_pm_remove_anno_addr(msk, addr, remove_subflow && !(entry->flags & MPTCP_PM_ADDR_FLAG_IMPLICIT)); - if (remove_subflow) + + if (remove_subflow) { mptcp_pm_remove_subflow(msk, &list); + } else if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { + /* If the subflow has been used, but now closed */ + spin_lock_bh(&msk->pm.lock); + if (!__test_and_set_bit(entry->addr.id, msk->pm.id_avail_bitmap)) + msk->pm.local_addr_used--; + spin_unlock_bh(&msk->pm.lock); + } + release_sock(sk); next:

8 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: re-using ID of unused removed subflows" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x edd8b5d868a4d459f3065493001e293901af758d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082612-hydrated-overdress-ea6a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 33397b83eee6 ("selftests: mptcp: add backup with port testcase") 09f12c3ab7a5 ("mptcp: allow to use port and non-signal in set_flags") 6a0653b96f5d ("selftests: mptcp: add fullmesh setting tests") 327b9a94e2a8 ("selftests: mptcp: more stable join tests-cases") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From edd8b5d868a4d459f3065493001e293901af758d Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:21 +0200 Subject: [PATCH] mptcp: pm: re-using ID of unused removed subflows If no subflow is attached to the 'subflow' endpoint that is being removed, the addr ID will not be marked as available again. Mark the linked ID as available when removing the 'subflow' endpoint if no subflow is attached to it. While at it, the local_addr_used counter is decremented if the ID was marked as being used to reflect the reality, but also to allow adding new endpoints after that. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-3-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 26f0329e16bb..8b232a210a06 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1469,8 +1469,17 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, remove_subflow = lookup_subflow_by_saddr(&msk->conn_list, addr); mptcp_pm_remove_anno_addr(msk, addr, remove_subflow && !(entry->flags & MPTCP_PM_ADDR_FLAG_IMPLICIT)); - if (remove_subflow) + + if (remove_subflow) { mptcp_pm_remove_subflow(msk, &list); + } else if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { + /* If the subflow has been used, but now closed */ + spin_lock_bh(&msk->pm.lock); + if (!__test_and_set_bit(entry->addr.id, msk->pm.id_avail_bitmap)) + msk->pm.local_addr_used--; + spin_unlock_bh(&msk->pm.lock); + } + release_sock(sk); next:

8 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: re-using ID of unused removed ADD_ADDR" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e255683c06df572ead96db5efb5d21be30c0efaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082646-gondola-dainty-6096@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: e255683c06df ("mptcp: pm: re-using ID of unused removed ADD_ADDR") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") 7d9bf018f907 ("selftests: mptcp: update output info of chk_rm_nr") 327b9a94e2a8 ("selftests: mptcp: more stable join tests-cases") 6bb3ab4913e9 ("selftests: mptcp: add MP_FAIL mibs check") f7713dd5d23a ("selftests: mptcp: delete uncontinuous removing ids") 4f49d63352da ("selftests: mptcp: add fullmesh testcases") 0cddb4a6f4e3 ("selftests: mptcp: add deny_join_id0 testcases") af66d3e1c3fa ("selftests: mptcp: enable checksum in mptcp_join.sh") 5e287fe76149 ("selftests: mptcp: remove id 0 address testcases") ef360019db40 ("selftests: mptcp: signal addresses testcases") efd13b71a3fa ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e255683c06df572ead96db5efb5d21be30c0efaa Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:19 +0200 Subject: [PATCH] mptcp: pm: re-using ID of unused removed ADD_ADDR If no subflow is attached to the 'signal' endpoint that is being removed, the addr ID will not be marked as available again. Mark the linked ID as available when removing the address entry from the list to cover this case. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-1-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 4cae2aa7be5c..26f0329e16bb 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1431,7 +1431,10 @@ static bool mptcp_pm_remove_anno_addr(struct mptcp_sock *msk, ret = remove_anno_list_by_saddr(msk, addr); if (ret || force) { spin_lock_bh(&msk->pm.lock); - msk->pm.add_addr_signaled -= ret; + if (ret) { + __set_bit(addr->id, msk->pm.id_avail_bitmap); + msk->pm.add_addr_signaled--; + } mptcp_pm_remove_addr(msk, &list); spin_unlock_bh(&msk->pm.lock); }

8 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: re-using ID of unused removed ADD_ADDR" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e255683c06df572ead96db5efb5d21be30c0efaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082621-unluckily-aghast-028b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: e255683c06df ("mptcp: pm: re-using ID of unused removed ADD_ADDR") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") 7d9bf018f907 ("selftests: mptcp: update output info of chk_rm_nr") 327b9a94e2a8 ("selftests: mptcp: more stable join tests-cases") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e255683c06df572ead96db5efb5d21be30c0efaa Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:19 +0200 Subject: [PATCH] mptcp: pm: re-using ID of unused removed ADD_ADDR If no subflow is attached to the 'signal' endpoint that is being removed, the addr ID will not be marked as available again. Mark the linked ID as available when removing the address entry from the list to cover this case. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-1-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 4cae2aa7be5c..26f0329e16bb 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -1431,7 +1431,10 @@ static bool mptcp_pm_remove_anno_addr(struct mptcp_sock *msk, ret = remove_anno_list_by_saddr(msk, addr); if (ret || force) { spin_lock_bh(&msk->pm.lock); - msk->pm.add_addr_signaled -= ret; + if (ret) { + __set_bit(addr->id, msk->pm.id_avail_bitmap); + msk->pm.add_addr_signaled--; + } mptcp_pm_remove_addr(msk, &list); spin_unlock_bh(&msk->pm.lock); }

8 months

2
1
0 0

[PATCH 6.6 3/4] riscv: mm: Only compile pgtable.c if MMU

by WangYuli

From: Alexandre Ghiti <alexghiti(a)rivosinc.com> [ Upstream commit d6508999d1882ddd0db8b3b4bd7967d83e9909fa ] All functions defined in there depend on MMU, so no need to compile it for !MMU configs. Signed-off-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Link: https://lore.kernel.org/r/20231213203001.179237-4-alexghiti@rivosinc.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- arch/riscv/mm/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/riscv/mm/Makefile b/arch/riscv/mm/Makefile index 3a4dfc8babcf..2c869f8026a8 100644 --- a/arch/riscv/mm/Makefile +++ b/arch/riscv/mm/Makefile @@ -13,10 +13,9 @@ endif KCOV_INSTRUMENT_init.o := n obj-y += init.o -obj-$(CONFIG_MMU) += extable.o fault.o pageattr.o +obj-$(CONFIG_MMU) += extable.o fault.o pageattr.o pgtable.o obj-y += cacheflush.o obj-y += context.o -obj-y += pgtable.o obj-y += pmem.o ifeq ($(CONFIG_MMU),y) -- 2.43.4

8 months

1
0
0 0

[PATCH 6.6 2/4] mm: Introduce pudp/p4dp/pgdp_get() functions

by WangYuli

From: Alexandre Ghiti <alexghiti(a)rivosinc.com> [ Upstream commit eba2591d99d1f14a04c8a8a845ab0795b93f5646 ] Instead of directly dereferencing page tables entries, which can cause issues (see commit 20a004e7b017 ("arm64: mm: Use READ_ONCE/WRITE_ONCE when accessing page tables"), let's introduce new functions to get the pud/p4d/pgd entries (the pte and pmd versions already exist). Note that arm pgd_t is actually an array so pgdp_get() is defined as a macro to avoid a build error. Those new functions will be used in subsequent commits by the riscv architecture. Signed-off-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Link: https://lore.kernel.org/r/20231213203001.179237-3-alexghiti@rivosinc.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- arch/arm/include/asm/pgtable.h | 2 ++ include/linux/pgtable.h | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h index 16b02f44c7d3..d657b84b6bf7 100644 --- a/arch/arm/include/asm/pgtable.h +++ b/arch/arm/include/asm/pgtable.h @@ -151,6 +151,8 @@ extern pgprot_t phys_mem_access_prot(struct file *file, unsigned long pfn, extern pgd_t swapper_pg_dir[PTRS_PER_PGD]; +#define pgdp_get(pgpd) READ_ONCE(*pgdp) + #define pud_page(pud) pmd_page(__pmd(pud_val(pud))) #define pud_write(pud) pmd_write(__pmd(pud_val(pud))) diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index af7639c3b0a3..8b7daccd11be 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -292,6 +292,27 @@ static inline pmd_t pmdp_get(pmd_t *pmdp) } #endif +#ifndef pudp_get +static inline pud_t pudp_get(pud_t *pudp) +{ + return READ_ONCE(*pudp); +} +#endif + +#ifndef p4dp_get +static inline p4d_t p4dp_get(p4d_t *p4dp) +{ + return READ_ONCE(*p4dp); +} +#endif + +#ifndef pgdp_get +static inline pgd_t pgdp_get(pgd_t *pgdp) +{ + return READ_ONCE(*pgdp); +} +#endif + #ifndef __HAVE_ARCH_PTEP_TEST_AND_CLEAR_YOUNG static inline int ptep_test_and_clear_young(struct vm_area_struct *vma, unsigned long address, -- 2.43.4

8 months

1
0
0 0

[PATCH 6.6 1/4] riscv: Use WRITE_ONCE() when setting page table entries

by WangYuli

From: Alexandre Ghiti <alexghiti(a)rivosinc.com> [ Upstream commit c30fa83b49897e708a52e122dd10616a52a4c82b ] To avoid any compiler "weirdness" when accessing page table entries which are concurrently modified by the HW, let's use WRITE_ONCE() macro (commit 20a004e7b017 ("arm64: mm: Use READ_ONCE/WRITE_ONCE when accessing page tables") gives a great explanation with more details). Signed-off-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Link: https://lore.kernel.org/r/20231213203001.179237-2-alexghiti@rivosinc.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- arch/riscv/include/asm/pgtable-64.h | 6 +++--- arch/riscv/include/asm/pgtable.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/riscv/include/asm/pgtable-64.h b/arch/riscv/include/asm/pgtable-64.h index 7a5097202e15..a65a352dcfbf 100644 --- a/arch/riscv/include/asm/pgtable-64.h +++ b/arch/riscv/include/asm/pgtable-64.h @@ -198,7 +198,7 @@ static inline int pud_user(pud_t pud) static inline void set_pud(pud_t *pudp, pud_t pud) { - *pudp = pud; + WRITE_ONCE(*pudp, pud); } static inline void pud_clear(pud_t *pudp) @@ -274,7 +274,7 @@ static inline unsigned long _pmd_pfn(pmd_t pmd) static inline void set_p4d(p4d_t *p4dp, p4d_t p4d) { if (pgtable_l4_enabled) - *p4dp = p4d; + WRITE_ONCE(*p4dp, p4d); else set_pud((pud_t *)p4dp, (pud_t){ p4d_val(p4d) }); } @@ -347,7 +347,7 @@ static inline pud_t *pud_offset(p4d_t *p4d, unsigned long address) static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) { if (pgtable_l5_enabled) - *pgdp = pgd; + WRITE_ONCE(*pgdp, pgd); else set_p4d((p4d_t *)pgdp, (p4d_t){ pgd_val(pgd) }); } diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgtable.h index 719c3041ae1c..f8e72df4113a 100644 --- a/arch/riscv/include/asm/pgtable.h +++ b/arch/riscv/include/asm/pgtable.h @@ -248,7 +248,7 @@ static inline int pmd_leaf(pmd_t pmd) static inline void set_pmd(pmd_t *pmdp, pmd_t pmd) { - *pmdp = pmd; + WRITE_ONCE(*pmdp, pmd); } static inline void pmd_clear(pmd_t *pmdp) @@ -515,7 +515,7 @@ static inline int pte_same(pte_t pte_a, pte_t pte_b) */ static inline void set_pte(pte_t *ptep, pte_t pteval) { - *ptep = pteval; + WRITE_ONCE(*ptep, pteval); } void flush_icache_pte(pte_t pte); -- 2.43.4

8 months

1
0
0 0

[PATCH v2] usb: cdnsp: Fix incorrect usb_request status

by Pawel Laszczak

Fix changes incorrect usb_request->status returned during disabling endpoints. Before fix the status returned during dequeuing requests while disabling endpoint was ECONNRESET. Patch change it to ESHUTDOWN. Patch fixes issue detected during testing UVC gadget. During stopping streaming the class starts dequeuing usb requests and controller driver returns the -ECONNRESET status. After completion requests the class or application "uvc-gadget" try to queue this request again. Changing this status to ESHUTDOWN cause that UVC assumes that endpoint is disabled, or device is disconnected and stops re-queuing usb requests. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v2: - added explanation of issue drivers/usb/cdns3/cdnsp-ring.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index 1e011560e3ae..bccc8fc143d0 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -718,7 +718,8 @@ int cdnsp_remove_request(struct cdnsp_device *pdev, seg = cdnsp_trb_in_td(pdev, cur_td->start_seg, cur_td->first_trb, cur_td->last_trb, hw_deq); - if (seg && (pep->ep_state & EP_ENABLED)) + if (seg && (pep->ep_state & EP_ENABLED) && + !(pep->ep_state & EP_DIS_IN_RROGRESS)) cdnsp_find_new_dequeue_state(pdev, pep, preq->request.stream_id, cur_td, &deq_state); else @@ -736,7 +737,8 @@ int cdnsp_remove_request(struct cdnsp_device *pdev, * During disconnecting all endpoint will be disabled so we don't * have to worry about updating dequeue pointer. */ - if (pdev->cdnsp_state & CDNSP_STATE_DISCONNECT_PENDING) { + if (pdev->cdnsp_state & CDNSP_STATE_DISCONNECT_PENDING || + pep->ep_state & EP_DIS_IN_RROGRESS) { status = -ESHUTDOWN; ret = cdnsp_cmd_set_deq(pdev, pep, &deq_state); } -- 2.43.0

8 months

2
1
0 0

Business Proposal

by dandsmiller＠frontier.com

Good day. I am seeking a reliable and experienced partner to manage our real estate investments in your country. The ideal partner will possess: - In-depth knowledge of the local real estate market - Proven track record in property management and development - Strong network and connections in the industry - Ability to navigate regulatory requirements - Transparency, integrity, and a commitment to delivering results Responsibilities: The partner will be responsible for: - Sourcing and evaluating investment opportunities - Conducting due diligence and risk assessments - Managing property acquisition, development, and sales - Ensuring compliance with local laws and regulations - Providing regular updates and performance reports Benefits: By partnering with us, you will benefit from: - Access to substantial investment capital - Opportunity to collaborate with a reputable UK-based company - Shared success and returns on investment. I look forward to the possibility of working together and achieving mutual success in the real estate market. If you are interested in exploring this partnership opportunity, I would be delighted to schedule a call or meeting to discuss further. Best regards Croitoru Vasile.

8 months

1
0
0 0

[PATCH v2] usb: dwc2: drd: fix clock gating on USB role switch

by Tomas Marek

The dwc2_handle_usb_suspend_intr() function disables gadget clocks in USB peripheral mode when no other power-down mode is available (introduced by commit 0112b7ce68ea ("usb: dwc2: Update dwc2_handle_usb_suspend_intr function.")). However, the dwc2_drd_role_sw_set() USB role update handler attempts to read DWC2 registers if the USB role has changed while the USB is in suspend mode (when the clocks are gated). This causes the system to hang. Release the gadget clocks before handling the USB role update. Fixes: 0112b7ce68ea ("usb: dwc2: Update dwc2_handle_usb_suspend_intr function.") Cc: stable(a)vger.kernel.org Signed-off-by: Tomas Marek <tomas.marek(a)elrest.cz> --- Changes in v2: - CC stable(a)vger.kernel.org - merge ifdef and nested if statements into one if statement --- drivers/usb/dwc2/drd.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/usb/dwc2/drd.c b/drivers/usb/dwc2/drd.c index a8605b02115b..1ad8fa3f862a 100644 --- a/drivers/usb/dwc2/drd.c +++ b/drivers/usb/dwc2/drd.c @@ -127,6 +127,15 @@ static int dwc2_drd_role_sw_set(struct usb_role_switch *sw, enum usb_role role) role = USB_ROLE_DEVICE; } + if ((IS_ENABLED(CONFIG_USB_DWC2_PERIPHERAL) || + IS_ENABLED(CONFIG_USB_DWC2_DUAL_ROLE)) && + dwc2_is_device_mode(hsotg) && + hsotg->lx_state == DWC2_L2 && + hsotg->params.power_down == DWC2_POWER_DOWN_PARAM_NONE && + hsotg->bus_suspended && + !hsotg->params.no_clock_gating) + dwc2_gadget_exit_clock_gating(hsotg, 0); + if (role == USB_ROLE_HOST) { already = dwc2_ovr_avalid(hsotg, true); } else if (role == USB_ROLE_DEVICE) { -- 2.25.1

8 months

1
0
0 0

[PATCH mm-unstable v2 3/3] mm/codetag: add pgalloc_tag_copy()

by Yu Zhao

Add pgalloc_tag_copy() to transfer the codetag from the old folio to the new one during migration. This makes original allocation sites persist cross migration rather than lump into the get_new_folio callbacks passed into migrate_pages(), e.g., compaction_alloc(): # echo 1 >/proc/sys/vm/compact_memory # grep compaction_alloc /proc/allocinfo Before this patch: 132968448 32463 mm/compaction.c:1880 func:compaction_alloc After this patch: 0 0 mm/compaction.c:1880 func:compaction_alloc Fixes: dcfe378c81f7 ("lib: introduce support for page allocation tagging") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> --- include/linux/alloc_tag.h | 24 ++++++++++-------------- include/linux/mm.h | 27 +++++++++++++++++++++++++++ mm/migrate.c | 1 + 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/include/linux/alloc_tag.h b/include/linux/alloc_tag.h index 896491d9ebe8..1f0a9ff23a2c 100644 --- a/include/linux/alloc_tag.h +++ b/include/linux/alloc_tag.h @@ -137,7 +137,16 @@ static inline void alloc_tag_sub_check(union codetag_ref *ref) {} /* Caller should verify both ref and tag to be valid */ static inline void __alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) { + alloc_tag_add_check(ref, tag); + if (!ref || !tag) + return; + ref->ct = &tag->ct; +} + +static inline void alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) +{ + __alloc_tag_ref_set(ref, tag); /* * We need in increment the call counter every time we have a new * allocation or when we split a large allocation into smaller ones. @@ -147,22 +156,9 @@ static inline void __alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag this_cpu_inc(tag->counters->calls); } -static inline void alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) -{ - alloc_tag_add_check(ref, tag); - if (!ref || !tag) - return; - - __alloc_tag_ref_set(ref, tag); -} - static inline void alloc_tag_add(union codetag_ref *ref, struct alloc_tag *tag, size_t bytes) { - alloc_tag_add_check(ref, tag); - if (!ref || !tag) - return; - - __alloc_tag_ref_set(ref, tag); + alloc_tag_ref_set(ref, tag); this_cpu_add(tag->counters->bytes, bytes); } diff --git a/include/linux/mm.h b/include/linux/mm.h index a07e93adb8ad..d750be768121 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4161,10 +4161,37 @@ static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new } } } + +static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) +{ + struct alloc_tag *tag; + union codetag_ref *ref; + + tag = pgalloc_tag_get(&old->page); + if (!tag) + return; + + ref = get_page_tag_ref(&new->page); + if (!ref) + return; + + /* Clear the old ref to the original allocation tag. */ + clear_page_tag_ref(&old->page); + /* Decrement the counters of the tag on get_new_folio. */ + alloc_tag_sub(ref, folio_nr_pages(new)); + + __alloc_tag_ref_set(ref, tag); + + put_page_tag_ref(ref); +} #else /* !CONFIG_MEM_ALLOC_PROFILING */ static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) { } + +static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) +{ +} #endif /* CONFIG_MEM_ALLOC_PROFILING */ #endif /* _LINUX_MM_H */ diff --git a/mm/migrate.c b/mm/migrate.c index 0f6b78fd73aa..dfdb3a136bf8 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -743,6 +743,7 @@ void folio_migrate_flags(struct folio *newfolio, struct folio *folio) folio_set_readahead(newfolio); folio_copy_owner(newfolio, folio); + pgalloc_tag_copy(newfolio, folio); mem_cgroup_migrate(folio, newfolio); } -- 2.46.0.469.g59c65b2a67-goog

8 months

1
0
0 0

[PATCH mm-unstable v2 2/3] mm/codetag: fix pgalloc_tag_split()

by Yu Zhao

The current assumption is that a large folio can only be split into order-0 folios. That is not the case for hugeTLB demotion, nor for THP split: see commit c010d47f107f ("mm: thp: split huge page to any lower order pages"). When a large folio is split into ones of a lower non-zero order, only the new head pages should be tagged. Tagging tail pages can cause imbalanced "calls" counters, since only head pages are untagged by pgalloc_tag_sub() and the "calls" counts on tail pages are leaked, e.g., # echo 2048kB >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote_size # echo 700 >/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages # time echo 700 >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote # echo 0 >/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages # grep alloc_gigantic_folio /proc/allocinfo Before this patch: 0 549427200 mm/hugetlb.c:1549 func:alloc_gigantic_folio real 0m2.057s user 0m0.000s sys 0m2.051s After this patch: 0 0 mm/hugetlb.c:1549 func:alloc_gigantic_folio real 0m1.711s user 0m0.000s sys 0m1.704s Not tagging tail pages also improves the splitting time, e.g., by about 15% when demoting 1GB hugeTLB folios to 2MB ones, as shown above. Fixes: be25d1d4e822 ("mm: create new codetag references during page splitting") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> --- include/linux/mm.h | 30 ++++++++++++++++++++++++++++++ include/linux/pgalloc_tag.h | 31 ------------------------------- mm/huge_memory.c | 2 +- mm/hugetlb.c | 2 +- mm/page_alloc.c | 4 ++-- 5 files changed, 34 insertions(+), 35 deletions(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index b31d4bdd65ad..a07e93adb8ad 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4137,4 +4137,34 @@ void vma_pgtable_walk_end(struct vm_area_struct *vma); int reserve_mem_find_by_name(const char *name, phys_addr_t *start, phys_addr_t *size); +#ifdef CONFIG_MEM_ALLOC_PROFILING +static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) +{ + int i; + struct alloc_tag *tag; + unsigned int nr_pages = 1 << new_order; + + if (!mem_alloc_profiling_enabled()) + return; + + tag = pgalloc_tag_get(&folio->page); + if (!tag) + return; + + for (i = nr_pages; i < (1 << old_order); i += nr_pages) { + union codetag_ref *ref = get_page_tag_ref(folio_page(folio, i)); + + if (ref) { + /* Set new reference to point to the original tag */ + alloc_tag_ref_set(ref, tag); + put_page_tag_ref(ref); + } + } +} +#else /* !CONFIG_MEM_ALLOC_PROFILING */ +static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) +{ +} +#endif /* CONFIG_MEM_ALLOC_PROFILING */ + #endif /* _LINUX_MM_H */ diff --git a/include/linux/pgalloc_tag.h b/include/linux/pgalloc_tag.h index 207f0c83c8e9..59a3deb792a8 100644 --- a/include/linux/pgalloc_tag.h +++ b/include/linux/pgalloc_tag.h @@ -80,36 +80,6 @@ static inline void pgalloc_tag_sub(struct page *page, unsigned int nr) } } -static inline void pgalloc_tag_split(struct page *page, unsigned int nr) -{ - int i; - struct page_ext *first_page_ext; - struct page_ext *page_ext; - union codetag_ref *ref; - struct alloc_tag *tag; - - if (!mem_alloc_profiling_enabled()) - return; - - first_page_ext = page_ext = page_ext_get(page); - if (unlikely(!page_ext)) - return; - - ref = codetag_ref_from_page_ext(page_ext); - if (!ref->ct) - goto out; - - tag = ct_to_alloc_tag(ref->ct); - page_ext = page_ext_next(page_ext); - for (i = 1; i < nr; i++) { - /* Set new reference to point to the original tag */ - alloc_tag_ref_set(codetag_ref_from_page_ext(page_ext), tag); - page_ext = page_ext_next(page_ext); - } -out: - page_ext_put(first_page_ext); -} - static inline struct alloc_tag *pgalloc_tag_get(struct page *page) { struct alloc_tag *tag = NULL; @@ -142,7 +112,6 @@ static inline void clear_page_tag_ref(struct page *page) {} static inline void pgalloc_tag_add(struct page *page, struct task_struct *task, unsigned int nr) {} static inline void pgalloc_tag_sub(struct page *page, unsigned int nr) {} -static inline void pgalloc_tag_split(struct page *page, unsigned int nr) {} static inline struct alloc_tag *pgalloc_tag_get(struct page *page) { return NULL; } static inline void pgalloc_tag_sub_pages(struct alloc_tag *tag, unsigned int nr) {} diff --git a/mm/huge_memory.c b/mm/huge_memory.c index fdc83b0c9e71..2a73efea02d7 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3242,7 +3242,7 @@ static void __split_huge_page(struct page *page, struct list_head *list, /* Caller disabled irqs, so they are still disabled here */ split_page_owner(head, order, new_order); - pgalloc_tag_split(head, 1 << order); + pgalloc_tag_split(folio, order, new_order); /* See comment in __split_huge_page_tail() */ if (folio_test_anon(folio)) { diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 2a73753ecf9e..5c77defad295 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3795,7 +3795,7 @@ static long demote_free_hugetlb_folios(struct hstate *src, struct hstate *dst, list_del(&folio->lru); split_page_owner(&folio->page, huge_page_order(src), huge_page_order(dst)); - pgalloc_tag_split(&folio->page, 1 << huge_page_order(src)); + pgalloc_tag_split(folio, huge_page_order(src), huge_page_order(dst)); for (i = 0; i < pages_per_huge_page(src); i += pages_per_huge_page(dst)) { struct page *page = folio_page(folio, i); diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 6b003f57965d..88113fdba956 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2783,7 +2783,7 @@ void split_page(struct page *page, unsigned int order) for (i = 1; i < (1 << order); i++) set_page_refcounted(page + i); split_page_owner(page, order, 0); - pgalloc_tag_split(page, 1 << order); + pgalloc_tag_split(page_folio(page), order, 0); split_page_memcg(page, order, 0); } EXPORT_SYMBOL_GPL(split_page); @@ -4981,7 +4981,7 @@ static void *make_alloc_exact(unsigned long addr, unsigned int order, struct page *last = page + nr; split_page_owner(page, order, 0); - pgalloc_tag_split(page, 1 << order); + pgalloc_tag_split(page_folio(page), order, 0); split_page_memcg(page, order, 0); while (page < --last) set_page_refcounted(last); -- 2.46.0.469.g59c65b2a67-goog

8 months

1
0
0 0

[PATCH v2] NFSv4: fix a mount deadlock in NFS v4.1 client

by Oleksandr Tymoshenko

nfs41_init_clientid does not signal a failure condition from nfs4_proc_exchange_id and nfs4_proc_create_session to a client which may lead to mount syscall indefinitely blocked in the following stack trace: nfs_wait_client_init_complete nfs41_discover_server_trunking nfs4_discover_server_trunking nfs4_init_client nfs4_set_client nfs4_create_server nfs4_try_get_tree vfs_get_tree do_new_mount __se_sys_mount and the client stuck in uninitialized state. In addition to this all subsequent mount calls would also get blocked in nfs_match_client waiting for the uninitialized client to finish initialization: nfs_wait_client_init_complete nfs_match_client nfs_get_client nfs4_set_client nfs4_create_server nfs4_try_get_tree vfs_get_tree do_new_mount __se_sys_mount To avoid this situation propagate error condition to the mount thread and let mount syscall fail properly. To: Trond Myklebust <trondmy(a)kernel.org> To: Anna Schumaker <anna(a)kernel.org> Cc: linux-nfs(a)vger.kernel.org Cc: jbongio(a)google.com Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/stable/20240906-nfs-mount-deadlock-fix-v1-1-ea1aef5… Signed-off-by: Oleksandr Tymoshenko <ovt(a)google.com> --- Changes in v2: - Added correct To/Cc entries to the commit message - Link to v1: https://lore.kernel.org/r/20240906-nfs-mount-deadlock-fix-v1-1-ea1aef533f9c… --- fs/nfs/nfs4state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c index 877f682b45f2..54ad3440ad2b 100644 --- a/fs/nfs/nfs4state.c +++ b/fs/nfs/nfs4state.c @@ -335,8 +335,8 @@ int nfs41_init_clientid(struct nfs_client *clp, const struct cred *cred) if (!(clp->cl_exchange_flags & EXCHGID4_FLAG_CONFIRMED_R)) nfs4_state_start_reclaim_reboot(clp); nfs41_finish_session_reset(clp); - nfs_mark_client_ready(clp, NFS_CS_READY); out: + nfs_mark_client_ready(clp, status == 0 ? NFS_CS_READY : status); return status; } --- base-commit: ad618736883b8970f66af799e34007475fe33a68 change-id: 20240906-nfs-mount-deadlock-fix-55c14b38e088 Best regards, -- Oleksandr Tymoshenko <ovt(a)google.com>

8 months

1
0
0 0

[PATCH] usb: cdnsp: Fix incorrect usb_request status

by Pawel Laszczak

Fix changes incorrect usb_request->status returned during disabling endpoints. Before fix the status returned during dequeuing requests while disabling endpoint was ECONNRESET. Patch changes it to ESHUTDOWN. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/cdnsp-ring.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index 1e011560e3ae..bccc8fc143d0 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -718,7 +718,8 @@ int cdnsp_remove_request(struct cdnsp_device *pdev, seg = cdnsp_trb_in_td(pdev, cur_td->start_seg, cur_td->first_trb, cur_td->last_trb, hw_deq); - if (seg && (pep->ep_state & EP_ENABLED)) + if (seg && (pep->ep_state & EP_ENABLED) && + !(pep->ep_state & EP_DIS_IN_RROGRESS)) cdnsp_find_new_dequeue_state(pdev, pep, preq->request.stream_id, cur_td, &deq_state); else @@ -736,7 +737,8 @@ int cdnsp_remove_request(struct cdnsp_device *pdev, * During disconnecting all endpoint will be disabled so we don't * have to worry about updating dequeue pointer. */ - if (pdev->cdnsp_state & CDNSP_STATE_DISCONNECT_PENDING) { + if (pdev->cdnsp_state & CDNSP_STATE_DISCONNECT_PENDING || + pep->ep_state & EP_DIS_IN_RROGRESS) { status = -ESHUTDOWN; ret = cdnsp_cmd_set_deq(pdev, pep, &deq_state); } -- 2.43.0

8 months

2
3
0 0

[PATCH v3 0/2] media: qcom: camss: Fix two CAMSS bugs found by dogfooding with SoftISP

by Bryan O'Donoghue

v3: - Amends the commit log for patch #1 per Johan's suggestion. - Link to v2: https://lore.kernel.org/r/20240716-linux-next-24-07-13-camss-fixes-v2-0-e60… v2: - Updates commits with Johan's Review/Reported tags - Adds Closes: https://lore.kernel.org/lkml/ZoVNHOTI0PKMNt4_@hovoldconsulting.com - Cc's stable - Adds in suggested kernel log to allow others to more easily match kernel log to fixes - Link to v1: https://lore.kernel.org/r/20240714-linux-next-24-07-13-camss-fixes-v1-0-8f8… V1: Dogfooding with SoftISP has uncovered two bugs in this series which I'm posting fixes for. - The first error: A simple race condition which to be honest I'm surprised I haven't found earlier nor has anybody else. Simply stated the order we typically end up loading CAMSS on boot has masked out the pm_runtime_enable() race condition that has been present in CAMSS for a long time. If you blacklist qcom-camss in modules.d and then modprobe after boot, the race condition shows up easily. Moving the pm_runtime_enable prior to subdevice registration fixes the problem. The second error: Nomenclature: - CSIPHY: CSI Physical layer analogue to digital domain serialiser - CSID: CSI Decoder - VFE: Video Front End - RDI: Raw Data Interface - VC: Virtual Channel In order to support streaming multiple virtual-channels on the same RDI a V4L2 provided use_count variable is used to decide whether or not to actually terminate streaming and release buffers for 'msm_vfe_rdiX'. Unfortunately use_count indicates the number of times msm_vfe_rdiX has been opened by user-space not the number of concurrent streams on msm_vfe_rdiX. Simply stated use_count and stream_count are two different things. The silicon enabling code to select between VCs is valid but, a different solution needs to be found to support _concurrent_ VC streams. Right now the upstream use_count as-is is breaking the non concurrent VC case and I don't believe there are upstream users of concurrent VCs on CAMSS. This series implements a revert for the invalid use_count check, retaining the ability to select which VC is active on the RDI. Dogfooding with libcamera's SoftISP in Hangouts, Zoom and multiple runs of libcamera's "qcam" application is a very different test-case to the simple capture of frames we previously did when validating the 'use_count' change. A partial revert in expectation of a renewed push to fixup that concurrent VC issue is included. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (2): media: qcom: camss: Remove use_count guard in stop_streaming media: qcom: camss: Fix ordering of pm_runtime_enable drivers/media/platform/qcom/camss/camss-video.c | 6 ------ drivers/media/platform/qcom/camss/camss.c | 5 +++-- 2 files changed, 3 insertions(+), 8 deletions(-) --- base-commit: c6ce8f9ab92edc9726996a0130bfc1c408132d47 change-id: 20240713-linux-next-24-07-13-camss-fixes-fa98c0965a5d Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

8 months

3
4
0 0

[REGRESSION] cifs: triggers bad flatpak & ostree signatures, corrupts ffmpeg & mkvmerge outputs

by Forest

#regzbot introduced: 3ee1a1fc3981 Dear maintainers, I think I have found a cifs regression in the 6.10 kernel series, which leads certain programs to write corrupt data. After upgrading from kernel 6.9.12 to 6.10.6, flatpak and ostree are now writing bad gpg signatures when exporting signed packages or signing their repository metadata/summary files, whenever the repository is on a cifs mount. Instead of writing the signature data, null bytes are written in its place. Furthermore, ffmpeg and mkvmerge are now intermittently writing corrupt files to cifs mounts. No error is reported by the applications or the kernel when it happens. In the case of flatpak, the problem isn't revealed until something tries to use the repository and finds signatures full of null bytes. (Of course, this means the affected repositories have been rendered useless.) In the case of ffmpeg and mkvmerge, the problem isn't revealed until someone plays the video file and reaches a corrupt section. A kernel bisect reveals this: 3ee1a1fc39819906f04d6c62c180e760cd3a689d is the first bad commit commit 3ee1a1fc39819906f04d6c62c180e760cd3a689d Author: David Howells <dhowells(a)redhat.com> Date: Fri Oct 6 18:29:59 2023 +0100 cifs: Cut over to using netfslib I was unable to determine whether 6.11.0-rc4 fixes it, due to another cifs bug in that version (which I hope to report soon). An strace of flatpak (which uses libostree) shows it generating correct signatures internally, but behaving differently on cifs vs. ext4 when working with memory-mapped temp files, in which the signatures are stored before being written to their final outputs. Here's where I reported my initial findings to those projects: https://github.com/flatpak/flatpak/issues/5911 https://github.com/ostreedev/ostree/issues/3288 Debian Testing and Unstable kernels (6.10.4-1 and 6.10.6-1) are affected: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079394 The following reproducer script consistently triggers the problem for me. Run it with two arguments: a path on a cifs mount where an ostree repo should be created, and a GPG key ID with which to sign a commit. #!/bin/sh set -e if [ "$#" -lt 2 ] || [ "$1" = "-h" ] ; then echo "usage: $(basename "$0") <repo-dir> <gpg-key-id>" exit 2 fi repo=$1 keyid=$2 src="./foo" echo "creating ostree repo at $repo" ostree init --repo="$repo" echo "creating source file tree at $src" mkdir -p "$src" echo hi > "$src"/hello ostree commit --repo="$repo" --branch=foo --gpg-sign="$keyid" "$src" if ostree show --repo="$repo" foo; then echo --- echo success! else echo --- ostree show --repo="$repo" --print-detached-metadata-key=ostree.gpgsigs foo echo failure! echo look for null bytes in the above commit signature fi

8 months

3
5
0 0

[PATCH 6.6 000/132] 6.6.50-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.50 release. There are 132 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 07 Sep 2024 09:36:50 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.50-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.50-rc1 Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: qcom: Add UFSHCD_QUIRK_BROKEN_LSDBS_CAP for SM8550 SoC Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check BIOS images before it is used Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: use preferred link settings for dp signal only Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX winstang <winstang(a)amd.com> drm/amd/display: added NULL check at start of dc_validate_stream Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Don't use fsleep for PSR exit waits on dmub replay Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add lock in kfd_process_dequeue_from_device Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add skip_hw_access checks for sriov Christoph Hellwig <hch(a)lst.de> block: remove the blk_flush_integrity call in blk_integrity_unregister Julien Stephan <jstephan(a)baylibre.com> driver: iio: add missing checks on iio_info's callback access Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on blocks for inline_data inode Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Yazen Ghannam <yazen.ghannam(a)amd.com> hwmon: (k10temp) Check return value of amd_smn_read() Olivier Dautricourt <olivierdautricourt(a)gmail.com> dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Olivier Dautricourt <olivierdautricourt(a)gmail.com> dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks Marek Vasut <marex(a)denx.de> drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "Add quota_change type" Maxime Méré <maxime.mere(a)foss.st.com> crypto: stm32/cryp - call finalize with bh disabled Haoran Liu <liuhaoran14(a)163.com> drm/meson: plane: Add error handling Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix incorrect page release Ben Walsh <ben(a)jubnut.com> platform/chrome: cros_ec_lpc: MEC access can use an AML mutex Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Andy Shevchenko <andy.shevchenko(a)gmail.com> regmap: spi: Fix potential off-by-one when calculating reserved size Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgu: fix Unintentional integer overflow for mall size Jason Xing <kernelxing(a)tencent.com> net: remove NULL-pointer net parameter in ip_metrics_convert Amir Goldstein <amir73il(a)gmail.com> fsnotify: clear PARENT_WATCHED flags lazily Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-cci: Always assign *val Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Remove buggy bypass lock contention mitigation Ken Sloat <ksloat(a)designlinxhs.com> pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode. Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Properly handle unexpected AQ completions Chris Lew <quic_clew(a)quicinc.com> soc: qcom: smem: Add qcom_smem_bust_hwspin_lock_by_host() Richard Maina <quic_rmaina(a)quicinc.com> hwspinlock: Introduce hwspin_lock_bust() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD Aleksandr Mishin <amishin(a)t-argos.ru> PCI: al: Check IORESOURCE_BUS existence during probe Jagadeesh Kona <quic_jkona(a)quicinc.com> cpufreq: scmi: Avoid overflow of target_freq in fast switch Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: remove fw_running op Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: update type of buf size to u32 for eeprom functions Xiaogang Chen <xiaogang.chen(a)amd.com> drm/kfd: Correct pinned buffer handling at kfd restore and validate process Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: ser: avoid multiple deinit on same CAM Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check negtive return for table entries Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for smu13 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for aldebaran Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the waring dereferencing hive Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix dereference after null check Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Fix the warning division or modulo by zero Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Lin.Cao <lincao12(a)amd.com> drm/amdkfd: Check debug trap enable before write dbg_ev_file Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds write warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the uninitialized variable warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable warning for smu10 Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt Asad Kamal <asad.kamal(a)amd.com> drm/amd/amdgpu: Check tbo resource pointer Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Alex Hung <alex.hung(a)amd.com> drm/amd/display: Ensure index calculation will not overflow Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy Alex Hung <alex.hung(a)amd.com> drm/amd/display: Spinlock before reading event Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check msg_id before processing transcation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add array index check for hdcp ddc access Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index for aux_rd_interval before using Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: avoid reading vf2pf info size from FB Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix the Out-of-bounds read warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: Fix negative array index read Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix warning using uninitialized value of max_vid_step Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix uninitialized variable warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Assign linear_pitch_alignment even for VM Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pr_debug: add missing \n at the end Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid duplicated SUB_CLOSED events Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: stop transfer when check is done (part 2.2) Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: disable get and dump addr checks Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: test for flush/re-add endpoints Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-re-adding ID 0 signal Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate event numbers Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: add mptcp_lib_events helper Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-adding init endp with != id Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-using ID of unused ADD_ADDR Paolo Abeni <pabeni(a)redhat.com> selftests: mptcp: add explicit test case for remove/readd Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: cannot rm sf if closed Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: declare event macros in mptcp_lib Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: userspace pm get addr tests Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: dump userspace addrs list Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: userspace pm create id 0 subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fix RM_ADDR ID for the initial subflow Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: make pm_remove_addrs_and_subflows static Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: button detect issue Krzysztof Stępniak <kfs.szk(a)gmail.com> ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Rik van Riel <riel(a)surriel.com> dma-debug: avoid deadlock between dma debug vs printk and netconsole Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Add validation for the minimum value of speed_hz Bruno Ancona <brunoanconasala(a)gmail.com> ASoC: amd: yc: Support mic on HP 14-em0002la Paulo Alcantara <pc(a)manguebit.com> smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Fix 'stack guard page was hit' error in dr_rule Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Explicitly reset RPN with Null RPN Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Use the common RPN/bank conversion context Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Explicitly reset RPN with Null RPN Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Mute speakers at suspend / shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: validate dref root and objectid Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Bypass quick recovery if force reset is needed Kyoungrul Kim <k831.kim(a)samsung.com> scsi: ufs: core: Check LSDBS cap when !mcq Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> drm/fb-helper: Don't schedule_work() to flush frame buffer during panic() ------------- Diffstat: Documentation/locking/hwspinlock.rst | 11 + Makefile | 4 +- block/blk-integrity.c | 2 - drivers/base/regmap/regmap-spi.c | 3 +- drivers/cpufreq/scmi-cpufreq.c | 4 +- drivers/crypto/stm32/stm32-cryp.c | 6 +- drivers/dma/altera-msgdma.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gart.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_securedisplay.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 11 +- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 6 + drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 + drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_debug.c | 4 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 9 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 18 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 7 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + drivers/gpu/drm/amd/display/dc/dce/dmub_replay.c | 3 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + .../gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c | 7 +- .../gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c | 10 + .../gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c | 10 + .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 10 + .../gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c | 10 + .../gpu/drm/amd/display/dc/dml/display_mode_vba.c | 7 +- drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 +- drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 +- .../display/dc/link/protocols/link_dp_capability.c | 26 +- .../display/dc/link/protocols/link_dp_training.c | 4 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 +- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 2 +- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 60 +++- .../gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 ++- .../drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 +- drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 27 +- drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 14 + drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 2 + drivers/gpu/drm/bridge/tc358767.c | 2 +- drivers/gpu/drm/drm_fb_helper.c | 11 + drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/meson/meson_plane.c | 17 +- drivers/hwmon/k10temp.c | 36 ++- drivers/hwspinlock/hwspinlock_core.c | 28 ++ drivers/hwspinlock/hwspinlock_internal.h | 3 + drivers/iio/industrialio-core.c | 7 +- drivers/iio/industrialio-event.c | 9 + drivers/iio/inkern.c | 32 ++- drivers/infiniband/hw/efa/efa_com.c | 30 +- drivers/media/usb/uvc/uvc_driver.c | 18 +- drivers/media/v4l2-core/v4l2-cci.c | 9 + drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 3 +- .../ethernet/mellanox/mlx5/core/steering/dr_rule.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/virtio_net.c | 8 +- drivers/net/wireless/ath/ath11k/qmi.c | 2 +- drivers/net/wireless/ath/ath12k/qmi.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 +- drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 - drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 - drivers/net/wireless/realtek/rtw89/ser.c | 8 +- drivers/pci/controller/dwc/pcie-al.c | 16 +- drivers/platform/chrome/cros_ec_lpc_mec.c | 76 +++++- drivers/platform/chrome/cros_ec_lpc_mec.h | 11 + drivers/soc/qcom/smem.c | 26 ++ drivers/spi/spi-hisi-kunpeng.c | 1 + drivers/ufs/core/ufshcd.c | 19 +- drivers/ufs/host/ufs-qcom.c | 6 +- drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 ++++-- fs/btrfs/tree-checker.c | 47 ++++ fs/f2fs/f2fs.h | 2 +- fs/f2fs/inline.c | 20 +- fs/f2fs/inode.c | 2 +- fs/gfs2/quota.c | 19 +- fs/gfs2/util.c | 6 +- fs/notify/fsnotify.c | 31 ++- fs/notify/fsnotify.h | 2 +- fs/notify/mark.c | 32 ++- fs/smb/client/smb2inode.c | 6 +- include/clocksource/timer-xilinx.h | 2 +- include/linux/fsnotify_backend.h | 8 +- include/linux/hwspinlock.h | 6 + include/linux/i2c.h | 2 +- include/linux/soc/qcom/smem.h | 2 + include/net/ip.h | 3 +- include/net/tcp.h | 2 +- include/sound/ump_convert.h | 1 + include/ufs/ufshcd.h | 1 + include/ufs/ufshci.h | 1 + kernel/dma/debug.c | 5 +- kernel/rcu/tree.h | 1 - kernel/rcu/tree_nocb.h | 32 +-- net/ipv4/fib_semantics.c | 5 +- net/ipv4/metrics.c | 8 +- net/ipv4/tcp_cong.c | 11 +- net/ipv6/route.c | 2 +- net/mac80211/main.c | 3 +- net/mptcp/fastopen.c | 4 +- net/mptcp/options.c | 50 ++-- net/mptcp/pm.c | 28 +- net/mptcp/pm_netlink.c | 52 ++-- net/mptcp/protocol.c | 58 ++-- net/mptcp/protocol.h | 9 +- net/mptcp/sched.c | 4 +- net/mptcp/sockopt.c | 4 +- net/mptcp/subflow.c | 48 ++-- net/wireless/scan.c | 46 +++- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 2 +- sound/core/seq/seq_ports.h | 14 +- sound/core/seq/seq_ump_convert.c | 97 ++++--- sound/core/ump_convert.c | 60 ++-- sound/pci/hda/hda_generic.c | 63 +++++ sound/pci/hda/hda_generic.h | 1 + sound/pci/hda/patch_conexant.c | 2 + sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/es8326.c | 2 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 304 +++++++++++++++++++-- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 38 +++ tools/testing/selftests/net/mptcp/userspace_pm.sh | 30 +- 146 files changed, 1669 insertions(+), 574 deletions(-)

8 months

3
134
0 0

[PATCH 6.10 000/184] 6.10.9-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.9 release. There are 184 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 07 Sep 2024 09:36:50 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.9-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.9-rc1 Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: qcom: Add UFSHCD_QUIRK_BROKEN_LSDBS_CAP for SM8550 SoC Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: remove redundant semicolons in RAS_EVENT_LOG David Howells <dhowells(a)redhat.com> mm: Fix filemap_invalidate_inode() to use invalidate_inode_pages2_range() Léo DUBOIN <lduboin(a)freebox.fr> pinctrl: core: reset gpio_device in loop in pinctrl_pins_show() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Stefan Berger <stefanb(a)linux.ibm.com> crypto: ecc - Fix off-by-one missing to clear most significant digit Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check BIOS images before it is used Tao Zhou <tao.zhou1(a)amd.com> drm/amdkfd: use mode1 reset for RAS poison consumption Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: set RAS fed status for more cases Alex Hung <alex.hung(a)amd.com> drm/amd/display: Avoid overflow from uint32_t to uint8_t Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Disable DMCUB timeout for DCN35 Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: use preferred link settings for dp signal only Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX winstang <winstang(a)amd.com> drm/amd/display: added NULL check at start of dc_validate_stream Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Don't use fsleep for PSR exit waits on dmub replay Bob Zhou <bob.zhou(a)amd.com> drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add lock in kfd_process_dequeue_from_device Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: add skip_hw_access checks for sriov Christoph Hellwig <hch(a)lst.de> block: remove the blk_flush_integrity call in blk_integrity_unregister Julien Stephan <jstephan(a)baylibre.com> driver: iio: add missing checks on iio_info's callback access Matthew Brost <matthew.brost(a)intel.com> drm/xe: Add GuC state asserts to deregister_exec_queue Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on blocks for inline_data inode Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Yazen Ghannam <yazen.ghannam(a)amd.com> hwmon: (k10temp) Check return value of amd_smn_read() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: trip: Use READ_ONCE() for lockless access to trip properties Olivier Dautricourt <olivierdautricourt(a)gmail.com> dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Olivier Dautricourt <olivierdautricourt(a)gmail.com> dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Validate power registers for SD and ETH Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe: Check valid domain is passed in xe_force_wake_ref Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe: Ensure caller uses sole domain for xe_force_wake_assert_held Marek Vasut <marex(a)denx.de> drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Valentin Schneider <vschneid(a)redhat.com> net: tcp/dccp: prepare for tw_timer un-pinning John Allen <john.allen(a)amd.com> RAS/AMD/ATL: Validate address map when information is gathered Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "Add quota_change type" Maxime Méré <maxime.mere(a)foss.st.com> crypto: stm32/cryp - call finalize with bh disabled Haoran Liu <liuhaoran14(a)163.com> drm/meson: plane: Add error handling Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix incorrect page release Ben Walsh <ben(a)jubnut.com> platform/chrome: cros_ec_lpc: MEC access can use an AML mutex Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Andy Shevchenko <andy.shevchenko(a)gmail.com> regmap: spi: Fix potential off-by-one when calculating reserved size Matthew Brost <matthew.brost(a)intel.com> drm/xe: Don't overmap identity VRAM mapping Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgu: fix Unintentional integer overflow for mall size Eric Dumazet <edumazet(a)google.com> tcp: annotate data-races around tw->tw_ts_recent and tw->tw_ts_recent_stamp Jason Xing <kernelxing(a)tencent.com> net: remove NULL-pointer net parameter in ip_metrics_convert Amir Goldstein <amir73il(a)gmail.com> fsnotify: clear PARENT_WATCHED flags lazily Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Use missing lock in relay_needs_worker Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-cci: Always assign *val Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Remove buggy bypass lock contention mitigation Ken Sloat <ksloat(a)designlinxhs.com> pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode. Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Properly handle unexpected AQ completions Richard Maina <quic_rmaina(a)quicinc.com> remoteproc: qcom_q6v5_pas: Add hwspinlock bust on stop Chris Lew <quic_clew(a)quicinc.com> soc: qcom: smem: Add qcom_smem_bust_hwspin_lock_by_host() Richard Maina <quic_rmaina(a)quicinc.com> hwspinlock: Introduce hwspin_lock_bust() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: use only beacon BSS load for active links AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> remoteproc: mediatek: Zero out only remaining bytes of IPI buffer Aleksandr Mishin <amishin(a)t-argos.ru> PCI: al: Check IORESOURCE_BUS existence during probe Jagadeesh Kona <quic_jkona(a)quicinc.com> cpufreq: scmi: Avoid overflow of target_freq in fast switch Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: restrict operation during radar detection Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: remove fw_running op Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: update type of buf size to u32 for eeprom functions Victor Skvortsov <victor.skvortsov(a)amd.com> drm/amdgpu: Queue KFD reset workitem in VF FED Nicholas Susanto <nicholas.susanto(a)amd.com> drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: fix compiler 'side-effect' check issue for RAS_EVENT_LOG() Xiaogang Chen <xiaogang.chen(a)amd.com> drm/kfd: Correct pinned buffer handling at kfd restore and validate process Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe: Fix the warning conditions Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: ser: avoid multiple deinit on same CAM Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check negtive return for table entries Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the warning bad bit shift operation for aca_error_type type Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for smu13 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for aldebaran Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the waring dereferencing hive Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix dereference after null check Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Fix the warning division or modulo by zero David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for power profile setting on smu11, smu13 and smu14 Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Karthik Poosa <karthik.poosa(a)intel.com> drm/xe/hwmon: Remove unwanted write permission for currN_label Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized variable warning for jpeg_v4 Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized variable warning for amdgpu_xgmi Lin.Cao <lincao12(a)amd.com> drm/amdkfd: Check debug trap enable before write dbg_ev_file Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds write warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the uninitialized variable warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable warning for smu10 Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/drm-bridge: Drop conditionals around of_node pointers Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Demote CCS_MODE info to debug only Asad Kamal <asad.kamal(a)amd.com> drm/amd/amdgpu: Check tbo resource pointer Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix writeback job lock evasion within dm_crtc_high_irq Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration Alex Hung <alex.hung(a)amd.com> drm/amd/display: Ensure index calculation will not overflow Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy Alex Hung <alex.hung(a)amd.com> drm/amd/display: Spinlock before reading event Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Release clck_src memory if clk_src_construct fails Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check link_index before accessing dc->links[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Release state memory if amdgpu_dm_create_color_properties fail Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check msg_id before processing transcation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add array index check for hdcp ddc access Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index for aux_rd_interval before using Alex Hung <alex.hung(a)amd.com> drm/amd/display: Fix incorrect size calculation for loop Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Alex Hung <alex.hung(a)amd.com> drm/amd/display: Ensure array index tg_inst won't be -1 Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: avoid reading vf2pf info size from FB Francois Dugast <francois.dugast(a)intel.com> drm/xe/gt: Fix assert in L3 bank mask generation Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized scalar variable warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix the Out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu_v13 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: Fix negative array index read Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix warning using uninitialized value of max_vid_step Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix uninitialized variable warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: Handle sg size limit for contiguous allocation Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Assign linear_pitch_alignment even for VM Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Handle the case which quad_part is equal 0 Joshua Aberback <joshua.aberback(a)amd.com> Revert "drm/amd/display: Fix incorrect pointer assignment" Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: test for flush/re-add endpoints Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-re-adding ID 0 signal Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate event numbers Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-adding init endp with != id Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-using ID of unused ADD_ADDR Paolo Abeni <pabeni(a)redhat.com> selftests: mptcp: add explicit test case for remove/readd Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-qcp: fix missing PCIe4 gpios Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-qcp: fix up PCIe6a pinctrl node Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: fix missing PCIe4 gpios Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: fix up PCIe6a pinctrl node Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Describe the PCIe 6a resources Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: button detect issue Krzysztof Stępniak <kfs.szk(a)gmail.com> ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Rik van Riel <riel(a)surriel.com> dma-debug: avoid deadlock between dma debug vs printk and netconsole Heng Qi <hengqi(a)linux.alibaba.com> virtio-net: check feature before configuring the vq coalescing command Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Boris Burkov <boris(a)bur.io> btrfs: fix qgroup reserve leaks in cow_file_range Qu Wenruo <wqu(a)suse.com> btrfs: scrub: update last_physical after scrubbing one stripe Qu Wenruo <wqu(a)suse.com> btrfs: factor out stripe length calculation into a helper Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Add new ACPI ID AMDI0107 Luke D. Jones <luke(a)ljones.dev> platform/x86/amd: pmf: Add quirk for ROG Ally X Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Add validation for the minimum value of speed_hz Bruno Ancona <brunoanconasala(a)gmail.com> ASoC: amd: yc: Support mic on HP 14-em0002la Paulo Alcantara <pc(a)manguebit.com> smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: DR, Fix 'stack guard page was hit' error in dr_rule Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Explicitly reset RPN with Null RPN Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Use the common RPN/bank conversion context Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Explicitly reset RPN with Null RPN Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception Perry Yuan <perry.yuan(a)amd.com> x86/CPU/AMD: Add models 0x60-0x6f to the Zen5 range Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Mute speakers at suspend / shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: validate dref root and objectid Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Bypass quick recovery if force reset is needed Kyoungrul Kim <k831.kim(a)samsung.com> scsi: ufs: core: Check LSDBS cap when !mcq Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> drm/fb-helper: Don't schedule_work() to flush frame buffer during panic() ------------- Diffstat: Documentation/locking/hwspinlock.rst | 11 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 81 +++++++++++ arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 81 +++++++++++ arch/x86/kernel/cpu/amd.c | 2 +- block/blk-integrity.c | 2 - crypto/ecc.c | 2 +- drivers/base/regmap/regmap-spi.c | 3 +- drivers/cpufreq/scmi-cpufreq.c | 4 +- drivers/crypto/stm32/stm32-cryp.c | 6 +- drivers/dma/altera-msgdma.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gart.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 19 +++ drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_securedisplay.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c | 3 + drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 6 + drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 + drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_5.c | 2 +- drivers/gpu/drm/amd/amdgpu/mmhub_v1_7.c | 2 +- drivers/gpu/drm/amd/amdgpu/mmhub_v2_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c | 2 +- drivers/gpu/drm/amd/amdgpu/mmhub_v9_4.c | 2 +- drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 3 +- drivers/gpu/drm/amd/amdgpu/vcn_v5_0_0.c | 19 --- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_debug.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 4 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 9 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 49 ++++--- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 18 ++- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 7 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + .../gpu/drm/amd/display/dc/core/dc_link_exports.c | 3 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 8 +- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 10 +- drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c | 2 +- drivers/gpu/drm/amd/display/dc/dce/dmub_replay.c | 3 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c | 2 +- .../gpu/drm/amd/display/dc/dml/calcs/dcn_calcs.c | 7 +- .../gpu/drm/amd/display/dc/dml/dcn302/dcn302_fpu.c | 10 ++ .../gpu/drm/amd/display/dc/dml/dcn303/dcn303_fpu.c | 10 ++ .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 10 ++ .../gpu/drm/amd/display/dc/dml/dcn321/dcn321_fpu.c | 10 ++ .../gpu/drm/amd/display/dc/dml/display_mode_vba.c | 7 +- drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 ++- drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 ++- .../drm/amd/display/dc/hwss/dcn201/dcn201_hwseq.c | 3 + .../drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c | 2 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../display/dc/link/protocols/link_dp_capability.c | 26 ++-- .../display/dc/link/protocols/link_dp_training.c | 4 +- .../drm/amd/display/dc/link/protocols/link_dpcd.c | 1 + .../amd/display/dc/resource/dce80/dce80_resource.c | 1 + .../amd/display/dc/resource/dcn31/dcn31_resource.c | 1 + .../display/dc/resource/dcn314/dcn314_resource.c | 4 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 + .../display/dc/resource/dcn351/dcn351_resource.c | 1 + drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 5 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 +++- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 2 +- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 +++- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 60 ++++++-- .../gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 ++- .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 ++-- .../drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 +- drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 4 + drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 5 + drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 31 +++- .../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 4 + drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 14 ++ drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 55 ++++--- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 5 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 28 +--- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_5_ppt.c | 28 +--- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 2 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 4 + .../gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c | 28 +--- .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 5 + drivers/gpu/drm/bridge/tc358767.c | 2 +- drivers/gpu/drm/drm_bridge.c | 5 - drivers/gpu/drm/drm_fb_helper.c | 11 ++ drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/meson/meson_plane.c | 17 ++- drivers/gpu/drm/xe/xe_force_wake.h | 13 +- drivers/gpu/drm/xe/xe_gt_ccs_mode.c | 4 +- drivers/gpu/drm/xe/xe_gt_topology.c | 4 +- drivers/gpu/drm/xe/xe_guc_relay.c | 9 +- drivers/gpu/drm/xe/xe_guc_submit.c | 5 + drivers/gpu/drm/xe/xe_hwmon.c | 9 +- drivers/gpu/drm/xe/xe_migrate.c | 55 +++++-- drivers/gpu/drm/xe/xe_pcode.c | 6 +- drivers/hwmon/k10temp.c | 36 +++-- drivers/hwspinlock/hwspinlock_core.c | 28 ++++ drivers/hwspinlock/hwspinlock_internal.h | 3 + drivers/iio/industrialio-core.c | 7 +- drivers/iio/industrialio-event.c | 9 ++ drivers/iio/inkern.c | 32 +++-- drivers/infiniband/hw/efa/efa_com.c | 30 ++-- drivers/media/usb/uvc/uvc_driver.c | 18 ++- drivers/media/v4l2-core/v4l2-cci.c | 9 ++ drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 3 +- .../ethernet/mellanox/mlx5/core/steering/dr_rule.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/virtio_net.c | 6 + drivers/net/wireless/ath/ath11k/qmi.c | 2 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath12k/qmi.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 +- drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 - drivers/net/wireless/intel/iwlwifi/mvm/link.c | 14 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 - .../net/wireless/intel/iwlwifi/mvm/tests/links.c | 1 + drivers/net/wireless/realtek/rtw89/ser.c | 8 +- drivers/pci/controller/dwc/pcie-al.c | 16 ++- drivers/pinctrl/core.c | 1 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 12 +- drivers/platform/chrome/cros_ec_lpc_mec.c | 76 +++++++++- drivers/platform/chrome/cros_ec_lpc_mec.h | 11 ++ drivers/platform/x86/amd/pmf/core.c | 3 + drivers/platform/x86/amd/pmf/pmf-quirks.c | 9 +- drivers/ras/amd/atl/dehash.c | 43 ------ drivers/ras/amd/atl/map.c | 77 ++++++++++ drivers/remoteproc/mtk_scp.c | 2 +- drivers/remoteproc/qcom_q6v5_pas.c | 11 ++ drivers/soc/qcom/smem.c | 26 ++++ drivers/spi/spi-hisi-kunpeng.c | 1 + drivers/thermal/thermal_sysfs.c | 6 +- drivers/thermal/thermal_trip.c | 2 +- drivers/ufs/core/ufshcd.c | 19 ++- drivers/ufs/host/ufs-qcom.c | 6 +- drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 ++++++---- fs/btrfs/inode.c | 3 + fs/btrfs/scrub.c | 25 +++- fs/btrfs/tree-checker.c | 47 ++++++ fs/f2fs/f2fs.h | 2 +- fs/f2fs/inline.c | 20 ++- fs/f2fs/inode.c | 2 +- fs/gfs2/quota.c | 19 +-- fs/gfs2/util.c | 6 +- fs/notify/fsnotify.c | 31 ++-- fs/notify/fsnotify.h | 2 +- fs/notify/mark.c | 32 ++++- fs/smb/client/smb2inode.c | 6 +- include/clocksource/timer-xilinx.h | 2 +- include/linux/fsnotify_backend.h | 8 +- include/linux/hwspinlock.h | 6 + include/linux/i2c.h | 2 +- include/linux/soc/qcom/smem.h | 2 + include/net/inet_timewait_sock.h | 6 +- include/net/ip.h | 3 +- include/net/tcp.h | 2 +- include/sound/ump_convert.h | 1 + include/ufs/ufshcd.h | 1 + include/ufs/ufshci.h | 1 + kernel/dma/debug.c | 5 +- kernel/rcu/tree.h | 1 - kernel/rcu/tree_nocb.h | 32 +---- mm/filemap.c | 2 +- net/dccp/minisocks.c | 3 +- net/ipv4/fib_semantics.c | 5 +- net/ipv4/inet_timewait_sock.c | 52 ++++++- net/ipv4/metrics.c | 8 +- net/ipv4/tcp_cong.c | 11 +- net/ipv4/tcp_ipv4.c | 14 +- net/ipv4/tcp_minisocks.c | 25 ++-- net/ipv6/route.c | 2 +- net/ipv6/tcp_ipv6.c | 6 +- net/mac80211/main.c | 3 +- net/wireless/ibss.c | 5 +- net/wireless/mesh.c | 5 +- net/wireless/nl80211.c | 21 ++- net/wireless/scan.c | 46 ++++-- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 2 +- sound/core/seq/seq_ports.h | 14 +- sound/core/seq/seq_ump_convert.c | 97 ++++++++----- sound/core/ump_convert.c | 60 +++++--- sound/pci/hda/hda_generic.c | 63 ++++++++ sound/pci/hda/hda_generic.h | 1 + sound/pci/hda/patch_conexant.c | 2 + sound/soc/amd/yc/acp6x-mach.c | 14 ++ sound/soc/codecs/es8326.c | 2 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 160 ++++++++++++++++++++- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 4 + 211 files changed, 2049 insertions(+), 696 deletions(-)

8 months

4
188
0 0

Re: [PATCH 5.15 000/215] 5.15.166-rc1 review

by Richard Narron

I get an "out of memory" error when building Linux kernels 5.15.164, 5.15.165 and 5.15.166-rc1: ... LD [M] drivers/mtd/tests/mtd_stresstest.o LD [M] drivers/pcmcia/pcmcia_core.o LD [M] drivers/mtd/tests/mtd_subpagetest.o cc1: out of memory allocating 180705472 bytes after a total of 283914240 bytes LD [M] drivers/mtd/tests/mtd_torturetest.o CC [M] drivers/mtd/ubi/wl.o LD [M] drivers/pcmcia/pcmcia.o CC [M] drivers/gpu/drm/nouveau/nvkm/engine/disp/headgv100.o CC [M] drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dmub_hw_lock_mgr.o LD [M] drivers/mtd/tests/mtd_nandbiterrs.o CC [M] drivers/mtd/ubi/attach.o LD [M] drivers/staging/qlge/qlge.o make[4]: *** [scripts/Makefile.build:289: drivers/staging/media/atomisp/pci/isp/kernels/ynr/ynr_1.0/ia_css_ynr.host.o] Error 1 make[3]: *** [scripts/Makefile.build:552: drivers/staging/media/atomisp] Error 2 make[2]: *** [scripts/Makefile.build:552: drivers/staging/media] Error 2 make[2]: *** Waiting for unfinished jobs.... LD [M] drivers/pcmcia/pcmcia_rsrc.o CC [M] drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dmub_outbox.o make[1]: *** [scripts/Makefile.build:552: drivers/staging] Error 2 make[1]: *** Waiting for unfinished jobs.... CC [M] drivers/gpu/drm/amd/amdgpu/../display/dc/dml/calcs/dce_calcs.o CC [M] drivers/gpu/drm/amd/amdgpu/../display/dc/dml/calcs/custom_float.o CC [M] drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib.o ... #uname -a Linux aragorn 5.15.166-rc1-smp #1 SMP PREEMPT Mon Sep 2 14:03:00 PDT 2024 i686 AMD Ryzen 9 5900X 12-Core Processor AuthenticAMD GNU/Linux Attached is my config file. I found a work around for this problem. Remove the six minmax patches introduced with kernel 5.15.164: minmax: allow comparisons of 'int' against 'unsigned char/short' minmax: allow min()/max()/clamp() if the arguments have the same minmax: clamp more efficiently by avoiding extra comparison minmax: fix header inclusions minmax: relax check to allow comparison between unsigned arguments minmax: sanity check constant bounds when clamping Can these 6 patches be removed or fixed?

8 months

2
6
0 0

+ mm-codetag-add-pgalloc_tag_copy.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/codetag: add pgalloc_tag_copy() has been added to the -mm mm-unstable branch. Its filename is mm-codetag-add-pgalloc_tag_copy.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/codetag: add pgalloc_tag_copy() Date: Tue, 3 Sep 2024 15:36:49 -0600 Add pgalloc_tag_copy() to transfer the codetag from the old folio to the new one during migration. This makes original allocation sites persist cross migration rather than lump into compaction_alloc, e.g., # echo 1 >/proc/sys/vm/compact_memory # grep compaction_alloc /proc/allocinfo Before this patch: 132968448 32463 mm/compaction.c:1880 func:compaction_alloc After this patch: 0 0 mm/compaction.c:1880 func:compaction_alloc Link: https://lkml.kernel.org/r/20240903213649.3566695-3-yuzhao@google.com Signed-off-by: Yu Zhao <yuzhao(a)google.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/alloc_tag.h | 24 ++++++++++-------------- include/linux/mm.h | 25 +++++++++++++++++++++++++ mm/migrate.c | 1 + 3 files changed, 36 insertions(+), 14 deletions(-) --- a/include/linux/alloc_tag.h~mm-codetag-add-pgalloc_tag_copy +++ a/include/linux/alloc_tag.h @@ -137,7 +137,16 @@ static inline void alloc_tag_sub_check(u /* Caller should verify both ref and tag to be valid */ static inline void __alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) { + alloc_tag_add_check(ref, tag); + if (!ref || !tag) + return; + ref->ct = &tag->ct; +} + +static inline void alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) +{ + __alloc_tag_ref_set(ref, tag); /* * We need in increment the call counter every time we have a new * allocation or when we split a large allocation into smaller ones. @@ -147,22 +156,9 @@ static inline void __alloc_tag_ref_set(u this_cpu_inc(tag->counters->calls); } -static inline void alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) -{ - alloc_tag_add_check(ref, tag); - if (!ref || !tag) - return; - - __alloc_tag_ref_set(ref, tag); -} - static inline void alloc_tag_add(union codetag_ref *ref, struct alloc_tag *tag, size_t bytes) { - alloc_tag_add_check(ref, tag); - if (!ref || !tag) - return; - - __alloc_tag_ref_set(ref, tag); + alloc_tag_ref_set(ref, tag); this_cpu_add(tag->counters->bytes, bytes); } --- a/include/linux/mm.h~mm-codetag-add-pgalloc_tag_copy +++ a/include/linux/mm.h @@ -4161,10 +4161,35 @@ static inline void pgalloc_tag_split(str } } } + +static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) +{ + struct alloc_tag *tag; + union codetag_ref *ref; + + tag = pgalloc_tag_get(&old->page); + if (!tag) + return; + + ref = get_page_tag_ref(&new->page); + if (!ref) + return; + + /* Clear the old ref to the original allocation site. */ + clear_page_tag_ref(&old->page); + /* Decrement the counters of the tag on get_new_folio. */ + alloc_tag_sub(ref, folio_nr_pages(new)); + __alloc_tag_ref_set(ref, tag); + put_page_tag_ref(ref); +} #else /* !CONFIG_MEM_ALLOC_PROFILING */ static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) { } + +static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) +{ +} #endif /* CONFIG_MEM_ALLOC_PROFILING */ #endif /* _LINUX_MM_H */ --- a/mm/migrate.c~mm-codetag-add-pgalloc_tag_copy +++ a/mm/migrate.c @@ -743,6 +743,7 @@ void folio_migrate_flags(struct folio *n folio_set_readahead(newfolio); folio_copy_owner(newfolio, folio); + pgalloc_tag_copy(newfolio, folio); mem_cgroup_migrate(folio, newfolio); } _ Patches currently in -mm which might be from yuzhao(a)google.com are mm-remap-unused-subpages-to-shared-zeropage-when-splitting-isolated-thp.patch mm-codetag-fix-a-typo.patch mm-codetag-fix-pgalloc_tag_split.patch mm-codetag-add-pgalloc_tag_copy.patch

8 months

1
0
0 0

+ mm-codetag-fix-pgalloc_tag_split.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/codetag: fix pgalloc_tag_split() has been added to the -mm mm-unstable branch. Its filename is mm-codetag-fix-pgalloc_tag_split.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/codetag: fix pgalloc_tag_split() Date: Tue, 3 Sep 2024 15:36:48 -0600 Only tag the new head pages when splitting one large folio to multiple ones of a lower order. Tagging tail pages can cause imbalanced "calls" counters, since only head pages are untagged by pgalloc_tag_sub() and reference counts on tail pages are leaked, e.g., # echo 2048kB >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote_size # echo 700 >/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages # time echo 700 >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote # grep alloc_gigantic_folio /proc/allocinfo Before this patch: 0 549427200 mm/hugetlb.c:1549 func:alloc_gigantic_folio real 0m2.057s user 0m0.000s sys 0m2.051s After this patch: 0 0 mm/hugetlb.c:1549 func:alloc_gigantic_folio real 0m1.711s user 0m0.000s sys 0m1.704s Not tagging tail pages also improves the splitting time, e.g., by about 15% when demoting 1GB hugeTLB folios to 2MB ones, as shown above. Link: https://lkml.kernel.org/r/20240903213649.3566695-2-yuzhao@google.com Fixes: be25d1d4e822 ("mm: create new codetag references during page splitting") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 30 ++++++++++++++++++++++++++++++ include/linux/pgalloc_tag.h | 31 ------------------------------- mm/huge_memory.c | 2 +- mm/hugetlb.c | 2 +- mm/page_alloc.c | 4 ++-- 5 files changed, 34 insertions(+), 35 deletions(-) --- a/include/linux/mm.h~mm-codetag-fix-pgalloc_tag_split +++ a/include/linux/mm.h @@ -4137,4 +4137,34 @@ void vma_pgtable_walk_end(struct vm_area int reserve_mem_find_by_name(const char *name, phys_addr_t *start, phys_addr_t *size); +#ifdef CONFIG_MEM_ALLOC_PROFILING +static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) +{ + int i; + struct alloc_tag *tag; + unsigned int nr_pages = 1 << new_order; + + if (!mem_alloc_profiling_enabled()) + return; + + tag = pgalloc_tag_get(&folio->page); + if (!tag) + return; + + for (i = nr_pages; i < (1 << old_order); i += nr_pages) { + union codetag_ref *ref = get_page_tag_ref(folio_page(folio, i)); + + if (ref) { + /* Set new reference to point to the original tag */ + alloc_tag_ref_set(ref, tag); + put_page_tag_ref(ref); + } + } +} +#else /* !CONFIG_MEM_ALLOC_PROFILING */ +static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) +{ +} +#endif /* CONFIG_MEM_ALLOC_PROFILING */ + #endif /* _LINUX_MM_H */ --- a/include/linux/pgalloc_tag.h~mm-codetag-fix-pgalloc_tag_split +++ a/include/linux/pgalloc_tag.h @@ -80,36 +80,6 @@ static inline void pgalloc_tag_sub(struc } } -static inline void pgalloc_tag_split(struct page *page, unsigned int nr) -{ - int i; - struct page_ext *first_page_ext; - struct page_ext *page_ext; - union codetag_ref *ref; - struct alloc_tag *tag; - - if (!mem_alloc_profiling_enabled()) - return; - - first_page_ext = page_ext = page_ext_get(page); - if (unlikely(!page_ext)) - return; - - ref = codetag_ref_from_page_ext(page_ext); - if (!ref->ct) - goto out; - - tag = ct_to_alloc_tag(ref->ct); - page_ext = page_ext_next(page_ext); - for (i = 1; i < nr; i++) { - /* Set new reference to point to the original tag */ - alloc_tag_ref_set(codetag_ref_from_page_ext(page_ext), tag); - page_ext = page_ext_next(page_ext); - } -out: - page_ext_put(first_page_ext); -} - static inline struct alloc_tag *pgalloc_tag_get(struct page *page) { struct alloc_tag *tag = NULL; @@ -142,7 +112,6 @@ static inline void clear_page_tag_ref(st static inline void pgalloc_tag_add(struct page *page, struct task_struct *task, unsigned int nr) {} static inline void pgalloc_tag_sub(struct page *page, unsigned int nr) {} -static inline void pgalloc_tag_split(struct page *page, unsigned int nr) {} static inline struct alloc_tag *pgalloc_tag_get(struct page *page) { return NULL; } static inline void pgalloc_tag_sub_pages(struct alloc_tag *tag, unsigned int nr) {} --- a/mm/huge_memory.c~mm-codetag-fix-pgalloc_tag_split +++ a/mm/huge_memory.c @@ -3242,7 +3242,7 @@ static void __split_huge_page(struct pag /* Caller disabled irqs, so they are still disabled here */ split_page_owner(head, order, new_order); - pgalloc_tag_split(head, 1 << order); + pgalloc_tag_split(folio, order, new_order); /* See comment in __split_huge_page_tail() */ if (folio_test_anon(folio)) { --- a/mm/hugetlb.c~mm-codetag-fix-pgalloc_tag_split +++ a/mm/hugetlb.c @@ -3795,7 +3795,7 @@ static long demote_free_hugetlb_folios(s list_del(&folio->lru); split_page_owner(&folio->page, huge_page_order(src), huge_page_order(dst)); - pgalloc_tag_split(&folio->page, 1 << huge_page_order(src)); + pgalloc_tag_split(folio, huge_page_order(src), huge_page_order(dst)); for (i = 0; i < pages_per_huge_page(src); i += pages_per_huge_page(dst)) { struct page *page = folio_page(folio, i); --- a/mm/page_alloc.c~mm-codetag-fix-pgalloc_tag_split +++ a/mm/page_alloc.c @@ -2783,7 +2783,7 @@ void split_page(struct page *page, unsig for (i = 1; i < (1 << order); i++) set_page_refcounted(page + i); split_page_owner(page, order, 0); - pgalloc_tag_split(page, 1 << order); + pgalloc_tag_split(page_folio(page), order, 0); split_page_memcg(page, order, 0); } EXPORT_SYMBOL_GPL(split_page); @@ -4981,7 +4981,7 @@ static void *make_alloc_exact(unsigned l struct page *last = page + nr; split_page_owner(page, order, 0); - pgalloc_tag_split(page, 1 << order); + pgalloc_tag_split(page_folio(page), order, 0); split_page_memcg(page, order, 0); while (page < --last) set_page_refcounted(last); _ Patches currently in -mm which might be from yuzhao(a)google.com are mm-remap-unused-subpages-to-shared-zeropage-when-splitting-isolated-thp.patch mm-codetag-fix-a-typo.patch mm-codetag-fix-pgalloc_tag_split.patch mm-codetag-add-pgalloc_tag_copy.patch

8 months

1
0
0 0

+ mm-damon-vaddr-protect-vma-traversal-in-__damon_va_thre_regions-with-rcu-read-lock.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with rcu read lock has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-vaddr-protect-vma-traversal-in-__damon_va_thre_regions-with-rcu-read-lock.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with rcu read lock Date: Wed, 4 Sep 2024 17:12:04 -0700 Traversing VMAs of a given maple tree should be protected by rcu read lock. However, __damon_va_three_regions() is not doing the protection. Hold the lock. Link: https://lkml.kernel.org/r/20240905001204.1481-1-sj@kernel.org Fixes: d0cf3dd47f0d ("damon: convert __damon_va_three_regions to use the VMA iterator") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Signed-off-by: SeongJae Park <sj(a)kernel.org> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Closes: https://lore.kernel.org/b83651a0-5b24-4206-b860-cb54ffdf209b@roeck-us.net Tested-by: Guenter Roeck <linux(a)roeck-us.net> Cc: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/vaddr.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/damon/vaddr.c~mm-damon-vaddr-protect-vma-traversal-in-__damon_va_thre_regions-with-rcu-read-lock +++ a/mm/damon/vaddr.c @@ -126,6 +126,7 @@ static int __damon_va_three_regions(stru * If this is too slow, it can be optimised to examine the maple * tree gaps. */ + rcu_read_lock(); for_each_vma(vmi, vma) { unsigned long gap; @@ -146,6 +147,7 @@ static int __damon_va_three_regions(stru next: prev = vma; } + rcu_read_unlock(); if (!sz_range(&second_gap) || !sz_range(&first_gap)) return -EINVAL; _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are mm-damon-vaddr-protect-vma-traversal-in-__damon_va_thre_regions-with-rcu-read-lock.patch

8 months

1
0
0 0

+ mm-use-unique-zsmalloc-caches-names.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: use unique zsmalloc caches names has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-use-unique-zsmalloc-caches-names.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Subject: mm: use unique zsmalloc caches names Date: Thu, 5 Sep 2024 15:47:23 +0900 Each zsmalloc pool maintains several named kmem-caches for zs_handle-s and zspage-s. On a system with multiple zsmalloc pools and CONFIG_DEBUG_VM this triggers kmem_cache_sanity_check(): kmem_cache of name 'zspage' already exists WARNING: at mm/slab_common.c:108 do_kmem_cache_create_usercopy+0xb5/0x310 ... kmem_cache of name 'zs_handle' already exists WARNING: at mm/slab_common.c:108 do_kmem_cache_create_usercopy+0xb5/0x310 ... We provide zram device name when init its zsmalloc pool, so we can use that same name for zsmalloc caches and, hence, create unique names that can easily be linked to zram device that has created them. So instead of having this cat /proc/slabinfo slabinfo - version: 2.1 zspage 46 46 ... zs_handle 128 128 ... zspage 34270 34270 ... zs_handle 34816 34816 ... zspage 0 0 ... zs_handle 0 0 ... We now have this cat /proc/slabinfo slabinfo - version: 2.1 zspage-zram2 46 46 ... zs_handle-zram2 128 128 ... zspage-zram0 34270 34270 ... zs_handle-zram0 34816 34816 ... zspage-zram1 0 0 ... zs_handle-zram1 0 0 ... Link: https://lkml.kernel.org/r/20240905064736.2250735-1-senozhatsky@chromium.org Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: Minchan Kim <minchan(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zsmalloc.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/mm/zsmalloc.c~mm-use-unique-zsmalloc-caches-names +++ a/mm/zsmalloc.c @@ -293,13 +293,17 @@ static void SetZsPageMovable(struct zs_p static int create_cache(struct zs_pool *pool) { - pool->handle_cachep = kmem_cache_create("zs_handle", ZS_HANDLE_SIZE, - 0, 0, NULL); + char name[32]; + + snprintf(name, sizeof(name), "zs_handle-%s", pool->name); + pool->handle_cachep = kmem_cache_create(name, ZS_HANDLE_SIZE, + 0, 0, NULL); if (!pool->handle_cachep) return 1; - pool->zspage_cachep = kmem_cache_create("zspage", sizeof(struct zspage), - 0, 0, NULL); + snprintf(name, sizeof(name), "zspage-%s", pool->name); + pool->zspage_cachep = kmem_cache_create(name, sizeof(struct zspage), + 0, 0, NULL); if (!pool->zspage_cachep) { kmem_cache_destroy(pool->handle_cachep); pool->handle_cachep = NULL; _ Patches currently in -mm which might be from senozhatsky(a)chromium.org are mm-use-unique-zsmalloc-caches-names.patch lib-zstd-export-api-needed-for-dictionary-support.patch lib-lz4hc-export-lz4_resetstreamhc-symbol.patch lib-zstd-fix-null-deref-in-zstd_createcdict_advanced2.patch zram-introduce-custom-comp-backends-api.patch zram-add-lzo-and-lzorle-compression-backends-support.patch zram-add-lz4-compression-backend-support.patch zram-add-lz4hc-compression-backend-support.patch zram-add-zstd-compression-backend-support.patch zram-pass-estimated-src-size-hint-to-zstd.patch zram-add-zlib-compression-backend-support.patch zram-add-842-compression-backend-support.patch zram-check-that-backends-array-has-at-least-one-backend.patch zram-introduce-zcomp_params-structure.patch zram-recalculate-zstd-compression-params-once.patch zram-introduce-algorithm_params-device-attribute.patch zram-add-support-for-dict-comp-config.patch zram-introduce-zcomp_req-structure.patch zram-introduce-zcomp_ctx-structure.patch zram-move-immutable-comp-params-away-from-per-cpu-context.patch zram-add-dictionary-support-to-lz4.patch zram-add-dictionary-support-to-lz4hc.patch zram-add-dictionary-support-to-zstd-backend.patch documentation-zram-add-documentation-for-algorithm-parameters.patch documentation-zram-add-documentation-for-algorithm-parameters-fix.patch zram-support-priority-parameter-in-recompression.patch mm-kconfig-fixup-zsmalloc-configuration.patch

8 months

1
0
0 0

[PATCH v2 3/3] usb: roles: Fix a false positive recursive locking complaint

by Bart Van Assche

Suppress the following lockdep complaint by giving each sw->lock a unique lockdep key instead of using the same lockdep key for all sw->lock instances: INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Andy Shevchenko <andy.shevchenko(a)gmail.com> Cc: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Badhri Jagan Sridharan <badhri(a)google.com> Cc: stable(a)vger.kernel.org Fixes: fde0aa6c175a ("usb: common: Small class for USB role switches") Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/usb/roles/class.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/usb/roles/class.c b/drivers/usb/roles/class.c index 7aca1ef7f44c..37556aa0eeee 100644 --- a/drivers/usb/roles/class.c +++ b/drivers/usb/roles/class.c @@ -22,6 +22,7 @@ static const struct class role_class = { struct usb_role_switch { struct device dev; + struct lock_class_key key; struct mutex lock; /* device lock*/ struct module *module; /* the module this device depends on */ enum usb_role role; @@ -329,6 +330,8 @@ static void usb_role_switch_release(struct device *dev) { struct usb_role_switch *sw = to_role_switch(dev); + mutex_destroy(&sw->lock); + lockdep_unregister_key(&sw->key); kfree(sw); } @@ -367,7 +370,8 @@ usb_role_switch_register(struct device *parent, if (!sw) return ERR_PTR(-ENOMEM); - mutex_init(&sw->lock); + lockdep_register_key(&sw->key); + mutex_init_with_key(&sw->lock, &sw->key); sw->allow_userspace_control = desc->allow_userspace_control; sw->usb2_port = desc->usb2_port;

8 months

2
2
0 0

[for-linus][PATCH 2/2] tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread()

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The timerlat interface will get and put the task that is part of the "kthread" field of the osn_var to keep it around until all references are released. But here's a race in the "stop_kthread()" code that will call put_task_struct() on the kthread if it is not a kernel thread. This can race with the releasing of the references to that task struct and the put_task_struct() can be called twice when it should have been called just once. Take the interface_lock() in stop_kthread() to synchronize this change. But to do so, the function stop_per_cpu_kthreads() needs to change the loop from for_each_online_cpu() to for_each_possible_cpu() and remove the cpu_read_lock(), as the interface_lock can not be taken while the cpu locks are held. The only side effect of this change is that it may do some extra work, as the per_cpu variables of the offline CPUs would not be set anyway, and would simply be skipped in the loop. Remove unneeded "return;" in stop_kthread(). Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Tomas Glozar <tglozar(a)redhat.com> Cc: John Kacur <jkacur(a)redhat.com> Cc: "Luis Claudio R. Goncalves" <lgoncalv(a)redhat.com> Link: https://lore.kernel.org/20240905113359.2b934242@gandalf.local.home Fixes: e88ed227f639e ("tracing/timerlat: Add user-space interface") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_osnoise.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c index 48e5014dd4ab..bbe47781617e 100644 --- a/kernel/trace/trace_osnoise.c +++ b/kernel/trace/trace_osnoise.c @@ -1953,8 +1953,12 @@ static void stop_kthread(unsigned int cpu) { struct task_struct *kthread; + mutex_lock(&interface_lock); kthread = per_cpu(per_cpu_osnoise_var, cpu).kthread; if (kthread) { + per_cpu(per_cpu_osnoise_var, cpu).kthread = NULL; + mutex_unlock(&interface_lock); + if (cpumask_test_and_clear_cpu(cpu, &kthread_cpumask) && !WARN_ON(!test_bit(OSN_WORKLOAD, &osnoise_options))) { kthread_stop(kthread); @@ -1967,8 +1971,8 @@ static void stop_kthread(unsigned int cpu) kill_pid(kthread->thread_pid, SIGKILL, 1); put_task_struct(kthread); } - per_cpu(per_cpu_osnoise_var, cpu).kthread = NULL; } else { + mutex_unlock(&interface_lock); /* if no workload, just return */ if (!test_bit(OSN_WORKLOAD, &osnoise_options)) { /* @@ -1976,7 +1980,6 @@ static void stop_kthread(unsigned int cpu) */ per_cpu(per_cpu_osnoise_var, cpu).sampling = false; barrier(); - return; } } } @@ -1991,12 +1994,8 @@ static void stop_per_cpu_kthreads(void) { int cpu; - cpus_read_lock(); - - for_each_online_cpu(cpu) + for_each_possible_cpu(cpu) stop_kthread(cpu); - - cpus_read_unlock(); } /* -- 2.43.0

8 months

1
0
0 0

[for-linus][PATCH 1/2] tracing/timerlat: Only clear timer if a kthread exists

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The timerlat tracer can use user space threads to check for osnoise and timer latency. If the program using this is killed via a SIGTERM, the threads are shutdown one at a time and another tracing instance can start up resetting the threads before they are fully closed. That causes the hrtimer assigned to the kthread to be shutdown and freed twice when the dying thread finally closes the file descriptors, causing a use-after-free bug. Only cancel the hrtimer if the associated thread is still around. Also add the interface_lock around the resetting of the tlat_var->kthread. Note, this is just a quick fix that can be backported to stable. A real fix is to have a better synchronization between the shutdown of old threads and the starting of new ones. Link: https://lore.kernel.org/all/20240820130001.124768-1-tglozar@redhat.com/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: "Luis Claudio R. Goncalves" <lgoncalv(a)redhat.com> Link: https://lore.kernel.org/20240905085330.45985730@gandalf.local.home Fixes: e88ed227f639e ("tracing/timerlat: Add user-space interface") Reported-by: Tomas Glozar <tglozar(a)redhat.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_osnoise.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c index d770927efcd9..48e5014dd4ab 100644 --- a/kernel/trace/trace_osnoise.c +++ b/kernel/trace/trace_osnoise.c @@ -252,6 +252,11 @@ static inline struct timerlat_variables *this_cpu_tmr_var(void) return this_cpu_ptr(&per_cpu_timerlat_var); } +/* + * Protect the interface. + */ +static struct mutex interface_lock; + /* * tlat_var_reset - Reset the values of the given timerlat_variables */ @@ -259,14 +264,20 @@ static inline void tlat_var_reset(void) { struct timerlat_variables *tlat_var; int cpu; + + /* Synchronize with the timerlat interfaces */ + mutex_lock(&interface_lock); /* * So far, all the values are initialized as 0, so * zeroing the structure is perfect. */ for_each_cpu(cpu, cpu_online_mask) { tlat_var = per_cpu_ptr(&per_cpu_timerlat_var, cpu); + if (tlat_var->kthread) + hrtimer_cancel(&tlat_var->timer); memset(tlat_var, 0, sizeof(*tlat_var)); } + mutex_unlock(&interface_lock); } #else /* CONFIG_TIMERLAT_TRACER */ #define tlat_var_reset() do {} while (0) @@ -331,11 +342,6 @@ struct timerlat_sample { }; #endif -/* - * Protect the interface. - */ -static struct mutex interface_lock; - /* * Tracer data. */ @@ -2591,7 +2597,8 @@ static int timerlat_fd_release(struct inode *inode, struct file *file) osn_var = per_cpu_ptr(&per_cpu_osnoise_var, cpu); tlat_var = per_cpu_ptr(&per_cpu_timerlat_var, cpu); - hrtimer_cancel(&tlat_var->timer); + if (tlat_var->kthread) + hrtimer_cancel(&tlat_var->timer); memset(tlat_var, 0, sizeof(*tlat_var)); osn_var->sampling = 0; -- 2.43.0

8 months

1
0
0 0

[PATCH] pinctrl: stm32: check devm_kasprintf() returned value

by Ma Ke

devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 32c170ff15b0 ("pinctrl: stm32: set default gpio line names using pin names") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/pinctrl/stm32/pinctrl-stm32.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c index a8673739871d..53306d939d14 100644 --- a/drivers/pinctrl/stm32/pinctrl-stm32.c +++ b/drivers/pinctrl/stm32/pinctrl-stm32.c @@ -1374,8 +1374,13 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, struct fwnode for (i = 0; i < npins; i++) { stm32_pin = stm32_pctrl_get_desc_pin_from_gpio(pctl, bank, i); - if (stm32_pin && stm32_pin->pin.name) + if (stm32_pin && stm32_pin->pin.name) { names[i] = devm_kasprintf(dev, GFP_KERNEL, "%s", stm32_pin->pin.name); + if (!name[i]) { + err = -ENOMEM; + goto err_clk; + } + } else names[i] = NULL; } -- 2.25.1

8 months

3
2
0 0

[PATCH] usb: roles: Fix a false positive recursive locking complaint

by Bart Van Assche

Suppress the following lockdep complaint: INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Andy Shevchenko <andy.shevchenko(a)gmail.com> Cc: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Fixes: fde0aa6c175a ("usb: common: Small class for USB role switches") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/usb/roles/class.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/usb/roles/class.c b/drivers/usb/roles/class.c index d7aa913ceb8a..f648ce3dd9b5 100644 --- a/drivers/usb/roles/class.c +++ b/drivers/usb/roles/class.c @@ -21,6 +21,7 @@ static const struct class role_class = { struct usb_role_switch { struct device dev; + struct lock_class_key key; struct mutex lock; /* device lock*/ struct module *module; /* the module this device depends on */ enum usb_role role; @@ -326,6 +327,8 @@ static void usb_role_switch_release(struct device *dev) { struct usb_role_switch *sw = to_role_switch(dev); + mutex_destroy(&sw->lock); + lockdep_unregister_key(&sw->key); kfree(sw); } @@ -364,7 +367,8 @@ usb_role_switch_register(struct device *parent, if (!sw) return ERR_PTR(-ENOMEM); - mutex_init(&sw->lock); + lockdep_register_key(&sw->key); + __mutex_init(&sw->lock, "usb_role_switch_desc::lock", &sw->key); sw->allow_userspace_control = desc->allow_userspace_control; sw->usb2_port = desc->usb2_port;

8 months

4
9
0 0

[git:media_tree/master] media: venus: fix use after free bug in venus_remove due to race condition

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: venus: fix use after free bug in venus_remove due to race condition Author: Zheng Wang <zyytlz.wz(a)163.com> Date: Tue Jun 18 14:55:59 2024 +0530 in venus_probe, core->work is bound with venus_sys_error_handler, which is used to handle error. The code use core->sys_err_done to make sync work. The core->work is started in venus_event_notify. If we call venus_remove, there might be an unfished work. The possible sequence is as follows: CPU0 CPU1 |venus_sys_error_handler venus_remove | hfi_destroy | venus_hfi_destroy | kfree(hdev); | |hfi_reinit |venus_hfi_queues_reinit |//use hdev Fix it by canceling the work in venus_remove. Cc: stable(a)vger.kernel.org Fixes: af2c3834c8ca ("[media] media: venus: adding core part and helper functions") Signed-off-by: Zheng Wang <zyytlz.wz(a)163.com> Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> Signed-off-by: Stanimir Varbanov <stanimir.k.varbanov(a)gmail.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/platform/qcom/venus/core.c | 1 + 1 file changed, 1 insertion(+) --- diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c index 165c947a6703..84e95a46dfc9 100644 --- a/drivers/media/platform/qcom/venus/core.c +++ b/drivers/media/platform/qcom/venus/core.c @@ -430,6 +430,7 @@ static void venus_remove(struct platform_device *pdev) struct device *dev = core->dev; int ret; + cancel_delayed_work_sync(&core->work); ret = pm_runtime_get_sync(dev); WARN_ON(ret < 0);

8 months

1
0
0 0

[git:media_tree/master] media: sun4i_csi: Implement link validate for sun4i_csi subdev

by Laurent Pinchart

This is an automatic generated email to let you know that the following patch were queued: Subject: media: sun4i_csi: Implement link validate for sun4i_csi subdev Author: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Date: Wed Jun 19 02:46:16 2024 +0300 The sun4i_csi driver doesn't implement link validation for the subdev it registers, leaving the link between the subdev and its source unvalidated. Fix it, using the v4l2_subdev_link_validate() helper. Fixes: 577bbf23b758 ("media: sunxi: Add A10 CSI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Acked-by: Chen-Yu Tsai <wens(a)csie.org> Reviewed-by: Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> Acked-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 +++++ 1 file changed, 5 insertions(+) --- diff --git a/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c b/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c index 097a3a08ef7d..dbb26c7b2f8d 100644 --- a/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c +++ b/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c @@ -39,6 +39,10 @@ static const struct media_entity_operations sun4i_csi_video_entity_ops = { .link_validate = v4l2_subdev_link_validate, }; +static const struct media_entity_operations sun4i_csi_subdev_entity_ops = { + .link_validate = v4l2_subdev_link_validate, +}; + static int sun4i_csi_notify_bound(struct v4l2_async_notifier *notifier, struct v4l2_subdev *subdev, struct v4l2_async_connection *asd) @@ -214,6 +218,7 @@ static int sun4i_csi_probe(struct platform_device *pdev) subdev->internal_ops = &sun4i_csi_subdev_internal_ops; subdev->flags = V4L2_SUBDEV_FL_HAS_DEVNODE | V4L2_SUBDEV_FL_HAS_EVENTS; subdev->entity.function = MEDIA_ENT_F_VID_IF_BRIDGE; + subdev->entity.ops = &sun4i_csi_subdev_entity_ops; subdev->owner = THIS_MODULE; snprintf(subdev->name, sizeof(subdev->name), "sun4i-csi-0"); v4l2_set_subdevdata(subdev, csi);

8 months

1
0
0 0

[git:media_tree/master] media: videobuf2: Drop minimum allocation requirement of 2 buffers

by Laurent Pinchart

This is an automatic generated email to let you know that the following patch were queued: Subject: media: videobuf2: Drop minimum allocation requirement of 2 buffers Author: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Date: Mon Aug 26 02:24:49 2024 +0300 When introducing the ability for drivers to indicate the minimum number of buffers they require an application to allocate, commit 6662edcd32cc ("media: videobuf2: Add min_reqbufs_allocation field to vb2_queue structure") also introduced a global minimum of 2 buffers. It turns out this breaks the Renesas R-Car VSP test suite, where a test that allocates a single buffer fails when two buffers are used. One may consider debatable whether test suite failures without failures in production use cases should be considered as a regression, but operation with a single buffer is a valid use case. While full frame rate can't be maintained, memory-to-memory devices can still be used with a decent efficiency, and requiring applications to allocate multiple buffers for single-shot use cases with capture devices would just waste memory. For those reasons, fix the regression by dropping the global minimum of buffers. Individual drivers can still set their own minimum. Fixes: 6662edcd32cc ("media: videobuf2: Add min_reqbufs_allocation field to vb2_queue structure") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Reviewed-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Acked-by: Tomasz Figa <tfiga(a)chromium.org> Link: https://lore.kernel.org/r/20240825232449.25905-1-laurent.pinchart+renesas@i… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drivers/media/common/videobuf2/videobuf2-core.c | 7 ------- 1 file changed, 7 deletions(-) --- diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c index 500a4e0c84ab..29a8d876e6c2 100644 --- a/drivers/media/common/videobuf2/videobuf2-core.c +++ b/drivers/media/common/videobuf2/videobuf2-core.c @@ -2632,13 +2632,6 @@ int vb2_core_queue_init(struct vb2_queue *q) if (WARN_ON(q->supports_requests && q->min_queued_buffers)) return -EINVAL; - /* - * The minimum requirement is 2: one buffer is used - * by the hardware while the other is being processed by userspace. - */ - if (q->min_reqbufs_allocation < 2) - q->min_reqbufs_allocation = 2; - /* * If the driver needs 'min_queued_buffers' in the queue before * calling start_streaming() then the minimum requirement is

8 months

1
0
0 0

[git:media_tree/master] media: i2c: ar0521: Use cansleep version of gpiod_set_value()

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: i2c: ar0521: Use cansleep version of gpiod_set_value() Author: Alexander Shiyan <eagle.alexander923(a)gmail.com> Date: Thu Aug 29 08:48:49 2024 +0300 If we use GPIO reset from I2C port expander, we must use *_cansleep() variant of GPIO functions. This was not done in ar0521_power_on()/ar0521_power_off() functions. Let's fix that. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 11 at drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x74/0x7c Modules linked in: CPU: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.10.0 #53 Hardware name: Diasom DS-RK3568-SOM-EVB (DT) Workqueue: events_unbound deferred_probe_work_func pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : gpiod_set_value+0x74/0x7c lr : ar0521_power_on+0xcc/0x290 sp : ffffff8001d7ab70 x29: ffffff8001d7ab70 x28: ffffff80027dcc90 x27: ffffff8003c82000 x26: ffffff8003ca9250 x25: ffffffc080a39c60 x24: ffffff8003ca9088 x23: ffffff8002402720 x22: ffffff8003ca9080 x21: ffffff8003ca9088 x20: 0000000000000000 x19: ffffff8001eb2a00 x18: ffffff80efeeac80 x17: 756d2d6332692f30 x16: 0000000000000000 x15: 0000000000000000 x14: ffffff8001d91d40 x13: 0000000000000016 x12: ffffffc080e98930 x11: ffffff8001eb2880 x10: 0000000000000890 x9 : ffffff8001d7a9f0 x8 : ffffff8001d92570 x7 : ffffff80efeeac80 x6 : 000000003fc6e780 x5 : ffffff8001d91c80 x4 : 0000000000000002 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000001 Call trace: gpiod_set_value+0x74/0x7c ar0521_power_on+0xcc/0x290 ... Signed-off-by: Alexander Shiyan <eagle.alexander923(a)gmail.com> Fixes: 852b50aeed15 ("media: On Semi AR0521 sensor driver") Cc: stable(a)vger.kernel.org Acked-by: Krzysztof Hałasa <khalasa(a)piap.pl> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/i2c/ar0521.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- diff --git a/drivers/media/i2c/ar0521.c b/drivers/media/i2c/ar0521.c index 56a724b4d47e..fc27238dd4d3 100644 --- a/drivers/media/i2c/ar0521.c +++ b/drivers/media/i2c/ar0521.c @@ -842,7 +842,8 @@ static void __ar0521_power_off(struct device *dev) int i; if (sensor->reset_gpio) - gpiod_set_value(sensor->reset_gpio, 1); /* assert RESET signal */ + /* assert RESET signal */ + gpiod_set_value_cansleep(sensor->reset_gpio, 1); for (i = ARRAY_SIZE(ar0521_supply_names) - 1; i >= 0; i--) { if (sensor->supplies[i]) @@ -886,7 +887,7 @@ static int ar0521_power_on(struct device *dev) if (sensor->reset_gpio) /* deassert RESET signal */ - gpiod_set_value(sensor->reset_gpio, 0); + gpiod_set_value_cansleep(sensor->reset_gpio, 0); usleep_range(4500, 5000); /* min 45000 clocks */ for (cnt = 0; cnt < ARRAY_SIZE(initial_regs); cnt++) {

8 months

1
0
0 0

[git:media_tree/master] media: ov5675: Fix power on/off delay timings

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ov5675: Fix power on/off delay timings Author: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Date: Sat Jul 13 23:33:29 2024 +0100 The ov5675 specification says that the gap between XSHUTDN deassert and the first I2C transaction should be a minimum of 8192 XVCLK cycles. Right now we use a usleep_rage() that gives a sleep time of between about 430 and 860 microseconds. On the Lenovo X13s we have observed that in about 1/20 cases the current timing is too tight and we start transacting before the ov5675's reset cycle completes, leading to I2C bus transaction failures. The reset racing is sometimes triggered at initial chip probe but, more usually on a subsequent power-off/power-on cycle e.g. [ 71.451662] ov5675 24-0010: failed to write reg 0x0103. error = -5 [ 71.451686] ov5675 24-0010: failed to set plls The current quiescence period we have is too tight. Instead of expressing the post reset delay in terms of the current XVCLK this patch converts the power-on and power-off delays to the maximum theoretical delay @ 6 MHz with an additional buffer. 1.365 milliseconds on the power-on path is 1.5 milliseconds with grace. 85.3 microseconds on the power-off path is 90 microseconds with grace. Fixes: 49d9ad719e89 ("media: ov5675: add device-tree support and support runtime PM") Cc: stable(a)vger.kernel.org Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Quentin Schulz <quentin.schulz(a)cherry.de> Tested-by: Quentin Schulz <quentin.schulz(a)cherry.de> # RK3399 Puma with Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/i2c/ov5675.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- diff --git a/drivers/media/i2c/ov5675.c b/drivers/media/i2c/ov5675.c index 3641911bc73f..5b5127f8953f 100644 --- a/drivers/media/i2c/ov5675.c +++ b/drivers/media/i2c/ov5675.c @@ -972,12 +972,10 @@ static int ov5675_set_stream(struct v4l2_subdev *sd, int enable) static int ov5675_power_off(struct device *dev) { - /* 512 xvclk cycles after the last SCCB transation or MIPI frame end */ - u32 delay_us = DIV_ROUND_UP(512, OV5675_XVCLK_19_2 / 1000 / 1000); struct v4l2_subdev *sd = dev_get_drvdata(dev); struct ov5675 *ov5675 = to_ov5675(sd); - usleep_range(delay_us, delay_us * 2); + usleep_range(90, 100); clk_disable_unprepare(ov5675->xvclk); gpiod_set_value_cansleep(ov5675->reset_gpio, 1); @@ -988,7 +986,6 @@ static int ov5675_power_off(struct device *dev) static int ov5675_power_on(struct device *dev) { - u32 delay_us = DIV_ROUND_UP(8192, OV5675_XVCLK_19_2 / 1000 / 1000); struct v4l2_subdev *sd = dev_get_drvdata(dev); struct ov5675 *ov5675 = to_ov5675(sd); int ret; @@ -1014,8 +1011,11 @@ static int ov5675_power_on(struct device *dev) gpiod_set_value_cansleep(ov5675->reset_gpio, 0); - /* 8192 xvclk cycles prior to the first SCCB transation */ - usleep_range(delay_us, delay_us * 2); + /* Worst case quiesence gap is 1.365 milliseconds @ 6MHz XVCLK + * Add an additional threshold grace period to ensure reset + * completion before initiating our first I2C transaction. + */ + usleep_range(1500, 1600); return 0; }

