- Linux-stable-mirror - lists.linaro.org

[PATCH v2] mpi3mr: Validating SAS port assignments

by Ranjan Kumar

Sanity on phy_mask was added by Tomas through [1]. It causes warning messages when >64 phys are detected (expander can have >64 phys) and devices connected to phys greater than 64 are dropped. phy_mask bitmap is only needed for controller phys(not required for expander phys).Controller phys can go maximum up to 64 and u64 is good enough to contain phy_mask bitmap. To suppress those warnings and allow devices to be discovered as before the [1], restrict the phy_mask setting and lowest phy setting only to the controller phys. [1]:https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/ drivers/scsi/mpi3mr?h=6.12/ scsi-queue&id=3668651def2c1622904e58b0280ee93121f2b10b Fixes: 3668651def2c ("mpi3mr: Sanitise num_phys") Cc: stable(a)vger.kernel.org Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202410051943.Mp9o5DlF-lkp@intel.com/ Reported-by: Alexander Motin <mav(a)ixsystems.com> Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi3mr.h | 4 +-- drivers/scsi/mpi3mr/mpi3mr_transport.c | 42 +++++++++++++++++--------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index dc2cdd5f0311..3822efe349e1 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -541,8 +541,8 @@ struct mpi3mr_hba_port { * @port_list: List of ports belonging to a SAS node * @num_phys: Number of phys associated with port * @marked_responding: used while refresing the sas ports - * @lowest_phy: lowest phy ID of current sas port - * @phy_mask: phy_mask of current sas port + * @lowest_phy: lowest phy ID of current sas port, valid for controller port + * @phy_mask: phy_mask of current sas port, valid for controller port * @hba_port: HBA port entry * @remote_identify: Attached device identification * @rphy: SAS transport layer rphy object diff --git a/drivers/scsi/mpi3mr/mpi3mr_transport.c b/drivers/scsi/mpi3mr/mpi3mr_transport.c index ccd23def2e0c..0ba9e6a6a13c 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_transport.c +++ b/drivers/scsi/mpi3mr/mpi3mr_transport.c @@ -590,12 +590,13 @@ static enum sas_linkrate mpi3mr_convert_phy_link_rate(u8 link_rate) * @mrioc: Adapter instance reference * @mr_sas_port: Internal Port object * @mr_sas_phy: Internal Phy object + * @host_node: Flag to indicate this is a host_node * * Return: None. */ static void mpi3mr_delete_sas_phy(struct mpi3mr_ioc *mrioc, struct mpi3mr_sas_port *mr_sas_port, - struct mpi3mr_sas_phy *mr_sas_phy) + struct mpi3mr_sas_phy *mr_sas_phy, u8 host_node) { u64 sas_address = mr_sas_port->remote_identify.sas_address; @@ -605,9 +606,13 @@ static void mpi3mr_delete_sas_phy(struct mpi3mr_ioc *mrioc, list_del(&mr_sas_phy->port_siblings); mr_sas_port->num_phys--; - mr_sas_port->phy_mask &= ~(1 << mr_sas_phy->phy_id); - if (mr_sas_port->lowest_phy == mr_sas_phy->phy_id) - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + + if (host_node) { + mr_sas_port->phy_mask &= ~(1 << mr_sas_phy->phy_id); + + if (mr_sas_port->lowest_phy == mr_sas_phy->phy_id) + mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + } sas_port_delete_phy(mr_sas_port->port, mr_sas_phy->phy); mr_sas_phy->phy_belongs_to_port = 0; } @@ -617,12 +622,13 @@ static void mpi3mr_delete_sas_phy(struct mpi3mr_ioc *mrioc, * @mrioc: Adapter instance reference * @mr_sas_port: Internal Port object * @mr_sas_phy: Internal Phy object + * @host_node: Flag to indicate this is a host_node * * Return: None. */ static void mpi3mr_add_sas_phy(struct mpi3mr_ioc *mrioc, struct mpi3mr_sas_port *mr_sas_port, - struct mpi3mr_sas_phy *mr_sas_phy) + struct mpi3mr_sas_phy *mr_sas_phy, u8 host_node) { u64 sas_address = mr_sas_port->remote_identify.sas_address; @@ -632,9 +638,12 @@ static void mpi3mr_add_sas_phy(struct mpi3mr_ioc *mrioc, list_add_tail(&mr_sas_phy->port_siblings, &mr_sas_port->phy_list); mr_sas_port->num_phys++; - mr_sas_port->phy_mask |= (1 << mr_sas_phy->phy_id); - if (mr_sas_phy->phy_id < mr_sas_port->lowest_phy) - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + if (host_node) { + mr_sas_port->phy_mask |= (1 << mr_sas_phy->phy_id); + + if (mr_sas_phy->phy_id < mr_sas_port->lowest_phy) + mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + } sas_port_add_phy(mr_sas_port->port, mr_sas_phy->phy); mr_sas_phy->phy_belongs_to_port = 1; } @@ -675,7 +684,7 @@ static void mpi3mr_add_phy_to_an_existing_port(struct mpi3mr_ioc *mrioc, if (srch_phy == mr_sas_phy) return; } - mpi3mr_add_sas_phy(mrioc, mr_sas_port, mr_sas_phy); + mpi3mr_add_sas_phy(mrioc, mr_sas_port, mr_sas_phy, mr_sas_node->host_node); return; } } @@ -736,7 +745,7 @@ static void mpi3mr_del_phy_from_an_existing_port(struct mpi3mr_ioc *mrioc, mpi3mr_delete_sas_port(mrioc, mr_sas_port); else mpi3mr_delete_sas_phy(mrioc, mr_sas_port, - mr_sas_phy); + mr_sas_phy, mr_sas_node->host_node); return; } } @@ -1028,7 +1037,7 @@ mpi3mr_alloc_hba_port(struct mpi3mr_ioc *mrioc, u16 port_id) /** * mpi3mr_get_hba_port_by_id - find hba port by id * @mrioc: Adapter instance reference - * @port_id - Port ID to search + * @port_id: Port ID to search * * Return: mpi3mr_hba_port reference for the matched port */ @@ -1367,7 +1376,8 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, mpi3mr_sas_port_sanity_check(mrioc, mr_sas_node, mr_sas_port->remote_identify.sas_address, hba_port); - if (mr_sas_node->num_phys >= sizeof(mr_sas_port->phy_mask) * 8) + if (mr_sas_node->host_node && mr_sas_node->num_phys >= + sizeof(mr_sas_port->phy_mask) * 8) ioc_info(mrioc, "max port count %u could be too high\n", mr_sas_node->num_phys); @@ -1377,7 +1387,7 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, (mr_sas_node->phy[i].hba_port != hba_port)) continue; - if (i >= sizeof(mr_sas_port->phy_mask) * 8) { + if (mr_sas_node->host_node && (i >= sizeof(mr_sas_port->phy_mask) * 8)) { ioc_warn(mrioc, "skipping port %u, max allowed value is %zu\n", i, sizeof(mr_sas_port->phy_mask) * 8); goto out_fail; @@ -1385,7 +1395,8 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, list_add_tail(&mr_sas_node->phy[i].port_siblings, &mr_sas_port->phy_list); mr_sas_port->num_phys++; - mr_sas_port->phy_mask |= (1 << i); + if (mr_sas_node->host_node) + mr_sas_port->phy_mask |= (1 << i); } if (!mr_sas_port->num_phys) { @@ -1394,7 +1405,8 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, goto out_fail; } - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + if (mr_sas_node->host_node) + mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; if (mr_sas_port->remote_identify.device_type == SAS_END_DEVICE) { tgtdev = mpi3mr_get_tgtdev_by_addr(mrioc, -- 2.31.1