8 months

1
0
0 0

[git:media_tree/master] media: imx335: Fix reset-gpio handling

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: imx335: Fix reset-gpio handling Author: Umang Jain <umang.jain(a)ideasonboard.com> Date: Fri Aug 30 11:41:52 2024 +0530 Rectify the logical value of reset-gpio so that it is set to 0 (disabled) during power-on and to 1 (enabled) during power-off. Set the reset-gpio to GPIO_OUT_HIGH at initialization time to make sure it starts off in reset. Also drop the "Set XCLR" comment which is not-so-informative. The existing usage of imx335 had reset-gpios polarity inverted (GPIO_ACTIVE_HIGH) in their device-tree sources. With this patch included, those DTS will not be able to stream imx335 anymore. The reset-gpio polarity will need to be rectified in the device-tree sources as shown in [1] example, in order to get imx335 functional again (as it remains in reset prior to this fix). Cc: stable(a)vger.kernel.org Fixes: 45d19b5fb9ae ("media: i2c: Add imx335 camera sensor driver") Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Link: https://lore.kernel.org/linux-media/20240729110437.199428-1-umang.jain@idea… Signed-off-by: Umang Jain <umang.jain(a)ideasonboard.com> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/i2c/imx335.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) --- diff --git a/drivers/media/i2c/imx335.c b/drivers/media/i2c/imx335.c index 990d74214cc2..54a1de53d497 100644 --- a/drivers/media/i2c/imx335.c +++ b/drivers/media/i2c/imx335.c @@ -997,7 +997,7 @@ static int imx335_parse_hw_config(struct imx335 *imx335) /* Request optional reset pin */ imx335->reset_gpio = devm_gpiod_get_optional(imx335->dev, "reset", - GPIOD_OUT_LOW); + GPIOD_OUT_HIGH); if (IS_ERR(imx335->reset_gpio)) { dev_err(imx335->dev, "failed to get reset gpio %ld\n", PTR_ERR(imx335->reset_gpio)); @@ -1110,8 +1110,7 @@ static int imx335_power_on(struct device *dev) usleep_range(500, 550); /* Tlow */ - /* Set XCLR */ - gpiod_set_value_cansleep(imx335->reset_gpio, 1); + gpiod_set_value_cansleep(imx335->reset_gpio, 0); ret = clk_prepare_enable(imx335->inclk); if (ret) { @@ -1124,7 +1123,7 @@ static int imx335_power_on(struct device *dev) return 0; error_reset: - gpiod_set_value_cansleep(imx335->reset_gpio, 0); + gpiod_set_value_cansleep(imx335->reset_gpio, 1); regulator_bulk_disable(ARRAY_SIZE(imx335_supply_name), imx335->supplies); return ret; @@ -1141,7 +1140,7 @@ static int imx335_power_off(struct device *dev) struct v4l2_subdev *sd = dev_get_drvdata(dev); struct imx335 *imx335 = to_imx335(sd); - gpiod_set_value_cansleep(imx335->reset_gpio, 0); + gpiod_set_value_cansleep(imx335->reset_gpio, 1); clk_disable_unprepare(imx335->inclk); regulator_bulk_disable(ARRAY_SIZE(imx335_supply_name), imx335->supplies);

8 months

1
0
0 0

Re: [PATCH 6.10 000/183] 6.10.9-rc2 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

8 months

1
0
0 0

[PATCH 1/2 4.19.y] ALSA: usb-audio: Sanity checks for each pipe and EP types

by Takashi Iwai

[ Upstream commit 801ebf1043ae7b182588554cc9b9ad3c14bc2ab5 ] The recent USB core code performs sanity checks for the given pipe and EP types, and it can be hit by manipulated USB descriptors by syzbot. For making syzbot happier, this patch introduces a local helper for a sanity check in the driver side and calls it at each place before the message handling, so that we can avoid the WARNING splats. Reported-by: syzbot+d952e5e28f5fb7718d23(a)syzkaller.appspotmail.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> --- sound/usb/helper.c | 17 +++++++++++++++++ sound/usb/helper.h | 1 + sound/usb/quirks.c | 14 +++++++++++--- 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/sound/usb/helper.c b/sound/usb/helper.c index 7712e2b84183..b1cc9499c57e 100644 --- a/sound/usb/helper.c +++ b/sound/usb/helper.c @@ -76,6 +76,20 @@ void *snd_usb_find_csint_desc(void *buffer, int buflen, void *after, u8 dsubtype return NULL; } +/* check the validity of pipe and EP types */ +int snd_usb_pipe_sanity_check(struct usb_device *dev, unsigned int pipe) +{ + static const int pipetypes[4] = { + PIPE_CONTROL, PIPE_ISOCHRONOUS, PIPE_BULK, PIPE_INTERRUPT + }; + struct usb_host_endpoint *ep; + + ep = usb_pipe_endpoint(dev, pipe); + if (usb_pipetype(pipe) != pipetypes[usb_endpoint_type(&ep->desc)]) + return -EINVAL; + return 0; +} + /* * Wrapper for usb_control_msg(). * Allocates a temp buffer to prevent dmaing from/to the stack. @@ -88,6 +102,9 @@ int snd_usb_ctl_msg(struct usb_device *dev, unsigned int pipe, __u8 request, void *buf = NULL; int timeout; + if (snd_usb_pipe_sanity_check(dev, pipe)) + return -EINVAL; + if (size > 0) { buf = kmemdup(data, size, GFP_KERNEL); if (!buf) diff --git a/sound/usb/helper.h b/sound/usb/helper.h index f5b4c6647e4d..5e8a18b4e7b9 100644 --- a/sound/usb/helper.h +++ b/sound/usb/helper.h @@ -7,6 +7,7 @@ unsigned int snd_usb_combine_bytes(unsigned char *bytes, int size); void *snd_usb_find_desc(void *descstart, int desclen, void *after, u8 dtype); void *snd_usb_find_csint_desc(void *descstart, int desclen, void *after, u8 dsubtype); +int snd_usb_pipe_sanity_check(struct usb_device *dev, unsigned int pipe); int snd_usb_ctl_msg(struct usb_device *dev, unsigned int pipe, __u8 request, __u8 requesttype, __u16 value, __u16 index, void *data, __u16 size); diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c index 43cbaaff163f..087eef5e249d 100644 --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -743,11 +743,13 @@ static int snd_usb_novation_boot_quirk(struct usb_device *dev) static int snd_usb_accessmusic_boot_quirk(struct usb_device *dev) { int err, actual_length; - /* "midi send" enable */ static const u8 seq[] = { 0x4e, 0x73, 0x52, 0x01 }; + void *buf; - void *buf = kmemdup(seq, ARRAY_SIZE(seq), GFP_KERNEL); + if (snd_usb_pipe_sanity_check(dev, usb_sndintpipe(dev, 0x05))) + return -EINVAL; + buf = kmemdup(seq, ARRAY_SIZE(seq), GFP_KERNEL); if (!buf) return -ENOMEM; err = usb_interrupt_msg(dev, usb_sndintpipe(dev, 0x05), buf, @@ -772,7 +774,11 @@ static int snd_usb_accessmusic_boot_quirk(struct usb_device *dev) static int snd_usb_nativeinstruments_boot_quirk(struct usb_device *dev) { - int ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), + int ret; + + if (snd_usb_pipe_sanity_check(dev, usb_sndctrlpipe(dev, 0))) + return -EINVAL; + ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), 0xaf, USB_TYPE_VENDOR | USB_RECIP_DEVICE, 1, 0, NULL, 0, 1000); @@ -879,6 +885,8 @@ static int snd_usb_axefx3_boot_quirk(struct usb_device *dev) dev_dbg(&dev->dev, "Waiting for Axe-Fx III to boot up...\n"); + if (snd_usb_pipe_sanity_check(dev, usb_sndctrlpipe(dev, 0))) + return -EINVAL; /* If the Axe-Fx III has not fully booted, it will timeout when trying * to enable the audio streaming interface. A more generous timeout is * used here to detect when the Axe-Fx III has finished booting as the -- 2.45.2

8 months

3
4
0 0

[PATCH v5 0/2] Fix perf adjust period algorithm

by Luo Gengkun

--- Changes in v5: 1. Read the time once at the beginning instead of each loop 2. Add reviewed by Link to v4: https://lore.kernel.org/all/20240821134227.577544-1-luogengkun@huaweicloud.… Changes in v4: 1. Rebase the patch 2. Tidy up the commit message 3. Modify the code style Link to v3: https://lore.kernel.org/all/20240810102406.1190402-1-luogengkun@huaweicloud… Changes in v3: 1. Replace perf_clock with jiffies in perf_adjust_freq_unthr_context Link to v2: https://lore.kernel.org/all/20240417115446.2908769-1-luogengkun@huaweicloud… Changes in v2: 1. Add reviewed by for perf/core: Fix small negative period being ignored 2. Add new patch perf/core: Fix incorrected time diff in tick adjust period Link to v1: https://lore.kernel.org/all/20240116083915.2859302-1-luogengkun2@huawei.com/ --- Luo Gengkun (2): perf/core: Fix small negative period being ignored perf/core: Fix incorrect time diff in tick adjust period include/linux/perf_event.h | 1 + kernel/events/core.c | 18 ++++++++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) -- 2.34.1

8 months

4
7
0 0

[tip: perf/core] bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()

by tip-bot2 for Oleg Nesterov

The following commit has been merged into the perf/core branch of tip: Commit-ID: 5fe6e308abaea082c20fbf2aa5df8e14495622cf Gitweb: https://git.kernel.org/tip/5fe6e308abaea082c20fbf2aa5df8e14495622cf Author: Oleg Nesterov <oleg(a)redhat.com> AuthorDate: Tue, 13 Aug 2024 17:25:24 +02:00 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Thu, 05 Sep 2024 16:56:13 +02:00 bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's without calling bpf_uprobe_unregister(). This leaks bpf_uprobe->uprobe and worse, this frees bpf_uprobe->consumer without removing it from the uprobe->consumers list. Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link") Closes: https://lore.kernel.org/all/000000000000382d39061f59f2dd@google.com/ Reported-by: syzbot+f7a1c2c2711e4a780f19(a)syzkaller.appspotmail.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Tested-by: syzbot+f7a1c2c2711e4a780f19(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240813152524.GA7292@redhat.com --- kernel/trace/bpf_trace.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 4e391da..90cd30e 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -3484,17 +3484,20 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr &uprobes[i].consumer); if (IS_ERR(uprobes[i].uprobe)) { err = PTR_ERR(uprobes[i].uprobe); - bpf_uprobe_unregister(uprobes, i); - goto error_free; + link->cnt = i; + goto error_unregister; } } err = bpf_link_prime(&link->link, &link_primer); if (err) - goto error_free; + goto error_unregister; return bpf_link_settle(&link_primer); +error_unregister: + bpf_uprobe_unregister(uprobes, link->cnt); + error_free: kvfree(uprobes); kfree(link);

8 months

1
0
0 0

[PATCH RFC v2 00/10] extensible syscalls: CHECK_FIELDS to allow for easier feature detection

by Aleksa Sarai

This is something that I've been thinking about for a while. We had a discussion at LPC 2020 about this[1] but the proposals suggested there never materialised. In short, it is quite difficult for userspace to detect the feature capability of syscalls at runtime. This is something a lot of programs want to do, but they are forced to create elaborate scenarios to try to figure out if a feature is supported without causing damage to the system. For the vast majority of cases, each individual feature also needs to be tested individually (because syscall results are all-or-nothing), so testing even a single syscall's feature set can easily inflate the startup time of programs. This patchset implements the fairly minimal design I proposed in this talk[2] and in some old LKML threads (though I can't find the exact references ATM). The general flow looks like: 1. Userspace will indicate to the kernel that a syscall should a be no-op by setting the top bit of the extensible struct size argument. We will almost certainly never support exabyte sized structs, so the top bits are free for us to use as makeshift flag bits. This is preferable to using the per-syscall flag field inside the structure because seccomp can easily detect the bit in the flag and allow the probe or forcefully return -EEXTSYS_NOOP. 2. The kernel will then fill the provided structure with every valid bit pattern that the current kernel understands. For flags or other bitflag-like fields, this is the set of valid flags or bits. For pointer fields or fields that take an arbitrary value, the field has every bit set (0xFF... to fill the field) to indicate that any value is valid in the field. 3. The syscall then returns -EEXTSYS_NOOP which is an errno that will only ever be used for this purpose (so userspace can be sure that the request succeeded). On older kernels, the syscall will return a different error (usually -E2BIG or -EFAULT) and userspace can do their old-fashioned checks. 4. Userspace can then check which flags and fields are supported by looking at the fields in the returned structure. Flags are checked by doing an AND with the flags field, and field support can checked by comparing to 0. In principle you could just AND the entire structure if you wanted to do this check generically without caring about the structure contents (this is what libraries might consider doing). Userspace can even find out the internal kernel structure size by passing a PAGE_SIZE buffer and seeing how many bytes are non-zero. As with copy_struct_from_user(), this is designed to be forward- and backwards- compatible. This allows programas to get a one-shot understanding of what features a syscall supports without having to do any elaborate setups or tricks to detect support for destructive features. Flags can simply be ANDed to check if they are in the supported set, and fields can just be checked to see if they are non-zero. This patchset is IMHO the simplest way we can add the ability to introspect the feature set of extensible struct (copy_struct_from_user) syscalls. It doesn't preclude the chance of a more generic mechanism being added later. The intended way of using this interface to get feature information looks something like the following (imagine that openat2 has gained a new field and a new flag in the future): static bool openat2_no_automount_supported; static bool openat2_cwd_fd_supported; int check_openat2_support(void) { int err; struct open_how how = {}; err = openat2(AT_FDCWD, ".", &how, CHECK_FIELDS | sizeof(how)); assert(err < 0); switch (errno) { case EFAULT: case E2BIG: /* Old kernel... */ check_support_the_old_way(); break; case EEXTSYS_NOOP: openat2_no_automount_supported = (how.flags & RESOLVE_NO_AUTOMOUNT); openat2_cwd_fd_supported = (how.cwd_fd != 0); break; } } This series adds CHECK_FIELDS support for the following extensible struct syscalls, as they are quite likely to grow flags in the near future: * openat2 * clone3 * mount_setattr [1]: https://lwn.net/Articles/830666/ [2]: https://youtu.be/ggD-eb3yPVs Signed-off-by: Aleksa Sarai <cyphar(a)cyphar.com> --- Changes in v2: - Add CHECK_FIELDS support to mount_setattr(2). - Fix build failure on architectures with custom errno values. - Rework selftests to use the tools/ uAPI headers rather than custom defining EEXTSYS_NOOP. - Make sure we return -EINVAL and -E2BIG for invalid sizes even if CHECK_FIELDS is set, and add some tests for that. - v1: <https://lore.kernel.org/r/20240902-extensible-structs-check_fields-v1-0-545…> --- Aleksa Sarai (10): uaccess: add copy_struct_to_user helper sched_getattr: port to copy_struct_to_user openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) openat2: add CHECK_FIELDS flag to usize argument selftests: openat2: add 0xFF poisoned data after misaligned struct selftests: openat2: add CHECK_FIELDS selftests clone3: add CHECK_FIELDS flag to usize argument selftests: clone3: add CHECK_FIELDS selftests mount_setattr: add CHECK_FIELDS flag to usize argument selftests: mount_setattr: add CHECK_FIELDS selftest arch/alpha/include/uapi/asm/errno.h | 3 + arch/mips/include/uapi/asm/errno.h | 3 + arch/parisc/include/uapi/asm/errno.h | 3 + arch/sparc/include/uapi/asm/errno.h | 3 + fs/namespace.c | 17 ++ fs/open.c | 18 ++ include/linux/uaccess.h | 98 ++++++++ include/uapi/asm-generic/errno.h | 3 + include/uapi/linux/openat2.h | 2 + kernel/fork.c | 30 ++- kernel/sched/syscalls.c | 42 +--- tools/arch/alpha/include/uapi/asm/errno.h | 3 + tools/arch/mips/include/uapi/asm/errno.h | 3 + tools/arch/parisc/include/uapi/asm/errno.h | 3 + tools/arch/sparc/include/uapi/asm/errno.h | 3 + tools/include/uapi/asm-generic/errno.h | 3 + tools/include/uapi/asm-generic/posix_types.h | 101 ++++++++ tools/testing/selftests/clone3/.gitignore | 1 + tools/testing/selftests/clone3/Makefile | 4 +- .../testing/selftests/clone3/clone3_check_fields.c | 264 +++++++++++++++++++++ tools/testing/selftests/mount_setattr/Makefile | 2 +- .../selftests/mount_setattr/mount_setattr_test.c | 53 ++++- tools/testing/selftests/openat2/Makefile | 2 + tools/testing/selftests/openat2/openat2_test.c | 165 ++++++++++++- 24 files changed, 778 insertions(+), 51 deletions(-) --- base-commit: 431c1646e1f86b949fa3685efc50b660a364c2b6 change-id: 20240803-extensible-structs-check_fields-a47e94cef691 Best regards, -- Aleksa Sarai <cyphar(a)cyphar.com>

8 months

1
1
0 0

[PATCH 11/12] xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.

by Mathias Nyman

PCI xHC host should be stopped and xhci driver memory freed before putting host to PCI D3 state during PCI remove callback. Hosts with XHCI_SPURIOUS_WAKEUP quirk did this the wrong way around and set the host to D3 before calling usb_hcd_pci_remove(dev), which will access the host to stop it, and then free xhci. Fixes: f1f6d9a8b540 ("xhci: don't dereference a xhci member after removing xhci") Cc: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-pci.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 526739af2070..de50f5ba60df 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -657,8 +657,10 @@ static int xhci_pci_probe(struct pci_dev *dev, const struct pci_device_id *id) void xhci_pci_remove(struct pci_dev *dev) { struct xhci_hcd *xhci; + bool set_power_d3; xhci = hcd_to_xhci(pci_get_drvdata(dev)); + set_power_d3 = xhci->quirks & XHCI_SPURIOUS_WAKEUP; xhci->xhc_state |= XHCI_STATE_REMOVING; @@ -671,11 +673,11 @@ void xhci_pci_remove(struct pci_dev *dev) xhci->shared_hcd = NULL; } + usb_hcd_pci_remove(dev); + /* Workaround for spurious wakeups at shutdown with HSW */ - if (xhci->quirks & XHCI_SPURIOUS_WAKEUP) + if (set_power_d3) pci_set_power_state(dev, PCI_D3hot); - - usb_hcd_pci_remove(dev); } EXPORT_SYMBOL_NS_GPL(xhci_pci_remove, xhci); -- 2.25.1

8 months

1
0
0 0

[PATCH v2] cxl/region: Fix bad logic for finding a free switch cxl decoder

by Zijun Hu

From: Zijun Hu <quic_zijuhu(a)quicinc.com> It is bad for current match_free_decoder()'s logic to find a free switch cxl decoder as explained below: - If all child decoders are sorted by ID in ascending order, then current logic can be simplified as below one: static int match_free_decoder(struct device *dev, void *data) { struct cxl_decoder *cxld; if (!is_switch_decoder(dev)) return 0; cxld = to_cxl_decoder(dev); return cxld->region ? 0 : 1; } dev = device_find_child(&port->dev, NULL, match_free_decoder); which does not also need to modify device_find_child()'s match data. - If all child decoders are NOT sorted by ID in ascending order, then current logic are wrong as explained below: F: free, (cxld->region == NULL) B: busy, (cxld->region != NULL) S(n)F : State of switch cxl_decoder with ID n is Free S(n)B : State of switch cxl_decoder with ID n is Busy Provided there are 2 child decoders: S(1)F -> S(0)B, then current logic will fail to find a free decoder even if there are a free one with ID 1 Anyway, current logic is not good, fixed by finding a free switch cxl decoder with minimal ID. Fixes: 384e624bb211 ("cxl/region: Attach endpoint decoders") Closes: https://lore.kernel.org/all/cdfc6f98-1aa0-4cb5-bd7d-93256552c39b@icloud.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v2: - Correct title and commit message - Link to v1: https://lore.kernel.org/r/20240903-fix_cxld-v1-1-61acba7198ae@quicinc.com --- drivers/cxl/core/region.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/drivers/cxl/core/region.c b/drivers/cxl/core/region.c index 21ad5f242875..b9607b4fc40b 100644 --- a/drivers/cxl/core/region.c +++ b/drivers/cxl/core/region.c @@ -797,21 +797,26 @@ static size_t show_targetN(struct cxl_region *cxlr, char *buf, int pos) static int match_free_decoder(struct device *dev, void *data) { struct cxl_decoder *cxld; - int *id = data; + struct cxl_decoder *target_cxld; + struct device **target_device = data; if (!is_switch_decoder(dev)) return 0; cxld = to_cxl_decoder(dev); - - /* enforce ordered allocation */ - if (cxld->id != *id) + if (cxld->region) return 0; - if (!cxld->region) - return 1; - - (*id)++; + if (!*target_device) { + *target_device = get_device(dev); + return 0; + } + /* enforce ordered allocation */ + target_cxld = to_cxl_decoder(*target_device); + if (cxld->id < target_cxld->id) { + put_device(*target_device); + *target_device = get_device(dev); + } return 0; } @@ -839,8 +844,7 @@ cxl_region_find_decoder(struct cxl_port *port, struct cxl_endpoint_decoder *cxled, struct cxl_region *cxlr) { - struct device *dev; - int id = 0; + struct device *dev = NULL; if (port == cxled_to_port(cxled)) return &cxled->cxld; @@ -849,7 +853,8 @@ cxl_region_find_decoder(struct cxl_port *port, dev = device_find_child(&port->dev, &cxlr->params, match_auto_decoder); else - dev = device_find_child(&port->dev, &id, match_free_decoder); + /* Need to put_device(@dev) after use */ + device_for_each_child(&port->dev, &dev, match_free_decoder); if (!dev) return NULL; /* --- base-commit: 67784a74e258a467225f0e68335df77acd67b7ab change-id: 20240903-fix_cxld-4f6575a90619 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

8 months

1
0
0 0

[PATCH 2/2 4.19.y] ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check

by Hillf Danton

[ Upstream commit 5d78e1c2b7f4be00bbe62141603a631dc7812f35 ] syzbot found the following crash on: general protection fault: 0000 [#1] SMP KASAN RIP: 0010:snd_usb_pipe_sanity_check+0x80/0x130 sound/usb/helper.c:75 Call Trace: snd_usb_motu_microbookii_communicate.constprop.0+0xa0/0x2fb sound/usb/quirks.c:1007 snd_usb_motu_microbookii_boot_quirk sound/usb/quirks.c:1051 [inline] snd_usb_apply_boot_quirk.cold+0x163/0x370 sound/usb/quirks.c:1280 usb_audio_probe+0x2ec/0x2010 sound/usb/card.c:576 usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361 really_probe+0x281/0x650 drivers/base/dd.c:548 .... It was introduced in commit 801ebf1043ae for checking pipe and endpoint types. It is fixed by adding a check of the ep pointer in question. BugLink: https://syzkaller.appspot.com/bug?extid=d59c4387bfb6eced94e2 Reported-by: syzbot <syzbot+d59c4387bfb6eced94e2(a)syzkaller.appspotmail.com> Fixes: 801ebf1043ae ("ALSA: usb-audio: Sanity checks for each pipe and EP types") Cc: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Hillf Danton <hdanton(a)sina.com> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> --- sound/usb/helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/usb/helper.c b/sound/usb/helper.c index b1cc9499c57e..029489b490ca 100644 --- a/sound/usb/helper.c +++ b/sound/usb/helper.c @@ -85,7 +85,7 @@ int snd_usb_pipe_sanity_check(struct usb_device *dev, unsigned int pipe) struct usb_host_endpoint *ep; ep = usb_pipe_endpoint(dev, pipe); - if (usb_pipetype(pipe) != pipetypes[usb_endpoint_type(&ep->desc)]) + if (!ep || usb_pipetype(pipe) != pipetypes[usb_endpoint_type(&ep->desc)]) return -EINVAL; return 0; } -- 2.45.2

8 months

1
0
0 0

[PATCH 0/2 4.19.y] ALSA: usb-audio: sanity checks for pipes

by Dan Carpenter

Backporting the sanity checks on pipes seems like a good idea. These are basically the same as Takashi Iwai's patches upstream. The difference is that upstream added two sanity checks to code that doesn't exist in 4.19. I had talked about backporting fcc2cc1f3561 ("USB: move snd_usb_pipe_sanity_check into the USB core") but that's just a refactor and not a bug fix. Hillf Danton (1): ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check Takashi Iwai (1): ALSA: usb-audio: Sanity checks for each pipe and EP types sound/usb/helper.c | 17 +++++++++++++++++ sound/usb/helper.h | 1 + sound/usb/quirks.c | 14 +++++++++++--- 3 files changed, 29 insertions(+), 3 deletions(-) -- 2.45.2

8 months

1
0
0 0

[PATCH 6.6 0/1] pm, restore async device resume optimization

by Yenchia Chen

We have met a deadlock issue on our device which use 5.15.y when resuming. After applying this patch which is picked from mainline, issue solved. Backport to 6.6.y also. Rafael J. Wysocki (1): PM: sleep: Restore asynchronous device resume optimization drivers/base/power/main.c | 117 +++++++++++++++++++++----------------- include/linux/pm.h | 1 + 2 files changed, 65 insertions(+), 53 deletions(-) -- 2.18.0

8 months

3
4
0 0

[PATCH 6/8] serial: qcom-geni: fix console corruption

by Johan Hovold

The Qualcomm serial console implementation is broken and can lose characters when the serial port is also used for tty output. Specifically, the console code only waits for the current tx command to complete when all data has already been written to the fifo. When there are on-going longer transfers this often means that console output is lost when the console code inadvertently "hijacks" the current tx command instead of starting a new one. This can, for example, be observed during boot when console output that should have been interspersed with init output is truncated: [ 9.462317] qcom-snps-eusb2-hsphy fde000.phy: Registered Qcom-eUSB2 phy [ OK ] Found device KBG50ZNS256G KIOXIA Wi[ 9.471743ndows. [ 9.539915] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller Add a new state variable to track how much data has been written to the fifo and use it to determine when the fifo and shift register are both empty. This is needed since there is currently no other known way to determine when the shift register is empty. This in turn allows the console code to interrupt long transfers without losing data. Note that the oops-in-progress case is similarly broken as it does not cancel any active command and also waits for the wrong status flag when attempting to drain the fifo (TX_FIFO_NOT_EMPTY_EN is only set when cancelling a command leaves data in the fifo). Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Fixes: 9e957a155005 ("serial: qcom-geni: Don't cancel/abort if we can't get the port lock") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 48 ++++++++++++++------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 7029c39a9a21..be620c5703f5 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -131,6 +131,7 @@ struct qcom_geni_serial_port { bool brk; unsigned int tx_remaining; + unsigned int tx_queued; int wakeup_irq; bool rx_tx_swap; bool cts_rts_swap; @@ -144,6 +145,8 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); + static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { return container_of(uport, struct qcom_geni_serial_port, uport); @@ -308,6 +311,17 @@ static bool qcom_geni_serial_poll_bit(struct uart_port *uport, return qcom_geni_serial_poll_bitfield(uport, offset, field, set ? field : 0); } +static void qcom_geni_serial_drain_fifo(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + if (!qcom_geni_serial_main_active(uport)) + return; + + qcom_geni_serial_poll_bitfield(uport, SE_GENI_M_GP_LENGTH, GP_LENGTH, + port->tx_queued); +} + static void qcom_geni_serial_setup_tx(struct uart_port *uport, u32 xmit_size) { u32 m_cmd; @@ -476,7 +490,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, struct qcom_geni_serial_port *port; bool locked = true; unsigned long flags; - u32 geni_status; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -490,34 +503,20 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, else uart_port_lock_irqsave(uport, &flags); - geni_status = readl(uport->membase + SE_GENI_STATUS); + if (qcom_geni_serial_main_active(uport)) { + /* Wait for completion or drain FIFO */ + if (!locked || port->tx_remaining == 0) + qcom_geni_serial_poll_tx_done(uport); + else + qcom_geni_serial_drain_fifo(uport); - if (!locked) { - /* - * We can only get here if an oops is in progress then we were - * unable to get the lock. This means we can't safely access - * our state variables like tx_remaining. About the best we - * can do is wait for the FIFO to be empty before we start our - * transfer, so we'll do that. - */ - qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_NOT_EMPTY_EN, false); - } else if ((geni_status & M_GENI_CMD_ACTIVE) && !port->tx_remaining) { - /* - * It seems we can't interrupt existing transfers if all data - * has been sent, in which case we need to look for done first. - */ - qcom_geni_serial_poll_tx_done(uport); + qcom_geni_serial_cancel_tx_cmd(uport); } __qcom_geni_serial_console_write(uport, s, count); - - if (locked) { - if (port->tx_remaining) - qcom_geni_serial_setup_tx(uport, port->tx_remaining); + if (locked) uart_port_unlock_irqrestore(uport, flags); - } } static void handle_rx_console(struct uart_port *uport, u32 bytes, bool drop) @@ -698,6 +697,7 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); port->tx_remaining = 0; + port->tx_queued = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -924,6 +924,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!port->tx_remaining) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; + port->tx_queued = 0; irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); if (!(irq_en & M_TX_FIFO_WATERMARK_EN)) @@ -932,6 +933,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, } qcom_geni_serial_send_chunk_fifo(uport, chunk); + port->tx_queued += chunk; /* * The tx fifo watermark is level triggered and latched. Though we had -- 2.44.2

8 months

4
3
0 0

[git:media_tree/master] media: qcom: camss: Fix ordering of pm_runtime_enable

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: qcom: camss: Fix ordering of pm_runtime_enable Author: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Date: Mon Jul 29 13:42:03 2024 +0100 pm_runtime_enable() should happen prior to vfe_get() since vfe_get() calls pm_runtime_resume_and_get(). This is a basic race condition that doesn't show up for most users so is not widely reported. If you blacklist qcom-camss in modules.d and then subsequently modprobe the module post-boot it is possible to reliably show this error up. The kernel log for this error looks like this: qcom-camss ac5a000.camss: Failed to power up pipeline: -13 Fixes: 02afa816dbbf ("media: camss: Add basic runtime PM support") Reported-by: Johan Hovold <johan+linaro(a)kernel.org> Closes: https://lore.kernel.org/lkml/ZoVNHOTI0PKMNt4_@hovoldconsulting.com/ Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Konrad Dybcio <konradybcio(a)kernel.org> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/platform/qcom/camss/camss.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c index 51b1d3550421..d64985ca6e88 100644 --- a/drivers/media/platform/qcom/camss/camss.c +++ b/drivers/media/platform/qcom/camss/camss.c @@ -2283,6 +2283,8 @@ static int camss_probe(struct platform_device *pdev) v4l2_async_nf_init(&camss->notifier, &camss->v4l2_dev); + pm_runtime_enable(dev); + num_subdevs = camss_of_parse_ports(camss); if (num_subdevs < 0) { ret = num_subdevs; @@ -2323,8 +2325,6 @@ static int camss_probe(struct platform_device *pdev) } } - pm_runtime_enable(dev); - return 0; err_register_subdevs: @@ -2332,6 +2332,7 @@ err_register_subdevs: err_v4l2_device_unregister: v4l2_device_unregister(&camss->v4l2_dev); v4l2_async_nf_cleanup(&camss->notifier); + pm_runtime_disable(dev); err_genpd_cleanup: camss_genpd_cleanup(camss);

8 months

1
0
0 0

[git:media_tree/master] media: qcom: camss: Remove use_count guard in stop_streaming

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: qcom: camss: Remove use_count guard in stop_streaming Author: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Date: Mon Jul 29 13:42:02 2024 +0100 The use_count check was introduced so that multiple concurrent Raw Data Interfaces RDIs could be driven by different virtual channels VCs on the CSIPHY input driving the video pipeline. This is an invalid use of use_count though as use_count pertains to the number of times a video entity has been opened by user-space not the number of active streams. If use_count and stream-on count don't agree then stop_streaming() will break as is currently the case and has become apparent when using CAMSS with libcamera's released softisp 0.3. The use of use_count like this is a bit hacky and right now breaks regular usage of CAMSS for a single stream case. Stopping qcam results in the splat below, and then it cannot be started again and any attempts to do so fails with -EBUSY. [ 1265.509831] WARNING: CPU: 5 PID: 919 at drivers/media/common/videobuf2/videobuf2-core.c:2183 __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common] ... [ 1265.510630] Call trace: [ 1265.510636] __vb2_queue_cancel+0x230/0x2c8 [videobuf2_common] [ 1265.510648] vb2_core_streamoff+0x24/0xcc [videobuf2_common] [ 1265.510660] vb2_ioctl_streamoff+0x5c/0xa8 [videobuf2_v4l2] [ 1265.510673] v4l_streamoff+0x24/0x30 [videodev] [ 1265.510707] __video_do_ioctl+0x190/0x3f4 [videodev] [ 1265.510732] video_usercopy+0x304/0x8c4 [videodev] [ 1265.510757] video_ioctl2+0x18/0x34 [videodev] [ 1265.510782] v4l2_ioctl+0x40/0x60 [videodev] ... [ 1265.510944] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 0 in active state [ 1265.511175] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 1 in active state [ 1265.511398] videobuf2_common: driver bug: stop_streaming operation is leaving buffer 2 in active st One CAMSS specific way to handle multiple VCs on the same RDI might be: - Reference count each pipeline enable for CSIPHY, CSID, VFE and RDIx. - The video buffers are already associated with msm_vfeN_rdiX so release video buffers when told to do so by stop_streaming. - Only release the power-domains for the CSIPHY, CSID and VFE when their internal refcounts drop. Either way refusing to release video buffers based on use_count is erroneous and should be reverted. The silicon enabling code for selecting VCs is perfectly fine. Its a "known missing feature" that concurrent VCs won't work with CAMSS right now. Initial testing with this code didn't show an error but, SoftISP and "real" usage with Google Hangouts breaks the upstream code pretty quickly, we need to do a partial revert and take another pass at VCs. This commit partially reverts commit 89013969e232 ("media: camss: sm8250: Pipeline starting and stopping for multiple virtual channels") Fixes: 89013969e232 ("media: camss: sm8250: Pipeline starting and stopping for multiple virtual channels") Reported-by: Johan Hovold <johan+linaro(a)kernel.org> Closes: https://lore.kernel.org/lkml/ZoVNHOTI0PKMNt4_@hovoldconsulting.com/ Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/platform/qcom/camss/camss-video.c | 6 ------ 1 file changed, 6 deletions(-) --- diff --git a/drivers/media/platform/qcom/camss/camss-video.c b/drivers/media/platform/qcom/camss/camss-video.c index cd72feca618c..3b8fc31d957c 100644 --- a/drivers/media/platform/qcom/camss/camss-video.c +++ b/drivers/media/platform/qcom/camss/camss-video.c @@ -297,12 +297,6 @@ static void video_stop_streaming(struct vb2_queue *q) ret = v4l2_subdev_call(subdev, video, s_stream, 0); - if (entity->use_count > 1) { - /* Don't stop if other instances of the pipeline are still running */ - dev_dbg(video->camss->dev, "Video pipeline still used, don't stop streaming.\n"); - return; - } - if (ret) { dev_err(video->camss->dev, "Video pipeline stop failed: %d\n", ret); return;

8 months

1
0
0 0

[PATCH] net: drop bad gso csum_start and offset in virtio_net_hdr

by mathieu.tortuyaux＠gmail.com

From: Mathieu Tortuyaux <mtortuyaux(a)microsoft.com> [ Upstream commit 89add40066f9ed9abe5f7f886fe5789ff7e0c50e ] Tighten csum_start and csum_offset checks in virtio_net_hdr_to_skb for GSO packets. The function already checks that a checksum requested with VIRTIO_NET_HDR_F_NEEDS_CSUM is in skb linear. But for GSO packets this might not hold for segs after segmentation. Syzkaller demonstrated to reach this warning in skb_checksum_help offset = skb_checksum_start_offset(skb); ret = -EINVAL; if (WARN_ON_ONCE(offset >= skb_headlen(skb))) By injecting a TSO packet: WARNING: CPU: 1 PID: 3539 at net/core/dev.c:3284 skb_checksum_help+0x3d0/0x5b0 ip_do_fragment+0x209/0x1b20 net/ipv4/ip_output.c:774 ip_finish_output_gso net/ipv4/ip_output.c:279 [inline] __ip_finish_output+0x2bd/0x4b0 net/ipv4/ip_output.c:301 iptunnel_xmit+0x50c/0x930 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x2296/0x2c70 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x759/0xa60 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4850 [inline] netdev_start_xmit include/linux/netdevice.h:4864 [inline] xmit_one net/core/dev.c:3595 [inline] dev_hard_start_xmit+0x261/0x8c0 net/core/dev.c:3611 __dev_queue_xmit+0x1b97/0x3c90 net/core/dev.c:4261 packet_snd net/packet/af_packet.c:3073 [inline] The geometry of the bad input packet at tcp_gso_segment: [ 52.003050][ T8403] skb len=12202 headroom=244 headlen=12093 tailroom=0 [ 52.003050][ T8403] mac=(168,24) mac_len=24 net=(192,52) trans=244 [ 52.003050][ T8403] shinfo(txflags=0 nr_frags=1 gso(size=1552 type=3 segs=0)) [ 52.003050][ T8403] csum(0x60000c7 start=199 offset=1536 ip_summed=3 complete_sw=0 valid=0 level=0) Mitigate with stricter input validation. csum_offset: for GSO packets, deduce the correct value from gso_type. This is already done for USO. Extend it to TSO. Let UFO be: udp[46]_ufo_fragment ignores these fields and always computes the checksum in software. csum_start: finding the real offset requires parsing to the transport header. Do not add a parser, use existing segmentation parsing. Thanks to SKB_GSO_DODGY, that also catches bad packets that are hw offloaded. Again test both TSO and USO. Do not test UFO for the above reason, and do not test UDP tunnel offload. GSO packet are almost always CHECKSUM_PARTIAL. USO packets may be CHECKSUM_NONE since commit 10154db ("udp: Allow GSO transmit from devices with no checksum offload"), but then still these fields are initialized correctly in udp4_hwcsum/udp6_hwcsum_outgoing. So no need to test for ip_summed == CHECKSUM_PARTIAL first. This revises an existing fix mentioned in the Fixes tag, which broke small packets with GSO offload, as detected by kselftests. Link: https://syzkaller.appspot.com/bug?extid=e1db31216c789f552871 Link: https://lore.kernel.org/netdev/20240723223109.2196886-1-kuba@kernel.org Fixes: e269d79 ("net: missing check virtio") Cc: stable(a)vger.kernel.org Signed-off-by: Willem de Bruijn <willemb(a)google.com> Link: https://patch.msgid.link/20240729201108.1615114-1-willemdebruijn.kernel@gma… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Mathieu Tortuyaux <mtortuyaux(a)microsoft.com> --- Hi, This patch fixes network failures on OpenStack VMs running with Kernel 5.15.165. In 5.15.165, the commit "net: missing check virtio" is breaking networks on VMs that uses virtio in some conditions. I slightly adapted the patch to have it fitting this branch (5.15.y). Once patched and compiled it has been successfully tested on Flatcar CI with Kernel 5.15.165. NOTE: This patch has already been backported on other stable branches (like 6.6.y) Thanks, Mathieu - @tormath1 include/linux/virtio_net.h | 17 ++++++----------- net/ipv4/tcp_offload.c | 3 +++ net/ipv4/udp_offload.c | 4 ++++ 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h index 29b19d0a324c..d9410d97158d 100644 --- a/include/linux/virtio_net.h +++ b/include/linux/virtio_net.h @@ -51,7 +51,6 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, unsigned int thlen = 0; unsigned int p_off = 0; unsigned int ip_proto; - u64 ret, remainder, gso_size; if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { switch (hdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN) { @@ -88,16 +87,6 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, u32 off = __virtio16_to_cpu(little_endian, hdr->csum_offset); u32 needed = start + max_t(u32, thlen, off + sizeof(__sum16)); - if (hdr->gso_size) { - gso_size = __virtio16_to_cpu(little_endian, hdr->gso_size); - ret = div64_u64_rem(skb->len, gso_size, &remainder); - if (!(ret && (hdr->gso_size > needed) && - ((remainder > needed) || (remainder == 0)))) { - return -EINVAL; - } - skb_shinfo(skb)->tx_flags |= SKBFL_SHARED_FRAG; - } - if (!pskb_may_pull(skb, needed)) return -EINVAL; @@ -163,6 +152,12 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, if (gso_size == GSO_BY_FRAGS) return -EINVAL; + if ((gso_size & SKB_GSO_TCPV4) || + (gso_size & SKB_GSO_TCPV6)) { + if (skb->csum_offset != offsetof(struct tcphdr, check)) + return -EINVAL; + } + /* Too small packets are not really GSO ones. */ if (skb->len - nh_off > gso_size) { shinfo->gso_size = gso_size; diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c index fc61cd3fea65..76684cbd63a4 100644 --- a/net/ipv4/tcp_offload.c +++ b/net/ipv4/tcp_offload.c @@ -71,6 +71,9 @@ struct sk_buff *tcp_gso_segment(struct sk_buff *skb, if (thlen < sizeof(*th)) goto out; + if (unlikely(skb_checksum_start(skb) != skb_transport_header(skb))) + goto out; + if (!pskb_may_pull(skb, thlen)) goto out; diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c index c61268849948..61773a26fb34 100644 --- a/net/ipv4/udp_offload.c +++ b/net/ipv4/udp_offload.c @@ -279,6 +279,10 @@ struct sk_buff *__udp_gso_segment(struct sk_buff *gso_skb, if (gso_skb->len <= sizeof(*uh) + mss) return ERR_PTR(-EINVAL); + if (unlikely(skb_checksum_start(gso_skb) != + skb_transport_header(gso_skb))) + return ERR_PTR(-EINVAL); + skb_pull(gso_skb, sizeof(*uh)); /* clear destructor to avoid skb_segment assigning it to tail */ -- 2.44.2

8 months

3
2
0 0

[PATCH] mt76: mt7615: check devm_kasprintf() returned value

by Ma Ke

devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 0bb4e9187ea4 ("mt76: mt7615: fix hwmon temp sensor mem use-after-free") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/net/wireless/mediatek/mt76/mt7615/init.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/init.c b/drivers/net/wireless/mediatek/mt76/mt7615/init.c index f7722f67db57..0b9ebdcda221 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7615/init.c +++ b/drivers/net/wireless/mediatek/mt76/mt7615/init.c @@ -56,6 +56,9 @@ int mt7615_thermal_init(struct mt7615_dev *dev) name = devm_kasprintf(&wiphy->dev, GFP_KERNEL, "mt7615_%s", wiphy_name(wiphy)); + if (!name) + return -ENOMEM; + hwmon = devm_hwmon_device_register_with_groups(&wiphy->dev, name, dev, mt7615_hwmon_groups); return PTR_ERR_OR_ZERO(hwmon); -- 2.25.1

8 months

2
1
0 0

[PATCH v4.19-v5.10] virtio_net: Fix napi_skb_cache_put warning

by Shivani Agarwal

From: Breno Leitao <leitao(a)debian.org> [ Upstream commit f8321fa75102246d7415a6af441872f6637c93ab ] After the commit bdacf3e34945 ("net: Use nested-BH locking for napi_alloc_cache.") was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 handle_bug+0x3d/0x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+0x1a/0x20 __free_old_xmit+0x1c8/0x510 napi_skb_cache_put+0x82/0x4b0 __free_old_xmit+0x1c8/0x510 __free_old_xmit+0x1c8/0x510 __pfx___free_old_xmit+0x10/0x10 The issue arises because virtio is assuming it's running in NAPI context even when it's not, such as in the netpoll case. To resolve this, modify virtnet_poll_tx() to only set NAPI when budget is available. Same for virtnet_poll_cleantx(), which always assumed that it was in a NAPI context. Fixes: df133f3f9625 ("virtio_net: bulk free tx skbs") Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Jakub Kicinski <kuba(a)kernel.org> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Reviewed-by: Heng Qi <hengqi(a)linux.alibaba.com> Link: https://patch.msgid.link/20240712115325.54175-1-leitao@debian.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Shivani: Modified to apply on v4.19.y-v5.10.y] Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- drivers/net/virtio_net.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index f7ed99561..99dea89b2 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -1497,7 +1497,7 @@ static bool is_xdp_raw_buffer_queue(struct virtnet_info *vi, int q) return false; } -static void virtnet_poll_cleantx(struct receive_queue *rq) +static void virtnet_poll_cleantx(struct receive_queue *rq, int budget) { struct virtnet_info *vi = rq->vq->vdev->priv; unsigned int index = vq2rxq(rq->vq); @@ -1508,7 +1508,7 @@ static void virtnet_poll_cleantx(struct receive_queue *rq) return; if (__netif_tx_trylock(txq)) { - free_old_xmit_skbs(sq, true); + free_old_xmit_skbs(sq, !!budget); __netif_tx_unlock(txq); } @@ -1525,7 +1525,7 @@ static int virtnet_poll(struct napi_struct *napi, int budget) unsigned int received; unsigned int xdp_xmit = 0; - virtnet_poll_cleantx(rq); + virtnet_poll_cleantx(rq, budget); received = virtnet_receive(rq, budget, &xdp_xmit); @@ -1598,7 +1598,7 @@ static int virtnet_poll_tx(struct napi_struct *napi, int budget) txq = netdev_get_tx_queue(vi->dev, index); __netif_tx_lock(txq, raw_smp_processor_id()); virtqueue_disable_cb(sq->vq); - free_old_xmit_skbs(sq, true); + free_old_xmit_skbs(sq, !!budget); opaque = virtqueue_enable_cb_prepare(sq->vq); -- 2.39.4

8 months

2
1
0 0

[PATCH v3] usb: xhci: fix loss of data on Cadence xHC

by Pawel Laszczak

Streams should flush their TRB cache, re-read TRBs, and start executing TRBs from the beginning of the new dequeue pointer after a 'Set TR Dequeue Pointer' command. Cadence controllers may fail to start from the beginning of the dequeue TRB as it doesn't clear the Opaque 'RsvdO' field of the stream context during 'Set TR Dequeue' command. This stream context area is where xHC stores information about the last partially executed TD when a stream is stopped. xHC uses this information to resume the transfer where it left mid TD, when the stream is restarted. Patch fixes this by clearing out all RsvdO fields before initializing new Stream transfer using a 'Set TR Dequeue Pointer' command. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v3: - changed patch to patch Cadence specific v2: - removed restoring of EDTLA field drivers/usb/cdns3/host.c | 4 +++- drivers/usb/host/xhci-pci.c | 7 +++++++ drivers/usb/host/xhci-ring.c | 14 ++++++++++++++ drivers/usb/host/xhci.h | 1 + 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/host.c b/drivers/usb/cdns3/host.c index ceca4d839dfd..7ba760ee62e3 100644 --- a/drivers/usb/cdns3/host.c +++ b/drivers/usb/cdns3/host.c @@ -62,7 +62,9 @@ static const struct xhci_plat_priv xhci_plat_cdns3_xhci = { .resume_quirk = xhci_cdns3_resume_quirk, }; -static const struct xhci_plat_priv xhci_plat_cdnsp_xhci; +static const struct xhci_plat_priv xhci_plat_cdnsp_xhci = { + .quirks = XHCI_CDNS_SCTX_QUIRK, +}; static int __cdns_host_init(struct cdns *cdns) { diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index b9ae5c2a2527..9199dbfcea07 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -74,6 +74,9 @@ #define PCI_DEVICE_ID_ASMEDIA_2142_XHCI 0x2142 #define PCI_DEVICE_ID_ASMEDIA_3242_XHCI 0x3242 +#define PCI_DEVICE_ID_CADENCE 0x17CD +#define PCI_DEVICE_ID_CADENCE_SSP 0x0200 + static const char hcd_name[] = "xhci_hcd"; static struct hc_driver __read_mostly xhci_pci_hc_driver; @@ -532,6 +535,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; } + if (pdev->vendor == PCI_DEVICE_ID_CADENCE && + pdev->device == PCI_DEVICE_ID_CADENCE_SSP) + xhci->quirks |= XHCI_CDNS_SCTX_QUIRK; + /* xHC spec requires PCI devices to support D3hot and D3cold */ if (xhci->hci_version >= 0x120) xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW; diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 1dde53f6eb31..a1ad2658c0c7 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1386,6 +1386,20 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, struct xhci_stream_ctx *ctx = &ep->stream_info->stream_ctx_array[stream_id]; deq = le64_to_cpu(ctx->stream_ring) & SCTX_DEQ_MASK; + + /* + * Cadence xHCI controllers store some endpoint state + * information within Rsvd0 fields of Stream Endpoint + * context. This field is not cleared during Set TR + * Dequeue Pointer command which causes XDMA to skip + * over transfer ring and leads to data loss on stream + * pipe. + * To fix this issue driver must clear Rsvd0 field. + */ + if (xhci->quirks & XHCI_CDNS_SCTX_QUIRK) { + ctx->reserved[0] = 0; + ctx->reserved[1] = 0; + } } else { deq = le64_to_cpu(ep_ctx->deq) & ~EP_CTX_CYCLE_MASK; } diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 101e74c9060f..4cbd58eed214 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1907,6 +1907,7 @@ struct xhci_hcd { #define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) +#define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48) unsigned int num_active_eps; unsigned int limit_active_eps; -- 2.43.0

8 months

2
1
0 0

[PATCH v2] drm/panthor: flush FW AS caches in slow reset path

by Adrián Larumbe

In the off-chance that waiting for the firmware to signal its booted status timed out in the fast reset path, one must flush the cache lines for the entire FW VM address space before reloading the regions, otherwise stale values eventually lead to a scheduler job timeout. Fixes: 647810ec2476 ("drm/panthor: Add the MMU/VM logical block") Cc: stable(a)vger.kernel.org Signed-off-by: Adrián Larumbe <adrian.larumbe(a)collabora.com> Acked-by: Liviu Dudau <liviu.dudau(a)arm.com> --- drivers/gpu/drm/panthor/panthor_fw.c | 8 +++++++- drivers/gpu/drm/panthor/panthor_mmu.c | 21 ++++++++++++++++++--- drivers/gpu/drm/panthor/panthor_mmu.h | 1 + 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/panthor/panthor_fw.c b/drivers/gpu/drm/panthor/panthor_fw.c index 857f3f11258a..ef232c0c2049 100644 --- a/drivers/gpu/drm/panthor/panthor_fw.c +++ b/drivers/gpu/drm/panthor/panthor_fw.c @@ -1089,6 +1089,12 @@ int panthor_fw_post_reset(struct panthor_device *ptdev) panthor_fw_stop(ptdev); ptdev->fw->fast_reset = false; drm_err(&ptdev->base, "FW fast reset failed, trying a slow reset"); + + ret = panthor_vm_flush_all(ptdev->fw->vm); + if (ret) { + drm_err(&ptdev->base, "FW slow reset failed (couldn't flush FW's AS l2cache)"); + return ret; + } } /* Reload all sections, including RO ones. We're not supposed @@ -1099,7 +1105,7 @@ int panthor_fw_post_reset(struct panthor_device *ptdev) ret = panthor_fw_start(ptdev); if (ret) { - drm_err(&ptdev->base, "FW slow reset failed"); + drm_err(&ptdev->base, "FW slow reset failed (couldn't start the FW )"); return ret; } diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c b/drivers/gpu/drm/panthor/panthor_mmu.c index d47972806d50..bbc12728437f 100644 --- a/drivers/gpu/drm/panthor/panthor_mmu.c +++ b/drivers/gpu/drm/panthor/panthor_mmu.c @@ -576,6 +576,12 @@ static int mmu_hw_do_operation_locked(struct panthor_device *ptdev, int as_nr, if (as_nr < 0) return 0; + /* + * If the AS number is greater than zero, then we can be sure + * the device is up and running, so we don't need to explicitly + * power it up + */ + if (op != AS_COMMAND_UNLOCK) lock_region(ptdev, as_nr, iova, size); @@ -874,14 +880,23 @@ static int panthor_vm_flush_range(struct panthor_vm *vm, u64 iova, u64 size) if (!drm_dev_enter(&ptdev->base, &cookie)) return 0; - /* Flush the PTs only if we're already awake */ - if (pm_runtime_active(ptdev->base.dev)) - ret = mmu_hw_do_operation(vm, iova, size, AS_COMMAND_FLUSH_PT); + ret = mmu_hw_do_operation(vm, iova, size, AS_COMMAND_FLUSH_PT); drm_dev_exit(cookie); return ret; } +/** + * panthor_vm_flush_all() - Flush L2 caches for the entirety of a VM's AS + * @vm: VM whose cache to flush + * + * Return: 0 on success, a negative error code if flush failed. + */ +int panthor_vm_flush_all(struct panthor_vm *vm) +{ + return panthor_vm_flush_range(vm, vm->base.mm_start, vm->base.mm_range); +} + static int panthor_vm_unmap_pages(struct panthor_vm *vm, u64 iova, u64 size) { struct panthor_device *ptdev = vm->ptdev; diff --git a/drivers/gpu/drm/panthor/panthor_mmu.h b/drivers/gpu/drm/panthor/panthor_mmu.h index f3c1ed19f973..6788771071e3 100644 --- a/drivers/gpu/drm/panthor/panthor_mmu.h +++ b/drivers/gpu/drm/panthor/panthor_mmu.h @@ -31,6 +31,7 @@ panthor_vm_get_bo_for_va(struct panthor_vm *vm, u64 va, u64 *bo_offset); int panthor_vm_active(struct panthor_vm *vm); void panthor_vm_idle(struct panthor_vm *vm); int panthor_vm_as(struct panthor_vm *vm); +int panthor_vm_flush_all(struct panthor_vm *vm); struct panthor_heap_pool * panthor_vm_get_heap_pool(struct panthor_vm *vm, bool create); -- 2.46.0

8 months

3
3
0 0

Re: CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().

by Siddh Raman Pant

On Mon, 29 Jul 2024 16:32:36 +0200, Greg Kroah-Hartman wrote: > In the Linux kernel, the following vulnerability has been resolved: > > udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). > > [...] > > We had the same bug in TCP and fixed it in commit 871019b22d1b ("net: > set SOCK_RCU_FREE before inserting socket into hashtable"). > > Let's apply the same fix for UDP. > > [...] > > The Linux kernel CVE team has assigned CVE-2024-41041 to this issue. > > > Affected and fixed versions > =========================== > > Issue introduced in 4.20 with commit 6acc9b432e67 and fixed in 5.4.280 with commit 7a67c4e47626 > Issue introduced in 4.20 with commit 6acc9b432e67 and fixed in 5.10.222 with commit 9f965684c57c These versions don't have the TCP fix backported. Please do so. Thanks, Siddh

8 months

3
7
0 0

[PATCH 1/2] bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode

by Connor O'Brien

From: Daniel Borkmann <daniel(a)iogearbox.net> commit 8520e224f547cd070c7c8f97b1fc6d58cff7ccaa upstream. Fix cgroup v1 interference when non-root cgroup v2 BPF programs are used. Back in the days, commit bd1060a1d671 ("sock, cgroup: add sock->sk_cgroup") embedded per-socket cgroup information into sock->sk_cgrp_data and in order to save 8 bytes in struct sock made both mutually exclusive, that is, when cgroup v1 socket tagging (e.g. net_cls/net_prio) is used, then cgroup v2 falls back to the root cgroup in sock_cgroup_ptr() (&cgrp_dfl_root.cgrp). The assumption made was "there is no reason to mix the two and this is in line with how legacy and v2 compatibility is handled" as stated in bd1060a1d671. However, with Kubernetes more widely supporting cgroups v2 as well nowadays, this assumption no longer holds, and the possibility of the v1/v2 mixed mode with the v2 root fallback being hit becomes a real security issue. Many of the cgroup v2 BPF programs are also used for policy enforcement, just to pick _one_ example, that is, to programmatically deny socket related system calls like connect(2) or bind(2). A v2 root fallback would implicitly cause a policy bypass for the affected Pods. In production environments, we have recently seen this case due to various circumstances: i) a different 3rd party agent and/or ii) a container runtime such as [0] in the user's environment configuring legacy cgroup v1 net_cls tags, which triggered implicitly mentioned root fallback. Another case is Kubernetes projects like kind [1] which create Kubernetes nodes in a container and also add cgroup namespaces to the mix, meaning programs which are attached to the cgroup v2 root of the cgroup namespace get attached to a non-root cgroup v2 path from init namespace point of view. And the latter's root is out of reach for agents on a kind Kubernetes node to configure. Meaning, any entity on the node setting cgroup v1 net_cls tag will trigger the bypass despite cgroup v2 BPF programs attached to the namespace root. Generally, this mutual exclusiveness does not hold anymore in today's user environments and makes cgroup v2 usage from BPF side fragile and unreliable. This fix adds proper struct cgroup pointer for the cgroup v2 case to struct sock_cgroup_data in order to address these issues; this implicitly also fixes the tradeoffs being made back then with regards to races and refcount leaks as stated in bd1060a1d671, and removes the fallback, so that cgroup v2 BPF programs always operate as expected. [0] https://github.com/nestybox/sysbox/ [1] https://kind.sigs.k8s.io/ Fixes: bd1060a1d671 ("sock, cgroup: add sock->sk_cgroup") Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Acked-by: Stanislav Fomichev <sdf(a)google.com> Acked-by: Tejun Heo <tj(a)kernel.org> Link: https://lore.kernel.org/bpf/20210913230759.2313-1-daniel@iogearbox.net [resolve trivial conflicts] Signed-off-by: Connor O'Brien <connor.obrien(a)crowdstrike.com> --- Hello, Requesting that these patches be applied to 5.10-stable. Tested to confirm that the cgroup_v1v2 bpf selftest for this issue passes on 5.10 with the first patch applied and fails without it. The syzkaller crash referenced in the second patch reproduces on 5.10 after applying just the first patch, but not with both patches applied. Conflicts were due to unrelated changes to the surrounding context; the actual code change remains the same as in the upstream patch. Thanks, Connor O'Brien include/linux/cgroup-defs.h | 107 +++++++++-------------------------- include/linux/cgroup.h | 22 +------ kernel/cgroup/cgroup.c | 50 ++++------------ net/core/netclassid_cgroup.c | 7 +-- net/core/netprio_cgroup.c | 10 +--- 5 files changed, 41 insertions(+), 155 deletions(-) diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h index c9fafca1c30c..6c6323a01d43 100644 --- a/include/linux/cgroup-defs.h +++ b/include/linux/cgroup-defs.h @@ -764,107 +764,54 @@ static inline void cgroup_threadgroup_change_end(struct task_struct *tsk) {} * sock_cgroup_data is embedded at sock->sk_cgrp_data and contains * per-socket cgroup information except for memcg association. * - * On legacy hierarchies, net_prio and net_cls controllers directly set - * attributes on each sock which can then be tested by the network layer. - * On the default hierarchy, each sock is associated with the cgroup it was - * created in and the networking layer can match the cgroup directly. - * - * To avoid carrying all three cgroup related fields separately in sock, - * sock_cgroup_data overloads (prioidx, classid) and the cgroup pointer. - * On boot, sock_cgroup_data records the cgroup that the sock was created - * in so that cgroup2 matches can be made; however, once either net_prio or - * net_cls starts being used, the area is overriden to carry prioidx and/or - * classid. The two modes are distinguished by whether the lowest bit is - * set. Clear bit indicates cgroup pointer while set bit prioidx and - * classid. - * - * While userland may start using net_prio or net_cls at any time, once - * either is used, cgroup2 matching no longer works. There is no reason to - * mix the two and this is in line with how legacy and v2 compatibility is - * handled. On mode switch, cgroup references which are already being - * pointed to by socks may be leaked. While this can be remedied by adding - * synchronization around sock_cgroup_data, given that the number of leaked - * cgroups is bound and highly unlikely to be high, this seems to be the - * better trade-off. + * On legacy hierarchies, net_prio and net_cls controllers directly + * set attributes on each sock which can then be tested by the network + * layer. On the default hierarchy, each sock is associated with the + * cgroup it was created in and the networking layer can match the + * cgroup directly. */ struct sock_cgroup_data { - union { -#ifdef __LITTLE_ENDIAN - struct { - u8 is_data : 1; - u8 no_refcnt : 1; - u8 unused : 6; - u8 padding; - u16 prioidx; - u32 classid; - } __packed; -#else - struct { - u32 classid; - u16 prioidx; - u8 padding; - u8 unused : 6; - u8 no_refcnt : 1; - u8 is_data : 1; - } __packed; + struct cgroup *cgroup; /* v2 */ +#ifdef CONFIG_CGROUP_NET_CLASSID + u32 classid; /* v1 */ +#endif +#ifdef CONFIG_CGROUP_NET_PRIO + u16 prioidx; /* v1 */ #endif - u64 val; - }; }; -/* - * There's a theoretical window where the following accessors race with - * updaters and return part of the previous pointer as the prioidx or - * classid. Such races are short-lived and the result isn't critical. - */ static inline u16 sock_cgroup_prioidx(const struct sock_cgroup_data *skcd) { - /* fallback to 1 which is always the ID of the root cgroup */ - return (skcd->is_data & 1) ? skcd->prioidx : 1; +#ifdef CONFIG_CGROUP_NET_PRIO + return READ_ONCE(skcd->prioidx); +#else + return 1; +#endif } static inline u32 sock_cgroup_classid(const struct sock_cgroup_data *skcd) { - /* fallback to 0 which is the unconfigured default classid */ - return (skcd->is_data & 1) ? skcd->classid : 0; +#ifdef CONFIG_CGROUP_NET_CLASSID + return READ_ONCE(skcd->classid); +#else + return 0; +#endif } -/* - * If invoked concurrently, the updaters may clobber each other. The - * caller is responsible for synchronization. - */ static inline void sock_cgroup_set_prioidx(struct sock_cgroup_data *skcd, u16 prioidx) { - struct sock_cgroup_data skcd_buf = {{ .val = READ_ONCE(skcd->val) }}; - - if (sock_cgroup_prioidx(&skcd_buf) == prioidx) - return; - - if (!(skcd_buf.is_data & 1)) { - skcd_buf.val = 0; - skcd_buf.is_data = 1; - } - - skcd_buf.prioidx = prioidx; - WRITE_ONCE(skcd->val, skcd_buf.val); /* see sock_cgroup_ptr() */ +#ifdef CONFIG_CGROUP_NET_PRIO + WRITE_ONCE(skcd->prioidx, prioidx); +#endif } static inline void sock_cgroup_set_classid(struct sock_cgroup_data *skcd, u32 classid) { - struct sock_cgroup_data skcd_buf = {{ .val = READ_ONCE(skcd->val) }}; - - if (sock_cgroup_classid(&skcd_buf) == classid) - return; - - if (!(skcd_buf.is_data & 1)) { - skcd_buf.val = 0; - skcd_buf.is_data = 1; - } - - skcd_buf.classid = classid; - WRITE_ONCE(skcd->val, skcd_buf.val); /* see sock_cgroup_ptr() */ +#ifdef CONFIG_CGROUP_NET_CLASSID + WRITE_ONCE(skcd->classid, classid); +#endif } #else /* CONFIG_SOCK_CGROUP_DATA */ diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h index c9c430712d47..15c27a2c98e2 100644 --- a/include/linux/cgroup.h +++ b/include/linux/cgroup.h @@ -816,33 +816,13 @@ static inline void cgroup_account_cputime_field(struct task_struct *task, */ #ifdef CONFIG_SOCK_CGROUP_DATA -#if defined(CONFIG_CGROUP_NET_PRIO) || defined(CONFIG_CGROUP_NET_CLASSID) -extern spinlock_t cgroup_sk_update_lock; -#endif - -void cgroup_sk_alloc_disable(void); void cgroup_sk_alloc(struct sock_cgroup_data *skcd); void cgroup_sk_clone(struct sock_cgroup_data *skcd); void cgroup_sk_free(struct sock_cgroup_data *skcd); static inline struct cgroup *sock_cgroup_ptr(struct sock_cgroup_data *skcd) { -#if defined(CONFIG_CGROUP_NET_PRIO) || defined(CONFIG_CGROUP_NET_CLASSID) - unsigned long v; - - /* - * @skcd->val is 64bit but the following is safe on 32bit too as we - * just need the lower ulong to be written and read atomically. - */ - v = READ_ONCE(skcd->val); - - if (v & 3) - return &cgrp_dfl_root.cgrp; - - return (struct cgroup *)(unsigned long)v ?: &cgrp_dfl_root.cgrp; -#else - return (struct cgroup *)(unsigned long)skcd->val; -#endif + return skcd->cgroup; } #else /* CONFIG_CGROUP_DATA */ diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c index 11400eba6124..3ec531ef50d8 100644 --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -6557,74 +6557,44 @@ int cgroup_parse_float(const char *input, unsigned dec_shift, s64 *v) */ #ifdef CONFIG_SOCK_CGROUP_DATA -#if defined(CONFIG_CGROUP_NET_PRIO) || defined(CONFIG_CGROUP_NET_CLASSID) - -DEFINE_SPINLOCK(cgroup_sk_update_lock); -static bool cgroup_sk_alloc_disabled __read_mostly; - -void cgroup_sk_alloc_disable(void) -{ - if (cgroup_sk_alloc_disabled) - return; - pr_info("cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation\n"); - cgroup_sk_alloc_disabled = true; -} - -#else - -#define cgroup_sk_alloc_disabled false - -#endif - void cgroup_sk_alloc(struct sock_cgroup_data *skcd) { - if (cgroup_sk_alloc_disabled) { - skcd->no_refcnt = 1; - return; - } - /* Don't associate the sock with unrelated interrupted task's cgroup. */ if (in_interrupt()) return; rcu_read_lock(); - while (true) { struct css_set *cset; cset = task_css_set(current); if (likely(cgroup_tryget(cset->dfl_cgrp))) { - skcd->val = (unsigned long)cset->dfl_cgrp; + skcd->cgroup = cset->dfl_cgrp; cgroup_bpf_get(cset->dfl_cgrp); break; } cpu_relax(); } - rcu_read_unlock(); } void cgroup_sk_clone(struct sock_cgroup_data *skcd) { - if (skcd->val) { - if (skcd->no_refcnt) - return; - /* - * We might be cloning a socket which is left in an empty - * cgroup and the cgroup might have already been rmdir'd. - * Don't use cgroup_get_live(). - */ - cgroup_get(sock_cgroup_ptr(skcd)); - cgroup_bpf_get(sock_cgroup_ptr(skcd)); - } + struct cgroup *cgrp = sock_cgroup_ptr(skcd); + + /* + * We might be cloning a socket which is left in an empty + * cgroup and the cgroup might have already been rmdir'd. + * Don't use cgroup_get_live(). + */ + cgroup_get(cgrp); + cgroup_bpf_get(cgrp); } void cgroup_sk_free(struct sock_cgroup_data *skcd) { struct cgroup *cgrp = sock_cgroup_ptr(skcd); - if (skcd->no_refcnt) - return; cgroup_bpf_put(cgrp); cgroup_put(cgrp); } diff --git a/net/core/netclassid_cgroup.c b/net/core/netclassid_cgroup.c index 41b24cd31562..b6de5ee22391 100644 --- a/net/core/netclassid_cgroup.c +++ b/net/core/netclassid_cgroup.c @@ -72,11 +72,8 @@ static int update_classid_sock(const void *v, struct file *file, unsigned n) struct update_classid_context *ctx = (void *)v; struct socket *sock = sock_from_file(file, &err); - if (sock) { - spin_lock(&cgroup_sk_update_lock); + if (sock) sock_cgroup_set_classid(&sock->sk->sk_cgrp_data, ctx->classid); - spin_unlock(&cgroup_sk_update_lock); - } if (--ctx->batch == 0) { ctx->batch = UPDATE_CLASSID_BATCH; return n + 1; @@ -122,8 +119,6 @@ static int write_classid(struct cgroup_subsys_state *css, struct cftype *cft, struct css_task_iter it; struct task_struct *p; - cgroup_sk_alloc_disable(); - cs->classid = (u32)value; css_task_iter_start(css, 0, &it); diff --git a/net/core/netprio_cgroup.c b/net/core/netprio_cgroup.c index 9bd4cab7d510..d4c71e382a13 100644 --- a/net/core/netprio_cgroup.c +++ b/net/core/netprio_cgroup.c @@ -207,8 +207,6 @@ static ssize_t write_priomap(struct kernfs_open_file *of, if (!dev) return -ENODEV; - cgroup_sk_alloc_disable(); - rtnl_lock(); ret = netprio_set_prio(of_css(of), dev, prio); @@ -222,12 +220,10 @@ static int update_netprio(const void *v, struct file *file, unsigned n) { int err; struct socket *sock = sock_from_file(file, &err); - if (sock) { - spin_lock(&cgroup_sk_update_lock); + + if (sock) sock_cgroup_set_prioidx(&sock->sk->sk_cgrp_data, (unsigned long)v); - spin_unlock(&cgroup_sk_update_lock); - } return 0; } @@ -236,8 +232,6 @@ static void net_prio_attach(struct cgroup_taskset *tset) struct task_struct *p; struct cgroup_subsys_state *css; - cgroup_sk_alloc_disable(); - cgroup_taskset_for_each(p, css, tset) { void *v = (void *)(unsigned long)css->id; -- 2.34.1

8 months

2
2
0 0

[PATCH v4.19-v5.10] block: initialize integrity buffer to zero before writing it to media

by Shivani Agarwal

From: Christoph Hellwig <hch(a)lst.de> [ Upstream commit 899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f ] Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory. Fix this by adding the __GFP_ZERO flag to allocations for writes. Fixes: 7ba1ba12eeef ("block: Block layer data integrity support") Signed-off-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Martin K. Petersen <martin.petersen(a)oracle.com> Reviewed-by: Kanchan Joshi <joshi.k(a)samsung.com> Reviewed-by: Chaitanya Kulkarni <kch(a)nvidia.com> Link: https://lore.kernel.org/r/20240613084839.1044015-2-hch@lst.de Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- block/bio-integrity.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/block/bio-integrity.c b/block/bio-integrity.c index a4cfc9727..499697330 100644 --- a/block/bio-integrity.c +++ b/block/bio-integrity.c @@ -216,6 +216,7 @@ bool bio_integrity_prep(struct bio *bio) unsigned int bytes, offset, i; unsigned int intervals; blk_status_t status; + gfp_t gfp = GFP_NOIO; if (!bi) return true; @@ -238,12 +239,20 @@ bool bio_integrity_prep(struct bio *bio) if (!bi->profile->generate_fn || !(bi->flags & BLK_INTEGRITY_GENERATE)) return true; + + /* + * Zero the memory allocated to not leak uninitialized kernel + * memory to disk. For PI this only affects the app tag, but + * for non-integrity metadata it affects the entire metadata + * buffer. + */ + gfp |= __GFP_ZERO; } intervals = bio_integrity_intervals(bi, bio_sectors(bio)); /* Allocate kernel buffer for protection data */ len = intervals * bi->tuple_size; - buf = kmalloc(len, GFP_NOIO | q->bounce_gfp); + buf = kmalloc(len, gfp | q->bounce_gfp); status = BLK_STS_RESOURCE; if (unlikely(buf == NULL)) { printk(KERN_ERR "could not allocate integrity buffer\n"); -- 2.39.4

8 months

2
1
0 0

[PATCH v2 0/2] Drivers: vmbus: Fix rescind handling in uio_hv_generic

by Naman Jain

Fix a few issues in rescind handling in uio_hv_generic driver. Patches are based on latest linux-next tip. Steps to reproduce issue: * Probe uio_hv_generic driver and create channels to use fcopy * Disable the guest service on host and then Enable it. or * repeatedly do cat "/dev/uioX" on the device created for fcopy. Changes since v1: https://lore.kernel.org/all/20240822110912.13735-1-namjain@linux.microsoft.… * Added stable kernel list to cc * Updated commit messages for more information * Explicitly handle rescind callback for primary channel only, and add comment: Saurabh, Michael. * Rebase to latest tip. Naman Jain (1): Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar (1): uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind drivers/hv/vmbus_drv.c | 1 + drivers/uio/uio_hv_generic.c | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) base-commit: 195a402a75791e6e0d96d9da27ca77671bc656a8 -- 2.34.1

8 months

3
5
0 0

[PATCH] drm/panthor: Restrict high priorities on group_create

by Mary Guillemard

We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM master or users with the CAP_SYS_NICE capability to set higher priorities than PANTHOR_GROUP_PRIORITY_MEDIUM. As the sole user of that uAPI lives in Mesa and hardcode a value of MEDIUM [1], this should be safe to do. Additionally, as those checks are performed at the ioctl level, panthor_group_create now only check for priority level validity. [1]https://gitlab.freedesktop.org/mesa/mesa/-/blob/f390835074bdf162a63deb031… Signed-off-by: Mary Guillemard <mary.guillemard(a)collabora.com> Fixes: de8548813824 ("drm/panthor: Add the scheduler logical block") Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/panthor/panthor_drv.c | 23 +++++++++++++++++++++++ drivers/gpu/drm/panthor/panthor_sched.c | 2 +- include/uapi/drm/panthor_drm.h | 6 +++++- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/panthor/panthor_drv.c b/drivers/gpu/drm/panthor/panthor_drv.c index b5e7b919f241..34182f67136c 100644 --- a/drivers/gpu/drm/panthor/panthor_drv.c +++ b/drivers/gpu/drm/panthor/panthor_drv.c @@ -10,6 +10,7 @@ #include <linux/platform_device.h> #include <linux/pm_runtime.h> +#include <drm/drm_auth.h> #include <drm/drm_debugfs.h> #include <drm/drm_drv.h> #include <drm/drm_exec.h> @@ -996,6 +997,24 @@ static int panthor_ioctl_group_destroy(struct drm_device *ddev, void *data, return panthor_group_destroy(pfile, args->group_handle); } +static int group_priority_permit(struct drm_file *file, + u8 priority) +{ + /* Ensure that priority is valid */ + if (priority > PANTHOR_GROUP_PRIORITY_HIGH) + return -EINVAL; + + /* Medium priority and below are always allowed */ + if (priority <= PANTHOR_GROUP_PRIORITY_MEDIUM) + return 0; + + /* Higher priorities require CAP_SYS_NICE or DRM_MASTER */ + if (capable(CAP_SYS_NICE) || drm_is_current_master(file)) + return 0; + + return -EACCES; +} + static int panthor_ioctl_group_create(struct drm_device *ddev, void *data, struct drm_file *file) { @@ -1011,6 +1030,10 @@ static int panthor_ioctl_group_create(struct drm_device *ddev, void *data, if (ret) return ret; + ret = group_priority_permit(file, args->priority); + if (ret) + return ret; + ret = panthor_group_create(pfile, args, queue_args); if (ret >= 0) { args->group_handle = ret; diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c index c426a392b081..91a31b70c037 100644 --- a/drivers/gpu/drm/panthor/panthor_sched.c +++ b/drivers/gpu/drm/panthor/panthor_sched.c @@ -3092,7 +3092,7 @@ int panthor_group_create(struct panthor_file *pfile, if (group_args->pad) return -EINVAL; - if (group_args->priority > PANTHOR_CSG_PRIORITY_HIGH) + if (group_args->priority >= PANTHOR_CSG_PRIORITY_COUNT) return -EINVAL; if ((group_args->compute_core_mask & ~ptdev->gpu_info.shader_present) || diff --git a/include/uapi/drm/panthor_drm.h b/include/uapi/drm/panthor_drm.h index 926b1deb1116..e23a7f9b0eac 100644 --- a/include/uapi/drm/panthor_drm.h +++ b/include/uapi/drm/panthor_drm.h @@ -692,7 +692,11 @@ enum drm_panthor_group_priority { /** @PANTHOR_GROUP_PRIORITY_MEDIUM: Medium priority group. */ PANTHOR_GROUP_PRIORITY_MEDIUM, - /** @PANTHOR_GROUP_PRIORITY_HIGH: High priority group. */ + /** + * @PANTHOR_GROUP_PRIORITY_HIGH: High priority group. + * + * Requires CAP_SYS_NICE or DRM_MASTER. + */ PANTHOR_GROUP_PRIORITY_HIGH, }; base-commit: a15710027afb40c7c1e352902fa5b8c949f021de -- 2.46.0

8 months

2
2
0 0

[PATCH v2] x86/hyperv: fix kexec crash due to VP assist page corruption

by Anirudh Rayabharam

From: Anirudh Rayabharam (Microsoft) <anirudh(a)anirudhrb.com> commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initialization. cpuhp_setup_state() returns the state number if state is CPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states. For the hyperv case, since a new cpuhp state was introduced it would return 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call is conditioned upon "hyperv_init_cpuhp > 0". This will never be true and so hv_cpu_die() won't be called on all CPUs. This means the VP assist page won't be reset. When the kexec kernel tries to setup the VP assist page again, the hypervisor corrupts the memory region of the old VP assist page causing a panic in case the kexec kernel is using that memory elsewhere. This was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec panic/hang issues"). Get rid of hyperv_init_cpuhp entirely since we are no longer using a dynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with cpuhp_remove_state(). Cc: stable(a)vger.kernel.org Fixes: 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") Signed-off-by: Anirudh Rayabharam (Microsoft) <anirudh(a)anirudhrb.com> --- v1->v2: - Remove hyperv_init_cpuhp entirely and use CPUHP_AP_HYPERV_ONLINE directly with cpuhp_remove_state(). v1: https://lore.kernel.org/linux-hyperv/87wmk2xt5i.fsf@redhat.com/T/#m54b8ae17… --- arch/x86/hyperv/hv_init.c | 5 +---- arch/x86/include/asm/mshyperv.h | 1 - arch/x86/kernel/cpu/mshyperv.c | 4 ++-- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c index 17a71e92a343..95eada2994e1 100644 --- a/arch/x86/hyperv/hv_init.c +++ b/arch/x86/hyperv/hv_init.c @@ -35,7 +35,6 @@ #include <clocksource/hyperv_timer.h> #include <linux/highmem.h> -int hyperv_init_cpuhp; u64 hv_current_partition_id = ~0ull; EXPORT_SYMBOL_GPL(hv_current_partition_id); @@ -607,8 +606,6 @@ void __init hyperv_init(void) register_syscore_ops(&hv_syscore_ops); - hyperv_init_cpuhp = cpuhp; - if (cpuid_ebx(HYPERV_CPUID_FEATURES) & HV_ACCESS_PARTITION_ID) hv_get_partition_id(); @@ -637,7 +634,7 @@ void __init hyperv_init(void) clean_guest_os_id: wrmsrl(HV_X64_MSR_GUEST_OS_ID, 0); hv_ivm_msr_write(HV_X64_MSR_GUEST_OS_ID, 0); - cpuhp_remove_state(cpuhp); + cpuhp_remove_state(CPUHP_AP_HYPERV_ONLINE); free_ghcb_page: free_percpu(hv_ghcb_pg); free_vp_assist_page: diff --git a/arch/x86/include/asm/mshyperv.h b/arch/x86/include/asm/mshyperv.h index 390c4d13956d..5f0bc6a6d025 100644 --- a/arch/x86/include/asm/mshyperv.h +++ b/arch/x86/include/asm/mshyperv.h @@ -40,7 +40,6 @@ static inline unsigned char hv_get_nmi_reason(void) } #if IS_ENABLED(CONFIG_HYPERV) -extern int hyperv_init_cpuhp; extern bool hyperv_paravisor_present; extern void *hv_hypercall_pg; diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c index e0fd57a8ba84..e98db51f25ba 100644 --- a/arch/x86/kernel/cpu/mshyperv.c +++ b/arch/x86/kernel/cpu/mshyperv.c @@ -199,8 +199,8 @@ static void hv_machine_shutdown(void) * Call hv_cpu_die() on all the CPUs, otherwise later the hypervisor * corrupts the old VP Assist Pages and can crash the kexec kernel. */ - if (kexec_in_progress && hyperv_init_cpuhp > 0) - cpuhp_remove_state(hyperv_init_cpuhp); + if (kexec_in_progress) + cpuhp_remove_state(CPUHP_AP_HYPERV_ONLINE); /* The function calls stop_other_cpus(). */ native_machine_shutdown(); -- 2.45.2

8 months

4
3
0 0

Re: Patch "drm/drm-bridge: Drop conditionals around of_node pointers" has been added to the 6.6-stable t

by Pascal Ernster

[2024-09-04 19:50] Sasha Levin: > This is a note to let you know that I've just added the patch titled > > drm/drm-bridge: Drop conditionals around of_node pointers > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-drm-bridge-drop-conditionals-around-of_node-poin.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 74f5f42c35daf9aedbc96283321c30fc591c634f > Author: Sui Jingfeng <sui.jingfeng(a)linux.dev> > Date: Wed May 8 02:00:00 2024 +0800 > > drm/drm-bridge: Drop conditionals around of_node pointers > > [ Upstream commit ad3323a6ccb7d43bbeeaa46d5311c43d5d361fc7 ] > > Having conditional around the of_node pointer of the drm_bridge structure > is not necessary, since drm_bridge structure always has the of_node as its > member. > > Let's drop the conditional to get a better looks, please also note that > this is following the already accepted commitments. see commit d8dfccde2709 > ("drm/bridge: Drop conditionals around of_node pointers") for reference. > > Signed-off-by: Sui Jingfeng <sui.jingfeng(a)linux.dev> > Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> > Signed-off-by: Robert Foss <rfoss(a)kernel.org> > Link: https://patchwork.freedesktop.org/patch/msgid/20240507180001.1358816-1-sui.… > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/gpu/drm/drm_bridge.c b/drivers/gpu/drm/drm_bridge.c > index 62d8a291c49c..70b05582e616 100644 > --- a/drivers/gpu/drm/drm_bridge.c > +++ b/drivers/gpu/drm/drm_bridge.c > @@ -353,13 +353,8 @@ int drm_bridge_attach(struct drm_encoder *encoder, struct drm_bridge *bridge, > bridge->encoder = NULL; > list_del(&bridge->chain_node); > > -#ifdef CONFIG_OF > DRM_ERROR("failed to attach bridge %pOF to encoder %s: %d\n", > bridge->of_node, encoder->name, ret); > -#else > - DRM_ERROR("failed to attach bridge to encoder %s: %d\n", > - encoder->name, ret); > -#endif > > return ret; > } Hi Sasha, this breaks the x86_64 build for me. AFAICT this patch cannot work without commit d8dfccde2709de4327c3d62b50e5dc012f08836f "drm/bridge: Drop conditionals around of_node pointers", but that commit is only present in Linux >= 6.7. This issue affects the 6.6, 6.1 and 5.15 branches. Regards Pascal

8 months

2
1
0 0

[PATCH 1/1] can: esd_usb: Remove CAN_CTRLMODE_3_SAMPLES for CAN-USB/3-FD

by Stefan Mätje

Remove the CAN_CTRLMODE_3_SAMPLES announcement for CAN-USB/3-FD devices because these devices don't support it. The hardware has a Microchip SAM E70 microcontroller that uses a Bosch MCAN IP core as CAN FD controller. But this MCAN core doesn't support triple sampling. Fixes: 80662d943075 ("can: esd_usb: Add support for esd CAN-USB/3") Cc: stable(a)vger.kernel.org Signed-off-by: Stefan Mätje <stefan.maetje(a)esd.eu> --- drivers/net/can/usb/esd_usb.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/net/can/usb/esd_usb.c b/drivers/net/can/usb/esd_usb.c index 41a0e4261d15..03ad10b01867 100644 --- a/drivers/net/can/usb/esd_usb.c +++ b/drivers/net/can/usb/esd_usb.c @@ -3,7 +3,7 @@ * CAN driver for esd electronics gmbh CAN-USB/2, CAN-USB/3 and CAN-USB/Micro * * Copyright (C) 2010-2012 esd electronic system design gmbh, Matthias Fuchs <socketcan(a)esd.eu> - * Copyright (C) 2022-2023 esd electronics gmbh, Frank Jungclaus <frank.jungclaus(a)esd.eu> + * Copyright (C) 2022-2024 esd electronics gmbh, Frank Jungclaus <frank.jungclaus(a)esd.eu> */ #include <linux/can.h> @@ -1116,9 +1116,6 @@ static int esd_usb_3_set_bittiming(struct net_device *netdev) if (priv->can.ctrlmode & CAN_CTRLMODE_LISTENONLY) flags |= ESD_USB_3_BAUDRATE_FLAG_LOM; - if (priv->can.ctrlmode & CAN_CTRLMODE_3_SAMPLES) - flags |= ESD_USB_3_BAUDRATE_FLAG_TRS; - baud_x->nom.brp = cpu_to_le16(nom_bt->brp & (nom_btc->brp_max - 1)); baud_x->nom.sjw = cpu_to_le16(nom_bt->sjw & (nom_btc->sjw_max - 1)); baud_x->nom.tseg1 = cpu_to_le16((nom_bt->prop_seg + nom_bt->phase_seg1) @@ -1219,7 +1216,6 @@ static int esd_usb_probe_one_net(struct usb_interface *intf, int index) switch (le16_to_cpu(dev->udev->descriptor.idProduct)) { case ESD_USB_CANUSB3_PRODUCT_ID: priv->can.clock.freq = ESD_USB_3_CAN_CLOCK; - priv->can.ctrlmode_supported |= CAN_CTRLMODE_3_SAMPLES; priv->can.ctrlmode_supported |= CAN_CTRLMODE_FD; priv->can.bittiming_const = &esd_usb_3_nom_bittiming_const; priv->can.data_bittiming_const = &esd_usb_3_data_bittiming_const; -- 2.34.1

8 months

3
2
0 0

[PATCH V2] mm/gup: Clear the LRU flag of a page before adding to LRU batch

by yangge1116＠126.com

From: yangge <yangge1116(a)126.com> If a large number of CMA memory are configured in system (for example, the CMA memory accounts for 50% of the system memory), starting a virtual virtual machine, it will call pin_user_pages_remote(..., FOLL_LONGTERM, ...) to pin memory. Normally if a page is present and in CMA area, pin_user_pages_remote() will migrate the page from CMA area to non-CMA area because of FOLL_LONGTERM flag. But the current code will cause the migration failure due to unexpected page refcounts, and eventually cause the virtual machine fail to start. If a page is added in LRU batch, its refcount increases one, remove the page from LRU batch decreases one. Page migration requires the page is not referenced by others except page mapping. Before migrating a page, we should try to drain the page from LRU batch in case the page is in it, however, folio_test_lru() is not sufficient to tell whether the page is in LRU batch or not, if the page is in LRU batch, the migration will fail. To solve the problem above, we modify the logic of adding to LRU batch. Before adding a page to LRU batch, we clear the LRU flag of the page so that we can check whether the page is in LRU batch by folio_test_lru(page). Seems making the LRU flag of the page invisible a long time is no problem, because a new page is allocated from buddy and added to the lru batch, its LRU flag is also not visible for a long time. Cc: <stable(a)vger.kernel.org> Signed-off-by: yangge <yangge1116(a)126.com> --- mm/swap.c | 43 +++++++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 12 deletions(-) diff --git a/mm/swap.c b/mm/swap.c index dc205bd..9caf6b0 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -211,10 +211,6 @@ static void folio_batch_move_lru(struct folio_batch *fbatch, move_fn_t move_fn) for (i = 0; i < folio_batch_count(fbatch); i++) { struct folio *folio = fbatch->folios[i]; - /* block memcg migration while the folio moves between lru */ - if (move_fn != lru_add_fn && !folio_test_clear_lru(folio)) - continue; - folio_lruvec_relock_irqsave(folio, &lruvec, &flags); move_fn(lruvec, folio); @@ -255,11 +251,16 @@ static void lru_move_tail_fn(struct lruvec *lruvec, struct folio *folio) void folio_rotate_reclaimable(struct folio *folio) { if (!folio_test_locked(folio) && !folio_test_dirty(folio) && - !folio_test_unevictable(folio) && folio_test_lru(folio)) { + !folio_test_unevictable(folio)) { struct folio_batch *fbatch; unsigned long flags; folio_get(folio); + if (!folio_test_clear_lru(folio)) { + folio_put(folio); + return; + } + local_lock_irqsave(&lru_rotate.lock, flags); fbatch = this_cpu_ptr(&lru_rotate.fbatch); folio_batch_add_and_move(fbatch, folio, lru_move_tail_fn); @@ -352,11 +353,15 @@ static void folio_activate_drain(int cpu) void folio_activate(struct folio *folio) { - if (folio_test_lru(folio) && !folio_test_active(folio) && - !folio_test_unevictable(folio)) { + if (!folio_test_active(folio) && !folio_test_unevictable(folio)) { struct folio_batch *fbatch; folio_get(folio); + if (!folio_test_clear_lru(folio)) { + folio_put(folio); + return; + } + local_lock(&cpu_fbatches.lock); fbatch = this_cpu_ptr(&cpu_fbatches.activate); folio_batch_add_and_move(fbatch, folio, folio_activate_fn); @@ -700,6 +705,11 @@ void deactivate_file_folio(struct folio *folio) return; folio_get(folio); + if (!folio_test_clear_lru(folio)) { + folio_put(folio); + return; + } + local_lock(&cpu_fbatches.lock); fbatch = this_cpu_ptr(&cpu_fbatches.lru_deactivate_file); folio_batch_add_and_move(fbatch, folio, lru_deactivate_file_fn); @@ -716,11 +726,16 @@ void deactivate_file_folio(struct folio *folio) */ void folio_deactivate(struct folio *folio) { - if (folio_test_lru(folio) && !folio_test_unevictable(folio) && - (folio_test_active(folio) || lru_gen_enabled())) { + if (!folio_test_unevictable(folio) && (folio_test_active(folio) || + lru_gen_enabled())) { struct folio_batch *fbatch; folio_get(folio); + if (!folio_test_clear_lru(folio)) { + folio_put(folio); + return; + } + local_lock(&cpu_fbatches.lock); fbatch = this_cpu_ptr(&cpu_fbatches.lru_deactivate); folio_batch_add_and_move(fbatch, folio, lru_deactivate_fn); @@ -737,12 +752,16 @@ void folio_deactivate(struct folio *folio) */ void folio_mark_lazyfree(struct folio *folio) { - if (folio_test_lru(folio) && folio_test_anon(folio) && - folio_test_swapbacked(folio) && !folio_test_swapcache(folio) && - !folio_test_unevictable(folio)) { + if (folio_test_anon(folio) && folio_test_swapbacked(folio) && + !folio_test_swapcache(folio) && !folio_test_unevictable(folio)) { struct folio_batch *fbatch; folio_get(folio); + if (!folio_test_clear_lru(folio)) { + folio_put(folio); + return; + } + local_lock(&cpu_fbatches.lock); fbatch = this_cpu_ptr(&cpu_fbatches.lru_lazyfree); folio_batch_add_and_move(fbatch, folio, lru_lazyfree_fn); -- 2.7.4

8 months

8
26
0 0

[PATCH 1/1] iommu/vt-d: Prevent boot failure with devices requiring ATS

by Lu Baolu

SOC-integrated devices on some platforms require their PCI ATS enabled for operation when the IOMMU is in scalable mode. Those devices are reported via ACPI/SATC table with the ATC_REQUIRED bit set in the Flags field. The PCI subsystem offers the 'pci=noats' kernel command to disable PCI ATS on all devices. Using 'pci=noat' with devices that require PCI ATS can cause a conflict, leading to boot failure, especially if the device is a graphics device. To prevent this issue, check PCI ATS support before enumerating the IOMMU devices. If any device requires PCI ATS, but PCI ATS is disabled by 'pci=noats', switch the IOMMU to operate in legacy mode to ensure successful booting. Fixes: 97f2f2c5317f ("iommu/vt-d: Enable ATS for the devices in SATC table") Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/12036 Cc: stable(a)vger.kernel.org Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> --- drivers/iommu/intel/iommu.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c index 4aa070cf56e7..8f275e046e91 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c @@ -3127,10 +3127,26 @@ int dmar_iommu_notify_scope_dev(struct dmar_pci_notify_info *info) (void *)satc + satc->header.length, satc->segment, satcu->devices, satcu->devices_cnt); - if (ret > 0) - break; - else if (ret < 0) + if (ret < 0) return ret; + + if (ret > 0) { + /* + * The device requires PCI/ATS when the IOMMU + * works in the scalable mode. If PCI/ATS is + * disabled using the pci=noats kernel parameter, + * the IOMMU will default to legacy mode. Users + * are informed of this change. + */ + if (intel_iommu_sm && satcu->atc_required && + !pci_ats_supported(info->dev)) { + pci_warn(info->dev, + "PCI/ATS not supported, system working in IOMMU legacy mode\n"); + intel_iommu_sm = 0; + } + + break; + } } else if (info->event == BUS_NOTIFY_REMOVED_DEVICE) { if (dmar_remove_dev_scope(info, satc->segment, satcu->devices, satcu->devices_cnt)) -- 2.34.1

8 months

5
7
0 0

[PATCH 00/11] arm64: qcom: set of fixes for SM8350 platform

by Dmitry Baryshkov

A set of fixes that target stability of the SM8350 platform. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Dmitry Baryshkov (11): clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL drm/msm/dsi: correct programming sequence for SM8350 / SM8450 interconnect: qcom: sm8350: drop DISP nodes interconnect: qcom: sm8450: drop DISP nodes dt-bindings: interconnect: qcom,sm8350: drop DISP nodes dt-bindings: interconnect: qcom,sm8450: drop DISP nodes interconnect: qcom: sm8250: Enable sync_state arm64: dts: qcom: sm8350: add MDSS registers interconnect arm64: dts: qcom: sm8350: add refgen regulator arm64: defconfig: build CONFIG_REGULATOR_QCOM_REFGEN as module arch/arm64/boot/dts/qcom/sm8350.dtsi | 16 ++- arch/arm64/configs/defconfig | 1 + drivers/clk/qcom/clk-alpha-pll.c | 52 +++++++++ drivers/clk/qcom/clk-alpha-pll.h | 2 + drivers/clk/qcom/dispcc-sm8250.c | 12 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 12 +- drivers/interconnect/qcom/sm8350.c | 155 +------------------------ drivers/interconnect/qcom/sm8350.h | 10 -- drivers/interconnect/qcom/sm8450.c | 145 ----------------------- drivers/interconnect/qcom/sm8450.h | 12 -- include/dt-bindings/interconnect/qcom,sm8350.h | 10 -- include/dt-bindings/interconnect/qcom,sm8450.h | 10 -- 12 files changed, 91 insertions(+), 346 deletions(-) --- base-commit: 668d33c9ff922c4590c58754ab064aaf53c387dd change-id: 20240804-sm8350-fixes-9e731f79c56f Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

8 months

2
4
0 0

[PATCH] cxl/region: Fix logic for finding a free cxl decoder

by Zijun Hu

From: Zijun Hu <quic_zijuhu(a)quicinc.com> match_free_decoder()'s logic for finding a free cxl decoder depends on a prerequisite that all child decoders are sorted by ID in ascending order but the prerequisite may not be guaranteed, fix by finding a free cxl decoder with minimal ID. Fixes: 384e624bb211 ("cxl/region: Attach endpoint decoders") Closes: https://lore.kernel.org/all/cdfc6f98-1aa0-4cb5-bd7d-93256552c39b@icloud.com/ Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- drivers/cxl/core/region.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/drivers/cxl/core/region.c b/drivers/cxl/core/region.c index 21ad5f242875..b9607b4fc40b 100644 --- a/drivers/cxl/core/region.c +++ b/drivers/cxl/core/region.c @@ -797,21 +797,26 @@ static size_t show_targetN(struct cxl_region *cxlr, char *buf, int pos) static int match_free_decoder(struct device *dev, void *data) { struct cxl_decoder *cxld; - int *id = data; + struct cxl_decoder *target_cxld; + struct device **target_device = data; if (!is_switch_decoder(dev)) return 0; cxld = to_cxl_decoder(dev); - - /* enforce ordered allocation */ - if (cxld->id != *id) + if (cxld->region) return 0; - if (!cxld->region) - return 1; - - (*id)++; + if (!*target_device) { + *target_device = get_device(dev); + return 0; + } + /* enforce ordered allocation */ + target_cxld = to_cxl_decoder(*target_device); + if (cxld->id < target_cxld->id) { + put_device(*target_device); + *target_device = get_device(dev); + } return 0; } @@ -839,8 +844,7 @@ cxl_region_find_decoder(struct cxl_port *port, struct cxl_endpoint_decoder *cxled, struct cxl_region *cxlr) { - struct device *dev; - int id = 0; + struct device *dev = NULL; if (port == cxled_to_port(cxled)) return &cxled->cxld; @@ -849,7 +853,8 @@ cxl_region_find_decoder(struct cxl_port *port, dev = device_find_child(&port->dev, &cxlr->params, match_auto_decoder); else - dev = device_find_child(&port->dev, &id, match_free_decoder); + /* Need to put_device(@dev) after use */ + device_for_each_child(&port->dev, &dev, match_free_decoder); if (!dev) return NULL; /* --- base-commit: 67784a74e258a467225f0e68335df77acd67b7ab change-id: 20240903-fix_cxld-4f6575a90619 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

8 months

2
2
0 0

[for-linus][PATCH 6/6] eventfs: Use list_del_rcu() for SRCU protected list variable

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> Chi Zhiling reported: We found a null pointer accessing in tracefs[1], the reason is that the variable 'ei_child' is set to LIST_POISON1, that means the list was removed in eventfs_remove_rec. so when access the ei_child->is_freed, the panic triggered. by the way, the following script can reproduce this panic loop1 (){ while true do echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events echo "" > /sys/kernel/debug/tracing/kprobe_events done } loop2 (){ while true do tree /sys/kernel/debug/tracing/events/kprobes/ done } loop1 & loop2 [1]: [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150 [ 1147.968239][T17331] Mem abort info: [ 1147.971739][T17331] ESR = 0x0000000096000004 [ 1147.976172][T17331] EC = 0x25: DABT (current EL), IL = 32 bits [ 1147.982171][T17331] SET = 0, FnV = 0 [ 1147.985906][T17331] EA = 0, S1PTW = 0 [ 1147.989734][T17331] FSC = 0x04: level 0 translation fault [ 1147.995292][T17331] Data abort info: [ 1147.998858][T17331] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 1148.005023][T17331] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 1148.010759][T17331] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls] [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G W ------- ---- 6.6.43 #2 [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650 [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020 [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398 [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398 [ 1148.115969][T17331] sp : ffff80008d56bbd0 [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000 [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100 [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10 [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000 [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0 [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0 [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862 [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068 [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001 [ 1148.198131][T17331] Call trace: [ 1148.201259][T17331] eventfs_iterate+0x2c0/0x398 [ 1148.205864][T17331] iterate_dir+0x98/0x188 [ 1148.210036][T17331] __arm64_sys_getdents64+0x78/0x160 [ 1148.215161][T17331] invoke_syscall+0x78/0x108 [ 1148.219593][T17331] el0_svc_common.constprop.0+0x48/0xf0 [ 1148.224977][T17331] do_el0_svc+0x24/0x38 [ 1148.228974][T17331] el0_svc+0x40/0x168 [ 1148.232798][T17331] el0t_64_sync_handler+0x120/0x130 [ 1148.237836][T17331] el0t_64_sync+0x1a4/0x1a8 [ 1148.242182][T17331] Code: 54ffff6c f9400676 910006d6 f9000676 (b9405300) [ 1148.248955][T17331] ---[ end trace 0000000000000000 ]--- The issue is that list_del() is used on an SRCU protected list variable before the synchronization occurs. This can poison the list pointers while there is a reader iterating the list. This is simply fixed by using list_del_rcu() that is specifically made for this purpose. Link: https://lore.kernel.org/linux-trace-kernel/20240829085025.3600021-1-chizhil… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20240904131605.640d42b1@gandalf.local.home Fixes: 43aa6f97c2d03 ("eventfs: Get rid of dentry pointers without refcounts") Reported-by: Chi Zhiling <chizhiling(a)kylinos.cn> Tested-by: Chi Zhiling <chizhiling(a)kylinos.cn> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 01e99e98457d..8705c77a9e75 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -862,7 +862,7 @@ static void eventfs_remove_rec(struct eventfs_inode *ei, int level) list_for_each_entry(ei_child, &ei->children, list) eventfs_remove_rec(ei_child, level + 1); - list_del(&ei->list); + list_del_rcu(&ei->list); free_ei(ei); } -- 2.43.0

8 months

1
0
0 0

[for-linus][PATCH 5/6] tracing: Avoid possible softlockup in tracing_iter_reset()

by Steven Rostedt

From: Zheng Yejian <zhengyejian(a)huaweicloud.com> In __tracing_open(), when max latency tracers took place on the cpu, the time start of its buffer would be updated, then event entries with timestamps being earlier than start of the buffer would be skipped (see tracing_iter_reset()). Softlockup will occur if the kernel is non-preemptible and too many entries were skipped in the loop that reset every cpu buffer, so add cond_resched() to avoid it. Cc: stable(a)vger.kernel.org Fixes: 2f26ebd549b9a ("tracing: use timestamp to determine start of latency traces") Link: https://lore.kernel.org/20240827124654.3817443-1-zhengyejian@huaweicloud.com Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian(a)huaweicloud.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index ebe7ce2f5f4a..edf6bc817aa1 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3958,6 +3958,8 @@ void tracing_iter_reset(struct trace_iterator *iter, int cpu) break; entries++; ring_buffer_iter_advance(buf_iter); + /* This could be a big loop */ + cond_resched(); } per_cpu_ptr(iter->array_buffer->data, cpu)->skipped_entries = entries; -- 2.43.0

8 months

1
0
0 0

[for-linus][PATCH 4/6] tracing/osnoise: Use a cpumask to know what threads are kthreads

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The start_kthread() and stop_thread() code was not always called with the interface_lock held. This means that the kthread variable could be unexpectedly changed causing the kthread_stop() to be called on it when it should not have been, leading to: while true; do rtla timerlat top -u -q & PID=$!; sleep 5; kill -INT $PID; sleep 0.001; kill -TERM $PID; wait $PID; done Causing the following OOPS: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc76d1b-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:hrtimer_active+0x58/0x300 Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f RSP: 0018:ffff88811d97f940 EFLAGS: 00010202 RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28 RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60 R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28 FS: 0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0 Call Trace: <TASK> ? die_addr+0x40/0xa0 ? exc_general_protection+0x154/0x230 ? asm_exc_general_protection+0x26/0x30 ? hrtimer_active+0x58/0x300 ? __pfx_mutex_lock+0x10/0x10 ? __pfx_locks_remove_file+0x10/0x10 hrtimer_cancel+0x15/0x40 timerlat_fd_release+0x8e/0x1f0 ? security_file_release+0x43/0x80 __fput+0x372/0xb10 task_work_run+0x11e/0x1f0 ? _raw_spin_lock+0x85/0xe0 ? __pfx_task_work_run+0x10/0x10 ? poison_slab_object+0x109/0x170 ? do_exit+0x7a0/0x24b0 do_exit+0x7bd/0x24b0 ? __pfx_migrate_enable+0x10/0x10 ? __pfx_do_exit+0x10/0x10 ? __pfx_read_tsc+0x10/0x10 ? ktime_get+0x64/0x140 ? _raw_spin_lock_irq+0x86/0xe0 do_group_exit+0xb0/0x220 get_signal+0x17ba/0x1b50 ? vfs_read+0x179/0xa40 ? timerlat_fd_read+0x30b/0x9d0 ? __pfx_get_signal+0x10/0x10 ? __pfx_timerlat_fd_read+0x10/0x10 arch_do_signal_or_restart+0x8c/0x570 ? __pfx_arch_do_signal_or_restart+0x10/0x10 ? vfs_read+0x179/0xa40 ? ksys_read+0xfe/0x1d0 ? __pfx_ksys_read+0x10/0x10 syscall_exit_to_user_mode+0xbc/0x130 do_syscall_64+0x74/0x110 ? __pfx___rseq_handle_notify_resume+0x10/0x10 ? __pfx_ksys_read+0x10/0x10 ? fpregs_restore_userregs+0xdb/0x1e0 ? fpregs_restore_userregs+0xdb/0x1e0 ? syscall_exit_to_user_mode+0x116/0x130 ? do_syscall_64+0x74/0x110 ? do_syscall_64+0x74/0x110 ? do_syscall_64+0x74/0x110 entry_SYSCALL_64_after_hwframe+0x71/0x79 RIP: 0033:0x7ff0070eca9c Code: Unable to access opcode bytes at 0x7ff0070eca72. RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003 RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0 R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003 R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008 </TASK> Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core ---[ end trace 0000000000000000 ]--- This is because it would mistakenly call kthread_stop() on a user space thread making it "exit" before it actually exits. Since kthreads are created based on global behavior, use a cpumask to know when kthreads are running and that they need to be shutdown before proceeding to do new work. Link: https://lore.kernel.org/all/20240820130001.124768-1-tglozar@redhat.com/ This was debugged by using the persistent ring buffer: Link: https://lore.kernel.org/all/20240823013902.135036960@goodmis.org/ Note, locking was originally used to fix this, but that proved to cause too many deadlocks to work around: https://lore.kernel.org/linux-trace-kernel/20240823102816.5e55753b@gandalf.… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: "Luis Claudio R. Goncalves" <lgoncalv(a)redhat.com> Link: https://lore.kernel.org/20240904103428.08efdf4c@gandalf.local.home Fixes: e88ed227f639e ("tracing/timerlat: Add user-space interface") Reported-by: Tomas Glozar <tglozar(a)redhat.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_osnoise.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c index 400a72cd6ab5..8543d941b870 100644 --- a/kernel/trace/trace_osnoise.c +++ b/kernel/trace/trace_osnoise.c @@ -1614,6 +1614,7 @@ static int run_osnoise(void) static struct cpumask osnoise_cpumask; static struct cpumask save_cpumask; +static struct cpumask kthread_cpumask; /* * osnoise_sleep - sleep until the next period @@ -1677,6 +1678,7 @@ static inline int osnoise_migration_pending(void) */ mutex_lock(&interface_lock); this_cpu_osn_var()->kthread = NULL; + cpumask_clear_cpu(smp_processor_id(), &kthread_cpumask); mutex_unlock(&interface_lock); return 1; @@ -1949,9 +1951,10 @@ static void stop_kthread(unsigned int cpu) kthread = per_cpu(per_cpu_osnoise_var, cpu).kthread; if (kthread) { - if (test_bit(OSN_WORKLOAD, &osnoise_options)) { + if (cpumask_test_and_clear_cpu(cpu, &kthread_cpumask) && + !WARN_ON(!test_bit(OSN_WORKLOAD, &osnoise_options))) { kthread_stop(kthread); - } else { + } else if (!WARN_ON(test_bit(OSN_WORKLOAD, &osnoise_options))) { /* * This is a user thread waiting on the timerlat_fd. We need * to close all users, and the best way to guarantee this is @@ -2023,6 +2026,7 @@ static int start_kthread(unsigned int cpu) } per_cpu(per_cpu_osnoise_var, cpu).kthread = kthread; + cpumask_set_cpu(cpu, &kthread_cpumask); return 0; } @@ -2050,8 +2054,16 @@ static int start_per_cpu_kthreads(void) */ cpumask_and(current_mask, cpu_online_mask, &osnoise_cpumask); - for_each_possible_cpu(cpu) + for_each_possible_cpu(cpu) { + if (cpumask_test_and_clear_cpu(cpu, &kthread_cpumask)) { + struct task_struct *kthread; + + kthread = per_cpu(per_cpu_osnoise_var, cpu).kthread; + if (!WARN_ON(!kthread)) + kthread_stop(kthread); + } per_cpu(per_cpu_osnoise_var, cpu).kthread = NULL; + } for_each_cpu(cpu, current_mask) { retval = start_kthread(cpu); -- 2.43.0

8 months

1
0
0 0

[for-linus][PATCH 3/6] tracing/timerlat: Only clear timer if a kthread exists

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> The timerlat tracer can use user space threads to check for osnoise and timer latency. If the program using this is killed via a SIGTERM, the threads are shutdown one at a time and another tracing instance can start up resetting the threads before they are fully closed. That causes the hrtimer assigned to the kthread to be shutdown and freed twice when the dying thread finally closes the file descriptors, causing a use-after-free bug. Only cancel the hrtimer if the associated thread is still around. Note, this is just a quick fix that can be backported to stable. A real fix is to have a better synchronization between the shutdown of old threads and the starting of new ones. Link: https://lore.kernel.org/all/20240820130001.124768-1-tglozar@redhat.com/ Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: "Luis Claudio R. Goncalves" <lgoncalv(a)redhat.com> Link: https://lore.kernel.org/20240903111642.35292e70@gandalf.local.home Fixes: e88ed227f639e ("tracing/timerlat: Add user-space interface") Reported-by: Tomas Glozar <tglozar(a)redhat.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_osnoise.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c index 66a871553d4a..400a72cd6ab5 100644 --- a/kernel/trace/trace_osnoise.c +++ b/kernel/trace/trace_osnoise.c @@ -265,6 +265,8 @@ static inline void tlat_var_reset(void) */ for_each_cpu(cpu, cpu_online_mask) { tlat_var = per_cpu_ptr(&per_cpu_timerlat_var, cpu); + if (tlat_var->kthread) + hrtimer_cancel(&tlat_var->timer); memset(tlat_var, 0, sizeof(*tlat_var)); } } @@ -2579,7 +2581,8 @@ static int timerlat_fd_release(struct inode *inode, struct file *file) osn_var = per_cpu_ptr(&per_cpu_osnoise_var, cpu); tlat_var = per_cpu_ptr(&per_cpu_timerlat_var, cpu); - hrtimer_cancel(&tlat_var->timer); + if (tlat_var->kthread) + hrtimer_cancel(&tlat_var->timer); memset(tlat_var, 0, sizeof(*tlat_var)); osn_var->sampling = 0; -- 2.43.0

8 months

1
0
0 0

[for-linus][PATCH 2/6] tracing: Fix memory leak in fgraph storage selftest

by Steven Rostedt

From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> With ftrace boot-time selftest, kmemleak reported some memory leaks in the new test case for function graph storage for multiple tracers. unreferenced object 0xffff888005060080 (size 32): comm "swapper/0", pid 1, jiffies 4294676440 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 20 10 06 05 80 88 ff ff ........ ....... 54 0c 1e 81 ff ff ff ff 00 00 00 00 00 00 00 00 T............... backtrace (crc 7c93416c): [<000000000238ee6f>] __kmalloc_cache_noprof+0x11f/0x2a0 [<0000000033d2b6c5>] enter_record+0xe8/0x150 [<0000000054c38424>] match_records+0x1cd/0x230 [<00000000c775b63d>] ftrace_set_hash+0xff/0x380 [<000000007bf7208c>] ftrace_set_filter+0x70/0x90 [<00000000a5c08dda>] test_graph_storage_multi+0x2e/0xf0 [<000000006ba028ca>] trace_selftest_startup_function_graph+0x1e8/0x260 [<00000000a715d3eb>] run_tracer_selftest+0x111/0x190 [<00000000395cbf90>] register_tracer+0xdf/0x1f0 [<0000000093e67f7b>] do_one_initcall+0x141/0x3b0 [<00000000c591b682>] do_initcall_level+0x82/0xa0 [<000000004e4c6600>] do_initcalls+0x43/0x70 [<0000000034f3c4e4>] kernel_init_freeable+0x170/0x1f0 [<00000000c7a5dab2>] kernel_init+0x1a/0x1a0 [<00000000ea105947>] ret_from_fork+0x3a/0x50 [<00000000a1932e84>] ret_from_fork_asm+0x1a/0x30 ... This means filter hash allocated for the fixtures are not correctly released after the test. Free those hash lists after tests are done and split the loop for initialize fixture and register fixture for rollback. Fixes: dd120af2d5f8 ("ftrace: Add multiple fgraph storage selftest") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/172411539857.28895.13119957560263401102.stgit@devno… Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_selftest.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c index 97f1e4bc47dc..c4ad7cd7e778 100644 --- a/kernel/trace/trace_selftest.c +++ b/kernel/trace/trace_selftest.c @@ -942,7 +942,7 @@ static __init int test_graph_storage_multi(void) { struct fgraph_fixture *fixture; bool printed = false; - int i, ret; + int i, j, ret; pr_cont("PASSED\n"); pr_info("Testing multiple fgraph storage on a function: "); @@ -953,22 +953,35 @@ static __init int test_graph_storage_multi(void) if (ret && ret != -ENODEV) { pr_cont("*Could not set filter* "); printed = true; - goto out; + goto out2; } + } + for (j = 0; j < ARRAY_SIZE(store_bytes); j++) { + fixture = &store_bytes[j]; ret = register_ftrace_graph(&fixture->gops); if (ret) { pr_warn("Failed to init store_bytes fgraph tracing\n"); printed = true; - goto out; + goto out1; } } DYN_FTRACE_TEST_NAME(); -out: +out1: + while (--j >= 0) { + fixture = &store_bytes[j]; + unregister_ftrace_graph(&fixture->gops); + + if (fixture->error_str && !printed) { + pr_cont("*** %s ***", fixture->error_str); + printed = true; + } + } +out2: while (--i >= 0) { fixture = &store_bytes[i]; - unregister_ftrace_graph(&fixture->gops); + ftrace_free_filter(&fixture->gops.ops); if (fixture->error_str && !printed) { pr_cont("*** %s ***", fixture->error_str); -- 2.43.0

8 months

1
0
0 0

[PATCH 8/8] serial: qcom-geni: fix polled console corruption

by Johan Hovold

The polled UART operations are used by the kernel debugger (KDB, KGDB), which can interrupt the kernel at any point in time. The current Qualcomm GENI implementation does not really work when there is on-going serial output as it inadvertently "hijacks" the current tx command, which can result in both the initial debugger output being corrupted as well as the corruption of any on-going serial output (up to 4k characters) when execution resumes: 0190: abcdefghijklmnopqrstuvwxyz0123456789 0190: abcdefghijklmnopqrstuvwxyz0123456789 0191: abcdefghijklmnop[ 50.825552] sysrq: DEBUG qrstuvwxyz0123456789 0191: abcdefghijklmnopqrstuvwxyz0123456789 Entering kdb (current=0xffff53510b4cd280, pid 640) on processor 2 due to Keyboard Entry [2]kdb> go omlji3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t72r2rp o9n976k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawavu:t7t8s8s8r2r2q0q0p o9n9n8ml6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav v u:u:t9t0s4s4rq0p o9n9n8m8m7l7l6k6k5j5j40q0p p o o9n9n8m8m7l7l6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t8t9s4s4r4r4q0q0p Fix this by making sure that the polled output implementation waits for the tx fifo to drain before cancelling any on-going longer transfers. As the polled code cannot take any locks, leave the state variables as they are and instead make sure that the interrupt handler always starts a new tx command when there is data in the write buffer. Since the debugger can interrupt the interrupt handler when it is writing data to the tx fifo, it is currently not possible to fully prevent losing up to 64 bytes of tty output on resume. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index fbed143c90a3..cf8bafd99a09 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -145,6 +145,7 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) @@ -403,13 +404,14 @@ static int qcom_geni_serial_get_char(struct uart_port *uport) static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + if (qcom_geni_serial_main_active(uport)) { + qcom_geni_serial_poll_tx_done(uport); + __qcom_geni_serial_cancel_tx_cmd(uport); + } + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); - WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_WATERMARK_EN, true)); writel(c, uport->membase + SE_GENI_TX_FIFOn); - writel(M_TX_FIFO_WATERMARK_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_poll_tx_done(uport); } #endif @@ -688,13 +690,10 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } -static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); - if (!qcom_geni_serial_main_active(uport)) - return; - geni_se_cancel_m_cmd(&port->se); if (!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_CANCEL_EN, true)) { @@ -704,6 +703,16 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + if (!qcom_geni_serial_main_active(uport)) + return; + + __qcom_geni_serial_cancel_tx_cmd(uport); port->tx_remaining = 0; port->tx_queued = 0; @@ -930,7 +939,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!chunk) goto out_write_wakeup; - if (!port->tx_remaining) { + if (!active) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; port->tx_queued = 0; -- 2.44.2

8 months

2
1
0 0

[PATCH 2/8] serial: qcom-geni: fix false console tx restart

by Johan Hovold

Commit 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") addressed an issue with stalled tx after the console code interrupted the last bytes of a tx command by reenabling the watermark interrupt if there is data in write buffer. This can however break software flow control by re-enabling tx after the user has stopped it. Address the original issue by not clearing the CMD_DONE flag after polling for command completion. This allows the interrupt handler to start another transfer when the CMD_DONE interrupt has not been disabled due to flow control. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index e1926124339d..0af4a93c0af5 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -314,18 +314,16 @@ static void qcom_geni_serial_setup_tx(struct uart_port *uport, u32 xmit_size) static void qcom_geni_serial_poll_tx_done(struct uart_port *uport) { int done; - u32 irq_clear = M_CMD_DONE_EN; done = qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_DONE_EN, true); if (!done) { writel(M_GENI_CMD_ABORT, uport->membase + SE_GENI_M_CMD_CTRL_REG); - irq_clear |= M_CMD_ABORT_EN; qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_ABORT_EN, true); + writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } - writel(irq_clear, uport->membase + SE_GENI_M_IRQ_CLEAR); } static void qcom_geni_serial_abort_rx(struct uart_port *uport) @@ -386,6 +384,7 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_TX_FIFO_WATERMARK_EN, true)); @@ -430,6 +429,7 @@ __qcom_geni_serial_console_write(struct uart_port *uport, const char *s, } writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, bytes_to_send); for (i = 0; i < count; ) { size_t chars_to_write = 0; @@ -471,7 +471,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, bool locked = true; unsigned long flags; u32 geni_status; - u32 irq_en; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -503,12 +502,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, * has been sent, in which case we need to look for done first. */ qcom_geni_serial_poll_tx_done(uport); - - if (!kfifo_is_empty(&uport->state->port.xmit_fifo)) { - irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); - writel(irq_en | M_TX_FIFO_WATERMARK_EN, - uport->membase + SE_GENI_M_IRQ_EN); - } } __qcom_geni_serial_console_write(uport, s, count); -- 2.44.2

8 months

2
1
0 0

+ ocfs2-cancel-dqi_sync_work-before-freeing-oinfo.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: cancel dqi_sync_work before freeing oinfo has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-cancel-dqi_sync_work-before-freeing-oinfo.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Joseph Qi <joseph.qi(a)linux.alibaba.com> Subject: ocfs2: cancel dqi_sync_work before freeing oinfo Date: Wed, 4 Sep 2024 15:10:03 +0800 ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end, if error occurs after successfully reading global quota, it will trigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled: ODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c This reports that there is an active delayed work when freeing oinfo in error handling, so cancel dqi_sync_work first. BTW, return status instead of -1 when .read_file_info fails. Link: https://syzkaller.appspot.com/bug?extid=f7af59df5d6b25f0febd Link: https://lkml.kernel.org/r/20240904071004.2067695-1-joseph.qi@linux.alibaba.… Fixes: 171bf93ce11f ("ocfs2: Periodic quota syncing") Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Heming Zhao <heming.zhao(a)suse.com> Reported-by: syzbot+f7af59df5d6b25f0febd(a)syzkaller.appspotmail.com Tested-by: syzbot+f7af59df5d6b25f0febd(a)syzkaller.appspotmail.com Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/quota_local.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/fs/ocfs2/quota_local.c~ocfs2-cancel-dqi_sync_work-before-freeing-oinfo +++ a/fs/ocfs2/quota_local.c @@ -692,7 +692,7 @@ static int ocfs2_local_read_info(struct int status; struct buffer_head *bh = NULL; struct ocfs2_quota_recovery *rec; - int locked = 0; + int locked = 0, global_read = 0; info->dqi_max_spc_limit = 0x7fffffffffffffffLL; info->dqi_max_ino_limit = 0x7fffffffffffffffLL; @@ -700,6 +700,7 @@ static int ocfs2_local_read_info(struct if (!oinfo) { mlog(ML_ERROR, "failed to allocate memory for ocfs2 quota" " info."); + status = -ENOMEM; goto out_err; } info->dqi_priv = oinfo; @@ -712,6 +713,7 @@ static int ocfs2_local_read_info(struct status = ocfs2_global_read_info(sb, type); if (status < 0) goto out_err; + global_read = 1; status = ocfs2_inode_lock(lqinode, &oinfo->dqi_lqi_bh, 1); if (status < 0) { @@ -782,10 +784,12 @@ out_err: if (locked) ocfs2_inode_unlock(lqinode, 1); ocfs2_release_local_quota_bitmaps(&oinfo->dqi_chunk); + if (global_read) + cancel_delayed_work_sync(&oinfo->dqi_sync_work); kfree(oinfo); } brelse(bh); - return -1; + return status; } /* Write local info to quota file */ _ Patches currently in -mm which might be from joseph.qi(a)linux.alibaba.com are ocfs2-cancel-dqi_sync_work-before-freeing-oinfo.patch

8 months

1
0
0 0

[PATCH] usb: roles: Fix a false positive recursive locking complaint

by Bart Van Assche

Suppress the following lockdep complaint: INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Andy Shevchenko <andy.shevchenko(a)gmail.com> Cc: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Fixes: fde0aa6c175a ("usb: common: Small class for USB role switches") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/usb/roles/class.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/usb/roles/class.c b/drivers/usb/roles/class.c index d7aa913ceb8a..f648ce3dd9b5 100644 --- a/drivers/usb/roles/class.c +++ b/drivers/usb/roles/class.c @@ -21,6 +21,7 @@ static const struct class role_class = { struct usb_role_switch { struct device dev; + struct lock_class_key key; struct mutex lock; /* device lock*/ struct module *module; /* the module this device depends on */ enum usb_role role; @@ -326,6 +327,8 @@ static void usb_role_switch_release(struct device *dev) { struct usb_role_switch *sw = to_role_switch(dev); + mutex_destroy(&sw->lock); + lockdep_unregister_key(&sw->key); kfree(sw); } @@ -364,7 +367,8 @@ usb_role_switch_register(struct device *parent, if (!sw) return ERR_PTR(-ENOMEM); - mutex_init(&sw->lock); + lockdep_register_key(&sw->key); + __mutex_init(&sw->lock, "usb_role_switch_desc::lock", &sw->key); sw->allow_userspace_control = desc->allow_userspace_control; sw->usb2_port = desc->usb2_port;

8 months

1
1
0 0

[PATCH iwl-next v2 5/6] idpf: fix netdev Tx queue stop/wake

by Alexander Lobakin

From: Michal Kubiak <michal.kubiak(a)intel.com> netif_txq_maybe_stop() returns -1, 0, or 1, while idpf_tx_maybe_stop_common() says it returns 0 or -EBUSY. As a result, there sometimes are Tx queue timeout warnings despite that the queue is empty or there is at least enough space to restart it. Make idpf_tx_maybe_stop_common() inline and returning true or false, handling the return of netif_txq_maybe_stop() properly. Use a correct goto in idpf_tx_maybe_stop_splitq() to avoid stopping the queue or incrementing the stops counter twice. Fixes: 6818c4d5b3c2 ("idpf: add splitq start_xmit") Fixes: a5ab9ee0df0b ("idpf: add singleq start_xmit and napi poll") Cc: stable(a)vger.kernel.org # 6.7+ Signed-off-by: Michal Kubiak <michal.kubiak(a)intel.com> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Signed-off-by: Alexander Lobakin <aleksander.lobakin(a)intel.com> --- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 9 ++++- .../ethernet/intel/idpf/idpf_singleq_txrx.c | 4 +++ drivers/net/ethernet/intel/idpf/idpf_txrx.c | 35 +++++-------------- 3 files changed, 21 insertions(+), 27 deletions(-) diff --git a/drivers/net/ethernet/intel/idpf/idpf_txrx.h b/drivers/net/ethernet/intel/idpf/idpf_txrx.h index 3a2a92e79e60..33305de06975 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_txrx.h +++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h @@ -1018,7 +1018,6 @@ void idpf_tx_dma_map_error(struct idpf_tx_queue *txq, struct sk_buff *skb, struct idpf_tx_buf *first, u16 ring_idx); unsigned int idpf_tx_desc_count_required(struct idpf_tx_queue *txq, struct sk_buff *skb); -int idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, unsigned int size); void idpf_tx_timeout(struct net_device *netdev, unsigned int txqueue); netdev_tx_t idpf_tx_singleq_frame(struct sk_buff *skb, struct idpf_tx_queue *tx_q); @@ -1027,4 +1026,12 @@ bool idpf_rx_singleq_buf_hw_alloc_all(struct idpf_rx_queue *rxq, u16 cleaned_count); int idpf_tso(struct sk_buff *skb, struct idpf_tx_offload_params *off); +static inline bool idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, + u32 needed) +{ + return !netif_subqueue_maybe_stop(tx_q->netdev, tx_q->idx, + IDPF_DESC_UNUSED(tx_q), + needed, needed); +} + #endif /* !_IDPF_TXRX_H_ */ diff --git a/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c index 947d3ff9677c..5ba360abbe66 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c +++ b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c @@ -375,6 +375,10 @@ netdev_tx_t idpf_tx_singleq_frame(struct sk_buff *skb, IDPF_TX_DESCS_FOR_CTX)) { idpf_tx_buf_hw_update(tx_q, tx_q->next_to_use, false); + u64_stats_update_begin(&tx_q->stats_sync); + u64_stats_inc(&tx_q->q_stats.q_busy); + u64_stats_update_end(&tx_q->stats_sync); + return NETDEV_TX_BUSY; } diff --git a/drivers/net/ethernet/intel/idpf/idpf_txrx.c b/drivers/net/ethernet/intel/idpf/idpf_txrx.c index a7f7efc61caf..05555303e097 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_txrx.c +++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c @@ -2131,29 +2131,6 @@ void idpf_tx_splitq_build_flow_desc(union idpf_tx_flex_desc *desc, desc->flow.qw1.compl_tag = cpu_to_le16(params->compl_tag); } -/** - * idpf_tx_maybe_stop_common - 1st level check for common Tx stop conditions - * @tx_q: the queue to be checked - * @size: number of descriptors we want to assure is available - * - * Returns 0 if stop is not needed - */ -int idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, unsigned int size) -{ - struct netdev_queue *nq; - - if (likely(IDPF_DESC_UNUSED(tx_q) >= size)) - return 0; - - u64_stats_update_begin(&tx_q->stats_sync); - u64_stats_inc(&tx_q->q_stats.q_busy); - u64_stats_update_end(&tx_q->stats_sync); - - nq = netdev_get_tx_queue(tx_q->netdev, tx_q->idx); - - return netif_txq_maybe_stop(nq, IDPF_DESC_UNUSED(tx_q), size, size); -} - /** * idpf_tx_maybe_stop_splitq - 1st level check for Tx splitq stop conditions * @tx_q: the queue to be checked @@ -2165,7 +2142,7 @@ static int idpf_tx_maybe_stop_splitq(struct idpf_tx_queue *tx_q, unsigned int descs_needed) { if (idpf_tx_maybe_stop_common(tx_q, descs_needed)) - goto splitq_stop; + goto out; /* If there are too many outstanding completions expected on the * completion queue, stop the TX queue to give the device some time to @@ -2184,10 +2161,12 @@ static int idpf_tx_maybe_stop_splitq(struct idpf_tx_queue *tx_q, return 0; splitq_stop: + netif_stop_subqueue(tx_q->netdev, tx_q->idx); + +out: u64_stats_update_begin(&tx_q->stats_sync); u64_stats_inc(&tx_q->q_stats.q_busy); u64_stats_update_end(&tx_q->stats_sync); - netif_stop_subqueue(tx_q->netdev, tx_q->idx); return -EBUSY; } @@ -2210,7 +2189,11 @@ void idpf_tx_buf_hw_update(struct idpf_tx_queue *tx_q, u32 val, nq = netdev_get_tx_queue(tx_q->netdev, tx_q->idx); tx_q->next_to_use = val; - idpf_tx_maybe_stop_common(tx_q, IDPF_TX_DESC_NEEDED); + if (idpf_tx_maybe_stop_common(tx_q, IDPF_TX_DESC_NEEDED)) { + u64_stats_update_begin(&tx_q->stats_sync); + u64_stats_inc(&tx_q->q_stats.q_busy); + u64_stats_update_end(&tx_q->stats_sync); + } /* Force memory writes to complete before letting h/w * know there are new descriptors to fetch. (Only -- 2.46.0

8 months

1
0
0 0

[PATCH 5.10] cifs: Fix freeing non heap memory in dup_vol()

by Alexandra Diupina

No upstream commit exists for this patch. Remove kfree(&vi->smb_vol), since &vi->smb_vol is a pointer to an area inside the allocated memory. The issue was fixed on the way by upstream commit 837e3a1bbfdc ("cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c") but this commit is not material for stable branches. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 54be1f6c1c37 ("cifs: Add DFS cache routines") Signed-off-by: Alexandra Diupina <adiupina(a)astralinux.ru> --- fs/cifs/dfs_cache.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/cifs/dfs_cache.c b/fs/cifs/dfs_cache.c index 7b6db272fd0b..da6d775102f2 100644 --- a/fs/cifs/dfs_cache.c +++ b/fs/cifs/dfs_cache.c @@ -1194,7 +1194,6 @@ static int dup_vol(struct smb_vol *vol, struct smb_vol *new) kfree_sensitive(new->password); err_free_username: kfree(new->username); - kfree(new); return -ENOMEM; } -- 2.30.2

8 months

1
0
0 0

[PATCH v2] f2fs: Do not check the FI_DIRTY_INODE flag when umounting a ro fs.

by Julian Sun

Hi, all. Recently syzbot reported a bug as following: kernel BUG at fs/f2fs/inode.c:896! CPU: 1 UID: 0 PID: 5217 Comm: syz-executor605 Not tainted 6.11.0-rc4-syzkaller-00033-g872cf28b8df9 #0 RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: <TASK> evict+0x532/0x950 fs/inode.c:704 dispose_list fs/inode.c:747 [inline] evict_inodes+0x5f9/0x690 fs/inode.c:797 generic_shutdown_super+0x9d/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1696 kill_f2fs_super+0x344/0x690 fs/f2fs/super.c:4898 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373 task_work_run+0x24f/0x310 kernel/task_work.c:228 ptrace_notify+0x2d2/0x380 kernel/signal.c:2402 ptrace_report_syscall include/linux/ptrace.h:415 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline] syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173 syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline] syscall_exit_to_user_mode+0x279/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f The syzbot constructed the following scenario: concurrently creating directories and setting the file system to read-only. In this case, while f2fs was making dir, the filesystem switched to readonly, and when it tried to clear the dirty flag, it triggered this code path: f2fs_mkdir()-> f2fs_sync_fs()->f2fs_write_checkpoint() ->f2fs_readonly(). This resulted FI_DIRTY_INODE flag not being cleared, which eventually led to a bug being triggered during the FI_DIRTY_INODE check in f2fs_evict_inode(). In this case, we cannot do anything further, so if filesystem is readonly, do not trigger the BUG. Instead, clean up resources to the best of our ability to prevent triggering subsequent resource leak checks. If there is anything important I'm missing, please let me know, thanks. Reported-by: syzbot+ebea2790904673d7c618(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=ebea2790904673d7c618 Fixes: ca7d802a7d8e ("f2fs: detect dirty inode in evict_inode") CC: stable(a)vger.kernel.org Signed-off-by: Julian Sun <sunjunchao2870(a)gmail.com> --- fs/f2fs/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index aef57172014f..ebf825dba0a5 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -892,7 +892,8 @@ void f2fs_evict_inode(struct inode *inode) atomic_read(&fi->i_compr_blocks)); if (likely(!f2fs_cp_error(sbi) && - !is_sbi_flag_set(sbi, SBI_CP_DISABLED))) + !is_sbi_flag_set(sbi, SBI_CP_DISABLED)) && + !f2fs_readonly(sbi->sb)) f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE)); else f2fs_inode_synced(inode); -- 2.39.2

8 months

3
6
0 0

[PATCH 5.10] cifs: Fix freeing non heap memory in dup_vol()

by Alexandra Diupina

Remove kfree(&vi->smb_vol), since &vi->smb_vol is a pointer to an area inside the allocated memory. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 54be1f6c1c37 ("cifs: Add DFS cache routines") Signed-off-by: Alexandra Diupina <adiupina(a)astralinux.ru> --- fs/cifs/dfs_cache.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/cifs/dfs_cache.c b/fs/cifs/dfs_cache.c index 7b6db272fd0b..da6d775102f2 100644 --- a/fs/cifs/dfs_cache.c +++ b/fs/cifs/dfs_cache.c @@ -1194,7 +1194,6 @@ static int dup_vol(struct smb_vol *vol, struct smb_vol *new) kfree_sensitive(new->password); err_free_username: kfree(new->username); - kfree(new); return -ENOMEM; } -- 2.30.2

8 months

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-re-adding ID 0 signal" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f18fa2abf81099d822d842a107f8c9889c86043c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083033-whoopee-visa-f9dd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f18fa2abf810 ("selftests: mptcp: join: check re-re-adding ID 0 signal") 20ccc7c5f7a3 ("selftests: mptcp: join: validate event numbers") d397d7246c11 ("selftests: mptcp: join: check re-re-adding ID 0 endp") 1c2326fcae4f ("selftests: mptcp: join: check re-adding init endp with != id") 5f94b08c0012 ("selftests: mptcp: join: check removing ID 0 endpoint") 65fb58afa341 ("selftests: mptcp: join: check re-using ID of closed subflow") a13d5aad4dd9 ("selftests: mptcp: join: check re-using ID of unused ADD_ADDR") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") 40061817d95b ("selftests: mptcp: join: fix dev in check_endpoint") 23a0485d1c04 ("selftests: mptcp: declare event macros in mptcp_lib") 35bc143a8514 ("selftests: mptcp: add mptcp_lib_events helper") 3a0f9bed3c28 ("selftests: mptcp: add mptcp_lib_ns_init/exit helpers") 3fb8c33ef4b9 ("selftests: mptcp: add mptcp_lib_check_tools helper") 7c2eac649054 ("selftests: mptcp: stop forcing iptables-legacy") 4cc5cc7ca052 ("selftests: mptcp: userspace pm get addr tests") 38f027fca1b7 ("selftests: mptcp: dump userspace addrs list") 2d0c1d27ea4e ("selftests: mptcp: add mptcp_lib_check_output helper") 9480f388a2ef ("selftests: mptcp: join: add ss mptcp support check") 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") 04b57c9e096a ("selftests: mptcp: join: stop transfer when check is done (part 2)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f18fa2abf81099d822d842a107f8c9889c86043c Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:38 +0200 Subject: [PATCH] selftests: mptcp: join: check re-re-adding ID 0 signal This test extends "delete re-add signal" to validate the previous commit: when the 'signal' endpoint linked to the initial subflow (ID 0) is re-added multiple times, it will re-send the ADD_ADDR with id 0. The client should still be able to re-create this subflow, even if the add_addr_accepted limit has been reached as this special address is not considered as a new address. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index a8ea0fe200fb..a4762c49a878 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3688,7 +3688,7 @@ endpoint_tests() # broadcast IP: no packet for this address will be received on ns1 pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal pm_nl_add_endpoint $ns1 10.0.1.1 id 42 flags signal - test_linkfail=4 speed=20 \ + test_linkfail=4 speed=5 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! @@ -3717,7 +3717,17 @@ endpoint_tests() pm_nl_add_endpoint $ns1 10.0.1.1 id 99 flags signal wait_mpj $ns2 - chk_subflow_nr "after re-add" 3 + chk_subflow_nr "after re-add ID 0" 3 + chk_mptcp_info subflows 3 subflows 3 + + pm_nl_del_endpoint $ns1 99 10.0.1.1 + sleep 0.5 + chk_subflow_nr "after re-delete ID 0" 2 + chk_mptcp_info subflows 2 subflows 2 + + pm_nl_add_endpoint $ns1 10.0.1.1 id 88 flags signal + wait_mpj $ns2 + chk_subflow_nr "after re-re-add ID 0" 3 chk_mptcp_info subflows 3 subflows 3 mptcp_lib_kill_wait $tests_pid @@ -3727,19 +3737,19 @@ endpoint_tests() chk_evt_nr ns1 MPTCP_LIB_EVENT_ESTABLISHED 1 chk_evt_nr ns1 MPTCP_LIB_EVENT_ANNOUNCED 0 chk_evt_nr ns1 MPTCP_LIB_EVENT_REMOVED 0 - chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_ESTABLISHED 4 - chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_CLOSED 2 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_ESTABLISHED 5 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_CLOSED 3 chk_evt_nr ns2 MPTCP_LIB_EVENT_CREATED 1 chk_evt_nr ns2 MPTCP_LIB_EVENT_ESTABLISHED 1 - chk_evt_nr ns2 MPTCP_LIB_EVENT_ANNOUNCED 5 - chk_evt_nr ns2 MPTCP_LIB_EVENT_REMOVED 3 - chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_ESTABLISHED 4 - chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_CLOSED 2 + chk_evt_nr ns2 MPTCP_LIB_EVENT_ANNOUNCED 6 + chk_evt_nr ns2 MPTCP_LIB_EVENT_REMOVED 4 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_ESTABLISHED 5 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_CLOSED 3 - chk_join_nr 4 4 4 - chk_add_nr 5 5 - chk_rm_nr 3 2 invert + chk_join_nr 5 5 5 + chk_add_nr 6 6 + chk_rm_nr 4 3 invert fi # flush and re-add

8 months

3
2
0 0

[PATCH 6.1.y] selftests: mptcp: join: cannot rm sf if closed

by Matthieu Baerts (NGI0)

commit e93681afcb96864ec26c3b2ce94008ce93577373 upstream. Thanks to the previous commit, the MPTCP subflows are now closed on both directions even when only the MPTCP path-manager of one peer asks for their closure. In the two tests modified here -- "userspace pm add & remove address" and "userspace pm create destroy subflow" -- one peer is controlled by the userspace PM, and the other one by the in-kernel PM. When the userspace PM sends a RM_ADDR notification, the in-kernel PM will automatically react by closing all subflows using this address. Now, thanks to the previous commit, the subflows are properly closed on both directions, the userspace PM can then no longer closes the same subflows if they are already closed. Before, it was OK to do that, because the subflows were still half-opened, still OK to send a RM_ADDR. In other words, thanks to the previous commit closing the subflows, an error will be returned to the userspace if it tries to close a subflow that has already been closed. So no need to run this command, which mean that the linked counters will then not be incremented. These tests are then no longer sending both a RM_ADDR, then closing the linked subflow just after. The test with the userspace PM on the server side is now removing one subflow linked to one address, then sending a RM_ADDR for another address. The test with the userspace PM on the client side is now only removing the subflow that was previously created. Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240826-net-mptcp-close-extra-sf-fin-v1-2-905199f… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Fixes: 97040cf9806e ("selftests: mptcp: userspace pm address tests") Fixes: 5e986ec46874 ("selftests: mptcp: userspace pm subflow tests") [ It looks like this patch is needed for the same reasons as mentioned above, but the resolution is different: the subflows and addresses are removed elsewhere. The same type of adaptations have been applied here. The Fixes tag has been replaced by better appropriated ones. ] Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- tools/testing/selftests/net/mptcp/mptcp_join.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 20561d569697..446b8daa23e0 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -984,8 +984,6 @@ do_transfer() dp=$(grep "type:10" "$evts_ns1" | sed -n 's/.*$dport:$$[[:digit:]]*$.*$/\2/p;q') ip netns exec ${listener_ns} ./pm_nl_ctl rem token $tk id $id - ip netns exec ${listener_ns} ./pm_nl_ctl dsf lip "$addr" \ - lport $sp rip $da rport $dp token $tk fi counter=$((counter + 1)) @@ -1051,7 +1049,6 @@ do_transfer() sleep 1 sp=$(grep "type:10" "$evts_ns2" | sed -n 's/.*$sport:$$[[:digit:]]*$.*$/\2/p;q') - ip netns exec ${connector_ns} ./pm_nl_ctl rem token $tk id $id ip netns exec ${connector_ns} ./pm_nl_ctl dsf lip $addr lport $sp \ rip $da rport $dp token $tk fi @@ -3280,7 +3277,7 @@ userspace_tests() run_tests $ns1 $ns2 10.0.1.1 0 userspace_1 0 slow chk_join_nr 1 1 1 chk_add_nr 1 1 - chk_rm_nr 1 1 invert + chk_rm_nr 1 0 invert fi # userspace pm create destroy subflow @@ -3290,7 +3287,7 @@ userspace_tests() pm_nl_set_limits $ns1 0 1 run_tests $ns1 $ns2 10.0.1.1 0 0 userspace_1 slow chk_join_nr 1 1 1 - chk_rm_nr 1 1 + chk_rm_nr 0 1 fi } -- 2.45.2

8 months

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-re-adding ID 0 endp" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d397d7246c11ca36c33c932bc36d38e3a79e9aa0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083056-curable-silencer-80fc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d397d7246c11 ("selftests: mptcp: join: check re-re-adding ID 0 endp") 5f94b08c0012 ("selftests: mptcp: join: check removing ID 0 endpoint") 65fb58afa341 ("selftests: mptcp: join: check re-using ID of closed subflow") 40061817d95b ("selftests: mptcp: join: fix dev in check_endpoint") 04b57c9e096a ("selftests: mptcp: join: stop transfer when check is done (part 2)") b9fb176081fb ("selftests: mptcp: userspace pm send RM_ADDR for ID 0") e3b47e460b4b ("selftests: mptcp: userspace pm remove initial subflow") 03668c65d153 ("selftests: mptcp: join: rework detailed report") 7f117cd37c61 ("selftests: mptcp: join: format subtests results in TAP") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") d7ced753aa85 ("selftests: mptcp: check subflow and addr infos") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d397d7246c11ca36c33c932bc36d38e3a79e9aa0 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:34 +0200 Subject: [PATCH] selftests: mptcp: join: check re-re-adding ID 0 endp This test extends "delete and re-add" to validate the previous commit: when the endpoint linked to the initial subflow (ID 0) is re-added multiple times, it was no longer being used, because the internal linked counters are not decremented for this special endpoint: it is not an additional endpoint. Here, the "del/add id 0" steps are done 3 times to unsure this case is validated. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index a10714b6952f..965b614e4b16 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3576,7 +3576,7 @@ endpoint_tests() pm_nl_set_limits $ns2 0 3 pm_nl_add_endpoint $ns2 10.0.1.2 id 1 dev ns2eth1 flags subflow pm_nl_add_endpoint $ns2 10.0.2.2 id 2 dev ns2eth2 flags subflow - test_linkfail=4 speed=20 \ + test_linkfail=4 speed=5 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! @@ -3608,20 +3608,23 @@ endpoint_tests() chk_subflow_nr "after no reject" 3 chk_mptcp_info subflows 2 subflows 2 - pm_nl_del_endpoint $ns2 1 10.0.1.2 - sleep 0.5 - chk_subflow_nr "after delete id 0" 2 - chk_mptcp_info subflows 2 subflows 2 # only decr for additional sf + local i + for i in $(seq 3); do + pm_nl_del_endpoint $ns2 1 10.0.1.2 + sleep 0.5 + chk_subflow_nr "after delete id 0 ($i)" 2 + chk_mptcp_info subflows 2 subflows 2 # only decr for additional sf - pm_nl_add_endpoint $ns2 10.0.1.2 id 1 dev ns2eth1 flags subflow - wait_mpj $ns2 - chk_subflow_nr "after re-add id 0" 3 - chk_mptcp_info subflows 3 subflows 3 + pm_nl_add_endpoint $ns2 10.0.1.2 id 1 dev ns2eth1 flags subflow + wait_mpj $ns2 + chk_subflow_nr "after re-add id 0 ($i)" 3 + chk_mptcp_info subflows 3 subflows 3 + done mptcp_lib_kill_wait $tests_pid - chk_join_nr 4 4 4 - chk_rm_nr 2 2 + chk_join_nr 6 6 6 + chk_rm_nr 4 4 fi # remove and re-add

8 months

3
2
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check removing ID 0 endpoint" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5f94b08c001290acda94d9d8868075590931c198 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083009-escapable-arguable-125f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 5f94b08c0012 ("selftests: mptcp: join: check removing ID 0 endpoint") 65fb58afa341 ("selftests: mptcp: join: check re-using ID of closed subflow") 40061817d95b ("selftests: mptcp: join: fix dev in check_endpoint") 04b57c9e096a ("selftests: mptcp: join: stop transfer when check is done (part 2)") b9fb176081fb ("selftests: mptcp: userspace pm send RM_ADDR for ID 0") e3b47e460b4b ("selftests: mptcp: userspace pm remove initial subflow") 03668c65d153 ("selftests: mptcp: join: rework detailed report") 7f117cd37c61 ("selftests: mptcp: join: format subtests results in TAP") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") d7ced753aa85 ("selftests: mptcp: check subflow and addr infos") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") 00079f18c24f ("selftests: mptcp: join: skip check if MIB counter not supported (part 2)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5f94b08c001290acda94d9d8868075590931c198 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:26 +0200 Subject: [PATCH] selftests: mptcp: join: check removing ID 0 endpoint Removing the endpoint linked to the initial subflow should trigger a RM_ADDR for the right ID, and the removal of the subflow. That's what is now being verified in the "delete and re-add" test. Note that removing the initial subflow will not decrement the 'subflows' counters, which corresponds to the *additional* subflows. On the other hand, when the same endpoint is re-added, it will increment this counter, as it will be seen as an additional subflow this time. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 264040a760c6..8b4529ff15e5 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3572,8 +3572,9 @@ endpoint_tests() if reset_with_tcp_filter "delete and re-add" ns2 10.0.3.2 REJECT OUTPUT && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then - pm_nl_set_limits $ns1 0 2 - pm_nl_set_limits $ns2 0 2 + pm_nl_set_limits $ns1 0 3 + pm_nl_set_limits $ns2 0 3 + pm_nl_add_endpoint $ns2 10.0.1.2 id 1 dev ns2eth1 flags subflow pm_nl_add_endpoint $ns2 10.0.2.2 id 2 dev ns2eth2 flags subflow test_linkfail=4 speed=20 \ run_tests $ns1 $ns2 10.0.1.1 & @@ -3582,17 +3583,17 @@ endpoint_tests() wait_mpj $ns2 pm_nl_check_endpoint "creation" \ $ns2 10.0.2.2 id 2 flags subflow dev ns2eth2 - chk_subflow_nr "before delete" 2 + chk_subflow_nr "before delete id 2" 2 chk_mptcp_info subflows 1 subflows 1 pm_nl_del_endpoint $ns2 2 10.0.2.2 sleep 0.5 - chk_subflow_nr "after delete" 1 + chk_subflow_nr "after delete id 2" 1 chk_mptcp_info subflows 0 subflows 0 pm_nl_add_endpoint $ns2 10.0.2.2 id 2 dev ns2eth2 flags subflow wait_mpj $ns2 - chk_subflow_nr "after re-add" 2 + chk_subflow_nr "after re-add id 2" 2 chk_mptcp_info subflows 1 subflows 1 pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow @@ -3607,10 +3608,20 @@ endpoint_tests() chk_subflow_nr "after no reject" 3 chk_mptcp_info subflows 2 subflows 2 + pm_nl_del_endpoint $ns2 1 10.0.1.2 + sleep 0.5 + chk_subflow_nr "after delete id 0" 2 + chk_mptcp_info subflows 2 subflows 2 # only decr for additional sf + + pm_nl_add_endpoint $ns2 10.0.1.2 id 1 dev ns2eth1 flags subflow + wait_mpj $ns2 + chk_subflow_nr "after re-add id 0" 3 + chk_mptcp_info subflows 3 subflows 3 + mptcp_lib_kill_wait $tests_pid - chk_join_nr 3 3 3 - chk_rm_nr 1 1 + chk_join_nr 4 4 4 + chk_rm_nr 2 2 fi # remove and re-add

8 months

3
2
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: no extra msg if no counter" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 76a2d8394cc183df872adf04bf636eaf42746449 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083033-mounting-headsman-336e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 76a2d8394cc1 ("selftests: mptcp: join: no extra msg if no counter") e7c42bf4d320 ("selftests: mptcp: use += operator to append strings") e3aae1098f10 ("selftests: mptcp: connect: fix shellcheck warnings") 61c131f5d4d2 ("selftests: mptcp: add mptcp_lib_get_counter") b850f2c7dd85 ("selftests: mptcp: add mptcp_lib_is_v6") bdbef0a6ff10 ("selftests: mptcp: add mptcp_lib_kill_wait") 757c828ce949 ("selftests: mptcp: update userspace pm test helpers") 80775412882e ("selftests: mptcp: add chk_subflows_total helper") 06848c0f341e ("selftests: mptcp: add evts_get_info helper") 629b35a225b0 ("selftests: mptcp: display simult in extra_msg") 9168ea02b898 ("selftests: mptcp: fix wait_rm_addr/sf parameters") 4d016ae42efb ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76a2d8394cc183df872adf04bf636eaf42746449 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:31 +0200 Subject: [PATCH] selftests: mptcp: join: no extra msg if no counter The checksum and fail counters might not be available. Then no need to display an extra message with missing info. While at it, fix the indentation around, which is wrong since the same commit. Fixes: 47867f0a7e83 ("selftests: mptcp: join: skip check if MIB counter not supported") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 75458ade32c7..a10714b6952f 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -1112,26 +1112,26 @@ chk_csum_nr() print_check "sum" count=$(mptcp_lib_get_counter ${ns1} "MPTcpExtDataCsumErr") - if [ "$count" != "$csum_ns1" ]; then + if [ -n "$count" ] && [ "$count" != "$csum_ns1" ]; then extra_msg+=" ns1=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != $csum_ns1 ] && [ $allow_multi_errors_ns1 -eq 0 ]; } || - { [ "$count" -lt $csum_ns1 ] && [ $allow_multi_errors_ns1 -eq 1 ]; }; then + { [ "$count" -lt $csum_ns1 ] && [ $allow_multi_errors_ns1 -eq 1 ]; }; then fail_test "got $count data checksum error[s] expected $csum_ns1" else print_ok fi print_check "csum" count=$(mptcp_lib_get_counter ${ns2} "MPTcpExtDataCsumErr") - if [ "$count" != "$csum_ns2" ]; then + if [ -n "$count" ] && [ "$count" != "$csum_ns2" ]; then extra_msg+=" ns2=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != $csum_ns2 ] && [ $allow_multi_errors_ns2 -eq 0 ]; } || - { [ "$count" -lt $csum_ns2 ] && [ $allow_multi_errors_ns2 -eq 1 ]; }; then + { [ "$count" -lt $csum_ns2 ] && [ $allow_multi_errors_ns2 -eq 1 ]; }; then fail_test "got $count data checksum error[s] expected $csum_ns2" else print_ok @@ -1169,13 +1169,13 @@ chk_fail_nr() print_check "ftx" count=$(mptcp_lib_get_counter ${ns_tx} "MPTcpExtMPFailTx") - if [ "$count" != "$fail_tx" ]; then + if [ -n "$count" ] && [ "$count" != "$fail_tx" ]; then extra_msg+=",tx=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != "$fail_tx" ] && [ $allow_tx_lost -eq 0 ]; } || - { [ "$count" -gt "$fail_tx" ] && [ $allow_tx_lost -eq 1 ]; }; then + { [ "$count" -gt "$fail_tx" ] && [ $allow_tx_lost -eq 1 ]; }; then fail_test "got $count MP_FAIL[s] TX expected $fail_tx" else print_ok @@ -1183,13 +1183,13 @@ chk_fail_nr() print_check "failrx" count=$(mptcp_lib_get_counter ${ns_rx} "MPTcpExtMPFailRx") - if [ "$count" != "$fail_rx" ]; then + if [ -n "$count" ] && [ "$count" != "$fail_rx" ]; then extra_msg+=",rx=$count" fi if [ -z "$count" ]; then print_skip elif { [ "$count" != "$fail_rx" ] && [ $allow_rx_lost -eq 0 ]; } || - { [ "$count" -gt "$fail_rx" ] && [ $allow_rx_lost -eq 1 ]; }; then + { [ "$count" -gt "$fail_rx" ] && [ $allow_rx_lost -eq 1 ]; }; then fail_test "got $count MP_FAIL[s] RX expected $fail_rx" else print_ok

8 months

3
2
0 0

FAILED: patch "[PATCH] mptcp: avoid duplicated SUB_CLOSED events" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d82809b6c5f2676b382f77a5cbeb1a5d91ed2235 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083028-coauthor-moving-1474@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d82809b6c5f2 ("mptcp: avoid duplicated SUB_CLOSED events") a7cfe7766370 ("mptcp: fix data races on local_id") 84c531f54ad9 ("mptcp: userspace pm send RM_ADDR for ID 0") f1f26512a9bf ("mptcp: use plain bool instead of custom binary enum") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") fce68b03086f ("mptcp: add scheduled in mptcp_subflow_context") 1730b2b2c5a5 ("mptcp: add sched in mptcp_sock") 740ebe35bd3f ("mptcp: add struct mptcp_sched_ops") a7384f391875 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d82809b6c5f2676b382f77a5cbeb1a5d91ed2235 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:35 +0200 Subject: [PATCH] mptcp: avoid duplicated SUB_CLOSED events MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The initial subflow might have already been closed, but still in the connection list. When the worker is instructed to close the subflows that have been marked as closed, it might then try to close the initial subflow again. A consequence of that is that the SUB_CLOSED event can be seen twice: # ip mptcp endpoint 1.1.1.1 id 1 subflow dev eth0 2.2.2.2 id 2 subflow dev eth1 # ip mptcp monitor & [ CREATED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 [ ESTABLISHED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 [ SF_ESTABLISHED] remid=0 locid=2 saddr4=2.2.2.2 daddr4=9.9.9.9 # ip mptcp endpoint delete id 1 [ SF_CLOSED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 [ SF_CLOSED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 The first one is coming from mptcp_pm_nl_rm_subflow_received(), and the second one from __mptcp_close_subflow(). To avoid doing the post-closed processing twice, the subflow is now marked as closed the first time. Note that it is not enough to check if we are dealing with the first subflow and check its sk_state: the subflow might have been reset or closed before calling mptcp_close_ssk(). Fixes: b911c97c7dc7 ("mptcp: add netlink event support") Cc: stable(a)vger.kernel.org Tested-by: Arınç ÜNAL <arinc.unal(a)arinc9.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index b571fba88a2f..37ebcb7640eb 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2508,6 +2508,12 @@ static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, void mptcp_close_ssk(struct sock *sk, struct sock *ssk, struct mptcp_subflow_context *subflow) { + /* The first subflow can already be closed and still in the list */ + if (subflow->close_event_done) + return; + + subflow->close_event_done = true; + if (sk->sk_state == TCP_ESTABLISHED) mptcp_event(MPTCP_EVENT_SUB_CLOSED, mptcp_sk(sk), ssk, GFP_KERNEL); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 240d7c2ea551..26eb898a202b 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -524,7 +524,8 @@ struct mptcp_subflow_context { stale : 1, /* unable to snd/rcv data, do not use for xmit */ valid_csum_seen : 1, /* at least one csum validated */ is_mptfo : 1, /* subflow is doing TFO */ - __unused : 10; + close_event_done : 1, /* has done the post-closed part */ + __unused : 9; bool data_avail; bool scheduled; u32 remote_nonce;

8 months

3
2
0 0

FAILED: patch "[PATCH] mptcp: pm: fix RM_ADDR ID for the initial subflow" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 87b5896f3f7848130095656739b05881904e2697 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083045-mosaic-sniff-fe02@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 87b5896f3f78 ("mptcp: pm: fix RM_ADDR ID for the initial subflow") edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") e38b117d7f3b ("mptcp: make pm_remove_addrs_and_subflows static") 8b1c94da1e48 ("mptcp: only send RM_ADDR in nl_cmd_remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 87b5896f3f7848130095656739b05881904e2697 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:25 +0200 Subject: [PATCH] mptcp: pm: fix RM_ADDR ID for the initial subflow The initial subflow has a special local ID: 0. When an endpoint is being deleted, it is then important to check if its address is not linked to the initial subflow to send the right ID. If there was an endpoint linked to the initial subflow, msk's mpc_endpoint_id field will be set. We can then use this info when an endpoint is being removed to see if it is linked to the initial subflow. So now, the correct IDs are passed to mptcp_pm_nl_rm_addr_or_subflow(), it is no longer needed to use mptcp_local_id_match(). Fixes: 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index ec45ab4c66ab..42d4e7b5f65d 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -800,11 +800,6 @@ int mptcp_pm_nl_mp_prio_send_ack(struct mptcp_sock *msk, return -EINVAL; } -static bool mptcp_local_id_match(const struct mptcp_sock *msk, u8 local_id, u8 id) -{ - return local_id == id || (!local_id && msk->mpc_endpoint_id == id); -} - static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list, enum linux_mptcp_mib_field rm_type) @@ -839,7 +834,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMADDR && remote_id != rm_id) continue; - if (rm_type == MPTCP_MIB_RMSUBFLOW && !mptcp_local_id_match(msk, id, rm_id)) + if (rm_type == MPTCP_MIB_RMSUBFLOW && id != rm_id) continue; pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u\n", @@ -1448,6 +1443,12 @@ static bool remove_anno_list_by_saddr(struct mptcp_sock *msk, return false; } +static u8 mptcp_endp_get_local_id(struct mptcp_sock *msk, + const struct mptcp_addr_info *addr) +{ + return msk->mpc_endpoint_id == addr->id ? 0 : addr->id; +} + static bool mptcp_pm_remove_anno_addr(struct mptcp_sock *msk, const struct mptcp_addr_info *addr, bool force) @@ -1455,7 +1456,7 @@ static bool mptcp_pm_remove_anno_addr(struct mptcp_sock *msk, struct mptcp_rm_list list = { .nr = 0 }; bool ret; - list.ids[list.nr++] = addr->id; + list.ids[list.nr++] = mptcp_endp_get_local_id(msk, addr); ret = remove_anno_list_by_saddr(msk, addr); if (ret || force) { @@ -1482,14 +1483,12 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, const struct mptcp_pm_addr_entry *entry) { const struct mptcp_addr_info *addr = &entry->addr; - struct mptcp_rm_list list = { .nr = 0 }; + struct mptcp_rm_list list = { .nr = 1 }; long s_slot = 0, s_num = 0; struct mptcp_sock *msk; pr_debug("remove_id=%d\n", addr->id); - list.ids[list.nr++] = addr->id; - while ((msk = mptcp_token_iter_next(net, &s_slot, &s_num)) != NULL) { struct sock *sk = (struct sock *)msk; bool remove_subflow; @@ -1507,6 +1506,7 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, mptcp_pm_remove_anno_addr(msk, addr, remove_subflow && !(entry->flags & MPTCP_PM_ADDR_FLAG_IMPLICIT)); + list.ids[0] = mptcp_endp_get_local_id(msk, addr); if (remove_subflow) { spin_lock_bh(&msk->pm.lock); mptcp_pm_nl_rm_subflow_received(msk, &list); @@ -1613,6 +1613,7 @@ int mptcp_pm_nl_del_addr_doit(struct sk_buff *skb, struct genl_info *info) return ret; } +/* Called from the userspace PM only */ void mptcp_pm_remove_addrs(struct mptcp_sock *msk, struct list_head *rm_list) { struct mptcp_rm_list alist = { .nr = 0 }; @@ -1641,6 +1642,7 @@ void mptcp_pm_remove_addrs(struct mptcp_sock *msk, struct list_head *rm_list) } } +/* Called from the in-kernel PM only */ static void mptcp_pm_remove_addrs_and_subflows(struct mptcp_sock *msk, struct list_head *rm_list) { @@ -1650,11 +1652,11 @@ static void mptcp_pm_remove_addrs_and_subflows(struct mptcp_sock *msk, list_for_each_entry(entry, rm_list, list) { if (slist.nr < MPTCP_RM_IDS_MAX && lookup_subflow_by_saddr(&msk->conn_list, &entry->addr)) - slist.ids[slist.nr++] = entry->addr.id; + slist.ids[slist.nr++] = mptcp_endp_get_local_id(msk, &entry->addr); if (alist.nr < MPTCP_RM_IDS_MAX && remove_anno_list_by_saddr(msk, &entry->addr)) - alist.ids[alist.nr++] = entry->addr.id; + alist.ids[alist.nr++] = mptcp_endp_get_local_id(msk, &entry->addr); } spin_lock_bh(&msk->pm.lock); @@ -1951,7 +1953,7 @@ static void mptcp_pm_nl_fullmesh(struct mptcp_sock *msk, { struct mptcp_rm_list list = { .nr = 0 }; - list.ids[list.nr++] = addr->id; + list.ids[list.nr++] = mptcp_endp_get_local_id(msk, addr); spin_lock_bh(&msk->pm.lock); mptcp_pm_nl_rm_subflow_received(msk, &list);

8 months

3
4
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: test for flush/re-add endpoints" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e06959e9eebdfea4654390f53b65cff57691872e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082618-wilt-deafness-0a89@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: e06959e9eebd ("selftests: mptcp: join: test for flush/re-add endpoints") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e06959e9eebdfea4654390f53b65cff57691872e Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:24 +0200 Subject: [PATCH] selftests: mptcp: join: test for flush/re-add endpoints After having flushed endpoints that didn't cause the creation of new subflows, it is important to check endpoints can be re-created, re-using previously used IDs. Before the previous commit, the client would not have been able to re-create the subflow that was previously rejected. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 06faa2271034 ("mptcp: remove multi addresses and subflows in PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-6-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index fbb0174145ad..f609c02c6123 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3651,6 +3651,36 @@ endpoint_tests() chk_rm_nr 2 1 invert fi + # flush and re-add + if reset_with_tcp_filter "flush re-add" ns2 10.0.3.2 REJECT OUTPUT && + mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 1 2 + # broadcast IP: no packet for this address will be received on ns1 + pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + test_linkfail=4 speed=20 \ + run_tests $ns1 $ns2 10.0.1.1 & + local tests_pid=$! + + wait_attempt_fail $ns2 + chk_subflow_nr "before flush" 1 + chk_mptcp_info subflows 0 subflows 0 + + pm_nl_flush_endpoint $ns2 + pm_nl_flush_endpoint $ns1 + wait_rm_addr $ns2 0 + ip netns exec "${ns2}" ${iptables} -D OUTPUT -s "10.0.3.2" -p tcp -j REJECT + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_mpj $ns2 + pm_nl_add_endpoint $ns1 10.0.3.1 id 2 flags signal + wait_mpj $ns2 + mptcp_lib_kill_wait $tests_pid + + chk_join_nr 2 2 2 + chk_add_nr 2 2 + chk_rm_nr 1 0 invert + fi } # [$1: error message]

8 months

3
4
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-using ID of unused ADD_ADDR" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a13d5aad4dd9a309eecdc33cfd75045bd5f376a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082626-habitat-punk-904d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: a13d5aad4dd9 ("selftests: mptcp: join: check re-using ID of unused ADD_ADDR") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a13d5aad4dd9a309eecdc33cfd75045bd5f376a3 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:20 +0200 Subject: [PATCH] selftests: mptcp: join: check re-using ID of unused ADD_ADDR This test extends "delete re-add signal" to validate the previous commit. An extra address is announced by the server, but this address cannot be used by the client. The result is that no subflow will be established to this address. Later, the server will delete this extra endpoint, and set a new one, with a valid address, but re-using the same ID. Before the previous commit, the server would not have been able to announce this new address. While at it, extra checks have been added to validate the expected numbers of MPJ, ADD_ADDR and RM_ADDR. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-2-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 9ea6d698e9d3..25077ccf31d2 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3601,9 +3601,11 @@ endpoint_tests() # remove and re-add if reset "delete re-add signal" && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then - pm_nl_set_limits $ns1 1 1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 2 2 pm_nl_add_endpoint $ns1 10.0.2.1 id 1 flags signal + # broadcast IP: no packet for this address will be received on ns1 + pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal test_linkfail=4 speed=20 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! @@ -3615,15 +3617,21 @@ endpoint_tests() chk_mptcp_info subflows 1 subflows 1 pm_nl_del_endpoint $ns1 1 10.0.2.1 + pm_nl_del_endpoint $ns1 2 224.0.0.1 sleep 0.5 chk_subflow_nr "after delete" 1 chk_mptcp_info subflows 0 subflows 0 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + pm_nl_add_endpoint $ns1 10.0.2.1 id 1 flags signal + pm_nl_add_endpoint $ns1 10.0.3.1 id 2 flags signal wait_mpj $ns2 - chk_subflow_nr "after re-add" 2 - chk_mptcp_info subflows 1 subflows 1 + chk_subflow_nr "after re-add" 3 + chk_mptcp_info subflows 2 subflows 2 mptcp_lib_kill_wait $tests_pid + + chk_join_nr 3 3 3 + chk_add_nr 4 4 + chk_rm_nr 2 1 invert fi }

8 months

3
2
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-adding init endp with != id" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1c2326fcae4f0c5de8ad0d734ced43a8e5f17dac # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083019-resurrect-iodine-5ad6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 1c2326fcae4f ("selftests: mptcp: join: check re-adding init endp with != id") a13d5aad4dd9 ("selftests: mptcp: join: check re-using ID of unused ADD_ADDR") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1c2326fcae4f0c5de8ad0d734ced43a8e5f17dac Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:30 +0200 Subject: [PATCH] selftests: mptcp: join: check re-adding init endp with != id The initial subflow has a special local ID: 0. It is specific per connection. When a global endpoint is deleted and re-added later, it can have a different ID, but the kernel should still use the ID 0 if it corresponds to the initial address. This test validates this behaviour: the endpoint linked to the initial subflow is removed, and re-added with a different ID. Note that removing the initial subflow will not decrement the 'subflows' counters, which corresponds to the *additional* subflows. On the other hand, when the same endpoint is re-added, it will increment this counter, as it will be seen as an additional subflow this time. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 8b4529ff15e5..75458ade32c7 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3627,11 +3627,12 @@ endpoint_tests() # remove and re-add if reset "delete re-add signal" && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then - pm_nl_set_limits $ns1 0 2 - pm_nl_set_limits $ns2 2 2 + pm_nl_set_limits $ns1 0 3 + pm_nl_set_limits $ns2 3 3 pm_nl_add_endpoint $ns1 10.0.2.1 id 1 flags signal # broadcast IP: no packet for this address will be received on ns1 pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal + pm_nl_add_endpoint $ns1 10.0.1.1 id 42 flags signal test_linkfail=4 speed=20 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! @@ -3653,11 +3654,21 @@ endpoint_tests() wait_mpj $ns2 chk_subflow_nr "after re-add" 3 chk_mptcp_info subflows 2 subflows 2 + + pm_nl_del_endpoint $ns1 42 10.0.1.1 + sleep 0.5 + chk_subflow_nr "after delete ID 0" 2 + chk_mptcp_info subflows 2 subflows 2 + + pm_nl_add_endpoint $ns1 10.0.1.1 id 99 flags signal + wait_mpj $ns2 + chk_subflow_nr "after re-add" 3 + chk_mptcp_info subflows 3 subflows 3 mptcp_lib_kill_wait $tests_pid - chk_join_nr 3 3 3 - chk_add_nr 4 4 - chk_rm_nr 2 1 invert + chk_join_nr 4 4 4 + chk_add_nr 5 5 + chk_rm_nr 3 2 invert fi # flush and re-add

8 months

3
2
0 0

FAILED: patch "[PATCH] mptcp: pr_debug: add missing \n at the end" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cb41b195e634d3f1ecfcd845314e64fd4bb3c7aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083020-quickness-xbox-e6f7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: cb41b195e634 ("mptcp: pr_debug: add missing \n at the end") 68cc924729ff ("mptcp: fix duplicate data handling") 89721e3038d1 ("Merge tag 'net-accept-more-20240515' of git://git.kernel.dk/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cb41b195e634d3f1ecfcd845314e64fd4bb3c7aa Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 26 Aug 2024 19:11:21 +0200 Subject: [PATCH] mptcp: pr_debug: add missing \n at the end pr_debug() have been added in various places in MPTCP code to help developers to debug some situations. With the dynamic debug feature, it is easy to enable all or some of them, and asks users to reproduce issues with extra debug. Many of these pr_debug() don't end with a new line, while no 'pr_cont()' are used in MPTCP code. So the goal was not to display multiple debug messages on one line: they were then not missing the '\n' on purpose. Not having the new line at the end causes these messages to be printed with a delay, when something else needs to be printed. This issue is not visible when many messages need to be printed, but it is annoying and confusing when only specific messages are expected, e.g. # echo "func mptcp_pm_add_addr_echoed +fmp" \ > /sys/kernel/debug/dynamic_debug/control # ./mptcp_join.sh "signal address"; \ echo "$(awk '{print $1}' /proc/uptime) - end"; \ sleep 5s; \ echo "$(awk '{print $1}' /proc/uptime) - restart"; \ ./mptcp_join.sh "signal address" 013 signal address (...) 10.75 - end 15.76 - restart 013 signal address [ 10.367935] mptcp:mptcp_pm_add_addr_echoed: MPTCP: msk=(...) (...) => a delay of 5 seconds: printed with a 10.36 ts, but after 'restart' which was printed at the 15.76 ts. The 'Fixes' tag here below points to the first pr_debug() used without '\n' in net/mptcp. This patch could be split in many small ones, with different Fixes tag, but it doesn't seem worth it, because it is easy to re-generate this patch with this simple 'sed' command: git grep -l pr_debug -- net/mptcp | xargs sed -i "s/$pr_debug(\".*[^n]$$\"[,)]$/\1\\\n\2/g" So in case of conflicts, simply drop the modifications, and launch this command. Fixes: f870fa0b5768 ("mptcp: Add MPTCP socket stubs") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240826-net-mptcp-close-extra-sf-fin-v1-4-905199f… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/fastopen.c b/net/mptcp/fastopen.c index ad28da655f8b..a29ff901df75 100644 --- a/net/mptcp/fastopen.c +++ b/net/mptcp/fastopen.c @@ -68,12 +68,12 @@ void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflo skb = skb_peek_tail(&sk->sk_receive_queue); if (skb) { WARN_ON_ONCE(MPTCP_SKB_CB(skb)->end_seq); - pr_debug("msk %p moving seq %llx -> %llx end_seq %llx -> %llx", sk, + pr_debug("msk %p moving seq %llx -> %llx end_seq %llx -> %llx\n", sk, MPTCP_SKB_CB(skb)->map_seq, MPTCP_SKB_CB(skb)->map_seq + msk->ack_seq, MPTCP_SKB_CB(skb)->end_seq, MPTCP_SKB_CB(skb)->end_seq + msk->ack_seq); MPTCP_SKB_CB(skb)->map_seq += msk->ack_seq; MPTCP_SKB_CB(skb)->end_seq += msk->ack_seq; } - pr_debug("msk=%p ack_seq=%llx", msk, msk->ack_seq); + pr_debug("msk=%p ack_seq=%llx\n", msk, msk->ack_seq); } diff --git a/net/mptcp/options.c b/net/mptcp/options.c index ac2f1a54cc43..370c3836b771 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -117,7 +117,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->suboptions |= OPTION_MPTCP_CSUMREQD; ptr += 2; } - pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d csum=%u", + pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d csum=%u\n", version, flags, opsize, mp_opt->sndr_key, mp_opt->rcvr_key, mp_opt->data_len, mp_opt->csum); break; @@ -131,7 +131,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 4; mp_opt->nonce = get_unaligned_be32(ptr); ptr += 4; - pr_debug("MP_JOIN bkup=%u, id=%u, token=%u, nonce=%u", + pr_debug("MP_JOIN bkup=%u, id=%u, token=%u, nonce=%u\n", mp_opt->backup, mp_opt->join_id, mp_opt->token, mp_opt->nonce); } else if (opsize == TCPOLEN_MPTCP_MPJ_SYNACK) { @@ -142,19 +142,19 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 8; mp_opt->nonce = get_unaligned_be32(ptr); ptr += 4; - pr_debug("MP_JOIN bkup=%u, id=%u, thmac=%llu, nonce=%u", + pr_debug("MP_JOIN bkup=%u, id=%u, thmac=%llu, nonce=%u\n", mp_opt->backup, mp_opt->join_id, mp_opt->thmac, mp_opt->nonce); } else if (opsize == TCPOLEN_MPTCP_MPJ_ACK) { mp_opt->suboptions |= OPTION_MPTCP_MPJ_ACK; ptr += 2; memcpy(mp_opt->hmac, ptr, MPTCPOPT_HMAC_LEN); - pr_debug("MP_JOIN hmac"); + pr_debug("MP_JOIN hmac\n"); } break; case MPTCPOPT_DSS: - pr_debug("DSS"); + pr_debug("DSS\n"); ptr++; /* we must clear 'mpc_map' be able to detect MP_CAPABLE @@ -169,7 +169,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->ack64 = (flags & MPTCP_DSS_ACK64) != 0; mp_opt->use_ack = (flags & MPTCP_DSS_HAS_ACK); - pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d", + pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d\n", mp_opt->data_fin, mp_opt->dsn64, mp_opt->use_map, mp_opt->ack64, mp_opt->use_ack); @@ -207,7 +207,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 4; } - pr_debug("data_ack=%llu", mp_opt->data_ack); + pr_debug("data_ack=%llu\n", mp_opt->data_ack); } if (mp_opt->use_map) { @@ -231,7 +231,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 2; } - pr_debug("data_seq=%llu subflow_seq=%u data_len=%u csum=%d:%u", + pr_debug("data_seq=%llu subflow_seq=%u data_len=%u csum=%d:%u\n", mp_opt->data_seq, mp_opt->subflow_seq, mp_opt->data_len, !!(mp_opt->suboptions & OPTION_MPTCP_CSUMREQD), mp_opt->csum); @@ -293,7 +293,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->ahmac = get_unaligned_be64(ptr); ptr += 8; } - pr_debug("ADD_ADDR%s: id=%d, ahmac=%llu, echo=%d, port=%d", + pr_debug("ADD_ADDR%s: id=%d, ahmac=%llu, echo=%d, port=%d\n", (mp_opt->addr.family == AF_INET6) ? "6" : "", mp_opt->addr.id, mp_opt->ahmac, mp_opt->echo, ntohs(mp_opt->addr.port)); break; @@ -309,7 +309,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->rm_list.nr = opsize - TCPOLEN_MPTCP_RM_ADDR_BASE; for (i = 0; i < mp_opt->rm_list.nr; i++) mp_opt->rm_list.ids[i] = *ptr++; - pr_debug("RM_ADDR: rm_list_nr=%d", mp_opt->rm_list.nr); + pr_debug("RM_ADDR: rm_list_nr=%d\n", mp_opt->rm_list.nr); break; case MPTCPOPT_MP_PRIO: @@ -318,7 +318,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->suboptions |= OPTION_MPTCP_PRIO; mp_opt->backup = *ptr++ & MPTCP_PRIO_BKUP; - pr_debug("MP_PRIO: prio=%d", mp_opt->backup); + pr_debug("MP_PRIO: prio=%d\n", mp_opt->backup); break; case MPTCPOPT_MP_FASTCLOSE: @@ -329,7 +329,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->rcvr_key = get_unaligned_be64(ptr); ptr += 8; mp_opt->suboptions |= OPTION_MPTCP_FASTCLOSE; - pr_debug("MP_FASTCLOSE: recv_key=%llu", mp_opt->rcvr_key); + pr_debug("MP_FASTCLOSE: recv_key=%llu\n", mp_opt->rcvr_key); break; case MPTCPOPT_RST: @@ -343,7 +343,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, flags = *ptr++; mp_opt->reset_transient = flags & MPTCP_RST_TRANSIENT; mp_opt->reset_reason = *ptr; - pr_debug("MP_RST: transient=%u reason=%u", + pr_debug("MP_RST: transient=%u reason=%u\n", mp_opt->reset_transient, mp_opt->reset_reason); break; @@ -354,7 +354,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 2; mp_opt->suboptions |= OPTION_MPTCP_FAIL; mp_opt->fail_seq = get_unaligned_be64(ptr); - pr_debug("MP_FAIL: data_seq=%llu", mp_opt->fail_seq); + pr_debug("MP_FAIL: data_seq=%llu\n", mp_opt->fail_seq); break; default: @@ -417,7 +417,7 @@ bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb, *size = TCPOLEN_MPTCP_MPC_SYN; return true; } else if (subflow->request_join) { - pr_debug("remote_token=%u, nonce=%u", subflow->remote_token, + pr_debug("remote_token=%u, nonce=%u\n", subflow->remote_token, subflow->local_nonce); opts->suboptions = OPTION_MPTCP_MPJ_SYN; opts->join_id = subflow->local_id; @@ -500,7 +500,7 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, *size = TCPOLEN_MPTCP_MPC_ACK; } - pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d", + pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d\n", subflow, subflow->local_key, subflow->remote_key, data_len); @@ -509,7 +509,7 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, opts->suboptions = OPTION_MPTCP_MPJ_ACK; memcpy(opts->hmac, subflow->hmac, MPTCPOPT_HMAC_LEN); *size = TCPOLEN_MPTCP_MPJ_ACK; - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); /* we can use the full delegate action helper only from BH context * If we are in process context - sk is flushing the backlog at @@ -675,7 +675,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * *size = len; if (drop_other_suboptions) { - pr_debug("drop other suboptions"); + pr_debug("drop other suboptions\n"); opts->suboptions = 0; /* note that e.g. DSS could have written into the memory @@ -695,7 +695,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * } else { MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_ECHOADDTX); } - pr_debug("addr_id=%d, ahmac=%llu, echo=%d, port=%d", + pr_debug("addr_id=%d, ahmac=%llu, echo=%d, port=%d\n", opts->addr.id, opts->ahmac, echo, ntohs(opts->addr.port)); return true; @@ -726,7 +726,7 @@ static bool mptcp_established_options_rm_addr(struct sock *sk, opts->rm_list = rm_list; for (i = 0; i < opts->rm_list.nr; i++) - pr_debug("rm_list_ids[%d]=%d", i, opts->rm_list.ids[i]); + pr_debug("rm_list_ids[%d]=%d\n", i, opts->rm_list.ids[i]); MPTCP_ADD_STATS(sock_net(sk), MPTCP_MIB_RMADDRTX, opts->rm_list.nr); return true; } @@ -752,7 +752,7 @@ static bool mptcp_established_options_mp_prio(struct sock *sk, opts->suboptions |= OPTION_MPTCP_PRIO; opts->backup = subflow->request_bkup; - pr_debug("prio=%d", opts->backup); + pr_debug("prio=%d\n", opts->backup); return true; } @@ -794,7 +794,7 @@ static bool mptcp_established_options_fastclose(struct sock *sk, opts->suboptions |= OPTION_MPTCP_FASTCLOSE; opts->rcvr_key = READ_ONCE(msk->remote_key); - pr_debug("FASTCLOSE key=%llu", opts->rcvr_key); + pr_debug("FASTCLOSE key=%llu\n", opts->rcvr_key); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPFASTCLOSETX); return true; } @@ -816,7 +816,7 @@ static bool mptcp_established_options_mp_fail(struct sock *sk, opts->suboptions |= OPTION_MPTCP_FAIL; opts->fail_seq = subflow->map_seq; - pr_debug("MP_FAIL fail_seq=%llu", opts->fail_seq); + pr_debug("MP_FAIL fail_seq=%llu\n", opts->fail_seq); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPFAILTX); return true; @@ -904,7 +904,7 @@ bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, opts->csum_reqd = subflow_req->csum_reqd; opts->allow_join_id0 = subflow_req->allow_join_id0; *size = TCPOLEN_MPTCP_MPC_SYNACK; - pr_debug("subflow_req=%p, local_key=%llu", + pr_debug("subflow_req=%p, local_key=%llu\n", subflow_req, subflow_req->local_key); return true; } else if (subflow_req->mp_join) { @@ -913,7 +913,7 @@ bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, opts->join_id = subflow_req->local_id; opts->thmac = subflow_req->thmac; opts->nonce = subflow_req->local_nonce; - pr_debug("req=%p, bkup=%u, id=%u, thmac=%llu, nonce=%u", + pr_debug("req=%p, bkup=%u, id=%u, thmac=%llu, nonce=%u\n", subflow_req, opts->backup, opts->join_id, opts->thmac, opts->nonce); *size = TCPOLEN_MPTCP_MPJ_SYNACK; diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 3e6e0f5510bb..3f8dbde243f1 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -19,7 +19,7 @@ int mptcp_pm_announce_addr(struct mptcp_sock *msk, { u8 add_addr = READ_ONCE(msk->pm.addr_signal); - pr_debug("msk=%p, local_id=%d, echo=%d", msk, addr->id, echo); + pr_debug("msk=%p, local_id=%d, echo=%d\n", msk, addr->id, echo); lockdep_assert_held(&msk->pm.lock); @@ -45,7 +45,7 @@ int mptcp_pm_remove_addr(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_ { u8 rm_addr = READ_ONCE(msk->pm.addr_signal); - pr_debug("msk=%p, rm_list_nr=%d", msk, rm_list->nr); + pr_debug("msk=%p, rm_list_nr=%d\n", msk, rm_list->nr); if (rm_addr) { MPTCP_ADD_STATS(sock_net((struct sock *)msk), @@ -66,7 +66,7 @@ void mptcp_pm_new_connection(struct mptcp_sock *msk, const struct sock *ssk, int { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p, token=%u side=%d", msk, READ_ONCE(msk->token), server_side); + pr_debug("msk=%p, token=%u side=%d\n", msk, READ_ONCE(msk->token), server_side); WRITE_ONCE(pm->server_side, server_side); mptcp_event(MPTCP_EVENT_CREATED, msk, ssk, GFP_ATOMIC); @@ -90,7 +90,7 @@ bool mptcp_pm_allow_new_subflow(struct mptcp_sock *msk) subflows_max = mptcp_pm_get_subflows_max(msk); - pr_debug("msk=%p subflows=%d max=%d allow=%d", msk, pm->subflows, + pr_debug("msk=%p subflows=%d max=%d allow=%d\n", msk, pm->subflows, subflows_max, READ_ONCE(pm->accept_subflow)); /* try to avoid acquiring the lock below */ @@ -114,7 +114,7 @@ bool mptcp_pm_allow_new_subflow(struct mptcp_sock *msk) static bool mptcp_pm_schedule_work(struct mptcp_sock *msk, enum mptcp_pm_status new_status) { - pr_debug("msk=%p status=%x new=%lx", msk, msk->pm.status, + pr_debug("msk=%p status=%x new=%lx\n", msk, msk->pm.status, BIT(new_status)); if (msk->pm.status & BIT(new_status)) return false; @@ -129,7 +129,7 @@ void mptcp_pm_fully_established(struct mptcp_sock *msk, const struct sock *ssk) struct mptcp_pm_data *pm = &msk->pm; bool announce = false; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&pm->lock); @@ -153,14 +153,14 @@ void mptcp_pm_fully_established(struct mptcp_sock *msk, const struct sock *ssk) void mptcp_pm_connection_closed(struct mptcp_sock *msk) { - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); } void mptcp_pm_subflow_established(struct mptcp_sock *msk) { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (!READ_ONCE(pm->work_pending)) return; @@ -212,7 +212,7 @@ void mptcp_pm_add_addr_received(const struct sock *ssk, struct mptcp_sock *msk = mptcp_sk(subflow->conn); struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p remote_id=%d accept=%d", msk, addr->id, + pr_debug("msk=%p remote_id=%d accept=%d\n", msk, addr->id, READ_ONCE(pm->accept_addr)); mptcp_event_addr_announced(ssk, addr); @@ -243,7 +243,7 @@ void mptcp_pm_add_addr_echoed(struct mptcp_sock *msk, { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&pm->lock); @@ -267,7 +267,7 @@ void mptcp_pm_rm_addr_received(struct mptcp_sock *msk, struct mptcp_pm_data *pm = &msk->pm; u8 i; - pr_debug("msk=%p remote_ids_nr=%d", msk, rm_list->nr); + pr_debug("msk=%p remote_ids_nr=%d\n", msk, rm_list->nr); for (i = 0; i < rm_list->nr; i++) mptcp_event_addr_removed(msk, rm_list->ids[i]); @@ -299,19 +299,19 @@ void mptcp_pm_mp_fail_received(struct sock *sk, u64 fail_seq) struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); struct mptcp_sock *msk = mptcp_sk(subflow->conn); - pr_debug("fail_seq=%llu", fail_seq); + pr_debug("fail_seq=%llu\n", fail_seq); if (!READ_ONCE(msk->allow_infinite_fallback)) return; if (!subflow->fail_tout) { - pr_debug("send MP_FAIL response and infinite map"); + pr_debug("send MP_FAIL response and infinite map\n"); subflow->send_mp_fail = 1; subflow->send_infinite_map = 1; tcp_send_ack(sk); } else { - pr_debug("MP_FAIL response received"); + pr_debug("MP_FAIL response received\n"); WRITE_ONCE(subflow->fail_tout, 0); } } diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 3e4ad801786f..8d2f97854c64 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -287,7 +287,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer) struct mptcp_sock *msk = entry->sock; struct sock *sk = (struct sock *)msk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (!msk) return; @@ -306,7 +306,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer) spin_lock_bh(&msk->pm.lock); if (!mptcp_pm_should_add_signal_addr(msk)) { - pr_debug("retransmit ADD_ADDR id=%d", entry->addr.id); + pr_debug("retransmit ADD_ADDR id=%d\n", entry->addr.id); mptcp_pm_announce_addr(msk, &entry->addr, false); mptcp_pm_add_addr_send_ack(msk); entry->retrans_times++; @@ -387,7 +387,7 @@ void mptcp_pm_free_anno_list(struct mptcp_sock *msk) struct sock *sk = (struct sock *)msk; LIST_HEAD(free_list); - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&msk->pm.lock); list_splice_init(&msk->pm.anno_list, &free_list); @@ -473,7 +473,7 @@ static void __mptcp_pm_send_ack(struct mptcp_sock *msk, struct mptcp_subflow_con struct sock *ssk = mptcp_subflow_tcp_sock(subflow); bool slow; - pr_debug("send ack for %s", + pr_debug("send ack for %s\n", prio ? "mp_prio" : (mptcp_pm_should_add_signal(msk) ? "add_addr" : "rm_addr")); slow = lock_sock_fast(ssk); @@ -708,7 +708,7 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) add_addr_accept_max = mptcp_pm_get_add_addr_accept_max(msk); subflows_max = mptcp_pm_get_subflows_max(msk); - pr_debug("accepted %d:%d remote family %d", + pr_debug("accepted %d:%d remote family %d\n", msk->pm.add_addr_accepted, add_addr_accept_max, msk->pm.remote.family); @@ -767,7 +767,7 @@ int mptcp_pm_nl_mp_prio_send_ack(struct mptcp_sock *msk, { struct mptcp_subflow_context *subflow; - pr_debug("bkup=%d", bkup); + pr_debug("bkup=%d\n", bkup); mptcp_for_each_subflow(msk, subflow) { struct sock *ssk = mptcp_subflow_tcp_sock(subflow); @@ -803,7 +803,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, struct sock *sk = (struct sock *)msk; u8 i; - pr_debug("%s rm_list_nr %d", + pr_debug("%s rm_list_nr %d\n", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", rm_list->nr); msk_owned_by_me(msk); @@ -832,7 +832,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMSUBFLOW && !mptcp_local_id_match(msk, id, rm_id)) continue; - pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u", + pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u\n", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", i, rm_id, id, remote_id, msk->mpc_endpoint_id); spin_unlock_bh(&msk->pm.lock); @@ -889,7 +889,7 @@ void mptcp_pm_nl_work(struct mptcp_sock *msk) spin_lock_bh(&msk->pm.lock); - pr_debug("msk=%p status=%x", msk, pm->status); + pr_debug("msk=%p status=%x\n", msk, pm->status); if (pm->status & BIT(MPTCP_PM_ADD_ADDR_RECEIVED)) { pm->status &= ~BIT(MPTCP_PM_ADD_ADDR_RECEIVED); mptcp_pm_nl_add_addr_received(msk); @@ -1476,7 +1476,7 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, long s_slot = 0, s_num = 0; struct mptcp_sock *msk; - pr_debug("remove_id=%d", addr->id); + pr_debug("remove_id=%d\n", addr->id); list.ids[list.nr++] = addr->id; diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 34fec753b9c1..b571fba88a2f 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -139,7 +139,7 @@ static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to, !skb_try_coalesce(to, from, &fragstolen, &delta)) return false; - pr_debug("colesced seq %llx into %llx new len %d new end seq %llx", + pr_debug("colesced seq %llx into %llx new len %d new end seq %llx\n", MPTCP_SKB_CB(from)->map_seq, MPTCP_SKB_CB(to)->map_seq, to->len, MPTCP_SKB_CB(from)->end_seq); MPTCP_SKB_CB(to)->end_seq = MPTCP_SKB_CB(from)->end_seq; @@ -217,7 +217,7 @@ static void mptcp_data_queue_ofo(struct mptcp_sock *msk, struct sk_buff *skb) end_seq = MPTCP_SKB_CB(skb)->end_seq; max_seq = atomic64_read(&msk->rcv_wnd_sent); - pr_debug("msk=%p seq=%llx limit=%llx empty=%d", msk, seq, max_seq, + pr_debug("msk=%p seq=%llx limit=%llx empty=%d\n", msk, seq, max_seq, RB_EMPTY_ROOT(&msk->out_of_order_queue)); if (after64(end_seq, max_seq)) { /* out of window */ @@ -643,7 +643,7 @@ static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, } } - pr_debug("msk=%p ssk=%p", msk, ssk); + pr_debug("msk=%p ssk=%p\n", msk, ssk); tp = tcp_sk(ssk); do { u32 map_remaining, offset; @@ -724,7 +724,7 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) u64 end_seq; p = rb_first(&msk->out_of_order_queue); - pr_debug("msk=%p empty=%d", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue)); + pr_debug("msk=%p empty=%d\n", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue)); while (p) { skb = rb_to_skb(p); if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq)) @@ -746,7 +746,7 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) int delta = msk->ack_seq - MPTCP_SKB_CB(skb)->map_seq; /* skip overlapping data, if any */ - pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d", + pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d\n", MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq, delta); MPTCP_SKB_CB(skb)->offset += delta; @@ -1240,7 +1240,7 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, size_t copy; int i; - pr_debug("msk=%p ssk=%p sending dfrag at seq=%llu len=%u already sent=%u", + pr_debug("msk=%p ssk=%p sending dfrag at seq=%llu len=%u already sent=%u\n", msk, ssk, dfrag->data_seq, dfrag->data_len, info->sent); if (WARN_ON_ONCE(info->sent > info->limit || @@ -1341,7 +1341,7 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, mpext->use_map = 1; mpext->dsn64 = 1; - pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d", + pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d\n", mpext->data_seq, mpext->subflow_seq, mpext->data_len, mpext->dsn64); @@ -1892,7 +1892,7 @@ static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (!msk->first_pending) WRITE_ONCE(msk->first_pending, dfrag); } - pr_debug("msk=%p dfrag at seq=%llu len=%u sent=%u new=%d", msk, + pr_debug("msk=%p dfrag at seq=%llu len=%u sent=%u new=%d\n", msk, dfrag->data_seq, dfrag->data_len, dfrag->already_sent, !dfrag_collapsed); @@ -2248,7 +2248,7 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, } } - pr_debug("block timeout %ld", timeo); + pr_debug("block timeout %ld\n", timeo); sk_wait_data(sk, &timeo, NULL); } @@ -2264,7 +2264,7 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, } } - pr_debug("msk=%p rx queue empty=%d:%d copied=%d", + pr_debug("msk=%p rx queue empty=%d:%d copied=%d\n", msk, skb_queue_empty_lockless(&sk->sk_receive_queue), skb_queue_empty(&msk->receive_queue), copied); if (!(flags & MSG_PEEK)) @@ -2717,7 +2717,7 @@ static void mptcp_mp_fail_no_response(struct mptcp_sock *msk) if (!ssk) return; - pr_debug("MP_FAIL doesn't respond, reset the subflow"); + pr_debug("MP_FAIL doesn't respond, reset the subflow\n"); slow = lock_sock_fast(ssk); mptcp_subflow_reset(ssk); @@ -2891,7 +2891,7 @@ void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how) break; default: if (__mptcp_check_fallback(mptcp_sk(sk))) { - pr_debug("Fallback"); + pr_debug("Fallback\n"); ssk->sk_shutdown |= how; tcp_shutdown(ssk, how); @@ -2901,7 +2901,7 @@ void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how) WRITE_ONCE(mptcp_sk(sk)->snd_una, mptcp_sk(sk)->snd_nxt); mptcp_schedule_work(sk); } else { - pr_debug("Sending DATA_FIN on subflow %p", ssk); + pr_debug("Sending DATA_FIN on subflow %p\n", ssk); tcp_send_ack(ssk); if (!mptcp_rtx_timer_pending(sk)) mptcp_reset_rtx_timer(sk); @@ -2967,7 +2967,7 @@ static void mptcp_check_send_data_fin(struct sock *sk) struct mptcp_subflow_context *subflow; struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p snd_data_fin_enable=%d pending=%d snd_nxt=%llu write_seq=%llu", + pr_debug("msk=%p snd_data_fin_enable=%d pending=%d snd_nxt=%llu write_seq=%llu\n", msk, msk->snd_data_fin_enable, !!mptcp_send_head(sk), msk->snd_nxt, msk->write_seq); @@ -2991,7 +2991,7 @@ static void __mptcp_wr_shutdown(struct sock *sk) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p snd_data_fin_enable=%d shutdown=%x state=%d pending=%d", + pr_debug("msk=%p snd_data_fin_enable=%d shutdown=%x state=%d pending=%d\n", msk, msk->snd_data_fin_enable, sk->sk_shutdown, sk->sk_state, !!mptcp_send_head(sk)); @@ -3006,7 +3006,7 @@ static void __mptcp_destroy_sock(struct sock *sk) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); might_sleep(); @@ -3114,7 +3114,7 @@ bool __mptcp_close(struct sock *sk, long timeout) mptcp_set_state(sk, TCP_CLOSE); sock_hold(sk); - pr_debug("msk=%p state=%d", sk, sk->sk_state); + pr_debug("msk=%p state=%d\n", sk, sk->sk_state); if (msk->token) mptcp_event(MPTCP_EVENT_CLOSED, msk, NULL, GFP_KERNEL); @@ -3546,7 +3546,7 @@ static int mptcp_get_port(struct sock *sk, unsigned short snum) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p, ssk=%p", msk, msk->first); + pr_debug("msk=%p, ssk=%p\n", msk, msk->first); if (WARN_ON_ONCE(!msk->first)) return -EINVAL; @@ -3563,7 +3563,7 @@ void mptcp_finish_connect(struct sock *ssk) sk = subflow->conn; msk = mptcp_sk(sk); - pr_debug("msk=%p, token=%u", sk, subflow->token); + pr_debug("msk=%p, token=%u\n", sk, subflow->token); subflow->map_seq = subflow->iasn; subflow->map_subflow_seq = 1; @@ -3592,7 +3592,7 @@ bool mptcp_finish_join(struct sock *ssk) struct sock *parent = (void *)msk; bool ret = true; - pr_debug("msk=%p, subflow=%p", msk, subflow); + pr_debug("msk=%p, subflow=%p\n", msk, subflow); /* mptcp socket already closing? */ if (!mptcp_is_fully_established(parent)) { @@ -3638,7 +3638,7 @@ bool mptcp_finish_join(struct sock *ssk) static void mptcp_shutdown(struct sock *sk, int how) { - pr_debug("sk=%p, how=%d", sk, how); + pr_debug("sk=%p, how=%d\n", sk, how); if ((how & SEND_SHUTDOWN) && mptcp_close_state(sk)) __mptcp_wr_shutdown(sk); @@ -3859,7 +3859,7 @@ static int mptcp_listen(struct socket *sock, int backlog) struct sock *ssk; int err; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); lock_sock(sk); @@ -3898,7 +3898,7 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, struct mptcp_sock *msk = mptcp_sk(sock->sk); struct sock *ssk, *newsk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); /* Buggy applications can call accept on socket states other then LISTEN * but no need to allocate the first subflow just to error out. @@ -3907,12 +3907,12 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, if (!ssk) return -EINVAL; - pr_debug("ssk=%p, listener=%p", ssk, mptcp_subflow_ctx(ssk)); + pr_debug("ssk=%p, listener=%p\n", ssk, mptcp_subflow_ctx(ssk)); newsk = inet_csk_accept(ssk, arg); if (!newsk) return arg->err; - pr_debug("newsk=%p, subflow is mptcp=%d", newsk, sk_is_mptcp(newsk)); + pr_debug("newsk=%p, subflow is mptcp=%d\n", newsk, sk_is_mptcp(newsk)); if (sk_is_mptcp(newsk)) { struct mptcp_subflow_context *subflow; struct sock *new_mptcp_sock; @@ -4005,7 +4005,7 @@ static __poll_t mptcp_poll(struct file *file, struct socket *sock, sock_poll_wait(file, sock, wait); state = inet_sk_state_load(sk); - pr_debug("msk=%p state=%d flags=%lx", msk, state, msk->flags); + pr_debug("msk=%p state=%d flags=%lx\n", msk, state, msk->flags); if (state == TCP_LISTEN) { struct sock *ssk = READ_ONCE(msk->first); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index a1c1b0ff1ce1..240d7c2ea551 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1177,7 +1177,7 @@ static inline bool mptcp_check_fallback(const struct sock *sk) static inline void __mptcp_do_fallback(struct mptcp_sock *msk) { if (__mptcp_check_fallback(msk)) { - pr_debug("TCP fallback already done (msk=%p)", msk); + pr_debug("TCP fallback already done (msk=%p)\n", msk); return; } set_bit(MPTCP_FALLBACK_DONE, &msk->flags); @@ -1213,7 +1213,7 @@ static inline void mptcp_do_fallback(struct sock *ssk) } } -#define pr_fallback(a) pr_debug("%s:fallback to TCP (msk=%p)", __func__, a) +#define pr_fallback(a) pr_debug("%s:fallback to TCP (msk=%p)\n", __func__, a) static inline bool mptcp_check_infinite_map(struct sk_buff *skb) { diff --git a/net/mptcp/sched.c b/net/mptcp/sched.c index 4a7fd0508ad2..78ed508ebc1b 100644 --- a/net/mptcp/sched.c +++ b/net/mptcp/sched.c @@ -86,7 +86,7 @@ int mptcp_register_scheduler(struct mptcp_sched_ops *sched) list_add_tail_rcu(&sched->list, &mptcp_sched_list); spin_unlock(&mptcp_sched_list_lock); - pr_debug("%s registered", sched->name); + pr_debug("%s registered\n", sched->name); return 0; } @@ -118,7 +118,7 @@ int mptcp_init_sched(struct mptcp_sock *msk, if (msk->sched->init) msk->sched->init(msk); - pr_debug("sched=%s", msk->sched->name); + pr_debug("sched=%s\n", msk->sched->name); return 0; } diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index 2026a9a36f80..505445a9598f 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -873,7 +873,7 @@ int mptcp_setsockopt(struct sock *sk, int level, int optname, struct mptcp_sock *msk = mptcp_sk(sk); struct sock *ssk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (level == SOL_SOCKET) return mptcp_setsockopt_sol_socket(msk, optname, optval, optlen); @@ -1453,7 +1453,7 @@ int mptcp_getsockopt(struct sock *sk, int level, int optname, struct mptcp_sock *msk = mptcp_sk(sk); struct sock *ssk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); /* @@ the meaning of setsockopt() when the socket is connected and * there are multiple subflows is not yet defined. It is up to the diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 4834e7fc2fb6..064ab3235893 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -39,7 +39,7 @@ static void subflow_req_destructor(struct request_sock *req) { struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); - pr_debug("subflow_req=%p", subflow_req); + pr_debug("subflow_req=%p\n", subflow_req); if (subflow_req->msk) sock_put((struct sock *)subflow_req->msk); @@ -146,7 +146,7 @@ static int subflow_check_req(struct request_sock *req, struct mptcp_options_received mp_opt; bool opt_mp_capable, opt_mp_join; - pr_debug("subflow_req=%p, listener=%p", subflow_req, listener); + pr_debug("subflow_req=%p, listener=%p\n", subflow_req, listener); #ifdef CONFIG_TCP_MD5SIG /* no MPTCP if MD5SIG is enabled on this socket or we may run out of @@ -221,7 +221,7 @@ static int subflow_check_req(struct request_sock *req, } if (subflow_use_different_sport(subflow_req->msk, sk_listener)) { - pr_debug("syn inet_sport=%d %d", + pr_debug("syn inet_sport=%d %d\n", ntohs(inet_sk(sk_listener)->inet_sport), ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport)); if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, sk_listener)) { @@ -243,7 +243,7 @@ static int subflow_check_req(struct request_sock *req, subflow_init_req_cookie_join_save(subflow_req, skb); } - pr_debug("token=%u, remote_nonce=%u msk=%p", subflow_req->token, + pr_debug("token=%u, remote_nonce=%u msk=%p\n", subflow_req->token, subflow_req->remote_nonce, subflow_req->msk); } @@ -527,7 +527,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->rel_write_seq = 1; subflow->conn_finished = 1; subflow->ssn_offset = TCP_SKB_CB(skb)->seq; - pr_debug("subflow=%p synack seq=%x", subflow, subflow->ssn_offset); + pr_debug("subflow=%p synack seq=%x\n", subflow, subflow->ssn_offset); mptcp_get_options(skb, &mp_opt); if (subflow->request_mptcp) { @@ -559,7 +559,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->thmac = mp_opt.thmac; subflow->remote_nonce = mp_opt.nonce; WRITE_ONCE(subflow->remote_id, mp_opt.join_id); - pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u backup=%d", + pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u backup=%d\n", subflow, subflow->thmac, subflow->remote_nonce, subflow->backup); @@ -585,7 +585,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINSYNACKBACKUPRX); if (subflow_use_different_dport(msk, sk)) { - pr_debug("synack inet_dport=%d %d", + pr_debug("synack inet_dport=%d %d\n", ntohs(inet_sk(sk)->inet_dport), ntohs(inet_sk(parent)->inet_dport)); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINPORTSYNACKRX); @@ -655,7 +655,7 @@ static int subflow_v4_conn_request(struct sock *sk, struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); /* Never answer to SYNs sent to broadcast or multicast */ if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) @@ -686,7 +686,7 @@ static int subflow_v6_conn_request(struct sock *sk, struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); if (skb->protocol == htons(ETH_P_IP)) return subflow_v4_conn_request(sk, skb); @@ -807,7 +807,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, struct mptcp_sock *owner; struct sock *child; - pr_debug("listener=%p, req=%p, conn=%p", listener, req, listener->conn); + pr_debug("listener=%p, req=%p, conn=%p\n", listener, req, listener->conn); /* After child creation we must look for MPC even when options * are not parsed @@ -898,7 +898,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, ctx->conn = (struct sock *)owner; if (subflow_use_different_sport(owner, sk)) { - pr_debug("ack inet_sport=%d %d", + pr_debug("ack inet_sport=%d %d\n", ntohs(inet_sk(sk)->inet_sport), ntohs(inet_sk((struct sock *)owner)->inet_sport)); if (!mptcp_pm_sport_in_anno_list(owner, sk)) { @@ -961,7 +961,7 @@ enum mapping_status { static void dbg_bad_map(struct mptcp_subflow_context *subflow, u32 ssn) { - pr_debug("Bad mapping: ssn=%d map_seq=%d map_data_len=%d", + pr_debug("Bad mapping: ssn=%d map_seq=%d map_data_len=%d\n", ssn, subflow->map_subflow_seq, subflow->map_data_len); } @@ -1121,7 +1121,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, data_len = mpext->data_len; if (data_len == 0) { - pr_debug("infinite mapping received"); + pr_debug("infinite mapping received\n"); MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_INFINITEMAPRX); subflow->map_data_len = 0; return MAPPING_INVALID; @@ -1133,7 +1133,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, if (data_len == 1) { bool updated = mptcp_update_rcv_data_fin(msk, mpext->data_seq, mpext->dsn64); - pr_debug("DATA_FIN with no payload seq=%llu", mpext->data_seq); + pr_debug("DATA_FIN with no payload seq=%llu\n", mpext->data_seq); if (subflow->map_valid) { /* A DATA_FIN might arrive in a DSS * option before the previous mapping @@ -1159,7 +1159,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, data_fin_seq &= GENMASK_ULL(31, 0); mptcp_update_rcv_data_fin(msk, data_fin_seq, mpext->dsn64); - pr_debug("DATA_FIN with mapping seq=%llu dsn64=%d", + pr_debug("DATA_FIN with mapping seq=%llu dsn64=%d\n", data_fin_seq, mpext->dsn64); /* Adjust for DATA_FIN using 1 byte of sequence space */ @@ -1205,7 +1205,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, if (unlikely(subflow->map_csum_reqd != csum_reqd)) return MAPPING_INVALID; - pr_debug("new map seq=%llu subflow_seq=%u data_len=%u csum=%d:%u", + pr_debug("new map seq=%llu subflow_seq=%u data_len=%u csum=%d:%u\n", subflow->map_seq, subflow->map_subflow_seq, subflow->map_data_len, subflow->map_csum_reqd, subflow->map_data_csum); @@ -1240,7 +1240,7 @@ static void mptcp_subflow_discard_data(struct sock *ssk, struct sk_buff *skb, avail_len = skb->len - offset; incr = limit >= avail_len ? avail_len + fin : limit; - pr_debug("discarding=%d len=%d offset=%d seq=%d", incr, skb->len, + pr_debug("discarding=%d len=%d offset=%d seq=%d\n", incr, skb->len, offset, subflow->map_subflow_seq); MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_DUPDATA); tcp_sk(ssk)->copied_seq += incr; @@ -1341,7 +1341,7 @@ static bool subflow_check_data_avail(struct sock *ssk) old_ack = READ_ONCE(msk->ack_seq); ack_seq = mptcp_subflow_get_mapped_dsn(subflow); - pr_debug("msk ack_seq=%llx subflow ack_seq=%llx", old_ack, + pr_debug("msk ack_seq=%llx subflow ack_seq=%llx\n", old_ack, ack_seq); if (unlikely(before64(ack_seq, old_ack))) { mptcp_subflow_discard_data(ssk, skb, old_ack - ack_seq); @@ -1413,7 +1413,7 @@ bool mptcp_subflow_data_available(struct sock *sk) subflow->map_valid = 0; WRITE_ONCE(subflow->data_avail, false); - pr_debug("Done with mapping: seq=%u data_len=%u", + pr_debug("Done with mapping: seq=%u data_len=%u\n", subflow->map_subflow_seq, subflow->map_data_len); } @@ -1523,7 +1523,7 @@ void mptcpv6_handle_mapped(struct sock *sk, bool mapped) target = mapped ? &subflow_v6m_specific : subflow_default_af_ops(sk); - pr_debug("subflow=%p family=%d ops=%p target=%p mapped=%d", + pr_debug("subflow=%p family=%d ops=%p target=%p mapped=%d\n", subflow, sk->sk_family, icsk->icsk_af_ops, target, mapped); if (likely(icsk->icsk_af_ops == target)) @@ -1616,7 +1616,7 @@ int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc, goto failed; mptcp_crypto_key_sha(subflow->remote_key, &remote_token, NULL); - pr_debug("msk=%p remote_token=%u local_id=%d remote_id=%d", msk, + pr_debug("msk=%p remote_token=%u local_id=%d remote_id=%d\n", msk, remote_token, local_id, remote_id); subflow->remote_token = remote_token; WRITE_ONCE(subflow->remote_id, remote_id); @@ -1751,7 +1751,7 @@ int mptcp_subflow_create_socket(struct sock *sk, unsigned short family, SOCK_INODE(sf)->i_gid = SOCK_INODE(sk->sk_socket)->i_gid; subflow = mptcp_subflow_ctx(sf->sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); *new_sock = sf; sock_hold(sk); @@ -1780,7 +1780,7 @@ static struct mptcp_subflow_context *subflow_create_ctx(struct sock *sk, INIT_LIST_HEAD(&ctx->node); INIT_LIST_HEAD(&ctx->delegated_node); - pr_debug("subflow=%p", ctx); + pr_debug("subflow=%p\n", ctx); ctx->tcp_sock = sk; WRITE_ONCE(ctx->local_id, -1); @@ -1931,7 +1931,7 @@ static int subflow_ulp_init(struct sock *sk) goto out; } - pr_debug("subflow=%p, family=%d", ctx, sk->sk_family); + pr_debug("subflow=%p, family=%d\n", ctx, sk->sk_family); tp->is_mptcp = 1; ctx->icsk_af_ops = icsk->icsk_af_ops;