8 months, 1 week

2
1
0 0

[tip: x86/urgent] x86/apic: Always explicitly disarm TSC-deadline timer

by tip-bot2 for Zhang Rui

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: ffd95846c6ec6cf1f93da411ea10d504036cab42 Gitweb: https://git.kernel.org/tip/ffd95846c6ec6cf1f93da411ea10d504036cab42 Author: Zhang Rui <rui.zhang(a)intel.com> AuthorDate: Tue, 15 Oct 2024 14:15:22 +08:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Tue, 15 Oct 2024 05:45:18 -07:00 x86/apic: Always explicitly disarm TSC-deadline timer New processors have become pickier about the local APIC timer state before entering low power modes. These low power modes are used (for example) when you close your laptop lid and suspend. If you put your laptop in a bag and it is not in this low power mode, it is likely to get quite toasty while it quickly sucks the battery dry. The problem boils down to some CPUs' inability to power down until the CPU recognizes that the local APIC timer is shut down. The current kernel code works in one-shot and periodic modes but does not work for deadline mode. Deadline mode has been the supported and preferred mode on Intel CPUs for over a decade and uses an MSR to drive the timer instead of an APIC register. Disable the TSC Deadline timer in lapic_timer_shutdown() by writing to MSR_IA32_TSC_DEADLINE when in TSC-deadline mode. Also avoid writing to the initial-count register (APIC_TMICT) which is ignored in TSC-deadline mode. Note: The APIC_LVTT|=APIC_LVT_MASKED operation should theoretically be enough to tell the hardware that the timer will not fire in any of the timer modes. But mitigating AMD erratum 411[1] also requires clearing out APIC_TMICT. Solely setting APIC_LVT_MASKED is also ineffective in practice on Intel Lunar Lake systems, which is the motivation for this change. 1. 411 Processor May Exit Message-Triggered C1E State Without an Interrupt if Local APIC Timer Reaches Zero - https://www.amd.com/content/dam/amd/en/documents/archived-tech-docs/revisio… Fixes: 279f1461432c ("x86: apic: Use tsc deadline for oneshot when available") Suggested-by: Dave Hansen <dave.hansen(a)intel.com> Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Tested-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Tested-by: Todd Brandt <todd.e.brandt(a)intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20241015061522.25288-1-rui.zhang%40intel.com --- arch/x86/kernel/apic/apic.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 6513c53..c5fb28e 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -440,7 +440,19 @@ static int lapic_timer_shutdown(struct clock_event_device *evt) v = apic_read(APIC_LVTT); v |= (APIC_LVT_MASKED | LOCAL_TIMER_VECTOR); apic_write(APIC_LVTT, v); - apic_write(APIC_TMICT, 0); + + /* + * Setting APIC_LVT_MASKED (above) should be enough to tell + * the hardware that this timer will never fire. But AMD + * erratum 411 and some Intel CPU behavior circa 2024 say + * otherwise. Time for belt and suspenders programming: mask + * the timer _and_ zero the counter registers: + */ + if (v & APIC_LVT_TIMER_TSCDEADLINE) + wrmsrl(MSR_IA32_TSC_DEADLINE, 0); + else + apic_write(APIC_TMICT, 0); + return 0; }

8 months, 1 week

1
0
0 0

+ fork-only-invoke-khugepaged-ksm-hooks-if-no-error.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fork: only invoke khugepaged, ksm hooks if no error has been added to the -mm mm-hotfixes-unstable branch. Its filename is fork-only-invoke-khugepaged-ksm-hooks-if-no-error.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: fork: only invoke khugepaged, ksm hooks if no error Date: Tue, 15 Oct 2024 18:56:06 +0100 There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") makes this more pertinent as we may be in a state where entries in the maple tree are not yet consistent. Their placement early in dup_mmap() only appears to have been meaningful for early error checking, and since functionally it'd require a very small allocation to fail (in practice 'too small to fail') that'd only occur in the most dire circumstances, meaning the fork would fail or be OOM'd in any case. Since both khugepaged and KSM tracking are there to provide optimisations to memory performance rather than critical functionality, it doesn't really matter all that much if, under such dire memory pressure, we fail to register an mm with these. As a result, we follow the example of commit d2081b2bf819 ("mm: khugepaged: make khugepaged_enter() void function") and make ksm_fork() a void function also. We only expose the mm to these functions once we are done with them and only if no error occurred in the fork operation. Link: https://lkml.kernel.org/r/e0cb8b840c9d1d5a6e84d4f8eff5f3f2022aa10c.17290143… Fixes: d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reported-by: Jann Horn <jannh(a)google.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Reviewed-by: Jann Horn <jannh(a)google.com> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Linus Torvalds <torvalds(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/ksm.h | 10 ++++------ kernel/fork.c | 7 ++----- 2 files changed, 6 insertions(+), 11 deletions(-) --- a/include/linux/ksm.h~fork-only-invoke-khugepaged-ksm-hooks-if-no-error +++ a/include/linux/ksm.h @@ -54,12 +54,11 @@ static inline long mm_ksm_zero_pages(str return atomic_long_read(&mm->ksm_zero_pages); } -static inline int ksm_fork(struct mm_struct *mm, struct mm_struct *oldmm) +static inline void ksm_fork(struct mm_struct *mm, struct mm_struct *oldmm) { + /* Adding mm to ksm is best effort on fork. */ if (test_bit(MMF_VM_MERGEABLE, &oldmm->flags)) - return __ksm_enter(mm); - - return 0; + __ksm_enter(mm); } static inline int ksm_execve(struct mm_struct *mm) @@ -107,9 +106,8 @@ static inline int ksm_disable(struct mm_ return 0; } -static inline int ksm_fork(struct mm_struct *mm, struct mm_struct *oldmm) +static inline void ksm_fork(struct mm_struct *mm, struct mm_struct *oldmm) { - return 0; } static inline int ksm_execve(struct mm_struct *mm) --- a/kernel/fork.c~fork-only-invoke-khugepaged-ksm-hooks-if-no-error +++ a/kernel/fork.c @@ -653,11 +653,6 @@ static __latent_entropy int dup_mmap(str mm->exec_vm = oldmm->exec_vm; mm->stack_vm = oldmm->stack_vm; - retval = ksm_fork(mm, oldmm); - if (retval) - goto out; - khugepaged_fork(mm, oldmm); - /* Use __mt_dup() to efficiently build an identical maple tree. */ retval = __mt_dup(&oldmm->mm_mt, &mm->mm_mt, GFP_KERNEL); if (unlikely(retval)) @@ -760,6 +755,8 @@ loop_out: vma_iter_free(&vmi); if (!retval) { mt_set_in_rcu(vmi.mas.tree); + ksm_fork(mm, oldmm); + khugepaged_fork(mm, oldmm); } else if (mpnt) { /* * The entire maple tree has already been duplicated. If the _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-mmap-correct-error-handling-in-mmap_region.patch maple_tree-correct-tree-corruption-on-spanning-store.patch maple_tree-add-regression-test-for-spanning-store-bug.patch maintainers-add-memory-mapping-vma-co-maintainers.patch fork-do-not-invoke-uffd-on-fork-if-error-occurs.patch fork-only-invoke-khugepaged-ksm-hooks-if-no-error.patch selftests-mm-add-pkey_sighandler_xx-hugetlb_dio-to-gitignore.patch mm-refactor-mm_access-to-not-return-null.patch mm-refactor-mm_access-to-not-return-null-fix.patch mm-madvise-unrestrict-process_madvise-for-current-process.patch maple_tree-do-not-hash-pointers-on-dump-in-debug-mode.patch