8 months

3
2
0 0

FAILED: patch "[PATCH] mptcp: pm: fullmesh: select the right ID later" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 09355f7abb9fbfc1a240be029837921ea417bf4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082640-recognize-omega-3192@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 09355f7abb9f ("mptcp: pm: fullmesh: select the right ID later") b9d69db87fb7 ("mptcp: let the in-kernel PM use mixed IPv4 and IPv6 addresses") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 09355f7abb9fbfc1a240be029837921ea417bf4f Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:30 +0200 Subject: [PATCH] mptcp: pm: fullmesh: select the right ID later When reacting upon the reception of an ADD_ADDR, the in-kernel PM first looks for fullmesh endpoints. If there are some, it will pick them, using their entry ID. It should set the ID 0 when using the endpoint corresponding to the initial subflow, it is a special case imposed by the MPTCP specs. Note that msk->mpc_endpoint_id might not be set when receiving the first ADD_ADDR from the server. So better to compare the addresses. Fixes: 1a0d6136c5f0 ("mptcp: local addresses fullmesh") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-12-38035d40de5… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index d0a80f537fc3..a2e37ab1c40f 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -636,6 +636,7 @@ static unsigned int fill_local_addresses_vec(struct mptcp_sock *msk, { struct sock *sk = (struct sock *)msk; struct mptcp_pm_addr_entry *entry; + struct mptcp_addr_info mpc_addr; struct pm_nl_pernet *pernet; unsigned int subflows_max; int i = 0; @@ -643,6 +644,8 @@ static unsigned int fill_local_addresses_vec(struct mptcp_sock *msk, pernet = pm_nl_get_pernet_from_msk(msk); subflows_max = mptcp_pm_get_subflows_max(msk); + mptcp_local_address((struct sock_common *)msk, &mpc_addr); + rcu_read_lock(); list_for_each_entry_rcu(entry, &pernet->local_addr_list, list) { if (!(entry->flags & MPTCP_PM_ADDR_FLAG_FULLMESH)) @@ -653,7 +656,13 @@ static unsigned int fill_local_addresses_vec(struct mptcp_sock *msk, if (msk->pm.subflows < subflows_max) { msk->pm.subflows++; - addrs[i++] = entry->addr; + addrs[i] = entry->addr; + + /* Special case for ID0: set the correct ID */ + if (mptcp_addresses_equal(&entry->addr, &mpc_addr, entry->addr.port)) + addrs[i].id = 0; + + i++; } } rcu_read_unlock();

8 months

3
2
0 0

FAILED: patch "[PATCH] mptcp: pm: avoid possible UaF when selecting endp" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 48e50dcbcbaaf713d82bf2da5c16aeced94ad07d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082656-bamboo-skinless-9366@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 48e50dcbcbaa ("mptcp: pm: avoid possible UaF when selecting endp") 85df533a787b ("mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set") cd7c957f936f ("mptcp: pm: don't try to create sf if alloc failed") c95eb32ced82 ("mptcp: pm: reduce indentation blocks") 528cb5f2a1e8 ("mptcp: pass addr to mptcp_pm_alloc_anno_list") 77e4b94a3de6 ("mptcp: update userspace pm infos") 24430f8bf516 ("mptcp: add address into userspace pm list") b9d69db87fb7 ("mptcp: let the in-kernel PM use mixed IPv4 and IPv6 addresses") fb00ee4f3343 ("mptcp: netlink: respect v4/v6-only sockets") 80638684e840 ("mptcp: get sk from msk directly") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 48e50dcbcbaaf713d82bf2da5c16aeced94ad07d Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:32 +0200 Subject: [PATCH] mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, reading info could cause a Use-after-Free. A simple solution is to copy the required info while inside the RCU protected section to avoid any risk of UaF later. The address ID might need to be modified later to handle the ID0 case later, so a copy seems OK to deal with. Reported-by: Paolo Abeni <pabeni(a)redhat.com> Closes: https://lore.kernel.org/45cd30d3-7710-491c-ae4d-a1368c00beb1@redhat.com Fixes: 01cacb00b35c ("mptcp: add netlink-based PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-14-38035d40de5… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index a2e37ab1c40f..3e4ad801786f 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -143,11 +143,13 @@ static bool lookup_subflow_by_daddr(const struct list_head *list, return false; } -static struct mptcp_pm_addr_entry * +static bool select_local_address(const struct pm_nl_pernet *pernet, - const struct mptcp_sock *msk) + const struct mptcp_sock *msk, + struct mptcp_pm_addr_entry *new_entry) { - struct mptcp_pm_addr_entry *entry, *ret = NULL; + struct mptcp_pm_addr_entry *entry; + bool found = false; msk_owned_by_me(msk); @@ -159,17 +161,21 @@ select_local_address(const struct pm_nl_pernet *pernet, if (!test_bit(entry->addr.id, msk->pm.id_avail_bitmap)) continue; - ret = entry; + *new_entry = *entry; + found = true; break; } rcu_read_unlock(); - return ret; + + return found; } -static struct mptcp_pm_addr_entry * -select_signal_address(struct pm_nl_pernet *pernet, const struct mptcp_sock *msk) +static bool +select_signal_address(struct pm_nl_pernet *pernet, const struct mptcp_sock *msk, + struct mptcp_pm_addr_entry *new_entry) { - struct mptcp_pm_addr_entry *entry, *ret = NULL; + struct mptcp_pm_addr_entry *entry; + bool found = false; rcu_read_lock(); /* do not keep any additional per socket state, just signal @@ -184,11 +190,13 @@ select_signal_address(struct pm_nl_pernet *pernet, const struct mptcp_sock *msk) if (!(entry->flags & MPTCP_PM_ADDR_FLAG_SIGNAL)) continue; - ret = entry; + *new_entry = *entry; + found = true; break; } rcu_read_unlock(); - return ret; + + return found; } unsigned int mptcp_pm_get_add_addr_signal_max(const struct mptcp_sock *msk) @@ -512,9 +520,10 @@ __lookup_addr(struct pm_nl_pernet *pernet, const struct mptcp_addr_info *info) static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) { - struct mptcp_pm_addr_entry *local, *signal_and_subflow = NULL; struct sock *sk = (struct sock *)msk; + struct mptcp_pm_addr_entry local; unsigned int add_addr_signal_max; + bool signal_and_subflow = false; unsigned int local_addr_max; struct pm_nl_pernet *pernet; unsigned int subflows_max; @@ -565,23 +574,22 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) if (msk->pm.addr_signal & BIT(MPTCP_ADD_ADDR_SIGNAL)) return; - local = select_signal_address(pernet, msk); - if (!local) + if (!select_signal_address(pernet, msk, &local)) goto subflow; /* If the alloc fails, we are on memory pressure, not worth * continuing, and trying to create subflows. */ - if (!mptcp_pm_alloc_anno_list(msk, &local->addr)) + if (!mptcp_pm_alloc_anno_list(msk, &local.addr)) return; - __clear_bit(local->addr.id, msk->pm.id_avail_bitmap); + __clear_bit(local.addr.id, msk->pm.id_avail_bitmap); msk->pm.add_addr_signaled++; - mptcp_pm_announce_addr(msk, &local->addr, false); + mptcp_pm_announce_addr(msk, &local.addr, false); mptcp_pm_nl_addr_send_ack(msk); - if (local->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) - signal_and_subflow = local; + if (local.flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) + signal_and_subflow = true; } subflow: @@ -592,26 +600,22 @@ static void mptcp_pm_create_subflow_or_signal_addr(struct mptcp_sock *msk) bool fullmesh; int i, nr; - if (signal_and_subflow) { - local = signal_and_subflow; - signal_and_subflow = NULL; - } else { - local = select_local_address(pernet, msk); - if (!local) - break; - } + if (signal_and_subflow) + signal_and_subflow = false; + else if (!select_local_address(pernet, msk, &local)) + break; - fullmesh = !!(local->flags & MPTCP_PM_ADDR_FLAG_FULLMESH); + fullmesh = !!(local.flags & MPTCP_PM_ADDR_FLAG_FULLMESH); msk->pm.local_addr_used++; - __clear_bit(local->addr.id, msk->pm.id_avail_bitmap); - nr = fill_remote_addresses_vec(msk, &local->addr, fullmesh, addrs); + __clear_bit(local.addr.id, msk->pm.id_avail_bitmap); + nr = fill_remote_addresses_vec(msk, &local.addr, fullmesh, addrs); if (nr == 0) continue; spin_unlock_bh(&msk->pm.lock); for (i = 0; i < nr; i++) - __mptcp_subflow_connect(sk, &local->addr, &addrs[i]); + __mptcp_subflow_connect(sk, &local.addr, &addrs[i]); spin_lock_bh(&msk->pm.lock); } mptcp_pm_nl_check_work_pending(msk);

8 months

3
7
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: validate fullmesh endp on 1st sf" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4878f9f8421f4587bee7b232c1c8a9d3a7d4d782 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082645-hurled-surprise-0a7c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 4878f9f8421f ("selftests: mptcp: join: validate fullmesh endp on 1st sf") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") ae947bb2c253 ("selftests: mptcp: join: skip Fastclose tests if not supported") d4c81bbb8600 ("selftests: mptcp: join: support local endpoint being tracked or not") 4a0b866a3f7d ("selftests: mptcp: join: skip test if iptables/tc cmds fail") 0c4cd3f86a40 ("selftests: mptcp: join: use 'iptables-legacy' if available") 6c160b636c91 ("selftests: mptcp: update userspace pm subflow tests") 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") 8697a258ae24 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4878f9f8421f4587bee7b232c1c8a9d3a7d4d782 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:31 +0200 Subject: [PATCH] selftests: mptcp: join: validate fullmesh endp on 1st sf This case was not covered, and the wrong ID was set before the previous commit. The rest is not modified, it is just that it will increase the code coverage. The right address ID can be verified by looking at the packet traces. We could automate that using Netfilter with some cBPF code for example, but that's always a bit cryptic. Packetdrill seems better fitted for that. Fixes: 4f49d63352da ("selftests: mptcp: add fullmesh testcases") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-13-38035d40de5… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index f609c02c6123..89e553e0e0c2 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3059,6 +3059,7 @@ fullmesh_tests() pm_nl_set_limits $ns1 1 3 pm_nl_set_limits $ns2 1 3 pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + pm_nl_add_endpoint $ns2 10.0.1.2 flags subflow,fullmesh fullmesh=1 speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 3 3 3

8 months

3
2
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-using ID of closed subflow" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 65fb58afa341ad68e71e5c4d816b407e6a683a66 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082600-chokehold-shininess-0f20@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 65fb58afa341 ("selftests: mptcp: join: check re-using ID of closed subflow") 04b57c9e096a ("selftests: mptcp: join: stop transfer when check is done (part 2)") b9fb176081fb ("selftests: mptcp: userspace pm send RM_ADDR for ID 0") e3b47e460b4b ("selftests: mptcp: userspace pm remove initial subflow") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") d7ced753aa85 ("selftests: mptcp: check subflow and addr infos") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") 36c4127ae8dd ("selftests: mptcp: join: skip implicit tests if not supported") ae947bb2c253 ("selftests: mptcp: join: skip Fastclose tests if not supported") d4c81bbb8600 ("selftests: mptcp: join: support local endpoint being tracked or not") 4a0b866a3f7d ("selftests: mptcp: join: skip test if iptables/tc cmds fail") 0c4cd3f86a40 ("selftests: mptcp: join: use 'iptables-legacy' if available") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 65fb58afa341ad68e71e5c4d816b407e6a683a66 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:22 +0200 Subject: [PATCH] selftests: mptcp: join: check re-using ID of closed subflow This test extends "delete and re-add" to validate the previous commit. A new 'subflow' endpoint is added, but the subflow request will be rejected. The result is that no subflow will be established from this address. Later, the endpoint is removed and re-added after having cleared the firewall rule. Before the previous commit, the client would not have been able to create this new subflow. While at it, extra checks have been added to validate the expected numbers of MPJ and RM_ADDR. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-4-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 25077ccf31d2..fbb0174145ad 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -436,9 +436,10 @@ reset_with_tcp_filter() local ns="${!1}" local src="${2}" local target="${3}" + local chain="${4:-INPUT}" if ! ip netns exec "${ns}" ${iptables} \ - -A INPUT \ + -A "${chain}" \ -s "${src}" \ -p tcp \ -j "${target}"; then @@ -3571,10 +3572,10 @@ endpoint_tests() mptcp_lib_kill_wait $tests_pid fi - if reset "delete and re-add" && + if reset_with_tcp_filter "delete and re-add" ns2 10.0.3.2 REJECT OUTPUT && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then - pm_nl_set_limits $ns1 1 1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 0 2 pm_nl_add_endpoint $ns2 10.0.2.2 id 2 dev ns2eth2 flags subflow test_linkfail=4 speed=20 \ run_tests $ns1 $ns2 10.0.1.1 & @@ -3591,11 +3592,27 @@ endpoint_tests() chk_subflow_nr "after delete" 1 chk_mptcp_info subflows 0 subflows 0 - pm_nl_add_endpoint $ns2 10.0.2.2 dev ns2eth2 flags subflow + pm_nl_add_endpoint $ns2 10.0.2.2 id 2 dev ns2eth2 flags subflow wait_mpj $ns2 chk_subflow_nr "after re-add" 2 chk_mptcp_info subflows 1 subflows 1 + + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_attempt_fail $ns2 + chk_subflow_nr "after new reject" 2 + chk_mptcp_info subflows 1 subflows 1 + + ip netns exec "${ns2}" ${iptables} -D OUTPUT -s "10.0.3.2" -p tcp -j REJECT + pm_nl_del_endpoint $ns2 3 10.0.3.2 + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_mpj $ns2 + chk_subflow_nr "after no reject" 3 + chk_mptcp_info subflows 2 subflows 2 + mptcp_lib_kill_wait $tests_pid + + chk_join_nr 3 3 3 + chk_rm_nr 1 1 fi # remove and re-add

8 months

3
2
0 0

[PATCH v6.1] f2fs: fix to truncate preallocated blocks in f2fs_file_open()

by Shivani Agarwal

From: Chao Yu <chao(a)kernel.org> [ Upstream commit 298b1e4182d657c3e388adcc29477904e9600ed5 ] chenyuwen reports a f2fs bug as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000011 fscrypt_set_bio_crypt_ctx+0x78/0x1e8 f2fs_grab_read_bio+0x78/0x208 f2fs_submit_page_read+0x44/0x154 f2fs_get_read_data_page+0x288/0x5f4 f2fs_get_lock_data_page+0x60/0x190 truncate_partial_data_page+0x108/0x4fc f2fs_do_truncate_blocks+0x344/0x5f0 f2fs_truncate_blocks+0x6c/0x134 f2fs_truncate+0xd8/0x200 f2fs_iget+0x20c/0x5ac do_garbage_collect+0x5d0/0xf6c f2fs_gc+0x22c/0x6a4 f2fs_disable_checkpoint+0xc8/0x310 f2fs_fill_super+0x14bc/0x1764 mount_bdev+0x1b4/0x21c f2fs_mount+0x20/0x30 legacy_get_tree+0x50/0xbc vfs_get_tree+0x5c/0x1b0 do_new_mount+0x298/0x4cc path_mount+0x33c/0x5fc __arm64_sys_mount+0xcc/0x15c invoke_syscall+0x60/0x150 el0_svc_common+0xb8/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84 el0t_64_sync_handler+0x88/0xec It is because inode.i_crypt_info is not initialized during below path: - mount - f2fs_fill_super - f2fs_disable_checkpoint - f2fs_gc - f2fs_iget - f2fs_truncate So, let's relocate truncation of preallocated blocks to f2fs_file_open(), after fscrypt_file_open(). Fixes: d4dd19ec1ea0 ("f2fs: do not expose unwritten blocks to user by DIO") Reported-by: chenyuwen <yuwen.chen(a)xjmz.com> Closes: https://lore.kernel.org/linux-kernel/20240517085327.1188515-1-yuwen.chen@xj… Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- fs/f2fs/f2fs.h | 1 + fs/f2fs/file.c | 42 +++++++++++++++++++++++++++++++++++++++++- fs/f2fs/inode.c | 8 -------- 3 files changed, 42 insertions(+), 9 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index a02c74875..2b540d878 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -788,6 +788,7 @@ enum { FI_ALIGNED_WRITE, /* enable aligned write */ FI_COW_FILE, /* indicate COW file */ FI_ATOMIC_COMMITTED, /* indicate atomic commit completed except disk sync */ + FI_OPENED_FILE, /* indicate file has been opened */ FI_MAX, /* max flag, never be used */ }; diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index c6fb179f9..62f2521cd 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -538,6 +538,42 @@ static int f2fs_file_mmap(struct file *file, struct vm_area_struct *vma) return 0; } +static int finish_preallocate_blocks(struct inode *inode) +{ + int ret; + + inode_lock(inode); + if (is_inode_flag_set(inode, FI_OPENED_FILE)) { + inode_unlock(inode); + return 0; + } + + if (!file_should_truncate(inode)) { + set_inode_flag(inode, FI_OPENED_FILE); + inode_unlock(inode); + return 0; + } + + f2fs_down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); + filemap_invalidate_lock(inode->i_mapping); + + truncate_setsize(inode, i_size_read(inode)); + ret = f2fs_truncate(inode); + + filemap_invalidate_unlock(inode->i_mapping); + f2fs_up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); + + if (!ret) + set_inode_flag(inode, FI_OPENED_FILE); + + inode_unlock(inode); + if (ret) + return ret; + + file_dont_truncate(inode); + return 0; +} + static int f2fs_file_open(struct inode *inode, struct file *filp) { int err = fscrypt_file_open(inode, filp); @@ -554,7 +590,11 @@ static int f2fs_file_open(struct inode *inode, struct file *filp) filp->f_mode |= FMODE_NOWAIT; - return dquot_file_open(inode, filp); + err = dquot_file_open(inode, filp); + if (err) + return err; + + return finish_preallocate_blocks(inode); } void f2fs_truncate_data_blocks_range(struct dnode_of_data *dn, int count) diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index ff4a4e92a..5b672df19 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -549,14 +549,6 @@ struct inode *f2fs_iget(struct super_block *sb, unsigned long ino) } f2fs_set_inode_flags(inode); - if (file_should_truncate(inode) && - !is_sbi_flag_set(sbi, SBI_POR_DOING)) { - ret = f2fs_truncate(inode); - if (ret) - goto bad_inode; - file_dont_truncate(inode); - } - unlock_new_inode(inode); trace_f2fs_iget(inode); return inode; -- 2.39.4

8 months

2
1
0 0

[PATCH 6.1 0/1] Fix CVE-2024-41096

by hsimeliere.opensource＠witekio.com

https://nvd.nist.gov/vuln/detail/CVE-2024-41096

8 months

2
2
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: cannot rm sf if closed" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e93681afcb96864ec26c3b2ce94008ce93577373 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083052-unedited-earache-8049@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: e93681afcb96 ("selftests: mptcp: join: cannot rm sf if closed") 23a0485d1c04 ("selftests: mptcp: declare event macros in mptcp_lib") 4cc5cc7ca052 ("selftests: mptcp: userspace pm get addr tests") 38f027fca1b7 ("selftests: mptcp: dump userspace addrs list") 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") b850f2c7dd85 ("selftests: mptcp: add mptcp_lib_is_v6") bdbef0a6ff10 ("selftests: mptcp: add mptcp_lib_kill_wait") b2e2248f365a ("selftests: mptcp: userspace pm create id 0 subflow") 757c828ce949 ("selftests: mptcp: update userspace pm test helpers") 80775412882e ("selftests: mptcp: add chk_subflows_total helper") 06848c0f341e ("selftests: mptcp: add evts_get_info helper") 9168ea02b898 ("selftests: mptcp: fix wait_rm_addr/sf parameters") f4a75e9d1100 ("selftests: mptcp: run userspace pm tests slower") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e93681afcb96864ec26c3b2ce94008ce93577373 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 26 Aug 2024 19:11:19 +0200 Subject: [PATCH] selftests: mptcp: join: cannot rm sf if closed Thanks to the previous commit, the MPTCP subflows are now closed on both directions even when only the MPTCP path-manager of one peer asks for their closure. In the two tests modified here -- "userspace pm add & remove address" and "userspace pm create destroy subflow" -- one peer is controlled by the userspace PM, and the other one by the in-kernel PM. When the userspace PM sends a RM_ADDR notification, the in-kernel PM will automatically react by closing all subflows using this address. Now, thanks to the previous commit, the subflows are properly closed on both directions, the userspace PM can then no longer closes the same subflows if they are already closed. Before, it was OK to do that, because the subflows were still half-opened, still OK to send a RM_ADDR. In other words, thanks to the previous commit closing the subflows, an error will be returned to the userspace if it tries to close a subflow that has already been closed. So no need to run this command, which mean that the linked counters will then not be incremented. These tests are then no longer sending both a RM_ADDR, then closing the linked subflow just after. The test with the userspace PM on the server side is now removing one subflow linked to one address, then sending a RM_ADDR for another address. The test with the userspace PM on the client side is now only removing the subflow that was previously created. Fixes: 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240826-net-mptcp-close-extra-sf-fin-v1-2-905199f… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 89e553e0e0c2..264040a760c6 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3429,14 +3429,12 @@ userspace_tests() "signal" userspace_pm_chk_get_addr "${ns1}" "10" "id 10 flags signal 10.0.2.1" userspace_pm_chk_get_addr "${ns1}" "20" "id 20 flags signal 10.0.3.1" - userspace_pm_rm_addr $ns1 10 userspace_pm_rm_sf $ns1 "::ffff:10.0.2.1" $MPTCP_LIB_EVENT_SUB_ESTABLISHED userspace_pm_chk_dump_addr "${ns1}" \ - "id 20 flags signal 10.0.3.1" "after rm_addr 10" + "id 20 flags signal 10.0.3.1" "after rm_sf 10" userspace_pm_rm_addr $ns1 20 - userspace_pm_rm_sf $ns1 10.0.3.1 $MPTCP_LIB_EVENT_SUB_ESTABLISHED userspace_pm_chk_dump_addr "${ns1}" "" "after rm_addr 20" - chk_rm_nr 2 2 invert + chk_rm_nr 1 1 invert chk_mptcp_info subflows 0 subflows 0 chk_subflows_total 1 1 kill_events_pids @@ -3460,12 +3458,11 @@ userspace_tests() "id 20 flags subflow 10.0.3.2" \ "subflow" userspace_pm_chk_get_addr "${ns2}" "20" "id 20 flags subflow 10.0.3.2" - userspace_pm_rm_addr $ns2 20 userspace_pm_rm_sf $ns2 10.0.3.2 $MPTCP_LIB_EVENT_SUB_ESTABLISHED userspace_pm_chk_dump_addr "${ns2}" \ "" \ - "after rm_addr 20" - chk_rm_nr 1 1 + "after rm_sf 20" + chk_rm_nr 0 1 chk_mptcp_info subflows 0 subflows 0 chk_subflows_total 1 1 kill_events_pids

8 months

4
3
0 0

FAILED: patch "[PATCH] mptcp: pr_debug: add missing \n at the end" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cb41b195e634d3f1ecfcd845314e64fd4bb3c7aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083019-spendable-delicacy-253c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cb41b195e634 ("mptcp: pr_debug: add missing \n at the end") 68cc924729ff ("mptcp: fix duplicate data handling") 89721e3038d1 ("Merge tag 'net-accept-more-20240515' of git://git.kernel.dk/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cb41b195e634d3f1ecfcd845314e64fd4bb3c7aa Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 26 Aug 2024 19:11:21 +0200 Subject: [PATCH] mptcp: pr_debug: add missing \n at the end pr_debug() have been added in various places in MPTCP code to help developers to debug some situations. With the dynamic debug feature, it is easy to enable all or some of them, and asks users to reproduce issues with extra debug. Many of these pr_debug() don't end with a new line, while no 'pr_cont()' are used in MPTCP code. So the goal was not to display multiple debug messages on one line: they were then not missing the '\n' on purpose. Not having the new line at the end causes these messages to be printed with a delay, when something else needs to be printed. This issue is not visible when many messages need to be printed, but it is annoying and confusing when only specific messages are expected, e.g. # echo "func mptcp_pm_add_addr_echoed +fmp" \ > /sys/kernel/debug/dynamic_debug/control # ./mptcp_join.sh "signal address"; \ echo "$(awk '{print $1}' /proc/uptime) - end"; \ sleep 5s; \ echo "$(awk '{print $1}' /proc/uptime) - restart"; \ ./mptcp_join.sh "signal address" 013 signal address (...) 10.75 - end 15.76 - restart 013 signal address [ 10.367935] mptcp:mptcp_pm_add_addr_echoed: MPTCP: msk=(...) (...) => a delay of 5 seconds: printed with a 10.36 ts, but after 'restart' which was printed at the 15.76 ts. The 'Fixes' tag here below points to the first pr_debug() used without '\n' in net/mptcp. This patch could be split in many small ones, with different Fixes tag, but it doesn't seem worth it, because it is easy to re-generate this patch with this simple 'sed' command: git grep -l pr_debug -- net/mptcp | xargs sed -i "s/$pr_debug(\".*[^n]$$\"[,)]$/\1\\\n\2/g" So in case of conflicts, simply drop the modifications, and launch this command. Fixes: f870fa0b5768 ("mptcp: Add MPTCP socket stubs") Cc: stable(a)vger.kernel.org Reviewed-by: Geliang Tang <geliang(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240826-net-mptcp-close-extra-sf-fin-v1-4-905199f… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/fastopen.c b/net/mptcp/fastopen.c index ad28da655f8b..a29ff901df75 100644 --- a/net/mptcp/fastopen.c +++ b/net/mptcp/fastopen.c @@ -68,12 +68,12 @@ void __mptcp_fastopen_gen_msk_ackseq(struct mptcp_sock *msk, struct mptcp_subflo skb = skb_peek_tail(&sk->sk_receive_queue); if (skb) { WARN_ON_ONCE(MPTCP_SKB_CB(skb)->end_seq); - pr_debug("msk %p moving seq %llx -> %llx end_seq %llx -> %llx", sk, + pr_debug("msk %p moving seq %llx -> %llx end_seq %llx -> %llx\n", sk, MPTCP_SKB_CB(skb)->map_seq, MPTCP_SKB_CB(skb)->map_seq + msk->ack_seq, MPTCP_SKB_CB(skb)->end_seq, MPTCP_SKB_CB(skb)->end_seq + msk->ack_seq); MPTCP_SKB_CB(skb)->map_seq += msk->ack_seq; MPTCP_SKB_CB(skb)->end_seq += msk->ack_seq; } - pr_debug("msk=%p ack_seq=%llx", msk, msk->ack_seq); + pr_debug("msk=%p ack_seq=%llx\n", msk, msk->ack_seq); } diff --git a/net/mptcp/options.c b/net/mptcp/options.c index ac2f1a54cc43..370c3836b771 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -117,7 +117,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->suboptions |= OPTION_MPTCP_CSUMREQD; ptr += 2; } - pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d csum=%u", + pr_debug("MP_CAPABLE version=%x, flags=%x, optlen=%d sndr=%llu, rcvr=%llu len=%d csum=%u\n", version, flags, opsize, mp_opt->sndr_key, mp_opt->rcvr_key, mp_opt->data_len, mp_opt->csum); break; @@ -131,7 +131,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 4; mp_opt->nonce = get_unaligned_be32(ptr); ptr += 4; - pr_debug("MP_JOIN bkup=%u, id=%u, token=%u, nonce=%u", + pr_debug("MP_JOIN bkup=%u, id=%u, token=%u, nonce=%u\n", mp_opt->backup, mp_opt->join_id, mp_opt->token, mp_opt->nonce); } else if (opsize == TCPOLEN_MPTCP_MPJ_SYNACK) { @@ -142,19 +142,19 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 8; mp_opt->nonce = get_unaligned_be32(ptr); ptr += 4; - pr_debug("MP_JOIN bkup=%u, id=%u, thmac=%llu, nonce=%u", + pr_debug("MP_JOIN bkup=%u, id=%u, thmac=%llu, nonce=%u\n", mp_opt->backup, mp_opt->join_id, mp_opt->thmac, mp_opt->nonce); } else if (opsize == TCPOLEN_MPTCP_MPJ_ACK) { mp_opt->suboptions |= OPTION_MPTCP_MPJ_ACK; ptr += 2; memcpy(mp_opt->hmac, ptr, MPTCPOPT_HMAC_LEN); - pr_debug("MP_JOIN hmac"); + pr_debug("MP_JOIN hmac\n"); } break; case MPTCPOPT_DSS: - pr_debug("DSS"); + pr_debug("DSS\n"); ptr++; /* we must clear 'mpc_map' be able to detect MP_CAPABLE @@ -169,7 +169,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->ack64 = (flags & MPTCP_DSS_ACK64) != 0; mp_opt->use_ack = (flags & MPTCP_DSS_HAS_ACK); - pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d", + pr_debug("data_fin=%d dsn64=%d use_map=%d ack64=%d use_ack=%d\n", mp_opt->data_fin, mp_opt->dsn64, mp_opt->use_map, mp_opt->ack64, mp_opt->use_ack); @@ -207,7 +207,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 4; } - pr_debug("data_ack=%llu", mp_opt->data_ack); + pr_debug("data_ack=%llu\n", mp_opt->data_ack); } if (mp_opt->use_map) { @@ -231,7 +231,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 2; } - pr_debug("data_seq=%llu subflow_seq=%u data_len=%u csum=%d:%u", + pr_debug("data_seq=%llu subflow_seq=%u data_len=%u csum=%d:%u\n", mp_opt->data_seq, mp_opt->subflow_seq, mp_opt->data_len, !!(mp_opt->suboptions & OPTION_MPTCP_CSUMREQD), mp_opt->csum); @@ -293,7 +293,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->ahmac = get_unaligned_be64(ptr); ptr += 8; } - pr_debug("ADD_ADDR%s: id=%d, ahmac=%llu, echo=%d, port=%d", + pr_debug("ADD_ADDR%s: id=%d, ahmac=%llu, echo=%d, port=%d\n", (mp_opt->addr.family == AF_INET6) ? "6" : "", mp_opt->addr.id, mp_opt->ahmac, mp_opt->echo, ntohs(mp_opt->addr.port)); break; @@ -309,7 +309,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->rm_list.nr = opsize - TCPOLEN_MPTCP_RM_ADDR_BASE; for (i = 0; i < mp_opt->rm_list.nr; i++) mp_opt->rm_list.ids[i] = *ptr++; - pr_debug("RM_ADDR: rm_list_nr=%d", mp_opt->rm_list.nr); + pr_debug("RM_ADDR: rm_list_nr=%d\n", mp_opt->rm_list.nr); break; case MPTCPOPT_MP_PRIO: @@ -318,7 +318,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->suboptions |= OPTION_MPTCP_PRIO; mp_opt->backup = *ptr++ & MPTCP_PRIO_BKUP; - pr_debug("MP_PRIO: prio=%d", mp_opt->backup); + pr_debug("MP_PRIO: prio=%d\n", mp_opt->backup); break; case MPTCPOPT_MP_FASTCLOSE: @@ -329,7 +329,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, mp_opt->rcvr_key = get_unaligned_be64(ptr); ptr += 8; mp_opt->suboptions |= OPTION_MPTCP_FASTCLOSE; - pr_debug("MP_FASTCLOSE: recv_key=%llu", mp_opt->rcvr_key); + pr_debug("MP_FASTCLOSE: recv_key=%llu\n", mp_opt->rcvr_key); break; case MPTCPOPT_RST: @@ -343,7 +343,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, flags = *ptr++; mp_opt->reset_transient = flags & MPTCP_RST_TRANSIENT; mp_opt->reset_reason = *ptr; - pr_debug("MP_RST: transient=%u reason=%u", + pr_debug("MP_RST: transient=%u reason=%u\n", mp_opt->reset_transient, mp_opt->reset_reason); break; @@ -354,7 +354,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ptr += 2; mp_opt->suboptions |= OPTION_MPTCP_FAIL; mp_opt->fail_seq = get_unaligned_be64(ptr); - pr_debug("MP_FAIL: data_seq=%llu", mp_opt->fail_seq); + pr_debug("MP_FAIL: data_seq=%llu\n", mp_opt->fail_seq); break; default: @@ -417,7 +417,7 @@ bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb, *size = TCPOLEN_MPTCP_MPC_SYN; return true; } else if (subflow->request_join) { - pr_debug("remote_token=%u, nonce=%u", subflow->remote_token, + pr_debug("remote_token=%u, nonce=%u\n", subflow->remote_token, subflow->local_nonce); opts->suboptions = OPTION_MPTCP_MPJ_SYN; opts->join_id = subflow->local_id; @@ -500,7 +500,7 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, *size = TCPOLEN_MPTCP_MPC_ACK; } - pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d", + pr_debug("subflow=%p, local_key=%llu, remote_key=%llu map_len=%d\n", subflow, subflow->local_key, subflow->remote_key, data_len); @@ -509,7 +509,7 @@ static bool mptcp_established_options_mp(struct sock *sk, struct sk_buff *skb, opts->suboptions = OPTION_MPTCP_MPJ_ACK; memcpy(opts->hmac, subflow->hmac, MPTCPOPT_HMAC_LEN); *size = TCPOLEN_MPTCP_MPJ_ACK; - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); /* we can use the full delegate action helper only from BH context * If we are in process context - sk is flushing the backlog at @@ -675,7 +675,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * *size = len; if (drop_other_suboptions) { - pr_debug("drop other suboptions"); + pr_debug("drop other suboptions\n"); opts->suboptions = 0; /* note that e.g. DSS could have written into the memory @@ -695,7 +695,7 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff * } else { MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_ECHOADDTX); } - pr_debug("addr_id=%d, ahmac=%llu, echo=%d, port=%d", + pr_debug("addr_id=%d, ahmac=%llu, echo=%d, port=%d\n", opts->addr.id, opts->ahmac, echo, ntohs(opts->addr.port)); return true; @@ -726,7 +726,7 @@ static bool mptcp_established_options_rm_addr(struct sock *sk, opts->rm_list = rm_list; for (i = 0; i < opts->rm_list.nr; i++) - pr_debug("rm_list_ids[%d]=%d", i, opts->rm_list.ids[i]); + pr_debug("rm_list_ids[%d]=%d\n", i, opts->rm_list.ids[i]); MPTCP_ADD_STATS(sock_net(sk), MPTCP_MIB_RMADDRTX, opts->rm_list.nr); return true; } @@ -752,7 +752,7 @@ static bool mptcp_established_options_mp_prio(struct sock *sk, opts->suboptions |= OPTION_MPTCP_PRIO; opts->backup = subflow->request_bkup; - pr_debug("prio=%d", opts->backup); + pr_debug("prio=%d\n", opts->backup); return true; } @@ -794,7 +794,7 @@ static bool mptcp_established_options_fastclose(struct sock *sk, opts->suboptions |= OPTION_MPTCP_FASTCLOSE; opts->rcvr_key = READ_ONCE(msk->remote_key); - pr_debug("FASTCLOSE key=%llu", opts->rcvr_key); + pr_debug("FASTCLOSE key=%llu\n", opts->rcvr_key); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPFASTCLOSETX); return true; } @@ -816,7 +816,7 @@ static bool mptcp_established_options_mp_fail(struct sock *sk, opts->suboptions |= OPTION_MPTCP_FAIL; opts->fail_seq = subflow->map_seq; - pr_debug("MP_FAIL fail_seq=%llu", opts->fail_seq); + pr_debug("MP_FAIL fail_seq=%llu\n", opts->fail_seq); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPFAILTX); return true; @@ -904,7 +904,7 @@ bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, opts->csum_reqd = subflow_req->csum_reqd; opts->allow_join_id0 = subflow_req->allow_join_id0; *size = TCPOLEN_MPTCP_MPC_SYNACK; - pr_debug("subflow_req=%p, local_key=%llu", + pr_debug("subflow_req=%p, local_key=%llu\n", subflow_req, subflow_req->local_key); return true; } else if (subflow_req->mp_join) { @@ -913,7 +913,7 @@ bool mptcp_synack_options(const struct request_sock *req, unsigned int *size, opts->join_id = subflow_req->local_id; opts->thmac = subflow_req->thmac; opts->nonce = subflow_req->local_nonce; - pr_debug("req=%p, bkup=%u, id=%u, thmac=%llu, nonce=%u", + pr_debug("req=%p, bkup=%u, id=%u, thmac=%llu, nonce=%u\n", subflow_req, opts->backup, opts->join_id, opts->thmac, opts->nonce); *size = TCPOLEN_MPTCP_MPJ_SYNACK; diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 3e6e0f5510bb..3f8dbde243f1 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -19,7 +19,7 @@ int mptcp_pm_announce_addr(struct mptcp_sock *msk, { u8 add_addr = READ_ONCE(msk->pm.addr_signal); - pr_debug("msk=%p, local_id=%d, echo=%d", msk, addr->id, echo); + pr_debug("msk=%p, local_id=%d, echo=%d\n", msk, addr->id, echo); lockdep_assert_held(&msk->pm.lock); @@ -45,7 +45,7 @@ int mptcp_pm_remove_addr(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_ { u8 rm_addr = READ_ONCE(msk->pm.addr_signal); - pr_debug("msk=%p, rm_list_nr=%d", msk, rm_list->nr); + pr_debug("msk=%p, rm_list_nr=%d\n", msk, rm_list->nr); if (rm_addr) { MPTCP_ADD_STATS(sock_net((struct sock *)msk), @@ -66,7 +66,7 @@ void mptcp_pm_new_connection(struct mptcp_sock *msk, const struct sock *ssk, int { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p, token=%u side=%d", msk, READ_ONCE(msk->token), server_side); + pr_debug("msk=%p, token=%u side=%d\n", msk, READ_ONCE(msk->token), server_side); WRITE_ONCE(pm->server_side, server_side); mptcp_event(MPTCP_EVENT_CREATED, msk, ssk, GFP_ATOMIC); @@ -90,7 +90,7 @@ bool mptcp_pm_allow_new_subflow(struct mptcp_sock *msk) subflows_max = mptcp_pm_get_subflows_max(msk); - pr_debug("msk=%p subflows=%d max=%d allow=%d", msk, pm->subflows, + pr_debug("msk=%p subflows=%d max=%d allow=%d\n", msk, pm->subflows, subflows_max, READ_ONCE(pm->accept_subflow)); /* try to avoid acquiring the lock below */ @@ -114,7 +114,7 @@ bool mptcp_pm_allow_new_subflow(struct mptcp_sock *msk) static bool mptcp_pm_schedule_work(struct mptcp_sock *msk, enum mptcp_pm_status new_status) { - pr_debug("msk=%p status=%x new=%lx", msk, msk->pm.status, + pr_debug("msk=%p status=%x new=%lx\n", msk, msk->pm.status, BIT(new_status)); if (msk->pm.status & BIT(new_status)) return false; @@ -129,7 +129,7 @@ void mptcp_pm_fully_established(struct mptcp_sock *msk, const struct sock *ssk) struct mptcp_pm_data *pm = &msk->pm; bool announce = false; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&pm->lock); @@ -153,14 +153,14 @@ void mptcp_pm_fully_established(struct mptcp_sock *msk, const struct sock *ssk) void mptcp_pm_connection_closed(struct mptcp_sock *msk) { - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); } void mptcp_pm_subflow_established(struct mptcp_sock *msk) { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (!READ_ONCE(pm->work_pending)) return; @@ -212,7 +212,7 @@ void mptcp_pm_add_addr_received(const struct sock *ssk, struct mptcp_sock *msk = mptcp_sk(subflow->conn); struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p remote_id=%d accept=%d", msk, addr->id, + pr_debug("msk=%p remote_id=%d accept=%d\n", msk, addr->id, READ_ONCE(pm->accept_addr)); mptcp_event_addr_announced(ssk, addr); @@ -243,7 +243,7 @@ void mptcp_pm_add_addr_echoed(struct mptcp_sock *msk, { struct mptcp_pm_data *pm = &msk->pm; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&pm->lock); @@ -267,7 +267,7 @@ void mptcp_pm_rm_addr_received(struct mptcp_sock *msk, struct mptcp_pm_data *pm = &msk->pm; u8 i; - pr_debug("msk=%p remote_ids_nr=%d", msk, rm_list->nr); + pr_debug("msk=%p remote_ids_nr=%d\n", msk, rm_list->nr); for (i = 0; i < rm_list->nr; i++) mptcp_event_addr_removed(msk, rm_list->ids[i]); @@ -299,19 +299,19 @@ void mptcp_pm_mp_fail_received(struct sock *sk, u64 fail_seq) struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); struct mptcp_sock *msk = mptcp_sk(subflow->conn); - pr_debug("fail_seq=%llu", fail_seq); + pr_debug("fail_seq=%llu\n", fail_seq); if (!READ_ONCE(msk->allow_infinite_fallback)) return; if (!subflow->fail_tout) { - pr_debug("send MP_FAIL response and infinite map"); + pr_debug("send MP_FAIL response and infinite map\n"); subflow->send_mp_fail = 1; subflow->send_infinite_map = 1; tcp_send_ack(sk); } else { - pr_debug("MP_FAIL response received"); + pr_debug("MP_FAIL response received\n"); WRITE_ONCE(subflow->fail_tout, 0); } } diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 3e4ad801786f..8d2f97854c64 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -287,7 +287,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer) struct mptcp_sock *msk = entry->sock; struct sock *sk = (struct sock *)msk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (!msk) return; @@ -306,7 +306,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer) spin_lock_bh(&msk->pm.lock); if (!mptcp_pm_should_add_signal_addr(msk)) { - pr_debug("retransmit ADD_ADDR id=%d", entry->addr.id); + pr_debug("retransmit ADD_ADDR id=%d\n", entry->addr.id); mptcp_pm_announce_addr(msk, &entry->addr, false); mptcp_pm_add_addr_send_ack(msk); entry->retrans_times++; @@ -387,7 +387,7 @@ void mptcp_pm_free_anno_list(struct mptcp_sock *msk) struct sock *sk = (struct sock *)msk; LIST_HEAD(free_list); - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); spin_lock_bh(&msk->pm.lock); list_splice_init(&msk->pm.anno_list, &free_list); @@ -473,7 +473,7 @@ static void __mptcp_pm_send_ack(struct mptcp_sock *msk, struct mptcp_subflow_con struct sock *ssk = mptcp_subflow_tcp_sock(subflow); bool slow; - pr_debug("send ack for %s", + pr_debug("send ack for %s\n", prio ? "mp_prio" : (mptcp_pm_should_add_signal(msk) ? "add_addr" : "rm_addr")); slow = lock_sock_fast(ssk); @@ -708,7 +708,7 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) add_addr_accept_max = mptcp_pm_get_add_addr_accept_max(msk); subflows_max = mptcp_pm_get_subflows_max(msk); - pr_debug("accepted %d:%d remote family %d", + pr_debug("accepted %d:%d remote family %d\n", msk->pm.add_addr_accepted, add_addr_accept_max, msk->pm.remote.family); @@ -767,7 +767,7 @@ int mptcp_pm_nl_mp_prio_send_ack(struct mptcp_sock *msk, { struct mptcp_subflow_context *subflow; - pr_debug("bkup=%d", bkup); + pr_debug("bkup=%d\n", bkup); mptcp_for_each_subflow(msk, subflow) { struct sock *ssk = mptcp_subflow_tcp_sock(subflow); @@ -803,7 +803,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, struct sock *sk = (struct sock *)msk; u8 i; - pr_debug("%s rm_list_nr %d", + pr_debug("%s rm_list_nr %d\n", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", rm_list->nr); msk_owned_by_me(msk); @@ -832,7 +832,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMSUBFLOW && !mptcp_local_id_match(msk, id, rm_id)) continue; - pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u", + pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u\n", rm_type == MPTCP_MIB_RMADDR ? "address" : "subflow", i, rm_id, id, remote_id, msk->mpc_endpoint_id); spin_unlock_bh(&msk->pm.lock); @@ -889,7 +889,7 @@ void mptcp_pm_nl_work(struct mptcp_sock *msk) spin_lock_bh(&msk->pm.lock); - pr_debug("msk=%p status=%x", msk, pm->status); + pr_debug("msk=%p status=%x\n", msk, pm->status); if (pm->status & BIT(MPTCP_PM_ADD_ADDR_RECEIVED)) { pm->status &= ~BIT(MPTCP_PM_ADD_ADDR_RECEIVED); mptcp_pm_nl_add_addr_received(msk); @@ -1476,7 +1476,7 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, long s_slot = 0, s_num = 0; struct mptcp_sock *msk; - pr_debug("remove_id=%d", addr->id); + pr_debug("remove_id=%d\n", addr->id); list.ids[list.nr++] = addr->id; diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 34fec753b9c1..b571fba88a2f 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -139,7 +139,7 @@ static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to, !skb_try_coalesce(to, from, &fragstolen, &delta)) return false; - pr_debug("colesced seq %llx into %llx new len %d new end seq %llx", + pr_debug("colesced seq %llx into %llx new len %d new end seq %llx\n", MPTCP_SKB_CB(from)->map_seq, MPTCP_SKB_CB(to)->map_seq, to->len, MPTCP_SKB_CB(from)->end_seq); MPTCP_SKB_CB(to)->end_seq = MPTCP_SKB_CB(from)->end_seq; @@ -217,7 +217,7 @@ static void mptcp_data_queue_ofo(struct mptcp_sock *msk, struct sk_buff *skb) end_seq = MPTCP_SKB_CB(skb)->end_seq; max_seq = atomic64_read(&msk->rcv_wnd_sent); - pr_debug("msk=%p seq=%llx limit=%llx empty=%d", msk, seq, max_seq, + pr_debug("msk=%p seq=%llx limit=%llx empty=%d\n", msk, seq, max_seq, RB_EMPTY_ROOT(&msk->out_of_order_queue)); if (after64(end_seq, max_seq)) { /* out of window */ @@ -643,7 +643,7 @@ static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, } } - pr_debug("msk=%p ssk=%p", msk, ssk); + pr_debug("msk=%p ssk=%p\n", msk, ssk); tp = tcp_sk(ssk); do { u32 map_remaining, offset; @@ -724,7 +724,7 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) u64 end_seq; p = rb_first(&msk->out_of_order_queue); - pr_debug("msk=%p empty=%d", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue)); + pr_debug("msk=%p empty=%d\n", msk, RB_EMPTY_ROOT(&msk->out_of_order_queue)); while (p) { skb = rb_to_skb(p); if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq)) @@ -746,7 +746,7 @@ static bool __mptcp_ofo_queue(struct mptcp_sock *msk) int delta = msk->ack_seq - MPTCP_SKB_CB(skb)->map_seq; /* skip overlapping data, if any */ - pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d", + pr_debug("uncoalesced seq=%llx ack seq=%llx delta=%d\n", MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq, delta); MPTCP_SKB_CB(skb)->offset += delta; @@ -1240,7 +1240,7 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, size_t copy; int i; - pr_debug("msk=%p ssk=%p sending dfrag at seq=%llu len=%u already sent=%u", + pr_debug("msk=%p ssk=%p sending dfrag at seq=%llu len=%u already sent=%u\n", msk, ssk, dfrag->data_seq, dfrag->data_len, info->sent); if (WARN_ON_ONCE(info->sent > info->limit || @@ -1341,7 +1341,7 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, mpext->use_map = 1; mpext->dsn64 = 1; - pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d", + pr_debug("data_seq=%llu subflow_seq=%u data_len=%u dsn64=%d\n", mpext->data_seq, mpext->subflow_seq, mpext->data_len, mpext->dsn64); @@ -1892,7 +1892,7 @@ static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (!msk->first_pending) WRITE_ONCE(msk->first_pending, dfrag); } - pr_debug("msk=%p dfrag at seq=%llu len=%u sent=%u new=%d", msk, + pr_debug("msk=%p dfrag at seq=%llu len=%u sent=%u new=%d\n", msk, dfrag->data_seq, dfrag->data_len, dfrag->already_sent, !dfrag_collapsed); @@ -2248,7 +2248,7 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, } } - pr_debug("block timeout %ld", timeo); + pr_debug("block timeout %ld\n", timeo); sk_wait_data(sk, &timeo, NULL); } @@ -2264,7 +2264,7 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, } } - pr_debug("msk=%p rx queue empty=%d:%d copied=%d", + pr_debug("msk=%p rx queue empty=%d:%d copied=%d\n", msk, skb_queue_empty_lockless(&sk->sk_receive_queue), skb_queue_empty(&msk->receive_queue), copied); if (!(flags & MSG_PEEK)) @@ -2717,7 +2717,7 @@ static void mptcp_mp_fail_no_response(struct mptcp_sock *msk) if (!ssk) return; - pr_debug("MP_FAIL doesn't respond, reset the subflow"); + pr_debug("MP_FAIL doesn't respond, reset the subflow\n"); slow = lock_sock_fast(ssk); mptcp_subflow_reset(ssk); @@ -2891,7 +2891,7 @@ void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how) break; default: if (__mptcp_check_fallback(mptcp_sk(sk))) { - pr_debug("Fallback"); + pr_debug("Fallback\n"); ssk->sk_shutdown |= how; tcp_shutdown(ssk, how); @@ -2901,7 +2901,7 @@ void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how) WRITE_ONCE(mptcp_sk(sk)->snd_una, mptcp_sk(sk)->snd_nxt); mptcp_schedule_work(sk); } else { - pr_debug("Sending DATA_FIN on subflow %p", ssk); + pr_debug("Sending DATA_FIN on subflow %p\n", ssk); tcp_send_ack(ssk); if (!mptcp_rtx_timer_pending(sk)) mptcp_reset_rtx_timer(sk); @@ -2967,7 +2967,7 @@ static void mptcp_check_send_data_fin(struct sock *sk) struct mptcp_subflow_context *subflow; struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p snd_data_fin_enable=%d pending=%d snd_nxt=%llu write_seq=%llu", + pr_debug("msk=%p snd_data_fin_enable=%d pending=%d snd_nxt=%llu write_seq=%llu\n", msk, msk->snd_data_fin_enable, !!mptcp_send_head(sk), msk->snd_nxt, msk->write_seq); @@ -2991,7 +2991,7 @@ static void __mptcp_wr_shutdown(struct sock *sk) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p snd_data_fin_enable=%d shutdown=%x state=%d pending=%d", + pr_debug("msk=%p snd_data_fin_enable=%d shutdown=%x state=%d pending=%d\n", msk, msk->snd_data_fin_enable, sk->sk_shutdown, sk->sk_state, !!mptcp_send_head(sk)); @@ -3006,7 +3006,7 @@ static void __mptcp_destroy_sock(struct sock *sk) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); might_sleep(); @@ -3114,7 +3114,7 @@ bool __mptcp_close(struct sock *sk, long timeout) mptcp_set_state(sk, TCP_CLOSE); sock_hold(sk); - pr_debug("msk=%p state=%d", sk, sk->sk_state); + pr_debug("msk=%p state=%d\n", sk, sk->sk_state); if (msk->token) mptcp_event(MPTCP_EVENT_CLOSED, msk, NULL, GFP_KERNEL); @@ -3546,7 +3546,7 @@ static int mptcp_get_port(struct sock *sk, unsigned short snum) { struct mptcp_sock *msk = mptcp_sk(sk); - pr_debug("msk=%p, ssk=%p", msk, msk->first); + pr_debug("msk=%p, ssk=%p\n", msk, msk->first); if (WARN_ON_ONCE(!msk->first)) return -EINVAL; @@ -3563,7 +3563,7 @@ void mptcp_finish_connect(struct sock *ssk) sk = subflow->conn; msk = mptcp_sk(sk); - pr_debug("msk=%p, token=%u", sk, subflow->token); + pr_debug("msk=%p, token=%u\n", sk, subflow->token); subflow->map_seq = subflow->iasn; subflow->map_subflow_seq = 1; @@ -3592,7 +3592,7 @@ bool mptcp_finish_join(struct sock *ssk) struct sock *parent = (void *)msk; bool ret = true; - pr_debug("msk=%p, subflow=%p", msk, subflow); + pr_debug("msk=%p, subflow=%p\n", msk, subflow); /* mptcp socket already closing? */ if (!mptcp_is_fully_established(parent)) { @@ -3638,7 +3638,7 @@ bool mptcp_finish_join(struct sock *ssk) static void mptcp_shutdown(struct sock *sk, int how) { - pr_debug("sk=%p, how=%d", sk, how); + pr_debug("sk=%p, how=%d\n", sk, how); if ((how & SEND_SHUTDOWN) && mptcp_close_state(sk)) __mptcp_wr_shutdown(sk); @@ -3859,7 +3859,7 @@ static int mptcp_listen(struct socket *sock, int backlog) struct sock *ssk; int err; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); lock_sock(sk); @@ -3898,7 +3898,7 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, struct mptcp_sock *msk = mptcp_sk(sock->sk); struct sock *ssk, *newsk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); /* Buggy applications can call accept on socket states other then LISTEN * but no need to allocate the first subflow just to error out. @@ -3907,12 +3907,12 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, if (!ssk) return -EINVAL; - pr_debug("ssk=%p, listener=%p", ssk, mptcp_subflow_ctx(ssk)); + pr_debug("ssk=%p, listener=%p\n", ssk, mptcp_subflow_ctx(ssk)); newsk = inet_csk_accept(ssk, arg); if (!newsk) return arg->err; - pr_debug("newsk=%p, subflow is mptcp=%d", newsk, sk_is_mptcp(newsk)); + pr_debug("newsk=%p, subflow is mptcp=%d\n", newsk, sk_is_mptcp(newsk)); if (sk_is_mptcp(newsk)) { struct mptcp_subflow_context *subflow; struct sock *new_mptcp_sock; @@ -4005,7 +4005,7 @@ static __poll_t mptcp_poll(struct file *file, struct socket *sock, sock_poll_wait(file, sock, wait); state = inet_sk_state_load(sk); - pr_debug("msk=%p state=%d flags=%lx", msk, state, msk->flags); + pr_debug("msk=%p state=%d flags=%lx\n", msk, state, msk->flags); if (state == TCP_LISTEN) { struct sock *ssk = READ_ONCE(msk->first); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index a1c1b0ff1ce1..240d7c2ea551 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1177,7 +1177,7 @@ static inline bool mptcp_check_fallback(const struct sock *sk) static inline void __mptcp_do_fallback(struct mptcp_sock *msk) { if (__mptcp_check_fallback(msk)) { - pr_debug("TCP fallback already done (msk=%p)", msk); + pr_debug("TCP fallback already done (msk=%p)\n", msk); return; } set_bit(MPTCP_FALLBACK_DONE, &msk->flags); @@ -1213,7 +1213,7 @@ static inline void mptcp_do_fallback(struct sock *ssk) } } -#define pr_fallback(a) pr_debug("%s:fallback to TCP (msk=%p)", __func__, a) +#define pr_fallback(a) pr_debug("%s:fallback to TCP (msk=%p)\n", __func__, a) static inline bool mptcp_check_infinite_map(struct sk_buff *skb) { diff --git a/net/mptcp/sched.c b/net/mptcp/sched.c index 4a7fd0508ad2..78ed508ebc1b 100644 --- a/net/mptcp/sched.c +++ b/net/mptcp/sched.c @@ -86,7 +86,7 @@ int mptcp_register_scheduler(struct mptcp_sched_ops *sched) list_add_tail_rcu(&sched->list, &mptcp_sched_list); spin_unlock(&mptcp_sched_list_lock); - pr_debug("%s registered", sched->name); + pr_debug("%s registered\n", sched->name); return 0; } @@ -118,7 +118,7 @@ int mptcp_init_sched(struct mptcp_sock *msk, if (msk->sched->init) msk->sched->init(msk); - pr_debug("sched=%s", msk->sched->name); + pr_debug("sched=%s\n", msk->sched->name); return 0; } diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index 2026a9a36f80..505445a9598f 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -873,7 +873,7 @@ int mptcp_setsockopt(struct sock *sk, int level, int optname, struct mptcp_sock *msk = mptcp_sk(sk); struct sock *ssk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); if (level == SOL_SOCKET) return mptcp_setsockopt_sol_socket(msk, optname, optval, optlen); @@ -1453,7 +1453,7 @@ int mptcp_getsockopt(struct sock *sk, int level, int optname, struct mptcp_sock *msk = mptcp_sk(sk); struct sock *ssk; - pr_debug("msk=%p", msk); + pr_debug("msk=%p\n", msk); /* @@ the meaning of setsockopt() when the socket is connected and * there are multiple subflows is not yet defined. It is up to the diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 4834e7fc2fb6..064ab3235893 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -39,7 +39,7 @@ static void subflow_req_destructor(struct request_sock *req) { struct mptcp_subflow_request_sock *subflow_req = mptcp_subflow_rsk(req); - pr_debug("subflow_req=%p", subflow_req); + pr_debug("subflow_req=%p\n", subflow_req); if (subflow_req->msk) sock_put((struct sock *)subflow_req->msk); @@ -146,7 +146,7 @@ static int subflow_check_req(struct request_sock *req, struct mptcp_options_received mp_opt; bool opt_mp_capable, opt_mp_join; - pr_debug("subflow_req=%p, listener=%p", subflow_req, listener); + pr_debug("subflow_req=%p, listener=%p\n", subflow_req, listener); #ifdef CONFIG_TCP_MD5SIG /* no MPTCP if MD5SIG is enabled on this socket or we may run out of @@ -221,7 +221,7 @@ static int subflow_check_req(struct request_sock *req, } if (subflow_use_different_sport(subflow_req->msk, sk_listener)) { - pr_debug("syn inet_sport=%d %d", + pr_debug("syn inet_sport=%d %d\n", ntohs(inet_sk(sk_listener)->inet_sport), ntohs(inet_sk((struct sock *)subflow_req->msk)->inet_sport)); if (!mptcp_pm_sport_in_anno_list(subflow_req->msk, sk_listener)) { @@ -243,7 +243,7 @@ static int subflow_check_req(struct request_sock *req, subflow_init_req_cookie_join_save(subflow_req, skb); } - pr_debug("token=%u, remote_nonce=%u msk=%p", subflow_req->token, + pr_debug("token=%u, remote_nonce=%u msk=%p\n", subflow_req->token, subflow_req->remote_nonce, subflow_req->msk); } @@ -527,7 +527,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->rel_write_seq = 1; subflow->conn_finished = 1; subflow->ssn_offset = TCP_SKB_CB(skb)->seq; - pr_debug("subflow=%p synack seq=%x", subflow, subflow->ssn_offset); + pr_debug("subflow=%p synack seq=%x\n", subflow, subflow->ssn_offset); mptcp_get_options(skb, &mp_opt); if (subflow->request_mptcp) { @@ -559,7 +559,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) subflow->thmac = mp_opt.thmac; subflow->remote_nonce = mp_opt.nonce; WRITE_ONCE(subflow->remote_id, mp_opt.join_id); - pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u backup=%d", + pr_debug("subflow=%p, thmac=%llu, remote_nonce=%u backup=%d\n", subflow, subflow->thmac, subflow->remote_nonce, subflow->backup); @@ -585,7 +585,7 @@ static void subflow_finish_connect(struct sock *sk, const struct sk_buff *skb) MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINSYNACKBACKUPRX); if (subflow_use_different_dport(msk, sk)) { - pr_debug("synack inet_dport=%d %d", + pr_debug("synack inet_dport=%d %d\n", ntohs(inet_sk(sk)->inet_dport), ntohs(inet_sk(parent)->inet_dport)); MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_JOINPORTSYNACKRX); @@ -655,7 +655,7 @@ static int subflow_v4_conn_request(struct sock *sk, struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); /* Never answer to SYNs sent to broadcast or multicast */ if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) @@ -686,7 +686,7 @@ static int subflow_v6_conn_request(struct sock *sk, struct sk_buff *skb) { struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); if (skb->protocol == htons(ETH_P_IP)) return subflow_v4_conn_request(sk, skb); @@ -807,7 +807,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, struct mptcp_sock *owner; struct sock *child; - pr_debug("listener=%p, req=%p, conn=%p", listener, req, listener->conn); + pr_debug("listener=%p, req=%p, conn=%p\n", listener, req, listener->conn); /* After child creation we must look for MPC even when options * are not parsed @@ -898,7 +898,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, ctx->conn = (struct sock *)owner; if (subflow_use_different_sport(owner, sk)) { - pr_debug("ack inet_sport=%d %d", + pr_debug("ack inet_sport=%d %d\n", ntohs(inet_sk(sk)->inet_sport), ntohs(inet_sk((struct sock *)owner)->inet_sport)); if (!mptcp_pm_sport_in_anno_list(owner, sk)) { @@ -961,7 +961,7 @@ enum mapping_status { static void dbg_bad_map(struct mptcp_subflow_context *subflow, u32 ssn) { - pr_debug("Bad mapping: ssn=%d map_seq=%d map_data_len=%d", + pr_debug("Bad mapping: ssn=%d map_seq=%d map_data_len=%d\n", ssn, subflow->map_subflow_seq, subflow->map_data_len); } @@ -1121,7 +1121,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, data_len = mpext->data_len; if (data_len == 0) { - pr_debug("infinite mapping received"); + pr_debug("infinite mapping received\n"); MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_INFINITEMAPRX); subflow->map_data_len = 0; return MAPPING_INVALID; @@ -1133,7 +1133,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, if (data_len == 1) { bool updated = mptcp_update_rcv_data_fin(msk, mpext->data_seq, mpext->dsn64); - pr_debug("DATA_FIN with no payload seq=%llu", mpext->data_seq); + pr_debug("DATA_FIN with no payload seq=%llu\n", mpext->data_seq); if (subflow->map_valid) { /* A DATA_FIN might arrive in a DSS * option before the previous mapping @@ -1159,7 +1159,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, data_fin_seq &= GENMASK_ULL(31, 0); mptcp_update_rcv_data_fin(msk, data_fin_seq, mpext->dsn64); - pr_debug("DATA_FIN with mapping seq=%llu dsn64=%d", + pr_debug("DATA_FIN with mapping seq=%llu dsn64=%d\n", data_fin_seq, mpext->dsn64); /* Adjust for DATA_FIN using 1 byte of sequence space */ @@ -1205,7 +1205,7 @@ static enum mapping_status get_mapping_status(struct sock *ssk, if (unlikely(subflow->map_csum_reqd != csum_reqd)) return MAPPING_INVALID; - pr_debug("new map seq=%llu subflow_seq=%u data_len=%u csum=%d:%u", + pr_debug("new map seq=%llu subflow_seq=%u data_len=%u csum=%d:%u\n", subflow->map_seq, subflow->map_subflow_seq, subflow->map_data_len, subflow->map_csum_reqd, subflow->map_data_csum); @@ -1240,7 +1240,7 @@ static void mptcp_subflow_discard_data(struct sock *ssk, struct sk_buff *skb, avail_len = skb->len - offset; incr = limit >= avail_len ? avail_len + fin : limit; - pr_debug("discarding=%d len=%d offset=%d seq=%d", incr, skb->len, + pr_debug("discarding=%d len=%d offset=%d seq=%d\n", incr, skb->len, offset, subflow->map_subflow_seq); MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_DUPDATA); tcp_sk(ssk)->copied_seq += incr; @@ -1341,7 +1341,7 @@ static bool subflow_check_data_avail(struct sock *ssk) old_ack = READ_ONCE(msk->ack_seq); ack_seq = mptcp_subflow_get_mapped_dsn(subflow); - pr_debug("msk ack_seq=%llx subflow ack_seq=%llx", old_ack, + pr_debug("msk ack_seq=%llx subflow ack_seq=%llx\n", old_ack, ack_seq); if (unlikely(before64(ack_seq, old_ack))) { mptcp_subflow_discard_data(ssk, skb, old_ack - ack_seq); @@ -1413,7 +1413,7 @@ bool mptcp_subflow_data_available(struct sock *sk) subflow->map_valid = 0; WRITE_ONCE(subflow->data_avail, false); - pr_debug("Done with mapping: seq=%u data_len=%u", + pr_debug("Done with mapping: seq=%u data_len=%u\n", subflow->map_subflow_seq, subflow->map_data_len); } @@ -1523,7 +1523,7 @@ void mptcpv6_handle_mapped(struct sock *sk, bool mapped) target = mapped ? &subflow_v6m_specific : subflow_default_af_ops(sk); - pr_debug("subflow=%p family=%d ops=%p target=%p mapped=%d", + pr_debug("subflow=%p family=%d ops=%p target=%p mapped=%d\n", subflow, sk->sk_family, icsk->icsk_af_ops, target, mapped); if (likely(icsk->icsk_af_ops == target)) @@ -1616,7 +1616,7 @@ int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc, goto failed; mptcp_crypto_key_sha(subflow->remote_key, &remote_token, NULL); - pr_debug("msk=%p remote_token=%u local_id=%d remote_id=%d", msk, + pr_debug("msk=%p remote_token=%u local_id=%d remote_id=%d\n", msk, remote_token, local_id, remote_id); subflow->remote_token = remote_token; WRITE_ONCE(subflow->remote_id, remote_id); @@ -1751,7 +1751,7 @@ int mptcp_subflow_create_socket(struct sock *sk, unsigned short family, SOCK_INODE(sf)->i_gid = SOCK_INODE(sk->sk_socket)->i_gid; subflow = mptcp_subflow_ctx(sf->sk); - pr_debug("subflow=%p", subflow); + pr_debug("subflow=%p\n", subflow); *new_sock = sf; sock_hold(sk); @@ -1780,7 +1780,7 @@ static struct mptcp_subflow_context *subflow_create_ctx(struct sock *sk, INIT_LIST_HEAD(&ctx->node); INIT_LIST_HEAD(&ctx->delegated_node); - pr_debug("subflow=%p", ctx); + pr_debug("subflow=%p\n", ctx); ctx->tcp_sock = sk; WRITE_ONCE(ctx->local_id, -1); @@ -1931,7 +1931,7 @@ static int subflow_ulp_init(struct sock *sk) goto out; } - pr_debug("subflow=%p, family=%d", ctx, sk->sk_family); + pr_debug("subflow=%p, family=%d\n", ctx, sk->sk_family); tp->is_mptcp = 1; ctx->icsk_af_ops = icsk->icsk_af_ops;

8 months

3
2
0 0

FAILED: patch "[PATCH] mptcp: avoid duplicated SUB_CLOSED events" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d82809b6c5f2676b382f77a5cbeb1a5d91ed2235 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083026-snooper-unbundle-373f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d82809b6c5f2 ("mptcp: avoid duplicated SUB_CLOSED events") a7cfe7766370 ("mptcp: fix data races on local_id") 84c531f54ad9 ("mptcp: userspace pm send RM_ADDR for ID 0") f1f26512a9bf ("mptcp: use plain bool instead of custom binary enum") 1e07938e29c5 ("net: mptcp: rename netlink handlers to mptcp_pm_nl_<blah>_{doit,dumpit}") 1d0507f46843 ("net: mptcp: convert netlink from small_ops to ops") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d82809b6c5f2676b382f77a5cbeb1a5d91ed2235 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:35 +0200 Subject: [PATCH] mptcp: avoid duplicated SUB_CLOSED events MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The initial subflow might have already been closed, but still in the connection list. When the worker is instructed to close the subflows that have been marked as closed, it might then try to close the initial subflow again. A consequence of that is that the SUB_CLOSED event can be seen twice: # ip mptcp endpoint 1.1.1.1 id 1 subflow dev eth0 2.2.2.2 id 2 subflow dev eth1 # ip mptcp monitor & [ CREATED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 [ ESTABLISHED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 [ SF_ESTABLISHED] remid=0 locid=2 saddr4=2.2.2.2 daddr4=9.9.9.9 # ip mptcp endpoint delete id 1 [ SF_CLOSED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 [ SF_CLOSED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9 The first one is coming from mptcp_pm_nl_rm_subflow_received(), and the second one from __mptcp_close_subflow(). To avoid doing the post-closed processing twice, the subflow is now marked as closed the first time. Note that it is not enough to check if we are dealing with the first subflow and check its sk_state: the subflow might have been reset or closed before calling mptcp_close_ssk(). Fixes: b911c97c7dc7 ("mptcp: add netlink event support") Cc: stable(a)vger.kernel.org Tested-by: Arınç ÜNAL <arinc.unal(a)arinc9.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index b571fba88a2f..37ebcb7640eb 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2508,6 +2508,12 @@ static void __mptcp_close_ssk(struct sock *sk, struct sock *ssk, void mptcp_close_ssk(struct sock *sk, struct sock *ssk, struct mptcp_subflow_context *subflow) { + /* The first subflow can already be closed and still in the list */ + if (subflow->close_event_done) + return; + + subflow->close_event_done = true; + if (sk->sk_state == TCP_ESTABLISHED) mptcp_event(MPTCP_EVENT_SUB_CLOSED, mptcp_sk(sk), ssk, GFP_KERNEL); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 240d7c2ea551..26eb898a202b 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -524,7 +524,8 @@ struct mptcp_subflow_context { stale : 1, /* unable to snd/rcv data, do not use for xmit */ valid_csum_seen : 1, /* at least one csum validated */ is_mptfo : 1, /* subflow is doing TFO */ - __unused : 10; + close_event_done : 1, /* has done the post-closed part */ + __unused : 9; bool data_avail; bool scheduled; u32 remote_nonce;

8 months

3
2
0 0

[PATCH 6.6.y 0/2] Fixes for recent backports

by Matthieu Baerts (NGI0)

A few commits have been recently queued to v6.6 and needs to be adapted for this kernel version: - 38f027fca1b7 ("selftests: mptcp: dump userspace addrs list") - 4cc5cc7ca052 ("selftests: mptcp: userspace pm get addr tests") - b2e2248f365a ("selftests: mptcp: userspace pm create id 0 subflow") Matthieu Baerts (NGI0) (2): selftests: mptcp: join: disable get and dump addr checks selftests: mptcp: join: stop transfer when check is done (part 2.2) tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.45.2

8 months

2
3
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: test for flush/re-add endpoints" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e06959e9eebdfea4654390f53b65cff57691872e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082617-capture-unbolted-5880@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: e06959e9eebd ("selftests: mptcp: join: test for flush/re-add endpoints") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e06959e9eebdfea4654390f53b65cff57691872e Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:24 +0200 Subject: [PATCH] selftests: mptcp: join: test for flush/re-add endpoints After having flushed endpoints that didn't cause the creation of new subflows, it is important to check endpoints can be re-created, re-using previously used IDs. Before the previous commit, the client would not have been able to re-create the subflow that was previously rejected. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 06faa2271034 ("mptcp: remove multi addresses and subflows in PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-6-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index fbb0174145ad..f609c02c6123 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3651,6 +3651,36 @@ endpoint_tests() chk_rm_nr 2 1 invert fi + # flush and re-add + if reset_with_tcp_filter "flush re-add" ns2 10.0.3.2 REJECT OUTPUT && + mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 1 2 + # broadcast IP: no packet for this address will be received on ns1 + pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + test_linkfail=4 speed=20 \ + run_tests $ns1 $ns2 10.0.1.1 & + local tests_pid=$! + + wait_attempt_fail $ns2 + chk_subflow_nr "before flush" 1 + chk_mptcp_info subflows 0 subflows 0 + + pm_nl_flush_endpoint $ns2 + pm_nl_flush_endpoint $ns1 + wait_rm_addr $ns2 0 + ip netns exec "${ns2}" ${iptables} -D OUTPUT -s "10.0.3.2" -p tcp -j REJECT + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_mpj $ns2 + pm_nl_add_endpoint $ns1 10.0.3.1 id 2 flags signal + wait_mpj $ns2 + mptcp_lib_kill_wait $tests_pid + + chk_join_nr 2 2 2 + chk_add_nr 2 2 + chk_rm_nr 1 0 invert + fi } # [$1: error message]

8 months

4
7
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: validate event numbers" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 20ccc7c5f7a3aa48092441a4b182f9f40418392e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083025-ruined-stupor-4967@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 20ccc7c5f7a3 ("selftests: mptcp: join: validate event numbers") d397d7246c11 ("selftests: mptcp: join: check re-re-adding ID 0 endp") 1c2326fcae4f ("selftests: mptcp: join: check re-adding init endp with != id") 5f94b08c0012 ("selftests: mptcp: join: check removing ID 0 endpoint") 65fb58afa341 ("selftests: mptcp: join: check re-using ID of closed subflow") a13d5aad4dd9 ("selftests: mptcp: join: check re-using ID of unused ADD_ADDR") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") 40061817d95b ("selftests: mptcp: join: fix dev in check_endpoint") 23a0485d1c04 ("selftests: mptcp: declare event macros in mptcp_lib") 35bc143a8514 ("selftests: mptcp: add mptcp_lib_events helper") 3a0f9bed3c28 ("selftests: mptcp: add mptcp_lib_ns_init/exit helpers") 3fb8c33ef4b9 ("selftests: mptcp: add mptcp_lib_check_tools helper") 7c2eac649054 ("selftests: mptcp: stop forcing iptables-legacy") 4cc5cc7ca052 ("selftests: mptcp: userspace pm get addr tests") 38f027fca1b7 ("selftests: mptcp: dump userspace addrs list") 2d0c1d27ea4e ("selftests: mptcp: add mptcp_lib_check_output helper") 9480f388a2ef ("selftests: mptcp: join: add ss mptcp support check") 7092dbee2328 ("selftests: mptcp: rm subflow with v4/v4mapped addr") 04b57c9e096a ("selftests: mptcp: join: stop transfer when check is done (part 2)") 9369777c2939 ("selftests: mptcp: add mptcp_lib_wait_local_port_listen") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 20ccc7c5f7a3aa48092441a4b182f9f40418392e Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:36 +0200 Subject: [PATCH] selftests: mptcp: join: validate event numbers This test extends "delete and re-add" and "delete re-add signal" to validate the previous commit: the number of MPTCP events are checked to make sure there are no duplicated or unexpected ones. A new helper has been introduced to easily check these events. The missing events have been added to the lib. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: b911c97c7dc7 ("mptcp: add netlink event support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 965b614e4b16..a8ea0fe200fb 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -420,12 +420,17 @@ reset_with_fail() fi } +start_events() +{ + mptcp_lib_events "${ns1}" "${evts_ns1}" evts_ns1_pid + mptcp_lib_events "${ns2}" "${evts_ns2}" evts_ns2_pid +} + reset_with_events() { reset "${1}" || return 1 - mptcp_lib_events "${ns1}" "${evts_ns1}" evts_ns1_pid - mptcp_lib_events "${ns2}" "${evts_ns2}" evts_ns2_pid + start_events } reset_with_tcp_filter() @@ -3333,6 +3338,36 @@ userspace_pm_chk_get_addr() fi } +# $1: ns ; $2: event type ; $3: count +chk_evt_nr() +{ + local ns=${1} + local evt_name="${2}" + local exp="${3}" + + local evts="${evts_ns1}" + local evt="${!evt_name}" + local count + + evt_name="${evt_name:16}" # without MPTCP_LIB_EVENT_ + [ "${ns}" == "ns2" ] && evts="${evts_ns2}" + + print_check "event ${ns} ${evt_name} (${exp})" + + if [[ "${evt_name}" = "LISTENER_"* ]] && + ! mptcp_lib_kallsyms_has "mptcp_event_pm_listener$"; then + print_skip "event not supported" + return + fi + + count=$(grep -cw "type:${evt}" "${evts}") + if [ "${count}" != "${exp}" ]; then + fail_test "got ${count} events, expected ${exp}" + else + print_ok + fi +} + userspace_tests() { # userspace pm type prevents add_addr @@ -3572,6 +3607,7 @@ endpoint_tests() if reset_with_tcp_filter "delete and re-add" ns2 10.0.3.2 REJECT OUTPUT && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then + start_events pm_nl_set_limits $ns1 0 3 pm_nl_set_limits $ns2 0 3 pm_nl_add_endpoint $ns2 10.0.1.2 id 1 dev ns2eth1 flags subflow @@ -3623,12 +3659,28 @@ endpoint_tests() mptcp_lib_kill_wait $tests_pid + kill_events_pids + chk_evt_nr ns1 MPTCP_LIB_EVENT_LISTENER_CREATED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_CREATED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_ESTABLISHED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_ANNOUNCED 0 + chk_evt_nr ns1 MPTCP_LIB_EVENT_REMOVED 4 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_ESTABLISHED 6 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_CLOSED 4 + + chk_evt_nr ns2 MPTCP_LIB_EVENT_CREATED 1 + chk_evt_nr ns2 MPTCP_LIB_EVENT_ESTABLISHED 1 + chk_evt_nr ns2 MPTCP_LIB_EVENT_ANNOUNCED 0 + chk_evt_nr ns2 MPTCP_LIB_EVENT_REMOVED 0 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_ESTABLISHED 6 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_CLOSED 5 # one has been closed before estab + chk_join_nr 6 6 6 chk_rm_nr 4 4 fi # remove and re-add - if reset "delete re-add signal" && + if reset_with_events "delete re-add signal" && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then pm_nl_set_limits $ns1 0 3 pm_nl_set_limits $ns2 3 3 @@ -3669,6 +3721,22 @@ endpoint_tests() chk_mptcp_info subflows 3 subflows 3 mptcp_lib_kill_wait $tests_pid + kill_events_pids + chk_evt_nr ns1 MPTCP_LIB_EVENT_LISTENER_CREATED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_CREATED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_ESTABLISHED 1 + chk_evt_nr ns1 MPTCP_LIB_EVENT_ANNOUNCED 0 + chk_evt_nr ns1 MPTCP_LIB_EVENT_REMOVED 0 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_ESTABLISHED 4 + chk_evt_nr ns1 MPTCP_LIB_EVENT_SUB_CLOSED 2 + + chk_evt_nr ns2 MPTCP_LIB_EVENT_CREATED 1 + chk_evt_nr ns2 MPTCP_LIB_EVENT_ESTABLISHED 1 + chk_evt_nr ns2 MPTCP_LIB_EVENT_ANNOUNCED 5 + chk_evt_nr ns2 MPTCP_LIB_EVENT_REMOVED 3 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_ESTABLISHED 4 + chk_evt_nr ns2 MPTCP_LIB_EVENT_SUB_CLOSED 2 + chk_join_nr 4 4 4 chk_add_nr 5 5 chk_rm_nr 3 2 invert diff --git a/tools/testing/selftests/net/mptcp/mptcp_lib.sh b/tools/testing/selftests/net/mptcp/mptcp_lib.sh index 438280e68434..4578a331041e 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_lib.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_lib.sh @@ -12,10 +12,14 @@ readonly KSFT_SKIP=4 readonly KSFT_TEST="${MPTCP_LIB_KSFT_TEST:-$(basename "${0}" .sh)}" # These variables are used in some selftests, read-only +declare -rx MPTCP_LIB_EVENT_CREATED=1 # MPTCP_EVENT_CREATED +declare -rx MPTCP_LIB_EVENT_ESTABLISHED=2 # MPTCP_EVENT_ESTABLISHED +declare -rx MPTCP_LIB_EVENT_CLOSED=3 # MPTCP_EVENT_CLOSED declare -rx MPTCP_LIB_EVENT_ANNOUNCED=6 # MPTCP_EVENT_ANNOUNCED declare -rx MPTCP_LIB_EVENT_REMOVED=7 # MPTCP_EVENT_REMOVED declare -rx MPTCP_LIB_EVENT_SUB_ESTABLISHED=10 # MPTCP_EVENT_SUB_ESTABLISHED declare -rx MPTCP_LIB_EVENT_SUB_CLOSED=11 # MPTCP_EVENT_SUB_CLOSED +declare -rx MPTCP_LIB_EVENT_SUB_PRIORITY=13 # MPTCP_EVENT_SUB_PRIORITY declare -rx MPTCP_LIB_EVENT_LISTENER_CREATED=15 # MPTCP_EVENT_LISTENER_CREATED declare -rx MPTCP_LIB_EVENT_LISTENER_CLOSED=16 # MPTCP_EVENT_LISTENER_CLOSED

8 months

3
5
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: test for flush/re-add endpoints" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x e06959e9eebdfea4654390f53b65cff57691872e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082617-malt-arbitrary-2f17@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: e06959e9eebd ("selftests: mptcp: join: test for flush/re-add endpoints") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e06959e9eebdfea4654390f53b65cff57691872e Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:24 +0200 Subject: [PATCH] selftests: mptcp: join: test for flush/re-add endpoints After having flushed endpoints that didn't cause the creation of new subflows, it is important to check endpoints can be re-created, re-using previously used IDs. Before the previous commit, the client would not have been able to re-create the subflow that was previously rejected. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: 06faa2271034 ("mptcp: remove multi addresses and subflows in PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-6-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index fbb0174145ad..f609c02c6123 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3651,6 +3651,36 @@ endpoint_tests() chk_rm_nr 2 1 invert fi + # flush and re-add + if reset_with_tcp_filter "flush re-add" ns2 10.0.3.2 REJECT OUTPUT && + mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 1 2 + # broadcast IP: no packet for this address will be received on ns1 + pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + test_linkfail=4 speed=20 \ + run_tests $ns1 $ns2 10.0.1.1 & + local tests_pid=$! + + wait_attempt_fail $ns2 + chk_subflow_nr "before flush" 1 + chk_mptcp_info subflows 0 subflows 0 + + pm_nl_flush_endpoint $ns2 + pm_nl_flush_endpoint $ns1 + wait_rm_addr $ns2 0 + ip netns exec "${ns2}" ${iptables} -D OUTPUT -s "10.0.3.2" -p tcp -j REJECT + pm_nl_add_endpoint $ns2 10.0.3.2 id 3 flags subflow + wait_mpj $ns2 + pm_nl_add_endpoint $ns1 10.0.3.1 id 2 flags signal + wait_mpj $ns2 + mptcp_lib_kill_wait $tests_pid + + chk_join_nr 2 2 2 + chk_add_nr 2 2 + chk_rm_nr 1 0 invert + fi } # [$1: error message]

8 months

4
9
0 0

FAILED: patch "[PATCH] mptcp: pm: fix RM_ADDR ID for the initial subflow" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 87b5896f3f7848130095656739b05881904e2697 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024083044-banked-tapered-91df@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 87b5896f3f78 ("mptcp: pm: fix RM_ADDR ID for the initial subflow") edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") e38b117d7f3b ("mptcp: make pm_remove_addrs_and_subflows static") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 87b5896f3f7848130095656739b05881904e2697 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 28 Aug 2024 08:14:25 +0200 Subject: [PATCH] mptcp: pm: fix RM_ADDR ID for the initial subflow The initial subflow has a special local ID: 0. When an endpoint is being deleted, it is then important to check if its address is not linked to the initial subflow to send the right ID. If there was an endpoint linked to the initial subflow, msk's mpc_endpoint_id field will be set. We can then use this info when an endpoint is being removed to see if it is linked to the initial subflow. So now, the correct IDs are passed to mptcp_pm_nl_rm_addr_or_subflow(), it is no longer needed to use mptcp_local_id_match(). Fixes: 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index ec45ab4c66ab..42d4e7b5f65d 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -800,11 +800,6 @@ int mptcp_pm_nl_mp_prio_send_ack(struct mptcp_sock *msk, return -EINVAL; } -static bool mptcp_local_id_match(const struct mptcp_sock *msk, u8 local_id, u8 id) -{ - return local_id == id || (!local_id && msk->mpc_endpoint_id == id); -} - static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list, enum linux_mptcp_mib_field rm_type) @@ -839,7 +834,7 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMADDR && remote_id != rm_id) continue; - if (rm_type == MPTCP_MIB_RMSUBFLOW && !mptcp_local_id_match(msk, id, rm_id)) + if (rm_type == MPTCP_MIB_RMSUBFLOW && id != rm_id) continue; pr_debug(" -> %s rm_list_ids[%d]=%u local_id=%u remote_id=%u mpc_id=%u\n", @@ -1448,6 +1443,12 @@ static bool remove_anno_list_by_saddr(struct mptcp_sock *msk, return false; } +static u8 mptcp_endp_get_local_id(struct mptcp_sock *msk, + const struct mptcp_addr_info *addr) +{ + return msk->mpc_endpoint_id == addr->id ? 0 : addr->id; +} + static bool mptcp_pm_remove_anno_addr(struct mptcp_sock *msk, const struct mptcp_addr_info *addr, bool force) @@ -1455,7 +1456,7 @@ static bool mptcp_pm_remove_anno_addr(struct mptcp_sock *msk, struct mptcp_rm_list list = { .nr = 0 }; bool ret; - list.ids[list.nr++] = addr->id; + list.ids[list.nr++] = mptcp_endp_get_local_id(msk, addr); ret = remove_anno_list_by_saddr(msk, addr); if (ret || force) { @@ -1482,14 +1483,12 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, const struct mptcp_pm_addr_entry *entry) { const struct mptcp_addr_info *addr = &entry->addr; - struct mptcp_rm_list list = { .nr = 0 }; + struct mptcp_rm_list list = { .nr = 1 }; long s_slot = 0, s_num = 0; struct mptcp_sock *msk; pr_debug("remove_id=%d\n", addr->id); - list.ids[list.nr++] = addr->id; - while ((msk = mptcp_token_iter_next(net, &s_slot, &s_num)) != NULL) { struct sock *sk = (struct sock *)msk; bool remove_subflow; @@ -1507,6 +1506,7 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, mptcp_pm_remove_anno_addr(msk, addr, remove_subflow && !(entry->flags & MPTCP_PM_ADDR_FLAG_IMPLICIT)); + list.ids[0] = mptcp_endp_get_local_id(msk, addr); if (remove_subflow) { spin_lock_bh(&msk->pm.lock); mptcp_pm_nl_rm_subflow_received(msk, &list); @@ -1613,6 +1613,7 @@ int mptcp_pm_nl_del_addr_doit(struct sk_buff *skb, struct genl_info *info) return ret; } +/* Called from the userspace PM only */ void mptcp_pm_remove_addrs(struct mptcp_sock *msk, struct list_head *rm_list) { struct mptcp_rm_list alist = { .nr = 0 }; @@ -1641,6 +1642,7 @@ void mptcp_pm_remove_addrs(struct mptcp_sock *msk, struct list_head *rm_list) } } +/* Called from the in-kernel PM only */ static void mptcp_pm_remove_addrs_and_subflows(struct mptcp_sock *msk, struct list_head *rm_list) { @@ -1650,11 +1652,11 @@ static void mptcp_pm_remove_addrs_and_subflows(struct mptcp_sock *msk, list_for_each_entry(entry, rm_list, list) { if (slist.nr < MPTCP_RM_IDS_MAX && lookup_subflow_by_saddr(&msk->conn_list, &entry->addr)) - slist.ids[slist.nr++] = entry->addr.id; + slist.ids[slist.nr++] = mptcp_endp_get_local_id(msk, &entry->addr); if (alist.nr < MPTCP_RM_IDS_MAX && remove_anno_list_by_saddr(msk, &entry->addr)) - alist.ids[alist.nr++] = entry->addr.id; + alist.ids[alist.nr++] = mptcp_endp_get_local_id(msk, &entry->addr); } spin_lock_bh(&msk->pm.lock); @@ -1951,7 +1953,7 @@ static void mptcp_pm_nl_fullmesh(struct mptcp_sock *msk, { struct mptcp_rm_list list = { .nr = 0 }; - list.ids[list.nr++] = addr->id; + list.ids[list.nr++] = mptcp_endp_get_local_id(msk, addr); spin_lock_bh(&msk->pm.lock); mptcp_pm_nl_rm_subflow_received(msk, &list);

8 months

3
4
0 0

Linux 6.10.8

by Greg Kroah-Hartman

I'm announcing the release of the 6.10.8 kernel. All users of the 6.10 kernel series must upgrade. The updated 6.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/usb/microchip,usb2514.yaml | 9 Makefile | 2 arch/arm/boot/dts/nxp/imx/imx6dl-yapp43-common.dtsi | 12 arch/arm/boot/dts/ti/omap/omap3-n900.dts | 2 arch/arm64/boot/dts/freescale/imx8mp-beacon-kit.dts | 12 arch/arm64/boot/dts/freescale/imx93-tqma9352-mba93xxla.dts | 2 arch/arm64/boot/dts/freescale/imx93-tqma9352.dtsi | 2 arch/arm64/boot/dts/freescale/imx93.dtsi | 2 arch/arm64/boot/dts/qcom/ipq5332.dtsi | 4 arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 2 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 6 arch/loongarch/include/asm/dma-direct.h | 11 arch/loongarch/kernel/fpu.S | 4 arch/loongarch/kvm/switch.S | 4 drivers/bluetooth/btnxpuart.c | 65 +++- drivers/char/tpm/tpm_ibmvtpm.c | 4 drivers/cpufreq/amd-pstate-ut.c | 13 drivers/cpufreq/amd-pstate.c | 2 drivers/dma/dw-edma/dw-hdma-v0-core.c | 26 - drivers/dma/dw/core.c | 89 +++++- drivers/dma/ti/omap-dma.c | 6 drivers/firmware/microchip/mpfs-auto-update.c | 2 drivers/firmware/qcom/qcom_scm-smc.c | 2 drivers/firmware/sysfb.c | 19 - drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 26 - drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 2 drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 18 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 9 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 21 - drivers/gpu/drm/i915/display/intel_dp.c | 12 drivers/gpu/drm/i915/display/intel_dp_mst.c | 40 ++ drivers/gpu/drm/i915/display/intel_dp_mst.h | 1 drivers/gpu/drm/i915/display/vlv_dsi.c | 1 drivers/gpu/drm/v3d/v3d_sched.c | 6 drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 114 +++++++ drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 13 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 4 drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 12 drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 6 drivers/gpu/drm/xe/display/xe_display.c | 33 ++ drivers/gpu/drm/xe/display/xe_display.h | 8 drivers/gpu/drm/xe/xe_exec_queue.c | 5 drivers/gpu/drm/xe/xe_exec_queue_types.h | 14 drivers/gpu/drm/xe/xe_hwmon.c | 2 drivers/gpu/drm/xe/xe_pm.c | 20 + drivers/gpu/drm/xe/xe_preempt_fence.c | 3 drivers/gpu/drm/xe/xe_preempt_fence_types.h | 2 drivers/gpu/drm/xe/xe_vm.c | 60 ++-- drivers/hwmon/pt5161l.c | 4 drivers/iommu/io-pgtable-arm-v7s.c | 3 drivers/iommu/io-pgtable-arm.c | 3 drivers/iommu/io-pgtable-dart.c | 3 drivers/iommu/iommufd/ioas.c | 8 drivers/net/bonding/bond_main.c | 159 +++++++---- drivers/net/ethernet/microsoft/mana/hw_channel.c | 62 ++-- drivers/net/gtp.c | 2 drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 11 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 +- drivers/net/wireless/silabs/wfx/sta.c | 5 drivers/nfc/pn533/pn533.c | 5 drivers/of/platform.c | 2 drivers/phy/freescale/phy-fsl-imx8mq-usb.c | 2 drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 23 + drivers/phy/xilinx/phy-zynqmp.c | 56 +++ drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 55 ++- drivers/pinctrl/pinctrl-rockchip.c | 2 drivers/pinctrl/pinctrl-single.c | 2 drivers/pinctrl/qcom/pinctrl-x1e80100.c | 35 +- drivers/pinctrl/starfive/pinctrl-starfive-jh7110.c | 4 drivers/power/supply/qcom_battmgr.c | 16 - drivers/scsi/aacraid/comminit.c | 2 drivers/scsi/sd.c | 12 drivers/soc/qcom/cmd-db.c | 2 drivers/soc/qcom/pmic_glink.c | 40 +- drivers/soc/qcom/pmic_glink_altmode.c | 17 - drivers/soundwire/stream.c | 8 drivers/usb/cdns3/cdnsp-gadget.h | 3 drivers/usb/cdns3/cdnsp-ring.c | 30 ++ drivers/usb/class/cdc-acm.c | 3 drivers/usb/core/sysfs.c | 1 drivers/usb/dwc3/core.c | 8 drivers/usb/dwc3/dwc3-omap.c | 4 drivers/usb/dwc3/dwc3-st.c | 16 - drivers/usb/dwc3/dwc3-xilinx.c | 7 drivers/usb/dwc3/ep0.c | 3 drivers/usb/gadget/function/uvc_video.c | 1 drivers/usb/serial/option.c | 5 drivers/usb/typec/mux/fsa4480.c | 2 drivers/usb/typec/ucsi/ucsi_glink.c | 43 ++ drivers/video/aperture.c | 11 fs/afs/inode.c | 11 fs/attr.c | 14 fs/backing-file.c | 5 fs/binfmt_elf_fdpic.c | 3 fs/btrfs/bio.c | 26 + fs/btrfs/qgroup.c | 2 fs/ceph/inode.c | 1 fs/erofs/zutil.c | 3 fs/netfs/io.c | 1 fs/netfs/misc.c | 60 +++- fs/netfs/write_collect.c | 7 fs/nfsd/nfs4state.c | 62 ++-- fs/nfsd/nfs4xdr.c | 6 fs/nfsd/state.h | 2 fs/smb/client/cifsglob.h | 1 fs/smb/client/cifssmb.c | 1 fs/smb/client/smb2ops.c | 24 + fs/smb/client/smb2pdu.c | 4 include/linux/fs.h | 1 include/linux/soc/qcom/pmic_glink.h | 11 include/linux/sysfb.h | 4 include/net/bonding.h | 2 include/net/busy_poll.h | 2 include/net/netfilter/nf_tables_ipv4.h | 10 include/net/netfilter/nf_tables_ipv6.h | 5 io_uring/kbuf.c | 2 mm/truncate.c | 4 net/bluetooth/hci_core.c | 10 net/core/net-sysfs.c | 2 net/core/pktgen.c | 4 net/ethtool/ioctl.c | 3 net/ipv4/tcp.c | 18 - net/mptcp/fastopen.c | 4 net/mptcp/options.c | 50 +-- net/mptcp/pm.c | 32 +- net/mptcp/pm_netlink.c | 107 +++++-- net/mptcp/protocol.c | 65 ++-- net/mptcp/protocol.h | 9 net/mptcp/sched.c | 4 net/mptcp/sockopt.c | 4 net/mptcp/subflow.c | 56 ++- net/sched/sch_fq.c | 4 net/sctp/sm_statefuns.c | 22 + security/apparmor/policy_unpack_test.c | 6 security/selinux/hooks.c | 4 security/smack/smack_lsm.c | 4 sound/core/seq/seq_clientmgr.c | 3 sound/pci/hda/cs35l56_hda.c | 2 sound/pci/hda/patch_realtek.c | 2 sound/soc/amd/acp/acp-legacy-mach.c | 2 sound/soc/codecs/cs-amp-lib-test.c | 9 sound/soc/codecs/cs-amp-lib.c | 7 sound/soc/sof/amd/acp-dsp-offset.h | 6 sound/soc/sof/amd/acp.c | 52 ++- sound/soc/sof/amd/acp.h | 9 sound/soc/sof/amd/pci-acp63.c | 2 sound/soc/sof/amd/pci-rmb.c | 2 sound/soc/sof/amd/pci-rn.c | 2 tools/testing/selftests/iommu/iommufd.c | 6 tools/testing/selftests/net/forwarding/local_termination.sh | 4 tools/testing/selftests/net/forwarding/no_forwarding.sh | 3 tools/testing/selftests/net/mptcp/mptcp_join.sh | 57 ++- 156 files changed, 1609 insertions(+), 707 deletions(-) Abel Vesa (1): phy: qcom: qmp-pcie: Fix X1E80100 PCIe Gen4 PHY initialisation Adam Ford (1): arm64: dts: imx8mp-beacon-kit: Fix Stereo Audio on WM8962 Aleksandr Mishin (1): nfc: pn533: Add poll mod list filling check Alex Deucher (4): drm/amdgpu: align pp_power_profile_mode with kernel docs drm/amdgpu/swsmu: always force a state reprogram on init video/aperture: optionally match the device in sysfb_disable() drm/amdgpu: fix eGPU hotplug regression Alexander Stein (1): dt-bindings: usb: microchip,usb2514: Fix reference USB device schema Alexander Sverdlin (1): wifi: wfx: repair open network AP mode Anjaneyulu (1): wifi: iwlwifi: fw: fix wgds rev 3 exact size Avraham Stern (1): wifi: iwlwifi: mvm: allow 6 GHz channels in MLO scan Ben Hutchings (1): scsi: aacraid: Fix double-free on probe failure Bjorn Andersson (3): soc: qcom: pmic_glink: Actually communicate when remote goes down soc: qcom: pmic_glink: Fix race during initialization usb: typec: ucsi: Move unregister out of atomic section Cong Wang (1): gtp: fix a potential NULL pointer dereference Cosmo Chou (1): hwmon: (pt5161l) Fix invalid temperature reading David Howells (8): netfs, ceph: Partially revert "netfs: Replace PG_fscache by setting folio->private and marking dirty" mm: Fix missing folio invalidation calls during truncation afs: Fix post-setattr file edit to do truncation correctly netfs: Fix netfs_release_folio() to say no if folio dirty netfs: Fix trimming of streaming-write folios in netfs_inval_folio() netfs: Fix missing iterator reset on retry of short read netfs: Fix interaction of streaming writes with zero-point tracker cifs: Fix FALLOC_FL_PUNCH_HOLE support Ed Tsai (1): backing-file: convert to using fops->splice_write Emmanuel Grumbach (1): wifi: iwlwifi: mvm: take the mutex before running link selection Eric Dumazet (3): pktgen: use cpus_read_lock() in pg_net_init() net_sched: sch_fq: fix incorrect behavior for small weights net: busy-poll: use ktime_get_ns() instead of local_clock() Francois Dugast (1): drm/xe/exec_queue: Rename xe_exec_queue::compute to xe_exec_queue::lr Gao Xiang (1): erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails Gautham R. Shenoy (1): cpufreq/amd-pstate: Use topology_logical_package_id() instead of logical_die_id() Greg Kroah-Hartman (1): Linux 6.10.8 Guenter Roeck (1): apparmor: fix policy_unpack_test on big endian systems Haiyang Zhang (1): net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response Hal Feng (1): pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register Hans de Goede (1): drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict Hendrik Borghorst (1): ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED Huang-Huang Bao (1): pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Ian Ray (1): cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Imre Deak (1): drm/i915/dp_mst: Fix MST state after a sink reset Jack Xiao (1): drm/amdgpu/mes: fix mes ring buffer overflow Jamie Bainbridge (1): ethtool: check device is present when getting link settings Jason Gunthorpe (2): iommufd: Do not allow creating areas without READ or WRITE iommu: Do not return 0 from map_pages if it doesn't do anything Jeff Layton (4): nfsd: ensure that nfsd4_fattr_args.context is zeroed out nfsd: hold reference to delegation when updating it for cb_getattr nfsd: fix potential UAF in nfsd4_cb_getattr_release fs/nfsd: fix update of inode attrs in CB_GETATTR Jens Axboe (1): io_uring/kbuf: return correct iovec count from classic buffer peek Jianbo Liu (3): bonding: implement xdo_dev_state_free and call it after deletion bonding: extract the use of real_device into local variable bonding: change ipsec_lock from spin lock to mutex Johan Hovold (4): arm64: dts: qcom: x1e80100-crd: fix PCIe4 PHY supply arm64: dts: qcom: x1e80100-qcp: fix PCIe4 PHY supply arm64: dts: qcom: x1e80100: add missing PCIe minimum OPP arm64: dts: qcom: x1e80100: fix PCIe domain numbers John Sweeney (1): ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx Josef Bacik (1): btrfs: run delayed iputs when flushing delalloc Karthik Poosa (1): drm/xe/hwmon: Fix WRITE_I1 param from u32 to u16 Kees Cook (1): dmaengine: ti: omap-dma: Initialize sglen after allocation Konrad Dybcio (2): pinctrl: qcom: x1e80100: Update PDC hwirq map pinctrl: qcom: x1e80100: Fix special pin offsets Krzysztof Kozlowski (5): soundwire: stream: fix programming slave ports for non-continous port maps usb: dwc3: xilinx: add missing depopulate in probe error path usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: st: add missing depopulate in probe error path Luca Weiss (1): usb: typec: fsa4480: Relax CHIP_ID check Luiz Augusto von Dentz (1): Bluetooth: hci_core: Fix not handling hibernation actions Ma Ke (2): pinctrl: single: fix potential NULL dereference in pcs_get_function() drm/amd/display: avoid using null object of framebuffer Maarten Lankhorst (1): drm/xe/display: Make display suspend/resume work on discrete Mario Limonciello (1): cpufreq/amd-pstate-ut: Don't check for highest perf matching on prefcore Markus Niebel (2): arm64: dts: freescale: imx93-tqma9352: fix CMA alloc-ranges arm64: dts: freescale: imx93-tqma9352-mba93xxla: fix typo Matthew Auld (1): drm/xe: prevent UAF around preempt fence Matthieu Baerts (NGI0) (16): mptcp: close subflow when receiving TCP+FIN mptcp: sched: check both backup in retrans mptcp: pr_debug: add missing \n at the end mptcp: pm: reuse ID 0 after delete and re-add mptcp: pm: skip connecting to already established sf mptcp: pm: reset MPC endp ID when re-added mptcp: pm: send ACK on an active subflow mptcp: pm: fix RM_ADDR ID for the initial subflow mptcp: pm: do not remove already closed subflows mptcp: pm: fix ID 0 endp usage after multiple re-creations mptcp: avoid duplicated SUB_CLOSED events mptcp: pm: ADD_ADDR 0 is not a new address selftests: mptcp: join: cannot rm sf if closed selftests: mptcp: join: check removing ID 0 endpoint selftests: mptcp: join: no extra msg if no counter selftests: mptcp: join: check re-re-adding ID 0 endp Max Filippov (1): binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined Miao Wang (1): LoongArch: Remove the unused dma-direct.h Michael Grzeschik (1): usb: dwc3: ep0: Don't reset resource alloc flag (including ep0) Michal Vokáč (1): ARM: dts: imx6dl-yapp43: Increase LED current to match the yapp4 HW design Mrinmay Sarkar (2): dmaengine: dw-edma: Fix unmasking STOP and ABORT interrupts for HDMA dmaengine: dw-edma: Do not enable watermark interrupts for HDMA Murali Nalajala (1): firmware: qcom: scm: Mark get_wq_ctx() as atomic call Neeraj Sanjay Kale (2): Bluetooth: btnxpuart: Handle FW Download Abort scenario Bluetooth: btnxpuart: Fix random crash seen while removing driver NeilBrown (1): nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease Nícolas F. R. A. Prado (1): pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE Olga Kornievskaia (1): nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open Ondrej Mosnacek (1): sctp: fix association labeling in the duplicate COOKIE-ECHO case Pablo Neira Ayuso (2): netfilter: nf_tables: restore IP sanity checks for netdev/egress netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation Pawel Laszczak (2): usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function usb: cdnsp: fix for Link TRB with TC Petr Machata (2): selftests: forwarding: no_forwarding: Down ports on cleanup selftests: forwarding: local_termination: Down ports on cleanup Piyush Mehta (1): phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume Qu Wenruo (1): btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() Richard Fitzgerald (2): ASoC: cs-amp-lib-test: Force test calibration blob entries to be valid ASoC: cs-amp-lib: Ignore empty UEFI calibration entries Rodrigo Vivi (1): drm/xe: Prepare display for D3Cold Sascha Hauer (1): wifi: mwifiex: duplicate static structs used in driver instances Scott Mayhew (1): selinux,smack: don't bypass permissions check in inode_setsecctx hook Selvarasu Ganesan (1): usb: dwc3: core: Prevent USB core invalid event buffer address access Serge Semin (2): dmaengine: dw: Add peripheral bus width verification dmaengine: dw: Add memory bus width verification Shenwei Wang (1): arm64: dts: imx93: update default value for snps,clk-csr Sicelo A. Mhlongo (1): ARM: dts: omap3-n900: correct the accelerometer orientation Simon Trimmer (1): ALSA: hda: cs35l56: Don't use the device index as a calibration index Stefan Berger (1): tpm: ibmvtpm: Call tpm2_sessions_init() to initialize session support Stefan Metzmacher (2): smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() smb/client: remove unused rq_iter_size from struct smb_rqst Steve Wilkins (1): firmware: microchip: fix incorrect error report of programming:timeout on success Takashi Iwai (1): ALSA: seq: Skip event type filtering for UMP events Thorsten Blum (1): drm/xe/vm: Simplify if condition Tiezhu Yang (1): LoongArch: Add ifdefs to fix LSX and LASX related warnings Tvrtko Ursulin (1): drm/v3d: Disable preemption while updating GPU stats Varadarajan Narayanan (1): arm64: dts: qcom: ipq5332: Fix interrupt trigger type for usb Victor Lu (1): drm/amdgpu: Do not wait for MP0_C2PMSG_33 IFWI init in SRIOV Vijendar Mukunda (3): ASoC: SOF: amd: move iram-dram fence register programming sequence ASoC: SOF: amd: Fix for incorrect acp error register offsets ASoC: SOF: amd: Fix for acp init sequence Volodymyr Babchuk (1): soc: qcom: cmd-db: Map shared memory as WC, not WB Xu Yang (2): phy: fsl-imx8mq-usb: fix tuning parameter name usb: gadget: uvc: queue pump work in uvcg_video_enable() Xueming Feng (1): tcp: fix forever orphan socket caused by tcp_abort Yihang Li (1): scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress Yuntao Liu (1): ASoC: amd: acp: fix module autoloading ZHANG Yuntian (1): USB: serial: option: add MeiG Smart SRM825L Zack Rusin (3): drm/vmwgfx: Prevent unmapping active read buffers drm/vmwgfx: Fix prime with external buffers drm/vmwgfx: Disable coherent dumb buffers without 3d Zijun Hu (1): usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes()

8 months

1
1
0 0

Linux 6.6.49

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.49 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/alpha/kernel/pci_iommu.c | 2 arch/arm/boot/dts/nxp/imx/imx6dl-yapp43-common.dtsi | 12 arch/arm/boot/dts/ti/omap/omap3-n900.dts | 2 arch/arm64/boot/dts/freescale/imx8mp-beacon-kit.dts | 12 arch/arm64/boot/dts/freescale/imx93-tqma9352-mba93xxla.dts | 2 arch/arm64/boot/dts/freescale/imx93-tqma9352.dtsi | 2 arch/arm64/boot/dts/freescale/imx93.dtsi | 15 + arch/loongarch/include/asm/dma-direct.h | 11 arch/mips/jazz/jazzdma.c | 2 arch/powerpc/kernel/dma-iommu.c | 2 arch/powerpc/platforms/ps3/system-bus.c | 4 arch/powerpc/platforms/pseries/vio.c | 2 arch/x86/kernel/amd_gart_64.c | 2 drivers/bluetooth/btnxpuart.c | 89 +++++- drivers/dma/dw-edma/dw-hdma-v0-core.c | 26 - drivers/dma/dw/core.c | 89 ++++++ drivers/firmware/qcom_scm-smc.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 9 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 21 - drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 114 ++++++++ drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 4 drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 12 drivers/iommu/dma-iommu.c | 2 drivers/iommu/io-pgtable-arm-v7s.c | 3 drivers/iommu/io-pgtable-arm.c | 3 drivers/iommu/io-pgtable-dart.c | 3 drivers/iommu/iommufd/ioas.c | 8 drivers/net/bonding/bond_main.c | 159 +++++++----- drivers/net/ethernet/microsoft/mana/hw_channel.c | 62 ++-- drivers/net/gtp.c | 2 drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 +- drivers/net/wireless/silabs/wfx/sta.c | 5 drivers/nfc/pn533/pn533.c | 5 drivers/parisc/ccio-dma.c | 2 drivers/parisc/sba_iommu.c | 2 drivers/phy/freescale/phy-fsl-imx8mq-usb.c | 2 drivers/phy/xilinx/phy-zynqmp.c | 56 ++++ drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 55 ++-- drivers/pinctrl/pinctrl-rockchip.c | 2 drivers/pinctrl/pinctrl-single.c | 2 drivers/pinctrl/starfive/pinctrl-starfive-jh7110.c | 4 drivers/power/supply/qcom_battmgr.c | 16 - drivers/scsi/aacraid/comminit.c | 2 drivers/scsi/sd.c | 12 drivers/soc/qcom/cmd-db.c | 2 drivers/soc/qcom/pmic_glink.c | 30 +- drivers/soc/qcom/pmic_glink_altmode.c | 17 - drivers/soundwire/stream.c | 8 drivers/thermal/thermal_of.c | 17 - drivers/usb/cdns3/cdnsp-gadget.h | 3 drivers/usb/cdns3/cdnsp-ring.c | 30 ++ drivers/usb/class/cdc-acm.c | 3 drivers/usb/core/sysfs.c | 1 drivers/usb/dwc3/core.c | 8 drivers/usb/dwc3/dwc3-omap.c | 4 drivers/usb/dwc3/dwc3-st.c | 16 - drivers/usb/serial/option.c | 5 drivers/usb/typec/tcpm/tcpm.c | 14 - drivers/usb/typec/ucsi/ucsi_glink.c | 16 - drivers/xen/grant-dma-ops.c | 2 drivers/xen/swiotlb-xen.c | 2 fs/btrfs/bio.c | 26 + fs/btrfs/qgroup.c | 2 fs/overlayfs/params.c | 51 --- fs/smb/client/smb2ops.c | 22 + fs/smb/client/smb2pdu.c | 2 include/linux/dma-map-ops.h | 2 include/linux/of.h | 15 + include/linux/soc/qcom/pmic_glink.h | 11 include/net/bonding.h | 2 include/net/busy_poll.h | 2 include/net/netfilter/nf_tables_ipv4.h | 10 include/net/netfilter/nf_tables_ipv6.h | 5 kernel/dma/mapping.c | 4 kernel/trace/trace.h | 23 + kernel/trace/trace_events.c | 33 +- kernel/trace/trace_events_hist.c | 4 kernel/trace/trace_events_inject.c | 2 kernel/trace/trace_events_trigger.c | 6 mm/truncate.c | 4 net/bluetooth/hci_core.c | 10 net/core/net-sysfs.c | 2 net/ethtool/ioctl.c | 3 net/mptcp/pm.c | 4 net/mptcp/pm_netlink.c | 59 +++- net/mptcp/protocol.c | 7 net/mptcp/protocol.h | 2 net/mptcp/subflow.c | 8 net/sctp/sm_statefuns.c | 22 + security/apparmor/policy_unpack_test.c | 6 security/selinux/hooks.c | 4 security/smack/smack_lsm.c | 4 sound/core/seq/seq_clientmgr.c | 3 sound/soc/amd/acp/acp-legacy-mach.c | 2 sound/soc/sof/amd/acp.c | 19 + sound/soc/sof/amd/acp.h | 7 tools/testing/selftests/iommu/iommufd.c | 6 tools/testing/selftests/net/forwarding/local_termination.sh | 4 tools/testing/selftests/net/forwarding/no_forwarding.sh | 3 tools/testing/selftests/net/mptcp/mptcp_join.sh | 46 ++- 102 files changed, 1071 insertions(+), 444 deletions(-) Adam Ford (1): arm64: dts: imx8mp-beacon-kit: Fix Stereo Audio on WM8962 Aleksandr Mishin (1): nfc: pn533: Add poll mod list filling check Alex Deucher (2): drm/amdgpu: align pp_power_profile_mode with kernel docs drm/amdgpu/swsmu: always force a state reprogram on init Alexander Sverdlin (1): wifi: wfx: repair open network AP mode Anjaneyulu (1): wifi: iwlwifi: fw: fix wgds rev 3 exact size Ben Hutchings (1): scsi: aacraid: Fix double-free on probe failure Bjorn Andersson (2): soc: qcom: pmic_glink: Actually communicate when remote goes down soc: qcom: pmic_glink: Fix race during initialization Christian Brauner (1): ovl: pass string to ovl_parse_layer() Cong Wang (1): gtp: fix a potential NULL pointer dereference David Howells (2): mm: Fix missing folio invalidation calls during truncation cifs: Fix FALLOC_FL_PUNCH_HOLE support Eric Dumazet (1): net: busy-poll: use ktime_get_ns() instead of local_clock() Greg Kroah-Hartman (3): usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister existing source caps before re-registration" Revert "change alloc_pages name in dma_map_ops to avoid name conflicts" Linux 6.6.49 Guenter Roeck (1): apparmor: fix policy_unpack_test on big endian systems Haiyang Zhang (1): net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response Hal Feng (1): pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register Huang-Huang Bao (1): pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Ian Ray (1): cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Jamie Bainbridge (1): ethtool: check device is present when getting link settings Jason Gunthorpe (2): iommufd: Do not allow creating areas without READ or WRITE iommu: Do not return 0 from map_pages if it doesn't do anything Jianbo Liu (3): bonding: implement xdo_dev_state_free and call it after deletion bonding: extract the use of real_device into local variable bonding: change ipsec_lock from spin lock to mutex Jonathan Cameron (2): of: Add cleanup.h based auto release via __free(device_node) markings of: Introduce for_each_*_child_of_node_scoped() to automate of_node_put() handling Josef Bacik (1): btrfs: run delayed iputs when flushing delalloc Krzysztof Kozlowski (6): thermal: of: Fix OF node leak in thermal_of_trips_init() error path thermal: of: Fix OF node leak in of_thermal_zone_find() error paths soundwire: stream: fix programming slave ports for non-continous port maps usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: st: add missing depopulate in probe error path Luiz Augusto von Dentz (1): Bluetooth: hci_core: Fix not handling hibernation actions Ma Ke (2): pinctrl: single: fix potential NULL dereference in pcs_get_function() drm/amd/display: avoid using null object of framebuffer Markus Niebel (2): arm64: dts: freescale: imx93-tqma9352: fix CMA alloc-ranges arm64: dts: freescale: imx93-tqma9352-mba93xxla: fix typo Matthieu Baerts (NGI0) (12): mptcp: close subflow when receiving TCP+FIN mptcp: sched: check both backup in retrans mptcp: pm: reuse ID 0 after delete and re-add mptcp: pm: skip connecting to already established sf mptcp: pm: reset MPC endp ID when re-added mptcp: pm: send ACK on an active subflow mptcp: pm: do not remove already closed subflows mptcp: pm: fix ID 0 endp usage after multiple re-creations mptcp: pm: ADD_ADDR 0 is not a new address selftests: mptcp: join: check removing ID 0 endpoint selftests: mptcp: join: no extra msg if no counter selftests: mptcp: join: check re-re-adding ID 0 endp Miao Wang (1): LoongArch: Remove the unused dma-direct.h Michal Vokáč (1): ARM: dts: imx6dl-yapp43: Increase LED current to match the yapp4 HW design Mrinmay Sarkar (2): dmaengine: dw-edma: Fix unmasking STOP and ABORT interrupts for HDMA dmaengine: dw-edma: Do not enable watermark interrupts for HDMA Murali Nalajala (1): firmware: qcom: scm: Mark get_wq_ctx() as atomic call Neeraj Sanjay Kale (3): Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test Bluetooth: btnxpuart: Handle FW Download Abort scenario Bluetooth: btnxpuart: Fix random crash seen while removing driver Nícolas F. R. A. Prado (1): pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE Ondrej Mosnacek (1): sctp: fix association labeling in the duplicate COOKIE-ECHO case Pablo Neira Ayuso (2): netfilter: nf_tables: restore IP sanity checks for netdev/egress netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation Pawel Laszczak (2): usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function usb: cdnsp: fix for Link TRB with TC Peng Fan (2): arm64: dts: imx93: add nvmem property for fec1 arm64: dts: imx93: add nvmem property for eqos Petr Machata (2): selftests: forwarding: no_forwarding: Down ports on cleanup selftests: forwarding: local_termination: Down ports on cleanup Piyush Mehta (1): phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume Qu Wenruo (1): btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() Sascha Hauer (1): wifi: mwifiex: duplicate static structs used in driver instances Scott Mayhew (1): selinux,smack: don't bypass permissions check in inode_setsecctx hook Selvarasu Ganesan (1): usb: dwc3: core: Prevent USB core invalid event buffer address access Serge Semin (2): dmaengine: dw: Add peripheral bus width verification dmaengine: dw: Add memory bus width verification Shenwei Wang (1): arm64: dts: imx93: update default value for snps,clk-csr Sicelo A. Mhlongo (1): ARM: dts: omap3-n900: correct the accelerometer orientation Stefan Metzmacher (1): smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() Steven Rostedt (1): tracing: Have format file honor EVENT_FILE_FL_FREED Takashi Iwai (1): ALSA: seq: Skip event type filtering for UMP events Vijendar Mukunda (1): ASoC: SOF: amd: Fix for acp init sequence Volodymyr Babchuk (1): soc: qcom: cmd-db: Map shared memory as WC, not WB Xu Yang (1): phy: fsl-imx8mq-usb: fix tuning parameter name Yihang Li (1): scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress Yuntao Liu (1): ASoC: amd: acp: fix module autoloading ZHANG Yuntian (1): USB: serial: option: add MeiG Smart SRM825L Zack Rusin (1): drm/vmwgfx: Fix prime with external buffers Zhihao Cheng (2): ovl: fix wrong lowerdir number check for parameter Opt_lowerdir ovl: ovl_parse_param_lowerdir: Add missed '\n' for pr_err Zijun Hu (1): usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes()

8 months

1
1
0 0

Linux 6.1.108

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.108 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/loongarch/include/asm/dma-direct.h | 11 drivers/ata/libata-core.c | 3 drivers/dma/dw/core.c | 89 ++++++- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 9 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 21 - drivers/iommu/io-pgtable-arm-v7s.c | 3 drivers/iommu/io-pgtable-arm.c | 3 drivers/iommu/io-pgtable-dart.c | 3 drivers/mmc/core/core.c | 3 drivers/mmc/host/dw_mmc.c | 3 drivers/mmc/host/mtk-sd.c | 14 - drivers/mmc/host/sdhci-msm.c | 3 drivers/mmc/host/sdhci-pci-o2micro.c | 3 drivers/mmc/host/sdhci-tegra.c | 8 drivers/mmc/host/sdhci.c | 9 drivers/net/bonding/bond_main.c | 36 ++ drivers/net/ethernet/intel/igc/igc_tsn.c | 9 drivers/net/ethernet/microsoft/mana/hw_channel.c | 62 ++-- drivers/net/gtp.c | 2 drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 - drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 ++ drivers/net/wireless/silabs/wfx/sta.c | 5 drivers/nfc/pn533/pn533.c | 5 drivers/phy/xilinx/phy-zynqmp.c | 152 +++++++----- drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 55 ++-- drivers/pinctrl/pinctrl-rockchip.c | 2 drivers/pinctrl/pinctrl-single.c | 2 drivers/scsi/aacraid/comminit.c | 2 drivers/soc/qcom/cmd-db.c | 2 drivers/soundwire/stream.c | 8 drivers/thermal/thermal_of.c | 17 - drivers/usb/cdns3/cdnsp-gadget.h | 3 drivers/usb/cdns3/cdnsp-ring.c | 30 ++ drivers/usb/class/cdc-acm.c | 3 drivers/usb/core/sysfs.c | 1 drivers/usb/dwc3/core.c | 8 drivers/usb/dwc3/dwc3-omap.c | 4 drivers/usb/dwc3/dwc3-st.c | 16 - drivers/usb/serial/option.c | 5 drivers/usb/typec/tcpm/tcpm.c | 14 - drivers/video/fbdev/offb.c | 1 fs/btrfs/compression.c | 2 fs/btrfs/qgroup.c | 2 fs/smb/client/smb2pdu.c | 2 include/linux/of.h | 15 + include/net/busy_poll.h | 2 include/net/netfilter/nf_tables_ipv4.h | 10 include/net/netfilter/nf_tables_ipv6.h | 5 mm/truncate.c | 4 net/bluetooth/hci_core.c | 10 net/core/net-sysfs.c | 2 net/ethtool/ioctl.c | 3 net/mptcp/pm.c | 32 +- net/mptcp/pm_netlink.c | 110 ++++---- net/mptcp/protocol.c | 7 net/mptcp/protocol.h | 7 net/mptcp/subflow.c | 8 net/sctp/sm_statefuns.c | 22 + security/apparmor/policy_unpack_test.c | 6 sound/soc/amd/acp/acp-legacy-mach.c | 2 sound/soc/sof/amd/acp.c | 19 + sound/soc/sof/amd/acp.h | 7 tools/testing/selftests/net/forwarding/local_termination.sh | 4 tools/testing/selftests/net/forwarding/no_forwarding.sh | 3 66 files changed, 649 insertions(+), 314 deletions(-) Aleksandr Mishin (1): nfc: pn533: Add poll mod list filling check Alex Deucher (2): drm/amdgpu: align pp_power_profile_mode with kernel docs drm/amdgpu/swsmu: always force a state reprogram on init Alexander Sverdlin (1): wifi: wfx: repair open network AP mode Anjaneyulu (1): wifi: iwlwifi: fw: fix wgds rev 3 exact size Ben Hutchings (1): scsi: aacraid: Fix double-free on probe failure ChanWoo Lee (1): mmc: Avoid open coding by using mmc_op_tuning() Cong Wang (1): gtp: fix a potential NULL pointer dereference David Howells (1): mm: Fix missing folio invalidation calls during truncation Eric Dumazet (1): net: busy-poll: use ktime_get_ns() instead of local_clock() Faizal Rahim (2): igc: Fix reset adapter logics when tx mode change igc: Fix qbv tx latency by setting gtxoffset Filipe Manana (1): btrfs: fix extent map use-after-free when adding pages to compressed bio Geliang Tang (1): mptcp: unify pm get_local_id interfaces Greg Kroah-Hartman (3): usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister existing source caps before re-registration" fbdev: offb: fix up missing cleanup.h Linux 6.1.108 Guenter Roeck (1): apparmor: fix policy_unpack_test on big endian systems Haiyang Zhang (1): net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response Huang-Huang Bao (1): pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Ian Ray (1): cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Jamie Bainbridge (1): ethtool: check device is present when getting link settings Jason Gunthorpe (1): iommu: Do not return 0 from map_pages if it doesn't do anything Jesse Zhang (1): drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Jianbo Liu (1): bonding: implement xdo_dev_state_free and call it after deletion Jonathan Cameron (2): of: Add cleanup.h based auto release via __free(device_node) markings of: Introduce for_each_*_child_of_node_scoped() to automate of_node_put() handling Josef Bacik (1): btrfs: run delayed iputs when flushing delalloc Krzysztof Kozlowski (6): thermal: of: Fix OF node leak in thermal_of_trips_init() error path thermal: of: Fix OF node leak in of_thermal_zone_find() error paths soundwire: stream: fix programming slave ports for non-continous port maps usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: st: add missing depopulate in probe error path Luiz Augusto von Dentz (1): Bluetooth: hci_core: Fix not handling hibernation actions Ma Ke (2): pinctrl: single: fix potential NULL dereference in pcs_get_function() drm/amd/display: avoid using null object of framebuffer Matthieu Baerts (NGI0) (10): mptcp: close subflow when receiving TCP+FIN mptcp: sched: check both backup in retrans mptcp: pm: skip connecting to already established sf mptcp: pm: reset MPC endp ID when re-added mptcp: pm: send ACK on an active subflow mptcp: pm: do not remove already closed subflows mptcp: pm: ADD_ADDR 0 is not a new address mptcp: pm: remove mptcp_pm_remove_subflow() mptcp: pm: only mark 'subflow' endp as available mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR Mengqi Zhang (1): mmc: mtk-sd: receive cmd8 data when hs400 tuning fail Miao Wang (1): LoongArch: Remove the unused dma-direct.h Niklas Cassel (1): ata: libata-core: Fix null pointer dereference on error Nícolas F. R. A. Prado (1): pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE Ondrej Mosnacek (1): sctp: fix association labeling in the duplicate COOKIE-ECHO case Pablo Neira Ayuso (2): netfilter: nf_tables: restore IP sanity checks for netdev/egress netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation Pawel Laszczak (2): usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function usb: cdnsp: fix for Link TRB with TC Petr Machata (2): selftests: forwarding: no_forwarding: Down ports on cleanup selftests: forwarding: local_termination: Down ports on cleanup Piyush Mehta (3): phy: xilinx: add runtime PM support phy: xilinx: phy-zynqmp: dynamic clock support for power-save phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume Sascha Hauer (1): wifi: mwifiex: duplicate static structs used in driver instances Sean Anderson (1): phy: zynqmp: Enable reference clock correctly Selvarasu Ganesan (1): usb: dwc3: core: Prevent USB core invalid event buffer address access Serge Semin (2): dmaengine: dw: Add peripheral bus width verification dmaengine: dw: Add memory bus width verification Stefan Metzmacher (1): smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() Vijendar Mukunda (1): ASoC: SOF: amd: Fix for acp init sequence Volodymyr Babchuk (1): soc: qcom: cmd-db: Map shared memory as WC, not WB Yuntao Liu (1): ASoC: amd: acp: fix module autoloading ZHANG Yuntian (1): USB: serial: option: add MeiG Smart SRM825L Zijun Hu (1): usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes()

8 months

1
1
0 0

Linux 5.15.166

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.166 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/kernel/acpi_numa.c | 2 arch/arm64/kernel/setup.c | 3 arch/arm64/kernel/smp.c | 2 arch/arm64/kvm/sys_regs.c | 6 arch/arm64/kvm/vgic/vgic.h | 7 arch/mips/kernel/cpu-probe.c | 4 arch/mips/loongson64/reset.c | 38 +- arch/openrisc/kernel/setup.c | 6 arch/parisc/kernel/irq.c | 4 arch/powerpc/boot/simple_alloc.c | 7 arch/powerpc/sysdev/xics/icp-native.c | 2 arch/s390/include/asm/uv.h | 5 arch/s390/kernel/early.c | 12 arch/s390/kernel/smp.c | 4 arch/x86/kernel/process.c | 5 drivers/ata/libata-core.c | 3 drivers/atm/idt77252.c | 9 drivers/bluetooth/hci_ldisc.c | 3 drivers/char/xillybus/xillyusb.c | 42 ++ drivers/clocksource/arm_global_timer.c | 11 drivers/dma/dw/core.c | 89 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 5 drivers/gpu/drm/lima/lima_gp.c | 12 drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 3 drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 drivers/hid/hid-ids.h | 10 drivers/hid/hid-microsoft.c | 11 drivers/hid/wacom_wac.c | 4 drivers/hwmon/ltc2992.c | 8 drivers/i2c/busses/i2c-riic.c | 2 drivers/i3c/master/mipi-i3c-hci/dma.c | 5 drivers/infiniband/hw/hfi1/chip.c | 5 drivers/infiniband/ulp/rtrs/rtrs.c | 2 drivers/input/input-mt.c | 3 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/md/dm-clone-metadata.c | 5 drivers/md/dm-ioctl.c | 22 + drivers/md/dm.c | 4 drivers/md/md.c | 5 drivers/md/persistent-data/dm-space-map-metadata.c | 4 drivers/media/dvb-core/dvb_frontend.c | 12 drivers/media/pci/cx23885/cx23885-video.c | 8 drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 drivers/media/platform/qcom/venus/pm_helpers.c | 2 drivers/media/radio/radio-isa.c | 2 drivers/memory/stm32-fmc2-ebi.c | 122 +++++-- drivers/memory/tegra/tegra186.c | 3 drivers/mmc/core/mmc_test.c | 9 drivers/mmc/host/dw_mmc.c | 8 drivers/net/bonding/bond_main.c | 21 - drivers/net/bonding/bond_options.c | 2 drivers/net/dsa/mv88e6xxx/Makefile | 4 drivers/net/dsa/mv88e6xxx/global1_atu.c | 82 ++++ drivers/net/dsa/mv88e6xxx/trace.c | 6 drivers/net/dsa/mv88e6xxx/trace.h | 66 +++ drivers/net/dsa/vitesse-vsc73xx-core.c | 69 +++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 drivers/net/ethernet/i825xx/sun3_82586.c | 2 drivers/net/ethernet/intel/ice/ice_txrx.c | 2 drivers/net/ethernet/intel/igc/igc_base.c | 29 + drivers/net/ethernet/intel/igc/igc_base.h | 2 drivers/net/ethernet/intel/igc/igc_defines.h | 16 drivers/net/ethernet/intel/igc/igc_main.c | 12 drivers/net/ethernet/intel/igc/igc_regs.h | 1 drivers/net/ethernet/intel/igc/igc_tsn.c | 113 +++++- drivers/net/ethernet/intel/igc/igc_tsn.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige.h | 9 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 10 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_regs.h | 2 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 50 ++- drivers/net/ethernet/microsoft/mana/hw_channel.c | 62 ++- drivers/net/ethernet/microsoft/mana/mana.h | 1 drivers/net/ethernet/microsoft/mana/mana_en.c | 24 - drivers/net/ethernet/xilinx/xilinx_axienet.h | 17 - drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 25 - drivers/net/gtp.c | 5 drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 6 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 + drivers/net/wireless/st/cw1200/txrx.c | 2 drivers/nfc/pn533/pn533.c | 5 drivers/nvme/target/rdma.c | 16 drivers/nvme/target/tcp.c | 1 drivers/nvme/target/trace.c | 6 drivers/nvme/target/trace.h | 28 + drivers/phy/xilinx/phy-zynqmp.c | 152 ++++++--- drivers/pinctrl/pinctrl-rockchip.c | 2 drivers/pinctrl/pinctrl-single.c | 2 drivers/platform/surface/aggregator/controller.c | 3 drivers/platform/x86/lg-laptop.c | 2 drivers/s390/block/dasd.c | 36 +- drivers/s390/block/dasd_3990_erp.c | 10 drivers/s390/block/dasd_eckd.c | 55 +-- drivers/s390/block/dasd_int.h | 2 drivers/s390/cio/idset.c | 12 drivers/scsi/aacraid/comminit.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 2 drivers/scsi/scsi_transport_spi.c | 4 drivers/soc/qcom/cmd-db.c | 2 drivers/soundwire/stream.c | 8 drivers/ssb/main.c | 2 drivers/staging/iio/resolver/ad2s1210.c | 7 drivers/staging/ks7010/ks7010_sdio.c | 4 drivers/thunderbolt/switch.c | 1 drivers/usb/cdns3/cdnsp-gadget.h | 3 drivers/usb/cdns3/cdnsp-ring.c | 30 + drivers/usb/class/cdc-acm.c | 3 drivers/usb/core/sysfs.c | 1 drivers/usb/dwc3/core.c | 21 + drivers/usb/dwc3/dwc3-omap.c | 4 drivers/usb/dwc3/dwc3-st.c | 16 drivers/usb/gadget/udc/fsl_udc_core.c | 2 drivers/usb/host/xhci.c | 8 drivers/usb/serial/option.c | 5 fs/afs/file.c | 8 fs/binfmt_elf_fdpic.c | 2 fs/binfmt_misc.c | 216 ++++++++++--- fs/btrfs/delayed-inode.c | 2 fs/btrfs/free-space-cache.c | 8 fs/btrfs/inode.c | 9 fs/btrfs/qgroup.c | 4 fs/btrfs/send.c | 9 fs/btrfs/tree-checker.c | 69 ++++ fs/ext4/extents.c | 3 fs/ext4/mballoc.c | 3 fs/f2fs/segment.c | 5 fs/file.c | 30 - fs/fuse/cuse.c | 3 fs/fuse/dev.c | 6 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 15 fs/fuse/virtio_fs.c | 10 fs/gfs2/inode.c | 2 fs/inode.c | 39 ++ fs/lockd/svc.c | 3 fs/nfs/callback.c | 3 fs/nfs/pnfs.c | 8 fs/nfsd/export.c | 32 + fs/nfsd/export.h | 4 fs/nfsd/netns.h | 25 + fs/nfsd/nfs4proc.c | 6 fs/nfsd/nfscache.c | 200 +++++++----- fs/nfsd/nfsctl.c | 24 - fs/nfsd/nfsd.h | 1 fs/nfsd/nfsfh.c | 3 fs/nfsd/nfssvc.c | 24 - fs/nfsd/stats.c | 52 +-- fs/nfsd/stats.h | 85 +---- fs/nfsd/trace.h | 22 + fs/nfsd/vfs.c | 6 fs/ntfs3/bitmap.c | 4 fs/ntfs3/fsntfs.c | 2 fs/ntfs3/index.c | 11 fs/ntfs3/ntfs_fs.h | 4 fs/ntfs3/super.c | 2 fs/quota/dquot.c | 5 include/linux/bitmap.h | 20 + include/linux/blkdev.h | 2 include/linux/cpumask.h | 2 include/linux/fs.h | 5 include/linux/pm.h | 55 ++- include/linux/pm_runtime.h | 14 include/linux/sunrpc/svc.h | 5 include/net/busy_poll.h | 2 include/net/kcm.h | 1 include/scsi/scsi_cmnd.h | 2 kernel/cgroup/cpuset.c | 13 kernel/time/clocksource.c | 42 +- kernel/time/hrtimer.c | 2 lib/math/prime_numbers.c | 2 mm/huge_memory.c | 30 - mm/memcontrol.c | 7 mm/memory.c | 29 - net/bluetooth/bnep/core.c | 3 net/bluetooth/hci_core.c | 19 - net/bluetooth/mgmt.c | 4 net/bluetooth/smp.c | 144 ++++---- net/bridge/br_netfilter_hooks.c | 6 net/core/net-sysfs.c | 2 net/ethtool/ioctl.c | 3 net/ipv6/ip6_output.c | 10 net/ipv6/ip6_tunnel.c | 12 net/ipv6/netfilter/nf_conntrack_reasm.c | 4 net/iucv/iucv.c | 3 net/kcm/kcmsock.c | 4 net/mac80211/agg-tx.c | 6 net/mac80211/driver-ops.c | 3 net/mac80211/sta_info.c | 14 net/mptcp/diag.c | 2 net/mptcp/protocol.c | 2 net/netfilter/nf_flow_table_inet.c | 3 net/netfilter/nf_flow_table_ip.c | 3 net/netfilter/nf_flow_table_offload.c | 2 net/netfilter/nfnetlink_queue.c | 35 +- net/netfilter/nft_counter.c | 9 net/netlink/af_netlink.c | 13 net/rds/recv.c | 13 net/sched/sch_netem.c | 47 +- net/sunrpc/stats.c | 2 net/sunrpc/svc.c | 36 +- net/wireless/core.h | 8 security/apparmor/policy_unpack_test.c | 6 security/selinux/avc.c | 2 sound/core/timer.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/usb/quirks-table.h | 1 sound/usb/quirks.c | 2 tools/include/linux/align.h | 12 tools/include/linux/bitmap.h | 9 tools/testing/selftests/core/close_range_test.c | 35 ++ tools/testing/selftests/tc-testing/tdc.py | 1 222 files changed, 2387 insertions(+), 1046 deletions(-) Abhinav Kumar (1): drm/msm/dp: reset the link phy params before link training Adrian Hunter (1): clocksource: Make watchdog and suspend-timing multiplication overflow safe Al Viro (4): fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE memcg_write_event_control(): fix a user-triggerable oops afs: fix __afs_break_callback() / afs_drop_open_mmap() race fuse: fix UAF in rcu pathwalks Aleksandr Mishin (1): nfc: pn533: Add poll mod list filling check Alex Deucher (2): drm/amdgpu/jpeg2: properly set atomics vmid field drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alex Hung (2): drm/amd/display: Validate hw_points_num before using it Revert "drm/amd/display: Validate hw_points_num before using it" Alexander Gordeev (1): s390/iucv: fix receive buffer virtual vs physical address confusion Alexander Lobakin (5): fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() s390/cio: rename bitmap_size() -> idset_bitmap_size() btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() bitmap: introduce generic optimized bitmap_size() tools: move alignment-related macros to new <linux/align.h> Allison Henderson (1): net:rds: Fix possible deadlock in rds_message_put Andreas Gruenbacher (1): gfs2: setattr_chown: Add missing initialization Antoniu Miclaus (1): hwmon: (ltc2992) Avoid division by zero Ashish Mhetre (1): memory: tegra: Skip SID programming if SID registers aren't set Aurelien Jarno (1): media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Baokun Li (2): ext4: do not trim the group with corrupted block bitmap ext4: set the type of max_zeroout to unsigned int to avoid overflow Bas Nieuwenhuizen (1): drm/amdgpu: Actually check flags for all context ops. Ben Hutchings (1): scsi: aacraid: Fix double-free on probe failure Ben Whitten (1): mmc: dw_mmc: allow biu and ciu clocks to defer Chaotian Jing (1): scsi: core: Fix the return value of scsi_logical_block_count() Chen Ridong (1): cgroup/cpuset: Prevent UAF in proc_cpuset_show() Chengfeng Ye (2): staging: ks7010: disable bh on tx_dev_lock IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock Christian Brauner (1): binfmt_misc: cleanup on filesystem umount Christophe Kerello (1): memory: stm32-fmc2-ebi: check regmap_read return value Chuck Lever (6): NFSD: Refactor nfsd_reply_cache_free_locked() NFSD: Rename nfsd_reply_cache_alloc() NFSD: Replace nfsd_prune_bucket() NFSD: Refactor the duplicate reply cache shrinker NFSD: Rewrite synopsis of nfsd_percpu_counters_init() NFSD: Fix frame size warning in svc_export_parse() Claudio Imbrenda (1): s390/uv: Panic for set and remove shared access UVC errors Cong Wang (1): gtp: fix a potential NULL pointer dereference Cosmin Ratiu (1): net/mlx5e: Correctly report errors for ethtool rx flows Dan Carpenter (3): atm: idt77252: prevent use after free in dequeue_rx() dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp() mmc: mmc_test: Fix NULL dereference on allocation failure Daniel Wagner (1): nvmet-trace: avoid dereferencing pointer too early David Lechner (1): staging: iio: resolver: ad2s1210: fix use before initialization David Sterba (5): btrfs: change BUG_ON to assertion when checking for delayed_node root btrfs: handle invalid root reference found in may_destroy_subvol() btrfs: send: handle unexpected data in header buffer in begin_cmd() btrfs: change BUG_ON to assertion in tree_move_down() btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() David Thompson (1): mlxbf_gige: disable RX filters until RX path initialized Dmitry Baryshkov (2): drm/msm/dpu: don't play tricks with debug macros drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails Donald Hunter (1): netfilter: flowtable: initialise extack before use Eli Billauer (3): char: xillybus: Don't destroy workqueue from work item running on it char: xillybus: Refine workqueue handling char: xillybus: Check USB endpoints when probing device Eric Dumazet (6): netlink: hold nlk->cb_mutex longer in __netlink_dump_start() gtp: pull network headers in gtp_dev_xmit() ipv6: prevent UAF in ip6_send_skb() ipv6: fix possible UAF in ip6_finish_output2() ipv6: prevent possible UAF in ip6_xmit() net: busy-poll: use ktime_get_ns() instead of local_clock() Erico Nunes (1): drm/lima: set gp bus_stop bit before hard reset Eugene Syromiatnikov (1): mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size Faizal Rahim (3): igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer igc: Fix reset adapter logics when tx mode change igc: Fix qbv tx latency by setting gtxoffset Florian Westphal (1): netfilter: nf_queue: drop packets with cloned unconfirmed conntracks Gergo Koteles (1): platform/x86: lg-laptop: fix %s null argument warning Greg Kroah-Hartman (2): Revert "MIPS: Loongson64: reset: Prioritise firmware service" Linux 5.15.166 Griffin Kroah-Hartman (1): Bluetooth: MGMT: Add error handling to pair_device() Guanrui Huang (1): irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Guenter Roeck (1): apparmor: fix policy_unpack_test on big endian systems Haibo Xu (1): arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Haiyang Zhang (1): net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response Hannes Reinecke (1): nvmet-tcp: do not continue for invalid icreq Hans J. Schultz (1): net: dsa: mv88e6xxx: read FID when handling ATU violations Hans Verkuil (3): media: radio-isa: use dev_name to fill in bus_info media: qcom: venus: fix incorrect return value media: pci: cx23885: check cx23885_vdev_init() return Heiko Carstens (1): s390/smp,mcck: fix early IPI handling Helge Deller (1): parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Huang-Huang Bao (1): pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Ian Ray (1): cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Jamie Bainbridge (1): ethtool: check device is present when getting link settings Jan Kara (1): quota: Remove BUG_ON from dqget() Jann Horn (1): fuse: Initialize beyond-EOF page contents before setting uptodate Jarkko Nikula (2): i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer Jason Gerecke (1): HID: wacom: Defer calculation of resolution until resolution_code is known Javier Carrasco (1): hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() Jeff Johnson (1): wifi: cw1200: Avoid processing an invalid TIM IE Jeff Layton (2): nfsd: move reply cache initialization into nfsd startup nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Jesse Zhang (1): drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Jian Shen (1): net: hns3: add checking for vf id of mailbox Jiaxun Yang (1): MIPS: Loongson64: Set timer mode in cpu-probe Jie Wang (2): net: hns3: fix wrong use of semaphore up net: hns3: fix a deadlock problem when config TC during resetting Johannes Berg (2): wifi: cfg80211: check wiphy mutex is held for wdev mutex wifi: mac80211: fix BA session teardown race Josef Bacik (11): sunrpc: don't change ->sv_stats if it doesn't exist nfsd: stop setting ->pg_stats for unused stats sunrpc: pass in the sv_stats struct through svc_create_pooled sunrpc: remove ->pg_stats from svc_program sunrpc: use the struct net as the svc proc private nfsd: rename NFSD_NET_* to NFSD_STATS_* nfsd: expose /proc/net/sunrpc/nfsd in net namespaces nfsd: make all of the nfsd stats per-network namespace nfsd: remove nfsd_stats, make th_cnt a global counter nfsd: make svc_stat per-network namespace instead of global btrfs: run delayed iputs when flushing delalloc Joseph Huang (1): net: dsa: mv88e6xxx: Fix out-of-bound access Juan José Arboleda (1): ALSA: usb-audio: Support Yamaha P-125 quirk entry Justin Tee (1): scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Kees Cook (2): net/sun3_82586: Avoid reading past buffer in debug output x86: Increase brk randomness entropy for 64-bit systems Khazhismel Kumykov (1): dm resume: don't return EINVAL when signalled Krishna Kurapati (1): usb: dwc3: core: Skip setting event buffers for host only controllers Krzysztof Kozlowski (4): soundwire: stream: fix programming slave ports for non-continous port maps usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: st: add missing depopulate in probe error path Kuniyuki Iwashima (1): kcm: Serialise kcm_sendmsg() for the same socket. Kunwu Chan (1): powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Lee, Chun-Yi (1): Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Li Nan (1): md: clean up invalid BUG_ON in md_ioctl Li zeming (1): powerpc/boot: Handle allocation failure in simple_realloc() Lianqin Hu (1): ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET Long Li (1): net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings Luiz Augusto von Dentz (3): Bluetooth: bnep: Fix out-of-bound access Bluetooth: hci_core: Fix LE quote calculation Bluetooth: SMP: Fix assumption of Central always being Initiator Ma Ke (1): pinctrl: single: fix potential NULL dereference in pcs_get_function() Maciej Fijalkowski (1): ice: fix ICE_LAST_OFFSET formula Marc Zyngier (1): KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 Martin Blumenstingl (1): clocksource/drivers/arm_global_timer: Guard against division by zero Mathias Nyman (1): xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Matthieu Baerts (NGI0) (1): mptcp: sched: check both backup in retrans Max Filippov (1): fs: binfmt_elf_efpic: don't use missing interpreter's properties Maximilian Luz (1): platform/surface: aggregator: Fix warning when controller is destroyed in probe Michael Ellerman (1): powerpc/boot: Only free if realloc() succeeds Mika Westerberg (1): thunderbolt: Mark XDomain as unplugged when router is removed Mike Christie (1): scsi: spi: Fix sshdr use Mikulas Patocka (2): dm persistent data: fix memory allocation failure dm suspend: return -ERESTARTSYS instead of -EINTR Miri Korenblit (1): wifi: iwlwifi: abort scan when rfkill on but device enabled Muhammad Husaini Zulkifli (2): igc: Correct the launchtime offset igc: remove I226 Qbv BaseTime restriction Mukesh Sisodiya (1): wifi: iwlwifi: fw: Fix debugfs command sending NeilBrown (1): NFS: avoid infinite loop in pnfs_update_layout. Niklas Cassel (1): ata: libata-core: Fix null pointer dereference on error Nikolay Aleksandrov (4): bonding: fix bond_ipsec_offload_ok return type bonding: fix null pointer deref in bond_ipsec_offload_ok bonding: fix xfrm real_dev null pointer dereference bonding: fix xfrm state handling when clearing active slave Nikolay Kuratov (1): cxgb4: add forgotten u64 ivlan cast before shift Oreoluwa Babatunde (1): openrisc: Call setup_memory() earlier in the init sequence Pablo Neira Ayuso (1): netfilter: flowtable: validate vlan header Parsa Poorshikhian (1): ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 Paul Cercueil (3): PM: core: Remove DEFINE_UNIVERSAL_DEV_PM_OPS() macro PM: core: Add EXPORT[_GPL]_SIMPLE_DEV_PM_OPS macros PM: runtime: Add DEFINE_RUNTIME_DEV_PM_OPS() macro Pawel Dembicki (3): net: dsa: vsc73xx: pass value in phy_write operation net: dsa: vsc73xx: use read_poll_timeout instead delay loop net: dsa: vsc73xx: check busy flag in MDIO operations Pawel Laszczak (2): usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function usb: cdnsp: fix for Link TRB with TC Phil Chang (1): hrtimer: Prevent queuing of hrtimer without a function callback Philipp Stanner (1): media: drivers/media/dvb-core: copy user arrays safely Piyush Mehta (3): phy: xilinx: add runtime PM support phy: xilinx: phy-zynqmp: dynamic clock support for power-save phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume Qu Wenruo (1): btrfs: tree-checker: add dev extent item checks Radhey Shyam Pandey (1): net: axienet: Fix register defines comment description Rand Deeb (1): ssb: Fix division by zero issue in ssb_calc_clock_rate Sagi Grimberg (1): nvmet-rdma: fix possible bad dereference when freeing rsps Samuel Holland (1): arm64: Fix KASAN random tag seed initialization Sascha Hauer (1): wifi: mwifiex: duplicate static structs used in driver instances Sean Anderson (3): net: xilinx: axienet: Always disable promiscuous mode net: xilinx: axienet: Fix dangling multicast addresses phy: zynqmp: Enable reference clock correctly Sebastian Andrzej Siewior (2): netfilter: nft_counter: Disable BH in nft_counter_offload_stats(). netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Selvarasu Ganesan (1): usb: dwc3: core: Prevent USB core invalid event buffer address access Serge Semin (2): dmaengine: dw: Add peripheral bus width verification dmaengine: dw: Add memory bus width verification Siarhei Vishniakou (1): HID: microsoft: Add rumble support to latest xbox controllers Simon Horman (1): tc-testing: don't access non-existent variable on exception Stefan Haberland (1): s390/dasd: fix error recovery leading to data corruption on ESE devices Stefan Hajnoczi (1): virtiofs: forbid newlines in tags Stephen Hemminger (1): netem: fix return value if duplicate enqueue fails Takashi Iwai (1): ALSA: timer: Relax start tick time check for slave timer elements Tetsuo Handa (2): block: use "unsigned long" for blk_validate_block_size(). Input: MT - limit max slots Thomas Bogendoerfer (1): ip6_tunnel: Fix broken GRO Tom Hughes (1): netfilter: allow ipv6 fragments to arrive on different devices Uwe Kleine-König (1): usb: gadget: fsl: Increase size of name buffer for endpoints Vladimir Oltean (1): net: dsa: mv88e6xxx: replace ATU violation prints with trace points Volodymyr Babchuk (1): soc: qcom: cmd-db: Map shared memory as WC, not WB Wolfram Sang (1): i2c: riic: avoid potential division by zero Yue Haibing (1): mlxbf_gige: Remove two unused function declarations ZHANG Yuntian (1): USB: serial: option: add MeiG Smart SRM825L Zhen Lei (1): selinux: fix potential counting error in avc_add_xperms_decision() Zhiguo Niu (1): f2fs: fix to do sanity check in update_sit_entry Zhihao Cheng (1): vfs: Don't evict inode under the inode lru traversing context Zhu Yanjun (1): RDMA/rtrs: Fix the problem of variable not initialized fully Zi Yan (2): mm/numa: no task_numa_fault() call if PMD is changed mm/numa: no task_numa_fault() call if PTE is changed Zijun Hu (1): usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes()

8 months

1
1
0 0

Linux 5.10.225

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.225 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/kernel/acpi_numa.c | 2 arch/arm64/kvm/hyp/entry.S | 6 arch/arm64/kvm/sys_regs.c | 6 arch/arm64/kvm/vgic/vgic.h | 7 arch/mips/kernel/cpu-probe.c | 4 arch/openrisc/kernel/setup.c | 6 arch/parisc/kernel/irq.c | 4 arch/powerpc/boot/simple_alloc.c | 7 arch/powerpc/sysdev/xics/icp-native.c | 2 arch/s390/include/asm/uv.h | 5 arch/s390/kernel/early.c | 12 arch/s390/kernel/smp.c | 4 arch/x86/kernel/process.c | 5 drivers/ata/libata-core.c | 3 drivers/atm/idt77252.c | 9 drivers/bluetooth/hci_ldisc.c | 3 drivers/dma/dw/core.c | 89 +++++ drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 5 drivers/gpu/drm/lima/lima_gp.c | 12 drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 drivers/hid/hid-ids.h | 10 drivers/hid/hid-microsoft.c | 11 drivers/hid/wacom_wac.c | 4 drivers/i2c/busses/i2c-riic.c | 2 drivers/infiniband/hw/hfi1/chip.c | 5 drivers/infiniband/ulp/rtrs/rtrs.c | 2 drivers/input/input-mt.c | 3 drivers/input/serio/ioc3kbd.c | 6 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/md/dm-clone-metadata.c | 5 drivers/md/dm-ioctl.c | 22 + drivers/md/dm.c | 4 drivers/md/md.c | 5 drivers/md/persistent-data/dm-space-map-metadata.c | 4 drivers/media/pci/cx23885/cx23885-video.c | 8 drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 drivers/media/platform/qcom/venus/pm_helpers.c | 2 drivers/media/radio/radio-isa.c | 2 drivers/media/usb/uvc/uvc_video.c | 10 drivers/memory/stm32-fmc2-ebi.c | 122 +++++-- drivers/mmc/core/mmc_test.c | 9 drivers/mmc/host/dw_mmc.c | 8 drivers/net/bonding/bond_main.c | 21 - drivers/net/bonding/bond_options.c | 2 drivers/net/dsa/mv88e6xxx/Makefile | 4 drivers/net/dsa/mv88e6xxx/global1_atu.c | 82 ++++- drivers/net/dsa/mv88e6xxx/trace.c | 6 drivers/net/dsa/mv88e6xxx/trace.h | 66 ++++ drivers/net/dsa/vitesse-vsc73xx-core.c | 69 +++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 drivers/net/ethernet/i825xx/sun3_82586.c | 2 drivers/net/ethernet/intel/ice/ice_txrx.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 drivers/net/ethernet/xilinx/xilinx_axienet.h | 17 - drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 25 - drivers/net/gtp.c | 5 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 +- drivers/net/wireless/st/cw1200/txrx.c | 2 drivers/nfc/pn533/pn533.c | 5 drivers/nvme/target/rdma.c | 16 - drivers/nvme/target/tcp.c | 1 drivers/nvme/target/trace.c | 6 drivers/nvme/target/trace.h | 28 + drivers/pinctrl/pinctrl-rockchip.c | 2 drivers/pinctrl/pinctrl-single.c | 2 drivers/s390/block/dasd.c | 36 +- drivers/s390/block/dasd_3990_erp.c | 10 drivers/s390/block/dasd_eckd.c | 55 +-- drivers/s390/block/dasd_int.h | 2 drivers/s390/cio/idset.c | 12 drivers/scsi/aacraid/comminit.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 2 drivers/scsi/scsi_transport_spi.c | 4 drivers/soc/qcom/cmd-db.c | 2 drivers/soundwire/stream.c | 8 drivers/ssb/main.c | 2 drivers/staging/iio/resolver/ad2s1210.c | 7 drivers/staging/ks7010/ks7010_sdio.c | 4 drivers/thunderbolt/switch.c | 1 drivers/usb/class/cdc-acm.c | 3 drivers/usb/core/sysfs.c | 1 drivers/usb/dwc3/core.c | 21 + drivers/usb/dwc3/dwc3-omap.c | 4 drivers/usb/dwc3/dwc3-st.c | 16 - drivers/usb/gadget/udc/fsl_udc_core.c | 2 drivers/usb/host/xhci.c | 8 drivers/usb/serial/option.c | 5 fs/binfmt_elf.c | 5 fs/binfmt_elf_fdpic.c | 7 fs/binfmt_misc.c | 220 ++++++++++---- fs/btrfs/delayed-inode.c | 2 fs/btrfs/free-space-cache.c | 8 fs/btrfs/inode.c | 9 fs/btrfs/qgroup.c | 2 fs/btrfs/send.c | 7 fs/btrfs/tree-checker.c | 69 ++++ fs/ext4/extents.c | 3 fs/ext4/mballoc.c | 3 fs/f2fs/segment.c | 5 fs/file.c | 30 - fs/fuse/dev.c | 6 fs/fuse/virtio_fs.c | 10 fs/gfs2/inode.c | 2 fs/inode.c | 39 ++ fs/nfs/pnfs.c | 8 fs/overlayfs/file.c | 11 fs/quota/dquot.c | 5 include/linux/binfmts.h | 4 include/linux/bitmap.h | 20 + include/linux/blkdev.h | 2 include/linux/cpumask.h | 2 include/linux/fs.h | 5 include/net/busy_poll.h | 2 include/net/kcm.h | 1 include/uapi/linux/binfmts.h | 4 ipc/util.c | 16 - kernel/cgroup/cpuset.c | 13 kernel/time/hrtimer.c | 2 lib/math/prime_numbers.c | 2 mm/memcontrol.c | 7 net/bluetooth/bnep/core.c | 3 net/bluetooth/hci_core.c | 19 - net/bluetooth/mgmt.c | 4 net/bluetooth/smp.c | 144 ++++----- net/core/net-sysfs.c | 2 net/ethtool/ioctl.c | 3 net/ipv6/ip6_output.c | 2 net/ipv6/ip6_tunnel.c | 12 net/iucv/iucv.c | 3 net/kcm/kcmsock.c | 4 net/mac80211/agg-tx.c | 6 net/mac80211/driver-ops.c | 3 net/mac80211/sta_info.c | 14 net/mptcp/diag.c | 2 net/mptcp/protocol.c | 2 net/netfilter/nf_flow_table_offload.c | 2 net/netfilter/nft_counter.c | 5 net/netlink/af_netlink.c | 13 net/rds/recv.c | 13 net/sched/sch_netem.c | 47 +- net/sunrpc/svc_xprt.c | 2 security/apparmor/policy_unpack_test.c | 6 security/selinux/avc.c | 2 sound/core/timer.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/usb/quirks-table.h | 1 tools/include/linux/align.h | 12 tools/include/linux/bitmap.h | 9 tools/testing/selftests/core/close_range_test.c | 35 ++ tools/testing/selftests/tc-testing/tdc.py | 1 160 files changed, 1419 insertions(+), 593 deletions(-) Abhinav Kumar (1): drm/msm/dp: reset the link phy params before link training Al Viro (2): fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE memcg_write_event_control(): fix a user-triggerable oops Aleksandr Mishin (1): nfc: pn533: Add poll mod list filling check Alex Deucher (2): drm/amdgpu/jpeg2: properly set atomics vmid field drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alex Hung (2): drm/amd/display: Validate hw_points_num before using it Revert "drm/amd/display: Validate hw_points_num before using it" Alexander Gordeev (1): s390/iucv: fix receive buffer virtual vs physical address confusion Alexander Lobakin (4): bitmap: introduce generic optimized bitmap_size() s390/cio: rename bitmap_size() -> idset_bitmap_size() btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() tools: move alignment-related macros to new <linux/align.h> Allison Henderson (1): net:rds: Fix possible deadlock in rds_message_put Andreas Gruenbacher (1): gfs2: setattr_chown: Add missing initialization Aurelien Jarno (1): media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Baokun Li (2): ext4: do not trim the group with corrupted block bitmap ext4: set the type of max_zeroout to unsigned int to avoid overflow Bas Nieuwenhuizen (1): drm/amdgpu: Actually check flags for all context ops. Ben Hutchings (1): scsi: aacraid: Fix double-free on probe failure Ben Whitten (1): mmc: dw_mmc: allow biu and ciu clocks to defer Chen Ridong (1): cgroup/cpuset: Prevent UAF in proc_cpuset_show() Chengfeng Ye (2): staging: ks7010: disable bh on tx_dev_lock IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock Christian Brauner (1): binfmt_misc: cleanup on filesystem umount Christophe Kerello (1): memory: stm32-fmc2-ebi: check regmap_read return value Claudio Imbrenda (1): s390/uv: Panic for set and remove shared access UVC errors Cong Wang (1): gtp: fix a potential NULL pointer dereference Cosmin Ratiu (1): net/mlx5e: Correctly report errors for ethtool rx flows Dan Carpenter (2): atm: idt77252: prevent use after free in dequeue_rx() mmc: mmc_test: Fix NULL dereference on allocation failure Daniel Wagner (1): nvmet-trace: avoid dereferencing pointer too early David Lechner (1): staging: iio: resolver: ad2s1210: fix use before initialization David Sterba (4): btrfs: change BUG_ON to assertion when checking for delayed_node root btrfs: handle invalid root reference found in may_destroy_subvol() btrfs: send: handle unexpected data in header buffer in begin_cmd() btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() Dmitry Baryshkov (1): drm/msm/dpu: don't play tricks with debug macros Donald Hunter (1): netfilter: flowtable: initialise extack before use Eric Dumazet (4): netlink: hold nlk->cb_mutex longer in __netlink_dump_start() gtp: pull network headers in gtp_dev_xmit() ipv6: prevent UAF in ip6_send_skb() net: busy-poll: use ktime_get_ns() instead of local_clock() Erico Nunes (1): drm/lima: set gp bus_stop bit before hard reset Eugene Syromiatnikov (1): mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size Greg Kroah-Hartman (2): Revert "Input: ioc3kbd - convert to platform remove callback returning void" Linux 5.10.225 Griffin Kroah-Hartman (1): Bluetooth: MGMT: Add error handling to pair_device() Guanrui Huang (1): irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Guenter Roeck (1): apparmor: fix policy_unpack_test on big endian systems Haibo Xu (1): arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Hannes Reinecke (1): nvmet-tcp: do not continue for invalid icreq Hans J. Schultz (1): net: dsa: mv88e6xxx: read FID when handling ATU violations Hans Verkuil (3): media: radio-isa: use dev_name to fill in bus_info media: qcom: venus: fix incorrect return value media: pci: cx23885: check cx23885_vdev_init() return Heiko Carstens (1): s390/smp,mcck: fix early IPI handling Helge Deller (1): parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Huang-Huang Bao (1): pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Ian Ray (1): cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Jamie Bainbridge (1): ethtool: check device is present when getting link settings Jan Kara (1): quota: Remove BUG_ON from dqget() Jann Horn (1): fuse: Initialize beyond-EOF page contents before setting uptodate Jason Gerecke (1): HID: wacom: Defer calculation of resolution until resolution_code is known Jeff Johnson (1): wifi: cw1200: Avoid processing an invalid TIM IE Jesse Zhang (1): drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Jian Shen (1): net: hns3: add checking for vf id of mailbox Jiaxun Yang (1): MIPS: Loongson64: Set timer mode in cpu-probe Jie Wang (2): net: hns3: fix wrong use of semaphore up net: hns3: fix a deadlock problem when config TC during resetting Johannes Berg (1): wifi: mac80211: fix BA session teardown race Joseph Huang (1): net: dsa: mv88e6xxx: Fix out-of-bound access Juan José Arboleda (1): ALSA: usb-audio: Support Yamaha P-125 quirk entry Justin Tee (1): scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Kees Cook (2): net/sun3_82586: Avoid reading past buffer in debug output x86: Increase brk randomness entropy for 64-bit systems Khazhismel Kumykov (1): dm resume: don't return EINVAL when signalled Krishna Kurapati (1): usb: dwc3: core: Skip setting event buffers for host only controllers Krzysztof Kozlowski (4): soundwire: stream: fix programming slave ports for non-continous port maps usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: st: add missing depopulate in probe error path Kuniyuki Iwashima (2): kcm: Serialise kcm_sendmsg() for the same socket. nfsd: Don't call freezable_schedule_timeout() after each successful page allocation in svc_alloc_arg(). Kunwu Chan (1): powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Laurent Vivier (1): binfmt_misc: pass binfmt_misc flags to the interpreter Lee, Chun-Yi (1): Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Li Nan (1): md: clean up invalid BUG_ON in md_ioctl Li zeming (1): powerpc/boot: Handle allocation failure in simple_realloc() Luiz Augusto von Dentz (3): Bluetooth: bnep: Fix out-of-bound access Bluetooth: hci_core: Fix LE quote calculation Bluetooth: SMP: Fix assumption of Central always being Initiator Ma Ke (1): pinctrl: single: fix potential NULL dereference in pcs_get_function() Maciej Fijalkowski (1): ice: fix ICE_LAST_OFFSET formula Marc Zyngier (1): KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 Mathias Nyman (1): xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Matthieu Baerts (NGI0) (1): mptcp: sched: check both backup in retrans Max Filippov (1): fs: binfmt_elf_efpic: don't use missing interpreter's properties Michael Ellerman (1): powerpc/boot: Only free if realloc() succeeds Mika Westerberg (1): thunderbolt: Mark XDomain as unplugged when router is removed Mike Christie (1): scsi: spi: Fix sshdr use Miklos Szeredi (1): ovl: do not fail because of O_NOATIME Mikulas Patocka (2): dm persistent data: fix memory allocation failure dm suspend: return -ERESTARTSYS instead of -EINTR Miri Korenblit (1): wifi: iwlwifi: abort scan when rfkill on but device enabled NeilBrown (1): NFS: avoid infinite loop in pnfs_update_layout. Niklas Cassel (1): ata: libata-core: Fix null pointer dereference on error Nikolay Aleksandrov (4): bonding: fix bond_ipsec_offload_ok return type bonding: fix null pointer deref in bond_ipsec_offload_ok bonding: fix xfrm real_dev null pointer dereference bonding: fix xfrm state handling when clearing active slave Nikolay Kuratov (1): cxgb4: add forgotten u64 ivlan cast before shift Oreoluwa Babatunde (1): openrisc: Call setup_memory() earlier in the init sequence Parsa Poorshikhian (1): ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 Pawel Dembicki (3): net: dsa: vsc73xx: pass value in phy_write operation net: dsa: vsc73xx: use read_poll_timeout instead delay loop net: dsa: vsc73xx: check busy flag in MDIO operations Phil Chang (1): hrtimer: Prevent queuing of hrtimer without a function callback Qu Wenruo (1): btrfs: tree-checker: add dev extent item checks Radhey Shyam Pandey (1): net: axienet: Fix register defines comment description Rafael Aquini (1): ipc: replace costly bailout check in sysvipc_find_ipc() Rand Deeb (1): ssb: Fix division by zero issue in ssb_calc_clock_rate Ricardo Ribalda (1): media: uvcvideo: Fix integer overflow calculating timestamp Sagi Grimberg (1): nvmet-rdma: fix possible bad dereference when freeing rsps Sami Tolvanen (1): KVM: arm64: Don't use cbz/adr with external symbols Sascha Hauer (1): wifi: mwifiex: duplicate static structs used in driver instances Sean Anderson (2): net: xilinx: axienet: Always disable promiscuous mode net: xilinx: axienet: Fix dangling multicast addresses Sebastian Andrzej Siewior (1): netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Selvarasu Ganesan (1): usb: dwc3: core: Prevent USB core invalid event buffer address access Serge Semin (2): dmaengine: dw: Add peripheral bus width verification dmaengine: dw: Add memory bus width verification Siarhei Vishniakou (1): HID: microsoft: Add rumble support to latest xbox controllers Simon Horman (1): tc-testing: don't access non-existent variable on exception Stefan Haberland (1): s390/dasd: fix error recovery leading to data corruption on ESE devices Stefan Hajnoczi (1): virtiofs: forbid newlines in tags Stephen Hemminger (1): netem: fix return value if duplicate enqueue fails Takashi Iwai (1): ALSA: timer: Relax start tick time check for slave timer elements Tetsuo Handa (2): block: use "unsigned long" for blk_validate_block_size(). Input: MT - limit max slots Thomas Bogendoerfer (1): ip6_tunnel: Fix broken GRO Uwe Kleine-König (1): usb: gadget: fsl: Increase size of name buffer for endpoints Vladimir Oltean (1): net: dsa: mv88e6xxx: replace ATU violation prints with trace points Volodymyr Babchuk (1): soc: qcom: cmd-db: Map shared memory as WC, not WB Wolfram Sang (1): i2c: riic: avoid potential division by zero ZHANG Yuntian (1): USB: serial: option: add MeiG Smart SRM825L Zhen Lei (1): selinux: fix potential counting error in avc_add_xperms_decision() Zhiguo Niu (1): f2fs: fix to do sanity check in update_sit_entry Zhihao Cheng (1): vfs: Don't evict inode under the inode lru traversing context Zhu Yanjun (1): RDMA/rtrs: Fix the problem of variable not initialized fully Zijun Hu (1): usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes()

8 months

1
1
0 0

Linux 5.4.283

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.283 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/process/deprecated.rst | 20 Makefile | 2 arch/arm64/kernel/acpi_numa.c | 2 arch/openrisc/kernel/setup.c | 6 arch/parisc/kernel/irq.c | 4 arch/powerpc/boot/simple_alloc.c | 7 arch/powerpc/sysdev/xics/icp-native.c | 2 arch/s390/include/asm/uv.h | 5 arch/x86/kernel/process.c | 5 drivers/ata/libata-core.c | 3 drivers/atm/idt77252.c | 9 drivers/bluetooth/hci_ldisc.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 5 drivers/gpu/drm/lima/lima_gp.c | 12 drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 drivers/hid/hid-ids.h | 10 drivers/hid/hid-microsoft.c | 11 drivers/hid/wacom_wac.c | 4 drivers/i2c/busses/i2c-riic.c | 2 drivers/infiniband/hw/hfi1/chip.c | 5 drivers/input/input-mt.c | 3 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/md/dm-clone-metadata.c | 5 drivers/md/dm-ioctl.c | 22 - drivers/md/dm-mpath.c | 9 drivers/md/dm-path-selector.h | 2 drivers/md/dm-queue-length.c | 2 drivers/md/dm-rq.c | 4 drivers/md/dm-service-time.c | 2 drivers/md/dm.c | 67 ++- drivers/md/md.c | 5 drivers/md/persistent-data/dm-space-map-metadata.c | 4 drivers/media/pci/cx23885/cx23885-video.c | 8 drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 drivers/media/radio/radio-isa.c | 2 drivers/media/usb/uvc/uvc_video.c | 10 drivers/mmc/core/mmc_test.c | 9 drivers/mmc/host/dw_mmc.c | 8 drivers/net/dsa/mv88e6xxx/Makefile | 4 drivers/net/dsa/mv88e6xxx/global1.h | 1 drivers/net/dsa/mv88e6xxx/global1_atu.c | 87 +++- drivers/net/dsa/mv88e6xxx/global2.c | 13 drivers/net/dsa/mv88e6xxx/global2.h | 25 + drivers/net/dsa/mv88e6xxx/trace.c | 6 drivers/net/dsa/mv88e6xxx/trace.h | 66 +++ drivers/net/dsa/vitesse-vsc73xx-core.c | 2 drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 drivers/net/ethernet/i825xx/sun3_82586.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 drivers/net/ethernet/xilinx/xilinx_axienet.h | 34 - drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 337 +++++++++++----- drivers/net/gtp.c | 5 drivers/net/usb/r8152.c | 73 --- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 + drivers/net/wireless/st/cw1200/txrx.c | 2 drivers/nfc/pn533/pn533.c | 210 +++++++++ drivers/nfc/pn533/pn533.h | 19 drivers/nvme/host/core.c | 5 drivers/nvme/target/rdma.c | 16 drivers/nvme/target/tcp.c | 1 drivers/nvme/target/trace.c | 6 drivers/nvme/target/trace.h | 28 - drivers/pinctrl/pinctrl-single.c | 2 drivers/s390/block/dasd.c | 36 + drivers/s390/block/dasd_3990_erp.c | 10 drivers/s390/block/dasd_eckd.c | 55 +- drivers/s390/block/dasd_int.h | 2 drivers/s390/cio/idset.c | 12 drivers/scsi/aacraid/comminit.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 2 drivers/scsi/scsi_transport_spi.c | 4 drivers/soc/qcom/cmd-db.c | 2 drivers/soundwire/stream.c | 8 drivers/ssb/main.c | 2 drivers/staging/ks7010/ks7010_sdio.c | 4 drivers/usb/class/cdc-acm.c | 3 drivers/usb/core/sysfs.c | 1 drivers/usb/dwc3/core.c | 21 drivers/usb/dwc3/dwc3-omap.c | 4 drivers/usb/dwc3/dwc3-st.c | 16 drivers/usb/gadget/udc/fsl_udc_core.c | 2 drivers/usb/host/xhci.c | 8 drivers/usb/serial/option.c | 5 fs/binfmt_elf_fdpic.c | 2 fs/binfmt_misc.c | 216 +++++++--- fs/btrfs/delayed-inode.c | 2 fs/btrfs/free-space-cache.c | 8 fs/btrfs/inode.c | 9 fs/btrfs/qgroup.c | 2 fs/btrfs/send.c | 7 fs/ext4/extents.c | 3 fs/ext4/mballoc.c | 3 fs/f2fs/segment.c | 5 fs/file.c | 30 - fs/fuse/dev.c | 6 fs/fuse/virtio_fs.c | 10 fs/gfs2/inode.c | 2 fs/inode.c | 39 + fs/locks.c | 4 fs/nfs/pnfs.c | 8 fs/quota/dquot.c | 5 include/linux/bitmap.h | 20 include/linux/blkdev.h | 2 include/linux/cpumask.h | 2 include/linux/device-mapper.h | 2 include/linux/fs.h | 5 include/linux/overflow.h | 115 +++-- include/net/busy_poll.h | 2 include/net/kcm.h | 1 ipc/util.c | 16 kernel/cgroup/cpuset.c | 13 kernel/time/hrtimer.c | 2 lib/math/prime_numbers.c | 2 lib/test_overflow.c | 98 ++++ mm/memcontrol.c | 7 net/bluetooth/bnep/core.c | 3 net/bluetooth/hci_core.c | 58 +- net/bluetooth/mgmt.c | 4 net/core/ethtool.c | 3 net/core/net-sysfs.c | 2 net/ipv6/ip6_output.c | 2 net/iucv/iucv.c | 3 net/kcm/kcmsock.c | 4 net/netfilter/nft_counter.c | 5 net/rds/recv.c | 13 net/sched/sch_netem.c | 47 +- security/selinux/avc.c | 2 sound/core/timer.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/usb/quirks-table.h | 1 tools/include/linux/align.h | 12 tools/include/linux/bitmap.h | 8 tools/testing/selftests/tc-testing/tdc.py | 1 137 files changed, 1699 insertions(+), 621 deletions(-) Al Viro (2): fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE memcg_write_event_control(): fix a user-triggerable oops Aleksandr Mishin (1): nfc: pn533: Add poll mod list filling check Alex Deucher (1): drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alexander Gordeev (1): s390/iucv: fix receive buffer virtual vs physical address confusion Alexander Lobakin (4): bitmap: introduce generic optimized bitmap_size() s390/cio: rename bitmap_size() -> idset_bitmap_size() btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() tools: move alignment-related macros to new <linux/align.h> Allison Henderson (1): net:rds: Fix possible deadlock in rds_message_put Andre Przywara (8): net: axienet: Fix DMA descriptor cleanup path net: axienet: Improve DMA error handling net: axienet: Factor out TX descriptor chain cleanup net: axienet: Check for DMA mapping errors net: axienet: Drop MDIO interrupt registers from ethtools dump net: axienet: Wrap DMA pointer writes to prepare for 64 bit net: axienet: Upgrade descriptors to hold 64-bit addresses net: axienet: Autodetect 64-bit DMA capability Andreas Gruenbacher (1): gfs2: setattr_chown: Add missing initialization Andrew Lunn (3): net: dsa: mv88e6xxx: global2: Expose ATU stats register net: dsa: mv88e6xxx: global1_atu: Add helper for get next net: dsa: mv8e6xxx: Fix stub function parameters Aurelien Jarno (1): media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Baokun Li (2): ext4: do not trim the group with corrupted block bitmap ext4: set the type of max_zeroout to unsigned int to avoid overflow Bas Nieuwenhuizen (1): drm/amdgpu: Actually check flags for all context ops. Ben Hutchings (1): scsi: aacraid: Fix double-free on probe failure Ben Whitten (1): mmc: dw_mmc: allow biu and ciu clocks to defer Chen Ridong (1): cgroup/cpuset: Prevent UAF in proc_cpuset_show() Chengfeng Ye (2): staging: ks7010: disable bh on tx_dev_lock IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock Christian Brauner (1): binfmt_misc: cleanup on filesystem umount Claudio Imbrenda (1): s390/uv: Panic for set and remove shared access UVC errors Cong Wang (1): gtp: fix a potential NULL pointer dereference Cosmin Ratiu (1): net/mlx5e: Correctly report errors for ethtool rx flows Dan Carpenter (2): atm: idt77252: prevent use after free in dequeue_rx() mmc: mmc_test: Fix NULL dereference on allocation failure Daniel Wagner (1): nvmet-trace: avoid dereferencing pointer too early David Sterba (4): btrfs: change BUG_ON to assertion when checking for delayed_node root btrfs: handle invalid root reference found in may_destroy_subvol() btrfs: send: handle unexpected data in header buffer in begin_cmd() btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() Dmitry Baryshkov (1): drm/msm/dpu: don't play tricks with debug macros Eric Dumazet (3): gtp: pull network headers in gtp_dev_xmit() ipv6: prevent UAF in ip6_send_skb() net: busy-poll: use ktime_get_ns() instead of local_clock() Erico Nunes (1): drm/lima: set gp bus_stop bit before hard reset Gabriel Krisman Bertazi (1): dm mpath: pass IO start time to path selector Greg Kroah-Hartman (1): Linux 5.4.283 Griffin Kroah-Hartman (1): Bluetooth: MGMT: Add error handling to pair_device() Guanrui Huang (1): irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Gustavo A. R. Silva (1): overflow.h: Add flex_array_size() helper Haibo Xu (1): arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Hannes Reinecke (1): nvmet-tcp: do not continue for invalid icreq Hans J. Schultz (1): net: dsa: mv88e6xxx: read FID when handling ATU violations Hans Verkuil (2): media: radio-isa: use dev_name to fill in bus_info media: pci: cx23885: check cx23885_vdev_init() return Helge Deller (1): parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Ian Ray (1): cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Jamie Bainbridge (1): ethtool: check device is present when getting link settings Jan Kara (1): quota: Remove BUG_ON from dqget() Jani Nikula (1): drm/msm: use drm_debug_enabled() to check for debug categories Jann Horn (1): fuse: Initialize beyond-EOF page contents before setting uptodate Jason Gerecke (1): HID: wacom: Defer calculation of resolution until resolution_code is known Jeff Johnson (1): wifi: cw1200: Avoid processing an invalid TIM IE Jesse Zhang (1): drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Jie Wang (1): net: hns3: fix a deadlock problem when config TC during resetting Joseph Huang (1): net: dsa: mv88e6xxx: Fix out-of-bound access Juan José Arboleda (1): ALSA: usb-audio: Support Yamaha P-125 quirk entry Justin Tee (1): scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Kees Cook (3): overflow: Implement size_t saturating arithmetic helpers net/sun3_82586: Avoid reading past buffer in debug output x86: Increase brk randomness entropy for 64-bit systems Keith Busch (1): nvme: clear caller pointer on identify failure Khazhismel Kumykov (1): dm resume: don't return EINVAL when signalled Krishna Kurapati (1): usb: dwc3: core: Skip setting event buffers for host only controllers Krzysztof Kozlowski (4): soundwire: stream: fix programming slave ports for non-continous port maps usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: st: add missing depopulate in probe error path Kuniyuki Iwashima (1): kcm: Serialise kcm_sendmsg() for the same socket. Kunwu Chan (1): powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Lars Poeschel (2): nfc: pn533: Add dev_up/dev_down hooks to phy_ops nfc: pn533: Add autopoll capability Lee, Chun-Yi (1): Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Li Nan (1): md: clean up invalid BUG_ON in md_ioctl Li zeming (1): powerpc/boot: Handle allocation failure in simple_realloc() Long Li (1): filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 Luiz Augusto von Dentz (4): Bluetooth: bnep: Fix out-of-bound access Bluetooth: Make use of __check_timeout on hci_sched_le Bluetooth: hci_core: Fix not handling link timeouts propertly Bluetooth: hci_core: Fix LE quote calculation Ma Ke (1): pinctrl: single: fix potential NULL dereference in pcs_get_function() Mathias Nyman (1): xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Max Filippov (1): fs: binfmt_elf_efpic: don't use missing interpreter's properties Michael Ellerman (1): powerpc/boot: Only free if realloc() succeeds Mike Christie (1): scsi: spi: Fix sshdr use Mikulas Patocka (2): dm persistent data: fix memory allocation failure dm suspend: return -ERESTARTSYS instead of -EINTR Ming Lei (1): dm: do not use waitqueue for request-based DM Miri Korenblit (1): wifi: iwlwifi: abort scan when rfkill on but device enabled NeilBrown (1): NFS: avoid infinite loop in pnfs_update_layout. Niklas Cassel (1): ata: libata-core: Fix null pointer dereference on error Nikolay Kuratov (1): cxgb4: add forgotten u64 ivlan cast before shift Oreoluwa Babatunde (1): openrisc: Call setup_memory() earlier in the init sequence Parsa Poorshikhian (1): ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 Pawel Dembicki (1): net: dsa: vsc73xx: pass value in phy_write operation Phil Chang (1): hrtimer: Prevent queuing of hrtimer without a function callback Prashant Malani (1): r8152: Factor out OOB link list waits Radhey Shyam Pandey (1): net: axienet: Fix register defines comment description Rafael Aquini (1): ipc: replace costly bailout check in sysvipc_find_ipc() Rand Deeb (1): ssb: Fix division by zero issue in ssb_calc_clock_rate Ricardo Ribalda (1): media: uvcvideo: Fix integer overflow calculating timestamp Sagi Grimberg (1): nvmet-rdma: fix possible bad dereference when freeing rsps Sascha Hauer (1): wifi: mwifiex: duplicate static structs used in driver instances Sean Anderson (2): net: xilinx: axienet: Always disable promiscuous mode net: xilinx: axienet: Fix dangling multicast addresses Sebastian Andrzej Siewior (1): netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Selvarasu Ganesan (1): usb: dwc3: core: Prevent USB core invalid event buffer address access Siarhei Vishniakou (1): HID: microsoft: Add rumble support to latest xbox controllers Simon Horman (1): tc-testing: don't access non-existent variable on exception Stefan Haberland (1): s390/dasd: fix error recovery leading to data corruption on ESE devices Stefan Hajnoczi (1): virtiofs: forbid newlines in tags Stephen Hemminger (1): netem: fix return value if duplicate enqueue fails Takashi Iwai (1): ALSA: timer: Relax start tick time check for slave timer elements Tetsuo Handa (2): block: use "unsigned long" for blk_validate_block_size(). Input: MT - limit max slots Uwe Kleine-König (1): usb: gadget: fsl: Increase size of name buffer for endpoints Vladimir Oltean (1): net: dsa: mv88e6xxx: replace ATU violation prints with trace points Volodymyr Babchuk (1): soc: qcom: cmd-db: Map shared memory as WC, not WB Wolfram Sang (1): i2c: riic: avoid potential division by zero ZHANG Yuntian (1): USB: serial: option: add MeiG Smart SRM825L Zhen Lei (1): selinux: fix potential counting error in avc_add_xperms_decision() Zhiguo Niu (1): f2fs: fix to do sanity check in update_sit_entry Zhihao Cheng (1): vfs: Don't evict inode under the inode lru traversing context Zijun Hu (1): usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes()

8 months

1
1
0 0

Linux 4.19.321

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.321 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/kernel/acpi_numa.c | 2 arch/openrisc/kernel/setup.c | 6 arch/parisc/kernel/irq.c | 4 arch/powerpc/boot/simple_alloc.c | 7 arch/powerpc/sysdev/xics/icp-native.c | 2 drivers/ata/libata-core.c | 3 drivers/atm/idt77252.c | 9 drivers/bluetooth/hci_ldisc.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/drm_fb_helper.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 - drivers/hid/wacom_wac.c | 4 drivers/i2c/busses/i2c-riic.c | 2 drivers/input/input-mt.c | 3 drivers/irqchip/irq-gic-v3-its.c | 2 drivers/md/dm-ioctl.c | 22 + drivers/md/dm.c | 2 drivers/md/md.c | 5 drivers/md/persistent-data/dm-space-map-metadata.c | 4 drivers/media/pci/cx23885/cx23885-video.c | 8 drivers/media/usb/uvc/uvc_video.c | 10 drivers/mmc/core/mmc_test.c | 9 drivers/mmc/host/dw_mmc.c | 8 drivers/net/dsa/vitesse-vsc73xx.c | 2 drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 drivers/net/ethernet/i825xx/sun3_82586.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 4 drivers/net/gtp.c | 5 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 +- drivers/net/wireless/st/cw1200/txrx.c | 2 drivers/nvme/target/rdma.c | 16 - drivers/pinctrl/pinctrl-single.c | 2 drivers/s390/cio/idset.c | 12 drivers/scsi/aacraid/comminit.c | 2 drivers/scsi/lpfc/lpfc_sli.c | 2 drivers/scsi/mpt3sas/mpt3sas_base.c | 20 + drivers/scsi/scsi_transport_spi.c | 4 drivers/soundwire/stream.c | 8 drivers/ssb/main.c | 2 drivers/staging/ks7010/ks7010_sdio.c | 4 drivers/usb/class/cdc-acm.c | 3 drivers/usb/core/sysfs.c | 1 drivers/usb/dwc3/core.c | 21 + drivers/usb/dwc3/dwc3-omap.c | 4 drivers/usb/dwc3/dwc3-st.c | 11 drivers/usb/gadget/udc/fsl_udc_core.c | 2 drivers/usb/host/xhci.c | 8 drivers/usb/serial/option.c | 5 drivers/video/fbdev/core/fbcon.c | 28 ++ drivers/video/fbdev/core/fbmem.c | 20 + fs/binfmt_elf_fdpic.c | 2 fs/binfmt_misc.c | 216 ++++++++++++---- fs/btrfs/delayed-inode.c | 2 fs/btrfs/free-space-cache.c | 8 fs/btrfs/inode.c | 9 fs/btrfs/qgroup.c | 2 fs/btrfs/send.c | 7 fs/ext4/extents.c | 3 fs/ext4/mballoc.c | 3 fs/f2fs/segment.c | 5 fs/file.c | 30 -- fs/fuse/dev.c | 6 fs/gfs2/inode.c | 2 fs/locks.c | 4 fs/nfs/pnfs.c | 8 fs/quota/dquot.c | 5 include/linux/bitmap.h | 20 + include/linux/blkdev.h | 2 include/linux/cpumask.h | 2 include/linux/fbcon.h | 4 include/linux/overflow.h | 113 ++++++-- include/net/busy_poll.h | 2 include/net/kcm.h | 1 ipc/msg.c | 2 ipc/sem.c | 7 ipc/shm.c | 2 kernel/cgroup/cpuset.c | 13 kernel/time/hrtimer.c | 2 lib/idr.c | 2 lib/test_ida.c | 40 ++ lib/test_overflow.c | 98 +++++++ mm/memcontrol.c | 7 net/bluetooth/bnep/core.c | 3 net/bluetooth/hci_core.c | 58 ++-- net/bluetooth/mgmt.c | 4 net/core/skbuff.c | 3 net/ipv6/ip6_output.c | 2 net/iucv/iucv.c | 3 net/kcm/kcmsock.c | 4 net/netfilter/nft_counter.c | 5 net/rds/recv.c | 13 security/selinux/avc.c | 2 sound/core/timer.c | 2 sound/usb/quirks-table.h | 1 tools/include/linux/align.h | 12 tools/include/linux/bitmap.h | 8 100 files changed, 840 insertions(+), 283 deletions(-) Al Viro (2): fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE memcg_write_event_control(): fix a user-triggerable oops Alexander Gordeev (1): s390/iucv: fix receive buffer virtual vs physical address confusion Alexander Lobakin (4): bitmap: introduce generic optimized bitmap_size() s390/cio: rename bitmap_size() -> idset_bitmap_size() btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() tools: move alignment-related macros to new <linux/align.h> Allison Henderson (1): net:rds: Fix possible deadlock in rds_message_put Andreas Gruenbacher (1): gfs2: setattr_chown: Add missing initialization Baokun Li (2): ext4: do not trim the group with corrupted block bitmap ext4: set the type of max_zeroout to unsigned int to avoid overflow Bas Nieuwenhuizen (1): drm/amdgpu: Actually check flags for all context ops. Ben Hutchings (1): scsi: aacraid: Fix double-free on probe failure Ben Whitten (1): mmc: dw_mmc: allow biu and ciu clocks to defer Chen Ridong (1): cgroup/cpuset: Prevent UAF in proc_cpuset_show() Chengfeng Ye (1): staging: ks7010: disable bh on tx_dev_lock Christian Brauner (1): binfmt_misc: cleanup on filesystem umount Cong Wang (1): gtp: fix a potential NULL pointer dereference Cosmin Ratiu (1): net/mlx5e: Correctly report errors for ethtool rx flows Damien Le Moal (1): scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES Dan Carpenter (2): atm: idt77252: prevent use after free in dequeue_rx() mmc: mmc_test: Fix NULL dereference on allocation failure Daniel Vetter (1): drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var David Sterba (4): btrfs: change BUG_ON to assertion when checking for delayed_node root btrfs: handle invalid root reference found in may_destroy_subvol() btrfs: send: handle unexpected data in header buffer in begin_cmd() btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() Dmitry Baryshkov (1): drm/msm/dpu: don't play tricks with debug macros Eric Dumazet (4): gtp: pull network headers in gtp_dev_xmit() ipv6: prevent UAF in ip6_send_skb() net: prevent mss overflow in skb_segment() net: busy-poll: use ktime_get_ns() instead of local_clock() Greg Kroah-Hartman (1): Linux 4.19.321 Griffin Kroah-Hartman (1): Bluetooth: MGMT: Add error handling to pair_device() Guanrui Huang (1): irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Gustavo A. R. Silva (1): overflow.h: Add flex_array_size() helper Haibo Xu (1): arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Hans Verkuil (1): media: pci: cx23885: check cx23885_vdev_init() return Helge Deller (3): parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 fbcon: Prevent that screen size is smaller than font size fbmem: Check virtual screen sizes in fb_set_var() Ian Ray (1): cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Jan Kara (1): quota: Remove BUG_ON from dqget() Jani Nikula (1): drm/msm: use drm_debug_enabled() to check for debug categories Jann Horn (1): fuse: Initialize beyond-EOF page contents before setting uptodate Jason Gerecke (1): HID: wacom: Defer calculation of resolution until resolution_code is known Jeff Johnson (1): wifi: cw1200: Avoid processing an invalid TIM IE Jesse Zhang (1): drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Juan José Arboleda (1): ALSA: usb-audio: Support Yamaha P-125 quirk entry Justin Tee (1): scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Kees Cook (2): overflow: Implement size_t saturating arithmetic helpers net/sun3_82586: Avoid reading past buffer in debug output Khazhismel Kumykov (1): dm resume: don't return EINVAL when signalled Krishna Kurapati (1): usb: dwc3: core: Skip setting event buffers for host only controllers Krzysztof Kozlowski (3): soundwire: stream: fix programming slave ports for non-continous port maps usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: st: fix probed platform device ref count on probe error path Kuniyuki Iwashima (1): kcm: Serialise kcm_sendmsg() for the same socket. Kunwu Chan (1): powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Lee, Chun-Yi (1): Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Li Nan (1): md: clean up invalid BUG_ON in md_ioctl Li zeming (1): powerpc/boot: Handle allocation failure in simple_realloc() Long Li (1): filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 Luiz Augusto von Dentz (4): Bluetooth: bnep: Fix out-of-bound access Bluetooth: Make use of __check_timeout on hci_sched_le Bluetooth: hci_core: Fix not handling link timeouts propertly Bluetooth: hci_core: Fix LE quote calculation Ma Ke (1): pinctrl: single: fix potential NULL dereference in pcs_get_function() Mathias Nyman (1): xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Matthew Wilcox (Oracle) (1): ida: Fix crash in ida_free when the bitmap is empty Max Filippov (1): fs: binfmt_elf_efpic: don't use missing interpreter's properties Michael Ellerman (1): powerpc/boot: Only free if realloc() succeeds Mike Christie (1): scsi: spi: Fix sshdr use Mikulas Patocka (2): dm persistent data: fix memory allocation failure dm suspend: return -ERESTARTSYS instead of -EINTR Miri Korenblit (1): wifi: iwlwifi: abort scan when rfkill on but device enabled NeilBrown (1): NFS: avoid infinite loop in pnfs_update_layout. Niklas Cassel (1): ata: libata-core: Fix null pointer dereference on error Nikolay Kuratov (1): cxgb4: add forgotten u64 ivlan cast before shift Oreoluwa Babatunde (1): openrisc: Call setup_memory() earlier in the init sequence Pawel Dembicki (1): net: dsa: vsc73xx: pass value in phy_write operation Phil Chang (1): hrtimer: Prevent queuing of hrtimer without a function callback Rand Deeb (1): ssb: Fix division by zero issue in ssb_calc_clock_rate Ricardo Ribalda (1): media: uvcvideo: Fix integer overflow calculating timestamp Sagi Grimberg (1): nvmet-rdma: fix possible bad dereference when freeing rsps Sascha Hauer (1): wifi: mwifiex: duplicate static structs used in driver instances Sean Anderson (1): net: xilinx: axienet: Always disable promiscuous mode Sebastian Andrzej Siewior (1): netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Selvarasu Ganesan (1): usb: dwc3: core: Prevent USB core invalid event buffer address access Takashi Iwai (1): ALSA: timer: Relax start tick time check for slave timer elements Tetsuo Handa (2): block: use "unsigned long" for blk_validate_block_size(). Input: MT - limit max slots Uwe Kleine-König (1): usb: gadget: fsl: Increase size of name buffer for endpoints Vasily Averin (2): memcg: enable accounting of ipc resources ipc: remove memcg accounting for sops objects in do_semtimedop() Wolfram Sang (1): i2c: riic: avoid potential division by zero ZHANG Yuntian (1): USB: serial: option: add MeiG Smart SRM825L Zhen Lei (1): selinux: fix potential counting error in avc_add_xperms_decision() Zhiguo Niu (1): f2fs: fix to do sanity check in update_sit_entry Zijun Hu (1): usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes()

8 months

1
1
0 0

[PATCH RFC] driver core: bus: Correct return value for storing bus attribute drivers_probe

by Zijun Hu

From: Zijun Hu <quic_zijuhu(a)quicinc.com> drivers_probe_store() regards bus_rescan_devices_helper()'s returned value 0 as success when find driver for a single device user specify that is wrong since the following 3 failed cases also return 0: (1) the device is dead (2) bus fails to match() the device with any its driver (3) bus fails to probe() the device with any its driver Fixed by only regarding successfully attaching the device to a driver as success. Fixes: b8c5cec23d5c ("Driver core: udev triggered device-<>driver binding") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- drivers/base/bus.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/drivers/base/bus.c b/drivers/base/bus.c index abf090ace833..0a994e63785c 100644 --- a/drivers/base/bus.c +++ b/drivers/base/bus.c @@ -40,6 +40,20 @@ static struct kset *bus_kset; struct driver_attribute driver_attr_##_name = \ __ATTR_IGNORE_LOCKDEP(_name, _mode, _show, _store) +/* Bus rescans drivers for a single device */ +static int __must_check bus_rescan_single_device(struct device *dev) +{ + int ret; + + if (dev->parent && dev->bus->need_parent_lock) + device_lock(dev->parent); + ret = device_attach(dev); + if (dev->parent && dev->bus->need_parent_lock) + device_unlock(dev->parent); + + return ret; +} + static int __must_check bus_rescan_devices_helper(struct device *dev, void *data); @@ -311,12 +325,19 @@ static ssize_t drivers_probe_store(const struct bus_type *bus, { struct device *dev; int err = -EINVAL; + int res; dev = bus_find_device_by_name(bus, NULL, buf); if (!dev) return -ENODEV; - if (bus_rescan_devices_helper(dev, NULL) == 0) + + res = bus_rescan_single_device(dev); + /* Propagate error code upwards as far as possible */ + if (res < 0) + err = res; + else if (res == 1) err = count; + put_device(dev); return err; } --- base-commit: 888f67e621dda5c2804a696524e28d0ca4cf0a80 change-id: 20240826-fix_drivers_probe-88c6a2cc1899 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

8 months

1
1
0 0

[PATCH V4 net] net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup

by Souradeep Chakrabarti

Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80 Cc: stable(a)vger.kernel.org Fixes: e1b5683ff62e ("net: mana: Move NAPI from EQ to CQ") Signed-off-by: Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Shradha Gupta <shradhagupta(a)linux.microsoft.com> --- V4 -> V3: Made napi_initialized from atomic_t to bool in txq, as per review comment. Also used validate_state for rxq as a check. V3 -> V2: Instead of using napi internal attribute, using an atomic attribute to verify napi is initialized for a particular txq / rxq. V2 -> V1: Addressed the comment on cleaning up napi for the queues, where queue creation was successful. --- drivers/net/ethernet/microsoft/mana/mana_en.c | 22 +++++++++++-------- include/net/mana/mana.h | 2 ++ 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 39f56973746d..3d151700f658 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -1872,10 +1872,12 @@ static void mana_destroy_txq(struct mana_port_context *apc) for (i = 0; i < apc->num_queues; i++) { napi = &apc->tx_qp[i].tx_cq.napi; - napi_synchronize(napi); - napi_disable(napi); - netif_napi_del(napi); - + if (apc->tx_qp[i].txq.napi_initialized) { + napi_synchronize(napi); + napi_disable(napi); + netif_napi_del(napi); + apc->tx_qp[i].txq.napi_initialized = false; + } mana_destroy_wq_obj(apc, GDMA_SQ, apc->tx_qp[i].tx_object); mana_deinit_cq(apc, &apc->tx_qp[i].tx_cq); @@ -1931,6 +1933,7 @@ static int mana_create_txq(struct mana_port_context *apc, txq->ndev = net; txq->net_txq = netdev_get_tx_queue(net, i); txq->vp_offset = apc->tx_vp_offset; + txq->napi_initialized = false; skb_queue_head_init(&txq->pending_skbs); memset(&spec, 0, sizeof(spec)); @@ -1997,6 +2000,7 @@ static int mana_create_txq(struct mana_port_context *apc, netif_napi_add_tx(net, &cq->napi, mana_poll); napi_enable(&cq->napi); + txq->napi_initialized = true; mana_gd_ring_cq(cq->gdma_cq, SET_ARM_BIT); } @@ -2008,7 +2012,7 @@ static int mana_create_txq(struct mana_port_context *apc, } static void mana_destroy_rxq(struct mana_port_context *apc, - struct mana_rxq *rxq, bool validate_state) + struct mana_rxq *rxq, bool napi_initialized) { struct gdma_context *gc = apc->ac->gdma_dev->gdma_context; @@ -2023,15 +2027,15 @@ static void mana_destroy_rxq(struct mana_port_context *apc, napi = &rxq->rx_cq.napi; - if (validate_state) + if (napi_initialized) { napi_synchronize(napi); - napi_disable(napi); + napi_disable(napi); + netif_napi_del(napi); + } xdp_rxq_info_unreg(&rxq->xdp_rxq); - netif_napi_del(napi); - mana_destroy_wq_obj(apc, GDMA_RQ, rxq->rxobj); mana_deinit_cq(apc, &rxq->rx_cq); diff --git a/include/net/mana/mana.h b/include/net/mana/mana.h index 7caa334f4888..b8a6c7504ee1 100644 --- a/include/net/mana/mana.h +++ b/include/net/mana/mana.h @@ -98,6 +98,8 @@ struct mana_txq { atomic_t pending_sends; + bool napi_initialized; + struct mana_stats_tx stats; }; -- 2.34.1

8 months

2
1
0 0

Linux 4.19.320

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.320 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.txt | 18 Documentation/hwmon/hwmon-kernel-api.txt | 24 Makefile | 2 arch/arm64/Kconfig | 38 + arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 arch/arm64/include/asm/assembler.h | 13 arch/arm64/include/asm/barrier.h | 4 arch/arm64/include/asm/cpucaps.h | 4 arch/arm64/include/asm/cputype.h | 16 arch/arm64/include/asm/sysreg.h | 6 arch/arm64/include/asm/uaccess.h | 3 arch/arm64/include/uapi/asm/hwcap.h | 1 arch/arm64/kernel/cpu_errata.c | 43 + arch/arm64/kernel/cpufeature.c | 103 +++ arch/arm64/kernel/cpuinfo.c | 1 arch/m68k/amiga/config.c | 9 arch/m68k/atari/ataints.c | 6 arch/m68k/include/asm/cmpxchg.h | 2 arch/mips/include/asm/mips-cm.h | 4 arch/mips/kernel/smp-cps.c | 5 arch/powerpc/xmon/ppc-dis.c | 33 - arch/sparc/include/asm/oplib_64.h | 1 arch/sparc/prom/init_64.c | 3 arch/sparc/prom/p1275.c | 2 arch/x86/events/intel/pt.c | 157 +++-- arch/x86/events/intel/pt.h | 25 arch/x86/include/asm/intel_pt.h | 23 arch/x86/kernel/cpu/mtrr/mtrr.c | 2 arch/x86/kernel/devicetree.c | 2 arch/x86/mm/pti.c | 6 arch/x86/pci/intel_mid_pci.c | 4 arch/x86/pci/xen.c | 4 arch/x86/platform/intel/iosf_mbi.c | 4 arch/x86/xen/p2m.c | 4 drivers/android/binder.c | 4 drivers/base/core.c | 13 drivers/base/devres.c | 8 drivers/base/module.c | 4 drivers/char/hw_random/amd-rng.c | 4 drivers/char/tpm/eventlog/common.c | 2 drivers/clk/davinci/da8xx-cfgchip.c | 4 drivers/clocksource/sh_cmt.c | 13 drivers/gpu/drm/bridge/analogix/analogix_dp_reg.c | 5 drivers/gpu/drm/etnaviv/etnaviv_gem.c | 6 drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 drivers/gpu/drm/i915/i915_gem.c | 47 + drivers/gpu/drm/mgag200/mgag200_i2c.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_overlay.c | 2 drivers/hwmon/adt7475.c | 2 drivers/hwmon/max6697.c | 145 ++--- drivers/i2c/i2c-smbus.c | 69 +- drivers/infiniband/core/iwcm.c | 11 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 6 drivers/infiniband/hw/mlx4/alias_GUID.c | 2 drivers/infiniband/hw/mlx4/mad.c | 2 drivers/infiniband/sw/rxe/rxe_req.c | 7 drivers/input/mouse/elan_i2c_core.c | 2 drivers/irqchip/irq-mbigen.c | 20 drivers/isdn/hardware/mISDN/hfcmulti.c | 7 drivers/leds/led-triggers.c | 2 drivers/leds/leds-ss4200.c | 7 drivers/macintosh/therm_windtunnel.c | 2 drivers/md/raid5.c | 20 drivers/media/pci/saa7134/saa7134-dvb.c | 8 drivers/media/platform/qcom/venus/vdec.c | 1 drivers/media/platform/vsp1/vsp1_histo.c | 20 drivers/media/platform/vsp1/vsp1_pipe.h | 2 drivers/media/platform/vsp1/vsp1_rpf.c | 8 drivers/media/rc/imon.c | 5 drivers/media/usb/uvc/uvc_ctrl.c | 90 ++- drivers/media/usb/uvc/uvc_video.c | 37 + drivers/media/usb/uvc/uvcvideo.h | 5 drivers/mfd/omap-usb-tll.c | 3 drivers/mtd/tests/Makefile | 34 - drivers/mtd/tests/mtd_test.c | 9 drivers/mtd/ubi/eba.c | 3 drivers/net/bonding/bond_main.c | 7 drivers/net/ethernet/brocade/bna/bna_types.h | 2 drivers/net/ethernet/brocade/bna/bnad.c | 11 drivers/net/ethernet/freescale/fec_main.c | 52 + drivers/net/ethernet/freescale/fec_ptp.c | 3 drivers/net/ethernet/intel/ice/ice_common.c | 102 ++- drivers/net/ethernet/intel/ice/ice_lan_tx_rx.h | 24 drivers/net/netconsole.c | 2 drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/sr9700.c | 11 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 18 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 drivers/nvme/host/pci.c | 7 drivers/parport/daisy.c | 6 drivers/parport/ieee1284.c | 4 drivers/parport/ieee1284_ops.c | 3 drivers/parport/parport_amiga.c | 2 drivers/parport/parport_atari.c | 2 drivers/parport/parport_cs.c | 6 drivers/parport/parport_gsc.c | 15 drivers/parport/parport_ip32.c | 25 drivers/parport/parport_mfc3.c | 2 drivers/parport/parport_pc.c | 180 ++---- drivers/parport/parport_sunbpp.c | 2 drivers/parport/probe.c | 7 drivers/parport/procfs.c | 28 drivers/parport/share.c | 24 drivers/pci/controller/pci-hyperv.c | 4 drivers/pci/controller/pcie-rockchip.c | 12 drivers/pci/setup-bus.c | 32 - drivers/pinctrl/core.c | 12 drivers/pinctrl/freescale/pinctrl-mxs.c | 4 drivers/pinctrl/pinctrl-single.c | 7 drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 14 drivers/platform/chrome/cros_ec_debugfs.c | 1 drivers/platform/mips/cpu_hwmon.c | 3 drivers/power/supply/axp288_charger.c | 22 drivers/pwm/pwm-stm32.c | 5 drivers/remoteproc/imx_rproc.c | 5 drivers/rtc/rtc-cmos.c | 10 drivers/s390/char/sclp_sd.c | 10 drivers/scsi/qla2xxx/qla_bsg.c | 2 drivers/scsi/qla2xxx/qla_mid.c | 2 drivers/scsi/qla2xxx/qla_nvme.c | 5 drivers/scsi/ufs/ufshcd.c | 11 drivers/spi/spi-fsl-lpspi.c | 281 ++++++---- drivers/tty/serial/serial_core.c | 8 drivers/usb/gadget/udc/core.c | 10 drivers/usb/serial/usb_debug.c | 7 drivers/usb/usbip/vhci_hcd.c | 9 fs/btrfs/free-space-cache.c | 1 fs/exec.c | 8 fs/ext4/mballoc.c | 3 fs/ext4/namei.c | 73 ++ fs/ext4/xattr.c | 6 fs/f2fs/inode.c | 3 fs/file.c | 1 fs/hfs/inode.c | 3 fs/hfsplus/bfind.c | 15 fs/hfsplus/extents.c | 9 fs/hfsplus/hfsplus_fs.h | 21 fs/jbd2/journal.c | 1 fs/jfs/jfs_imap.c | 5 fs/nilfs2/btnode.c | 25 fs/nilfs2/btree.c | 4 fs/nilfs2/segment.c | 7 fs/udf/balloc.c | 36 - include/linux/hwmon-sysfs.h | 39 + include/linux/pci_ids.h | 2 include/linux/trace_events.h | 1 include/net/netfilter/nf_tables.h | 21 include/uapi/linux/zorro_ids.h | 3 kernel/debug/kdb/kdb_io.c | 8 kernel/dma/mapping.c | 2 kernel/events/core.c | 2 kernel/events/internal.h | 2 kernel/time/ntp.c | 9 kernel/time/tick-broadcast.c | 24 kernel/trace/tracing_map.c | 6 kernel/watchdog_hld.c | 11 lib/decompress_bunzip2.c | 3 lib/kobject_uevent.c | 17 mm/page-writeback.c | 30 - net/bluetooth/l2cap_core.c | 1 net/core/link_watch.c | 4 net/ipv4/route.c | 21 net/ipv6/addrconf.c | 3 net/ipv6/ndisc.c | 34 - net/iucv/af_iucv.c | 4 net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 net/netfilter/nf_conntrack_netlink.c | 3 net/netfilter/nf_tables_api.c | 128 ---- net/netfilter/nft_set_hash.c | 8 net/netfilter/nft_set_rbtree.c | 6 net/packet/af_packet.c | 86 ++- net/smc/smc_core.c | 32 - net/sunrpc/sched.c | 4 net/tipc/udp_media.c | 5 net/wireless/nl80211.c | 10 net/wireless/util.c | 8 scripts/gcc-x86_32-has-stack-protector.sh | 2 scripts/gcc-x86_64-has-stack-protector.sh | 2 sound/usb/line6/driver.c | 5 sound/usb/stream.c | 4 tools/memory-model/lock.cat | 20 tools/perf/util/sort.c | 2 tools/testing/selftests/bpf/test_sockmap.c | 3 tools/testing/selftests/net/forwarding/devlink_lib.sh | 2 tools/testing/selftests/sigaltstack/current_stack_pointer.h | 2 187 files changed, 1974 insertions(+), 1087 deletions(-) Adrian Hunter (3): perf: Fix perf_aux_size() for greater-than 32-bit size perf: Prevent passing zero nr_pages to rb_alloc_aux() perf/x86/intel/pt: Fix a topa_entry base address calculation Al Viro (1): protect the fetch of ->fd[fd] in do_dup2() from mispredictions Alan Stern (1): tools/memory-model: Fix bug in lock.cat Aleksandr Burakov (1): saa7134: Unchecked i2c_transfer function result fixed Aleksandr Mishin (1): remoteproc: imx_rproc: Skip over memory region when node value is NULL Alex Shi (1): fs/nilfs2: remove some unused macros to tame gcc Alexander Shishkin (3): perf/x86/intel/pt: Use helpers to obtain ToPA entry size perf/x86/intel/pt: Use pointer arithmetics instead in ToPA entry calculation perf/x86/intel/pt: Split ToPA metadata and page layout Alexandra Winter (1): net/iucv: fix use after free in iucv_sock_close() Alexey Kodanev (1): bna: adjust 'name' buf size of bna_tcb and bna_ccb structures Amit Cohen (1): selftests: forwarding: devlink_lib: Wait for udev events after reloading Amit Daniel Kachhap (1): arm64: cpufeature: Fix the visibility of compat hwcaps Andi Kleen (1): x86/mtrr: Check if fixed MTRRs exist before saving them Andi Shyti (1): drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Andreas Larsson (1): sparc64: Fix incorrect function signature and add prototype for prom_cif_init Andy Shevchenko (1): driver core: Cast to (void *) with __force for __percpu pointer Anirudh Venkataramanan (1): ice: Rework flex descriptor programming Arnd Bergmann (2): mtd: make mtd_test.c a separate module kdb: address -Wformat-security warnings Baochen Qiang (2): wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Baokun Li (2): ext4: check dot and dotdot of dx_root before making dir indexed ext4: make sure the first directory block is not a hole Bart Van Assche (1): RDMA/iwcm: Fix a use-after-free related to destroying CM IDs Bastien Curutchet (1): clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use Benjamin Coddington (1): SUNRPC: Fix a race to wake a sync task Besar Wicaksono (1): arm64: Add Neoverse-V2 part Breno Leitao (1): net: netconsole: Disable target before netpoll cleanup Carlos Llamas (1): binder: fix hang of unregistered readers Chao Peng (1): perf/x86/intel/pt: Export pt_cap_get() Chao Yu (3): hfsplus: fix to avoid false alarm of circular locking hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() f2fs: fix to don't dirty inode for readonly filesystem Chen Ni (1): x86/xen: Convert comma to semicolon Chen-Yu Tsai (1): PCI: rockchip: Make 'ep-gpios' DT property optional Chengen Du (1): af_packet: Handle outgoing VLAN packets without hardware offloading Chris Wulff (1): usb: gadget: core: Check for unset descriptor Clark Wang (5): spi: lpspi: Replace all "master" with "controller" spi: lpspi: Add slave mode support spi: lpspi: Let watermark change with send data length spi: lpspi: Add i.MX8 boards support for lpspi spi: lpspi: add the error info of transfer speed setting Corey Minyard (1): i2c: smbus: Don't filter out duplicate alerts Csókás Bence (1): net: fec: Refactor: #define magic constants Csókás, Bence (2): net: fec: Fix FEC_ECR_EN1588 being cleared on link-down net: fec: Stop PPS on driver remove Dan Carpenter (1): mISDN: Fix a use after free in hfcmulti_tx() Dan Williams (1): driver core: Fix uevent_show() vs driver detach race Daniel Schaefer (1): media: uvcvideo: Override default flags Daniele Palmas (1): net: usb: qmi_wwan: fix memory leak for not ip packets Dikshita Agarwal (1): media: venus: fix use after free in vdec_close Dmitry Antipov (1): Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() Dmitry Torokhov (1): Input: elan_i2c - do not leave interrupt disabled on suspend failure Dominique Martinet (1): MIPS: Octeron: remove source file executable bit Dong Aisheng (1): remoteproc: imx_rproc: Fix ignoring mapping vdev regions Douglas Anderson (1): kdb: Use the passed prompt in kdb_position_cursor() Eero Tamminen (1): m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages Eric Dumazet (1): net: linkwatch: use system_unbound_wq FUJITA Tomonori (1): PCI: Add Edimax Vendor ID to pci_ids.h Fedor Pchelkin (1): ubi: eba: properly rollback inside self_check_eba Filipe Manana (1): btrfs: fix bitmap leak when loading free space cache on duplicate entry Florian Westphal (1): netfilter: nf_tables: prefer nft_chain_validate Geliang Tang (1): selftests/bpf: Check length of recv in test_sockmap George Kennedy (1): serial: core: check uartclk for zero to avoid divide by zero Greg Kroah-Hartman (1): Linux 4.19.320 Gregory CLEMENT (1): MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later Guangguan Wang (1): net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined Guenter Roeck (6): hwmon: (max6697) Fix underflow when writing limit attributes hwmon: Introduce SENSOR_DEVICE_ATTR_{RO, RW, WO} and variants hwmon: (max6697) Auto-convert to use SENSOR_DEVICE_ATTR_{RO, RW, WO} hwmon: (max6697) Fix swapped temp{1,8} critical alarms i2c: smbus: Improve handling of stuck alerts i2c: smbus: Send alert notifications to all devices if source not found Gustavo A. R. Silva (1): parport: parport_pc: Mark expected switch fall-through Hans de Goede (3): leds: trigger: Unregister sysfs attributes before calling deactivate() power: supply: axp288_charger: Fix constant_charge_voltage writes power: supply: axp288_charger: Round constant_charge_voltage writes down Honggang LI (1): RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs Ian Forbes (1): drm/vmwgfx: Fix overlay when using Screen Targets Ido Schimmel (1): ipv4: Fix incorrect source address in Record Route option Ilpo Järvinen (7): x86/of: Return consistent error type from x86_of_pci_irq_enable() x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling x86/pci/xen: Fix PCIBIOS_* return code handling x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos PCI: Fix resource double counting on remove & rescan leds: ss4200: Convert PCIBIOS_* return codes to errnos hwrng: amd - Convert PCIBIOS_* return codes to errnos Ismael Luceno (1): ipvs: Avoid unnecessary calls to skb_is_gso_sctp Jack Wang (1): bnxt_re: Fix imm_data endianness James Morse (1): arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space Jan Kara (2): ext4: avoid writing unitialized memory to disk in EA inodes mm: avoid overflows in dirty throttling logic Javier Carrasco (1): mfd: omap-usb-tll: Use struct_size to allocate tll Jeongjun Park (1): jfs: Fix array-index-out-of-bounds in diFree Jiaxun Yang (1): platform: mips: cpu_hwmon: Disable driver on unsupported hardware Joe Hattori (1): char: tpm: Fix possible memory leak in tpm_bios_measurements_open() Joe Perches (2): parport: Convert printk(KERN_<LEVEL> to pr_<level>( parport: Standardize use of printmode Johannes Berg (2): net: bonding: correctly annotate RCU in bond_should_notify_peers() wifi: nl80211: don't give key data to userspace Jon Derrick (1): PCI: Equalize hotplug memory and io for occupied and empty slots Jonas Karlman (1): arm64: dts: rockchip: Increase VOP clk rate on RK3328 Joy Chakraborty (1): rtc: cmos: Fix return value of nvmem callbacks Justin Stitt (2): ntp: Clamp maxerror and esterror to operating range ntp: Safeguard against time_constant overflow Kees Cook (1): exec: Fix ToCToU between perm check and set-uid/gid usage Kemeng Shi (2): jbd2: avoid memleak in jbd2_journal_write_metadata_buffer ext4: fix wrong unit use in ext4_mb_find_by_goal Lance Richardson (1): dma: fix call order in dmam_free_coherent Laurent Pinchart (2): media: renesas: vsp1: Fix _irqsave and _irq mix media: renesas: vsp1: Store RPF partition configuration per RPF instance Leon Romanovsky (2): RDMA/mlx4: Fix truncated output warning in mad.c RDMA/mlx4: Fix truncated output warning in alias_GUID.c Lucas Stach (2): drm/etnaviv: fix DMA direction handling for cached RW buffers drm/bridge: analogix_dp: properly handle zero sized AUX transactions Ma Ke (3): drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes net: usb: sr9700: fix uninitialized variable use in sr_mdio_read Maciej Żenczykowski (2): net: ip_rt_get_source() - use new style struct initializer instead of memset ipv6: fix ndisc_is_useropt() handling for PIO Manish Rangankar (1): scsi: qla2xxx: During vport delete send async logout explicitly Manivannan Sadhasivam (1): PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio Marco Cavenati (1): perf/x86/intel/pt: Fix topa_entry base length Marek Marczykowski-Górecki (1): USB: serial: debug: do not echo input by default Mark Rutland (11): arm64: cputype: Add Cortex-X4 definitions arm64: cputype: Add Neoverse-V3 definitions arm64: errata: Add workaround for Arm errata 3194386 and 3312417 arm64: cputype: Add Cortex-X3 definitions arm64: cputype: Add Cortex-A720 definitions arm64: cputype: Add Cortex-X925 definitions arm64: errata: Unify speculative SSBS errata logic arm64: errata: Expand speculative SSBS workaround arm64: cputype: Add Cortex-X1C definitions arm64: cputype: Add Cortex-A725 definitions arm64: errata: Expand speculative SSBS workaround (again) Menglong Dong (1): bpf: kprobe: remove unused declaring of bpf_kprobe_override Michael Ellerman (2): powerpc/xmon: Fix disassembly CPU feature checks selftests/sigaltstack: Fix ppc64 GCC build Michal Pecio (1): media: uvcvideo: Fix the bandwdith quirk on USB 3.x Namhyung Kim (1): perf report: Fix condition in sort__sym_cmp() Nathan Chancellor (1): kbuild: Fix '-S -c' in x86 stack protector scripts Nick Bowler (1): macintosh/therm_windtunnel: fix module unload. Nicolas Dichtel (1): ipv6: take care of scope when choosing the src addr Niklas Söderlund (1): clocksource/drivers/sh_cmt: Address race condition for clock events Nilesh Javali (1): scsi: qla2xxx: validate nvme_local_port correctly Oleksandr Suvorov (1): spi: fsl-lpspi: remove unneeded array Oliver Neukum (1): usb: vhci-hcd: Do not drop references before new references are gained Pablo Neira Ayuso (3): netfilter: ctnetlink: use helper function to calculate expect ID netfilter: nf_tables: set element extended ACK reporting support netfilter: nf_tables: use timestamp to check for set element timeout Paolo Pisati (1): m68k: amiga: Turn off Warp1260 interrupts during boot Peng Fan (2): pinctrl: freescale: mxs: Fix refcount of child remoteproc: imx_rproc: ignore mapping vdev regions Peter Oberparleiter (1): s390/sclp: Prevent release of buffer in I/O Peter Zijlstra (1): x86/mm: Fix pti_clone_pgtable() alignment assumption Rafael Beims (1): wifi: mwifiex: Fix interface type change Ricardo Ribalda (3): media: imon: Fix race getting ictx->lock media: uvcvideo: Allow entity-defined get_info and get_cur media: uvcvideo: Ignore empty TS packets Roman Smirnov (1): udf: prevent integer overflow in udf_bitmap_free_blocks() Ross Lagerwall (1): decompress_bunzip2: fix rare decompression failure Ryusuke Konishi (2): nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro nilfs2: handle inconsistent state in nilfs_btnode_create_block() Samasth Norway Ananda (1): wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device Saurav Kashyap (1): scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds Shigeru Yoshida (1): tipc: Return non-zero value from tipc_udp_addr2str() on error Stefan Raspl (1): net/smc: Allow SMC-D 1MB DMB allocations Stefan Wahren (1): spi: spi-fsl-lpspi: Fix scldiv calculation Takashi Iwai (2): ALSA: usb-audio: Correct surround channels in UAC1 channel map ALSA: line6: Fix racy access to midibuf Thomas Gleixner (2): watchdog/perf: properly initialize the turbo mode timestamp and rearm counter tick/broadcast: Move per CPU pointer access into the atomic section Thomas Zimmermann (1): drm/mgag200: Set DDC timeout in milliseconds Thorsten Blum (1): m68k: cmpxchg: Fix return value for default case in __arch_xchg() Tze-nan Wu (1): tracing: Fix overflow in get_free_elt() Tzung-Bi Shih (1): platform/chrome: cros_ec_debugfs: fix wrong EC message version Uwe Kleine-König (2): pwm: stm32: Always do lazy disabling pinctrl: ti: ti-iodelay: Drop if block with always false condition Vamshi Gajjela (1): scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic WangYuli (1): nvme/pci: Add APST quirk for Lenovo N60z laptop Wayne Tung (1): hwmon: (adt7475) Fix default duty on fan is disabled Wei Liu (1): PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN Wenlin Kang (1): kdb: Fix bound check compiler warning Will Deacon (1): arm64: Add support for SB barrier and patch in over DSB; ISB sequences Yang Yingliang (3): pinctrl: core: fix possible memory leak when pinctrl_enable() fails pinctrl: single: fix possible memory leak when pinctrl_enable() fails pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails Yipeng Zou (1): irqchip/mbigen: Fix mbigen node address layout Yu Kuai (1): md/raid5: avoid BUG_ON() while continue reshape after reassembling Yu Liao (1): tick/broadcast: Make takeover of broadcast hrtimer reliable Yunke Cao (1): media: uvcvideo: Use entity get_cur in uvc_ctrl_set Zijun Hu (2): kobject_uevent: Fix OOB access within zap_modalias_env() devres: Fix memory leakage caused by driver API devm_free_percpu() tuhaowen (1): dev/parport: fix the array out-of-bounds risk