8 months, 1 week

1
0
0 0

+ fork-do-not-invoke-uffd-on-fork-if-error-occurs.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fork: do not invoke uffd on fork if error occurs has been added to the -mm mm-hotfixes-unstable branch. Its filename is fork-do-not-invoke-uffd-on-fork-if-error-occurs.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: fork: do not invoke uffd on fork if error occurs Date: Tue, 15 Oct 2024 18:56:05 +0100 Patch series "fork: do not expose incomplete mm on fork". During fork we may place the virtual memory address space into an inconsistent state before the fork operation is complete. In addition, we may encounter an error during the fork operation that indicates that the virtual memory address space is invalidated. As a result, we should not be exposing it in any way to external machinery that might interact with the mm or VMAs, machinery that is not designed to deal with incomplete state. We specifically update the fork logic to defer khugepaged and ksm to the end of the operation and only to be invoked if no error arose, and disallow uffd from observing fork events should an error have occurred. This patch (of 2): Currently on fork we expose the virtual address space of a process to userland unconditionally if uffd is registered in VMAs, regardless of whether an error arose in the fork. This is performed in dup_userfaultfd_complete() which is invoked unconditionally, and performs two duties - invoking registered handlers for the UFFD_EVENT_FORK event via dup_fctx(), and clearing down userfaultfd_fork_ctx objects established in dup_userfaultfd(). This is problematic, because the virtual address space may not yet be correctly initialised if an error arose. The change in commit d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") makes this more pertinent as we may be in a state where entries in the maple tree are not yet consistent. We address this by, on fork error, ensuring that we roll back state that we would otherwise expect to clean up through the event being handled by userland and perform the memory freeing duty otherwise performed by dup_userfaultfd_complete(). We do this by implementing a new function, dup_userfaultfd_fail(), which performs the same loop, only decrementing reference counts. Note that we perform mmgrab() on the parent and child mm's, however userfaultfd_ctx_put() will mmdrop() this once the reference count drops to zero, so we will avoid memory leaks correctly here. Link: https://lkml.kernel.org/r/cover.1729014377.git.lorenzo.stoakes@oracle.com Link: https://lkml.kernel.org/r/d3691d58bb58712b6fb3df2be441d175bd3cdf07.17290143… Fixes: d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reported-by: Jann Horn <jannh(a)google.com> Reviewed-by: Jann Horn <jannh(a)google.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Linus Torvalds <torvalds(a)linuxfoundation.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/userfaultfd.c | 28 ++++++++++++++++++++++++++++ include/linux/userfaultfd_k.h | 5 +++++ kernel/fork.c | 5 ++++- 3 files changed, 37 insertions(+), 1 deletion(-) --- a/fs/userfaultfd.c~fork-do-not-invoke-uffd-on-fork-if-error-occurs +++ a/fs/userfaultfd.c @@ -692,6 +692,34 @@ void dup_userfaultfd_complete(struct lis } } +void dup_userfaultfd_fail(struct list_head *fcs) +{ + struct userfaultfd_fork_ctx *fctx, *n; + + /* + * An error has occurred on fork, we will tear memory down, but have + * allocated memory for fctx's and raised reference counts for both the + * original and child contexts (and on the mm for each as a result). + * + * These would ordinarily be taken care of by a user handling the event, + * but we are no longer doing so, so manually clean up here. + * + * mm tear down will take care of cleaning up VMA contexts. + */ + list_for_each_entry_safe(fctx, n, fcs, list) { + struct userfaultfd_ctx *octx = fctx->orig; + struct userfaultfd_ctx *ctx = fctx->new; + + atomic_dec(&octx->mmap_changing); + VM_BUG_ON(atomic_read(&octx->mmap_changing) < 0); + userfaultfd_ctx_put(octx); + userfaultfd_ctx_put(ctx); + + list_del(&fctx->list); + kfree(fctx); + } +} + void mremap_userfaultfd_prep(struct vm_area_struct *vma, struct vm_userfaultfd_ctx *vm_ctx) { --- a/include/linux/userfaultfd_k.h~fork-do-not-invoke-uffd-on-fork-if-error-occurs +++ a/include/linux/userfaultfd_k.h @@ -249,6 +249,7 @@ static inline bool vma_can_userfault(str extern int dup_userfaultfd(struct vm_area_struct *, struct list_head *); extern void dup_userfaultfd_complete(struct list_head *); +void dup_userfaultfd_fail(struct list_head *); extern void mremap_userfaultfd_prep(struct vm_area_struct *, struct vm_userfaultfd_ctx *); @@ -351,6 +352,10 @@ static inline void dup_userfaultfd_compl { } +static inline void dup_userfaultfd_fail(struct list_head *l) +{ +} + static inline void mremap_userfaultfd_prep(struct vm_area_struct *vma, struct vm_userfaultfd_ctx *ctx) { --- a/kernel/fork.c~fork-do-not-invoke-uffd-on-fork-if-error-occurs +++ a/kernel/fork.c @@ -775,7 +775,10 @@ out: mmap_write_unlock(mm); flush_tlb_mm(oldmm); mmap_write_unlock(oldmm); - dup_userfaultfd_complete(&uf); + if (!retval) + dup_userfaultfd_complete(&uf); + else + dup_userfaultfd_fail(&uf); fail_uprobe_end: uprobe_end_dup_mmap(); return retval; _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are mm-mmap-correct-error-handling-in-mmap_region.patch maple_tree-correct-tree-corruption-on-spanning-store.patch maple_tree-add-regression-test-for-spanning-store-bug.patch maintainers-add-memory-mapping-vma-co-maintainers.patch fork-do-not-invoke-uffd-on-fork-if-error-occurs.patch fork-only-invoke-khugepaged-ksm-hooks-if-no-error.patch selftests-mm-add-pkey_sighandler_xx-hugetlb_dio-to-gitignore.patch mm-refactor-mm_access-to-not-return-null.patch mm-refactor-mm_access-to-not-return-null-fix.patch mm-madvise-unrestrict-process_madvise-for-current-process.patch maple_tree-do-not-hash-pointers-on-dump-in-debug-mode.patch

8 months, 1 week

1
0
0 0

+ nilfs2-fix-kernel-bug-due-to-missing-clearing-of-buffer-delay-flag.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: fix kernel bug due to missing clearing of buffer delay flag has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-fix-kernel-bug-due-to-missing-clearing-of-buffer-delay-flag.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Date: Wed, 16 Oct 2024 06:32:07 +0900 Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUG_ON check for the buffer delay flag in submit_bh_wbc() may fail, causing a kernel bug. This is because the buffer delay flag is not cleared when clearing the buffer state flags to discard a page/folio or a buffer head. So, fix this. This became necessary when the use of nilfs2's own page clear routine was expanded. This state inconsistency does not occur if the buffer is written normally by log writing. Link: https://lkml.kernel.org/r/20241015213300.7114-1-konishi.ryusuke@gmail.com Fixes: 8c26c4e2694a ("nilfs2: fix issue with flush kernel thread after remount in RO mode because of driver's internal error or metadata corruption") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+985ada84bf055a575c07(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=985ada84bf055a575c07 Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/page.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/fs/nilfs2/page.c~nilfs2-fix-kernel-bug-due-to-missing-clearing-of-buffer-delay-flag +++ a/fs/nilfs2/page.c @@ -77,7 +77,8 @@ void nilfs_forget_buffer(struct buffer_h const unsigned long clear_bits = (BIT(BH_Uptodate) | BIT(BH_Dirty) | BIT(BH_Mapped) | BIT(BH_Async_Write) | BIT(BH_NILFS_Volatile) | - BIT(BH_NILFS_Checked) | BIT(BH_NILFS_Redirected)); + BIT(BH_NILFS_Checked) | BIT(BH_NILFS_Redirected) | + BIT(BH_Delay)); lock_buffer(bh); set_mask_bits(&bh->b_state, clear_bits, 0); @@ -406,7 +407,8 @@ void nilfs_clear_folio_dirty(struct foli const unsigned long clear_bits = (BIT(BH_Uptodate) | BIT(BH_Dirty) | BIT(BH_Mapped) | BIT(BH_Async_Write) | BIT(BH_NILFS_Volatile) | - BIT(BH_NILFS_Checked) | BIT(BH_NILFS_Redirected)); + BIT(BH_NILFS_Checked) | BIT(BH_NILFS_Redirected) | + BIT(BH_Delay)); bh = head; do { _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-propagate-directory-read-errors-from-nilfs_find_entry.patch nilfs2-fix-kernel-bug-due-to-missing-clearing-of-buffer-delay-flag.patch