8 months

2
4
0 0

[PATCH 4.19 00/98] 4.19.321-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.321 release. There are 98 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 03 Sep 2024 16:07:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.321-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.321-rc1 Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var Vasily Averin <vvs(a)virtuozzo.com> ipc: remove memcg accounting for sops objects in do_semtimedop() Ben Hutchings <benh(a)debian.org> scsi: aacraid: Fix double-free on probe failure Zijun Hu <quic_zijuhu(a)quicinc.com> usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: fix probed platform device ref count on probe error path Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Prevent USB core invalid event buffer address access Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: omap: add missing depopulate in probe error path ZHANG Yuntian <yt(a)radxa.com> USB: serial: option: add MeiG Smart SRM825L Ian Ray <ian.ray(a)gehealthcare.com> cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Eric Dumazet <edumazet(a)google.com> net: busy-poll: use ktime_get_ns() instead of local_clock() Cong Wang <cong.wang(a)bytedance.com> gtp: fix a potential NULL pointer dereference Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix programming slave ports for non-continous port maps Eric Dumazet <edumazet(a)google.com> net: prevent mss overflow in skb_segment() Matthew Wilcox (Oracle) <willy(a)infradead.org> ida: Fix crash in ida_free when the bitmap is empty Allison Henderson <allison.henderson(a)oracle.com> net:rds: Fix possible deadlock in rds_message_put Helge Deller <deller(a)gmx.de> fbmem: Check virtual screen sizes in fb_set_var() Helge Deller <deller(a)gmx.de> fbcon: Prevent that screen size is smaller than font size Vasily Averin <vvs(a)virtuozzo.com> memcg: enable accounting of ipc resources Chen Ridong <chenridong(a)huawei.com> cgroup/cpuset: Prevent UAF in proc_cpuset_show() Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix null pointer dereference on error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix integer overflow calculating timestamp Long Li <leo.lilong(a)huawei.com> filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES Mikulas Patocka <mpatocka(a)redhat.com> dm suspend: return -ERESTARTSYS instead of -EINTR Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: duplicate static structs used in driver instances Ma Ke <make24(a)iscas.ac.cn> pinctrl: single: fix potential NULL dereference in pcs_get_function() Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Alexander Lobakin <aleksander.lobakin(a)intel.com> tools: move alignment-related macros to new <linux/align.h> Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Input: MT - limit max slots Lee, Chun-Yi <joeyli.kernel(a)gmail.com> Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Relax start tick time check for slave timer elements Ben Whitten <ben.whitten(a)gmail.com> mmc: dw_mmc: allow biu and ciu clocks to defer Nikolay Kuratov <kniv(a)yandex-team.ru> cxgb4: add forgotten u64 ivlan cast before shift Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Defer calculation of resolution until resolution_code is known Griffin Kroah-Hartman <griffin(a)kroah.com> Bluetooth: MGMT: Add error handling to pair_device() Dan Carpenter <dan.carpenter(a)linaro.org> mmc: mmc_test: Fix NULL dereference on allocation failure Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't play tricks with debug macros Jani Nikula <jani.nikula(a)intel.com> drm/msm: use drm_debug_enabled() to check for debug categories Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Always disable promiscuous mode Eric Dumazet <edumazet(a)google.com> ipv6: prevent UAF in ip6_send_skb() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Kuniyuki Iwashima <kuniyu(a)amazon.com> kcm: Serialise kcm_sendmsg() for the same socket. Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix LE quote calculation Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not handling link timeouts propertly Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Make use of __check_timeout on hci_sched_le Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> block: use "unsigned long" for blk_validate_block_size(). Eric Dumazet <edumazet(a)google.com> gtp: pull network headers in gtp_dev_xmit() Phil Chang <phil.chang(a)mediatek.com> hrtimer: Prevent queuing of hrtimer without a function callback Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bad dereference when freeing rsps Baokun Li <libaokun1(a)huawei.com> ext4: set the type of max_zeroout to unsigned int to avoid overflow Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Abdulrasaq Lawani <abdulrasaqolawani(a)gmail.com> fbdev: offb: replace of_node_put with __free(device_node) Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: dwc3: core: Skip setting event buffers for host only controllers Alexander Gordeev <agordeev(a)linux.ibm.com> s390/iucv: fix receive buffer virtual vs physical address confusion Oreoluwa Babatunde <quic_obabatun(a)quicinc.com> openrisc: Call setup_memory() earlier in the init sequence NeilBrown <neilb(a)suse.de> NFS: avoid infinite loop in pnfs_update_layout. Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: bnep: Fix out-of-bound access Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: gadget: fsl: Increase size of name buffer for endpoints Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to do sanity check in update_sit_entry David Sterba <dsterba(a)suse.com> btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() David Sterba <dsterba(a)suse.com> btrfs: send: handle unexpected data in header buffer in begin_cmd() David Sterba <dsterba(a)suse.com> btrfs: handle invalid root reference found in may_destroy_subvol() David Sterba <dsterba(a)suse.com> btrfs: change BUG_ON to assertion when checking for delayed_node root Michael Ellerman <mpe(a)ellerman.id.au> powerpc/boot: Only free if realloc() succeeds Li zeming <zeming(a)nfschina.com> powerpc/boot: Handle allocation failure in simple_realloc() Helge Deller <deller(a)gmx.de> parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Li Nan <linan122(a)huawei.com> md: clean up invalid BUG_ON in md_ioctl Kees Cook <keescook(a)chromium.org> net/sun3_82586: Avoid reading past buffer in debug output Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Max Filippov <jcmvbkbc(a)gmail.com> fs: binfmt_elf_efpic: don't use missing interpreter's properties Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: pci: cx23885: check cx23885_vdev_init() return Jan Kara <jack(a)suse.cz> quota: Remove BUG_ON from dqget() Baokun Li <libaokun1(a)huawei.com> ext4: do not trim the group with corrupted block bitmap Kunwu Chan <chentao(a)kylinos.cn> powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: abort scan when rfkill on but device enabled Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: setattr_chown: Add missing initialization Mike Christie <michael.christie(a)oracle.com> scsi: spi: Fix sshdr use Christian Brauner <christian.brauner(a)ubuntu.com> binfmt_misc: cleanup on filesystem umount Chengfeng Ye <dg573847474(a)gmail.com> staging: ks7010: disable bh on tx_dev_lock Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: riic: avoid potential division by zero Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: cw1200: Avoid processing an invalid TIM IE Rand Deeb <rand.sec96(a)gmail.com> ssb: Fix division by zero issue in ssb_calc_clock_rate Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: pass value in phy_write operation Dan Carpenter <dan.carpenter(a)linaro.org> atm: idt77252: prevent use after free in dequeue_rx() Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Correctly report errors for ethtool rx flows Alexander Lobakin <aleksander.lobakin(a)intel.com> btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() Alexander Lobakin <aleksander.lobakin(a)intel.com> s390/cio: rename bitmap_size() -> idset_bitmap_size() Al Viro <viro(a)zeniv.linux.org.uk> memcg_write_event_control(): fix a user-triggerable oops Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> drm/amdgpu: Actually check flags for all context ops. Zhen Lei <thunder.leizhen(a)huawei.com> selinux: fix potential counting error in avc_add_xperms_decision() Al Viro <viro(a)zeniv.linux.org.uk> fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE Alexander Lobakin <aleksander.lobakin(a)intel.com> bitmap: introduce generic optimized bitmap_size() Mikulas Patocka <mpatocka(a)redhat.com> dm persistent data: fix memory allocation failure Khazhismel Kumykov <khazhy(a)google.com> dm resume: don't return EINVAL when signalled Haibo Xu <haibo1.xu(a)intel.com> arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Juan José Arboleda <soyjuanarbol(a)gmail.com> ALSA: usb-audio: Support Yamaha P-125 quirk entry Jann Horn <jannh(a)google.com> fuse: Initialize beyond-EOF page contents before setting uptodate ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/acpi_numa.c | 2 +- arch/openrisc/kernel/setup.c | 6 +- arch/parisc/kernel/irq.c | 4 +- arch/powerpc/boot/simple_alloc.c | 7 +- arch/powerpc/sysdev/xics/icp-native.c | 2 + drivers/ata/libata-core.c | 3 + drivers/atm/idt77252.c | 9 +- drivers/bluetooth/hci_ldisc.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/drm_fb_helper.c | 3 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 +- drivers/hid/wacom_wac.c | 4 +- drivers/i2c/busses/i2c-riic.c | 2 +- drivers/input/input-mt.c | 3 + drivers/irqchip/irq-gic-v3-its.c | 2 - drivers/md/dm-ioctl.c | 22 ++- drivers/md/dm.c | 2 +- drivers/md/md.c | 5 - drivers/md/persistent-data/dm-space-map-metadata.c | 4 +- drivers/media/pci/cx23885/cx23885-video.c | 8 + drivers/media/usb/uvc/uvc_video.c | 10 +- drivers/mmc/core/mmc_test.c | 9 +- drivers/mmc/host/dw_mmc.c | 8 + drivers/net/dsa/vitesse-vsc73xx.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 +- drivers/net/ethernet/i825xx/sun3_82586.c | 2 +- .../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 4 + drivers/net/gtp.c | 5 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 ++- drivers/net/wireless/st/cw1200/txrx.c | 2 +- drivers/nvme/target/rdma.c | 16 +- drivers/pinctrl/pinctrl-single.c | 2 + drivers/s390/cio/idset.c | 12 +- drivers/scsi/aacraid/comminit.c | 2 + drivers/scsi/lpfc/lpfc_sli.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 20 +- drivers/scsi/scsi_transport_spi.c | 4 +- drivers/soundwire/stream.c | 8 +- drivers/ssb/main.c | 2 +- drivers/staging/ks7010/ks7010_sdio.c | 4 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/sysfs.c | 1 + drivers/usb/dwc3/core.c | 21 ++ drivers/usb/dwc3/dwc3-omap.c | 4 +- drivers/usb/dwc3/dwc3-st.c | 11 +- drivers/usb/gadget/udc/fsl_udc_core.c | 2 +- drivers/usb/host/xhci.c | 8 +- drivers/usb/serial/option.c | 5 + drivers/video/fbdev/core/fbcon.c | 28 +++ drivers/video/fbdev/core/fbmem.c | 20 +- drivers/video/fbdev/offb.c | 3 +- fs/binfmt_elf_fdpic.c | 2 +- fs/binfmt_misc.c | 216 ++++++++++++++++----- fs/btrfs/delayed-inode.c | 2 +- fs/btrfs/free-space-cache.c | 8 +- fs/btrfs/inode.c | 9 +- fs/btrfs/qgroup.c | 2 - fs/btrfs/send.c | 7 +- fs/ext4/extents.c | 3 +- fs/ext4/mballoc.c | 3 + fs/f2fs/segment.c | 5 +- fs/file.c | 28 ++- fs/fuse/dev.c | 6 +- fs/gfs2/inode.c | 2 +- fs/locks.c | 4 +- fs/nfs/pnfs.c | 8 + fs/quota/dquot.c | 5 +- include/linux/bitmap.h | 20 +- include/linux/blkdev.h | 2 +- include/linux/cpumask.h | 2 +- include/linux/fbcon.h | 4 + include/net/busy_poll.h | 2 +- include/net/kcm.h | 1 + ipc/msg.c | 2 +- ipc/sem.c | 7 +- ipc/shm.c | 2 +- kernel/cgroup/cpuset.c | 13 +- kernel/time/hrtimer.c | 2 + lib/idr.c | 2 +- lib/test_ida.c | 40 ++++ mm/memcontrol.c | 7 +- net/bluetooth/bnep/core.c | 3 +- net/bluetooth/hci_core.c | 58 +++--- net/bluetooth/mgmt.c | 4 + net/core/skbuff.c | 3 +- net/ipv6/ip6_output.c | 2 + net/iucv/iucv.c | 3 +- net/kcm/kcmsock.c | 4 + net/netfilter/nft_counter.c | 5 + net/rds/recv.c | 13 +- security/selinux/avc.c | 2 +- sound/core/timer.c | 2 +- sound/usb/quirks-table.h | 1 + tools/include/linux/align.h | 12 ++ tools/include/linux/bitmap.h | 8 +- 99 files changed, 662 insertions(+), 253 deletions(-)

8 months

5
107
0 0

[PATCH 5.15 000/215] 5.15.166-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.166 release. There are 215 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 03 Sep 2024 16:07:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.166-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.166-rc1 Guenter Roeck <linux(a)roeck-us.net> apparmor: fix policy_unpack_test on big endian systems Ben Hutchings <benh(a)debian.org> scsi: aacraid: Fix double-free on probe failure Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> igc: Fix qbv tx latency by setting gtxoffset Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> igc: Fix reset adapter logics when tx mode change Sean Anderson <sean.anderson(a)linux.dev> phy: zynqmp: Enable reference clock correctly Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fix for Link TRB with TC Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function Zijun Hu <quic_zijuhu(a)quicinc.com> usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: add missing depopulate in probe error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: fix probed platform device ref count on probe error path Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Prevent USB core invalid event buffer address access Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: omap: add missing depopulate in probe error path ZHANG Yuntian <yt(a)radxa.com> USB: serial: option: add MeiG Smart SRM825L Ian Ray <ian.ray(a)gehealthcare.com> cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> soc: qcom: cmd-db: Map shared memory as WC, not WB Aleksandr Mishin <amishin(a)t-argos.ru> nfc: pn533: Add poll mod list filling check Eric Dumazet <edumazet(a)google.com> net: busy-poll: use ktime_get_ns() instead of local_clock() Cong Wang <cong.wang(a)bytedance.com> gtp: fix a potential NULL pointer dereference Jamie Bainbridge <jamie.bainbridge(a)gmail.com> ethtool: check device is present when getting link settings Serge Semin <fancer.lancer(a)gmail.com> dmaengine: dw: Add memory bus width verification Serge Semin <fancer.lancer(a)gmail.com> dmaengine: dw: Add peripheral bus width verification Piyush Mehta <piyush.mehta(a)amd.com> phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume Piyush Mehta <piyush.mehta(a)amd.com> phy: xilinx: phy-zynqmp: dynamic clock support for power-save Piyush Mehta <piyush.mehta(a)amd.com> phy: xilinx: add runtime PM support Paul Cercueil <paul(a)crapouillou.net> PM: runtime: Add DEFINE_RUNTIME_DEV_PM_OPS() macro Paul Cercueil <paul(a)crapouillou.net> PM: core: Add EXPORT[_GPL]_SIMPLE_DEV_PM_OPS macros Paul Cercueil <paul(a)crapouillou.net> PM: core: Remove DEFINE_UNIVERSAL_DEV_PM_OPS() macro Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix programming slave ports for non-continous port maps Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: the buffer of smb2 query dir response has at least 1 byte Allison Henderson <allison.henderson(a)oracle.com> net:rds: Fix possible deadlock in rds_message_put Chen Ridong <chenridong(a)huawei.com> cgroup/cpuset: Prevent UAF in proc_cpuset_show() Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix null pointer dereference on error Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "MIPS: Loongson64: reset: Prioritise firmware service" Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sched: check both backup in retrans Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: duplicate static structs used in driver instances Ma Ke <make24(a)iscas.ac.cn> pinctrl: single: fix potential NULL dereference in pcs_get_function() Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Josef Bacik <josef(a)toxicpanda.com> btrfs: run delayed iputs when flushing delalloc Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Alexander Lobakin <aleksander.lobakin(a)intel.com> tools: move alignment-related macros to new <linux/align.h> Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Input: MT - limit max slots Lee, Chun-Yi <joeyli.kernel(a)gmail.com> Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Zi Yan <ziy(a)nvidia.com> mm/numa: no task_numa_fault() call if PTE is changed Zi Yan <ziy(a)nvidia.com> mm/numa: no task_numa_fault() call if PMD is changed Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Relax start tick time check for slave timer elements Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() Alex Hung <alex.hung(a)amd.com> Revert "drm/amd/display: Validate hw_points_num before using it" Ben Whitten <ben.whitten(a)gmail.com> mmc: dw_mmc: allow biu and ciu clocks to defer Marc Zyngier <maz(a)kernel.org> KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 Nikolay Kuratov <kniv(a)yandex-team.ru> cxgb4: add forgotten u64 ivlan cast before shift Siarhei Vishniakou <svv(a)google.com> HID: microsoft: Add rumble support to latest xbox controllers Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Defer calculation of resolution until resolution_code is known Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Set timer mode in cpu-probe Chaotian Jing <chaotian.jing(a)mediatek.com> scsi: core: Fix the return value of scsi_logical_block_count() Griffin Kroah-Hartman <griffin(a)kroah.com> Bluetooth: MGMT: Add error handling to pair_device() Dan Carpenter <dan.carpenter(a)linaro.org> mmc: mmc_test: Fix NULL dereference on allocation failure Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: reset the link phy params before link training Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't play tricks with debug macros Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix dangling multicast addresses Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Always disable promiscuous mode Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: validate vlan header Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible UAF in ip6_xmit() Eric Dumazet <edumazet(a)google.com> ipv6: fix possible UAF in ip6_finish_output2() Eric Dumazet <edumazet(a)google.com> ipv6: prevent UAF in ip6_send_skb() Stephen Hemminger <stephen(a)networkplumber.org> netem: fix return value if duplicate enqueue fails Joseph Huang <Joseph.Huang(a)garmin.com> net: dsa: mv88e6xxx: Fix out-of-bound access Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: replace ATU violation prints with trace points Hans J. Schultz <netdev(a)kapio-technology.com> net: dsa: mv88e6xxx: read FID when handling ATU violations Dan Carpenter <dan.carpenter(a)linaro.org> dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp() Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: fix ICE_LAST_OFFSET formula Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix xfrm state handling when clearing active slave Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix xfrm real_dev null pointer dereference Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix null pointer deref in bond_ipsec_offload_ok Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix bond_ipsec_offload_ok return type Thomas Bogendoerfer <tbogendoerfer(a)suse.de> ip6_tunnel: Fix broken GRO Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_counter: Disable BH in nft_counter_offload_stats(). Kuniyuki Iwashima <kuniyu(a)amazon.com> kcm: Serialise kcm_sendmsg() for the same socket. Simon Horman <horms(a)kernel.org> tc-testing: don't access non-existent variable on exception Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix assumption of Central always being Initiator Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix LE quote calculation Maximilian Luz <luzmaximilian(a)gmail.com> platform/surface: aggregator: Fix warning when controller is destroyed in probe Long Li <longli(a)microsoft.com> net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings Mikulas Patocka <mpatocka(a)redhat.com> dm suspend: return -ERESTARTSYS instead of -EINTR Aurelien Jarno <aurelien(a)aurel32.net> media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Josef Bacik <josef(a)toxicpanda.com> nfsd: make svc_stat per-network namespace instead of global Josef Bacik <josef(a)toxicpanda.com> nfsd: remove nfsd_stats, make th_cnt a global counter Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Josef Bacik <josef(a)toxicpanda.com> sunrpc: use the struct net as the svc proc private Josef Bacik <josef(a)toxicpanda.com> sunrpc: remove ->pg_stats from svc_program Josef Bacik <josef(a)toxicpanda.com> sunrpc: pass in the sv_stats struct through svc_create_pooled Josef Bacik <josef(a)toxicpanda.com> nfsd: stop setting ->pg_stats for unused stats Josef Bacik <josef(a)toxicpanda.com> sunrpc: don't change ->sv_stats if it doesn't exist Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix frame size warning in svc_export_parse() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rewrite synopsis of nfsd_percpu_counters_init() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor the duplicate reply cache shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace nfsd_prune_bucket() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename nfsd_reply_cache_alloc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_reply_cache_free_locked() Jeff Layton <jlayton(a)kernel.org> nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Jeff Layton <jlayton(a)kernel.org> nfsd: move reply cache initialization into nfsd startup Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> block: use "unsigned long" for blk_validate_block_size(). Eric Dumazet <edumazet(a)google.com> gtp: pull network headers in gtp_dev_xmit() Phil Chang <phil.chang(a)mediatek.com> hrtimer: Prevent queuing of hrtimer without a function callback Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bad dereference when freeing rsps Baokun Li <libaokun1(a)huawei.com> ext4: set the type of max_zeroout to unsigned int to avoid overflow Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Abdulrasaq Lawani <abdulrasaqolawani(a)gmail.com> fbdev: offb: replace of_node_put with __free(device_node) Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: dwc3: core: Skip setting event buffers for host only controllers Gergo Koteles <soyer(a)irl.hu> platform/x86: lg-laptop: fix %s null argument warning Adrian Hunter <adrian.hunter(a)intel.com> clocksource: Make watchdog and suspend-timing multiplication overflow safe Alexander Gordeev <agordeev(a)linux.ibm.com> s390/iucv: fix receive buffer virtual vs physical address confusion Oreoluwa Babatunde <quic_obabatun(a)quicinc.com> openrisc: Call setup_memory() earlier in the init sequence NeilBrown <neilb(a)suse.de> NFS: avoid infinite loop in pnfs_update_layout. Hannes Reinecke <hare(a)suse.de> nvmet-tcp: do not continue for invalid icreq Jian Shen <shenjian15(a)huawei.com> net: hns3: add checking for vf id of mailbox Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: bnep: Fix out-of-bound access Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: gadget: fsl: Increase size of name buffer for endpoints Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to do sanity check in update_sit_entry David Sterba <dsterba(a)suse.com> btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() David Sterba <dsterba(a)suse.com> btrfs: change BUG_ON to assertion in tree_move_down() David Sterba <dsterba(a)suse.com> btrfs: send: handle unexpected data in header buffer in begin_cmd() David Sterba <dsterba(a)suse.com> btrfs: handle invalid root reference found in may_destroy_subvol() David Sterba <dsterba(a)suse.com> btrfs: change BUG_ON to assertion when checking for delayed_node root Michael Ellerman <mpe(a)ellerman.id.au> powerpc/boot: Only free if realloc() succeeds Li zeming <zeming(a)nfschina.com> powerpc/boot: Handle allocation failure in simple_realloc() Helge Deller <deller(a)gmx.de> parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Christophe Kerello <christophe.kerello(a)foss.st.com> memory: stm32-fmc2-ebi: check regmap_read return value Kees Cook <keescook(a)chromium.org> x86: Increase brk randomness entropy for 64-bit systems Li Nan <linan122(a)huawei.com> md: clean up invalid BUG_ON in md_ioctl Eric Dumazet <edumazet(a)google.com> netlink: hold nlk->cb_mutex longer in __netlink_dump_start() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Guard against division by zero Stefan Hajnoczi <stefanha(a)redhat.com> virtiofs: forbid newlines in tags Erico Nunes <nunes.erico(a)gmail.com> drm/lima: set gp bus_stop bit before hard reset Kees Cook <keescook(a)chromium.org> net/sun3_82586: Avoid reading past buffer in debug output Philipp Stanner <pstanner(a)redhat.com> media: drivers/media/dvb-core: copy user arrays safely Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Max Filippov <jcmvbkbc(a)gmail.com> fs: binfmt_elf_efpic: don't use missing interpreter's properties Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: pci: cx23885: check cx23885_vdev_init() return Jan Kara <jack(a)suse.cz> quota: Remove BUG_ON from dqget() Al Viro <viro(a)zeniv.linux.org.uk> fuse: fix UAF in rcu pathwalks Al Viro <viro(a)zeniv.linux.org.uk> afs: fix __afs_break_callback() / afs_drop_open_mmap() race Baokun Li <libaokun1(a)huawei.com> ext4: do not trim the group with corrupted block bitmap Daniel Wagner <dwagner(a)suse.de> nvmet-trace: avoid dereferencing pointer too early Kunwu Chan <chentao(a)kylinos.cn> powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Ashish Mhetre <amhetre(a)nvidia.com> memory: tegra: Skip SID programming if SID registers aren't set Samuel Holland <samuel.holland(a)sifive.com> arm64: Fix KASAN random tag seed initialization Antoniu Miclaus <antoniu.miclaus(a)analog.com> hwmon: (ltc2992) Avoid division by zero Chengfeng Ye <dg573847474(a)gmail.com> IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock Mukesh Sisodiya <mukesh.sisodiya(a)intel.com> wifi: iwlwifi: fw: Fix debugfs command sending Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: abort scan when rfkill on but device enabled Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: setattr_chown: Add missing initialization Mike Christie <michael.christie(a)oracle.com> scsi: spi: Fix sshdr use Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: qcom: venus: fix incorrect return value Christian Brauner <christian.brauner(a)ubuntu.com> binfmt_misc: cleanup on filesystem umount Chengfeng Ye <dg573847474(a)gmail.com> staging: ks7010: disable bh on tx_dev_lock Alex Hung <alex.hung(a)amd.com> drm/amd/display: Validate hw_points_num before using it David Lechner <dlechner(a)baylibre.com> staging: iio: resolver: ad2s1210: fix use before initialization Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: radio-isa: use dev_name to fill in bus_info Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out Heiko Carstens <hca(a)linux.ibm.com> s390/smp,mcck: fix early IPI handling Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rtrs: Fix the problem of variable not initialized fully Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: riic: avoid potential division by zero Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: cw1200: Avoid processing an invalid TIM IE Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix BA session teardown race Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: check wiphy mutex is held for wdev mutex Rand Deeb <rand.sec96(a)gmail.com> ssb: Fix division by zero issue in ssb_calc_clock_rate Parsa Poorshikhian <parsa.poorsh(a)gmail.com> ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 Jie Wang <wangjie125(a)huawei.com> net: hns3: fix a deadlock problem when config TC during resetting Jie Wang <wangjie125(a)huawei.com> net: hns3: fix wrong use of semaphore up Florian Westphal <fw(a)strlen.de> netfilter: nf_queue: drop packets with cloned unconfirmed conntracks Donald Hunter <donald.hunter(a)gmail.com> netfilter: flowtable: initialise extack before use Tom Hughes <tom(a)compton.nu> netfilter: allow ipv6 fragments to arrive on different devices Eugene Syromiatnikov <esyr(a)redhat.com> mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: disable RX filters until RX path initialized Yue Haibing <yuehaibing(a)huawei.com> mlxbf_gige: Remove two unused function declarations Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: check busy flag in MDIO operations Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: use read_poll_timeout instead delay loop Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: pass value in phy_write operation Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> net: axienet: Fix register defines comment description Dan Carpenter <dan.carpenter(a)linaro.org> atm: idt77252: prevent use after free in dequeue_rx() Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Correctly report errors for ethtool rx flows Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli(a)intel.com> igc: remove I226 Qbv BaseTime restriction Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli(a)intel.com> igc: Correct the launchtime offset Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/uv: Panic for set and remove shared access UVC errors Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/jpeg2: properly set atomics vmid field Al Viro <viro(a)zeniv.linux.org.uk> memcg_write_event_control(): fix a user-triggerable oops Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> drm/amdgpu: Actually check flags for all context ops. Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: add dev extent item checks Zhen Lei <thunder.leizhen(a)huawei.com> selinux: fix potential counting error in avc_add_xperms_decision() Al Viro <viro(a)zeniv.linux.org.uk> fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE Alexander Lobakin <aleksander.lobakin(a)intel.com> bitmap: introduce generic optimized bitmap_size() Alexander Lobakin <aleksander.lobakin(a)intel.com> btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() Alexander Lobakin <aleksander.lobakin(a)intel.com> s390/cio: rename bitmap_size() -> idset_bitmap_size() Alexander Lobakin <aleksander.lobakin(a)intel.com> fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() Zhihao Cheng <chengzhihao1(a)huawei.com> vfs: Don't evict inode under the inode lru traversing context Mikulas Patocka <mpatocka(a)redhat.com> dm persistent data: fix memory allocation failure Khazhismel Kumykov <khazhy(a)google.com> dm resume: don't return EINVAL when signalled Haibo Xu <haibo1.xu(a)intel.com> arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix error recovery leading to data corruption on ESE devices Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Mark XDomain as unplugged when router is removed Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Juan José Arboleda <soyjuanarbol(a)gmail.com> ALSA: usb-audio: Support Yamaha P-125 quirk entry Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET Eli Billauer <eli.billauer(a)gmail.com> char: xillybus: Check USB endpoints when probing device Eli Billauer <eli.billauer(a)gmail.com> char: xillybus: Refine workqueue handling Eli Billauer <eli.billauer(a)gmail.com> char: xillybus: Don't destroy workqueue from work item running on it Jann Horn <jannh(a)google.com> fuse: Initialize beyond-EOF page contents before setting uptodate ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/acpi_numa.c | 2 +- arch/arm64/kernel/setup.c | 3 - arch/arm64/kernel/smp.c | 2 + arch/arm64/kvm/sys_regs.c | 6 + arch/arm64/kvm/vgic/vgic.h | 7 + arch/mips/kernel/cpu-probe.c | 4 + arch/mips/loongson64/reset.c | 38 ++-- arch/openrisc/kernel/setup.c | 6 +- arch/parisc/kernel/irq.c | 4 +- arch/powerpc/boot/simple_alloc.c | 7 +- arch/powerpc/sysdev/xics/icp-native.c | 2 + arch/s390/include/asm/uv.h | 5 +- arch/s390/kernel/early.c | 12 +- arch/s390/kernel/smp.c | 4 +- arch/x86/kernel/process.c | 5 +- drivers/ata/libata-core.c | 3 + drivers/atm/idt77252.c | 9 +- drivers/bluetooth/hci_ldisc.c | 3 +- drivers/char/xillybus/xillyusb.c | 42 +++- drivers/clocksource/arm_global_timer.c | 11 +- drivers/dma/dw/core.c | 89 ++++++++- drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 5 +- drivers/gpu/drm/lima/lima_gp.c | 12 ++ drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 +- drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 3 + drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 + drivers/hid/hid-ids.h | 10 +- drivers/hid/hid-microsoft.c | 11 +- drivers/hid/wacom_wac.c | 4 +- drivers/hwmon/ltc2992.c | 8 +- drivers/i2c/busses/i2c-riic.c | 2 +- drivers/i3c/master/mipi-i3c-hci/dma.c | 5 +- drivers/infiniband/hw/hfi1/chip.c | 5 +- drivers/infiniband/ulp/rtrs/rtrs.c | 2 +- drivers/input/input-mt.c | 3 + drivers/irqchip/irq-gic-v3-its.c | 2 - drivers/md/dm-clone-metadata.c | 5 - drivers/md/dm-ioctl.c | 22 ++- drivers/md/dm.c | 4 +- drivers/md/md.c | 5 - drivers/md/persistent-data/dm-space-map-metadata.c | 4 +- drivers/media/dvb-core/dvb_frontend.c | 12 +- drivers/media/pci/cx23885/cx23885-video.c | 8 + drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 +- drivers/media/platform/qcom/venus/pm_helpers.c | 2 +- drivers/media/radio/radio-isa.c | 2 +- drivers/memory/stm32-fmc2-ebi.c | 122 ++++++++---- drivers/memory/tegra/tegra186.c | 3 + drivers/mmc/core/mmc_test.c | 9 +- drivers/mmc/host/dw_mmc.c | 8 + drivers/net/bonding/bond_main.c | 21 +- drivers/net/bonding/bond_options.c | 2 +- drivers/net/dsa/mv88e6xxx/Makefile | 4 + drivers/net/dsa/mv88e6xxx/global1_atu.c | 82 ++++++-- drivers/net/dsa/mv88e6xxx/trace.c | 6 + drivers/net/dsa/mv88e6xxx/trace.h | 66 +++++++ drivers/net/dsa/vitesse-vsc73xx-core.c | 69 +++++-- drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 +- .../net/ethernet/freescale/dpaa2/dpaa2-switch.c | 7 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 +- drivers/net/ethernet/i825xx/sun3_82586.c | 2 +- drivers/net/ethernet/intel/ice/ice_txrx.c | 2 +- drivers/net/ethernet/intel/igc/igc_base.c | 29 +++ drivers/net/ethernet/intel/igc/igc_base.h | 2 + drivers/net/ethernet/intel/igc/igc_defines.h | 16 ++ drivers/net/ethernet/intel/igc/igc_main.c | 12 +- drivers/net/ethernet/intel/igc/igc_regs.h | 1 + drivers/net/ethernet/intel/igc/igc_tsn.c | 113 +++++++++-- drivers/net/ethernet/intel/igc/igc_tsn.h | 1 + .../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 +- .../net/ethernet/mellanox/mlxbf_gige/mlxbf_gige.h | 9 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 10 + .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_regs.h | 2 + .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 50 ++++- drivers/net/ethernet/microsoft/mana/hw_channel.c | 68 ++++--- drivers/net/ethernet/microsoft/mana/mana.h | 1 + drivers/net/ethernet/microsoft/mana/mana_en.c | 22 ++- drivers/net/ethernet/xilinx/xilinx_axienet.h | 17 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 25 +-- drivers/net/gtp.c | 5 +- drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 6 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 ++- drivers/net/wireless/st/cw1200/txrx.c | 2 +- drivers/nfc/pn533/pn533.c | 5 + drivers/nvme/target/rdma.c | 16 +- drivers/nvme/target/tcp.c | 1 + drivers/nvme/target/trace.c | 6 +- drivers/nvme/target/trace.h | 28 +-- drivers/phy/xilinx/phy-zynqmp.c | 152 ++++++++++----- drivers/pinctrl/pinctrl-rockchip.c | 2 +- drivers/pinctrl/pinctrl-single.c | 2 + drivers/platform/surface/aggregator/controller.c | 3 +- drivers/platform/x86/lg-laptop.c | 2 +- drivers/s390/block/dasd.c | 36 ++-- drivers/s390/block/dasd_3990_erp.c | 10 +- drivers/s390/block/dasd_eckd.c | 57 +++--- drivers/s390/block/dasd_int.h | 2 +- drivers/s390/cio/idset.c | 12 +- drivers/scsi/aacraid/comminit.c | 2 + drivers/scsi/lpfc/lpfc_sli.c | 2 +- drivers/scsi/scsi_transport_spi.c | 4 +- drivers/soc/qcom/cmd-db.c | 2 +- drivers/soundwire/stream.c | 8 +- drivers/ssb/main.c | 2 +- drivers/staging/iio/resolver/ad2s1210.c | 7 +- drivers/staging/ks7010/ks7010_sdio.c | 4 +- drivers/thunderbolt/switch.c | 1 + drivers/usb/cdns3/cdnsp-gadget.h | 3 + drivers/usb/cdns3/cdnsp-ring.c | 30 ++- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/sysfs.c | 1 + drivers/usb/dwc3/core.c | 21 ++ drivers/usb/dwc3/dwc3-omap.c | 4 +- drivers/usb/dwc3/dwc3-st.c | 16 +- drivers/usb/gadget/udc/fsl_udc_core.c | 2 +- drivers/usb/host/xhci.c | 8 +- drivers/usb/serial/option.c | 5 + drivers/video/fbdev/offb.c | 3 +- fs/afs/file.c | 8 +- fs/binfmt_elf_fdpic.c | 2 +- fs/binfmt_misc.c | 216 ++++++++++++++++----- fs/btrfs/delayed-inode.c | 2 +- fs/btrfs/free-space-cache.c | 8 +- fs/btrfs/inode.c | 9 +- fs/btrfs/qgroup.c | 4 +- fs/btrfs/send.c | 9 +- fs/btrfs/tree-checker.c | 69 +++++++ fs/ext4/extents.c | 3 +- fs/ext4/mballoc.c | 3 + fs/f2fs/segment.c | 5 +- fs/file.c | 28 ++- fs/fuse/cuse.c | 3 +- fs/fuse/dev.c | 6 +- fs/fuse/fuse_i.h | 1 + fs/fuse/inode.c | 15 +- fs/fuse/virtio_fs.c | 10 + fs/gfs2/inode.c | 2 +- fs/inode.c | 39 +++- fs/ksmbd/smb2pdu.c | 3 +- fs/lockd/svc.c | 3 - fs/nfs/callback.c | 3 - fs/nfs/pnfs.c | 8 + fs/nfsd/export.c | 32 ++- fs/nfsd/export.h | 4 +- fs/nfsd/netns.h | 25 ++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfscache.c | 202 +++++++++++-------- fs/nfsd/nfsctl.c | 24 ++- fs/nfsd/nfsd.h | 1 + fs/nfsd/nfsfh.c | 3 +- fs/nfsd/nfssvc.c | 24 ++- fs/nfsd/stats.c | 52 ++--- fs/nfsd/stats.h | 83 +++----- fs/nfsd/trace.h | 22 +++ fs/nfsd/vfs.c | 6 +- fs/ntfs3/bitmap.c | 4 +- fs/ntfs3/fsntfs.c | 2 +- fs/ntfs3/index.c | 11 +- fs/ntfs3/ntfs_fs.h | 4 +- fs/ntfs3/super.c | 2 +- fs/quota/dquot.c | 5 +- include/linux/bitmap.h | 20 +- include/linux/blkdev.h | 2 +- include/linux/cpumask.h | 2 +- include/linux/fs.h | 5 + include/linux/pm.h | 55 ++++-- include/linux/pm_runtime.h | 14 ++ include/linux/sunrpc/svc.h | 5 +- include/net/busy_poll.h | 2 +- include/net/kcm.h | 1 + include/scsi/scsi_cmnd.h | 2 +- kernel/cgroup/cpuset.c | 13 +- kernel/time/clocksource.c | 42 ++-- kernel/time/hrtimer.c | 2 + lib/math/prime_numbers.c | 2 - mm/huge_memory.c | 30 ++- mm/memcontrol.c | 7 +- mm/memory.c | 29 ++- net/bluetooth/bnep/core.c | 3 +- net/bluetooth/hci_core.c | 19 +- net/bluetooth/mgmt.c | 4 + net/bluetooth/smp.c | 146 +++++++------- net/bridge/br_netfilter_hooks.c | 6 +- net/core/net-sysfs.c | 2 +- net/ethtool/ioctl.c | 3 + net/ipv6/ip6_output.c | 10 + net/ipv6/ip6_tunnel.c | 12 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 4 + net/iucv/iucv.c | 3 +- net/kcm/kcmsock.c | 4 + net/mac80211/agg-tx.c | 6 +- net/mac80211/driver-ops.c | 3 - net/mac80211/sta_info.c | 14 ++ net/mptcp/diag.c | 2 +- net/mptcp/protocol.c | 2 +- net/netfilter/nf_flow_table_inet.c | 3 + net/netfilter/nf_flow_table_ip.c | 3 + net/netfilter/nf_flow_table_offload.c | 2 +- net/netfilter/nfnetlink_queue.c | 35 +++- net/netfilter/nft_counter.c | 9 +- net/netlink/af_netlink.c | 13 +- net/rds/recv.c | 13 +- net/sched/sch_netem.c | 47 +++-- net/sunrpc/stats.c | 2 +- net/sunrpc/svc.c | 36 ++-- net/wireless/core.h | 8 +- security/apparmor/policy_unpack_test.c | 6 +- security/selinux/avc.c | 2 +- sound/core/timer.c | 2 +- sound/pci/hda/patch_realtek.c | 1 - sound/usb/quirks-table.h | 1 + sound/usb/quirks.c | 2 + tools/include/linux/align.h | 12 ++ tools/include/linux/bitmap.h | 9 +- tools/testing/selftests/core/close_range_test.c | 35 ++++ tools/testing/selftests/tc-testing/tdc.py | 1 - 224 files changed, 2394 insertions(+), 1053 deletions(-)

8 months

8
224
0 0

[PATCH] drm: imx: ipuv3-plane: fix HDMI cannot work for odd screen resolutions

by Paul Pu

This changes the judgement of if needing to round up the width or not, from using the `dp_flow` to the plane's type. The `dp_flow` can be -22(-EINVAL) even the plane is a PRIMARY one. See `client_reg[]` in `ipu-common.c`. [ 0.605141] [drm:ipu_plane_init] channel 28, dp flow -22, possible_crtcs=0x0 Per the commit message in commit: 71f9fd5bcf09, using the plane type for judging if rounding up is needed is correct. Fixes: 71f9fd5bcf09 ("drm/imx: ipuv3-plane: Fix overlay plane width") Cc: stable(a)vger.kernel.org Signed-off-by: Paul Pu <hui.pu(a)gehealthcare.com> --- drivers/gpu/drm/imx/ipuv3/ipuv3-plane.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/imx/ipuv3/ipuv3-plane.c b/drivers/gpu/drm/imx/ipuv3/ipuv3-plane.c index 704c549750f9..cee83ac70ada 100644 --- a/drivers/gpu/drm/imx/ipuv3/ipuv3-plane.c +++ b/drivers/gpu/drm/imx/ipuv3/ipuv3-plane.c @@ -614,7 +614,7 @@ static void ipu_plane_atomic_update(struct drm_plane *plane, break; } - if (ipu_plane->dp_flow == IPU_DP_FLOW_SYNC_BG) + if (ipu_plane->base.type == DRM_PLANE_TYPE_PRIMARY) width = ipu_src_rect_width(new_state); else width = drm_rect_width(&new_state->src) >> 16; base-commit: 431c1646e1f86b949fa3685efc50b660a364c2b6 -- 2.39.2

8 months

5
11
0 0

[PATCH v5.15] virtio_net: Fix napi_skb_cache_put warning

by Shivani Agarwal

From: Breno Leitao <leitao(a)debian.org> [ Upstream commit f8321fa75102246d7415a6af441872f6637c93ab ] After the commit bdacf3e34945 ("net: Use nested-BH locking for napi_alloc_cache.") was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 handle_bug+0x3d/0x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+0x1a/0x20 __free_old_xmit+0x1c8/0x510 napi_skb_cache_put+0x82/0x4b0 __free_old_xmit+0x1c8/0x510 __free_old_xmit+0x1c8/0x510 __pfx___free_old_xmit+0x10/0x10 The issue arises because virtio is assuming it's running in NAPI context even when it's not, such as in the netpoll case. To resolve this, modify virtnet_poll_tx() to only set NAPI when budget is available. Same for virtnet_poll_cleantx(), which always assumed that it was in a NAPI context. Fixes: df133f3f9625 ("virtio_net: bulk free tx skbs") Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Jakub Kicinski <kuba(a)kernel.org> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Reviewed-by: Heng Qi <hengqi(a)linux.alibaba.com> Link: https://patch.msgid.link/20240712115325.54175-1-leitao@debian.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Shivani: Modified to apply on v5.15.y] Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- drivers/net/virtio_net.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index bd0cb3a03b7b..d8138ad4f865 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -1548,7 +1548,7 @@ static bool is_xdp_raw_buffer_queue(struct virtnet_info *vi, int q) return false; } -static void virtnet_poll_cleantx(struct receive_queue *rq) +static void virtnet_poll_cleantx(struct receive_queue *rq, int budget) { struct virtnet_info *vi = rq->vq->vdev->priv; unsigned int index = vq2rxq(rq->vq); @@ -1561,7 +1561,7 @@ static void virtnet_poll_cleantx(struct receive_queue *rq) if (__netif_tx_trylock(txq)) { do { virtqueue_disable_cb(sq->vq); - free_old_xmit_skbs(sq, true); + free_old_xmit_skbs(sq, !!budget); } while (unlikely(!virtqueue_enable_cb_delayed(sq->vq))); if (sq->vq->num_free >= 2 + MAX_SKB_FRAGS) @@ -1580,7 +1580,7 @@ static int virtnet_poll(struct napi_struct *napi, int budget) unsigned int received; unsigned int xdp_xmit = 0; - virtnet_poll_cleantx(rq); + virtnet_poll_cleantx(rq, budget); received = virtnet_receive(rq, budget, &xdp_xmit); @@ -1683,7 +1683,7 @@ static int virtnet_poll_tx(struct napi_struct *napi, int budget) txq = netdev_get_tx_queue(vi->dev, index); __netif_tx_lock(txq, raw_smp_processor_id()); virtqueue_disable_cb(sq->vq); - free_old_xmit_skbs(sq, true); + free_old_xmit_skbs(sq, !!budget); if (sq->vq->num_free >= 2 + MAX_SKB_FRAGS) netif_tx_wake_queue(txq); -- 2.39.4

8 months

1
0
0 0

[PATCH v6.1] virtio_net: Fix napi_skb_cache_put warning

by Shivani Agarwal

From: Breno Leitao <leitao(a)debian.org> [ Upstream commit f8321fa75102246d7415a6af441872f6637c93ab ] After the commit bdacf3e34945 ("net: Use nested-BH locking for napi_alloc_cache.") was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 handle_bug+0x3d/0x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+0x1a/0x20 __free_old_xmit+0x1c8/0x510 napi_skb_cache_put+0x82/0x4b0 __free_old_xmit+0x1c8/0x510 __free_old_xmit+0x1c8/0x510 __pfx___free_old_xmit+0x10/0x10 The issue arises because virtio is assuming it's running in NAPI context even when it's not, such as in the netpoll case. To resolve this, modify virtnet_poll_tx() to only set NAPI when budget is available. Same for virtnet_poll_cleantx(), which always assumed that it was in a NAPI context. Fixes: df133f3f9625 ("virtio_net: bulk free tx skbs") Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Jakub Kicinski <kuba(a)kernel.org> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Reviewed-by: Heng Qi <hengqi(a)linux.alibaba.com> Link: https://patch.msgid.link/20240712115325.54175-1-leitao@debian.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Shivani: Modified to apply on v6.1.y] Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- drivers/net/virtio_net.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 61cc0ed1ddc1..e3e5107adaca 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -1638,7 +1638,7 @@ static bool is_xdp_raw_buffer_queue(struct virtnet_info *vi, int q) return false; } -static void virtnet_poll_cleantx(struct receive_queue *rq) +static void virtnet_poll_cleantx(struct receive_queue *rq, int budget) { struct virtnet_info *vi = rq->vq->vdev->priv; unsigned int index = vq2rxq(rq->vq); @@ -1656,7 +1656,7 @@ static void virtnet_poll_cleantx(struct receive_queue *rq) do { virtqueue_disable_cb(sq->vq); - free_old_xmit_skbs(sq, true); + free_old_xmit_skbs(sq, !!budget); } while (unlikely(!virtqueue_enable_cb_delayed(sq->vq))); if (sq->vq->num_free >= 2 + MAX_SKB_FRAGS) @@ -1675,7 +1675,7 @@ static int virtnet_poll(struct napi_struct *napi, int budget) unsigned int received; unsigned int xdp_xmit = 0; - virtnet_poll_cleantx(rq); + virtnet_poll_cleantx(rq, budget); received = virtnet_receive(rq, budget, &xdp_xmit); @@ -1778,7 +1778,7 @@ static int virtnet_poll_tx(struct napi_struct *napi, int budget) txq = netdev_get_tx_queue(vi->dev, index); __netif_tx_lock(txq, raw_smp_processor_id()); virtqueue_disable_cb(sq->vq); - free_old_xmit_skbs(sq, true); + free_old_xmit_skbs(sq, !!budget); if (sq->vq->num_free >= 2 + MAX_SKB_FRAGS) netif_tx_wake_queue(txq); -- 2.39.4

8 months

1
0
0 0

[PATCH RESEND] wifi: mt76: mt7921: Check devm_kasprintf() returned value

by Ma Ke

devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 6ae39b7c7ed4 ("wifi: mt76: mt7921: Support temp sensor") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/net/wireless/mediatek/mt76/mt7921/init.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/init.c b/drivers/net/wireless/mediatek/mt76/mt7921/init.c index ef0c721d26e3..5ab395d9d93e 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/init.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/init.c @@ -52,6 +52,8 @@ static int mt7921_thermal_init(struct mt792x_phy *phy) name = devm_kasprintf(&wiphy->dev, GFP_KERNEL, "mt7921_%s", wiphy_name(wiphy)); + if (!name) + return -ENOMEM; hwmon = devm_hwmon_device_register_with_groups(&wiphy->dev, name, phy, mt7921_hwmon_groups); -- 2.25.1

8 months

3
2
0 0

[PATCH RESEND] mt76: mt7915: check devm_kasprintf() returned value

by Ma Ke

devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 6ae39b7c7ed4 ("wifi: mt76: mt7921: Support temp sensor") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/init.c b/drivers/net/wireless/mediatek/mt76/mt7915/init.c index a978f434dc5e..7bc3b4cd3592 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7915/init.c +++ b/drivers/net/wireless/mediatek/mt76/mt7915/init.c @@ -194,6 +194,8 @@ static int mt7915_thermal_init(struct mt7915_phy *phy) name = devm_kasprintf(&wiphy->dev, GFP_KERNEL, "mt7915_%s", wiphy_name(wiphy)); + if (!name) + return -ENOMEM; cdev = thermal_cooling_device_register(name, phy, &mt7915_thermal_ops); if (!IS_ERR(cdev)) { -- 2.25.1

8 months

2
1
0 0

[PATCH v6.6] virtio_net: Fix napi_skb_cache_put warning

by Shivani Agarwal

From: Breno Leitao <leitao(a)debian.org> [ Upstream commit f8321fa75102246d7415a6af441872f6637c93ab ] After the commit bdacf3e34945 ("net: Use nested-BH locking for napi_alloc_cache.") was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 handle_bug+0x3d/0x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+0x1a/0x20 __free_old_xmit+0x1c8/0x510 napi_skb_cache_put+0x82/0x4b0 __free_old_xmit+0x1c8/0x510 __free_old_xmit+0x1c8/0x510 __pfx___free_old_xmit+0x10/0x10 The issue arises because virtio is assuming it's running in NAPI context even when it's not, such as in the netpoll case. To resolve this, modify virtnet_poll_tx() to only set NAPI when budget is available. Same for virtnet_poll_cleantx(), which always assumed that it was in a NAPI context. Fixes: df133f3f9625 ("virtio_net: bulk free tx skbs") Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Jakub Kicinski <kuba(a)kernel.org> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Reviewed-by: Heng Qi <hengqi(a)linux.alibaba.com> Link: https://patch.msgid.link/20240712115325.54175-1-leitao@debian.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Shivani: Modified to apply on v6.6.y] Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- drivers/net/virtio_net.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 51ade909c84f..bc01f2dafa94 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -2140,7 +2140,7 @@ static int virtnet_receive(struct receive_queue *rq, int budget, return packets; } -static void virtnet_poll_cleantx(struct receive_queue *rq) +static void virtnet_poll_cleantx(struct receive_queue *rq, int budget) { struct virtnet_info *vi = rq->vq->vdev->priv; unsigned int index = vq2rxq(rq->vq); @@ -2158,7 +2158,7 @@ static void virtnet_poll_cleantx(struct receive_queue *rq) do { virtqueue_disable_cb(sq->vq); - free_old_xmit_skbs(sq, true); + free_old_xmit_skbs(sq, !!budget); } while (unlikely(!virtqueue_enable_cb_delayed(sq->vq))); if (sq->vq->num_free >= 2 + MAX_SKB_FRAGS) @@ -2177,7 +2177,7 @@ static int virtnet_poll(struct napi_struct *napi, int budget) unsigned int received; unsigned int xdp_xmit = 0; - virtnet_poll_cleantx(rq); + virtnet_poll_cleantx(rq, budget); received = virtnet_receive(rq, budget, &xdp_xmit); @@ -2280,7 +2280,7 @@ static int virtnet_poll_tx(struct napi_struct *napi, int budget) txq = netdev_get_tx_queue(vi->dev, index); __netif_tx_lock(txq, raw_smp_processor_id()); virtqueue_disable_cb(sq->vq); - free_old_xmit_skbs(sq, true); + free_old_xmit_skbs(sq, !!budget); if (sq->vq->num_free >= 2 + MAX_SKB_FRAGS) netif_tx_wake_queue(txq); -- 2.39.4

8 months

1
0
0 0

[PATCH] net: drop bad gso csum_start and offset in virtio_net_hdr

by Denis Arefev

From: Willem de Bruijn <willemb(a)google.com> Tighten csum_start and csum_offset checks in virtio_net_hdr_to_skb for GSO packets. The function already checks that a checksum requested with VIRTIO_NET_HDR_F_NEEDS_CSUM is in skb linear. But for GSO packets this might not hold for segs after segmentation. Syzkaller demonstrated to reach this warning in skb_checksum_help offset = skb_checksum_start_offset(skb); ret = -EINVAL; if (WARN_ON_ONCE(offset >= skb_headlen(skb))) By injecting a TSO packet: WARNING: CPU: 1 PID: 3539 at net/core/dev.c:3284 skb_checksum_help+0x3d0/0x5b0 ip_do_fragment+0x209/0x1b20 net/ipv4/ip_output.c:774 ip_finish_output_gso net/ipv4/ip_output.c:279 [inline] __ip_finish_output+0x2bd/0x4b0 net/ipv4/ip_output.c:301 iptunnel_xmit+0x50c/0x930 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x2296/0x2c70 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x759/0xa60 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4850 [inline] netdev_start_xmit include/linux/netdevice.h:4864 [inline] xmit_one net/core/dev.c:3595 [inline] dev_hard_start_xmit+0x261/0x8c0 net/core/dev.c:3611 __dev_queue_xmit+0x1b97/0x3c90 net/core/dev.c:4261 packet_snd net/packet/af_packet.c:3073 [inline] The geometry of the bad input packet at tcp_gso_segment: [ 52.003050][ T8403] skb len=12202 headroom=244 headlen=12093 tailroom=0 [ 52.003050][ T8403] mac=(168,24) mac_len=24 net=(192,52) trans=244 [ 52.003050][ T8403] shinfo(txflags=0 nr_frags=1 gso(size=1552 type=3 segs=0)) [ 52.003050][ T8403] csum(0x60000c7 start=199 offset=1536 ip_summed=3 complete_sw=0 valid=0 level=0) Mitigate with stricter input validation. csum_offset: for GSO packets, deduce the correct value from gso_type. This is already done for USO. Extend it to TSO. Let UFO be: udp[46]_ufo_fragment ignores these fields and always computes the checksum in software. csum_start: finding the real offset requires parsing to the transport header. Do not add a parser, use existing segmentation parsing. Thanks to SKB_GSO_DODGY, that also catches bad packets that are hw offloaded. Again test both TSO and USO. Do not test UFO for the above reason, and do not test UDP tunnel offload. GSO packet are almost always CHECKSUM_PARTIAL. USO packets may be CHECKSUM_NONE since commit 10154dbded6d6 ("udp: Allow GSO transmit from devices with no checksum offload"), but then still these fields are initialized correctly in udp4_hwcsum/udp6_hwcsum_outgoing. So no need to test for ip_summed == CHECKSUM_PARTIAL first. This revises an existing fix mentioned in the Fixes tag, which broke small packets with GSO offload, as detected by kselftests. Link: https://syzkaller.appspot.com/bug?extid=e1db31216c789f552871 Link: https://lore.kernel.org/netdev/20240723223109.2196886-1-kuba@kernel.org Fixes: e269d79c7d35 ("net: missing check virtio") Cc: stable(a)vger.kernel.org Signed-off-by: Willem de Bruijn <willemb(a)google.com> Link: https://patch.msgid.link/20240729201108.1615114-1-willemdebruijn.kernel@gma… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> (cherry picked from commit 89add40066f9ed9abe5f7f886fe5789ff7e0c50e) --- include/linux/virtio_net.h | 22 ++++++++++++++++++++-- net/ipv4/tcp_offload.c | 3 +++ net/ipv4/udp_offload.c | 18 +++++++++++++++--- 3 files changed, 38 insertions(+), 5 deletions(-) diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h index 6047058d6703..6fe99dd3ca39 100644 --- a/include/linux/virtio_net.h +++ b/include/linux/virtio_net.h @@ -144,9 +144,27 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, unsigned int nh_off = p_off; struct skb_shared_info *shinfo = skb_shinfo(skb); - /* UFO may not include transport header in gso_size. */ - if (gso_type & SKB_GSO_UDP) + switch (gso_type & ~SKB_GSO_TCP_ECN) { + case SKB_GSO_UDP: + /* UFO may not include transport header in gso_size. */ nh_off -= thlen; + break; + case SKB_GSO_UDP_L4: + if (!(hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM)) + return -EINVAL; + if (skb->csum_offset != offsetof(struct udphdr, check)) + return -EINVAL; + if (skb->len - p_off > gso_size * UDP_MAX_SEGMENTS) + return -EINVAL; + if (gso_type != SKB_GSO_UDP_L4) + return -EINVAL; + break; + case SKB_GSO_TCPV4: + case SKB_GSO_TCPV6: + if (skb->csum_offset != offsetof(struct tcphdr, check)) + return -EINVAL; + break; + } /* Kernel has a special handling for GSO_BY_FRAGS. */ if (gso_size == GSO_BY_FRAGS) diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c index fc61cd3fea65..357d3be04f84 100644 --- a/net/ipv4/tcp_offload.c +++ b/net/ipv4/tcp_offload.c @@ -71,6 +71,9 @@ struct sk_buff *tcp_gso_segment(struct sk_buff *skb, if (thlen < sizeof(*th)) goto out; + if (unlikely(skb_checksum_start(skb) != skb_transport_header(skb))) + goto out; + if (!pskb_may_pull(skb, thlen)) goto out; diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c index a0b569d0085b..0407b829e481 100644 --- a/net/ipv4/udp_offload.c +++ b/net/ipv4/udp_offload.c @@ -269,13 +269,25 @@ struct sk_buff *__udp_gso_segment(struct sk_buff *gso_skb, __sum16 check; __be16 newlen; - if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) - return __udp_gso_segment_list(gso_skb, features, is_ipv6); - mss = skb_shinfo(gso_skb)->gso_size; if (gso_skb->len <= sizeof(*uh) + mss) return ERR_PTR(-EINVAL); + if (unlikely(skb_checksum_start(gso_skb) != + skb_transport_header(gso_skb) && + !(skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST))) + return ERR_PTR(-EINVAL); + + if (skb_gso_ok(gso_skb, features | NETIF_F_GSO_ROBUST)) { + /* Packet is from an untrusted source, reset gso_segs. */ + skb_shinfo(gso_skb)->gso_segs = DIV_ROUND_UP(gso_skb->len - sizeof(*uh), + mss); + return NULL; + } + + if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) + return __udp_gso_segment_list(gso_skb, features, is_ipv6); + skb_pull(gso_skb, sizeof(*uh)); /* clear destructor to avoid skb_segment assigning it to tail */ -- 2.20.1

8 months

1
0
0 0

[PATCH 6.1 00/71] 6.1.108-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.108 release. There are 71 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 03 Sep 2024 16:07:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.108-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.108-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> fbdev: offb: fix up missing cleanup.h Guenter Roeck <linux(a)roeck-us.net> apparmor: fix policy_unpack_test on big endian systems Ben Hutchings <benh(a)debian.org> scsi: aacraid: Fix double-free on probe failure Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> igc: Fix qbv tx latency by setting gtxoffset Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> igc: Fix reset adapter logics when tx mode change Sean Anderson <sean.anderson(a)linux.dev> phy: zynqmp: Enable reference clock correctly Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fix for Link TRB with TC Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function Zijun Hu <quic_zijuhu(a)quicinc.com> usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: add missing depopulate in probe error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: fix probed platform device ref count on probe error path Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Prevent USB core invalid event buffer address access Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: omap: add missing depopulate in probe error path ZHANG Yuntian <yt(a)radxa.com> USB: serial: option: add MeiG Smart SRM825L Ian Ray <ian.ray(a)gehealthcare.com> cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> soc: qcom: cmd-db: Map shared memory as WC, not WB Aleksandr Mishin <amishin(a)t-argos.ru> nfc: pn533: Add poll mod list filling check Eric Dumazet <edumazet(a)google.com> net: busy-poll: use ktime_get_ns() instead of local_clock() Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: avoid using null object of framebuffer Ondrej Mosnacek <omosnace(a)redhat.com> sctp: fix association labeling in the duplicate COOKIE-ECHO case Cong Wang <cong.wang(a)bytedance.com> gtp: fix a potential NULL pointer dereference Jianbo Liu <jianbol(a)nvidia.com> bonding: implement xdo_dev_state_free and call it after deletion Petr Machata <petrm(a)nvidia.com> selftests: forwarding: local_termination: Down ports on cleanup Petr Machata <petrm(a)nvidia.com> selftests: forwarding: no_forwarding: Down ports on cleanup Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation Jamie Bainbridge <jamie.bainbridge(a)gmail.com> ethtool: check device is present when getting link settings Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: fix wgds rev 3 exact size Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restore IP sanity checks for netdev/egress Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Do not return 0 from map_pages if it doesn't do anything Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not handling hibernation actions Serge Semin <fancer.lancer(a)gmail.com> dmaengine: dw: Add memory bus width verification Serge Semin <fancer.lancer(a)gmail.com> dmaengine: dw: Add peripheral bus width verification Piyush Mehta <piyush.mehta(a)amd.com> phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume Piyush Mehta <piyush.mehta(a)amd.com> phy: xilinx: phy-zynqmp: dynamic clock support for power-save Piyush Mehta <piyush.mehta(a)amd.com> phy: xilinx: add runtime PM support Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix programming slave ports for non-continous port maps Filipe Manana <fdmanana(a)suse.com> btrfs: fix extent map use-after-free when adding pages to compressed bio David Howells <dhowells(a)redhat.com> mm: Fix missing folio invalidation calls during truncation Nícolas F. R. A. Prado <nfraprado(a)collabora.com> pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: Fix for acp init sequence Yuntao Liu <liuyuntao12(a)huawei.com> ASoC: amd: acp: fix module autoloading Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> thermal: of: Fix OF node leak in of_thermal_zone_find() error paths Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> thermal: of: Fix OF node leak in thermal_of_trips_init() error path Jonathan Cameron <Jonathan.Cameron(a)huawei.com> of: Introduce for_each_*_child_of_node_scoped() to automate of_node_put() handling Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only mark 'subflow' endp as available Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: remove mptcp_pm_remove_subflow() Geliang Tang <geliang.tang(a)suse.com> mptcp: unify pm get_local_id interfaces Mengqi Zhang <mengqi.zhang(a)mediatek.com> mmc: mtk-sd: receive cmd8 data when hs400 tuning fail ChanWoo Lee <cw9316.lee(a)samsung.com> mmc: Avoid open coding by using mmc_op_tuning() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister existing source caps before re-registration" Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix null pointer dereference on error Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swsmu: always force a state reprogram on init Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: align pp_power_profile_mode with kernel docs Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: ADD_ADDR 0 is not a new address Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not remove already closed subflows Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: send ACK on an active subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: reset MPC endp ID when re-added Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: skip connecting to already established sf Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sched: check both backup in retrans Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: close subflow when receiving TCP+FIN Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: duplicate static structs used in driver instances Alexander Sverdlin <alexander.sverdlin(a)siemens.com> wifi: wfx: repair open network AP mode Jonathan Cameron <Jonathan.Cameron(a)huawei.com> of: Add cleanup.h based auto release via __free(device_node) markings Ma Ke <make24(a)iscas.ac.cn> pinctrl: single: fix potential NULL dereference in pcs_get_function() Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Stefan Metzmacher <metze(a)samba.org> smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() Josef Bacik <josef(a)toxicpanda.com> btrfs: run delayed iputs when flushing delalloc Miao Wang <shankerwangmiao(a)gmail.com> LoongArch: Remove the unused dma-direct.h Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc ------------- Diffstat: Makefile | 4 +- arch/loongarch/include/asm/dma-direct.h | 11 -- drivers/ata/libata-core.c | 3 + drivers/dma/dw/core.c | 89 +++++++++++- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 9 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 21 +-- drivers/iommu/io-pgtable-arm-v7s.c | 3 +- drivers/iommu/io-pgtable-arm.c | 3 +- drivers/iommu/io-pgtable-dart.c | 3 +- drivers/mmc/core/core.c | 3 +- drivers/mmc/host/dw_mmc.c | 3 +- drivers/mmc/host/mtk-sd.c | 14 +- drivers/mmc/host/sdhci-msm.c | 3 +- drivers/mmc/host/sdhci-pci-o2micro.c | 3 +- drivers/mmc/host/sdhci-tegra.c | 8 +- drivers/mmc/host/sdhci.c | 9 +- drivers/net/bonding/bond_main.c | 36 +++++ drivers/net/ethernet/intel/igc/igc_tsn.c | 9 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 68 ++++----- drivers/net/gtp.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 ++++- drivers/net/wireless/silabs/wfx/sta.c | 5 +- drivers/nfc/pn533/pn533.c | 5 + drivers/phy/xilinx/phy-zynqmp.c | 152 ++++++++++++++------- drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 55 ++++---- drivers/pinctrl/pinctrl-rockchip.c | 2 +- drivers/pinctrl/pinctrl-single.c | 2 + drivers/scsi/aacraid/comminit.c | 2 + drivers/soc/qcom/cmd-db.c | 2 +- drivers/soundwire/stream.c | 8 +- drivers/thermal/thermal_of.c | 17 +-- drivers/usb/cdns3/cdnsp-gadget.h | 3 + drivers/usb/cdns3/cdnsp-ring.c | 30 +++- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/sysfs.c | 1 + drivers/usb/dwc3/core.c | 8 ++ drivers/usb/dwc3/dwc3-omap.c | 4 +- drivers/usb/dwc3/dwc3-st.c | 16 +-- drivers/usb/serial/option.c | 5 + drivers/usb/typec/tcpm/tcpm.c | 14 +- drivers/video/fbdev/offb.c | 1 + fs/btrfs/compression.c | 2 +- fs/btrfs/qgroup.c | 2 + fs/smb/client/smb2pdu.c | 2 +- include/linux/of.h | 15 ++ include/net/busy_poll.h | 2 +- include/net/netfilter/nf_tables_ipv4.h | 10 +- include/net/netfilter/nf_tables_ipv6.h | 5 +- mm/truncate.c | 4 +- net/bluetooth/hci_core.c | 10 +- net/core/net-sysfs.c | 2 +- net/ethtool/ioctl.c | 3 + net/mptcp/pm.c | 32 +++-- net/mptcp/pm_netlink.c | 110 ++++++++------- net/mptcp/protocol.c | 7 +- net/mptcp/protocol.h | 7 +- net/mptcp/subflow.c | 8 +- net/sctp/sm_statefuns.c | 22 ++- security/apparmor/policy_unpack_test.c | 6 +- sound/soc/amd/acp/acp-legacy-mach.c | 2 + sound/soc/sof/amd/acp.c | 19 ++- sound/soc/sof/amd/acp.h | 7 +- .../selftests/net/forwarding/local_termination.sh | 4 + .../selftests/net/forwarding/no_forwarding.sh | 3 + 66 files changed, 653 insertions(+), 318 deletions(-)

8 months

8
78
0 0

[merged mm-stable] mm-krealloc-consider-spare-memory-for-__gfp_zero.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: krealloc: consider spare memory for __GFP_ZERO has been removed from the -mm tree. Its filename was mm-krealloc-consider-spare-memory-for-__gfp_zero.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Danilo Krummrich <dakr(a)kernel.org> Subject: mm: krealloc: consider spare memory for __GFP_ZERO Date: Tue, 13 Aug 2024 00:34:34 +0200 As long as krealloc() is called with __GFP_ZERO consistently, starting with the initial memory allocation, __GFP_ZERO should be fully honored. However, if for an existing allocation krealloc() is called with a decreased size, it is not ensured that the spare portion the allocation is zeroed. Thus, if krealloc() is subsequently called with a larger size again, __GFP_ZERO can't be fully honored, since we don't know the previous size, but only the bucket size. Example: buf = kzalloc(64, GFP_KERNEL); memset(buf, 0xff, 64); buf = krealloc(buf, 48, GFP_KERNEL | __GFP_ZERO); /* After this call the last 16 bytes are still 0xff. */ buf = krealloc(buf, 64, GFP_KERNEL | __GFP_ZERO); Fix this, by explicitly setting spare memory to zero, when shrinking an allocation with __GFP_ZERO flag set or init_on_alloc enabled. Link: https://lkml.kernel.org/r/20240812223707.32049-1-dakr@kernel.org Signed-off-by: Danilo Krummrich <dakr(a)kernel.org> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Acked-by: David Rientjes <rientjes(a)google.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slab_common.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/mm/slab_common.c~mm-krealloc-consider-spare-memory-for-__gfp_zero +++ a/mm/slab_common.c @@ -1273,6 +1273,13 @@ __do_krealloc(const void *p, size_t new_ /* If the object still fits, repoison it precisely. */ if (ks >= new_size) { + /* Zero out spare memory. */ + if (want_init_on_alloc(flags)) { + kasan_disable_current(); + memset((void *)p + new_size, 0, ks - new_size); + kasan_enable_current(); + } + p = kasan_krealloc((void *)p, new_size, flags); return (void *)p; } _ Patches currently in -mm which might be from dakr(a)kernel.org are

8 months

1
0
0 0

[PATCH] drm: imx: ipuv3-plane: fix HDMI cannot work for odd screen resolutions

by Paul Pu

This changes the judgement of if needing to round up the width or not, from using the `dp_flow` to the plane's type. The `dp_flow` can be -22(-EINVAL) even the plane is a PRIMARY one. See `client_reg[]` in `ipu-common.c`. [ 0.605141] [drm:ipu_plane_init] channel 28, dp flow -22, possible_crtcs=0x0 Per the commit message in commit: 71f9fd5bcf09, using the plane type for judging if rounding up is needed is correct. Fixes: 71f9fd5bcf09 ("drm/imx: ipuv3-plane: Fix overlay plane width") Cc: stable(a)vger.kernel.org Signed-off-by: Paul Pu <hui.pu(a)gehealthcare.com> --- drivers/gpu/drm/imx/ipuv3/ipuv3-plane.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/imx/ipuv3/ipuv3-plane.c b/drivers/gpu/drm/imx/ipuv3/ipuv3-plane.c index 704c549750f9..cee83ac70ada 100644 --- a/drivers/gpu/drm/imx/ipuv3/ipuv3-plane.c +++ b/drivers/gpu/drm/imx/ipuv3/ipuv3-plane.c @@ -614,7 +614,7 @@ static void ipu_plane_atomic_update(struct drm_plane *plane, break; } - if (ipu_plane->dp_flow == IPU_DP_FLOW_SYNC_BG) + if (ipu_plane->base.type == DRM_PLANE_TYPE_PRIMARY) width = ipu_src_rect_width(new_state); else width = drm_rect_width(&new_state->src) >> 16; base-commit: 431c1646e1f86b949fa3685efc50b660a364c2b6 -- 2.39.2

8 months

1
0
0 0

[PATCH] usb: gadget: dummy_hcd: execute hrtimer callback in softirq context

by andrey.konovalov＠linux.dev

From: Andrey Konovalov <andreyknvl(a)gmail.com> Commit a7f3813e589f ("usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler") switched dummy_hcd to use hrtimer and made the timer's callback be executed in the hardirq context. With that change, __usb_hcd_giveback_urb now gets executed in the hardirq context, which causes problems for KCOV and KMSAN. One problem is that KCOV now is unable to collect coverage from the USB code that gets executed from the dummy_hcd's timer callback, as KCOV cannot collect coverage in the hardirq context. Another problem is that the dummy_hcd hrtimer might get triggered in the middle of a softirq with KCOV remote coverage collection enabled, and that causes a WARNING in KCOV, as reported by syzbot. (I sent a separate patch to shut down this WARNING, but that doesn't fix the other two issues.) Finally, KMSAN appears to ignore tracking memory copying operations that happen in the hardirq context, which causes false positive kernel-infoleaks, as reported by syzbot. Change the hrtimer in dummy_hcd to execute the callback in the softirq context. Reported-by: syzbot+2388cdaeb6b10f0c13ac(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2388cdaeb6b10f0c13ac Reported-by: syzbot+17ca2339e34a1d863aad(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=17ca2339e34a1d863aad Fixes: a7f3813e589f ("usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler") Cc: stable(a)vger.kernel.org Signed-off-by: Andrey Konovalov <andreyknvl(a)gmail.com> --- Marcello, would this change be acceptable for your use case? If we wanted to keep the hardirq hrtimer, we would need teach KCOV to collect coverage in the hardirq context (or disable it, which would be unfortunate) and also fix whatever is wrong with KMSAN, but all that requires some work. --- drivers/usb/gadget/udc/dummy_hcd.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/usb/gadget/udc/dummy_hcd.c b/drivers/usb/gadget/udc/dummy_hcd.c index f37b0d8386c1a..ff7bee78bcc49 100644 --- a/drivers/usb/gadget/udc/dummy_hcd.c +++ b/drivers/usb/gadget/udc/dummy_hcd.c @@ -1304,7 +1304,8 @@ static int dummy_urb_enqueue( /* kick the scheduler, it'll do the rest */ if (!hrtimer_active(&dum_hcd->timer)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), + HRTIMER_MODE_REL_SOFT); done: spin_unlock_irqrestore(&dum_hcd->dum->lock, flags); @@ -1325,7 +1326,7 @@ static int dummy_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) rc = usb_hcd_check_unlink_urb(hcd, urb, status); if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING && !list_empty(&dum_hcd->urbp_list)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT); spin_unlock_irqrestore(&dum_hcd->dum->lock, flags); return rc; @@ -1995,7 +1996,8 @@ static enum hrtimer_restart dummy_timer(struct hrtimer *t) dum_hcd->udev = NULL; } else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) { /* want a 1 msec delay here */ - hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), + HRTIMER_MODE_REL_SOFT); } spin_unlock_irqrestore(&dum->lock, flags); @@ -2389,7 +2391,7 @@ static int dummy_bus_resume(struct usb_hcd *hcd) dum_hcd->rh_state = DUMMY_RH_RUNNING; set_link_state(dum_hcd); if (!list_empty(&dum_hcd->urbp_list)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT); hcd->state = HC_STATE_RUNNING; } spin_unlock_irq(&dum_hcd->dum->lock); @@ -2467,7 +2469,7 @@ static DEVICE_ATTR_RO(urbs); static int dummy_start_ss(struct dummy_hcd *dum_hcd) { - hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); + hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); dum_hcd->timer.function = dummy_timer; dum_hcd->rh_state = DUMMY_RH_RUNNING; dum_hcd->stream_en_ep = 0; @@ -2497,7 +2499,7 @@ static int dummy_start(struct usb_hcd *hcd) return dummy_start_ss(dum_hcd); spin_lock_init(&dum_hcd->dum->lock); - hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); + hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); dum_hcd->timer.function = dummy_timer; dum_hcd->rh_state = DUMMY_RH_RUNNING; -- 2.25.1

8 months

6
8
0 0

[PATCH RESEND] usb: gadget: dummy_hcd: execute hrtimer callback in softirq context

by andrey.konovalov＠linux.dev

From: Andrey Konovalov <andreyknvl(a)gmail.com> Commit a7f3813e589f ("usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler") switched dummy_hcd to use hrtimer and made the timer's callback be executed in the hardirq context. With that change, __usb_hcd_giveback_urb now gets executed in the hardirq context, which causes problems for KCOV and KMSAN. One problem is that KCOV now is unable to collect coverage from the USB code that gets executed from the dummy_hcd's timer callback, as KCOV cannot collect coverage in the hardirq context. Another problem is that the dummy_hcd hrtimer might get triggered in the middle of a softirq with KCOV remote coverage collection enabled, and that causes a WARNING in KCOV, as reported by syzbot. (I sent a separate patch to shut down this WARNING, but that doesn't fix the other two issues.) Finally, KMSAN appears to ignore tracking memory copying operations that happen in the hardirq context, which causes false positive kernel-infoleaks, as reported by syzbot. Change the hrtimer in dummy_hcd to execute the callback in the softirq context. Reported-by: syzbot+2388cdaeb6b10f0c13ac(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2388cdaeb6b10f0c13ac Reported-by: syzbot+17ca2339e34a1d863aad(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=17ca2339e34a1d863aad Reported-by: syzbot+c793a7eca38803212c61(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c793a7eca38803212c61 Reported-by: syzbot+1e6e0b916b211bee1bd6(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=1e6e0b916b211bee1bd6 Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202406141323.413a90d2-lkp@intel.com Fixes: a7f3813e589f ("usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler") Cc: stable(a)vger.kernel.org Acked-by: Marcello Sylvester Bauer <sylv(a)sylv.io> Signed-off-by: Andrey Konovalov <andreyknvl(a)gmail.com> --- No difference to v1 except a few more tags. --- drivers/usb/gadget/udc/dummy_hcd.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/usb/gadget/udc/dummy_hcd.c b/drivers/usb/gadget/udc/dummy_hcd.c index f37b0d8386c1a..ff7bee78bcc49 100644 --- a/drivers/usb/gadget/udc/dummy_hcd.c +++ b/drivers/usb/gadget/udc/dummy_hcd.c @@ -1304,7 +1304,8 @@ static int dummy_urb_enqueue( /* kick the scheduler, it'll do the rest */ if (!hrtimer_active(&dum_hcd->timer)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), + HRTIMER_MODE_REL_SOFT); done: spin_unlock_irqrestore(&dum_hcd->dum->lock, flags); @@ -1325,7 +1326,7 @@ static int dummy_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) rc = usb_hcd_check_unlink_urb(hcd, urb, status); if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING && !list_empty(&dum_hcd->urbp_list)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT); spin_unlock_irqrestore(&dum_hcd->dum->lock, flags); return rc; @@ -1995,7 +1996,8 @@ static enum hrtimer_restart dummy_timer(struct hrtimer *t) dum_hcd->udev = NULL; } else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) { /* want a 1 msec delay here */ - hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), + HRTIMER_MODE_REL_SOFT); } spin_unlock_irqrestore(&dum->lock, flags); @@ -2389,7 +2391,7 @@ static int dummy_bus_resume(struct usb_hcd *hcd) dum_hcd->rh_state = DUMMY_RH_RUNNING; set_link_state(dum_hcd); if (!list_empty(&dum_hcd->urbp_list)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT); hcd->state = HC_STATE_RUNNING; } spin_unlock_irq(&dum_hcd->dum->lock); @@ -2467,7 +2469,7 @@ static DEVICE_ATTR_RO(urbs); static int dummy_start_ss(struct dummy_hcd *dum_hcd) { - hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); + hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); dum_hcd->timer.function = dummy_timer; dum_hcd->rh_state = DUMMY_RH_RUNNING; dum_hcd->stream_en_ep = 0; @@ -2497,7 +2499,7 @@ static int dummy_start(struct usb_hcd *hcd) return dummy_start_ss(dum_hcd); spin_lock_init(&dum_hcd->dum->lock); - hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); + hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); dum_hcd->timer.function = dummy_timer; dum_hcd->rh_state = DUMMY_RH_RUNNING; -- 2.25.1

8 months

1
0
0 0

[PATCH] ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error

by Ma Ke

Return devm_of_clk_add_hw_provider() in order to transfer the error, if it fails due to resource allocation failure or device tree clock provider registration failure. Cc: stable(a)vger.kernel.org Fixes: ebbfabc16d23 ("ASoC: rt5682: Add CCF usage for providing I2S clks") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- sound/soc/codecs/rt5682.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sound/soc/codecs/rt5682.c b/sound/soc/codecs/rt5682.c index e3aca9c785a0..aa163ec40862 100644 --- a/sound/soc/codecs/rt5682.c +++ b/sound/soc/codecs/rt5682.c @@ -2903,8 +2903,10 @@ int rt5682_register_dai_clks(struct rt5682_priv *rt5682) } if (dev->of_node) { - devm_of_clk_add_hw_provider(dev, of_clk_hw_simple_get, + ret = devm_of_clk_add_hw_provider(dev, of_clk_hw_simple_get, dai_clk_hw); + if (ret) + return ret; } else { ret = devm_clk_hw_register_clkdev(dev, dai_clk_hw, init.name, -- 2.25.1

8 months

2
1
0 0

[PATCH 6.6 000/166] 6.6.8-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.8 release. There are 166 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 20 Dec 2023 13:50:31 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.8-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.8-rc1 Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Change the key being sent for MPV device affiliation Fangrui Song <maskray(a)google.com> x86/speculation, objtool: Use absolute relocations for annotations Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Have rb_time_cmpxchg() set the msb counter too Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not try to put back write_stamp Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix writing to the buffer with max_data_size Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Have saved event hold the entire event Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not update before stamp when switching sub-buffers Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Update snapshot buffer on resize if it is allocated Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix memory leak of free page Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in smb2_query_reparse_point() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL deref in asn1_ber_decoder() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential OOBs in smb2_parse_contexts() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix OOB in receive_encrypted_standard() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix remapped stride with CCS on ADL+ Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix intel_atomic_setup_scalers() plane_state handling Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix ADL+ tiled plane stride when the POT stride is smaller than the original Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Disable PSR-SU on Parade 0803 TCON again Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Restore guard against default backlight value < 1 nit Jani Nikula <jani.nikula(a)intel.com> drm/edid: also call add modes in EDID connector update fallback Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix tear down order in amdgpu_vm_pt_free Boris Burkov <boris(a)bur.io> btrfs: don't clear qgroup reserved bit in release_folio Boris Burkov <boris(a)bur.io> btrfs: fix qgroup_free_reserved_data int overflow Boris Burkov <boris(a)bur.io> btrfs: free qgroup reserve when ORDERED_IOERR is set Ignat Korchagin <ignat(a)cloudflare.com> kexec: drop dependency on ARCH_SUPPORTS_KEXEC from CRASH_DUMP David Stevens <stevensd(a)chromium.org> mm/shmem: fix race in shmem_undo_range w/THP Yu Zhao <yuzhao(a)google.com> mm/mglru: reclaim offlined memcgs harder Yu Zhao <yuzhao(a)google.com> mm/mglru: respect min_ttl_ms with memcgs Yu Zhao <yuzhao(a)google.com> mm/mglru: try to stop at high watermarks Yu Zhao <yuzhao(a)google.com> mm/mglru: fix underprotected page cache Frank Li <Frank.Li(a)nxp.com> dmaengine: fsl-edma: fix DMA channel leak in eDMAv4 Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: avoid bitfield overflow assertion Stuart Lee <stuart.lee(a)mediatek.com> drm/mediatek: Fix access violation in mtk_drm_crtc_dma_dev_get Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: add begin/end_use ring callbacks Florent Revest <revest(a)chromium.org> team: Fix use-after-free when an option instance allocation fails James Houghton <jthoughton(a)google.com> arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify John Hubbard <jhubbard(a)nvidia.com> Revert "selftests: error out if kernel header files are not yet built" Baokun Li <libaokun1(a)huawei.com> ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix NULL pointer dereference for multi_link Dan Williams <dan.j.williams(a)intel.com> cxl/hdm: Fix dpa translation locking Josef Bacik <josef(a)toxicpanda.com> btrfs: do not allow non subvolume root targets for snapshot Mark Rutland <mark.rutland(a)arm.com> perf: Fix perf_event_validate_size() lockdep splat Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: add const to read-only outgoing usb buffer Masahiro Yamada <masahiroy(a)kernel.org> arm64: add dependency between vmlinuz.efi and Image Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct file type from NFS reparse points Paulo Alcantara <pc(a)manguebit.com> smb: client: introduce ->parse_reparse_point() Paulo Alcantara <pc(a)manguebit.com> smb: client: implement ->query_reparse_point() for SMB1 Lech Perczak <lech.perczak(a)gmail.com> net: usb: qmi_wwan: claim interface 4 for ZTE MF290 Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not allow NULL parent to eventfs_start_creating() Linus Torvalds <torvalds(a)linux-foundation.org> asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation Heiko Carstens <hca(a)linux.ibm.com> scripts/checkstack.pl: match all stack sizes for s390 Nguyen Dinh Phi <phind.uet(a)gmail.com> nfc: virtual_ncidev: Add variable to check if ndev is running Aoba K <nexp_0x17(a)outlook.com> HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad Denis Benato <benato.denis96(a)gmail.com> HID: hid-asus: reset the backlight brightness level on resume Li Nan <linan122(a)huawei.com> nbd: pass nbd_sock to nbd_read_reply() instead of index Oliver Neukum <oneukum(a)suse.com> HID: add ALWAYS_POLL quirk for Apple kb Brett Raye <braye(a)fastmail.com> HID: glorious: fix Glorious Model I HID report Yihong Cao <caoyihong4(a)outlook.com> HID: apple: add Jamesdonkey and A3R to non-apple keyboards list Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Allow IO to start during probe Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Set driver data before I2C adapter add Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86: intel_telemetry: Fix kernel doc descriptions Bibo Mao <maobibo(a)loongson.cn> LoongArch: Implement constant timer shutdown interface Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Mark {dmw,tlb}_virt_to_page() exports as non-GPL Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Silence the boot warning about 'nokaslr' WANG Rui <wangrui(a)loongson.cn> LoongArch: Record pc instead of offset in la_abs relocation Masahiro Yamada <masahiroy(a)kernel.org> LoongArch: Add dependency between vmlinuz.efi and vmlinux.efi Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: fix bpf_loop_bench for new callback verification scheme Hannes Reinecke <hare(a)suse.de> nvme: catch errors from nvme_configure_metadata() Mark O'Donovan <shiftee(a)posteo.net> nvme-auth: set explanation code for failure2 msgs Li Nan <linan122(a)huawei.com> nbd: fix null-ptr-dereference while accessing 'nbd->config' Li Nan <linan122(a)huawei.com> nbd: factor out a helper to get nbd_config without holding 'config_lock' Li Nan <linan122(a)huawei.com> nbd: fold nbd config initialization into nbd_alloc_config() Coly Li <colyli(a)suse.de> bcache: avoid NULL checking to c->root in run_cache_set() Coly Li <colyli(a)suse.de> bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() Colin Ian King <colin.i.king(a)gmail.com> bcache: remove redundant assignment to variable cur_idx Coly Li <colyli(a)suse.de> bcache: avoid oversize memory allocation by small stripe_size Ming Lei <ming.lei(a)redhat.com> blk-cgroup: bypass blkcg_deactivate_policy after destroying Ming Lei <ming.lei(a)redhat.com> blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" David Howells <dhowells(a)redhat.com> rxrpc: Fix some minor issues with bundle tracing Jean Delvare <jdelvare(a)suse.de> stmmac: dwmac-loongson: Add architecture dependency Oliver Neukum <oneukum(a)suse.com> usb: aqc111: check packet for fixup for true limit Saurabh Sengar <ssengar(a)linux.microsoft.com> x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM David Hildenbrand <david(a)redhat.com> selftests/mm: cow: print ksft header before printing anything else Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> drm/i915: Use internal class when counting engine resets Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> drm/i915/selftests: Fix engine reset count storage for multi-tile Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu/37xx: Fix interrupt_clear_with_0 WA initialization Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> accel/ivpu: Print information about used workarounds Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Add spinlock for setting vblank event in atomic_begin Michael Walle <mwalle(a)kernel.org> drm/mediatek: fix kernel oops if no crtc is found Johan Hovold <johan+linaro(a)kernel.org> PCI: vmd: Fix potential deadlock when enabling ASPM Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Johan Hovold <johan+linaro(a)kernel.org> PCI/ASPM: Add pci_enable_link_state_locked() Jiaxun Yang <jiaxun.yang(a)flygoat.com> PCI: loongson: Limit MRRS to 256 Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI: acpiphp: Reassign resources on bridge if necessary" Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: reset the amp before component_add Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: call cleanup functions only once Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: handle missing EFI calibration data Gergo Koteles <soyer(a)irl.hu> ALSA: hda/tas2781: leave hda_component in usable state Hartmut Knaack <knaack.h(a)gmx.de> ALSA: hda/realtek: Apply mute LED quirk for HP15-db Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB Al Viro <viro(a)zeniv.linux.org.uk> io_uring/cmd: fix breakage in SOCKET_URING_OP_SIOC* implementation Hangyu Hua <hbh25y(a)gmail.com> fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() Amir Goldstein <amir73il(a)gmail.com> fuse: disable FOPEN_PARALLEL_DIRECT_WRITES with FUSE_DIRECT_IO_ALLOW_MMAP Krister Johansen <kjlx(a)templeofstupid.com> fuse: share lookup state between submount and its parent Tyler Fanelli <tfanelli(a)redhat.com> fuse: Rename DIRECT_IO_RELAX to DIRECT_IO_ALLOW_MMAP Sebastian Parschauer <s.parschauer(a)gmx.de> HID: Add quirk for Labtec/ODDOR/aikeec handbrake Mario Limonciello <mario.limonciello(a)amd.com> HID: i2c-hid: Add IDEA5002 to i2c_hid_acpi_blacklist[] Jens Axboe <axboe(a)kernel.dk> cred: get rid of CONFIG_DEBUG_CREDENTIALS Jens Axboe <axboe(a)kernel.dk> cred: switch to using atomic_long_t Igor Russkikh <irusskikh(a)marvell.com> net: atlantic: fix double free in ring reinit logic Hyunwoo Kim <v4bel(a)theori.io> appletalk: Fix Use-After-Free in atalk_ioctl Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Handle disabled MDIO busses from devicetree Sneh Shah <quic_snehshah(a)quicinc.com> net: stmmac: dwmac-qcom-ethqos: Fix drops in 10M SGMII RX Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-switch: do not ask for MDB, VLAN and FDB replay Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-switch: fix size of the dma_unmap Nikolay Kuratov <kniv(a)yandex-team.ru> vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() Yusong Gao <a869920004(a)gmail.com> sign-file: Fix incorrect return values check Yanteng Si <siyanteng(a)loongson.cn> stmmac: dwmac-loongson: Make sure MDIO is initialized before use David Arinzon <darinzon(a)amazon.com> net: ena: Fix XDP redirection error David Arinzon <darinzon(a)amazon.com> net: ena: Fix DMA syncing in XDP path when SWIOTLB is on David Arinzon <darinzon(a)amazon.com> net: ena: Fix xdp drops handling due to multibuf packets David Arinzon <darinzon(a)amazon.com> net: ena: Destroy correct number of xdp queues upon failure Dong Chenchen <dongchenchen2(a)huawei.com> net: Remove acked SYN flag from packet in the transmit queue correctly Dinghao Liu <dinghao.liu(a)zju.edu.cn> qed: Fix a potential use-after-free in qed_cxt_tables_alloc Slawomir Laba <slawomirx.laba(a)intel.com> iavf: Fix iavf_shutdown to call iavf_remove instead iavf_close Piotr Gardocki <piotrx.gardocki(a)intel.com> iavf: Handle ntuple on/off based on new state machines for flow director Piotr Gardocki <piotrx.gardocki(a)intel.com> iavf: Introduce new state machines for flow director Hyunwoo Kim <v4bel(a)theori.io> net/rose: Fix Use-After-Free in rose_ioctl Hyunwoo Kim <v4bel(a)theori.io> atm: Fix Use-After-Free in do_vcc_ioctl Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix pause frame configuration Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Update RSS algorithm index Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: Fix promisc mcam entry action Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: explicitly test for firmware ready value Vlad Buslov <vladbu(a)nvidia.com> net/sched: act_ct: Take per-cb reference to tcf_ct_flow_table Zhipeng Lu <alexious(a)zju.edu.cn> octeontx2-af: fix a use-after-free in rvu_nix_register_reporters Radu Bulie <radu-andrei.bulie(a)nxp.com> net: fec: correct queue selection Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &tx_queue_lock Chengfeng Ye <dg573847474(a)gmail.com> atm: solos-pci: Fix potential deadlock on &cli_queue_lock Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix wrong return value check in bnxt_close_nic() Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> bnxt_en: Fix skb recycling logic in bnxt_deliver_skb() Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Clear resource reservation during resume Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix reset behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Fix ethtool -G iface tx behavior Stefan Wahren <wahrenst(a)gmx.net> qca_debug: Prevent crash on TX ring changes Maciej Żenczykowski <maze(a)google.com> net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx5: Fix a NULL vs IS_ERR() check Gavin Li <gavinl(a)nvidia.com> net/mlx5e: Check netdev pointer before checking its net ns Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Nack sync reset request when HotPlug is enabled Chris Mi <cmi(a)nvidia.com> net/mlx5e: TC, Don't offload post action rule if not supported Moshe Shemesh <moshe(a)nvidia.com> net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work Chris Mi <cmi(a)nvidia.com> net/mlx5e: Disable IPsec offload support if not FW steering Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Send events from IB driver about device affiliation state Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Check the number of elements before walk TC rhashtable Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Reduce eswitch mode_lock protection context Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Tidy up IPsec NAT-T SA discovery Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5e: Unify esw and normal IPsec status table creation/destruction Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Ensure that IPsec sequence packet number starts from 1 Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Honor user choice of IPsec replay window size Mikhail Khvainitski <me(a)khvoinitsky.org> HID: lenovo: Restrict detection of patched firmware only to USB cptkbd David Howells <dhowells(a)redhat.com> afs: Fix refcount underflow from error handling race Ard Biesheuvel <ardb(a)kernel.org> efi/x86: Avoid physical KASLR on older Dell systems Zizhi Wo <wozizhi(a)huawei.com> ksmbd: fix memory leak in smb2_lock() Jan Kara <jack(a)suse.cz> ext4: fix warning in ext4_dio_write_end_io() Kelly Kane <kelly(a)hawknetworks.com> r8152: add vendor/device ID pair for ASUS USB-C2500 ------------- Diffstat: Makefile | 4 +- arch/arm64/Makefile | 2 +- arch/arm64/include/asm/pgtable.h | 6 + arch/loongarch/Makefile | 2 + arch/loongarch/include/asm/asmmacro.h | 3 +- arch/loongarch/include/asm/setup.h | 2 +- arch/loongarch/kernel/relocate.c | 10 +- arch/loongarch/kernel/time.c | 27 +-- arch/loongarch/mm/pgtable.c | 4 +- arch/powerpc/configs/skiroot_defconfig | 1 - arch/riscv/Kconfig | 4 +- arch/riscv/kernel/crash_core.c | 4 +- arch/s390/configs/debug_defconfig | 1 - arch/x86/hyperv/hv_init.c | 25 ++- arch/x86/include/asm/alternative.h | 4 +- arch/x86/include/asm/nospec-branch.h | 4 +- block/blk-cgroup.c | 13 ++ block/blk-throttle.c | 2 + drivers/accel/ivpu/ivpu_drv.h | 5 + drivers/accel/ivpu/ivpu_hw_37xx.c | 17 +- drivers/accel/ivpu/ivpu_hw_40xx.c | 4 + drivers/atm/solos-pci.c | 8 +- drivers/block/nbd.c | 117 ++++++---- drivers/cxl/core/hdm.c | 3 +- drivers/cxl/core/port.c | 4 +- drivers/dma/fsl-edma-common.c | 1 + drivers/dma/stm32-dma.c | 8 +- drivers/firmware/efi/libstub/x86-stub.c | 31 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 3 +- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 28 +++ .../dc/link/protocols/link_edp_panel_control.c | 4 +- .../drm/amd/display/modules/power/power_helpers.c | 2 + drivers/gpu/drm/drm_edid.c | 3 +- drivers/gpu/drm/i915/display/intel_fb.c | 19 +- drivers/gpu/drm/i915/display/skl_scaler.c | 2 +- drivers/gpu/drm/i915/gt/intel_reset.c | 2 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 5 +- drivers/gpu/drm/i915/i915_gpu_error.h | 12 +- drivers/gpu/drm/i915/selftests/igt_live_test.c | 9 +- drivers/gpu/drm/i915/selftests/igt_live_test.h | 3 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 14 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 5 +- drivers/hid/hid-apple.c | 2 + drivers/hid/hid-asus.c | 27 ++- drivers/hid/hid-glorious.c | 16 +- drivers/hid/hid-ids.h | 12 +- drivers/hid/hid-lenovo.c | 3 +- drivers/hid/hid-mcp2221.c | 4 +- drivers/hid/hid-multitouch.c | 5 + drivers/hid/hid-quirks.c | 2 + drivers/hid/i2c-hid/i2c-hid-acpi.c | 5 + drivers/infiniband/hw/mlx5/main.c | 17 ++ drivers/md/bcache/bcache.h | 1 + drivers/md/bcache/btree.c | 7 + drivers/md/bcache/super.c | 4 +- drivers/md/bcache/writeback.c | 2 +- drivers/net/ethernet/amazon/ena/ena_eth_com.c | 3 - drivers/net/ethernet/amazon/ena/ena_netdev.c | 53 +++-- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 38 +++- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt_devlink.c | 11 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 19 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 5 +- .../ethernet/freescale/dpaa2/dpaa2-switch-flower.c | 7 +- .../net/ethernet/freescale/dpaa2/dpaa2-switch.c | 11 +- drivers/net/ethernet/freescale/fec_main.c | 27 +-- drivers/net/ethernet/intel/iavf/iavf.h | 1 + drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 27 ++- drivers/net/ethernet/intel/iavf/iavf_fdir.h | 15 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 179 ++++++++++----- drivers/net/ethernet/intel/iavf/iavf_virtchnl.c | 71 +++++- .../net/ethernet/marvell/octeon_ep/octep_main.c | 3 +- drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 11 +- .../ethernet/marvell/octeontx2/af/rvu_devlink.c | 5 +- .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 55 ++++- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 25 ++- drivers/net/ethernet/mellanox/mlx5/core/en.h | 1 + .../ethernet/mellanox/mlx5/core/en/tc/post_act.c | 6 + .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 56 +++-- .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 222 +++++++++++++----- .../mellanox/mlx5/core/en_accel/ipsec_offload.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 27 ++- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 25 ++- .../net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c | 154 +------------ .../net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.h | 15 -- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 35 +-- drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 2 + .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 56 +++-- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 29 +++ drivers/net/ethernet/mellanox/mlx5/core/main.c | 6 + drivers/net/ethernet/qlogic/qed/qed_cxt.c | 1 + drivers/net/ethernet/qualcomm/qca_debug.c | 17 +- drivers/net/ethernet/qualcomm/qca_spi.c | 20 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 14 +- .../ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 10 + drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 6 +- drivers/net/team/team.c | 4 +- drivers/net/usb/aqc111.c | 8 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/r8152.c | 1 + drivers/nfc/virtual_ncidev.c | 7 +- drivers/nvme/host/auth.c | 2 + drivers/nvme/host/core.c | 19 +- drivers/pci/controller/pci-loongson.c | 46 +++- drivers/pci/controller/vmd.c | 2 +- drivers/pci/hotplug/acpiphp_glue.c | 9 +- drivers/pci/pcie/aspm.c | 53 +++-- drivers/platform/x86/intel/telemetry/core.c | 4 +- drivers/soundwire/stream.c | 7 +- fs/afs/rxrpc.c | 2 +- fs/btrfs/delalloc-space.c | 2 +- fs/btrfs/extent_io.c | 3 +- fs/btrfs/file.c | 2 +- fs/btrfs/inode.c | 16 +- fs/btrfs/ioctl.c | 9 + fs/btrfs/ordered-data.c | 11 +- fs/btrfs/qgroup.c | 25 ++- fs/btrfs/qgroup.h | 4 +- fs/ext4/file.c | 14 +- fs/ext4/mballoc.c | 4 + fs/fuse/dax.c | 1 + fs/fuse/file.c | 8 +- fs/fuse/fuse_i.h | 19 +- fs/fuse/inode.c | 81 ++++++- fs/nfsd/auth.c | 4 - fs/nfsd/nfssvc.c | 1 - fs/nfsd/vfs.c | 9 +- fs/open.c | 3 - fs/smb/client/cached_dir.c | 17 +- fs/smb/client/cifsglob.h | 14 +- fs/smb/client/cifspdu.h | 4 +- fs/smb/client/cifsproto.h | 11 +- fs/smb/client/cifssmb.c | 191 +++++++--------- fs/smb/client/inode.c | 74 ++++-- fs/smb/client/readdir.c | 6 +- fs/smb/client/smb1ops.c | 73 ++---- fs/smb/client/smb2inode.c | 2 +- fs/smb/client/smb2misc.c | 26 +-- fs/smb/client/smb2ops.c | 176 ++++++++------- fs/smb/client/smb2pdu.c | 95 ++++---- fs/smb/client/smb2proto.h | 12 +- fs/smb/common/smb2pdu.h | 2 +- fs/smb/server/smb2pdu.c | 1 + fs/tracefs/inode.c | 13 +- include/asm-generic/qspinlock.h | 2 +- include/linux/cred.h | 58 +---- include/linux/mlx5/device.h | 2 + include/linux/mlx5/driver.h | 2 + include/linux/mlx5/mlx5_ifc.h | 9 +- include/linux/mm_inline.h | 23 +- include/linux/mmzone.h | 34 +-- include/linux/objtool.h | 10 +- include/linux/pci.h | 3 + include/linux/usb/r8152.h | 1 + include/net/addrconf.h | 12 +- include/net/if_inet6.h | 4 - include/net/netfilter/nf_flow_table.h | 10 + include/uapi/linux/fuse.h | 10 +- io_uring/uring_cmd.c | 2 +- kernel/Kconfig.kexec | 1 - kernel/cred.c | 248 +++------------------ kernel/events/core.c | 10 + kernel/exit.c | 3 - kernel/trace/ring_buffer.c | 58 ++--- kernel/trace/trace.c | 4 +- lib/Kconfig.debug | 15 -- mm/shmem.c | 19 +- mm/vmscan.c | 92 +++++--- mm/workingset.c | 6 +- net/appletalk/ddp.c | 9 +- net/atm/ioctl.c | 7 +- net/ipv4/tcp_output.c | 6 + net/ipv6/addrconf.c | 6 +- net/rose/af_rose.c | 4 +- net/rxrpc/conn_client.c | 7 +- net/sched/act_ct.c | 34 ++- net/sunrpc/auth.c | 3 - net/vmw_vsock/virtio_transport_common.c | 2 +- scripts/checkstack.pl | 3 +- scripts/sign-file.c | 12 +- security/selinux/hooks.c | 6 - sound/pci/hda/patch_hdmi.c | 3 + sound/pci/hda/patch_realtek.c | 1 + sound/pci/hda/tas2781_hda_i2c.c | 21 +- tools/objtool/noreturns.h | 1 - tools/testing/selftests/Makefile | 21 +- tools/testing/selftests/bpf/config.x86_64 | 1 - tools/testing/selftests/bpf/progs/bpf_loop_bench.c | 13 +- tools/testing/selftests/hid/config.common | 1 - tools/testing/selftests/lib.mk | 40 +--- tools/testing/selftests/mm/cow.c | 3 +- 194 files changed, 2164 insertions(+), 1607 deletions(-)

8 months

13
179
0 0

[merged mm-hotfixes-stable] mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memcontrol: respect zswap.writeback setting from parent cg too has been removed from the -mm tree. Its filename was mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Mike Yuan <me(a)yhndnzj.com> Subject: mm/memcontrol: respect zswap.writeback setting from parent cg too Date: Fri, 23 Aug 2024 16:27:06 +0000 Currently, the behavior of zswap.writeback wrt. the cgroup hierarchy seems a bit odd. Unlike zswap.max, it doesn't honor the value from parent cgroups. This surfaced when people tried to globally disable zswap writeback, i.e. reserve physical swap space only for hibernation [1] - disabling zswap.writeback only for the root cgroup results in subcgroups with zswap.writeback=1 still performing writeback. The inconsistency became more noticeable after I introduced the MemoryZSwapWriteback= systemd unit setting [2] for controlling the knob. The patch assumed that the kernel would enforce the value of parent cgroups. It could probably be workarounded from systemd's side, by going up the slice unit tree and inheriting the value. Yet I think it's more sensible to make it behave consistently with zswap.max and friends. [1] https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Dis… [2] https://github.com/systemd/systemd/pull/31734 Link: https://lkml.kernel.org/r/20240823162506.12117-1-me@yhndnzj.com Fixes: 501a06fe8e4c ("zswap: memcontrol: implement zswap writeback disabling") Signed-off-by: Mike Yuan <me(a)yhndnzj.com> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Michal Koutn�� <mkoutny(a)suse.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/cgroup-v2.rst | 7 ++++--- mm/memcontrol.c | 12 +++++++++--- 2 files changed, 13 insertions(+), 6 deletions(-) --- a/Documentation/admin-guide/cgroup-v2.rst~mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too +++ a/Documentation/admin-guide/cgroup-v2.rst @@ -1717,9 +1717,10 @@ The following nested keys are defined. entries fault back in or are written out to disk. memory.zswap.writeback - A read-write single value file. The default value is "1". The - initial value of the root cgroup is 1, and when a new cgroup is - created, it inherits the current value of its parent. + A read-write single value file. The default value is "1". + Note that this setting is hierarchical, i.e. the writeback would be + implicitly disabled for child cgroups if the upper hierarchy + does so. When this is set to 0, all swapping attempts to swapping devices are disabled. This included both zswap writebacks, and swapping due --- a/mm/memcontrol.c~mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too +++ a/mm/memcontrol.c @@ -3613,8 +3613,7 @@ mem_cgroup_css_alloc(struct cgroup_subsy memcg1_soft_limit_reset(memcg); #ifdef CONFIG_ZSWAP memcg->zswap_max = PAGE_COUNTER_MAX; - WRITE_ONCE(memcg->zswap_writeback, - !parent || READ_ONCE(parent->zswap_writeback)); + WRITE_ONCE(memcg->zswap_writeback, true); #endif page_counter_set_high(&memcg->swap, PAGE_COUNTER_MAX); if (parent) { @@ -5320,7 +5319,14 @@ void obj_cgroup_uncharge_zswap(struct ob bool mem_cgroup_zswap_writeback_enabled(struct mem_cgroup *memcg) { /* if zswap is disabled, do not block pages going to the swapping device */ - return !zswap_is_enabled() || !memcg || READ_ONCE(memcg->zswap_writeback); + if (!zswap_is_enabled()) + return true; + + for (; memcg; memcg = parent_mem_cgroup(memcg)) + if (!READ_ONCE(memcg->zswap_writeback)) + return false; + + return true; } static u64 zswap_current_read(struct cgroup_subsys_state *css, _ Patches currently in -mm which might be from me(a)yhndnzj.com are documentation-cgroup-v2-clarify-that-zswapwriteback-is-ignored-if-zswap-is-disabled.patch selftests-test_zswap-add-test-for-hierarchical-zswapwriteback.patch

8 months

2
3
0 0

[PATCH] x86/topology: Tolerate lack of APIC when booting as Xen domU

by Ariadne Conill

Xen domU instances do not boot on x86 with ACPI enabled, so the entire ACPI subsystem is ultimately disabled. This causes acpi_mps_check() to trigger a warning that the ACPI MPS table is not present, which then disables APIC support on domU, breaking the CPU topology detection for all vCPUs other than the boot vCPU. Fixes: 7c0edad3643f ("x86/cpu/topology: Rework possible CPU management") Signed-off-by: Ariadne Conill <ariadne(a)ariadne.space> Cc: x86(a)kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- arch/x86/kernel/cpu/topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/topology.c b/arch/x86/kernel/cpu/topology.c index 621a151ccf7d..38fa5ed816d6 100644 --- a/arch/x86/kernel/cpu/topology.c +++ b/arch/x86/kernel/cpu/topology.c @@ -429,7 +429,7 @@ void __init topology_apply_cmdline_limits_early(void) unsigned int possible = nr_cpu_ids; /* 'maxcpus=0' 'nosmp' 'nolapic' 'disableapic' 'noapic' */ - if (!setup_max_cpus || ioapic_is_disabled || apic_is_disabled) + if (!setup_max_cpus || ioapic_is_disabled || (apic_is_disabled && !xen_pv_domain())) possible = 1; /* 'possible_cpus=N' */ -- 2.39.2

8 months

1
0
0 0

[PATCH AUTOSEL 4.19 1/6] ASoC: allow module autoloading for table db1200_pids

by Sasha Levin

From: Hongbo Li <lihongbo22(a)huawei.com> [ Upstream commit 0e9fdab1e8df490354562187cdbb8dec643eae2c ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from platform_device_id table. Signed-off-by: Hongbo Li <lihongbo22(a)huawei.com> Link: https://patch.msgid.link/20240821061955.2273782-2-lihongbo22@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/au1x/db1200.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/au1x/db1200.c b/sound/soc/au1x/db1200.c index 301e1fc9a3773..24d16e6bf7501 100644 --- a/sound/soc/au1x/db1200.c +++ b/sound/soc/au1x/db1200.c @@ -43,6 +43,7 @@ static const struct platform_device_id db1200_pids[] = { }, {}, }; +MODULE_DEVICE_TABLE(platform, db1200_pids); /*------------------------- AC97 PART ---------------------------*/ -- 2.43.0

8 months

1
5
0 0

[PATCH AUTOSEL 5.4 1/8] ASoC: allow module autoloading for table db1200_pids

by Sasha Levin

From: Hongbo Li <lihongbo22(a)huawei.com> [ Upstream commit 0e9fdab1e8df490354562187cdbb8dec643eae2c ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from platform_device_id table. Signed-off-by: Hongbo Li <lihongbo22(a)huawei.com> Link: https://patch.msgid.link/20240821061955.2273782-2-lihongbo22@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/au1x/db1200.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/au1x/db1200.c b/sound/soc/au1x/db1200.c index d6b692fff29a2..cdde5ba2ec351 100644 --- a/sound/soc/au1x/db1200.c +++ b/sound/soc/au1x/db1200.c @@ -44,6 +44,7 @@ static const struct platform_device_id db1200_pids[] = { }, {}, }; +MODULE_DEVICE_TABLE(platform, db1200_pids); /*------------------------- AC97 PART ---------------------------*/ -- 2.43.0

8 months

1
7
0 0

[PATCH AUTOSEL 5.10 1/8] ASoC: allow module autoloading for table db1200_pids

by Sasha Levin

From: Hongbo Li <lihongbo22(a)huawei.com> [ Upstream commit 0e9fdab1e8df490354562187cdbb8dec643eae2c ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from platform_device_id table. Signed-off-by: Hongbo Li <lihongbo22(a)huawei.com> Link: https://patch.msgid.link/20240821061955.2273782-2-lihongbo22@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/au1x/db1200.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/au1x/db1200.c b/sound/soc/au1x/db1200.c index 5f8baad37a401..48243164b7ac8 100644 --- a/sound/soc/au1x/db1200.c +++ b/sound/soc/au1x/db1200.c @@ -44,6 +44,7 @@ static const struct platform_device_id db1200_pids[] = { }, {}, }; +MODULE_DEVICE_TABLE(platform, db1200_pids); /*------------------------- AC97 PART ---------------------------*/ -- 2.43.0

8 months

1
7
0 0

[PATCH AUTOSEL 5.15 01/12] ASoC: allow module autoloading for table db1200_pids

by Sasha Levin

From: Hongbo Li <lihongbo22(a)huawei.com> [ Upstream commit 0e9fdab1e8df490354562187cdbb8dec643eae2c ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from platform_device_id table. Signed-off-by: Hongbo Li <lihongbo22(a)huawei.com> Link: https://patch.msgid.link/20240821061955.2273782-2-lihongbo22@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/au1x/db1200.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/au1x/db1200.c b/sound/soc/au1x/db1200.c index 5f8baad37a401..48243164b7ac8 100644 --- a/sound/soc/au1x/db1200.c +++ b/sound/soc/au1x/db1200.c @@ -44,6 +44,7 @@ static const struct platform_device_id db1200_pids[] = { }, {}, }; +MODULE_DEVICE_TABLE(platform, db1200_pids); /*------------------------- AC97 PART ---------------------------*/ -- 2.43.0

8 months

1
11
0 0

[PATCH AUTOSEL 6.1 01/17] ASoC: SOF: mediatek: Add missing board compatible

by Sasha Levin

From: Albert Jakieła <jakiela(a)google.com> [ Upstream commit c0196faaa927321a63e680427e075734ee656e42 ] Add Google Dojo compatible. Signed-off-by: Albert Jakieła <jakiela(a)google.com> Reviewed-by: Chen-Yu Tsai <wenst(a)chromium.org> Link: https://patch.msgid.link/20240809135627.544429-1-jakiela@google.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/sof/mediatek/mt8195/mt8195.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/soc/sof/mediatek/mt8195/mt8195.c b/sound/soc/sof/mediatek/mt8195/mt8195.c index 53cadbe8a05cc..ac96ea07e591b 100644 --- a/sound/soc/sof/mediatek/mt8195/mt8195.c +++ b/sound/soc/sof/mediatek/mt8195/mt8195.c @@ -663,6 +663,9 @@ static struct snd_sof_of_mach sof_mt8195_machs[] = { { .compatible = "google,tomato", .sof_tplg_filename = "sof-mt8195-mt6359-rt1019-rt5682.tplg" + }, { + .compatible = "google,dojo", + .sof_tplg_filename = "sof-mt8195-mt6359-max98390-rt5682.tplg" }, { .compatible = "mediatek,mt8195", .sof_tplg_filename = "sof-mt8195.tplg" -- 2.43.0

8 months

1
16
0 0

[PATCH AUTOSEL 6.6 01/20] ASoC: SOF: mediatek: Add missing board compatible

by Sasha Levin

From: Albert Jakieła <jakiela(a)google.com> [ Upstream commit c0196faaa927321a63e680427e075734ee656e42 ] Add Google Dojo compatible. Signed-off-by: Albert Jakieła <jakiela(a)google.com> Reviewed-by: Chen-Yu Tsai <wenst(a)chromium.org> Link: https://patch.msgid.link/20240809135627.544429-1-jakiela@google.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/sof/mediatek/mt8195/mt8195.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/soc/sof/mediatek/mt8195/mt8195.c b/sound/soc/sof/mediatek/mt8195/mt8195.c index b5b4ea854da4b..94db51d88dda0 100644 --- a/sound/soc/sof/mediatek/mt8195/mt8195.c +++ b/sound/soc/sof/mediatek/mt8195/mt8195.c @@ -625,6 +625,9 @@ static struct snd_sof_of_mach sof_mt8195_machs[] = { { .compatible = "google,tomato", .sof_tplg_filename = "sof-mt8195-mt6359-rt1019-rt5682.tplg" + }, { + .compatible = "google,dojo", + .sof_tplg_filename = "sof-mt8195-mt6359-max98390-rt5682.tplg" }, { .compatible = "mediatek,mt8195", .sof_tplg_filename = "sof-mt8195.tplg" -- 2.43.0

8 months

1
19
0 0

[PATCH AUTOSEL 6.10 01/22] ASoC: SOF: mediatek: Add missing board compatible

by Sasha Levin

From: Albert Jakieła <jakiela(a)google.com> [ Upstream commit c0196faaa927321a63e680427e075734ee656e42 ] Add Google Dojo compatible. Signed-off-by: Albert Jakieła <jakiela(a)google.com> Reviewed-by: Chen-Yu Tsai <wenst(a)chromium.org> Link: https://patch.msgid.link/20240809135627.544429-1-jakiela@google.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/sof/mediatek/mt8195/mt8195.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/soc/sof/mediatek/mt8195/mt8195.c b/sound/soc/sof/mediatek/mt8195/mt8195.c index 8d3fc167cd810..b9d4508bbb85d 100644 --- a/sound/soc/sof/mediatek/mt8195/mt8195.c +++ b/sound/soc/sof/mediatek/mt8195/mt8195.c @@ -574,6 +574,9 @@ static struct snd_sof_of_mach sof_mt8195_machs[] = { { .compatible = "google,tomato", .sof_tplg_filename = "sof-mt8195-mt6359-rt1019-rt5682.tplg" + }, { + .compatible = "google,dojo", + .sof_tplg_filename = "sof-mt8195-mt6359-max98390-rt5682.tplg" }, { .compatible = "mediatek,mt8195", .sof_tplg_filename = "sof-mt8195.tplg" -- 2.43.0

8 months

1
21
0 0

[PATCH 6.10 000/149] 6.10.8-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.8 release. There are 149 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 03 Sep 2024 16:07:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.8-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.8-rc1 NeilBrown <neilb(a)suse.de> nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease Guenter Roeck <linux(a)roeck-us.net> apparmor: fix policy_unpack_test on big endian systems Ben Hutchings <benh(a)debian.org> scsi: aacraid: Fix double-free on probe failure Steve Wilkins <steve.wilkins(a)raymarine.com> firmware: microchip: fix incorrect error report of programming:timeout on success Markus Niebel <Markus.Niebel(a)ew.tq-group.com> arm64: dts: freescale: imx93-tqma9352-mba93xxla: fix typo Markus Niebel <Markus.Niebel(a)ew.tq-group.com> arm64: dts: freescale: imx93-tqma9352: fix CMA alloc-ranges Shenwei Wang <shenwei.wang(a)nxp.com> arm64: dts: imx93: update default value for snps,clk-csr Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp-beacon-kit: Fix Stereo Audio on WM8962 Sicelo A. Mhlongo <absicsz(a)gmail.com> ARM: dts: omap3-n900: correct the accelerometer orientation Varadarajan Narayanan <quic_varada(a)quicinc.com> arm64: dts: qcom: ipq5332: Fix interrupt trigger type for usb Bjorn Andersson <quic_bjorande(a)quicinc.com> usb: typec: ucsi: Move unregister out of atomic section Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fix for Link TRB with TC Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function Zijun Hu <quic_zijuhu(a)quicinc.com> usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: add missing depopulate in probe error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: fix probed platform device ref count on probe error path Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Prevent USB core invalid event buffer address access Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: omap: add missing depopulate in probe error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: xilinx: add missing depopulate in probe error path Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc3: ep0: Don't reset resource alloc flag (including ep0) Michal Vokáč <michal.vokac(a)ysoft.com> ARM: dts: imx6dl-yapp43: Increase LED current to match the yapp4 HW design Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100: fix PCIe domain numbers Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100: add missing PCIe minimum OPP Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-qcp: fix PCIe4 PHY supply Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: fix PCIe4 PHY supply Xu Yang <xu.yang_2(a)nxp.com> usb: gadget: uvc: queue pump work in uvcg_video_enable() ZHANG Yuntian <yt(a)radxa.com> USB: serial: option: add MeiG Smart SRM825L Alexander Stein <alexander.stein(a)ew.tq-group.com> dt-bindings: usb: microchip,usb2514: Fix reference USB device schema Yihang Li <liyihang9(a)huawei.com> scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress Murali Nalajala <quic_mnalajal(a)quicinc.com> firmware: qcom: scm: Mark get_wq_ctx() as atomic call Luca Weiss <luca.weiss(a)fairphone.com> usb: typec: fsa4480: Relax CHIP_ID check Ian Ray <ian.ray(a)gehealthcare.com> cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Bjorn Andersson <quic_bjorande(a)quicinc.com> soc: qcom: pmic_glink: Fix race during initialization Bjorn Andersson <quic_bjorande(a)quicinc.com> soc: qcom: pmic_glink: Actually communicate when remote goes down Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> soc: qcom: cmd-db: Map shared memory as WC, not WB Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: return correct iovec count from classic buffer peek Karthik Poosa <karthik.poosa(a)intel.com> drm/xe/hwmon: Fix WRITE_I1 param from u32 to u16 Aleksandr Mishin <amishin(a)t-argos.ru> nfc: pn533: Add poll mod list filling check Eric Dumazet <edumazet(a)google.com> net: busy-poll: use ktime_get_ns() instead of local_clock() Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: avoid using null object of framebuffer Ondrej Mosnacek <omosnace(a)redhat.com> sctp: fix association labeling in the duplicate COOKIE-ECHO case Xueming Feng <kuro(a)kuroa.me> tcp: fix forever orphan socket caused by tcp_abort Cong Wang <cong.wang(a)bytedance.com> gtp: fix a potential NULL pointer dereference Jianbo Liu <jianbol(a)nvidia.com> bonding: change ipsec_lock from spin lock to mutex Jianbo Liu <jianbol(a)nvidia.com> bonding: extract the use of real_device into local variable Jianbo Liu <jianbol(a)nvidia.com> bonding: implement xdo_dev_state_free and call it after deletion Petr Machata <petrm(a)nvidia.com> selftests: forwarding: local_termination: Down ports on cleanup Petr Machata <petrm(a)nvidia.com> selftests: forwarding: no_forwarding: Down ports on cleanup Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation Eric Dumazet <edumazet(a)google.com> net_sched: sch_fq: fix incorrect behavior for small weights Cosmo Chou <chou.cosmo(a)gmail.com> hwmon: (pt5161l) Fix invalid temperature reading Jamie Bainbridge <jamie.bainbridge(a)gmail.com> ethtool: check device is present when getting link settings Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: allow 6 GHz channels in MLO scan Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: fix wgds rev 3 exact size Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: take the mutex before running link selection Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restore IP sanity checks for netdev/egress Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Do not return 0 from map_pages if it doesn't do anything Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not handling hibernation actions Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix random crash seen while removing driver Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Handle FW Download Abort scenario Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate-ut: Don't check for highest perf matching on prefcore Eric Dumazet <edumazet(a)google.com> pktgen: use cpus_read_lock() in pg_net_init() Kees Cook <kees(a)kernel.org> dmaengine: ti: omap-dma: Initialize sglen after allocation Serge Semin <fancer.lancer(a)gmail.com> dmaengine: dw: Add memory bus width verification Serge Semin <fancer.lancer(a)gmail.com> dmaengine: dw: Add peripheral bus width verification Piyush Mehta <piyush.mehta(a)amd.com> phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume Abel Vesa <abel.vesa(a)linaro.org> phy: qcom: qmp-pcie: Fix X1E80100 PCIe Gen4 PHY initialisation Mrinmay Sarkar <quic_msarkar(a)quicinc.com> dmaengine: dw-edma: Do not enable watermark interrupts for HDMA Mrinmay Sarkar <quic_msarkar(a)quicinc.com> dmaengine: dw-edma: Fix unmasking STOP and ABORT interrupts for HDMA Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix programming slave ports for non-continous port maps Xu Yang <xu.yang_2(a)nxp.com> phy: fsl-imx8mq-usb: fix tuning parameter name Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Do not allow creating areas without READ or WRITE Gautham R. Shenoy <gautham.shenoy(a)amd.com> cpufreq/amd-pstate: Use topology_logical_package_id() instead of logical_die_id() Scott Mayhew <smayhew(a)redhat.com> selinux,smack: don't bypass permissions check in inode_setsecctx hook Jeff Layton <jlayton(a)kernel.org> fs/nfsd: fix update of inode attrs in CB_GETATTR Jeff Layton <jlayton(a)kernel.org> nfsd: fix potential UAF in nfsd4_cb_getattr_release Jeff Layton <jlayton(a)kernel.org> nfsd: hold reference to delegation when updating it for cb_getattr David Howells <dhowells(a)redhat.com> cifs: Fix FALLOC_FL_PUNCH_HOLE support Stefan Metzmacher <metze(a)samba.org> smb/client: remove unused rq_iter_size from struct smb_rqst David Howells <dhowells(a)redhat.com> netfs: Fix interaction of streaming writes with zero-point tracker David Howells <dhowells(a)redhat.com> netfs: Fix missing iterator reset on retry of short read David Howells <dhowells(a)redhat.com> netfs: Fix trimming of streaming-write folios in netfs_inval_folio() David Howells <dhowells(a)redhat.com> netfs: Fix netfs_release_folio() to say no if folio dirty David Howells <dhowells(a)redhat.com> afs: Fix post-setattr file edit to do truncation correctly David Howells <dhowells(a)redhat.com> mm: Fix missing folio invalidation calls during truncation Olga Kornievskaia <okorniev(a)redhat.com> nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open Hal Feng <hal.feng(a)starfivetech.com> pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register Konrad Dybcio <quic_kdybcio(a)quicinc.com> pinctrl: qcom: x1e80100: Fix special pin offsets Nícolas F. R. A. Prado <nfraprado(a)collabora.com> pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE Ed Tsai <ed.tsai(a)mediatek.com> backing-file: convert to using fops->splice_write Jeff Layton <jlayton(a)kernel.org> nfsd: ensure that nfsd4_fattr_args.context is zeroed out Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs-amp-lib: Ignore empty UEFI calibration entries Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs-amp-lib-test: Force test calibration blob entries to be valid Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Don't use the device index as a calibration index Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: Fix for acp init sequence Yuntao Liu <liuyuntao12(a)huawei.com> ASoC: amd: acp: fix module autoloading Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: Fix for incorrect acp error register offsets Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: move iram-dram fence register programming sequence Konrad Dybcio <konrad.dybcio(a)linaro.org> pinctrl: qcom: x1e80100: Update PDC hwirq map Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix eGPU hotplug regression Victor Lu <victorchengchi.lu(a)amd.com> drm/amdgpu: Do not wait for MP0_C2PMSG_33 IFWI init in SRIOV Matthew Auld <matthew.auld(a)intel.com> drm/xe: prevent UAF around preempt fence Francois Dugast <francois.dugast(a)intel.com> drm/xe/exec_queue: Rename xe_exec_queue::compute to xe_exec_queue::lr Thorsten Blum <thorsten.blum(a)toblux.com> drm/xe/vm: Simplify if condition Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/xe/display: Make display suspend/resume work on discrete Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Prepare display for D3Cold Alex Deucher <alexander.deucher(a)amd.com> video/aperture: optionally match the device in sysfb_disable() Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Disable coherent dumb buffers without 3d Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix prime with external buffers Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Prevent unmapping active read buffers Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swsmu: always force a state reprogram on init Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: align pp_power_profile_mode with kernel docs Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Fix MST state after a sink reset Hans de Goede <hdegoede(a)redhat.com> drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/v3d: Disable preemption while updating GPU stats Max Filippov <jcmvbkbc(a)gmail.com> binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-re-adding ID 0 endp Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: no extra msg if no counter Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check removing ID 0 endpoint Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: cannot rm sf if closed Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: ADD_ADDR 0 is not a new address Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid duplicated SUB_CLOSED events Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fix ID 0 endp usage after multiple re-creations Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not remove already closed subflows Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fix RM_ADDR ID for the initial subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: send ACK on an active subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: reset MPC endp ID when re-added Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: skip connecting to already established sf Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: reuse ID 0 after delete and re-add Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pr_debug: add missing \n at the end Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sched: check both backup in retrans Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: close subflow when receiving TCP+FIN Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: duplicate static structs used in driver instances Alexander Sverdlin <alexander.sverdlin(a)siemens.com> wifi: wfx: repair open network AP mode David Howells <dhowells(a)redhat.com> netfs, ceph: Partially revert "netfs: Replace PG_fscache by setting folio->private and marking dirty" Ma Ke <make24(a)iscas.ac.cn> pinctrl: single: fix potential NULL dereference in pcs_get_function() Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Stefan Metzmacher <metze(a)samba.org> smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() Josef Bacik <josef(a)toxicpanda.com> btrfs: run delayed iputs when flushing delalloc Qu Wenruo <wqu(a)suse.com> btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() Stefan Berger <stefanb(a)linux.ibm.com> tpm: ibmvtpm: Call tpm2_sessions_init() to initialize session support Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Add ifdefs to fix LSX and LASX related warnings Miao Wang <shankerwangmiao(a)gmail.com> LoongArch: Remove the unused dma-direct.h Hendrik Borghorst <hendrikborghorst(a)gmail.com> ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED John Sweeney <john.sweeney(a)runbox.com> ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Skip event type filtering for UMP events Gao Xiang <xiang(a)kernel.org> erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu/mes: fix mes ring buffer overflow ------------- Diffstat: .../devicetree/bindings/usb/microchip,usb2514.yaml | 9 +- Makefile | 4 +- .../arm/boot/dts/nxp/imx/imx6dl-yapp43-common.dtsi | 12 +- arch/arm/boot/dts/ti/omap/omap3-n900.dts | 2 +- .../arm64/boot/dts/freescale/imx8mp-beacon-kit.dts | 12 +- .../dts/freescale/imx93-tqma9352-mba93xxla.dts | 2 +- arch/arm64/boot/dts/freescale/imx93-tqma9352.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +- arch/arm64/boot/dts/qcom/ipq5332.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 2 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 6 +- arch/loongarch/include/asm/dma-direct.h | 11 -- arch/loongarch/kernel/fpu.S | 4 + arch/loongarch/kvm/switch.S | 4 + drivers/bluetooth/btnxpuart.c | 65 +++++++-- drivers/char/tpm/tpm_ibmvtpm.c | 4 + drivers/cpufreq/amd-pstate-ut.c | 13 +- drivers/cpufreq/amd-pstate.c | 2 +- drivers/dma/dw-edma/dw-hdma-v0-core.c | 26 ++-- drivers/dma/dw/core.c | 89 +++++++++++- drivers/dma/ti/omap-dma.c | 6 +- drivers/firmware/microchip/mpfs-auto-update.c | 2 +- drivers/firmware/qcom/qcom_scm-smc.c | 2 +- drivers/firmware/sysfb.c | 19 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 26 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 2 + drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 18 ++- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 9 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 21 +-- drivers/gpu/drm/i915/display/intel_dp.c | 12 ++ drivers/gpu/drm/i915/display/intel_dp_mst.c | 40 ++++++ drivers/gpu/drm/i915/display/intel_dp_mst.h | 1 + drivers/gpu/drm/i915/display/vlv_dsi.c | 1 - drivers/gpu/drm/v3d/v3d_sched.c | 6 + drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 114 ++++++++++++++- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 13 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 3 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 12 +- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 6 +- drivers/gpu/drm/xe/display/xe_display.c | 33 ++++- drivers/gpu/drm/xe/display/xe_display.h | 8 +- drivers/gpu/drm/xe/xe_exec_queue.c | 5 +- drivers/gpu/drm/xe/xe_exec_queue_types.h | 14 +- drivers/gpu/drm/xe/xe_hwmon.c | 2 +- drivers/gpu/drm/xe/xe_pm.c | 20 ++- drivers/gpu/drm/xe/xe_preempt_fence.c | 3 +- drivers/gpu/drm/xe/xe_preempt_fence_types.h | 2 + drivers/gpu/drm/xe/xe_vm.c | 60 ++++---- drivers/hwmon/pt5161l.c | 4 +- drivers/iommu/io-pgtable-arm-v7s.c | 3 +- drivers/iommu/io-pgtable-arm.c | 3 +- drivers/iommu/io-pgtable-dart.c | 3 +- drivers/iommu/iommufd/ioas.c | 8 ++ drivers/net/bonding/bond_main.c | 159 ++++++++++++++------- drivers/net/ethernet/microsoft/mana/hw_channel.c | 68 +++++---- drivers/net/gtp.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 11 ++ drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 ++++- drivers/net/wireless/silabs/wfx/sta.c | 5 +- drivers/nfc/pn533/pn533.c | 5 + drivers/of/platform.c | 2 +- drivers/phy/freescale/phy-fsl-imx8mq-usb.c | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-pcie.c | 23 ++- drivers/phy/xilinx/phy-zynqmp.c | 56 ++++++++ drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 55 +++---- drivers/pinctrl/pinctrl-rockchip.c | 2 +- drivers/pinctrl/pinctrl-single.c | 2 + drivers/pinctrl/qcom/pinctrl-x1e80100.c | 35 ++--- drivers/pinctrl/starfive/pinctrl-starfive-jh7110.c | 4 +- drivers/power/supply/qcom_battmgr.c | 16 ++- drivers/scsi/aacraid/comminit.c | 2 + drivers/scsi/sd.c | 12 +- drivers/soc/qcom/cmd-db.c | 2 +- drivers/soc/qcom/pmic_glink.c | 40 ++++-- drivers/soc/qcom/pmic_glink_altmode.c | 17 ++- drivers/soundwire/stream.c | 8 +- drivers/usb/cdns3/cdnsp-gadget.h | 3 + drivers/usb/cdns3/cdnsp-ring.c | 30 +++- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/sysfs.c | 1 + drivers/usb/dwc3/core.c | 8 ++ drivers/usb/dwc3/dwc3-omap.c | 4 +- drivers/usb/dwc3/dwc3-st.c | 16 +-- drivers/usb/dwc3/dwc3-xilinx.c | 7 +- drivers/usb/dwc3/ep0.c | 3 +- drivers/usb/gadget/function/uvc_video.c | 1 + drivers/usb/serial/option.c | 5 + drivers/usb/typec/mux/fsa4480.c | 2 +- drivers/usb/typec/ucsi/ucsi_glink.c | 43 ++++-- drivers/video/aperture.c | 11 +- fs/afs/inode.c | 11 +- fs/attr.c | 14 +- fs/backing-file.c | 5 +- fs/binfmt_elf_fdpic.c | 3 + fs/btrfs/bio.c | 26 ++-- fs/btrfs/qgroup.c | 2 + fs/ceph/inode.c | 1 + fs/erofs/zutil.c | 3 +- fs/netfs/io.c | 1 + fs/netfs/misc.c | 60 ++++++-- fs/netfs/write_collect.c | 7 + fs/nfsd/nfs4state.c | 62 +++++--- fs/nfsd/nfs4xdr.c | 6 +- fs/nfsd/state.h | 2 +- fs/smb/client/cifsglob.h | 1 - fs/smb/client/cifssmb.c | 1 - fs/smb/client/smb2ops.c | 24 +++- fs/smb/client/smb2pdu.c | 4 +- include/linux/fs.h | 1 + include/linux/soc/qcom/pmic_glink.h | 11 +- include/linux/sysfb.h | 4 +- include/net/bonding.h | 2 +- include/net/busy_poll.h | 2 +- include/net/netfilter/nf_tables_ipv4.h | 10 +- include/net/netfilter/nf_tables_ipv6.h | 5 +- io_uring/kbuf.c | 2 +- mm/truncate.c | 4 +- net/bluetooth/hci_core.c | 10 +- net/core/net-sysfs.c | 2 +- net/core/pktgen.c | 4 +- net/ethtool/ioctl.c | 3 + net/ipv4/tcp.c | 18 ++- net/mptcp/fastopen.c | 4 +- net/mptcp/options.c | 50 +++---- net/mptcp/pm.c | 32 +++-- net/mptcp/pm_netlink.c | 107 +++++++++----- net/mptcp/protocol.c | 65 +++++---- net/mptcp/protocol.h | 9 +- net/mptcp/sched.c | 4 +- net/mptcp/sockopt.c | 4 +- net/mptcp/subflow.c | 56 ++++---- net/sched/sch_fq.c | 4 +- net/sctp/sm_statefuns.c | 22 ++- security/apparmor/policy_unpack_test.c | 6 +- security/selinux/hooks.c | 4 +- security/smack/smack_lsm.c | 4 +- sound/core/seq/seq_clientmgr.c | 3 + sound/pci/hda/cs35l56_hda.c | 2 +- sound/pci/hda/patch_realtek.c | 2 + sound/soc/amd/acp/acp-legacy-mach.c | 2 + sound/soc/codecs/cs-amp-lib-test.c | 9 ++ sound/soc/codecs/cs-amp-lib.c | 7 +- sound/soc/sof/amd/acp-dsp-offset.h | 6 +- sound/soc/sof/amd/acp.c | 52 ++++--- sound/soc/sof/amd/acp.h | 9 +- sound/soc/sof/amd/pci-acp63.c | 2 + sound/soc/sof/amd/pci-rmb.c | 2 + sound/soc/sof/amd/pci-rn.c | 2 + tools/testing/selftests/iommu/iommufd.c | 6 +- .../selftests/net/forwarding/local_termination.sh | 4 + .../selftests/net/forwarding/no_forwarding.sh | 3 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 57 +++++--- 156 files changed, 1613 insertions(+), 711 deletions(-)

8 months

9
159
0 0

[PATCH] ALSA: hda/realtek: extend quirks for Clevo V5[46]0

by Marek Marczykowski-Górecki

The mic in those laptops suffers too high gain resulting in mostly (fan or else) noise being recorded. In addition to the existing fixup about mic detection, apply also limiting its boost. While at it, extend the quirk to also V5[46]0TNE models, which have the same issue. Signed-off-by: Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com> Cc: <stable(a)vger.kernel.org> --- Cc: Michał Kopeć <michal.kopec(a)3mdeb.com> --- sound/pci/hda/patch_realtek.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 588738ce7380..01e2414b8839 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -7637,6 +7637,7 @@ enum { ALC287_FIXUP_LENOVO_14ARP8_LEGION_IAH7, ALC287_FIXUP_LENOVO_SSID_17AA3820, ALCXXX_FIXUP_CS35LXX, + ALC245_FIXUP_CLEVO_NOISY_MIC, }; /* A special fixup for Lenovo C940 and Yoga Duet 7; @@ -9970,6 +9971,12 @@ static const struct hda_fixup alc269_fixups[] = { .type = HDA_FIXUP_FUNC, .v.func = cs35lxx_autodet_fixup, }, + [ALC245_FIXUP_CLEVO_NOISY_MIC] = { + .type = HDA_FIXUP_FUNC, + .v.func = alc269_fixup_limit_int_mic_boost, + .chained = true, + .chain_id = ALC256_FIXUP_SYSTEM76_MIC_NO_PRESENCE, + }, }; static const struct snd_pci_quirk alc269_fixup_tbl[] = { @@ -10619,7 +10626,8 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x1558, 0xa600, "Clevo NL50NU", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE), SND_PCI_QUIRK(0x1558, 0xa650, "Clevo NP[567]0SN[CD]", ALC256_FIXUP_SYSTEM76_MIC_NO_PRESENCE), SND_PCI_QUIRK(0x1558, 0xa671, "Clevo NP70SN[CDE]", ALC256_FIXUP_SYSTEM76_MIC_NO_PRESENCE), - SND_PCI_QUIRK(0x1558, 0xa763, "Clevo V54x_6x_TU", ALC256_FIXUP_SYSTEM76_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1558, 0xa741, "Clevo V54x_6x_TNE", ALC245_FIXUP_CLEVO_NOISY_MIC), + SND_PCI_QUIRK(0x1558, 0xa763, "Clevo V54x_6x_TU", ALC245_FIXUP_CLEVO_NOISY_MIC), SND_PCI_QUIRK(0x1558, 0xb018, "Clevo NP50D[BE]", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE), SND_PCI_QUIRK(0x1558, 0xb019, "Clevo NH77D[BE]Q", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE), SND_PCI_QUIRK(0x1558, 0xb022, "Clevo NH77D[DC][QW]", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE), -- 2.46.0

8 months

2
1
0 0

[PATCH] riscv: misaligned: Restrict user access to kernel memory

by Samuel Holland

raw_copy_{to,from}_user() do not call access_ok(), so this code allowed userspace to access any virtual memory address. Cc: stable(a)vger.kernel.org Fixes: 7c83232161f6 ("riscv: add support for misaligned trap handling in S-mode") Fixes: 441381506ba7 ("riscv: misaligned: remove CONFIG_RISCV_M_MODE specific code") Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> --- arch/riscv/kernel/traps_misaligned.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c index b62d5a2f4541..1a76f99ff185 100644 --- a/arch/riscv/kernel/traps_misaligned.c +++ b/arch/riscv/kernel/traps_misaligned.c @@ -417,7 +417,7 @@ int handle_misaligned_load(struct pt_regs *regs) val.data_u64 = 0; if (user_mode(regs)) { - if (raw_copy_from_user(&val, (u8 __user *)addr, len)) + if (copy_from_user(&val, (u8 __user *)addr, len)) return -1; } else { memcpy(&val, (u8 *)addr, len); @@ -515,7 +515,7 @@ int handle_misaligned_store(struct pt_regs *regs) return -EOPNOTSUPP; if (user_mode(regs)) { - if (raw_copy_to_user((u8 __user *)addr, &val, len)) + if (copy_to_user((u8 __user *)addr, &val, len)) return -1; } else { memcpy((u8 *)addr, &val, len); -- 2.45.1

8 months

3
2
0 0

linux-stable-rc.git: queue/6.1 is tracking v6.10 kernel

by Matthieu Baerts

Hi Sasha, I hope you are well! If I'm not mistaken, I think you are the person managing the script updating the 'queue/*' branches from the linux-stable-rc git tree, right? It looks like the branch for the v6.1 is in fact tracking the v6.10 kernel instead: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… Are you the person who is able to fix that? If not, do you know who can fix that? These branches are really useful, not to have to apply patches from the 'stable-queue' tree. Thank you! I also just noticed that they are used by CIs, e.g. the one from Linaro: https://qa-reports.linaro.org/lkft/linux-stable-rc-queues-queue_6.1/ Cheers, Matt -- Sponsored by the NGI0 Core fund.

8 months

1
0
0 0

[PATCH v2] usb: typec: ucsi: Fix cable registration

by Heikki Krogerus

The Cable PD Revision field in GET_CABLE_PROPERTY was introduced in UCSI v2.1, so adding check for that. The cable properties are also not used anywhere after the cable is registered, so removing the cable_prop member from struct ucsi_connector while at it. Fixes: 38ca416597b0 ("usb: typec: ucsi: Register cables based on GET_CABLE_PROPERTY") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- Hi Greg, This version is for your usb-linus branch. The original [1] should apply on top of your usb-next branch. thanks, [1] https://lore.kernel.org/linux-usb/20240830130217.2155774-1-heikki.krogerus@… --- drivers/usb/typec/ucsi/ucsi.c | 30 +++++++++++++++--------------- drivers/usb/typec/ucsi/ucsi.h | 1 - 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index 9a799637754c..17155ed17fdf 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -965,10 +965,20 @@ static void ucsi_unregister_plug(struct ucsi_connector *con) static int ucsi_register_cable(struct ucsi_connector *con) { + struct ucsi_cable_property cable_prop; struct typec_cable *cable; struct typec_cable_desc desc = {}; + u64 command; + int ret; + + command = UCSI_GET_CABLE_PROPERTY | UCSI_CONNECTOR_NUMBER(con->num); + ret = ucsi_send_command(con->ucsi, command, &cable_prop, sizeof(cable_prop)); + if (ret < 0) { + dev_err(con->ucsi->dev, "GET_CABLE_PROPERTY failed (%d)\n", ret); + return ret; + } - switch (UCSI_CABLE_PROP_FLAG_PLUG_TYPE(con->cable_prop.flags)) { + switch (UCSI_CABLE_PROP_FLAG_PLUG_TYPE(cable_prop.flags)) { case UCSI_CABLE_PROPERTY_PLUG_TYPE_A: desc.type = USB_PLUG_TYPE_A; break; @@ -984,10 +994,10 @@ static int ucsi_register_cable(struct ucsi_connector *con) } desc.identity = &con->cable_identity; - desc.active = !!(UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE & - con->cable_prop.flags); - desc.pd_revision = UCSI_CABLE_PROP_FLAG_PD_MAJOR_REV_AS_BCD( - con->cable_prop.flags); + desc.active = !!(UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE & cable_prop.flags); + + if (con->ucsi->version >= UCSI_VERSION_2_1) + desc.pd_revision = UCSI_CABLE_PROP_FLAG_PD_MAJOR_REV_AS_BCD(cable_prop.flags); cable = typec_register_cable(con->port, &desc); if (IS_ERR(cable)) { @@ -1193,21 +1203,11 @@ static int ucsi_check_connection(struct ucsi_connector *con) static int ucsi_check_cable(struct ucsi_connector *con) { - u64 command; int ret, num_plug_am; if (con->cable) return 0; - command = UCSI_GET_CABLE_PROPERTY | UCSI_CONNECTOR_NUMBER(con->num); - ret = ucsi_send_command(con->ucsi, command, &con->cable_prop, - sizeof(con->cable_prop)); - if (ret < 0) { - dev_err(con->ucsi->dev, "GET_CABLE_PROPERTY failed (%d)\n", - ret); - return ret; - } - ret = ucsi_register_cable(con); if (ret < 0) return ret; diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 57129f3c0814..5a3481d36d7a 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -465,7 +465,6 @@ struct ucsi_connector { struct ucsi_connector_status status; struct ucsi_connector_capability cap; - struct ucsi_cable_property cable_prop; struct power_supply *psy; struct power_supply_desc psy_desc; u32 rdo; -- 2.45.2

8 months

1
0
0 0

[PATCH v2 1/2] mmc: cqhci: Fix checking of CQHCI_HALT state

by Seunghwan Baek

To check if mmc cqe is in halt state, need to check set/clear of CQHCI_HALT bit. At this time, we need to check with &, not &&. Fixes: a4080225f51d ("mmc: cqhci: support for command queue enabled host") Cc: stable(a)vger.kernel.org Signed-off-by: Seunghwan Baek <sh8267.baek(a)samsung.com> --- drivers/mmc/host/cqhci-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mmc/host/cqhci-core.c b/drivers/mmc/host/cqhci-core.c index c14d7251d0bb..a02da26a1efd 100644 --- a/drivers/mmc/host/cqhci-core.c +++ b/drivers/mmc/host/cqhci-core.c @@ -617,7 +617,7 @@ static int cqhci_request(struct mmc_host *mmc, struct mmc_request *mrq) cqhci_writel(cq_host, 0, CQHCI_CTL); mmc->cqe_on = true; pr_debug("%s: cqhci: CQE on\n", mmc_hostname(mmc)); - if (cqhci_readl(cq_host, CQHCI_CTL) && CQHCI_HALT) { + if (cqhci_readl(cq_host, CQHCI_CTL) & CQHCI_HALT) { pr_err("%s: cqhci: CQE failed to exit halt state\n", mmc_hostname(mmc)); } -- 2.17.1

8 months

4
3
0 0

[PATCH] usb: typec: ucsi: Fix cable registration

by Heikki Krogerus

The Cable PD Revision field in GET_CABLE_PROPERTY was introduced in UCSI v2.1, so adding check for that. The cable properties are also not used anywhere after the cable is registered, so removing the cable_prop member from struct ucsi_connector while at it. Fixes: 38ca416597b0 ("usb: typec: ucsi: Register cables based on GET_CABLE_PROPERTY") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/ucsi/ucsi.c | 30 +++++++++++++++--------------- drivers/usb/typec/ucsi/ucsi.h | 1 - 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index fad43f292e7f..35dce4057c25 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -911,10 +911,20 @@ static void ucsi_unregister_plug(struct ucsi_connector *con) static int ucsi_register_cable(struct ucsi_connector *con) { + struct ucsi_cable_property cable_prop; struct typec_cable *cable; struct typec_cable_desc desc = {}; + u64 command; + int ret; + + command = UCSI_GET_CABLE_PROPERTY | UCSI_CONNECTOR_NUMBER(con->num); + ret = ucsi_send_command(con->ucsi, command, &cable_prop, sizeof(cable_prop)); + if (ret < 0) { + dev_err(con->ucsi->dev, "GET_CABLE_PROPERTY failed (%d)\n", ret); + return ret; + } - switch (UCSI_CABLE_PROP_FLAG_PLUG_TYPE(con->cable_prop.flags)) { + switch (UCSI_CABLE_PROP_FLAG_PLUG_TYPE(cable_prop.flags)) { case UCSI_CABLE_PROPERTY_PLUG_TYPE_A: desc.type = USB_PLUG_TYPE_A; break; @@ -931,10 +941,10 @@ static int ucsi_register_cable(struct ucsi_connector *con) if (con->ucsi->cap.features & UCSI_CAP_GET_PD_MESSAGE) desc.identity = &con->cable_identity; - desc.active = !!(UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE & - con->cable_prop.flags); - desc.pd_revision = UCSI_CABLE_PROP_FLAG_PD_MAJOR_REV_AS_BCD( - con->cable_prop.flags); + desc.active = !!(UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE & cable_prop.flags); + + if (con->ucsi->version >= UCSI_VERSION_2_1) + desc.pd_revision = UCSI_CABLE_PROP_FLAG_PD_MAJOR_REV_AS_BCD(cable_prop.flags); cable = typec_register_cable(con->port, &desc); if (IS_ERR(cable)) { @@ -1141,21 +1151,11 @@ static int ucsi_check_connection(struct ucsi_connector *con) static int ucsi_check_cable(struct ucsi_connector *con) { - u64 command; int ret, num_plug_am; if (con->cable) return 0; - command = UCSI_GET_CABLE_PROPERTY | UCSI_CONNECTOR_NUMBER(con->num); - ret = ucsi_send_command(con->ucsi, command, &con->cable_prop, - sizeof(con->cable_prop)); - if (ret < 0) { - dev_err(con->ucsi->dev, "GET_CABLE_PROPERTY failed (%d)\n", - ret); - return ret; - } - ret = ucsi_register_cable(con); if (ret < 0) return ret; diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 63cc7f982663..4a017eb6a65b 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -435,7 +435,6 @@ struct ucsi_connector { struct ucsi_connector_status status; struct ucsi_connector_capability cap; - struct ucsi_cable_property cable_prop; struct power_supply *psy; struct power_supply_desc psy_desc; u32 rdo; -- 2.45.2

8 months

2
2
0 0

[PATCH 6.6 00/93] 6.6.49-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.49 release. There are 93 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 03 Sep 2024 16:07:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.49-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.49-rc1 Guenter Roeck <linux(a)roeck-us.net> apparmor: fix policy_unpack_test on big endian systems Ben Hutchings <benh(a)debian.org> scsi: aacraid: Fix double-free on probe failure Markus Niebel <Markus.Niebel(a)ew.tq-group.com> arm64: dts: freescale: imx93-tqma9352-mba93xxla: fix typo Markus Niebel <Markus.Niebel(a)ew.tq-group.com> arm64: dts: freescale: imx93-tqma9352: fix CMA alloc-ranges Shenwei Wang <shenwei.wang(a)nxp.com> arm64: dts: imx93: update default value for snps,clk-csr Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx93: add nvmem property for eqos Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx93: add nvmem property for fec1 Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp-beacon-kit: Fix Stereo Audio on WM8962 Sicelo A. Mhlongo <absicsz(a)gmail.com> ARM: dts: omap3-n900: correct the accelerometer orientation Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fix for Link TRB with TC Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function Zijun Hu <quic_zijuhu(a)quicinc.com> usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: add missing depopulate in probe error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: fix probed platform device ref count on probe error path Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Prevent USB core invalid event buffer address access Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: omap: add missing depopulate in probe error path Michal Vokáč <michal.vokac(a)ysoft.com> ARM: dts: imx6dl-yapp43: Increase LED current to match the yapp4 HW design ZHANG Yuntian <yt(a)radxa.com> USB: serial: option: add MeiG Smart SRM825L Yihang Li <liyihang9(a)huawei.com> scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress Murali Nalajala <quic_mnalajal(a)quicinc.com> firmware: qcom: scm: Mark get_wq_ctx() as atomic call Ian Ray <ian.ray(a)gehealthcare.com> cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Bjorn Andersson <quic_bjorande(a)quicinc.com> soc: qcom: pmic_glink: Fix race during initialization Bjorn Andersson <quic_bjorande(a)quicinc.com> soc: qcom: pmic_glink: Actually communicate when remote goes down Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> soc: qcom: cmd-db: Map shared memory as WC, not WB Aleksandr Mishin <amishin(a)t-argos.ru> nfc: pn533: Add poll mod list filling check Eric Dumazet <edumazet(a)google.com> net: busy-poll: use ktime_get_ns() instead of local_clock() Ma Ke <make24(a)iscas.ac.cn> drm/amd/display: avoid using null object of framebuffer Ondrej Mosnacek <omosnace(a)redhat.com> sctp: fix association labeling in the duplicate COOKIE-ECHO case Cong Wang <cong.wang(a)bytedance.com> gtp: fix a potential NULL pointer dereference Jianbo Liu <jianbol(a)nvidia.com> bonding: change ipsec_lock from spin lock to mutex Jianbo Liu <jianbol(a)nvidia.com> bonding: extract the use of real_device into local variable Jianbo Liu <jianbol(a)nvidia.com> bonding: implement xdo_dev_state_free and call it after deletion Petr Machata <petrm(a)nvidia.com> selftests: forwarding: local_termination: Down ports on cleanup Petr Machata <petrm(a)nvidia.com> selftests: forwarding: no_forwarding: Down ports on cleanup Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables_ipv6: consider network offset in netdev/egress validation Jamie Bainbridge <jamie.bainbridge(a)gmail.com> ethtool: check device is present when getting link settings Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: fix wgds rev 3 exact size Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restore IP sanity checks for netdev/egress Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Do not return 0 from map_pages if it doesn't do anything Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not handling hibernation actions Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix random crash seen while removing driver Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Handle FW Download Abort scenario Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test Serge Semin <fancer.lancer(a)gmail.com> dmaengine: dw: Add memory bus width verification Serge Semin <fancer.lancer(a)gmail.com> dmaengine: dw: Add peripheral bus width verification Piyush Mehta <piyush.mehta(a)amd.com> phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume Mrinmay Sarkar <quic_msarkar(a)quicinc.com> dmaengine: dw-edma: Do not enable watermark interrupts for HDMA Mrinmay Sarkar <quic_msarkar(a)quicinc.com> dmaengine: dw-edma: Fix unmasking STOP and ABORT interrupts for HDMA Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix programming slave ports for non-continous port maps Xu Yang <xu.yang_2(a)nxp.com> phy: fsl-imx8mq-usb: fix tuning parameter name Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Do not allow creating areas without READ or WRITE Scott Mayhew <smayhew(a)redhat.com> selinux,smack: don't bypass permissions check in inode_setsecctx hook Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "change alloc_pages name in dma_map_ops to avoid name conflicts" David Howells <dhowells(a)redhat.com> cifs: Fix FALLOC_FL_PUNCH_HOLE support David Howells <dhowells(a)redhat.com> mm: Fix missing folio invalidation calls during truncation Zhihao Cheng <chengzhihao1(a)huawei.com> ovl: ovl_parse_param_lowerdir: Add missed '\n' for pr_err Zhihao Cheng <chengzhihao1(a)huawei.com> ovl: fix wrong lowerdir number check for parameter Opt_lowerdir Christian Brauner <brauner(a)kernel.org> ovl: pass string to ovl_parse_layer() Hal Feng <hal.feng(a)starfivetech.com> pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register Nícolas F. R. A. Prado <nfraprado(a)collabora.com> pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: Fix for acp init sequence Yuntao Liu <liuyuntao12(a)huawei.com> ASoC: amd: acp: fix module autoloading Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> thermal: of: Fix OF node leak in of_thermal_zone_find() error paths Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> thermal: of: Fix OF node leak in thermal_of_trips_init() error path Jonathan Cameron <Jonathan.Cameron(a)huawei.com> of: Introduce for_each_*_child_of_node_scoped() to automate of_node_put() handling Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister existing source caps before re-registration" Steven Rostedt <rostedt(a)goodmis.org> tracing: Have format file honor EVENT_FILE_FL_FREED Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix prime with external buffers Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swsmu: always force a state reprogram on init Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: align pp_power_profile_mode with kernel docs Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-re-adding ID 0 endp Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: no extra msg if no counter Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check removing ID 0 endpoint Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: ADD_ADDR 0 is not a new address Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fix ID 0 endp usage after multiple re-creations Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not remove already closed subflows Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: send ACK on an active subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: reset MPC endp ID when re-added Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: skip connecting to already established sf Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: reuse ID 0 after delete and re-add Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sched: check both backup in retrans Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: close subflow when receiving TCP+FIN Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: duplicate static structs used in driver instances Alexander Sverdlin <alexander.sverdlin(a)siemens.com> wifi: wfx: repair open network AP mode Jonathan Cameron <Jonathan.Cameron(a)huawei.com> of: Add cleanup.h based auto release via __free(device_node) markings Ma Ke <make24(a)iscas.ac.cn> pinctrl: single: fix potential NULL dereference in pcs_get_function() Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Stefan Metzmacher <metze(a)samba.org> smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() Josef Bacik <josef(a)toxicpanda.com> btrfs: run delayed iputs when flushing delalloc Qu Wenruo <wqu(a)suse.com> btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() Miao Wang <shankerwangmiao(a)gmail.com> LoongArch: Remove the unused dma-direct.h Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Skip event type filtering for UMP events ------------- Diffstat: Makefile | 4 +- arch/alpha/kernel/pci_iommu.c | 2 +- .../arm/boot/dts/nxp/imx/imx6dl-yapp43-common.dtsi | 12 +- arch/arm/boot/dts/ti/omap/omap3-n900.dts | 2 +- .../arm64/boot/dts/freescale/imx8mp-beacon-kit.dts | 12 +- .../dts/freescale/imx93-tqma9352-mba93xxla.dts | 2 +- arch/arm64/boot/dts/freescale/imx93-tqma9352.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx93.dtsi | 15 +- arch/loongarch/include/asm/dma-direct.h | 11 -- arch/mips/jazz/jazzdma.c | 2 +- arch/powerpc/kernel/dma-iommu.c | 2 +- arch/powerpc/platforms/ps3/system-bus.c | 4 +- arch/powerpc/platforms/pseries/vio.c | 2 +- arch/x86/kernel/amd_gart_64.c | 2 +- drivers/bluetooth/btnxpuart.c | 89 +++++++++--- drivers/dma/dw-edma/dw-hdma-v0-core.c | 26 ++-- drivers/dma/dw/core.c | 89 +++++++++++- drivers/firmware/qcom_scm-smc.c | 2 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 9 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 21 +-- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 114 ++++++++++++++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 12 +- drivers/iommu/dma-iommu.c | 2 +- drivers/iommu/io-pgtable-arm-v7s.c | 3 +- drivers/iommu/io-pgtable-arm.c | 3 +- drivers/iommu/io-pgtable-dart.c | 3 +- drivers/iommu/iommufd/ioas.c | 8 ++ drivers/net/bonding/bond_main.c | 159 ++++++++++++++------- drivers/net/ethernet/microsoft/mana/hw_channel.c | 68 +++++---- drivers/net/gtp.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 13 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 ++++- drivers/net/wireless/silabs/wfx/sta.c | 5 +- drivers/nfc/pn533/pn533.c | 5 + drivers/parisc/ccio-dma.c | 2 +- drivers/parisc/sba_iommu.c | 2 +- drivers/phy/freescale/phy-fsl-imx8mq-usb.c | 2 +- drivers/phy/xilinx/phy-zynqmp.c | 56 ++++++++ drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 55 +++---- drivers/pinctrl/pinctrl-rockchip.c | 2 +- drivers/pinctrl/pinctrl-single.c | 2 + drivers/pinctrl/starfive/pinctrl-starfive-jh7110.c | 4 +- drivers/power/supply/qcom_battmgr.c | 16 ++- drivers/scsi/aacraid/comminit.c | 2 + drivers/scsi/sd.c | 12 +- drivers/soc/qcom/cmd-db.c | 2 +- drivers/soc/qcom/pmic_glink.c | 30 ++-- drivers/soc/qcom/pmic_glink_altmode.c | 17 ++- drivers/soundwire/stream.c | 8 +- drivers/thermal/thermal_of.c | 17 +-- drivers/usb/cdns3/cdnsp-gadget.h | 3 + drivers/usb/cdns3/cdnsp-ring.c | 30 +++- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/sysfs.c | 1 + drivers/usb/dwc3/core.c | 8 ++ drivers/usb/dwc3/dwc3-omap.c | 4 +- drivers/usb/dwc3/dwc3-st.c | 16 +-- drivers/usb/serial/option.c | 5 + drivers/usb/typec/tcpm/tcpm.c | 14 +- drivers/usb/typec/ucsi/ucsi_glink.c | 16 ++- drivers/xen/grant-dma-ops.c | 2 +- drivers/xen/swiotlb-xen.c | 2 +- fs/btrfs/bio.c | 26 ++-- fs/btrfs/qgroup.c | 2 + fs/overlayfs/params.c | 51 ++----- fs/smb/client/smb2ops.c | 22 +++ fs/smb/client/smb2pdu.c | 2 +- include/linux/dma-map-ops.h | 2 +- include/linux/of.h | 15 ++ include/linux/soc/qcom/pmic_glink.h | 11 +- include/net/bonding.h | 2 +- include/net/busy_poll.h | 2 +- include/net/netfilter/nf_tables_ipv4.h | 10 +- include/net/netfilter/nf_tables_ipv6.h | 5 +- kernel/dma/mapping.c | 4 +- kernel/trace/trace.h | 23 +++ kernel/trace/trace_events.c | 33 +++-- kernel/trace/trace_events_hist.c | 4 +- kernel/trace/trace_events_inject.c | 2 +- kernel/trace/trace_events_trigger.c | 6 +- mm/truncate.c | 4 +- net/bluetooth/hci_core.c | 10 +- net/core/net-sysfs.c | 2 +- net/ethtool/ioctl.c | 3 + net/mptcp/pm.c | 4 +- net/mptcp/pm_netlink.c | 59 ++++++-- net/mptcp/protocol.c | 7 +- net/mptcp/protocol.h | 2 + net/mptcp/subflow.c | 8 +- net/sctp/sm_statefuns.c | 22 ++- security/apparmor/policy_unpack_test.c | 6 +- security/selinux/hooks.c | 4 +- security/smack/smack_lsm.c | 4 +- sound/core/seq/seq_clientmgr.c | 3 + sound/soc/amd/acp/acp-legacy-mach.c | 2 + sound/soc/sof/amd/acp.c | 19 ++- sound/soc/sof/amd/acp.h | 7 +- tools/testing/selftests/iommu/iommufd.c | 6 +- .../selftests/net/forwarding/local_termination.sh | 4 + .../selftests/net/forwarding/no_forwarding.sh | 3 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 46 +++--- 102 files changed, 1075 insertions(+), 448 deletions(-)

8 months

7
100
0 0

[PATCH 1/3] platform/x86: panasonic-laptop: Check minimum SQTY value

by Hans de Goede

The panasonic laptop code in various places uses the sinf array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the sinf array is big enough. Check for a minimum SQTY value of SINF_CUR_BRIGHT to avoid out of bounds accesses of the sinf array. Note SQTY returning SINF_CUR_BRIGHT is ok because the driver adds one extra entry to the sinf array. Fixes: e424fb8cc4e6 ("panasonic-laptop: avoid overflow in acpi_pcc_hotkey_add()") Cc: stable(a)vger.kernel.org Tested-by: James Harmison <jharmison(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/platform/x86/panasonic-laptop.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/platform/x86/panasonic-laptop.c b/drivers/platform/x86/panasonic-laptop.c index cf845ee1c7b1..d7f9017a5a13 100644 --- a/drivers/platform/x86/panasonic-laptop.c +++ b/drivers/platform/x86/panasonic-laptop.c @@ -963,8 +963,8 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) num_sifr = acpi_pcc_get_sqty(device); - if (num_sifr < 0 || num_sifr > 255) { - pr_err("num_sifr out of range"); + if (num_sifr < SINF_CUR_BRIGHT || num_sifr > 255) { + pr_err("num_sifr %d out of range %d - 255\n", num_sifr, SINF_CUR_BRIGHT); return -ENODEV; } -- 2.46.0

8 months

3
4
0 0

patch "iio: adc: ad7173: fix GPIO device info" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7173: fix GPIO device info to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From f242967f4d1c024ac42bb47ea50b6360b4cb4556 Mon Sep 17 00:00:00 2001 From: Dumitru Ceclan <mitrutzceclan(a)gmail.com> Date: Fri, 9 Aug 2024 16:49:08 +0300 Subject: iio: adc: ad7173: fix GPIO device info Models AD4114/5/6 have .higher_gpio_bits = true. This is not correct as the only models that have the GPIO bits to a higher position are AD4111/2. Fix by removing the higher_gpio_bits = true from the AD4114/5/6 models. Fixes: 13d12e3ad12d ("iio: adc: ad7173: Add support for AD411x devices") Signed-off-by: Dumitru Ceclan <dumitru.ceclan(a)analog.com> Link: https://patch.msgid.link/20240809134909.26829-1-dumitru.ceclan@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7173.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/iio/adc/ad7173.c b/drivers/iio/adc/ad7173.c index a854f2d30174..0702ec71aa29 100644 --- a/drivers/iio/adc/ad7173.c +++ b/drivers/iio/adc/ad7173.c @@ -302,7 +302,6 @@ static const struct ad7173_device_info ad4114_device_info = { .num_configs = 8, .num_voltage_in = 16, .num_gpios = 4, - .higher_gpio_bits = true, .has_vincom_input = true, .has_temp = true, .has_input_buf = true, @@ -320,7 +319,6 @@ static const struct ad7173_device_info ad4115_device_info = { .num_configs = 8, .num_voltage_in = 16, .num_gpios = 4, - .higher_gpio_bits = true, .has_vincom_input = true, .has_temp = true, .has_input_buf = true, @@ -338,7 +336,6 @@ static const struct ad7173_device_info ad4116_device_info = { .num_configs = 8, .num_voltage_in = 16, .num_gpios = 4, - .higher_gpio_bits = true, .has_vincom_input = true, .has_temp = true, .has_input_buf = true, -- 2.46.0

8 months

1
0
0 0

patch "iio: adc: ad_sigma_delta: fix irq_flags on irq request" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad_sigma_delta: fix irq_flags on irq request to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From e81bb580ec08d7503c14c92157d810d306290003 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Tue, 6 Aug 2024 17:40:49 +0200 Subject: iio: adc: ad_sigma_delta: fix irq_flags on irq request With commit 7b0c9f8fa3d2 ("iio: adc: ad_sigma_delta: Add optional irq selection"), we can get the irq line from struct ad_sigma_delta_info instead of the spi device. However, in devm_ad_sd_probe_trigger(), when getting the irq_flags with irq_get_trigger_type() we are still using the spi device irq instead of the one used for devm_request_irq(). Fixes: 7b0c9f8fa3d2 ("iio: adc: ad_sigma_delta: Add optional irq selection") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20240806-dev-fix-ad-sigma-delta-v1-1-aa25b173c063@… Cc: <stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad_sigma_delta.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/ad_sigma_delta.c b/drivers/iio/adc/ad_sigma_delta.c index 8c062b0d26e3..dcd557e93586 100644 --- a/drivers/iio/adc/ad_sigma_delta.c +++ b/drivers/iio/adc/ad_sigma_delta.c @@ -569,7 +569,7 @@ EXPORT_SYMBOL_NS_GPL(ad_sd_validate_trigger, IIO_AD_SIGMA_DELTA); static int devm_ad_sd_probe_trigger(struct device *dev, struct iio_dev *indio_dev) { struct ad_sigma_delta *sigma_delta = iio_device_get_drvdata(indio_dev); - unsigned long irq_flags = irq_get_trigger_type(sigma_delta->spi->irq); + unsigned long irq_flags = irq_get_trigger_type(sigma_delta->irq_line); int ret; if (dev != &sigma_delta->spi->dev) { -- 2.46.0

8 months

1
0
0 0

patch "iio: adc: ad7124: fix DT configuration parsing" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7124: fix DT configuration parsing to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 61cbfb5368dd50ed0d65ce21d305aa923581db2b Mon Sep 17 00:00:00 2001 From: Dumitru Ceclan <mitrutzceclan(a)gmail.com> Date: Tue, 6 Aug 2024 11:51:33 +0300 Subject: iio: adc: ad7124: fix DT configuration parsing The cfg pointer is set before reading the channel number that the configuration should point to. This causes configurations to be shifted by one channel. For example setting bipolar to the first channel defined in the DT will cause bipolar mode to be active on the second defined channel. Fix by moving the cfg pointer setting after reading the channel number. Fixes: 7b8d045e497a ("iio: adc: ad7124: allow more than 8 channels") Signed-off-by: Dumitru Ceclan <dumitru.ceclan(a)analog.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20240806085133.114547-1-dumitru.ceclan@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7124.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c index afb5f4d741e6..108e9ccab1ef 100644 --- a/drivers/iio/adc/ad7124.c +++ b/drivers/iio/adc/ad7124.c @@ -844,8 +844,6 @@ static int ad7124_parse_channel_config(struct iio_dev *indio_dev, st->channels = channels; device_for_each_child_node_scoped(dev, child) { - cfg = &st->channels[channel].cfg; - ret = fwnode_property_read_u32(child, "reg", &channel); if (ret) return ret; @@ -863,6 +861,7 @@ static int ad7124_parse_channel_config(struct iio_dev *indio_dev, st->channels[channel].ain = AD7124_CHANNEL_AINP(ain[0]) | AD7124_CHANNEL_AINM(ain[1]); + cfg = &st->channels[channel].cfg; cfg->bipolar = fwnode_property_read_bool(child, "bipolar"); ret = fwnode_property_read_u32(child, "adi,reference-select", &tmp); -- 2.46.0

8 months

1
0
0 0

patch "iio: fix scale application in iio_convert_raw_to_processed_unlocked" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: fix scale application in iio_convert_raw_to_processed_unlocked to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 8a3dcc970dc57b358c8db2702447bf0af4e0d83a Mon Sep 17 00:00:00 2001 From: Matteo Martelli <matteomartelli3(a)gmail.com> Date: Tue, 30 Jul 2024 10:11:53 +0200 Subject: iio: fix scale application in iio_convert_raw_to_processed_unlocked When the scale_type is IIO_VAL_INT_PLUS_MICRO or IIO_VAL_INT_PLUS_NANO the scale passed as argument is only applied to the fractional part of the value. Fix it by also multiplying the integer part by the scale provided. Fixes: 48e44ce0f881 ("iio:inkern: Add function to read the processed value") Signed-off-by: Matteo Martelli <matteomartelli3(a)gmail.com> Link: https://patch.msgid.link/20240730-iio-fix-scale-v1-1-6246638c8daa@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/inkern.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/iio/inkern.c b/drivers/iio/inkern.c index 9f484c94bc6e..151099be2863 100644 --- a/drivers/iio/inkern.c +++ b/drivers/iio/inkern.c @@ -647,17 +647,17 @@ static int iio_convert_raw_to_processed_unlocked(struct iio_channel *chan, break; case IIO_VAL_INT_PLUS_MICRO: if (scale_val2 < 0) - *processed = -raw64 * scale_val; + *processed = -raw64 * scale_val * scale; else - *processed = raw64 * scale_val; + *processed = raw64 * scale_val * scale; *processed += div_s64(raw64 * (s64)scale_val2 * scale, 1000000LL); break; case IIO_VAL_INT_PLUS_NANO: if (scale_val2 < 0) - *processed = -raw64 * scale_val; + *processed = -raw64 * scale_val * scale; else - *processed = raw64 * scale_val; + *processed = raw64 * scale_val * scale; *processed += div_s64(raw64 * (s64)scale_val2 * scale, 1000000000LL); break; -- 2.46.0

8 months

1
0
0 0

patch "iio: adc: ad7124: fix config comparison" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7124: fix config comparison to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 2f6b92d0f69f04d9e2ea0db1228ab7f82f3173af Mon Sep 17 00:00:00 2001 From: Dumitru Ceclan <mitrutzceclan(a)gmail.com> Date: Wed, 31 Jul 2024 15:37:23 +0300 Subject: iio: adc: ad7124: fix config comparison The ad7124_find_similar_live_cfg() computes the compare size by substracting the address of the cfg struct from the address of the live field. Because the live field is the first field in the struct, the result is 0. Also, the memcmp() call is made from the start of the cfg struct, which includes the live and cfg_slot fields, which are not relevant for the comparison. Fix by grouping the relevant fields with struct_group() and use the size of the group to compute the compare size; make the memcmp() call from the address of the group. Fixes: 7b8d045e497a ("iio: adc: ad7124: allow more than 8 channels") Signed-off-by: Dumitru Ceclan <dumitru.ceclan(a)analog.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20240731-ad7124-fix-v1-2-46a76aa4b9be@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7124.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c index c0b82f64c976..afb5f4d741e6 100644 --- a/drivers/iio/adc/ad7124.c +++ b/drivers/iio/adc/ad7124.c @@ -147,15 +147,18 @@ struct ad7124_chip_info { struct ad7124_channel_config { bool live; unsigned int cfg_slot; - enum ad7124_ref_sel refsel; - bool bipolar; - bool buf_positive; - bool buf_negative; - unsigned int vref_mv; - unsigned int pga_bits; - unsigned int odr; - unsigned int odr_sel_bits; - unsigned int filter_type; + /* Following fields are used to compare equality. */ + struct_group(config_props, + enum ad7124_ref_sel refsel; + bool bipolar; + bool buf_positive; + bool buf_negative; + unsigned int vref_mv; + unsigned int pga_bits; + unsigned int odr; + unsigned int odr_sel_bits; + unsigned int filter_type; + ); }; struct ad7124_channel { @@ -334,11 +337,12 @@ static struct ad7124_channel_config *ad7124_find_similar_live_cfg(struct ad7124_ ptrdiff_t cmp_size; int i; - cmp_size = (u8 *)&cfg->live - (u8 *)cfg; + cmp_size = sizeof_field(struct ad7124_channel_config, config_props); for (i = 0; i < st->num_channels; i++) { cfg_aux = &st->channels[i].cfg; - if (cfg_aux->live && !memcmp(cfg, cfg_aux, cmp_size)) + if (cfg_aux->live && + !memcmp(&cfg->config_props, &cfg_aux->config_props, cmp_size)) return cfg_aux; } -- 2.46.0

8 months

1
0
0 0

patch "iio: adc: ad7124: fix chip ID mismatch" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7124: fix chip ID mismatch to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 96f9ab0d5933c1c00142dd052f259fce0bc3ced2 Mon Sep 17 00:00:00 2001 From: Dumitru Ceclan <mitrutzceclan(a)gmail.com> Date: Wed, 31 Jul 2024 15:37:22 +0300 Subject: iio: adc: ad7124: fix chip ID mismatch The ad7124_soft_reset() function has the assumption that the chip will assert the "power-on reset" bit in the STATUS register after a software reset without any delay. The POR bit =0 is used to check if the chip initialization is done. A chip ID mismatch probe error appears intermittently when the probe continues too soon and the ID register does not contain the expected value. Fix by adding a 200us delay after the software reset command is issued. Fixes: b3af341bbd96 ("iio: adc: Add ad7124 support") Signed-off-by: Dumitru Ceclan <dumitru.ceclan(a)analog.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20240731-ad7124-fix-v1-1-46a76aa4b9be@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7124.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c index 3beed78496c5..c0b82f64c976 100644 --- a/drivers/iio/adc/ad7124.c +++ b/drivers/iio/adc/ad7124.c @@ -764,6 +764,7 @@ static int ad7124_soft_reset(struct ad7124_state *st) if (ret < 0) return ret; + fsleep(200); timeout = 100; do { ret = ad_sd_read_reg(&st->sd, AD7124_STATUS, 1, &readval); -- 2.46.0

8 months

1
0
0 0

patch "iio: buffer-dmaengine: fix releasing dma channel on error" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: buffer-dmaengine: fix releasing dma channel on error to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 84c65d8008764a8fb4e627ff02de01ec4245f2c4 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Tue, 23 Jul 2024 11:32:21 -0500 Subject: iio: buffer-dmaengine: fix releasing dma channel on error If dma_get_slave_caps() fails, we need to release the dma channel before returning an error to avoid leaking the channel. Fixes: 2d6ca60f3284 ("iio: Add a DMAengine framework based buffer") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20240723-iio-fix-dmaengine-free-on-error-v1-1-2c7c… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/iio/buffer/industrialio-buffer-dmaengine.c b/drivers/iio/buffer/industrialio-buffer-dmaengine.c index 12aa1412dfa0..426cc614587a 100644 --- a/drivers/iio/buffer/industrialio-buffer-dmaengine.c +++ b/drivers/iio/buffer/industrialio-buffer-dmaengine.c @@ -237,7 +237,7 @@ static struct iio_buffer *iio_dmaengine_buffer_alloc(struct device *dev, ret = dma_get_slave_caps(chan, &caps); if (ret < 0) - goto err_free; + goto err_release; /* Needs to be aligned to the maximum of the minimums */ if (caps.src_addr_widths) @@ -263,6 +263,8 @@ static struct iio_buffer *iio_dmaengine_buffer_alloc(struct device *dev, return &dmaengine_buffer->queue.buffer; +err_release: + dma_release_channel(chan); err_free: kfree(dmaengine_buffer); return ERR_PTR(ret); -- 2.46.0

8 months

1
0
0 0

patch "iio: adc: ad7606: remove frstdata check for serial mode" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7606: remove frstdata check for serial mode to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 90826e08468ba7fb35d8b39645b22d9e80004afe Mon Sep 17 00:00:00 2001 From: Guillaume Stols <gstols(a)baylibre.com> Date: Tue, 2 Jul 2024 12:52:51 +0000 Subject: iio: adc: ad7606: remove frstdata check for serial mode The current implementation attempts to recover from an eventual glitch in the clock by checking frstdata state after reading the first channel's sample: If frstdata is low, it will reset the chip and return -EIO. This will only work in parallel mode, where frstdata pin is set low after the 2nd sample read starts. For the serial mode, according to the datasheet, "The FRSTDATA output returns to a logic low following the 16th SCLK falling edge.", thus after the Xth pulse, X being the number of bits in a sample, the check will always be true, and the driver will not work at all in serial mode if frstdata(optional) is defined in the devicetree as it will reset the chip, and return -EIO every time read_sample is called. Hence, this check must be removed for serial mode. Fixes: b9618c0cacd7 ("staging: IIO: ADC: New driver for AD7606/AD7606-6/AD7606-4") Signed-off-by: Guillaume Stols <gstols(a)baylibre.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20240702-cleanup-ad7606-v3-1-18d5ea18770e@baylibre… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7606.c | 28 ++-------------------- drivers/iio/adc/ad7606.h | 2 ++ drivers/iio/adc/ad7606_par.c | 46 ++++++++++++++++++++++++++++++++++-- 3 files changed, 48 insertions(+), 28 deletions(-) diff --git a/drivers/iio/adc/ad7606.c b/drivers/iio/adc/ad7606.c index 3a417595294f..c321c6ef48df 100644 --- a/drivers/iio/adc/ad7606.c +++ b/drivers/iio/adc/ad7606.c @@ -49,7 +49,7 @@ static const unsigned int ad7616_oversampling_avail[8] = { 1, 2, 4, 8, 16, 32, 64, 128, }; -static int ad7606_reset(struct ad7606_state *st) +int ad7606_reset(struct ad7606_state *st) { if (st->gpio_reset) { gpiod_set_value(st->gpio_reset, 1); @@ -60,6 +60,7 @@ static int ad7606_reset(struct ad7606_state *st) return -ENODEV; } +EXPORT_SYMBOL_NS_GPL(ad7606_reset, IIO_AD7606); static int ad7606_reg_access(struct iio_dev *indio_dev, unsigned int reg, @@ -88,31 +89,6 @@ static int ad7606_read_samples(struct ad7606_state *st) { unsigned int num = st->chip_info->num_channels - 1; u16 *data = st->data; - int ret; - - /* - * The frstdata signal is set to high while and after reading the sample - * of the first channel and low for all other channels. This can be used - * to check that the incoming data is correctly aligned. During normal - * operation the data should never become unaligned, but some glitch or - * electrostatic discharge might cause an extra read or clock cycle. - * Monitoring the frstdata signal allows to recover from such failure - * situations. - */ - - if (st->gpio_frstdata) { - ret = st->bops->read_block(st->dev, 1, data); - if (ret) - return ret; - - if (!gpiod_get_value(st->gpio_frstdata)) { - ad7606_reset(st); - return -EIO; - } - - data++; - num--; - } return st->bops->read_block(st->dev, num, data); } diff --git a/drivers/iio/adc/ad7606.h b/drivers/iio/adc/ad7606.h index 0c6a88cc4695..6649e84d25de 100644 --- a/drivers/iio/adc/ad7606.h +++ b/drivers/iio/adc/ad7606.h @@ -151,6 +151,8 @@ int ad7606_probe(struct device *dev, int irq, void __iomem *base_address, const char *name, unsigned int id, const struct ad7606_bus_ops *bops); +int ad7606_reset(struct ad7606_state *st); + enum ad7606_supported_device_ids { ID_AD7605_4, ID_AD7606_8, diff --git a/drivers/iio/adc/ad7606_par.c b/drivers/iio/adc/ad7606_par.c index d8408052262e..6bc587b20f05 100644 --- a/drivers/iio/adc/ad7606_par.c +++ b/drivers/iio/adc/ad7606_par.c @@ -7,6 +7,7 @@ #include <linux/mod_devicetable.h> #include <linux/module.h> +#include <linux/gpio/consumer.h> #include <linux/platform_device.h> #include <linux/types.h> #include <linux/err.h> @@ -21,8 +22,29 @@ static int ad7606_par16_read_block(struct device *dev, struct iio_dev *indio_dev = dev_get_drvdata(dev); struct ad7606_state *st = iio_priv(indio_dev); - insw((unsigned long)st->base_address, buf, count); + /* + * On the parallel interface, the frstdata signal is set to high while + * and after reading the sample of the first channel and low for all + * other channels. This can be used to check that the incoming data is + * correctly aligned. During normal operation the data should never + * become unaligned, but some glitch or electrostatic discharge might + * cause an extra read or clock cycle. Monitoring the frstdata signal + * allows to recover from such failure situations. + */ + int num = count; + u16 *_buf = buf; + + if (st->gpio_frstdata) { + insw((unsigned long)st->base_address, _buf, 1); + if (!gpiod_get_value(st->gpio_frstdata)) { + ad7606_reset(st); + return -EIO; + } + _buf++; + num--; + } + insw((unsigned long)st->base_address, _buf, num); return 0; } @@ -35,8 +57,28 @@ static int ad7606_par8_read_block(struct device *dev, { struct iio_dev *indio_dev = dev_get_drvdata(dev); struct ad7606_state *st = iio_priv(indio_dev); + /* + * On the parallel interface, the frstdata signal is set to high while + * and after reading the sample of the first channel and low for all + * other channels. This can be used to check that the incoming data is + * correctly aligned. During normal operation the data should never + * become unaligned, but some glitch or electrostatic discharge might + * cause an extra read or clock cycle. Monitoring the frstdata signal + * allows to recover from such failure situations. + */ + int num = count; + u16 *_buf = buf; - insb((unsigned long)st->base_address, buf, count * 2); + if (st->gpio_frstdata) { + insb((unsigned long)st->base_address, _buf, 2); + if (!gpiod_get_value(st->gpio_frstdata)) { + ad7606_reset(st); + return -EIO; + } + _buf++; + num--; + } + insb((unsigned long)st->base_address, _buf, num * 2); return 0; } -- 2.46.0

8 months

1
0
0 0

patch "staging: iio: frequency: ad9834: Validate frequency parameter value" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: iio: frequency: ad9834: Validate frequency parameter value to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From b48aa991758999d4e8f9296c5bbe388f293ef465 Mon Sep 17 00:00:00 2001 From: Aleksandr Mishin <amishin(a)t-argos.ru> Date: Wed, 3 Jul 2024 18:45:06 +0300 Subject: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 12b9d5bf76bf ("Staging: IIO: DDS: AD9833 / AD9834 driver") Suggested-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Aleksandr Mishin <amishin(a)t-argos.ru> Reviewed-by: Dan Carpenter <dan.carpenter(a)linaro.org> Link: https://patch.msgid.link/20240703154506.25584-1-amishin@t-argos.ru Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/staging/iio/frequency/ad9834.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/iio/frequency/ad9834.c b/drivers/staging/iio/frequency/ad9834.c index a7a5cdcc6590..47e7d7e6d920 100644 --- a/drivers/staging/iio/frequency/ad9834.c +++ b/drivers/staging/iio/frequency/ad9834.c @@ -114,7 +114,7 @@ static int ad9834_write_frequency(struct ad9834_state *st, clk_freq = clk_get_rate(st->mclk); - if (fout > (clk_freq / 2)) + if (!clk_freq || fout > (clk_freq / 2)) return -EINVAL; regval = ad9834_calc_freqreg(clk_freq, fout); -- 2.46.0

8 months

1
0
0 0

patch "iio: pressure: bmp280: Fix waiting time for BMP3xx configuration" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: pressure: bmp280: Fix waiting time for BMP3xx configuration to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 262a6634bcc4f0c1c53d13aa89882909f281a6aa Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:50 +0200 Subject: iio: pressure: bmp280: Fix waiting time for BMP3xx configuration According to the datasheet, both pressure and temperature can go up to oversampling x32. With this option, the maximum measurement time is not 80ms (this is for press x32 and temp x2), but it is 130ms nominal (calculated from table 3.9.2) and since most of the maximum values are around +15%, it is configured to 150ms. Fixes: 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-3-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/pressure/bmp280-core.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index cc8553177977..3deaa57bb3f5 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1581,10 +1581,11 @@ static int bmp380_chip_config(struct bmp280_data *data) } /* * Waits for measurement before checking configuration error - * flag. Selected longest measure time indicated in - * section 3.9.1 in the datasheet. + * flag. Selected longest measurement time, calculated from + * formula in datasheet section 3.9.2 with an offset of ~+15% + * as it seen as well in table 3.9.1. */ - msleep(80); + msleep(150); /* Check config error flag */ ret = regmap_read(data->regmap, BMP380_REG_ERROR, &tmp); -- 2.46.0

8 months

1
0
0 0

patch "iio: pressure: bmp280: Fix regmap for BMP280 device" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: pressure: bmp280: Fix regmap for BMP280 device to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From b9065b0250e1705935445ede0a18c1850afe7b75 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:49 +0200 Subject: iio: pressure: bmp280: Fix regmap for BMP280 device Up to now, the BMP280 device is using the regmap of the BME280 which has registers that exist only in the BME280 device. Fixes: 14e8015f8569 ("iio: pressure: bmp280: split driver in logical parts") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-2-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/pressure/bmp280-core.c | 2 +- drivers/iio/pressure/bmp280-regmap.c | 45 ++++++++++++++++++++++++++-- drivers/iio/pressure/bmp280.h | 1 + 3 files changed, 44 insertions(+), 4 deletions(-) diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index 2fc5724196e3..cc8553177977 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1186,7 +1186,7 @@ const struct bmp280_chip_info bme280_chip_info = { .id_reg = BMP280_REG_ID, .chip_id = bme280_chip_ids, .num_chip_id = ARRAY_SIZE(bme280_chip_ids), - .regmap_config = &bmp280_regmap_config, + .regmap_config = &bme280_regmap_config, .start_up_time = 2000, .channels = bme280_channels, .num_channels = ARRAY_SIZE(bme280_channels), diff --git a/drivers/iio/pressure/bmp280-regmap.c b/drivers/iio/pressure/bmp280-regmap.c index fa52839474b1..d27d68edd906 100644 --- a/drivers/iio/pressure/bmp280-regmap.c +++ b/drivers/iio/pressure/bmp280-regmap.c @@ -41,7 +41,7 @@ const struct regmap_config bmp180_regmap_config = { }; EXPORT_SYMBOL_NS(bmp180_regmap_config, IIO_BMP280); -static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +static bool bme280_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { case BMP280_REG_CONFIG: @@ -54,7 +54,35 @@ static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) } } +static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_CONFIG: + case BMP280_REG_CTRL_MEAS: + case BMP280_REG_RESET: + return true; + default: + return false; + } +} + static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_TEMP_XLSB: + case BMP280_REG_TEMP_LSB: + case BMP280_REG_TEMP_MSB: + case BMP280_REG_PRESS_XLSB: + case BMP280_REG_PRESS_LSB: + case BMP280_REG_PRESS_MSB: + case BMP280_REG_STATUS: + return true; + default: + return false; + } +} + +static bool bme280_is_volatile_reg(struct device *dev, unsigned int reg) { switch (reg) { case BME280_REG_HUMIDITY_LSB: @@ -71,7 +99,6 @@ static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) return false; } } - static bool bmp380_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { @@ -167,7 +194,7 @@ const struct regmap_config bmp280_regmap_config = { .reg_bits = 8, .val_bits = 8, - .max_register = BME280_REG_HUMIDITY_LSB, + .max_register = BMP280_REG_TEMP_XLSB, .cache_type = REGCACHE_RBTREE, .writeable_reg = bmp280_is_writeable_reg, @@ -175,6 +202,18 @@ const struct regmap_config bmp280_regmap_config = { }; EXPORT_SYMBOL_NS(bmp280_regmap_config, IIO_BMP280); +const struct regmap_config bme280_regmap_config = { + .reg_bits = 8, + .val_bits = 8, + + .max_register = BME280_REG_HUMIDITY_LSB, + .cache_type = REGCACHE_RBTREE, + + .writeable_reg = bme280_is_writeable_reg, + .volatile_reg = bme280_is_volatile_reg, +}; +EXPORT_SYMBOL_NS(bme280_regmap_config, IIO_BMP280); + const struct regmap_config bmp380_regmap_config = { .reg_bits = 8, .val_bits = 8, diff --git a/drivers/iio/pressure/bmp280.h b/drivers/iio/pressure/bmp280.h index 0933e411ae2c..4b0ebce001df 100644 --- a/drivers/iio/pressure/bmp280.h +++ b/drivers/iio/pressure/bmp280.h @@ -490,6 +490,7 @@ extern const struct bmp280_chip_info bmp580_chip_info; /* Regmap configurations */ extern const struct regmap_config bmp180_regmap_config; extern const struct regmap_config bmp280_regmap_config; +extern const struct regmap_config bme280_regmap_config; extern const struct regmap_config bmp380_regmap_config; extern const struct regmap_config bmp580_regmap_config; -- 2.46.0

8 months

1
0
0 0

patch "iio: pressure: bmp280: Fix regmap for BMP280 device" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: pressure: bmp280: Fix regmap for BMP280 device to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From b9065b0250e1705935445ede0a18c1850afe7b75 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:49 +0200 Subject: iio: pressure: bmp280: Fix regmap for BMP280 device Up to now, the BMP280 device is using the regmap of the BME280 which has registers that exist only in the BME280 device. Fixes: 14e8015f8569 ("iio: pressure: bmp280: split driver in logical parts") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-2-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/pressure/bmp280-core.c | 2 +- drivers/iio/pressure/bmp280-regmap.c | 45 ++++++++++++++++++++++++++-- drivers/iio/pressure/bmp280.h | 1 + 3 files changed, 44 insertions(+), 4 deletions(-) diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index 2fc5724196e3..cc8553177977 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1186,7 +1186,7 @@ const struct bmp280_chip_info bme280_chip_info = { .id_reg = BMP280_REG_ID, .chip_id = bme280_chip_ids, .num_chip_id = ARRAY_SIZE(bme280_chip_ids), - .regmap_config = &bmp280_regmap_config, + .regmap_config = &bme280_regmap_config, .start_up_time = 2000, .channels = bme280_channels, .num_channels = ARRAY_SIZE(bme280_channels), diff --git a/drivers/iio/pressure/bmp280-regmap.c b/drivers/iio/pressure/bmp280-regmap.c index fa52839474b1..d27d68edd906 100644 --- a/drivers/iio/pressure/bmp280-regmap.c +++ b/drivers/iio/pressure/bmp280-regmap.c @@ -41,7 +41,7 @@ const struct regmap_config bmp180_regmap_config = { }; EXPORT_SYMBOL_NS(bmp180_regmap_config, IIO_BMP280); -static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +static bool bme280_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { case BMP280_REG_CONFIG: @@ -54,7 +54,35 @@ static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) } } +static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_CONFIG: + case BMP280_REG_CTRL_MEAS: + case BMP280_REG_RESET: + return true; + default: + return false; + } +} + static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_TEMP_XLSB: + case BMP280_REG_TEMP_LSB: + case BMP280_REG_TEMP_MSB: + case BMP280_REG_PRESS_XLSB: + case BMP280_REG_PRESS_LSB: + case BMP280_REG_PRESS_MSB: + case BMP280_REG_STATUS: + return true; + default: + return false; + } +} + +static bool bme280_is_volatile_reg(struct device *dev, unsigned int reg) { switch (reg) { case BME280_REG_HUMIDITY_LSB: @@ -71,7 +99,6 @@ static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) return false; } } - static bool bmp380_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { @@ -167,7 +194,7 @@ const struct regmap_config bmp280_regmap_config = { .reg_bits = 8, .val_bits = 8, - .max_register = BME280_REG_HUMIDITY_LSB, + .max_register = BMP280_REG_TEMP_XLSB, .cache_type = REGCACHE_RBTREE, .writeable_reg = bmp280_is_writeable_reg, @@ -175,6 +202,18 @@ const struct regmap_config bmp280_regmap_config = { }; EXPORT_SYMBOL_NS(bmp280_regmap_config, IIO_BMP280); +const struct regmap_config bme280_regmap_config = { + .reg_bits = 8, + .val_bits = 8, + + .max_register = BME280_REG_HUMIDITY_LSB, + .cache_type = REGCACHE_RBTREE, + + .writeable_reg = bme280_is_writeable_reg, + .volatile_reg = bme280_is_volatile_reg, +}; +EXPORT_SYMBOL_NS(bme280_regmap_config, IIO_BMP280); + const struct regmap_config bmp380_regmap_config = { .reg_bits = 8, .val_bits = 8, diff --git a/drivers/iio/pressure/bmp280.h b/drivers/iio/pressure/bmp280.h index 0933e411ae2c..4b0ebce001df 100644 --- a/drivers/iio/pressure/bmp280.h +++ b/drivers/iio/pressure/bmp280.h @@ -490,6 +490,7 @@ extern const struct bmp280_chip_info bmp580_chip_info; /* Regmap configurations */ extern const struct regmap_config bmp180_regmap_config; extern const struct regmap_config bmp280_regmap_config; +extern const struct regmap_config bme280_regmap_config; extern const struct regmap_config bmp380_regmap_config; extern const struct regmap_config bmp580_regmap_config; -- 2.46.0

8 months

1
0
0 0

patch "iio: pressure: bmp280: Fix waiting time for BMP3xx configuration" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: pressure: bmp280: Fix waiting time for BMP3xx configuration to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 262a6634bcc4f0c1c53d13aa89882909f281a6aa Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:50 +0200 Subject: iio: pressure: bmp280: Fix waiting time for BMP3xx configuration According to the datasheet, both pressure and temperature can go up to oversampling x32. With this option, the maximum measurement time is not 80ms (this is for press x32 and temp x2), but it is 130ms nominal (calculated from table 3.9.2) and since most of the maximum values are around +15%, it is configured to 150ms. Fixes: 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-3-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/pressure/bmp280-core.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index cc8553177977..3deaa57bb3f5 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1581,10 +1581,11 @@ static int bmp380_chip_config(struct bmp280_data *data) } /* * Waits for measurement before checking configuration error - * flag. Selected longest measure time indicated in - * section 3.9.1 in the datasheet. + * flag. Selected longest measurement time, calculated from + * formula in datasheet section 3.9.2 with an offset of ~+15% + * as it seen as well in table 3.9.1. */ - msleep(80); + msleep(150); /* Check config error flag */ ret = regmap_read(data->regmap, BMP380_REG_ERROR, &tmp); -- 2.46.0

8 months

1
0
0 0

[PATCH v2] usb: xhci: fixes lost of data for xHCI Cadence Controllers

by Pawel Laszczak

Stream endpoint can skip part of TD during next transfer initialization after beginning stopped during active stream data transfer. The Set TR Dequeue Pointer command does not clear all internal transfer-related variables that position stream endpoint on transfer ring. USB Controller stores all endpoint state information within RsvdO fields inside endpoint context structure. For stream endpoints, all relevant information regarding particular StreamID is stored within corresponding Stream Endpoint context. Whenever driver wants to stop stream endpoint traffic, it invokes Stop Endpoint command which forces the controller to dump all endpoint state-related variables into RsvdO spaces into endpoint context and stream endpoint context. Whenever driver wants to reinitialize endpoint starting point on Transfer Ring, it uses the Set TR Dequeue Pointer command to update dequeue pointer for particular stream in Stream Endpoint Context. When stream endpoint is forced to stop active transfer in the middle of TD, it dumps an information about TRB bytes left in RsvdO fields in Stream Endpoint Context which will be used in next transfer initialization to designate starting point for XDMA. This field is not cleared during Set TR Dequeue Pointer command which causes XDMA to skip over transfer ring and leads to data loss on stream pipe. Patch fixes this by clearing out all RsvdO fields before initializing new transfer via that StreamID. Field Rsvd0 is reserved field, so patch should not have impact for other xHCI controllers. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v2: - removed restoring of EDTLA field drivers/usb/host/xhci-ring.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 1dde53f6eb31..e5e1d665adab 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1386,6 +1386,16 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, struct xhci_stream_ctx *ctx = &ep->stream_info->stream_ctx_array[stream_id]; deq = le64_to_cpu(ctx->stream_ring) & SCTX_DEQ_MASK; + + /* + * Existing Cadence xHCI controllers store some endpoint state information + * within Rsvd0 fields of Stream Endpoint context. This field is not + * cleared during Set TR Dequeue Pointer command which causes XDMA to skip + * over transfer ring and leads to data loss on stream pipe. + * To fix this issue driver must clear Rsvd0 field. + */ + ctx->reserved[0] = 0; + ctx->reserved[1] = 0; } else { deq = le64_to_cpu(ep_ctx->deq) & ~EP_CTX_CYCLE_MASK; } -- 2.43.0

8 months

3
4
0 0

[PATCH RFC] syscalls/fanotify09: Note backport of commit e730558adffb

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> I backported commit e730558adffb ("fsnotify: consistent behavior for parent not watching children") to v5.15.y and v5.10.y. Update fanotify09 to test older LTS kernels containing that commit. Suggested-by: Amir Goldstein <amir73il(a)gmail.com> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- testcases/kernel/syscalls/fanotify/fanotify09.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Untested. diff --git a/testcases/kernel/syscalls/fanotify/fanotify09.c b/testcases/kernel/syscalls/fanotify/fanotify09.c index f61c4e45a88c..48b198b9415a 100644 --- a/testcases/kernel/syscalls/fanotify/fanotify09.c +++ b/testcases/kernel/syscalls/fanotify/fanotify09.c @@ -29,7 +29,6 @@ * 7372e79c9eb9 fanotify: fix logic of reporting name info with watched parent * * Test cases #6-#7 are regression tests for commit: - * (from v5.19, unlikely to be backported thus not in .tags): * * e730558adffb fanotify: consistent behavior for parent not watching children */ @@ -380,9 +379,9 @@ static void test_fanotify(unsigned int n) return; } - if (tc->ignore && tst_kvercmp(5, 19, 0) < 0) { + if (tc->ignore && tst_kvercmp(5, 10, 0) < 0) { tst_res(TCONF, "ignored mask on parent dir has undefined " - "behavior on kernel < 5.19"); + "behavior on kernel < 5.10"); return; } @@ -520,6 +519,7 @@ static struct tst_test test = { {"linux-git", "b469e7e47c8a"}, {"linux-git", "55bf882c7f13"}, {"linux-git", "7372e79c9eb9"}, + {"linux-git", "e730558adffb"}, {} } }; -- 2.46.0

8 months

2
2
0 0

[PATCH 6.6] usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister existing source caps before re-registration"

by Greg Kroah-Hartman

In commit b16abab1fb64 ("usb: typec: tcpm: unregister existing source caps before re-registration"), quilt, and git, applied the diff to the incorrect function, which would cause bad problems if exercised in a device with these capabilities. Fix this all up (including the follow-up fix in commit 04c05d50fa79 ("usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps") to be in the correct function. Fixes: 04c05d50fa79 ("usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps") Fixes: b16abab1fb64 ("usb: typec: tcpm: unregister existing source caps before re-registration") Reported-by: Charles Yo <charlesyo(a)google.com> Cc: Kyle Tso <kyletso(a)google.com> Cc: Amit Sunil Dhamne <amitsd(a)google.com> Cc: Ondrej Jirman <megi(a)xff.cz> Cc: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- Note, this is also needed for 6.1, I'll fix up the git ids when committing it to the stable tree there as well. drivers/usb/typec/tcpm/tcpm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 7db9c382c354..e053b6e99b9e 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -2403,7 +2403,7 @@ static int tcpm_register_source_caps(struct tcpm_port *port) { struct usb_power_delivery_desc desc = { port->negotiated_rev }; struct usb_power_delivery_capabilities_desc caps = { }; - struct usb_power_delivery_capabilities *cap; + struct usb_power_delivery_capabilities *cap = port->partner_source_caps; if (!port->partner_pd) port->partner_pd = usb_power_delivery_register(NULL, &desc); @@ -2413,6 +2413,11 @@ static int tcpm_register_source_caps(struct tcpm_port *port) memcpy(caps.pdo, port->source_caps, sizeof(u32) * port->nr_source_caps); caps.role = TYPEC_SOURCE; + if (cap) { + usb_power_delivery_unregister_capabilities(cap); + port->partner_source_caps = NULL; + } + cap = usb_power_delivery_register_capabilities(port->partner_pd, &caps); if (IS_ERR(cap)) return PTR_ERR(cap); @@ -2426,7 +2431,7 @@ static int tcpm_register_sink_caps(struct tcpm_port *port) { struct usb_power_delivery_desc desc = { port->negotiated_rev }; struct usb_power_delivery_capabilities_desc caps = { }; - struct usb_power_delivery_capabilities *cap = port->partner_source_caps; + struct usb_power_delivery_capabilities *cap; if (!port->partner_pd) port->partner_pd = usb_power_delivery_register(NULL, &desc); @@ -2436,11 +2441,6 @@ static int tcpm_register_sink_caps(struct tcpm_port *port) memcpy(caps.pdo, port->sink_caps, sizeof(u32) * port->nr_sink_caps); caps.role = TYPEC_SINK; - if (cap) { - usb_power_delivery_unregister_capabilities(cap); - port->partner_source_caps = NULL; - } - cap = usb_power_delivery_register_capabilities(port->partner_pd, &caps); if (IS_ERR(cap)) return PTR_ERR(cap); -- 2.46.0

8 months

2
2
0 0

[PATCH RESEND] wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he

by Ma Ke

Fix the NULL pointer dereference in mt7996_mcu_sta_bfer_he routine adding an sta interface to the mt7996 driver. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c index 2e4fa9f48dfb..cba28d8d5562 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c @@ -1544,6 +1544,9 @@ mt7996_mcu_sta_bfer_he(struct ieee80211_sta *sta, struct ieee80211_vif *vif, u8 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map); u8 snd_dim, sts; + if (!vc) + return; + bf->tx_mode = MT_PHY_TYPE_HE_SU; mt7996_mcu_sta_sounding_rate(bf); -- 2.25.1

8 months

2
1
0 0

[GIT PULL] USB chipidea patches for linux-5.15.y and linux-6.1.y

by Xu Yang

Hi Greg, The below two patches are needed on linux-5.15.y and linux-6.1.y, please help to add them to the stable tree. b7a62611fab7 usb: chipidea: add USB PHY event 87ed257acb09 usb: phy: mxs: disconnect line when USB charger is attached They are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git branch usb-testing Thanks, Xu Yang

8 months

2
3
0 0

[PATCH RESEND] drm/nouveau: fix a possible null pointer dereference

by Ma Ke

In ch7006_encoder_get_modes(), the return value of drm_mode_duplicate() is used directly in drm_mode_probed_add(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 6ee738610f41 ("drm/nouveau: Add DRM driver for NVIDIA GPUs") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/i2c/ch7006_drv.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i2c/ch7006_drv.c b/drivers/gpu/drm/i2c/ch7006_drv.c index 131512a5f3bd..48bf6e4e8bdb 100644 --- a/drivers/gpu/drm/i2c/ch7006_drv.c +++ b/drivers/gpu/drm/i2c/ch7006_drv.c @@ -229,6 +229,7 @@ static int ch7006_encoder_get_modes(struct drm_encoder *encoder, { struct ch7006_priv *priv = to_ch7006_priv(encoder); const struct ch7006_mode *mode; + struct drm_display_mode *encoder_mode = NULL; int n = 0; for (mode = ch7006_modes; mode->mode.clock; mode++) { @@ -236,8 +237,11 @@ static int ch7006_encoder_get_modes(struct drm_encoder *encoder, ~mode->valid_norms & 1<<priv->norm) continue; - drm_mode_probed_add(connector, - drm_mode_duplicate(encoder->dev, &mode->mode)); + encoder_mode = drm_mode_duplicate(encoder->dev, &mode->mode); + if (!encoder_mode) + return 0; + + drm_mode_probed_add(connector, encoder_mode); n++; } -- 2.25.1

8 months

1
0
0 0

+ ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lizhi Xu <lizhi.xu(a)windriver.com> Subject: ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Date: Mon, 2 Sep 2024 10:36:36 +0800 When doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger NULL pointer dereference in the following ocfs2_set_buffer_uptodate() if bh is NULL. Link: https://lkml.kernel.org/r/20240902023636.1843422-3-joseph.qi@linux.alibaba.… Fixes: cf76c78595ca ("ocfs2: don't put and assigning null to bh allocated outside") Signed-off-by: Lizhi Xu <lizhi.xu(a)windriver.com> Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: Heming Zhao <heming.zhao(a)suse.com> Suggested-by: Heming Zhao <heming.zhao(a)suse.com> Cc: <stable(a)vger.kernel.org> [4.20+] Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/buffer_head_io.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/fs/ocfs2/buffer_head_io.c~ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate +++ a/fs/ocfs2/buffer_head_io.c @@ -388,7 +388,8 @@ read_failure: /* Always set the buffer in the cache, even if it was * a forced read, or read-ahead which hasn't yet * completed. */ - ocfs2_set_buffer_uptodate(ci, bh); + if (bh) + ocfs2_set_buffer_uptodate(ci, bh); } ocfs2_metadata_cache_io_unlock(ci); _ Patches currently in -mm which might be from lizhi.xu(a)windriver.com are ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch

8 months

1
0
0 0

+ ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: remove unreasonable unlock in ocfs2_read_blocks has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lizhi Xu <lizhi.xu(a)windriver.com> Subject: ocfs2: remove unreasonable unlock in ocfs2_read_blocks Date: Mon, 2 Sep 2024 10:36:35 +0800 Patch series "Misc fixes for ocfs2_read_blocks", v5. This series contains 2 fixes for ocfs2_read_blocks(). The first patch fix the issue reported by syzbot, which detects bad unlock balance in ocfs2_read_blocks(). The second patch fixes an issue reported by Heming Zhao when reviewing above fix. This patch (of 2): There was a lock release before exiting, so remove the unreasonable unlock. Link: https://lkml.kernel.org/r/20240902023636.1843422-1-joseph.qi@linux.alibaba.… Link: https://lkml.kernel.org/r/20240902023636.1843422-2-joseph.qi@linux.alibaba.… Fixes: cf76c78595ca ("ocfs2: don't put and assigning null to bh allocated outside") Signed-off-by: Lizhi Xu <lizhi.xu(a)windriver.com> Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Heming Zhao <heming.zhao(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: syzbot+ab134185af9ef88dfed5(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=ab134185af9ef88dfed5 Tested-by: syzbot+ab134185af9ef88dfed5(a)syzkaller.appspotmail.com Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> [4.20+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/buffer_head_io.c | 1 - 1 file changed, 1 deletion(-) --- a/fs/ocfs2/buffer_head_io.c~ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks +++ a/fs/ocfs2/buffer_head_io.c @@ -235,7 +235,6 @@ int ocfs2_read_blocks(struct ocfs2_cachi if (bhs[i] == NULL) { bhs[i] = sb_getblk(sb, block++); if (bhs[i] == NULL) { - ocfs2_metadata_cache_io_unlock(ci); status = -ENOMEM; mlog_errno(status); /* Don't forget to put previous bh! */ _ Patches currently in -mm which might be from lizhi.xu(a)windriver.com are ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch

8 months

1
0
0 0

Re: [PATCH 5.15 000/215] 5.15.166-rc1 review

by Richard Narron

I get "out of memory" build error on Slackware 15.0 (x86) with kernels 5.15.164, 5.15.165, and 5.15.166-rc1. #uname -a Linux aragorn 5.15.166-rc1-smp #1 SMP PREEMPT Mon Sep 2 14:03:00 PDT 2024 i686 AMD Ryzen 9 5900X 12-Core Processor AuthenticAMD GNU/Linux The attached configuration I use is the standard Slackware 15.0: config-huge-smp-5.15.161-smp Here is some of the error log for the 5.15.166-rc1 build: ... LD [M] drivers/mtd/tests/mtd_stresstest.o LD [M] drivers/pcmcia/pcmcia_core.o LD [M] drivers/mtd/tests/mtd_subpagetest.o cc1: out of memory allocating 180705472 bytes after a total of 283914240 bytes LD [M] drivers/mtd/tests/mtd_torturetest.o CC [M] drivers/mtd/ubi/wl.o LD [M] drivers/pcmcia/pcmcia.o CC [M] drivers/gpu/drm/nouveau/nvkm/engine/disp/headgv100.o CC [M] drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dmub_hw_lock_mgr.o LD [M] drivers/mtd/tests/mtd_nandbiterrs.o CC [M] drivers/mtd/ubi/attach.o LD [M] drivers/staging/qlge/qlge.o make[4]: *** [scripts/Makefile.build:289: drivers/staging/media/atomisp/pci/isp/kernels/ynr/ynr_1.0/ia_css_ynr.host.o] Er ror 1 make[3]: *** [scripts/Makefile.build:552: drivers/staging/media/atomisp] Error 2 make[2]: *** [scripts/Makefile.build:552: drivers/staging/media] Error 2 make[2]: *** Waiting for unfinished jobs.... LD [M] drivers/pcmcia/pcmcia_rsrc.o CC [M] drivers/gpu/drm/amd/amdgpu/../display/dc/dce/dmub_outbox.o make[1]: *** [scripts/Makefile.build:552: drivers/staging] Error 2 make[1]: *** Waiting for unfinished jobs.... ... I have a work around... When I unpatch these 6 minmax patches taken from kernel-5.15.164 then the errors are fixed! minmax: allow comparisons of 'int' against 'unsigned char/short' minmax: allow min()/max()/clamp() if the arguments have the same minmax: clamp more efficiently by avoiding extra comparison minmax: fix header inclusions minmax: relax check to allow comparison between unsigned arguments minmax: sanity check constant bounds when clamping Can the minmax patches be removed or fixed?