8 months, 1 week

1
0
0 0

Re: [PATCH 5.15 000/691] 5.15.168-rc1 review

by Richard Narron

Builds and runs fine on x86_64 and x86 (Slackware 15.0) Richard Narron

8 months, 1 week

1
0
0 0

[PATCH v6 4/5] tpm: Allocate chip->auth in tpm2_start_auth_session()

by Jarkko Sakkinen

Move allocation of chip->auth to tpm2_start_auth_session() so that the field can be used as flag to tell whether auth session is active or not. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v5: - No changes. v4: - Change to bug. v3: - No changes. v2: - A new patch. --- drivers/char/tpm/tpm2-sessions.c | 43 +++++++++++++++++++------------- 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 9ffd3da35d21..78d344607b53 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -484,7 +484,8 @@ static void tpm2_KDFe(u8 z[EC_PT_SZ], const char *str, u8 *pt_u, u8 *pt_v, sha256_final(&sctx, out); } -static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) +static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip, + struct tpm2_auth *auth) { struct crypto_kpp *kpp; struct kpp_request *req; @@ -543,7 +544,7 @@ static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) sg_set_buf(&s[0], chip->null_ec_key_x, EC_PT_SZ); sg_set_buf(&s[1], chip->null_ec_key_y, EC_PT_SZ); kpp_request_set_input(req, s, EC_PT_SZ*2); - sg_init_one(d, chip->auth->salt, EC_PT_SZ); + sg_init_one(d, auth->salt, EC_PT_SZ); kpp_request_set_output(req, d, EC_PT_SZ); crypto_kpp_compute_shared_secret(req); kpp_request_free(req); @@ -554,8 +555,7 @@ static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) * This works because KDFe fully consumes the secret before it * writes the salt */ - tpm2_KDFe(chip->auth->salt, "SECRET", x, chip->null_ec_key_x, - chip->auth->salt); + tpm2_KDFe(auth->salt, "SECRET", x, chip->null_ec_key_x, auth->salt); out: crypto_free_kpp(kpp); @@ -854,6 +854,8 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, /* manually close the session if it wasn't consumed */ tpm2_flush_context(chip, auth->handle); memzero_explicit(auth, sizeof(*auth)); + kfree(auth); + chip->auth = NULL; } else { /* reset for next use */ auth->session = TPM_HEADER_SIZE; @@ -882,6 +884,8 @@ void tpm2_end_auth_session(struct tpm_chip *chip) tpm2_flush_context(chip, auth->handle); memzero_explicit(auth, sizeof(*auth)); + kfree(auth); + chip->auth = NULL; } EXPORT_SYMBOL(tpm2_end_auth_session); @@ -970,25 +974,29 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) */ int tpm2_start_auth_session(struct tpm_chip *chip) { + struct tpm2_auth *auth; struct tpm_buf buf; - struct tpm2_auth *auth = chip->auth; - int rc; u32 null_key; + int rc; - if (!auth) { - dev_warn_once(&chip->dev, "auth session is not active\n"); + if (chip->auth) { + dev_warn_once(&chip->dev, "auth session is active\n"); return 0; } + auth = kzalloc(sizeof(*auth), GFP_KERNEL); + if (!auth) + return -ENOMEM; + rc = tpm2_load_null(chip, &null_key); if (rc) - goto out; + goto err; auth->session = TPM_HEADER_SIZE; rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_START_AUTH_SESS); if (rc) - goto out; + goto err; /* salt key handle */ tpm_buf_append_u32(&buf, null_key); @@ -1000,7 +1008,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip) tpm_buf_append(&buf, auth->our_nonce, sizeof(auth->our_nonce)); /* append encrypted salt and squirrel away unencrypted in auth */ - tpm_buf_append_salt(&buf, chip); + tpm_buf_append_salt(&buf, chip, auth); /* session type (HMAC, audit or policy) */ tpm_buf_append_u8(&buf, TPM2_SE_HMAC); @@ -1021,10 +1029,13 @@ int tpm2_start_auth_session(struct tpm_chip *chip) tpm_buf_destroy(&buf); - if (rc) - goto out; + if (rc == TPM2_RC_SUCCESS) { + chip->auth = auth; + return 0; + } - out: +err: + kfree(auth); return rc; } EXPORT_SYMBOL(tpm2_start_auth_session); @@ -1375,10 +1386,6 @@ int tpm2_sessions_init(struct tpm_chip *chip) if (rc) return rc; - chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL); - if (!chip->auth) - return -ENOMEM; - return rc; } EXPORT_SYMBOL(tpm2_sessions_init); -- 2.47.0

8 months, 1 week

1
0
0 0

[PATCH v6 3/5] tpm: flush the null key only when /dev/tpm0 is accessed

by Jarkko Sakkinen

Instead of flushing and reloading the null key for every single auth session, flush it only when: 1. User space needs to access /dev/tpm{rm}0. 2. When going to sleep. 3. When unregistering the chip. This removes the need to load and swap the null key between TPM and regular memory per transaction, when the user space is not using the chip. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation") Tested-by: Pengyu Ma <mapengyu(a)gmail.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v5: - No changes. v4: - Changed to bug fix as not having the patch there is a major hit to bootup times. v3: - Unchanged. v2: - Refined the commit message. - Added tested-by from Pengyu Ma <mapengyu(a)gmail.com>. - Removed spurious pr_info() statement. --- drivers/char/tpm/tpm-chip.c | 13 +++++++++++++ drivers/char/tpm/tpm-dev-common.c | 7 +++++++ drivers/char/tpm/tpm-interface.c | 9 +++++++-- drivers/char/tpm/tpm2-cmd.c | 3 +++ drivers/char/tpm/tpm2-sessions.c | 17 ++++++++++++++--- include/linux/tpm.h | 2 ++ 6 files changed, 46 insertions(+), 5 deletions(-) diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index 854546000c92..0ea00e32f575 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -674,6 +674,19 @@ EXPORT_SYMBOL_GPL(tpm_chip_register); */ void tpm_chip_unregister(struct tpm_chip *chip) { +#ifdef CONFIG_TCG_TPM2_HMAC + int rc; + + rc = tpm_try_get_ops(chip); + if (!rc) { + if (chip->flags & TPM_CHIP_FLAG_TPM2) { + tpm2_flush_context(chip, chip->null_key); + chip->null_key = 0; + } + tpm_put_ops(chip); + } +#endif + tpm_del_legacy_sysfs(chip); if (tpm_is_hwrng_enabled(chip)) hwrng_unregister(&chip->hwrng); diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-common.c index c3fbbf4d3db7..4bc07963e260 100644 --- a/drivers/char/tpm/tpm-dev-common.c +++ b/drivers/char/tpm/tpm-dev-common.c @@ -27,6 +27,13 @@ static ssize_t tpm_dev_transmit(struct tpm_chip *chip, struct tpm_space *space, struct tpm_header *header = (void *)buf; ssize_t ret, len; +#ifdef CONFIG_TCG_TPM2_HMAC + if (chip->flags & TPM_CHIP_FLAG_TPM2) { + tpm2_flush_context(chip, chip->null_key); + chip->null_key = 0; + } +#endif + ret = tpm2_prepare_space(chip, space, buf, bufsiz); /* If the command is not implemented by the TPM, synthesize a * response with a TPM2_RC_COMMAND_CODE return for user-space. diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 5da134f12c9a..bfa47d48b0f2 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -379,10 +379,15 @@ int tpm_pm_suspend(struct device *dev) rc = tpm_try_get_ops(chip); if (!rc) { - if (chip->flags & TPM_CHIP_FLAG_TPM2) + if (chip->flags & TPM_CHIP_FLAG_TPM2) { +#ifdef CONFIG_TCG_TPM2_HMAC + tpm2_flush_context(chip, chip->null_key); + chip->null_key = 0; +#endif tpm2_shutdown(chip, TPM2_SU_STATE); - else + } else { rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); + } tpm_put_ops(chip); } diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 1e856259219e..aba024cbe7c5 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -364,6 +364,9 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle) struct tpm_buf buf; int rc; + if (!handle) + return; + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT); if (rc) { dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n", diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 1215c53f0ae7..9ffd3da35d21 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -920,11 +920,19 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) u32 tmp_null_key; int rc; + /* fast path */ + if (chip->null_key) { + *null_key = chip->null_key; + return 0; + } + rc = tpm2_load_context(chip, chip->null_key_context, &offset, &tmp_null_key); if (rc != -EINVAL) { - if (!rc) + if (!rc) { + chip->null_key = tmp_null_key; *null_key = tmp_null_key; + } goto err; } @@ -934,6 +942,7 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) /* Return the null key if the name has not been changed: */ if (memcmp(name, chip->null_key_name, sizeof(name)) == 0) { + chip->null_key = tmp_null_key; *null_key = tmp_null_key; return 0; } @@ -1006,7 +1015,6 @@ int tpm2_start_auth_session(struct tpm_chip *chip) tpm_buf_append_u16(&buf, TPM_ALG_SHA256); rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session"); - tpm2_flush_context(chip, null_key); if (rc == TPM2_RC_SUCCESS) rc = tpm2_parse_start_auth_session(auth, &buf); @@ -1338,7 +1346,10 @@ static int tpm2_create_null_primary(struct tpm_chip *chip) rc = tpm2_save_context(chip, null_key, chip->null_key_context, sizeof(chip->null_key_context), &offset); - tpm2_flush_context(chip, null_key); + if (rc) + tpm2_flush_context(chip, null_key); + else + chip->null_key = null_key; } return rc; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 587b96b4418e..28a932aa0416 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -205,6 +205,8 @@ struct tpm_chip { #ifdef CONFIG_TCG_TPM2_HMAC /* details for communication security via sessions */ + /* loaded null key */ + u32 null_key; /* saved context for NULL seed */ u8 null_key_context[TPM2_MAX_CONTEXT_SIZE]; /* name of NULL seed */ -- 2.47.0

8 months, 1 week

1
0
0 0

[PATCH v6 2/5] tpm: Implement tpm2_load_null() rollback

by Jarkko Sakkinen

tpm2_load_null() has weak and broken error handling: - The return value of tpm2_create_primary() is ignored. - Leaks TPM return codes from tpm2_load_context() to the caller. - If the key name comparison succeeds returns previous error instead of zero to the caller. Implement a proper error rollback. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: eb24c9788cd9 ("tpm: disable the TPM if NULL name changes") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v6: - Address Stefan's remark: https://lore.kernel.org/linux-integrity/def4ec2d-584b-405f-9d5e-99267013c3c… v5: - Fix the TPM error code leak from tpm2_load_context(). v4: - No changes. v3: - Update log messages. Previously the log message incorrectly stated on load failure that integrity check had been failed, even tho the check is done *after* the load operation. v2: - Refined the commit message. - Reverted tpm2_create_primary() changes. They are not required if tmp_null_key is used as the parameter. --- drivers/char/tpm/tpm2-sessions.c | 43 +++++++++++++++++--------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 253639767c1e..1215c53f0ae7 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -915,33 +915,36 @@ static int tpm2_parse_start_auth_session(struct tpm2_auth *auth, static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) { - int rc; unsigned int offset = 0; /* dummy offset for null seed context */ u8 name[SHA256_DIGEST_SIZE + 2]; + u32 tmp_null_key; + int rc; rc = tpm2_load_context(chip, chip->null_key_context, &offset, - null_key); - if (rc != -EINVAL) - return rc; + &tmp_null_key); + if (rc != -EINVAL) { + if (!rc) + *null_key = tmp_null_key; + goto err; + } - /* an integrity failure may mean the TPM has been reset */ - dev_err(&chip->dev, "NULL key integrity failure!\n"); - /* check the null name against what we know */ - tpm2_create_primary(chip, TPM2_RH_NULL, NULL, name); - if (memcmp(name, chip->null_key_name, sizeof(name)) == 0) - /* name unchanged, assume transient integrity failure */ - return rc; - /* - * Fatal TPM failure: the NULL seed has actually changed, so - * the TPM must have been illegally reset. All in-kernel TPM - * operations will fail because the NULL primary can't be - * loaded to salt the sessions, but disable the TPM anyway so - * userspace programmes can't be compromised by it. - */ - dev_err(&chip->dev, "NULL name has changed, disabling TPM due to interference\n"); + rc = tpm2_create_primary(chip, TPM2_RH_NULL, &tmp_null_key, name); + if (rc) + goto err; + + /* Return the null key if the name has not been changed: */ + if (memcmp(name, chip->null_key_name, sizeof(name)) == 0) { + *null_key = tmp_null_key; + return 0; + } + + /* Deduce from the name change TPM interference: */ + dev_err(&chip->dev, "the null key integrity check failedh\n"); + tpm2_flush_context(chip, tmp_null_key); chip->flags |= TPM_CHIP_FLAG_DISABLE; - return rc; +err: + return rc ? -ENODEV : 0; } /** -- 2.47.0

8 months, 1 week

1
0
0 0

[PATCH 0/6] arm64: probes: fixes and cleanup

by Mark Rutland

These patches address some issues I spotted while looking at kprobes and uprobes. Patch 1 is the most pressing, as a uprobes user can trigger a kernel BUG(). Patches 2 and 3 fix latent endianness bugs which only manifest on big-endian kernels, and patchs 4-6 clean things up so that it's harder to get this wrong again in future. Mark. Mark Rutland (6): arm64: probes: Remove broken LDR (literal) uprobe support arm64: probes: Fix simulate_ldr*_literal() arm64: probes: Fix uprobes for big-endian kernels arm64: probes: Move kprobes-specific fields arm64: probes: Cleanup kprobes endianness conversions arm64: probes: Remove probe_opcode_t arch/arm64/include/asm/probes.h | 11 +++---- arch/arm64/include/asm/uprobes.h | 8 ++--- arch/arm64/kernel/probes/decode-insn.c | 22 ++++++++----- arch/arm64/kernel/probes/decode-insn.h | 2 +- arch/arm64/kernel/probes/kprobes.c | 39 ++++++++++++------------ arch/arm64/kernel/probes/simulate-insn.c | 18 +++++------ arch/arm64/kernel/probes/uprobes.c | 8 ++--- 7 files changed, 53 insertions(+), 55 deletions(-) -- 2.30.2

8 months, 1 week

3
8
0 0

[PATCH] comedi: Flush partial mappings in error case

by Jann Horn

If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path. Fix it by explicitly flushing all mappings in our VMA on the comedi_mmap() error path. See commit 79a61cc3fc04 ("mm: avoid leaving partial pfn mappings around in error case"). Cc: stable(a)vger.kernel.org Fixes: ed9eccbe8970 ("Staging: add comedi core") Signed-off-by: Jann Horn <jannh(a)google.com> --- Note: compile-tested only; I don't actually have comedi hardware, and I don't know anything about comedi. --- drivers/comedi/comedi_fops.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/comedi/comedi_fops.c b/drivers/comedi/comedi_fops.c index 1b481731df96..0e573df8646f 100644 --- a/drivers/comedi/comedi_fops.c +++ b/drivers/comedi/comedi_fops.c @@ -2414,6 +2414,15 @@ static int comedi_mmap(struct file *file, struct vm_area_struct *vma) vma->vm_private_data = bm; vma->vm_ops->open(vma); + } else { + /* + * Leaving behind a partial mapping of a buffer we're about to + * drop is unsafe, see remap_pfn_range_notrack(). + * We need to zap the range here ourselves instead of relying + * on the automatic zapping in remap_pfn_range() because we call + * remap_pfn_range() in a loop. + */ + zap_page_range_single(vma, vma->vm_start, size, NULL); } done: --- base-commit: 6485cf5ea253d40d507cd71253c9568c5470cd27 change-id: 20241014-comedi-tlb-400246505961 -- Jann Horn <jannh(a)google.com>

8 months, 1 week

2
2
0 0

[PATCH 1/4] efi/libstub: Free correct pointer on failure

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation that should be freed when cleaning up after a failure, so pass this instead to free_pool(). Fixes: 42c8ea3dca09 ("efi: libstub: Factor out EFI stub entrypoint ...") Cc: <stable(a)vger.kernel.org> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- drivers/firmware/efi/libstub/efi-stub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c index f09e277ba210..fc71dcab43e0 100644 --- a/drivers/firmware/efi/libstub/efi-stub.c +++ b/drivers/firmware/efi/libstub/efi-stub.c @@ -148,7 +148,7 @@ efi_status_t efi_handle_cmdline(efi_loaded_image_t *image, char **cmdline_ptr) return EFI_SUCCESS; fail_free_cmdline: - efi_bs_call(free_pool, cmdline_ptr); + efi_bs_call(free_pool, cmdline); return status; } -- 2.47.0.rc1.288.g06298d1525-goog

8 months, 1 week

1
0
0 0

[PATCH net v2 0/2] mptcp: prevent MPC handshake on port-based signal endpoints

by Matthieu Baerts (NGI0)

MPTCP connection requests toward a listening socket created by the in-kernel PM for a port based signal endpoint will never be accepted, they need to be explicitly rejected. - Patch 1: Explicitly reject such requests. A fix for >= v5.12. - Patch 2: Cover this case in the MPTCP selftests to avoid regressions. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Changes in v2: - This new version fixes the root cause for the issue Cong Wang sent a patch for a few weeks ago, see the v1, and the explanations below. The new version is very different from the v1, from a different author. Thanks to Cong Wang for the first analysis, and to Paolo for having spot the root cause, and sent a fix for it. - Link to v1: https://lore.kernel.org/r/20240908180620.822579-1-xiyou.wangcong@gmail.com - Link: https://lore.kernel.org/r/a5289a0d-2557-40b8-9575-6f1a0bbf06e4@redhat.com --- Paolo Abeni (2): mptcp: prevent MPC handshake on port-based signal endpoints selftests: mptcp: join: test for prohibited MPC to port-based endp net/mptcp/mib.c | 1 + net/mptcp/mib.h | 1 + net/mptcp/pm_netlink.c | 1 + net/mptcp/protocol.h | 1 + net/mptcp/subflow.c | 11 +++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 117 +++++++++++++++++------- 6 files changed, 101 insertions(+), 31 deletions(-) --- base-commit: 174714f0e505070a16be6fbede30d32b81df789f change-id: 20241014-net-mptcp-mpc-port-endp-4f88bd428ec7 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

8 months, 1 week

2
3
0 0

[PATCH net v2 1/1] net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY

by Oleksij Rempel

A boot delay was introduced by commit 79540d133ed6 ("net: macb: Fix handling of fixed-link node"). This delay was caused by the call to `mdiobus_register()` in cases where a fixed-link PHY was present. The MDIO bus registration triggered unnecessary PHY address scans, leading to a 20-second delay due to attempts to detect Clause 45 (C45) compatible PHYs, despite no MDIO bus being attached. The commit 79540d133ed6 ("net: macb: Fix handling of fixed-link node") was originally introduced to fix a regression caused by commit 7897b071ac3b4 ("net: macb: convert to phylink"), which caused the driver to misinterpret fixed-link nodes as PHY nodes. This resulted in warnings like: mdio_bus f0028000.ethernet-ffffffff: fixed-link has invalid PHY address mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 0 ... mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 31 This patch reworks the logic to avoid registering and allocation of the MDIO bus when: - The device tree contains a fixed-link node. - There is no "mdio" child node in the device tree. If a child node named "mdio" exists, the MDIO bus will be registered to support PHYs attached to the MACB's MDIO bus. Otherwise, with only a fixed-link, the MDIO bus is skipped. Tested on a sama5d35 based system with a ksz8863 switch attached to macb0. Fixes: 79540d133ed6 ("net: macb: Fix handling of fixed-link node") Signed-off-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Cc: stable(a)vger.kernel.org Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> --- changes v2: - s/some PHYs may be attached/some devices may be attached/ --- drivers/net/ethernet/cadence/macb_main.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index f06babec04a0b..56901280ba047 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -930,9 +930,6 @@ static int macb_mdiobus_register(struct macb *bp) return ret; } - if (of_phy_is_fixed_link(np)) - return mdiobus_register(bp->mii_bus); - /* Only create the PHY from the device tree if at least one PHY is * described. Otherwise scan the entire MDIO bus. We do this to support * old device tree that did not follow the best practices and did not @@ -953,8 +950,19 @@ static int macb_mdiobus_register(struct macb *bp) static int macb_mii_init(struct macb *bp) { + struct device_node *child, *np = bp->pdev->dev.of_node; int err = -ENXIO; + /* With fixed-link, we don't need to register the MDIO bus, + * except if we have a child named "mdio" in the device tree. + * In that case, some devices may be attached to the MACB's MDIO bus. + */ + child = of_get_child_by_name(np, "mdio"); + if (child) + of_node_put(child); + else if (of_phy_is_fixed_link(np)) + return macb_mii_probe(bp->dev); + /* Enable management port */ macb_writel(bp, NCR, MACB_BIT(MPE)); -- 2.39.5

8 months, 1 week

2
1
0 0

[PATCH] pstore: Fix uaf when backend is unregistered

by Zach Wade

when unload pstore_blk, we will unlink the pstore file and set pos->dentry to NULL, but simple_unlink(d_inode(root), pos->dentry) may free inode of pos->dentry and free pos by free_pstore_private, this may trigger uaf. kasan report: kernel: ================================================================== kernel: BUG: KASAN: slab-use-after-free in pstore_put_backend_records+0x3a4/0x480 kernel: Write of size 8 at addr ffff8883efbe0390 by task modprobe/4308 kernel: kernel: CPU: 1 PID: 4308 Comm: modprobe Kdump: loaded Not tainted 6.10.9-arch1-2 #2 5fd36c90225554e2cc88363729bd91e76130a89f kernel: Hardware name: ASUS System Product Name/TUF GAMING X670E-PLUS, BIOS 3024 08/02/2024 kernel: Call Trace: kernel: <TASK> kernel: dump_stack_lvl+0x5d/0x80 kernel: print_report+0x174/0x505 kernel: ? __pfx__raw_spin_lock_irqsave+0x10/0x10 kernel: ? pstore_put_backend_records+0x3a4/0x480 kernel: kasan_report+0xd0/0x150 kernel: ? pstore_put_backend_records+0x3a4/0x480 kernel: pstore_put_backend_records+0x3a4/0x480 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: pstore_unregister+0x88/0x1b0 kernel: unregister_pstore_zone+0x2f/0xd0 [pstore_zone 35171c701a99c31efe207b7a718dc583e4a6503a] kernel: pstore_blk_exit+0x30/0x90 [pstore_blk 589d82101219208d8968e3adda9b96a2d42df635] kernel: __do_sys_delete_module+0x350/0x560 kernel: ? __pfx___do_sys_delete_module+0x10/0x10 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? __memcg_slab_free_hook+0x28e/0x470 kernel: ? __pfx___audit_syscall_exit+0x10/0x10 kernel: do_syscall_64+0x82/0x190 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? do_syscall_64+0x8e/0x190 kernel: ? seq_read_iter+0x62f/0x1220 kernel: ? __x64_sys_openat+0x300/0x380 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? kasan_save_track+0x14/0x30 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? vfs_read+0x9a7/0xf00 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? __audit_syscall_exit+0x38a/0x520 kernel: ? __pfx_vfs_read+0x10/0x10 kernel: ? __pfx___audit_syscall_exit+0x10/0x10 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? __audit_syscall_exit+0x38a/0x520 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? __pfx___audit_syscall_exit+0x10/0x10 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? __x64_sys_read+0x162/0x250 kernel: ? __pfx___x64_sys_read+0x10/0x10 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? syscall_exit_to_user_mode_prepare+0x148/0x170 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? syscall_exit_to_user_mode+0x73/0x1f0 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? do_syscall_64+0x8e/0x190 kernel: ? syscall_exit_to_user_mode+0x73/0x1f0 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e kernel: RIP: 0033:0x741f9d72946b kernel: Code: 73 01 c3 48 8b 0d a5 c8 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 75 c8 0c 00 f7 d8 64 89 01 48 kernel: RSP: 002b:00007ffed7e621f8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 kernel: RAX: ffffffffffffffda RBX: 00006455e060ed30 RCX: 0000741f9d72946b kernel: RDX: 0000000000000000 RSI: 0000000000000800 RDI: 00006455e060ed98 kernel: RBP: 00007ffed7e62220 R08: 1999999999999999 R09: 0000000000000000 kernel: R10: 0000741f9d7a5fe0 R11: 0000000000000206 R12: 0000000000000000 kernel: R13: 00007ffed7e62250 R14: 0000000000000000 R15: 0000000000000000 kernel: </TASK> kernel: kernel: Allocated by task 3957: kernel: kasan_save_stack+0x30/0x50 kernel: kasan_save_track+0x14/0x30 kernel: __kasan_kmalloc+0xaa/0xb0 kernel: pstore_mkfile+0x47e/0xbe0 kernel: pstore_get_backend_records+0x560/0x920 kernel: pstore_get_records+0xec/0x180 kernel: pstore_register+0x1c3/0x5a0 kernel: register_pstore_zone.cold+0x298/0x3d1 [pstore_zone] kernel: pstore_blk_init+0x63c/0xff0 [pstore_blk] kernel: do_one_initcall+0xa4/0x380 kernel: do_init_module+0x28a/0x7c0 kernel: load_module+0x7b57/0xb020 kernel: init_module_from_file+0xdf/0x150 kernel: idempotent_init_module+0x23c/0x780 kernel: __x64_sys_finit_module+0xbe/0x130 kernel: do_syscall_64+0x82/0x190 kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e kernel: kernel: Freed by task 4308: kernel: kasan_save_stack+0x30/0x50 kernel: kasan_save_track+0x14/0x30 kernel: kasan_save_free_info+0x3b/0x60 kernel: __kasan_slab_free+0x12c/0x1b0 kernel: kfree+0x198/0x3b0 kernel: evict+0x33d/0xab0 kernel: __dentry_kill+0x17f/0x590 kernel: dput+0x2d9/0x810 kernel: simple_unlink+0xf4/0x140 kernel: pstore_put_backend_records+0x271/0x480 kernel: pstore_unregister+0x88/0x1b0 kernel: unregister_pstore_zone+0x2f/0xd0 [pstore_zone] kernel: pstore_blk_exit+0x30/0x90 [pstore_blk] kernel: __do_sys_delete_module+0x350/0x560 kernel: do_syscall_64+0x82/0x190 kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e kernel: kernel: The buggy address belongs to the object at ffff8883efbe0380 which belongs to the cache kmalloc-64 of size 64 kernel: The buggy address is located 16 bytes inside of freed 64-byte region [ffff8883efbe0380, ffff8883efbe03c0) kernel: kernel: The buggy address belongs to the physical page: kernel: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3efbe0 kernel: memcg:ffff8883ef245801 kernel: flags: 0x2ffff8000000000(node=0|zone=2|lastcpupid=0x1ffff) kernel: page_type: 0xffffefff(slab) kernel: raw: 02ffff8000000000 ffff88810004c8c0 ffffea00043dcc40 dead000000000004 kernel: raw: 0000000000000000 0000000000200020 00000001ffffefff ffff8883ef245801 kernel: page dumped because: kasan: bad access detected kernel: kernel: Memory state around the buggy address: kernel: ffff8883efbe0280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc kernel: ffff8883efbe0300: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc kernel: >ffff8883efbe0380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc kernel: ^ kernel: ffff8883efbe0400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc kernel: ffff8883efbe0480: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc kernel: ================================================================== kernel: Disabling lock debugging due to kernel taint kernel: pstore: Unregistered pstore_blk as persistent store backend kernel: ------------[ cut here ]------------ place the pos->dentry = NULL before simple_unlink(d_inode(root), pos->dentry) Fixes: 609e28bb139e ("pstore: Remove filesystem records when backend is unregistered") Signed-off-by: Li XingYang <lixingyang1(a)qq.com> Signed-off-by: Zach Wade <zachwade.k(a)gmail.com> --- fs/pstore/inode.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c index 56815799ce79..7561693e0f32 100644 --- a/fs/pstore/inode.c +++ b/fs/pstore/inode.c @@ -306,7 +306,7 @@ static struct dentry *psinfo_lock_root(void) int pstore_put_backend_records(struct pstore_info *psi) { struct pstore_private *pos, *tmp; - struct dentry *root; + struct dentry *root, *unlink_dentry; root = psinfo_lock_root(); if (!root) @@ -316,9 +316,10 @@ int pstore_put_backend_records(struct pstore_info *psi) list_for_each_entry_safe(pos, tmp, &records_list, list) { if (pos->record->psi == psi) { list_del_init(&pos->list); - d_invalidate(pos->dentry); - simple_unlink(d_inode(root), pos->dentry); + unlink_dentry = pos->dentry; pos->dentry = NULL; + d_invalidate(unlink_dentry); + simple_unlink(d_inode(root), unlink_dentry); } } } -- 2.46.2

8 months, 1 week

3
4
0 0

[PATCH 6.1 000/798] 6.1.113-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.113 release. There are 798 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 16 Oct 2024 14:09:57 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.113-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.113-rc1 Jack Wang <jinpu.wang(a)ionos.com> Revert "iommu/vt-d: Retrieve IOMMU perfmon capability information" Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix uaf for accessing waker_bfqq after splitting Arnaldo Carvalho de Melo <acme(a)redhat.com> perf lock: Don't pass an ERR_PTR() directly to perf_session__delete() Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Restore TSO support Patrick Roy <roypat(a)amazon.co.uk> secretmem: disable memfd_secret() if arch cannot set direct map Frederic Weisbecker <frederic(a)kernel.org> kthread: unpark only parked kthread Yonatan Maman <Ymaman(a)Nvidia.com> nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error Kun(llfl) <llfl(a)linux.alibaba.com> device-dax: correct pgoff align in dax_set_mapping() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not remove closing subflows Paolo Abeni <pabeni(a)redhat.com> mptcp: handle consistently DSS corruption Anatolij Gustschin <agust(a)denx.de> net: dsa: lan9303: ensure chip reset and wait for READY status Anastasia Kovaleva <a.kovaleva(a)yadro.com> net: Fix an unsafe loop on the list Ignat Korchagin <ignat(a)cloudflare.com> net: explicitly clear the sk pointer, when pf->create fails Niklas Cassel <cassel(a)kernel.org> ata: libata: avoid superfluous disk spin down + spin up during hibernation Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fallback when MPTCP opts are dropped after 1st data Daniel Palmer <daniel(a)0x0f.com> scsi: wd33c93: Don't use stale scsi_pointer value Maíra Canal <mcanal(a)igalia.com> drm/vc4: Stop the active perfmon before being destroyed Maíra Canal <mcanal(a)igalia.com> drm/v3d: Stop the active perfmon before being destroyed SurajSonawane2415 <surajsonawane0215(a)gmail.com> hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: core: force synchronous registration Icenowy Zheng <uwu(a)icenowy.me> usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip Jose Alberto Reguero <jose.alberto.reguero(a)gmail.com> usb: xhci: Fix problem with xhci resume from suspend Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Stop processing of pending events if controller is halted Oliver Neukum <oneukum(a)suse.com> Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" Wade Wang <wade.wang(a)hp.com> HID: plantronics: Workaround for an unexcepted opposite volume key Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() Sasha Levin <sashal(a)kernel.org> Revert "net: ibm/emac: allocate dummy net_device dynamically" Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (adt7470) Add missing dependency on REGMAP_I2C Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (adm9240) Add missing dependency on REGMAP_I2C Guenter Roeck <linux(a)roeck-us.net> hwmon: (tmp513) Add missing dependency on REGMAP_I2C Kenton Groombridge <concord(a)gentoo.org> wifi: mac80211: Avoid address calculations via out of bounds array indexing Shay Drory <shayd(a)nvidia.com> net/mlx5: Always drain health in shutdown callback He Lugang <helugang(a)uniontech.com> HID: multitouch: Add support for lenovo Y9000P Touchpad Boqun Feng <boqun.feng(a)gmail.com> rust: macros: provide correct provenance when constructing THIS_MODULE Eric Dumazet <edumazet(a)google.com> slip: make slhc_remember() more robust against malicious packets Eric Dumazet <edumazet(a)google.com> ppp: fix ppp_async_encode() illegal access Kuniyuki Iwashima <kuniyu(a)amazon.com> mctp: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> vxlan: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> rtnetlink: Add bulk registration helpers for rtnetlink message handlers. Rosen Penev <rosenp(a)gmail.com> net: ibm: emac: mal: add dcr_unmap to _remove Breno Leitao <leitao(a)debian.org> net: ibm/emac: allocate dummy net_device dynamically Florian Westphal <fw(a)strlen.de> netfilter: fib: check correct rtable in vrf setups Florian Westphal <fw(a)strlen.de> netfilter: xtables: avoid NFPROTO_UNSPEC where needed Xin Long <lucien.xin(a)gmail.com> sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start Filipe Manana <fdmanana(a)suse.com> btrfs: zoned: fix missing RCU locking in error message when loading zone info Rosen Penev <rosenp(a)gmail.com> net: ibm: emac: mal: fix wrong goto Eric Dumazet <edumazet(a)google.com> net/sched: accept TCA_STAB only for root qdisc Mohamed Khalfella <mkhalfella(a)purestorage.com> igb: Do not bring the device up after non-fatal error Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: Fix macvlan leak by synchronizing access to mac_filter_hash Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix netif_is_ice() in Safe Mode Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Use devm_clk api to manage clock source Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Add the flush write to ensure the write complete. Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix jumbo frames on 10/100 ports Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow lower MTUs on BCM5325/5365 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix max MTU for BCM5325/BCM5365 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix max MTU for 1g switches Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix jumbo frame mtu check Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: adi: adin1110: Fix some error handling path in adin1110_read_fifo() Jakub Kicinski <kuba(a)kernel.org> Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled" Zhang Rui <rui.zhang(a)intel.com> thermal: intel: int340x: processor: Fix warning during module unload Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: int340x: processor_thermal: Set feature mask before proc_thermal_add Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: phy: bcm84881: Fix some error handling paths Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change Kacper Ludwinski <kac.ludwinski(a)icloud.com> selftests: net: no_forwarding: fix VID for $swp2 in one_bridge_two_pvids() test Andy Roulin <aroulin(a)nvidia.com> netfilter: br_netfilter: fix panic with metadata_dst skb Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe Neal Cardwell <ncardwell(a)google.com> tcp: fix to allow timestamp undo if no retransmits were sent Ingo van Lil <inguin(a)gmx.de> net: phy: dp83869: fix memory corruption when enabling fiber Yanjun Zhang <zhangyanjun(a)cestc.cn> NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() Dan Carpenter <dan.carpenter(a)linaro.org> SUNRPC: Fix integer overflow in decode_rc_list() Dave Ertman <david.m.ertman(a)intel.com> ice: fix VLAN replay after reset Chuck Lever <chuck.lever(a)oracle.com> NFSD: Mark filecache "down" if init fails Val Packett <val(a)packett.cool> drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 Sascha Hauer <s.hauer(a)pengutronix.de> drm/rockchip: vop: limit maximum resolution to hardware capabilities Andrey Shumilin <shum.sdl(a)nppct.ru> fbdev: sisfb: Fix strbuf array overflow Qianqiang Liu <qianqiang.liu(a)163.com> fbcon: Fix a NULL pointer dereference issue in fbcon_putcs Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointer before dereferencing se Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute Riyan Dhiman <riyandhiman14(a)gmail.com> staging: vme_user: added bound check to geoid Zhu Jun <zhujun2(a)cmss.chinamobile.com> tools/iio: Add memory allocation failure check for trigger_name Philip Chen <philipchen(a)chromium.org> virtio_pmem: Check device status before requesting flush Simon Horman <horms(a)kernel.org> netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n Wentao Guan <guanwentao(a)uniontech.com> LoongArch: Fix memleak in pci_acpi_scan_root() Ruffalo Lavoisier <ruffalolavoisier(a)gmail.com> comedi: ni_routing: tools: Check when the file could not be opened Shawn Shao <shawn.shao(a)jaguarmicro.com> usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: enable suspend interrupt after usb reset Peng Fan <peng.fan(a)nxp.com> clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table Yunke Cao <yunkec(a)chromium.org> media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() Ying Sun <sunying(a)isrc.iscas.ac.cn> riscv/kexec_file: Fix relocation type R_RISCV_ADD16 and R_RISCV_SUB16 unknown Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults Kaixin Wang <kxwang23(a)m.fudan.edu.cn> ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition Jens Axboe <axboe(a)kernel.dk> io_uring: check if we need to reschedule during overflow flush Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Don't have MAX_PHYSMEM_BITS exceed phys_addr_t Alex Williamson <alex.williamson(a)redhat.com> PCI: Mark Creative Labs EMU20k2 INTx masking as broken Hans de Goede <hdegoede(a)redhat.com> i2c: i801: Use a different adapter-name for IDF adapters Subramanian Ananthanarayanan <quic_skananth(a)quicinc.com> PCI: Add ACS quirk for Qualcomm SA8775P Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: bcm: bcm53573: fix OF node leak in init Md Haris Iqbal <haris.iqbal(a)ionos.com> RDMA/rtrs-srv: Avoid null pointer deref during path establishment WangYuli <wangyuli(a)uniontech.com> PCI: Add function 0 DMA alias quirk for Glenfly Arise chip Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/mad: Improve handling of timed out WRs of mad agent Daniel Jordan <daniel.m.jordan(a)oracle.com> ktest.pl: Avoid false positives with grub2 skip regex Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Handle early warnings gracefully Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Remove WARN_ON_ONCE statements Wojciech Gładysz <wojciech.gladysz(a)infogain.com> ext4: nested locking for xattr inode Jan Kara <jack(a)suse.cz> ext4: don't set SB_RDONLY after filesystem errors Yonghong Song <yonghong.song(a)linux.dev> bpf, x64: Fix a jit convergence issue Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: Add cond_resched() to cmm_alloc/free_pages() Heiko Carstens <hca(a)linux.ibm.com> s390/facility: Disable compile time optimization for decompressor code Heiko Carstens <hca(a)linux.ibm.com> s390/boot: Compile all files with the same march flag Tao Chen <chen.dylane(a)gmail.com> bpf: Check percpu map value size first Mathias Krause <minipli(a)grsecurity.net> Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal Michael S. Tsirkin <mst(a)redhat.com> virtio_console: fix misc probe bugs Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Refactor enum_rstbl to suppress static checker Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix sparse warning in ni_fiemap Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Do not call file_modified if collapse range failed Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix usage of __hci_cmd_sync_status Benjamin Poirier <bpoirier(a)nvidia.com> selftests: net: Remove executable bits from library scripts Aditya Gupta <adityag(a)linux.ibm.com> libsubcmd: Don't free the usage string Yang Jihong <yangjihong1(a)huawei.com> perf sched: Move curr_pid and cpu_last_switched initialization to