8 months

1
0
0 0

+ ocfs2-fix-null-ptr-deref-when-journal-load-failed.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix null-ptr-deref when journal load failed. has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-fix-null-ptr-deref-when-journal-load-failed.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Julian Sun <sunjunchao2870(a)gmail.com> Subject: ocfs2: fix null-ptr-deref when journal load failed. Date: Mon, 2 Sep 2024 11:08:44 +0800 During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer dereference error. To resolve this issue, we should check the JBD2_LOADED flag to ensure the journal was properly loaded. Additionally, use journal instead of osb->journal directly to simplify the code. Link: https://syzkaller.appspot.com/bug?extid=05b9b39d8bdfe1a0861f Link: https://lkml.kernel.org/r/20240902030844.422725-1-sunjunchao2870@gmail.com Fixes: f6f50e28f0cb ("jbd2: Fail to load a journal if it is too short") Signed-off-by: Julian Sun <sunjunchao2870(a)gmail.com> Reported-by: syzbot+05b9b39d8bdfe1a0861f(a)syzkaller.appspotmail.com Suggested-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/journal.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/fs/ocfs2/journal.c~ocfs2-fix-null-ptr-deref-when-journal-load-failed +++ a/fs/ocfs2/journal.c @@ -1055,7 +1055,7 @@ void ocfs2_journal_shutdown(struct ocfs2 if (!igrab(inode)) BUG(); - num_running_trans = atomic_read(&(osb->journal->j_num_trans)); + num_running_trans = atomic_read(&(journal->j_num_trans)); trace_ocfs2_journal_shutdown(num_running_trans); /* Do a commit_cache here. It will flush our journal, *and* @@ -1074,9 +1074,10 @@ void ocfs2_journal_shutdown(struct ocfs2 osb->commit_task = NULL; } - BUG_ON(atomic_read(&(osb->journal->j_num_trans)) != 0); + BUG_ON(atomic_read(&(journal->j_num_trans)) != 0); - if (ocfs2_mount_local(osb)) { + if (ocfs2_mount_local(osb) && + (journal->j_journal->j_flags & JBD2_LOADED)) { jbd2_journal_lock_updates(journal->j_journal); status = jbd2_journal_flush(journal->j_journal, 0); jbd2_journal_unlock_updates(journal->j_journal); _ Patches currently in -mm which might be from sunjunchao2870(a)gmail.com are ocfs2-fix-null-ptr-deref-when-journal-load-failed.patch

8 months

1
0
0 0

[PATCH RFC 0/8] extensible syscalls: CHECK_FIELDS to allow for easier feature detection

by Aleksa Sarai

This is something that I've been thinking about for a while. We had a discussion at LPC 2020 about this[1] but the proposals suggested there never materialised. In short, it is quite difficult for userspace to detect the feature capability of syscalls at runtime. This is something a lot of programs want to do, but they are forced to create elaborate scenarios to try to figure out if a feature is supported without causing damage to the system. For the vast majority of cases, each individual feature also needs to be tested individually (because syscall results are all-or-nothing), so testing even a single syscall's feature set can easily inflate the startup time of programs. This patchset implements the fairly minimal design I proposed in this talk[2] and in some old LKML threads (though I can't find the exact references ATM). The general flow looks like: 1. Userspace will indicate to the kernel that a syscall should a be no-op by setting the top bit of the extensible struct size argument. We will almost certainly never support exabyte sized structs, so the top bits are free for us to use as makeshift flag bits. This is preferable to using the per-syscall flag field inside the structure because seccomp can easily detect the bit in the flag and allow the probe or forcefully return -EEXTSYS_NOOP. 2. The kernel will then fill the provided structure with every valid bit pattern that the current kernel understands. For flags or other bitflag-like fields, this is the set of valid flags or bits. For pointer fields or fields that take an arbitrary value, the field has every bit set (0xFF... to fill the field) to indicate that any value is valid in the field. 3. The syscall then returns -EEXTSYS_NOOP which is an errno that will only ever be used for this purpose (so userspace can be sure that the request succeeded). On older kernels, the syscall will return a different error (usually -E2BIG or -EFAULT) and userspace can do their old-fashioned checks. 4. Userspace can then check which flags and fields are supported by looking at the fields in the returned structure. Flags are checked by doing an AND with the flags field, and field support can checked by comparing to 0. In principle you could just AND the entire structure if you wanted to do this check generically without caring about the structure contents (this is what libraries might consider doing). Userspace can even find out the internal kernel structure size by passing a PAGE_SIZE buffer and seeing how many bytes are non-zero. As with copy_struct_from_user(), this is designed to be forward- and backwards- compatible. This allows programas to get a one-shot understanding of what features a syscall supports without having to do any elaborate setups or tricks to detect support for destructive features. Flags can simply be ANDed to check if they are in the supported set, and fields can just be checked to see if they are non-zero. This patchset is IMHO the simplest way we can add the ability to introspect the feature set of extensible struct (copy_struct_from_user) syscalls. It doesn't preclude the chance of a more generic mechanism being added later. The intended way of using this interface to get feature information looks something like the following (imagine that openat2 has gained a new field and a new flag in the future): static bool openat2_no_automount_supported; static bool openat2_cwd_fd_supported; int check_openat2_support(void) { int err; struct open_how how = {}; err = openat2(AT_FDCWD, ".", &how, CHECK_FIELDS | sizeof(how)); assert(err < 0); switch (errno) { case EFAULT: case E2BIG: /* Old kernel... */ check_support_the_old_way(); break; case EEXTSYS_NOOP: openat2_no_automount_supported = (how.flags & RESOLVE_NO_AUTOMOUNT); openat2_cwd_fd_supported = (how.cwd_fd != 0); break; } } [1]: https://lwn.net/Articles/830666/ [2]: https://youtu.be/ggD-eb3yPVs Signed-off-by: Aleksa Sarai <cyphar(a)cyphar.com> --- Aleksa Sarai (8): uaccess: add copy_struct_to_user helper sched_getattr: port to copy_struct_to_user openat2: explicitly return -E2BIG for (usize > PAGE_SIZE) openat2: add CHECK_FIELDS flag to usize argument clone3: add CHECK_FIELDS flag to usize argument selftests: openat2: add 0xFF poisoned data after misaligned struct selftests: openat2: add CHECK_FIELDS selftests selftests: clone3: add CHECK_FIELDS selftests fs/open.c | 17 ++ include/linux/uaccess.h | 98 +++++++++ include/uapi/asm-generic/errno.h | 3 + include/uapi/linux/openat2.h | 2 + kernel/fork.c | 33 ++- kernel/sched/syscalls.c | 42 +--- tools/testing/selftests/clone3/.gitignore | 1 + tools/testing/selftests/clone3/Makefile | 2 +- .../testing/selftests/clone3/clone3_check_fields.c | 229 +++++++++++++++++++++ tools/testing/selftests/openat2/openat2_test.c | 126 +++++++++++- 10 files changed, 504 insertions(+), 49 deletions(-) --- base-commit: 431c1646e1f86b949fa3685efc50b660a364c2b6 change-id: 20240803-extensible-structs-check_fields-a47e94cef691 Best regards, -- Aleksa Sarai <cyphar(a)cyphar.com>

8 months

2
4
0 0

[PATCH] arm64: dts: mediatek: mt8186-corsola: Disable DPI display interface

by Chen-Yu Tsai

The DPI display interface feeds the external display pipeline. However the pipeline representation is currently incomplete. Efforts are still under way to come up with a way to represent the "creative" repurposing of the DP bridge chip's internal output mux, which is meant to support USB type-C orientation changes, to output to one of two type-C ports. Until that is finalized, the external display can't be fully described, and thus won't work. Even worse, the half complete graph potentially confuses the OS, breaking the internal display as well. Disable the external display interface across the whole Corsola family until the DP / USB Type-C muxing graph binding is ready. Reported-by: Alper Nebi Yasak <alpernebiyasak(a)gmail.com> Closes: https://lore.kernel.org/linux-mediatek/38a703a9-6efb-456a-a248-1dd3687e526d… Fixes: 8855d01fb81f ("arm64: dts: mediatek: Add MT8186 Krabby platform based Tentacruel / Tentacool") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> --- Stephen has recently posted the "platform/chrome: Add DT USB/DP muxing/topology support" patch series, which is now up to v3 [1]. More work based on this series is needed for the DP bridge drivers. [1] https://lore.kernel.org/dri-devel/20240819223834.2049862-1-swboyd@chromium.… --- arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi b/arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi index 0c4a26117428..682c6ad2574d 100644 --- a/arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi +++ b/arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi @@ -353,7 +353,8 @@ &dpi { pinctrl-names = "default", "sleep"; pinctrl-0 = <&dpi_pins_default>; pinctrl-1 = <&dpi_pins_sleep>; - status = "okay"; + /* TODO Re-enable after DP to Type-C port muxing can be described */ + status = "disabled"; }; &dpi_out { -- 2.46.0.184.g6999bdac58-goog

8 months

4
3
0 0

[PATCH V5] scsi: ufs: qcom: update MODE_MAX cfg_bw value

by Manish Pandey

Commit 8db8f6ce556a ("scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5") updates the ufs_qcom_bw_table for Gear 5. However, it misses updating the cfg_bw value for the max mode. Hence update the cfg_bw value for the max mode for UFS 4.x devices. Fixes: 8db8f6ce556a ("scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5") Cc: stable(a)vger.kernel.org Signed-off-by: Manish Pandey <quic_mapa(a)quicinc.com> --- Changes from v4: - Updated commit message. Changes from v3: - Cced stable(a)vger.kernel.org. Changes from v2: - Addressed Mani comment, added fixes tag. Changes from v1: - Updated commit message. --- drivers/ufs/host/ufs-qcom.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index c87fdc849c62..ecdfff2456e3 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -93,7 +93,7 @@ static const struct __ufs_qcom_bw_table { [MODE_HS_RB][UFS_HS_G3][UFS_LANE_2] = { 1492582, 204800 }, [MODE_HS_RB][UFS_HS_G4][UFS_LANE_2] = { 2915200, 409600 }, [MODE_HS_RB][UFS_HS_G5][UFS_LANE_2] = { 5836800, 819200 }, - [MODE_MAX][0][0] = { 7643136, 307200 }, + [MODE_MAX][0][0] = { 7643136, 819200 }, }; static void ufs_qcom_get_default_testbus_cfg(struct ufs_qcom_host *host); -- 2.17.1

8 months

2
1
0 0

[PATCH 5.15 0/1] pm, restore async device resume optimization

by Yenchia Chen

From: "yenchia.chen" <yenchia.chen(a)mediatek.com> We have met a deadlock issue on our device when resuming. After applying this patch which is picked from mainline, issue solved. We'd like to backport to 5.15.y and could you help to review? thanks. [ Upstream commit 3e999770ac1c7c31a70685dd5b88e89473509e9c ] Rafael J. Wysocki (1): PM: sleep: Restore asynchronous device resume optimization drivers/base/power/main.c | 117 +++++++++++++++++++++----------------- include/linux/pm.h | 1 + 2 files changed, 65 insertions(+), 53 deletions(-) -- 2.18.0

8 months

3
6
0 0

[PATCH] usb: cdns2: Fix controller reset issue

by Pawel Laszczak

Patch fixes the procedure of resetting controller. The CPUCTRL register is write only and reading returns 0. Waiting for reset to complite is incorrect. Fixes: 3eb1f1efe204 ("usb: cdns2: Add main part of Cadence USBHS driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/gadget/udc/cdns2/cdns2-gadget.c | 12 +++--------- drivers/usb/gadget/udc/cdns2/cdns2-gadget.h | 9 +++++++++ 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/drivers/usb/gadget/udc/cdns2/cdns2-gadget.c b/drivers/usb/gadget/udc/cdns2/cdns2-gadget.c index 0eed0e03842c..d394affb7072 100644 --- a/drivers/usb/gadget/udc/cdns2/cdns2-gadget.c +++ b/drivers/usb/gadget/udc/cdns2/cdns2-gadget.c @@ -2251,7 +2251,6 @@ static int cdns2_gadget_start(struct cdns2_device *pdev) { u32 max_speed; void *buf; - int val; int ret; pdev->usb_regs = pdev->regs; @@ -2261,14 +2260,9 @@ static int cdns2_gadget_start(struct cdns2_device *pdev) pdev->adma_regs = pdev->regs + CDNS2_ADMA_REGS_OFFSET; /* Reset controller. */ - set_reg_bit_8(&pdev->usb_regs->cpuctrl, CPUCTRL_SW_RST); - - ret = readl_poll_timeout_atomic(&pdev->usb_regs->cpuctrl, val, - !(val & CPUCTRL_SW_RST), 1, 10000); - if (ret) { - dev_err(pdev->dev, "Error: reset controller timeout\n"); - return -EINVAL; - } + writeb(CPUCTRL_SW_RST | CPUCTRL_UPCLK | CPUCTRL_WUEN, + &pdev->usb_regs->cpuctrl); + usleep_range(5, 10); usb_initialize_gadget(pdev->dev, &pdev->gadget, NULL); diff --git a/drivers/usb/gadget/udc/cdns2/cdns2-gadget.h b/drivers/usb/gadget/udc/cdns2/cdns2-gadget.h index 71e2f62d653a..b5d5ec12e986 100644 --- a/drivers/usb/gadget/udc/cdns2/cdns2-gadget.h +++ b/drivers/usb/gadget/udc/cdns2/cdns2-gadget.h @@ -292,8 +292,17 @@ struct cdns2_usb_regs { #define SPEEDCTRL_HSDISABLE BIT(7) /* CPUCTRL- bitmasks. */ +/* UP clock enable */ +#define CPUCTRL_UPCLK BIT(0) /* Controller reset bit. */ #define CPUCTRL_SW_RST BIT(1) +/** + * If the wuen bit is ‘1’, the upclken is automatically set to ‘1’ after + * detecting rising edge of wuintereq interrupt. If the wuen bit is ‘0’, + * the wuintereq interrupt is ignored. + */ +#define CPUCTRL_WUEN BIT(7) + /** * struct cdns2_adma_regs - ADMA controller registers. -- 2.43.0

8 months

1
0
0 0

[tip: timers/urgent] clocksource/drivers/imx-tpm: Fix next event not taking effect sometime

by tip-bot2 for Jacky Bai

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: 3d5c2f8e75a55cfb11a85086c71996af0354a1fb Gitweb: https://git.kernel.org/tip/3d5c2f8e75a55cfb11a85086c71996af0354a1fb Author: Jacky Bai <ping.bai(a)nxp.com> AuthorDate: Thu, 25 Jul 2024 15:33:55 -04:00 Committer: Daniel Lezcano <daniel.lezcano(a)linaro.org> CommitterDate: Mon, 02 Sep 2024 10:04:15 +02:00 clocksource/drivers/imx-tpm: Fix next event not taking effect sometime The value written into the TPM CnV can only be updated into the hardware when the counter increases. Additional writes to the CnV write buffer are ignored until the register has been updated. Therefore, we need to check if the CnV has been updated before continuing. This may require waiting for 1 counter cycle in the worst case. Cc: stable(a)vger.kernel.org Fixes: 059ab7b82eec ("clocksource/drivers/imx-tpm: Add imx tpm timer support") Signed-off-by: Jacky Bai <ping.bai(a)nxp.com> Reviewed-by: Peng Fan <peng.fan(a)nxp.com> Reviewed-by: Ye Li <ye.li(a)nxp.com> Reviewed-by: Jason Liu <jason.hui.liu(a)nxp.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20240725193355.1436005-2-Frank.Li@nxp.com Signed-off-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> --- drivers/clocksource/timer-imx-tpm.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/clocksource/timer-imx-tpm.c b/drivers/clocksource/timer-imx-tpm.c index cd23caf..92c025b 100644 --- a/drivers/clocksource/timer-imx-tpm.c +++ b/drivers/clocksource/timer-imx-tpm.c @@ -91,6 +91,14 @@ static int tpm_set_next_event(unsigned long delta, now = tpm_read_counter(); /* + * Need to wait CNT increase at least 1 cycle to make sure + * the C0V has been updated into HW. + */ + if ((next & 0xffffffff) != readl(timer_base + TPM_C0V)) + while (now == tpm_read_counter()) + ; + + /* * NOTE: We observed in a very small probability, the bus fabric * contention between GPU and A7 may results a few cycles delay * of writing CNT registers which may cause the min_delta event got

8 months

1
0
0 0

[tip: timers/urgent] clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX

by tip-bot2 for Jacky Bai

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: 5b8843fcd49827813da80c0f590a17ae4ce93c5d Gitweb: https://git.kernel.org/tip/5b8843fcd49827813da80c0f590a17ae4ce93c5d Author: Jacky Bai <ping.bai(a)nxp.com> AuthorDate: Thu, 25 Jul 2024 15:33:54 -04:00 Committer: Daniel Lezcano <daniel.lezcano(a)linaro.org> CommitterDate: Mon, 02 Sep 2024 10:04:15 +02:00 clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX In tpm_set_next_event(delta), return -ETIME by wrong cast to int when delta is larger than INT_MAX. For example: tpm_set_next_event(delta = 0xffff_fffe) { ... next = tpm_read_counter(); // assume next is 0x10 next += delta; // next will 0xffff_fffe + 0x10 = 0x1_0000_000e now = tpm_read_counter(); // now is 0x10 ... return (int)(next - now) <= 0 ? -ETIME : 0; ^^^^^^^^^^ 0x1_0000_000e - 0x10 = 0xffff_fffe, which is -2 when cast to int. So return -ETIME. } To fix this, introduce a 'prev' variable and check if 'now - prev' is larger than delta. Cc: stable(a)vger.kernel.org Fixes: 059ab7b82eec ("clocksource/drivers/imx-tpm: Add imx tpm timer support") Signed-off-by: Jacky Bai <ping.bai(a)nxp.com> Reviewed-by: Peng Fan <peng.fan(a)nxp.com> Reviewed-by: Ye Li <ye.li(a)nxp.com> Reviewed-by: Jason Liu <jason.hui.liu(a)nxp.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20240725193355.1436005-1-Frank.Li@nxp.com Signed-off-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> --- drivers/clocksource/timer-imx-tpm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/clocksource/timer-imx-tpm.c b/drivers/clocksource/timer-imx-tpm.c index bd64a8a..cd23caf 100644 --- a/drivers/clocksource/timer-imx-tpm.c +++ b/drivers/clocksource/timer-imx-tpm.c @@ -83,10 +83,10 @@ static u64 notrace tpm_read_sched_clock(void) static int tpm_set_next_event(unsigned long delta, struct clock_event_device *evt) { - unsigned long next, now; + unsigned long next, prev, now; - next = tpm_read_counter(); - next += delta; + prev = tpm_read_counter(); + next = prev + delta; writel(next, timer_base + TPM_C0V); now = tpm_read_counter(); @@ -96,7 +96,7 @@ static int tpm_set_next_event(unsigned long delta, * of writing CNT registers which may cause the min_delta event got * missed, so we need add a ETIME check here in case it happened. */ - return (int)(next - now) <= 0 ? -ETIME : 0; + return (now - prev) >= delta ? -ETIME : 0; } static int tpm_set_state_oneshot(struct clock_event_device *evt)

8 months

1
0
0 0

[PATCH v6.1] f2fs: fix to truncate preallocated blocks in f2fs_file_open()

by Shivani Agarwal

From: Chao Yu <chao(a)kernel.org> [ Upstream commit 298b1e4182d657c3e388adcc29477904e9600ed5 ] chenyuwen reports a f2fs bug as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000011 fscrypt_set_bio_crypt_ctx+0x78/0x1e8 f2fs_grab_read_bio+0x78/0x208 f2fs_submit_page_read+0x44/0x154 f2fs_get_read_data_page+0x288/0x5f4 f2fs_get_lock_data_page+0x60/0x190 truncate_partial_data_page+0x108/0x4fc f2fs_do_truncate_blocks+0x344/0x5f0 f2fs_truncate_blocks+0x6c/0x134 f2fs_truncate+0xd8/0x200 f2fs_iget+0x20c/0x5ac do_garbage_collect+0x5d0/0xf6c f2fs_gc+0x22c/0x6a4 f2fs_disable_checkpoint+0xc8/0x310 f2fs_fill_super+0x14bc/0x1764 mount_bdev+0x1b4/0x21c f2fs_mount+0x20/0x30 legacy_get_tree+0x50/0xbc vfs_get_tree+0x5c/0x1b0 do_new_mount+0x298/0x4cc path_mount+0x33c/0x5fc __arm64_sys_mount+0xcc/0x15c invoke_syscall+0x60/0x150 el0_svc_common+0xb8/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84 el0t_64_sync_handler+0x88/0xec It is because inode.i_crypt_info is not initialized during below path: - mount - f2fs_fill_super - f2fs_disable_checkpoint - f2fs_gc - f2fs_iget - f2fs_truncate So, let's relocate truncation of preallocated blocks to f2fs_file_open(), after fscrypt_file_open(). Fixes: d4dd19ec1ea0 ("f2fs: do not expose unwritten blocks to user by DIO") Reported-by: chenyuwen <yuwen.chen(a)xjmz.com> Closes: https://lore.kernel.org/linux-kernel/20240517085327.1188515-1-yuwen.chen@xj… Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- fs/f2fs/f2fs.h | 1 + fs/f2fs/file.c | 42 +++++++++++++++++++++++++++++++++++++++++- fs/f2fs/inode.c | 8 -------- 3 files changed, 42 insertions(+), 9 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index a02c74875..2b540d878 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -788,6 +788,7 @@ enum { FI_ALIGNED_WRITE, /* enable aligned write */ FI_COW_FILE, /* indicate COW file */ FI_ATOMIC_COMMITTED, /* indicate atomic commit completed except disk sync */ + FI_OPENED_FILE, /* indicate file has been opened */ FI_MAX, /* max flag, never be used */ }; diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index c6fb179f9..62f2521cd 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -538,6 +538,42 @@ static int f2fs_file_mmap(struct file *file, struct vm_area_struct *vma) return 0; } +static int finish_preallocate_blocks(struct inode *inode) +{ + int ret; + + inode_lock(inode); + if (is_inode_flag_set(inode, FI_OPENED_FILE)) { + inode_unlock(inode); + return 0; + } + + if (!file_should_truncate(inode)) { + set_inode_flag(inode, FI_OPENED_FILE); + inode_unlock(inode); + return 0; + } + + f2fs_down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); + filemap_invalidate_lock(inode->i_mapping); + + truncate_setsize(inode, i_size_read(inode)); + ret = f2fs_truncate(inode); + + filemap_invalidate_unlock(inode->i_mapping); + f2fs_up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); + + if (!ret) + set_inode_flag(inode, FI_OPENED_FILE); + + inode_unlock(inode); + if (ret) + return ret; + + file_dont_truncate(inode); + return 0; +} + static int f2fs_file_open(struct inode *inode, struct file *filp) { int err = fscrypt_file_open(inode, filp); @@ -554,7 +590,11 @@ static int f2fs_file_open(struct inode *inode, struct file *filp) filp->f_mode |= FMODE_NOWAIT; - return dquot_file_open(inode, filp); + err = dquot_file_open(inode, filp); + if (err) + return err; + + return finish_preallocate_blocks(inode); } void f2fs_truncate_data_blocks_range(struct dnode_of_data *dn, int count) diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index ff4a4e92a..5b672df19 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -549,14 +549,6 @@ struct inode *f2fs_iget(struct super_block *sb, unsigned long ino) } f2fs_set_inode_flags(inode); - if (file_should_truncate(inode) && - !is_sbi_flag_set(sbi, SBI_POR_DOING)) { - ret = f2fs_truncate(inode); - if (ret) - goto bad_inode; - file_dont_truncate(inode); - } - unlock_new_inode(inode); trace_f2fs_iget(inode); return inode; -- 2.39.4

8 months

1
0
0 0

[PATCH 6.1 0/1] pm, restore async device resume optimization

by Yenchia Chen

We have met a deadlock issue on our device which use 5.15.y when resuming. After applying this patch which is picked from mainline, issue solved. Backport to 6.1.y also. Rafael J. Wysocki (1): PM: sleep: Restore asynchronous device resume optimization drivers/base/power/main.c | 117 +++++++++++++++++++++----------------- include/linux/pm.h | 1 + 2 files changed, 65 insertions(+), 53 deletions(-) -- 2.18.0

8 months

1
1
0 0

[PATCH] pinctrl: qcom: x1e80100: Bypass PDC wakeup parent for now

by Stephan Gerhold

On X1E80100, GPIO interrupts for wakeup-capable pins have been broken since the introduction of the pinctrl driver. This prevents keyboard and touchpad from working on most of the X1E laptops. So far we have worked around this by manually building a kernel with the "wakeup-parent" removed from the pinctrl node in the device tree, but we cannot expect all users to do that. Implement a similar workaround in the driver by clearing the wakeirq_map for X1E80100. This avoids using the PDC wakeup parent for all GPIOs and handles the interrupts directly in the pinctrl driver instead. The PDC driver needs additional changes to support X1E80100 properly. Adding a workaround separately first allows to land the necessary PDC changes through the normal release cycle, while still solving the more critical problem with keyboard and touchpad on the current stable kernel versions. Bypassing the PDC is enough for now, because we have not yet enabled the deep idle states where using the PDC becomes necessary. Cc: stable(a)vger.kernel.org Fixes: 05e4941d97ef ("pinctrl: qcom: Add X1E80100 pinctrl driver") Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> --- Commenting out .wakeirq_map as well would give an unused declaration warning for x1e80100_pdc_map. The map itself is correct, so I just "clear" it by setting .nwakeirq_map to 0 for now. It's just temporary - this patch will be reverted after we add X1E80100 support to the PDC driver. --- drivers/pinctrl/qcom/pinctrl-x1e80100.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/pinctrl/qcom/pinctrl-x1e80100.c b/drivers/pinctrl/qcom/pinctrl-x1e80100.c index 65ed933f05ce..abfcdd3da9e8 100644 --- a/drivers/pinctrl/qcom/pinctrl-x1e80100.c +++ b/drivers/pinctrl/qcom/pinctrl-x1e80100.c @@ -1839,7 +1839,9 @@ static const struct msm_pinctrl_soc_data x1e80100_pinctrl = { .ngroups = ARRAY_SIZE(x1e80100_groups), .ngpios = 239, .wakeirq_map = x1e80100_pdc_map, - .nwakeirq_map = ARRAY_SIZE(x1e80100_pdc_map), + /* TODO: Enabling PDC currently breaks GPIO interrupts */ + .nwakeirq_map = 0, + /* .nwakeirq_map = ARRAY_SIZE(x1e80100_pdc_map), */ .egpio_func = 9, }; --- base-commit: 128f71fe014fc91efa1407ce549f94a9a9f1072c change-id: 20240830-x1e80100-bypass-pdc-39a8c1ae594f Best regards, -- Stephan Gerhold <stephan.gerhold(a)linaro.org>

8 months

5
4
0 0

[PATCH] wifi: mt76: mt7925: fix a potential association failure upon resuming

by Mingyen Hsieh

From: Michael Lo <michael.lo(a)mediatek.com> In multi-channel scenarios, the granted channel must be aborted before suspending. Otherwise, the firmware will be put into a wrong state, resulting in an association failure after resuming. With this patch, the granted channel will be aborted before suspending if necessary. Cc: stable(a)vger.kernel.org Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips") Signed-off-by: Michael Lo <michael.lo(a)mediatek.com> Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- drivers/net/wireless/mediatek/mt76/mt7925/main.c | 15 +++++++++++++++ .../net/wireless/mediatek/mt76/mt7925/mt7925.h | 1 + drivers/net/wireless/mediatek/mt76/mt7925/pci.c | 2 ++ 3 files changed, 18 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net/wireless/mediatek/mt76/mt7925/main.c index 8c0768bf9343..7c05aebd3c20 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c @@ -439,6 +439,19 @@ static void mt7925_roc_iter(void *priv, u8 *mac, mt7925_mcu_abort_roc(phy, &mvif->bss_conf, phy->roc_token_id); } +void mt7925_roc_abort_sync(struct mt792x_dev *dev) +{ + struct mt792x_phy *phy = &dev->phy; + + del_timer_sync(&phy->roc_timer); + cancel_work_sync(&phy->roc_work); + if (test_and_clear_bit(MT76_STATE_ROC, &phy->mt76->state)) + ieee80211_iterate_interfaces(mt76_hw(dev), + IEEE80211_IFACE_ITER_RESUME_ALL, + mt7925_roc_iter, (void *)phy); +} +EXPORT_SYMBOL_GPL(mt7925_roc_abort_sync); + void mt7925_roc_work(struct work_struct *work) { struct mt792x_phy *phy; @@ -1109,6 +1122,8 @@ static void mt7925_mac_link_sta_remove(struct mt76_dev *mdev, msta = (struct mt792x_sta *)link_sta->sta->drv_priv; mlink = mt792x_sta_to_link(msta, link_id); + mt7925_roc_abort_sync(dev); + mt76_connac_free_pending_tx_skbs(&dev->pm, &mlink->wcid); mt76_connac_pm_wake(&dev->mphy, &dev->pm); diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h b/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h index 669f3a079d04..c5ea431998e0 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h @@ -307,6 +307,7 @@ int mt7925_mcu_set_roc(struct mt792x_phy *phy, struct mt792x_bss_conf *mconf, enum mt7925_roc_req type, u8 token_id); int mt7925_mcu_abort_roc(struct mt792x_phy *phy, struct mt792x_bss_conf *mconf, u8 token_id); +void mt7925_roc_abort_sync(struct mt792x_dev *dev); int mt7925_mcu_fill_message(struct mt76_dev *mdev, struct sk_buff *skb, int cmd, int *wait_seq); int mt7925_mcu_add_key(struct mt76_dev *dev, struct ieee80211_vif *vif, diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/pci.c b/drivers/net/wireless/mediatek/mt76/mt7925/pci.c index 6e4f4e78c350..39305c39362f 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/pci.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/pci.c @@ -449,6 +449,8 @@ static int mt7925_pci_suspend(struct device *device) cancel_delayed_work_sync(&pm->ps_work); cancel_work_sync(&pm->wake_work); + mt7925_roc_abort_sync(dev); + err = mt792x_mcu_drv_pmctrl(dev); if (err < 0) goto restore_suspend; -- 2.45.2

8 months

1
0
0 0

[PATCH v5.10-v5.15] rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow

by Vamsi Krishna Brahmajosyula

From: Nikita Kiryushin <kiryushin(a)ancud.ru> [ Upstream commit cc5645fddb0ce28492b15520306d092730dffa48 ] There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. Counter numbers, needed for this are unrealistically high, but buffer overflow is still possible. Use snprintf() with buffer size instead of sprintf(). Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: edf3775f0ad6 ("rcu-tasks: Add count for idle tasks on offline CPUs") Signed-off-by: Nikita Kiryushin <kiryushin(a)ancud.ru> Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Vamsi Krishna Brahmajosyula <vamsi-krishna.brahmajosyula(a)broadcom.com> --- kernel/rcu/tasks.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h index 105fdc2bb004..bede3a4f108e 100644 --- a/kernel/rcu/tasks.h +++ b/kernel/rcu/tasks.h @@ -1240,7 +1240,7 @@ static void show_rcu_tasks_trace_gp_kthread(void) { char buf[64]; - sprintf(buf, "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), + snprintf(buf, sizeof(buf), "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), data_race(n_heavy_reader_ofl_updates), data_race(n_heavy_reader_updates), data_race(n_heavy_reader_attempts)); -- 2.45.2

8 months

1
0
0 0

[PATCH rdma-next v2 1/2] RDMA/mana_ib: use the correct page table index based on hardware page size

by longli＠linuxonhyperv.com

From: Long Li <longli(a)microsoft.com> MANA hardware uses 4k page size. When calculating the page table index, it should use the hardware page size, not the system page size. Cc: stable(a)vger.kernel.org Fixes: 0266a177631d ("RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter") Signed-off-by: Long Li <longli(a)microsoft.com> --- change log v2: replaced net with rdma-next tag in patch title and simplified the title drivers/infiniband/hw/mana/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/mana/main.c b/drivers/infiniband/hw/mana/main.c index d13abc954d2a..f68f54aea820 100644 --- a/drivers/infiniband/hw/mana/main.c +++ b/drivers/infiniband/hw/mana/main.c @@ -383,7 +383,7 @@ static int mana_ib_gd_create_dma_region(struct mana_ib_dev *dev, struct ib_umem create_req->length = umem->length; create_req->offset_in_page = ib_umem_dma_offset(umem, page_sz); - create_req->gdma_page_type = order_base_2(page_sz) - PAGE_SHIFT; + create_req->gdma_page_type = order_base_2(page_sz) - MANA_PAGE_SHIFT; create_req->page_count = num_pages_total; ibdev_dbg(&dev->ib_dev, "size_dma_region %lu num_pages_total %lu\n", -- 2.17.1

8 months

2
2
0 0

[PATCH v3 RESEND] pps: add an error check in parport_attach

by Ma Ke

In parport_attach, the return value of ida_alloc is unchecked, witch leads to the use of an invalid index value. To address this issue, index should be checked. When the index value is abnormal, the device should be freed. Found by code review, compile tested only. Cc: stable(a)vger.kernel.org Fixes: fb56d97df70e ("pps: client: use new parport device model") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - modified Fixes tag as suggestions. Changes in v2: - removed error output as suggestions. --- drivers/pps/clients/pps_parport.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index 63d03a0df5cc..abaffb4e1c1c 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -149,6 +149,9 @@ static void parport_attach(struct parport *port) } index = ida_alloc(&pps_client_index, GFP_KERNEL); + if (index < 0) + goto err_free_device; + memset(&pps_client_cb, 0, sizeof(pps_client_cb)); pps_client_cb.private = device; pps_client_cb.irq_func = parport_irq; @@ -159,7 +162,7 @@ static void parport_attach(struct parport *port) index); if (!device->pardev) { pr_err("couldn't register with %s\n", port->name); - goto err_free; + goto err_free_ida; } if (parport_claim_or_block(device->pardev) < 0) { @@ -187,8 +190,9 @@ static void parport_attach(struct parport *port) parport_release(device->pardev); err_unregister_dev: parport_unregister_device(device->pardev); -err_free: +err_free_ida: ida_free(&pps_client_index, index); +err_free_device: kfree(device); } -- 2.25.1

8 months

2
1
0 0

Fwd: [PATCH 3/9] xfs: xfs_finobt_count_blocks() walks the wrong btree

by Anders Blomdell

Dave forgot to mark the original patch for stable, so after consulting with Dave, here it comes @Greg: you might want to add the patch to all versions that received 14dd46cf31f4 ("xfs: split xfs_inobt_init_cursor") (which I think is v6.9 and v6.10) /Anders -------- Forwarded Message -------- Subject: [PATCH 3/9] xfs: xfs_finobt_count_blocks() walks the wrong btree Date: Thu, 22 Aug 2024 16:59:33 -0700 From: Darrick J. Wong <djwong(a)kernel.org> To: djwong(a)kernel.org CC: Anders Blomdell <anders.blomdell(a)gmail.com>, Dave Chinner <dchinner(a)redhat.com>, Christoph Hellwig <hch(a)lst.de>, hch(a)lst.de, linux-xfs(a)vger.kernel.org From: Dave Chinner <dchinner(a)redhat.com> As a result of the factoring in commit 14dd46cf31f4 ("xfs: split xfs_inobt_init_cursor"), mount started taking a long time on a user's filesystem. For Anders, this made mount times regress from under a second to over 15 minutes for a filesystem with only 30 million inodes in it. Anders bisected it down to the above commit, but even then the bug was not obvious. In this commit, over 20 calls to xfs_inobt_init_cursor() were modified, and some we modified to call a new function named xfs_finobt_init_cursor(). If that takes you a moment to reread those function names to see what the rename was, then you have realised why this bug wasn't spotted during review. And it wasn't spotted on inspection even after the bisect pointed at this commit - a single missing "f" isn't the easiest thing for a human eye to notice.... The result is that xfs_finobt_count_blocks() now incorrectly calls xfs_inobt_init_cursor() so it is now walking the inobt instead of the finobt. Hence when there are lots of allocated inodes in a filesystem, mount takes a -long- time run because it now walks a massive allocated inode btrees instead of the small, nearly empty free inode btrees. It also means all the finobt space reservations are wrong, so mount could potentially given ENOSPC on kernel upgrade. In hindsight, commit 14dd46cf31f4 should have been two commits - the first to convert the finobt callers to the new API, the second to modify the xfs_inobt_init_cursor() API for the inobt callers. That would have made the bug very obvious during review. Fixes: 14dd46cf31f4 ("xfs: split xfs_inobt_init_cursor") Reported-by: Anders Blomdell <anders.blomdell(a)gmail.com> Signed-off-by: Dave Chinner <dchinner(a)redhat.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> --- fs/xfs/libxfs/xfs_ialloc_btree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/xfs/libxfs/xfs_ialloc_btree.c b/fs/xfs/libxfs/xfs_ialloc_btree.c index 496e2f72a85b9..797d5b5f7b725 100644 --- a/fs/xfs/libxfs/xfs_ialloc_btree.c +++ b/fs/xfs/libxfs/xfs_ialloc_btree.c @@ -749,7 +749,7 @@ xfs_finobt_count_blocks( if (error) return error; - cur = xfs_inobt_init_cursor(pag, tp, agbp); + cur = xfs_finobt_init_cursor(pag, tp, agbp); error = xfs_btree_count_blocks(cur, tree_blocks); xfs_btree_del_cursor(cur, error); xfs_trans_brelse(tp, agbp);

8 months

2
3
0 0

[merged mm-nonmm-stable] scripts-gdb-fix-lx-mounts-command-error.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: fix lx-mounts command error has been removed from the -mm tree. Its filename was scripts-gdb-fix-lx-mounts-command-error.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Subject: scripts/gdb: fix lx-mounts command error Date: Tue, 23 Jul 2024 14:48:59 +0800 (gdb) lx-mounts mount super_block devname pathname fstype options Python Exception <class 'gdb.error'>: There is no member named list. Error occurred in Python: There is no member named list. We encounter the above issue after commit 2eea9ce4310d ("mounts: keep list of mounts in an rbtree"). The commit move a mount from list into rbtree. So we can instead use rbtree to iterate all mounts information. Link: https://lkml.kernel.org/r/20240723064902.124154-4-kuan-ying.lee@canonical.c… Fixes: 2eea9ce4310d ("mounts: keep list of mounts in an rbtree") Signed-off-by: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/proc.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/scripts/gdb/linux/proc.py~scripts-gdb-fix-lx-mounts-command-error +++ a/scripts/gdb/linux/proc.py @@ -18,6 +18,7 @@ from linux import utils from linux import tasks from linux import lists from linux import vfs +from linux import rbtree from struct import * @@ -172,8 +173,7 @@ values of that process namespace""" gdb.write("{:^18} {:^15} {:>9} {} {} options\n".format( "mount", "super_block", "devname", "pathname", "fstype")) - for mnt in lists.list_for_each_entry(namespace['list'], - mount_ptr_type, "mnt_list"): + for mnt in rbtree.rb_inorder_for_each_entry(namespace['mounts'], mount_ptr_type, "mnt_node"): devname = mnt['mnt_devname'].string() devname = devname if devname else "none" _ Patches currently in -mm which might be from kuan-ying.lee(a)canonical.com are

8 months

1
0
0 0

[merged mm-nonmm-stable] scripts-gdb-add-iteration-function-for-rbtree.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: add iteration function for rbtree has been removed from the -mm tree. Its filename was scripts-gdb-add-iteration-function-for-rbtree.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Subject: scripts/gdb: add iteration function for rbtree Date: Tue, 23 Jul 2024 14:48:58 +0800 Add inorder iteration function for rbtree usage. This is a preparation patch for the next patch to fix the gdb mounts issue. Link: https://lkml.kernel.org/r/20240723064902.124154-3-kuan-ying.lee@canonical.c… Fixes: 2eea9ce4310d ("mounts: keep list of mounts in an rbtree") Signed-off-by: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/rbtree.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) --- a/scripts/gdb/linux/rbtree.py~scripts-gdb-add-iteration-function-for-rbtree +++ a/scripts/gdb/linux/rbtree.py @@ -9,6 +9,18 @@ from linux import utils rb_root_type = utils.CachedType("struct rb_root") rb_node_type = utils.CachedType("struct rb_node") +def rb_inorder_for_each(root): + def inorder(node): + if node: + yield from inorder(node['rb_left']) + yield node + yield from inorder(node['rb_right']) + + yield from inorder(root['rb_node']) + +def rb_inorder_for_each_entry(root, gdbtype, member): + for node in rb_inorder_for_each(root): + yield utils.container_of(node, gdbtype, member) def rb_first(root): if root.type == rb_root_type.get_type(): _ Patches currently in -mm which might be from kuan-ying.lee(a)canonical.com are

8 months

1
0
0 0

[merged mm-nonmm-stable] scripts-gdb-fix-timerlist-parsing-issue.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: fix timerlist parsing issue has been removed from the -mm tree. Its filename was scripts-gdb-fix-timerlist-parsing-issue.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Subject: scripts/gdb: fix timerlist parsing issue Date: Tue, 23 Jul 2024 14:48:57 +0800 Patch series "Fix some GDB command error and add some GDB commands", v3. Fix some GDB command errors and add some useful GDB commands. This patch (of 5): Commit 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") and commit 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") move 'tick_stopped' and 'nohz_mode' to flags field which will break the gdb lx-mounts command: (gdb) lx-timerlist Python Exception <class 'gdb.error'>: There is no member named nohz_mode. Error occurred in Python: There is no member named nohz_mode. (gdb) lx-timerlist Python Exception <class 'gdb.error'>: There is no member named tick_stopped. Error occurred in Python: There is no member named tick_stopped. We move 'tick_stopped' and 'nohz_mode' to flags field instead. Link: https://lkml.kernel.org/r/20240723064902.124154-1-kuan-ying.lee@canonical.c… Link: https://lkml.kernel.org/r/20240723064902.124154-2-kuan-ying.lee@canonical.c… Fixes: a478ffb2ae23 ("tick: Move individual bit features to debuggable mask accesses") Fixes: 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") Signed-off-by: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/timerlist.py | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) --- a/scripts/gdb/linux/timerlist.py~scripts-gdb-fix-timerlist-parsing-issue +++ a/scripts/gdb/linux/timerlist.py @@ -87,21 +87,22 @@ def print_cpu(hrtimer_bases, cpu, max_cl text += "\n" if constants.LX_CONFIG_TICK_ONESHOT: - fmts = [(" .{} : {}", 'nohz_mode'), - (" .{} : {} nsecs", 'last_tick'), - (" .{} : {}", 'tick_stopped'), - (" .{} : {}", 'idle_jiffies'), - (" .{} : {}", 'idle_calls'), - (" .{} : {}", 'idle_sleeps'), - (" .{} : {} nsecs", 'idle_entrytime'), - (" .{} : {} nsecs", 'idle_waketime'), - (" .{} : {} nsecs", 'idle_exittime'), - (" .{} : {} nsecs", 'idle_sleeptime'), - (" .{}: {} nsecs", 'iowait_sleeptime'), - (" .{} : {}", 'last_jiffies'), - (" .{} : {}", 'next_timer'), - (" .{} : {} nsecs", 'idle_expires')] - text += "\n".join([s.format(f, ts[f]) for s, f in fmts]) + TS_FLAG_STOPPED = 1 << 1 + TS_FLAG_NOHZ = 1 << 4 + text += f" .{'nohz':15s}: {int(bool(ts['flags'] & TS_FLAG_NOHZ))}\n" + text += f" .{'last_tick':15s}: {ts['last_tick']}\n" + text += f" .{'tick_stopped':15s}: {int(bool(ts['flags'] & TS_FLAG_STOPPED))}\n" + text += f" .{'idle_jiffies':15s}: {ts['idle_jiffies']}\n" + text += f" .{'idle_calls':15s}: {ts['idle_calls']}\n" + text += f" .{'idle_sleeps':15s}: {ts['idle_sleeps']}\n" + text += f" .{'idle_entrytime':15s}: {ts['idle_entrytime']} nsecs\n" + text += f" .{'idle_waketime':15s}: {ts['idle_waketime']} nsecs\n" + text += f" .{'idle_exittime':15s}: {ts['idle_exittime']} nsecs\n" + text += f" .{'idle_sleeptime':15s}: {ts['idle_sleeptime']} nsecs\n" + text += f" .{'iowait_sleeptime':15s}: {ts['iowait_sleeptime']} nsecs\n" + text += f" .{'last_jiffies':15s}: {ts['last_jiffies']}\n" + text += f" .{'next_timer':15s}: {ts['next_timer']}\n" + text += f" .{'idle_expires':15s}: {ts['idle_expires']} nsecs\n" text += "\njiffies: {}\n".format(jiffies) text += "\n" _ Patches currently in -mm which might be from kuan-ying.lee(a)canonical.com are

8 months

1
0
0 0

[merged mm-nonmm-stable] ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: fix the la space leak when unmounting an ocfs2 volume has been removed from the -mm tree. Its filename was ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Heming Zhao <heming.zhao(a)suse.com> Subject: ocfs2: fix the la space leak when unmounting an ocfs2 volume Date: Fri, 19 Jul 2024 19:43:10 +0800 This bug has existed since the initial OCFS2 code. The code logic in ocfs2_sync_local_to_main() is wrong, as it ignores the last contiguous free bits, which causes an OCFS2 volume to lose the last free clusters of LA window on each umount command. Link: https://lkml.kernel.org/r/20240719114310.14245-1-heming.zhao@suse.com Signed-off-by: Heming Zhao <heming.zhao(a)suse.com> Reviewed-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Heming Zhao <heming.zhao(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/localalloc.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) --- a/fs/ocfs2/localalloc.c~ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume +++ a/fs/ocfs2/localalloc.c @@ -1002,6 +1002,25 @@ static int ocfs2_sync_local_to_main(stru start = bit_off + 1; } + /* clear the contiguous bits until the end boundary */ + if (count) { + blkno = la_start_blk + + ocfs2_clusters_to_blocks(osb->sb, + start - count); + + trace_ocfs2_sync_local_to_main_free( + count, start - count, + (unsigned long long)la_start_blk, + (unsigned long long)blkno); + + status = ocfs2_release_clusters(handle, + main_bm_inode, + main_bm_bh, blkno, + count); + if (status < 0) + mlog_errno(status); + } + bail: if (status) mlog_errno(status); _ Patches currently in -mm which might be from heming.zhao(a)suse.com are

8 months

1
0
0 0

[merged mm-stable] mm-hugetlb_vmemmap-batch-hvo-work-when-demoting.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb_vmemmap: batch HVO work when demoting has been removed from the -mm tree. Its filename was mm-hugetlb_vmemmap-batch-hvo-work-when-demoting.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/hugetlb_vmemmap: batch HVO work when demoting Date: Mon, 12 Aug 2024 16:48:23 -0600 Batch the HVO work, including de-HVO of the source and HVO of the destination hugeTLB folios, to speed up demotion. After commit bd225530a4c7 ("mm/hugetlb_vmemmap: fix race with speculative PFN walkers"), each request of HVO or de-HVO, batched or not, invokes synchronize_rcu() once. For example, when not batched, demoting one 1GB hugeTLB folio to 512 2MB hugeTLB folios invokes synchronize_rcu() 513 times (1 de-HVO plus 512 HVO requests), whereas when batched, only twice (1 de-HVO plus 1 HVO request). And the performance difference between the two cases is significant, e.g., echo 2048kB >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote_size time echo 100 >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote Before this patch: real 8m58.158s user 0m0.009s sys 0m5.900s After this patch: real 0m0.900s user 0m0.000s sys 0m0.851s Note that this patch changes the behavior of the `demote` interface when de-HVO fails. Before, the interface aborts immediately upon failure; now, it tries to finish an entire batch, meaning it can make extra progress if the rest of the batch contains folios that do not need to de-HVO. Link: https://lkml.kernel.org/r/20240812224823.3914837-1-yuzhao@google.com Fixes: bd225530a4c7 ("mm/hugetlb_vmemmap: fix race with speculative PFN walkers") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Reviewed-by: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 156 ++++++++++++++++++++++++++++--------------------- 1 file changed, 92 insertions(+), 64 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb_vmemmap-batch-hvo-work-when-demoting +++ a/mm/hugetlb.c @@ -3921,101 +3921,125 @@ out: return 0; } -static int demote_free_hugetlb_folio(struct hstate *h, struct folio *folio) +static long demote_free_hugetlb_folios(struct hstate *src, struct hstate *dst, + struct list_head *src_list) { - int i, nid = folio_nid(folio); - struct hstate *target_hstate; - struct page *subpage; - struct folio *inner_folio; - int rc = 0; + long rc; + struct folio *folio, *next; + LIST_HEAD(dst_list); + LIST_HEAD(ret_list); - target_hstate = size_to_hstate(PAGE_SIZE << h->demote_order); - - remove_hugetlb_folio(h, folio, false); - spin_unlock_irq(&hugetlb_lock); - - /* - * If vmemmap already existed for folio, the remove routine above would - * have cleared the hugetlb folio flag. Hence the folio is technically - * no longer a hugetlb folio. hugetlb_vmemmap_restore_folio can only be - * passed hugetlb folios and will BUG otherwise. - */ - if (folio_test_hugetlb(folio)) { - rc = hugetlb_vmemmap_restore_folio(h, folio); - if (rc) { - /* Allocation of vmemmmap failed, we can not demote folio */ - spin_lock_irq(&hugetlb_lock); - add_hugetlb_folio(h, folio, false); - return rc; - } - } - - /* - * Use destroy_compound_hugetlb_folio_for_demote for all huge page - * sizes as it will not ref count folios. - */ - destroy_compound_hugetlb_folio_for_demote(folio, huge_page_order(h)); + rc = hugetlb_vmemmap_restore_folios(src, src_list, &ret_list); + list_splice_init(&ret_list, src_list); /* * Taking target hstate mutex synchronizes with set_max_huge_pages. * Without the mutex, pages added to target hstate could be marked * as surplus. * - * Note that we already hold h->resize_lock. To prevent deadlock, + * Note that we already hold src->resize_lock. To prevent deadlock, * use the convention of always taking larger size hstate mutex first. */ - mutex_lock(&target_hstate->resize_lock); - for (i = 0; i < pages_per_huge_page(h); - i += pages_per_huge_page(target_hstate)) { - subpage = folio_page(folio, i); - inner_folio = page_folio(subpage); - if (hstate_is_gigantic(target_hstate)) - prep_compound_gigantic_folio_for_demote(inner_folio, - target_hstate->order); - else - prep_compound_page(subpage, target_hstate->order); - folio_change_private(inner_folio, NULL); - prep_new_hugetlb_folio(target_hstate, inner_folio, nid); - free_huge_folio(inner_folio); + mutex_lock(&dst->resize_lock); + + list_for_each_entry_safe(folio, next, src_list, lru) { + int i; + + if (folio_test_hugetlb_vmemmap_optimized(folio)) + continue; + + list_del(&folio->lru); + /* + * Use destroy_compound_hugetlb_folio_for_demote for all huge page + * sizes as it will not ref count folios. + */ + destroy_compound_hugetlb_folio_for_demote(folio, huge_page_order(src)); + + for (i = 0; i < pages_per_huge_page(src); i += pages_per_huge_page(dst)) { + struct page *page = folio_page(folio, i); + + if (hstate_is_gigantic(dst)) + prep_compound_gigantic_folio_for_demote(page_folio(page), + dst->order); + else + prep_compound_page(page, dst->order); + set_page_private(page, 0); + + init_new_hugetlb_folio(dst, page_folio(page)); + list_add(&page->lru, &dst_list); + } } - mutex_unlock(&target_hstate->resize_lock); - spin_lock_irq(&hugetlb_lock); + prep_and_add_allocated_folios(dst, &dst_list); - /* - * Not absolutely necessary, but for consistency update max_huge_pages - * based on pool changes for the demoted page. - */ - h->max_huge_pages--; - target_hstate->max_huge_pages += - pages_per_huge_page(h) / pages_per_huge_page(target_hstate); + mutex_unlock(&dst->resize_lock); return rc; } -static int demote_pool_huge_page(struct hstate *h, nodemask_t *nodes_allowed) +static long demote_pool_huge_page(struct hstate *src, nodemask_t *nodes_allowed, + unsigned long nr_to_demote) __must_hold(&hugetlb_lock) { int nr_nodes, node; - struct folio *folio; + struct hstate *dst; + long rc = 0; + long nr_demoted = 0; lockdep_assert_held(&hugetlb_lock); /* We should never get here if no demote order */ - if (!h->demote_order) { + if (!src->demote_order) { pr_warn("HugeTLB: NULL demote order passed to demote_pool_huge_page.\n"); return -EINVAL; /* internal error */ } + dst = size_to_hstate(PAGE_SIZE << src->demote_order); - for_each_node_mask_to_free(h, nr_nodes, node, nodes_allowed) { - list_for_each_entry(folio, &h->hugepage_freelists[node], lru) { + for_each_node_mask_to_free(src, nr_nodes, node, nodes_allowed) { + LIST_HEAD(list); + struct folio *folio, *next; + + list_for_each_entry_safe(folio, next, &src->hugepage_freelists[node], lru) { if (folio_test_hwpoison(folio)) continue; - return demote_free_hugetlb_folio(h, folio); + + remove_hugetlb_folio(src, folio, false); + list_add(&folio->lru, &list); + + if (++nr_demoted == nr_to_demote) + break; + } + + spin_unlock_irq(&hugetlb_lock); + + rc = demote_free_hugetlb_folios(src, dst, &list); + + spin_lock_irq(&hugetlb_lock); + + list_for_each_entry_safe(folio, next, &list, lru) { + list_del(&folio->lru); + add_hugetlb_folio(src, folio, false); + + nr_demoted--; } + + if (rc < 0 || nr_demoted == nr_to_demote) + break; } /* + * Not absolutely necessary, but for consistency update max_huge_pages + * based on pool changes for the demoted page. + */ + src->max_huge_pages -= nr_demoted; + dst->max_huge_pages += nr_demoted << (huge_page_order(src) - huge_page_order(dst)); + + if (rc < 0) + return rc; + + if (nr_demoted) + return nr_demoted; + /* * Only way to get here is if all pages on free lists are poisoned. * Return -EBUSY so that caller will not retry. */ @@ -4249,6 +4273,8 @@ static ssize_t demote_store(struct kobje spin_lock_irq(&hugetlb_lock); while (nr_demote) { + long rc; + /* * Check for available pages to demote each time thorough the * loop as demote_pool_huge_page will drop hugetlb_lock. @@ -4261,11 +4287,13 @@ static ssize_t demote_store(struct kobje if (!nr_available) break; - err = demote_pool_huge_page(h, n_mask); - if (err) + rc = demote_pool_huge_page(h, n_mask, nr_demote); + if (rc < 0) { + err = rc; break; + } - nr_demote--; + nr_demote -= rc; } spin_unlock_irq(&hugetlb_lock); _ Patches currently in -mm which might be from yuzhao(a)google.com are mm-contig_alloc-support-__gfp_comp.patch mm-cma-add-cma_allocfree_folio.patch mm-cma-add-cma_allocfree_folio-fix.patch mm-hugetlb-use-__gfp_comp-for-gigantic-folios.patch mm-free-zapped-tail-pages-when-splitting-isolated-thp.patch mm-remap-unused-subpages-to-shared-zeropage-when-splitting-isolated-thp.patch

8 months

1
0
0 0

[merged mm-stable] selftest-mm-mseal-fix-test_seal_mremap_move_dontunmap_anyaddr.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftest mm/mseal: fix test_seal_mremap_move_dontunmap_anyaddr has been removed from the -mm tree. Its filename was selftest-mm-mseal-fix-test_seal_mremap_move_dontunmap_anyaddr.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jeff Xu <jeffxu(a)chromium.org> Subject: selftest mm/mseal: fix test_seal_mremap_move_dontunmap_anyaddr Date: Wed, 7 Aug 2024 21:23:20 +0000 the syscall remap accepts following: mremap(src, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, dst) when the src is sealed, the call will fail with error code: EPERM Previously, the test uses hard-coded 0xdeaddead as dst, and it will fail on the system with newer glibc installed. This patch removes test's dependency on glibc for mremap(), also fix the test and remove the hardcoded address. Link: https://lkml.kernel.org/r/20240807212320.2831848-1-jeffxu@chromium.org Fixes: 4926c7a52de7 ("selftest mm/mseal memory sealing") Signed-off-by: Jeff Xu <jeffxu(a)chromium.org> Reported-by: Pedro Falcato <pedro.falcato(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/mseal_test.c | 57 +++++++++++++--------- 1 file changed, 36 insertions(+), 21 deletions(-) --- a/tools/testing/selftests/mm/mseal_test.c~selftest-mm-mseal-fix-test_seal_mremap_move_dontunmap_anyaddr +++ a/tools/testing/selftests/mm/mseal_test.c @@ -110,6 +110,16 @@ static int sys_madvise(void *start, size return sret; } +static void *sys_mremap(void *addr, size_t old_len, size_t new_len, + unsigned long flags, void *new_addr) +{ + void *sret; + + errno = 0; + sret = (void *) syscall(__NR_mremap, addr, old_len, new_len, flags, new_addr); + return sret; +} + static int sys_pkey_alloc(unsigned long flags, unsigned long init_val) { int ret = syscall(__NR_pkey_alloc, flags, init_val); @@ -1115,12 +1125,12 @@ static void test_seal_mremap_shrink(bool } /* shrink from 4 pages to 2 pages. */ - ret2 = mremap(ptr, size, 2 * page_size, 0, 0); + ret2 = sys_mremap(ptr, size, 2 * page_size, 0, 0); if (seal) { - FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); + FAIL_TEST_IF_FALSE(ret2 == (void *) MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); } else { - FAIL_TEST_IF_FALSE(ret2 != MAP_FAILED); + FAIL_TEST_IF_FALSE(ret2 != (void *) MAP_FAILED); } @@ -1147,7 +1157,7 @@ static void test_seal_mremap_expand(bool } /* expand from 2 page to 4 pages. */ - ret2 = mremap(ptr, 2 * page_size, 4 * page_size, 0, 0); + ret2 = sys_mremap(ptr, 2 * page_size, 4 * page_size, 0, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1180,7 +1190,7 @@ static void test_seal_mremap_move(bool s } /* move from ptr to fixed address. */ - ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, newPtr); + ret2 = sys_mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, newPtr); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1299,7 +1309,7 @@ static void test_seal_mremap_shrink_fixe } /* mremap to move and shrink to fixed address */ - ret2 = mremap(ptr, size, 2 * page_size, MREMAP_MAYMOVE | MREMAP_FIXED, + ret2 = sys_mremap(ptr, size, 2 * page_size, MREMAP_MAYMOVE | MREMAP_FIXED, newAddr); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); @@ -1330,7 +1340,7 @@ static void test_seal_mremap_expand_fixe } /* mremap to move and expand to fixed address */ - ret2 = mremap(ptr, page_size, size, MREMAP_MAYMOVE | MREMAP_FIXED, + ret2 = sys_mremap(ptr, page_size, size, MREMAP_MAYMOVE | MREMAP_FIXED, newAddr); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); @@ -1361,7 +1371,7 @@ static void test_seal_mremap_move_fixed( } /* mremap to move to fixed address */ - ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, newAddr); + ret2 = sys_mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, newAddr); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1390,14 +1400,13 @@ static void test_seal_mremap_move_fixed_ /* * MREMAP_FIXED can move the mapping to zero address */ - ret2 = mremap(ptr, size, 2 * page_size, MREMAP_MAYMOVE | MREMAP_FIXED, + ret2 = sys_mremap(ptr, size, 2 * page_size, MREMAP_MAYMOVE | MREMAP_FIXED, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); } else { FAIL_TEST_IF_FALSE(ret2 == 0); - } REPORT_TEST_PASS(); @@ -1420,13 +1429,13 @@ static void test_seal_mremap_move_dontun } /* mremap to move, and don't unmap src addr. */ - ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, 0); + ret2 = sys_mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); } else { + /* kernel will allocate a new address */ FAIL_TEST_IF_FALSE(ret2 != MAP_FAILED); - } REPORT_TEST_PASS(); @@ -1434,7 +1443,7 @@ static void test_seal_mremap_move_dontun static void test_seal_mremap_move_dontunmap_anyaddr(bool seal) { - void *ptr; + void *ptr, *ptr2; unsigned long page_size = getpagesize(); unsigned long size = 4 * page_size; int ret; @@ -1449,24 +1458,30 @@ static void test_seal_mremap_move_dontun } /* - * The 0xdeaddead should not have effect on dest addr - * when MREMAP_DONTUNMAP is set. + * The new address is any address that not allocated. + * use allocate/free to similate that. + */ + setup_single_address(size, &ptr2); + FAIL_TEST_IF_FALSE(ptr2 != (void *)-1); + ret = sys_munmap(ptr2, size); + FAIL_TEST_IF_FALSE(!ret); + + /* + * remap to any address. */ - ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, - 0xdeaddead); + ret2 = sys_mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, + (void *) ptr2); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); } else { - FAIL_TEST_IF_FALSE(ret2 != MAP_FAILED); - FAIL_TEST_IF_FALSE((long)ret2 != 0xdeaddead); - + /* remap success and return ptr2 */ + FAIL_TEST_IF_FALSE(ret2 == ptr2); } REPORT_TEST_PASS(); } - static void test_seal_merge_and_split(void) { void *ptr; _ Patches currently in -mm which might be from jeffxu(a)chromium.org are

8 months

1
0
0 0

[merged mm-stable] mm-only-enforce-minimum-stack-gap-size-if-its-sensible.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: only enforce minimum stack gap size if it's sensible has been removed from the -mm tree. Its filename was mm-only-enforce-minimum-stack-gap-size-if-its-sensible.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Gow <davidgow(a)google.com> Subject: mm: only enforce minimum stack gap size if it's sensible Date: Sat, 3 Aug 2024 15:46:41 +0800 The generic mmap_base code tries to leave a gap between the top of the stack and the mmap base address, but enforces a minimum gap size (MIN_GAP) of 128MB, which is too large on some setups. In particular, on arm tasks without ADDR_LIMIT_32BIT, the STACK_TOP value is less than 128MB, so it's impossible to fit such a gap in. Only enforce this minimum if MIN_GAP < MAX_GAP, as we'd prefer to honour MAX_GAP, which is defined proportionally, so scales better and always leaves us with both _some_ stack space and some room for mmap. This fixes the usercopy KUnit test suite on 32-bit arm, as it doesn't set any personality flags so gets the default (in this case 26-bit) task size. This test can be run with: ./tools/testing/kunit/kunit.py run --arch arm usercopy --make_options LLVM=1 Link: https://lkml.kernel.org/r/20240803074642.1849623-2-davidgow@google.com Fixes: dba79c3df4a2 ("arm: use generic mmap top-down layout and brk randomization") Signed-off-by: David Gow <davidgow(a)google.com> Reviewed-by: Kees Cook <kees(a)kernel.org> Cc: Alexandre Ghiti <alex(a)ghiti.fr> Cc: Linus Walleij <linus.walleij(a)linaro.org> Cc: Luis Chamberlain <mcgrof(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Russell King <linux(a)armlinux.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/util.c~mm-only-enforce-minimum-stack-gap-size-if-its-sensible +++ a/mm/util.c @@ -463,7 +463,7 @@ static unsigned long mmap_base(unsigned if (gap + pad > gap) gap += pad; - if (gap < MIN_GAP) + if (gap < MIN_GAP && MIN_GAP < MAX_GAP) gap = MIN_GAP; else if (gap > MAX_GAP) gap = MAX_GAP; _ Patches currently in -mm which might be from davidgow(a)google.com are

8 months

1
0
0 0

[merged mm-hotfixes-stable] alloc_tag-fix-allocation-tag-reporting-when-config_modules=n.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: alloc_tag: fix allocation tag reporting when CONFIG_MODULES=n has been removed from the -mm tree. Its filename was alloc_tag-fix-allocation-tag-reporting-when-config_modules=n.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: alloc_tag: fix allocation tag reporting when CONFIG_MODULES=n Date: Wed, 28 Aug 2024 16:15:36 -0700 codetag_module_init() is used to initialize sections containing allocation tags. This function is used to initialize module sections as well as core kernel sections, in which case the module parameter is set to NULL. This function has to be called even when CONFIG_MODULES=n to initialize core kernel allocation tag sections. When CONFIG_MODULES=n, this function is a NOP, which is wrong. This leads to /proc/allocinfo reported as empty. Fix this by making it independent of CONFIG_MODULES. Link: https://lkml.kernel.org/r/20240828231536.1770519-1-surenb@google.com Fixes: 916cc5167cc6 ("lib: code tagging framework") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Sourav Panda <souravpanda(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [6.10+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/codetag.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) --- a/lib/codetag.c~alloc_tag-fix-allocation-tag-reporting-when-config_modules=n +++ a/lib/codetag.c @@ -125,7 +125,6 @@ static inline size_t range_size(const st cttype->desc.tag_size; } -#ifdef CONFIG_MODULES static void *get_symbol(struct module *mod, const char *prefix, const char *name) { DECLARE_SEQ_BUF(sb, KSYM_NAME_LEN); @@ -155,6 +154,15 @@ static struct codetag_range get_section_ }; } +static const char *get_mod_name(__maybe_unused struct module *mod) +{ +#ifdef CONFIG_MODULES + if (mod) + return mod->name; +#endif + return "(built-in)"; +} + static int codetag_module_init(struct codetag_type *cttype, struct module *mod) { struct codetag_range range; @@ -164,8 +172,7 @@ static int codetag_module_init(struct co range = get_section_range(mod, cttype->desc.section); if (!range.start || !range.stop) { pr_warn("Failed to load code tags of type %s from the module %s\n", - cttype->desc.section, - mod ? mod->name : "(built-in)"); + cttype->desc.section, get_mod_name(mod)); return -EINVAL; } @@ -199,6 +206,7 @@ static int codetag_module_init(struct co return 0; } +#ifdef CONFIG_MODULES void codetag_load_module(struct module *mod) { struct codetag_type *cttype; @@ -248,9 +256,6 @@ bool codetag_unload_module(struct module return unload_ok; } - -#else /* CONFIG_MODULES */ -static int codetag_module_init(struct codetag_type *cttype, struct module *mod) { return 0; } #endif /* CONFIG_MODULES */ struct codetag_type * _ Patches currently in -mm which might be from surenb(a)google.com are

8 months

1
0
0 0

[merged mm-hotfixes-stable] mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: vmalloc: optimize vmap_lazy_nr arithmetic when purging each vmap_area has been removed from the -mm tree. Its filename was mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Adrian Huang <ahuang12(a)lenovo.com> Subject: mm: vmalloc: optimize vmap_lazy_nr arithmetic when purging each vmap_area Date: Thu, 29 Aug 2024 21:06:33 +0800 When running the vmalloc stress on a 448-core system, observe the average latency of purge_vmap_node() is about 2 seconds by using the eBPF/bcc 'funclatency.py' tool [1]. # /your-git-repo/bcc/tools/funclatency.py -u purge_vmap_node & pid1=$! && sleep 8 && modprobe test_vmalloc nr_threads=$(nproc) run_test_mask=0x7; kill -SIGINT $pid1 usecs : count distribution 0 -> 1 : 0 | | 2 -> 3 : 29 | | 4 -> 7 : 19 | | 8 -> 15 : 56 | | 16 -> 31 : 483 |**** | 32 -> 63 : 1548 |************ | 64 -> 127 : 2634 |********************* | 128 -> 255 : 2535 |********************* | 256 -> 511 : 1776 |************** | 512 -> 1023 : 1015 |******** | 1024 -> 2047 : 573 |**** | 2048 -> 4095 : 488 |**** | 4096 -> 8191 : 1091 |********* | 8192 -> 16383 : 3078 |************************* | 16384 -> 32767 : 4821 |****************************************| 32768 -> 65535 : 3318 |*************************** | 65536 -> 131071 : 1718 |************** | 131072 -> 262143 : 2220 |****************** | 262144 -> 524287 : 1147 |********* | 524288 -> 1048575 : 1179 |********* | 1048576 -> 2097151 : 822 |****** | 2097152 -> 4194303 : 906 |******* | 4194304 -> 8388607 : 2148 |***************** | 8388608 -> 16777215 : 4497 |************************************* | 16777216 -> 33554431 : 289 |** | avg = 2041714 usecs, total: 78381401772 usecs, count: 38390 The worst case is over 16-33 seconds, so soft lockup is triggered [2]. [Root Cause] 1) Each purge_list has the long list. The following shows the number of vmap_area is purged. crash> p vmap_nodes vmap_nodes = $27 = (struct vmap_node *) 0xff2de5a900100000 crash> vmap_node 0xff2de5a900100000 128 | grep nr_purged nr_purged = 663070 ... nr_purged = 821670 nr_purged = 692214 nr_purged = 726808 ... 2) atomic_long_sub() employs the 'lock' prefix to ensure the atomic operation when purging each vmap_area. However, the iteration is over 600000 vmap_area (See 'nr_purged' above). Here is objdump output: $ objdump -D vmlinux ffffffff813e8c80 <purge_vmap_node>: ... ffffffff813e8d70: f0 48 29 2d 68 0c bb lock sub %rbp,0x2bb0c68(%rip) ... Quote from "Instruction tables" pdf file [3]: Instructions with a LOCK prefix have a long latency that depends on cache organization and possibly RAM speed. If there are multiple processors or cores or direct memory access (DMA) devices, then all locked instructions will lock a cache line for exclusive access, which may involve RAM access. A LOCK prefix typically costs more than a hundred clock cycles, even on single-processor systems. That's why the latency of purge_vmap_node() dramatically increases on a many-core system: One core is busy on purging each vmap_area of the *long* purge_list and executing atomic_long_sub() for each vmap_area, while other cores free vmalloc allocations and execute atomic_long_add_return() in free_vmap_area_noflush(). [Solution] Employ a local variable to record the total purged pages, and execute atomic_long_sub() after the traversal of the purge_list is done. The experiment result shows the latency improvement is 99%. [Experiment Result] 1) System Configuration: Three servers (with HT-enabled) are tested. * 72-core server: 3rd Gen Intel Xeon Scalable Processor*1 * 192-core server: 5th Gen Intel Xeon Scalable Processor*2 * 448-core server: AMD Zen 4 Processor*2 2) Kernel Config * CONFIG_KASAN is disabled 3) The data in column "w/o patch" and "w/ patch" * Unit: micro seconds (us) * Each data is the average of 3-time measurements System w/o patch (us) w/ patch (us) Improvement (%) --------------- -------------- ------------- ------------- 72-core server 2194 14 99.36% 192-core server 143799 1139 99.21% 448-core server 1992122 6883 99.65% [1] https://github.com/iovisor/bcc/blob/master/tools/funclatency.py [2] https://gist.github.com/AdrianHuang/37c15f67b45407b83c2d32f918656c12 [3] https://www.agner.org/optimize/instruction_tables.pdf Link: https://lkml.kernel.org/r/20240829130633.2184-1-ahuang12@lenovo.com Signed-off-by: Adrian Huang <ahuang12(a)lenovo.com> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/mm/vmalloc.c~mm-vmalloc-optimize-vmap_lazy_nr-arithmetic-when-purging-each-vmap_area +++ a/mm/vmalloc.c @@ -2191,6 +2191,7 @@ static void purge_vmap_node(struct work_ { struct vmap_node *vn = container_of(work, struct vmap_node, purge_work); + unsigned long nr_purged_pages = 0; struct vmap_area *va, *n_va; LIST_HEAD(local_list); @@ -2208,7 +2209,7 @@ static void purge_vmap_node(struct work_ kasan_release_vmalloc(orig_start, orig_end, va->va_start, va->va_end); - atomic_long_sub(nr, &vmap_lazy_nr); + nr_purged_pages += nr; vn->nr_purged++; if (is_vn_id_valid(vn_id) && !vn->skip_populate) @@ -2219,6 +2220,8 @@ static void purge_vmap_node(struct work_ list_add(&va->list, &local_list); } + atomic_long_sub(nr_purged_pages, &vmap_lazy_nr); + reclaim_list_global(&local_list); } _ Patches currently in -mm which might be from ahuang12(a)lenovo.com are mm-vmalloc-combine-all-tlb-flush-operations-of-kasan-shadow-virtual-address-into-one-operation.patch

8 months

1
0
0 0

[merged mm-hotfixes-stable] codetag-debug-mark-codetags-for-poisoned-page-as-empty.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: codetag: debug: mark codetags for poisoned page as empty has been removed from the -mm tree. Its filename was codetag-debug-mark-codetags-for-poisoned-page-as-empty.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Hao Ge <gehao(a)kylinos.cn> Subject: codetag: debug: mark codetags for poisoned page as empty Date: Mon, 26 Aug 2024 00:36:49 +0800 When PG_hwpoison pages are freed they are treated differently in free_pages_prepare() and instead of being released they are isolated. Page allocation tag counters are decremented at this point since the page is considered not in use. Later on when such pages are released by unpoison_memory(), the allocation tag counters will be decremented again and the following warning gets reported: [ 113.930443][ T3282] ------------[ cut here ]------------ [ 113.931105][ T3282] alloc_tag was not set [ 113.931576][ T3282] WARNING: CPU: 2 PID: 3282 at ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164 [ 113.932866][ T3282] Modules linked in: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4 [ 113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: loaded Tainted: G W 6.11.0-rc4-dirty #18 [ 113.943003][ T3282] Tainted: [W]=WARN [ 113.943453][ T3282] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [ 113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946706][ T3282] sp : ffff800087093a10 [ 113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0 [ 113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000 [ 113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000 [ 113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffff [ 113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210 [ 113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339 [ 113.954120][ T3282] x11: ffff800087093500 x10: 000000000000005d x9 : 00000000ffffffd0 [ 113.955078][ T3282] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008236ba90 x6 : c0000000ffff7fff [ 113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001 [ 113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000 [ 113.957962][ T3282] Call trace: [ 113.958350][ T3282] pgalloc_tag_sub.part.66+0x154/0x164 [ 113.959000][ T3282] pgalloc_tag_sub+0x14/0x1c [ 113.959539][ T3282] free_unref_page+0xf4/0x4b8 [ 113.960096][ T3282] __folio_put+0xd4/0x120 [ 113.960614][ T3282] folio_put+0x24/0x50 [ 113.961103][ T3282] unpoison_memory+0x4f0/0x5b0 [ 113.961678][ T3282] hwpoison_unpoison+0x30/0x48 [hwpoison_inject] [ 113.962436][ T3282] simple_attr_write_xsigned.isra.34+0xec/0x1cc [ 113.963183][ T3282] simple_attr_write+0x38/0x48 [ 113.963750][ T3282] debugfs_attr_write+0x54/0x80 [ 113.964330][ T3282] full_proxy_write+0x68/0x98 [ 113.964880][ T3282] vfs_write+0xdc/0x4d0 [ 113.965372][ T3282] ksys_write+0x78/0x100 [ 113.965875][ T3282] __arm64_sys_write+0x24/0x30 [ 113.966440][ T3282] invoke_syscall+0x7c/0x104 [ 113.966984][ T3282] el0_svc_common.constprop.1+0x88/0x104 [ 113.967652][ T3282] do_el0_svc+0x2c/0x38 [ 113.968893][ T3282] el0_svc+0x3c/0x1b8 [ 113.969379][ T3282] el0t_64_sync_handler+0x98/0xbc [ 113.969980][ T3282] el0t_64_sync+0x19c/0x1a0 [ 113.970511][ T3282] ---[ end trace 0000000000000000 ]--- To fix this, clear the page tag reference after the page got isolated and accounted for. Link: https://lkml.kernel.org/r/20240825163649.33294-1-hao.ge@linux.dev Fixes: d224eb0287fb ("codetag: debug: mark codetags for reserved pages as empty") Signed-off-by: Hao Ge <gehao(a)kylinos.cn> Reviewed-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hao Ge <gehao(a)kylinos.cn> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: <stable(a)vger.kernel.org> [6.10+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/mm/page_alloc.c~codetag-debug-mark-codetags-for-poisoned-page-as-empty +++ a/mm/page_alloc.c @@ -1054,6 +1054,13 @@ __always_inline bool free_pages_prepare( reset_page_owner(page, order); page_table_check_free(page, order); pgalloc_tag_sub(page, 1 << order); + + /* + * The page is isolated and accounted for. + * Mark the codetag as empty to avoid accounting error + * when the page is freed by unpoison_memory(). + */ + clear_page_tag_ref(page); return false; } _ Patches currently in -mm which might be from gehao(a)kylinos.cn are mm-cma-change-the-addition-of-totalcma_pages-in-the-cma_init_reserved_mem.patch

8 months

1
0
0 0

[merged mm-hotfixes-stable] revert-mm-skip-cma-pages-when-they-are-not-available.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Revert "mm: skip CMA pages when they are not available" has been removed from the -mm tree. Its filename was revert-mm-skip-cma-pages-when-they-are-not-available.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Usama Arif <usamaarif642(a)gmail.com> Subject: Revert "mm: skip CMA pages when they are not available" Date: Wed, 21 Aug 2024 20:26:07 +0100 This reverts commit 5da226dbfce3 ("mm: skip CMA pages when they are not available") and b7108d66318a ("Multi-gen LRU: skip CMA pages when they are not eligible"). lruvec->lru_lock is highly contended and is held when calling isolate_lru_folios. If the lru has a large number of CMA folios consecutively, while the allocation type requested is not MIGRATE_MOVABLE, isolate_lru_folios can hold the lock for a very long time while it skips those. For FIO workload, ~150million order=0 folios were skipped to isolate a few ZONE_DMA folios [1]. This can cause lockups [1] and high memory pressure for extended periods of time [2]. Remove skipping CMA for MGLRU as well, as it was introduced in sort_folio for the same resaon as 5da226dbfce3a2f44978c2c7cf88166e69a6788b. [1] https://lore.kernel.org/all/CAOUHufbkhMZYz20aM_3rHZ3OcK4m2puji2FGpUpn_-DevG… [2] https://lore.kernel.org/all/ZrssOrcJIDy8hacI@gmail.com/ [usamaarif642(a)gmail.com: also revert b7108d66318a, per Johannes] Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com Link: https://lkml.kernel.org/r/357ac325-4c61-497a-92a3-bdbd230d5ec9@gmail.com Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com Fixes: 5da226dbfce3 ("mm: skip CMA pages when they are not available") Signed-off-by: Usama Arif <usamaarif642(a)gmail.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Bharata B Rao <bharata(a)amd.com> Cc: Breno Leitao <leitao(a)debian.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yu Zhao <yuzhao(a)google.com> Cc: Zhaoyang Huang <huangzhaoyang(a)gmail.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) --- a/mm/vmscan.c~revert-mm-skip-cma-pages-when-they-are-not-available +++ a/mm/vmscan.c @@ -1604,25 +1604,6 @@ static __always_inline void update_lru_s } -#ifdef CONFIG_CMA -/* - * It is waste of effort to scan and reclaim CMA pages if it is not available - * for current allocation context. Kswapd can not be enrolled as it can not - * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL - */ -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return !current_is_kswapd() && - gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE && - folio_migratetype(folio) == MIGRATE_CMA; -} -#else -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return false; -} -#endif - /* * Isolating page from the lruvec to fill in @dst list by nr_to_scan times. * @@ -1669,8 +1650,7 @@ static unsigned long isolate_lru_folios( nr_pages = folio_nr_pages(folio); total_scan += nr_pages; - if (folio_zonenum(folio) > sc->reclaim_idx || - skip_cma(folio, sc)) { + if (folio_zonenum(folio) > sc->reclaim_idx) { nr_skipped[folio_zonenum(folio)] += nr_pages; move_to = &folios_skipped; goto move; @@ -4320,7 +4300,7 @@ static bool sort_folio(struct lruvec *lr } /* ineligible */ - if (zone > sc->reclaim_idx || skip_cma(folio, sc)) { + if (zone > sc->reclaim_idx) { gen = folio_inc_gen(lruvec, folio, false); list_move_tail(&folio->lru, &lrugen->folios[gen][type][zone]); return true; _ Patches currently in -mm which might be from usamaarif642(a)gmail.com are mm-store-zero-pages-to-be-swapped-out-in-a-bitmap.patch mm-remove-code-to-handle-same-filled-pages.patch mm-introduce-a-pageflag-for-partially-mapped-folios.patch mm-split-underused-thps.patch mm-add-sysfs-entry-to-disable-splitting-underused-thps.patch

8 months

1
0
0 0

[merged mm-hotfixes-stable] maple_tree-remove-rcu_read_lock-from-mt_validate.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: maple_tree: remove rcu_read_lock() from mt_validate() has been removed from the -mm tree. Its filename was maple_tree-remove-rcu_read_lock-from-mt_validate.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)Oracle.com> Subject: maple_tree: remove rcu_read_lock() from mt_validate() Date: Tue, 20 Aug 2024 13:54:17 -0400 The write lock should be held when validating the tree to avoid updates racing with checks. Holding the rcu read lock during a large tree validation may also cause a prolonged rcu read window and "rcu_preempt detected stalls" warnings. Link: https://lore.kernel.org/all/0000000000001d12d4062005aea1@google.com/ Link: https://lkml.kernel.org/r/20240820175417.2782532-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reported-by: syzbot+036af2f0c7338a33b0cd(a)syzkaller.appspotmail.com Cc: Hillf Danton <hdanton(a)sina.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) --- a/lib/maple_tree.c~maple_tree-remove-rcu_read_lock-from-mt_validate +++ a/lib/maple_tree.c @@ -7566,14 +7566,14 @@ static void mt_validate_nulls(struct map * 2. The gap is correctly set in the parents */ void mt_validate(struct maple_tree *mt) + __must_hold(mas->tree->ma_lock) { unsigned char end; MA_STATE(mas, mt, 0, 0); - rcu_read_lock(); mas_start(&mas); if (!mas_is_active(&mas)) - goto done; + return; while (!mte_is_leaf(mas.node)) mas_descend(&mas); @@ -7594,9 +7594,6 @@ void mt_validate(struct maple_tree *mt) mas_dfs_postorder(&mas, ULONG_MAX); } mt_validate_nulls(mt); -done: - rcu_read_unlock(); - } EXPORT_SYMBOL_GPL(mt_validate); _ Patches currently in -mm which might be from Liam.Howlett(a)Oracle.com are mm-vma-correctly-position-vma_iterator-in-__split_vma.patch mm-vma-introduce-abort_munmap_vmas.patch mm-vma-introduce-vmi_complete_munmap_vmas.patch mm-vma-extract-the-gathering-of-vmas-from-do_vmi_align_munmap.patch mm-vma-introduce-vma_munmap_struct-for-use-in-munmap-operations.patch mm-vma-change-munmap-to-use-vma_munmap_struct-for-accounting-and-surrounding-vmas.patch mm-vma-extract-validate_mm-from-vma_complete.patch mm-vma-inline-munmap-operation-in-mmap_region.patch mm-vma-expand-mmap_region-munmap-call.patch mm-vma-support-vma-==-null-in-init_vma_munmap.patch mm-mmap-reposition-vma-iterator-in-mmap_region.patch mm-vma-track-start-and-end-for-munmap-in-vma_munmap_struct.patch mm-clean-up-unmap_region-argument-list.patch mm-mmap-avoid-zeroing-vma-tree-in-mmap_region.patch mm-change-failure-of-map_fixed-to-restoring-the-gap-on-failure.patch mm-mmap-use-phys_pfn-in-mmap_region.patch mm-mmap-use-vms-accounted-pages-in-mmap_region.patch ipc-shm-mm-drop-do_vma_munmap.patch mm-move-may_expand_vm-check-in-mmap_region.patch mm-vma-drop-incorrect-comment-from-vms_gather_munmap_vmas.patch mm-vmah-optimise-vma_munmap_struct.patch

8 months

1
0
0 0

[merged mm-hotfixes-stable] kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug=y.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y has been removed from the -mm tree. Its filename was kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug=y.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Petr Tesarik <ptesarik(a)suse.com> Subject: kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y Date: Mon, 5 Aug 2024 17:07:50 +0200 Fix the condition to exclude the elfcorehdr segment from the SHA digest calculation. The j iterator is an index into the output sha_regions[] array, not into the input image->segment[] array. Once it reaches image->elfcorehdr_index, all subsequent segments are excluded. Besides, if the purgatory segment precedes the elfcorehdr segment, the elfcorehdr may be wrongly included in the calculation. Link: https://lkml.kernel.org/r/20240805150750.170739-1-petr.tesarik@suse.com Fixes: f7cc804a9fd4 ("kexec: exclude elfcorehdr from the segment digest") Signed-off-by: Petr Tesarik <ptesarik(a)suse.com> Acked-by: Baoquan He <bhe(a)redhat.com> Cc: Eric Biederman <ebiederm(a)xmission.com> Cc: Hari Bathini <hbathini(a)linux.ibm.com> Cc: Sourabh Jain <sourabhjain(a)linux.ibm.com> Cc: Eric DeVolder <eric_devolder(a)yahoo.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/kexec_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/kexec_file.c~kexec_file-fix-elfcorehdr-digest-exclusion-when-config_crash_hotplug=y +++ a/kernel/kexec_file.c @@ -752,7 +752,7 @@ static int kexec_calculate_store_digests #ifdef CONFIG_CRASH_HOTPLUG /* Exclude elfcorehdr segment to allow future changes via hotplug */ - if (j == image->elfcorehdr_index) + if (i == image->elfcorehdr_index) continue; #endif _ Patches currently in -mm which might be from ptesarik(a)suse.com are

8 months

1
0
0 0

[merged mm-hotfixes-stable] mm-slub-add-check-for-s-flags-in-the-alloc_tagging_slab_free_hook.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook has been removed from the -mm tree. Its filename was mm-slub-add-check-for-s-flags-in-the-alloc_tagging_slab_free_hook.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Hao Ge <gehao(a)kylinos.cn> Subject: mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook Date: Fri, 16 Aug 2024 09:33:36 +0800 When enable CONFIG_MEMCG & CONFIG_KFENCE & CONFIG_KMEMLEAK, the following warning always occurs,This is because the following call stack occurred: mem_pool_alloc kmem_cache_alloc_noprof slab_alloc_node kfence_alloc Once the kfence allocation is successful,slab->obj_exts will not be empty, because it has already been assigned a value in kfence_init_pool. Since in the prepare_slab_obj_exts_hook function,we perform a check for s->flags & (SLAB_NO_OBJ_EXT | SLAB_NOLEAKTRACE),the alloc_tag_add function will not be called as a result.Therefore,ref->ct remains NULL. However,when we call mem_pool_free,since obj_ext is not empty, it eventually leads to the alloc_tag_sub scenario being invoked. This is where the warning occurs. So we should add corresponding checks in the alloc_tagging_slab_free_hook. For __GFP_NO_OBJ_EXT case,I didn't see the specific case where it's using kfence,so I won't add the corresponding check in alloc_tagging_slab_free_hook for now. [ 3.734349] ------------[ cut here ]------------ [ 3.734807] alloc_tag was not set [ 3.735129] WARNING: CPU: 4 PID: 40 at ./include/linux/alloc_tag.h:130 kmem_cache_free+0x444/0x574 [ 3.735866] Modules linked in: autofs4 [ 3.736211] CPU: 4 UID: 0 PID: 40 Comm: ksoftirqd/4 Tainted: G W 6.11.0-rc3-dirty #1 [ 3.736969] Tainted: [W]=WARN [ 3.737258] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [ 3.737875] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.738501] pc : kmem_cache_free+0x444/0x574 [ 3.738951] lr : kmem_cache_free+0x444/0x574 [ 3.739361] sp : ffff80008357bb60 [ 3.739693] x29: ffff80008357bb70 x28: 0000000000000000 x27: 0000000000000000 [ 3.740338] x26: ffff80008207f000 x25: ffff000b2eb2fd60 x24: ffff0000c0005700 [ 3.740982] x23: ffff8000804229e4 x22: ffff800082080000 x21: ffff800081756000 [ 3.741630] x20: fffffd7ff8253360 x19: 00000000000000a8 x18: ffffffffffffffff [ 3.742274] x17: ffff800ab327f000 x16: ffff800083398000 x15: ffff800081756df0 [ 3.742919] x14: 0000000000000000 x13: 205d344320202020 x12: 5b5d373038343337 [ 3.743560] x11: ffff80008357b650 x10: 000000000000005d x9 : 00000000ffffffd0 [ 3.744231] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008237bad0 x6 : c0000000ffff7fff [ 3.744907] x5 : ffff80008237ba78 x4 : ffff8000820bbad0 x3 : 0000000000000001 [ 3.745580] x2 : 68d66547c09f7800 x1 : 68d66547c09f7800 x0 : 0000000000000000 [ 3.746255] Call trace: [ 3.746530] kmem_cache_free+0x444/0x574 [ 3.746931] mem_pool_free+0x44/0xf4 [ 3.747306] free_object_rcu+0xc8/0xdc [ 3.747693] rcu_do_batch+0x234/0x8a4 [ 3.748075] rcu_core+0x230/0x3e4 [ 3.748424] rcu_core_si+0x14/0x1c [ 3.748780] handle_softirqs+0x134/0x378 [ 3.749189] run_ksoftirqd+0x70/0x9c [ 3.749560] smpboot_thread_fn+0x148/0x22c [ 3.749978] kthread+0x10c/0x118 [ 3.750323] ret_from_fork+0x10/0x20 [ 3.750696] ---[ end trace 0000000000000000 ]--- Link: https://lkml.kernel.org/r/20240816013336.17505-1-hao.ge@linux.dev Fixes: 4b8736964640 ("mm/slab: add allocation accounting into slab allocation and free paths") Signed-off-by: Hao Ge <gehao(a)kylinos.cn> Cc: Christoph Lameter <cl(a)linux.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Kees Cook <kees(a)kernel.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slub.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/slub.c~mm-slub-add-check-for-s-flags-in-the-alloc_tagging_slab_free_hook +++ a/mm/slub.c @@ -2116,6 +2116,10 @@ alloc_tagging_slab_free_hook(struct kmem if (!mem_alloc_profiling_enabled()) return; + /* slab->obj_exts might not be NULL if it was created for MEMCG accounting. */ + if (s->flags & (SLAB_NO_OBJ_EXT | SLAB_NOLEAKTRACE)) + return; + obj_exts = slab_obj_exts(slab); if (!obj_exts) return; _ Patches currently in -mm which might be from gehao(a)kylinos.cn are mm-cma-change-the-addition-of-totalcma_pages-in-the-cma_init_reserved_mem.patch

8 months

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-fix-state-management-in-error-path-of-log-writing-function.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix state management in error path of log writing function has been removed from the -mm tree. Its filename was nilfs2-fix-state-management-in-error-path-of-log-writing-function.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix state management in error path of log writing function Date: Wed, 14 Aug 2024 19:11:19 +0900 After commit a694291a6211 ("nilfs2: separate wait function from nilfs_segctor_write") was applied, the log writing function nilfs_segctor_do_construct() was able to issue I/O requests continuously even if user data blocks were split into multiple logs across segments, but two potential flaws were introduced in its error handling. First, if nilfs_segctor_begin_construction() fails while creating the second or subsequent logs, the log writing function returns without calling nilfs_segctor_abort_construction(), so the writeback flag set on pages/folios will remain uncleared. This causes page cache operations to hang waiting for the writeback flag. For example, truncate_inode_pages_final(), which is called via nilfs_evict_inode() when an inode is evicted from memory, will hang. Second, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. As a result, if the next log write involves checkpoint creation, that's fine, but if a partial log write is performed that does not, inodes with NILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files" list, and their data and b-tree blocks may not be written to the device, corrupting the block mapping. Fix these issues by uniformly calling nilfs_segctor_abort_construction() on failure of each step in the loop in nilfs_segctor_do_construct(), having it clean up logs and segment usages according to progress, and correcting the conditions for calling nilfs_redirty_inodes() to ensure that the NILFS_I_COLLECTED flag is cleared. Link: https://lkml.kernel.org/r/20240814101119.4070-1-konishi.ryusuke@gmail.com Fixes: a694291a6211 ("nilfs2: separate wait function from nilfs_segctor_write") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/segment.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/fs/nilfs2/segment.c~nilfs2-fix-state-management-in-error-path-of-log-writing-function +++ a/fs/nilfs2/segment.c @@ -1812,6 +1812,9 @@ static void nilfs_segctor_abort_construc nilfs_abort_logs(&logs, ret ? : err); list_splice_tail_init(&sci->sc_segbufs, &logs); + if (list_empty(&logs)) + return; /* if the first segment buffer preparation failed */ + nilfs_cancel_segusage(&logs, nilfs->ns_sufile); nilfs_free_incomplete_logs(&logs, nilfs); @@ -2056,7 +2059,7 @@ static int nilfs_segctor_do_construct(st err = nilfs_segctor_begin_construction(sci, nilfs); if (unlikely(err)) - goto out; + goto failed; /* Update time stamp */ sci->sc_seg_ctime = ktime_get_real_seconds(); @@ -2120,10 +2123,9 @@ static int nilfs_segctor_do_construct(st return err; failed_to_write: - if (sci->sc_stage.flags & NILFS_CF_IFILE_STARTED) - nilfs_redirty_inodes(&sci->sc_dirty_files); - failed: + if (mode == SC_LSEG_SR && nilfs_sc_cstage_get(sci) >= NILFS_ST_IFILE) + nilfs_redirty_inodes(&sci->sc_dirty_files); if (nilfs_doing_gc()) nilfs_redirty_inodes(&sci->sc_gc_inodes); nilfs_segctor_abort_construction(sci, nilfs, err); _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-add-support-for-fs_ioc_getuuid.patch nilfs2-add-support-for-fs_ioc_getfssysfspath.patch nilfs2-add-support-for-fs_ioc_getfslabel.patch nilfs2-add-support-for-fs_ioc_setfslabel.patch nilfs2-do-not-output-warnings-when-clearing-dirty-buffers.patch nilfs2-add-missing-argument-description-for-__nilfs_error.patch nilfs2-add-missing-argument-descriptions-for-ioctl-related-helpers.patch nilfs2-improve-kernel-doc-comments-for-b-tree-node-helpers.patch nilfs2-fix-incorrect-kernel-doc-declaration-of-nilfs_palloc_req-structure.patch nilfs2-add-missing-description-of-nilfs_btree_path-structure.patch nilfs2-describe-the-members-of-nilfs_bmap_operations-structure.patch nilfs2-fix-inconsistencies-in-kernel-doc-comments-in-segmenth.patch nilfs2-fix-missing-initial-short-descriptions-of-kernel-doc-comments.patch nilfs2-treat-missing-sufile-header-block-as-metadata-corruption.patch nilfs2-treat-missing-cpfile-header-block-as-metadata-corruption.patch nilfs2-do-not-propagate-enoent-error-from-sufile-during-recovery.patch nilfs2-do-not-propagate-enoent-error-from-sufile-during-gc.patch nilfs2-do-not-propagate-enoent-error-from-nilfs_sufile_mark_dirty.patch nilfs2-use-the-bits_per_long-macro.patch nilfs2-separate-inode-type-information-from-i_state-field.patch nilfs2-eliminate-the-shared-counter-and-spinlock-for-i_generation.patch nilfs2-do-not-repair-reserved-inode-bitmap-in-nilfs_new_inode.patch nilfs2-remove-sc_timer_task.patch nilfs2-use-kthread_create-and-kthread_stop-for-the-log-writer-thread.patch nilfs2-refactor-nilfs_segctor_thread.patch

8 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror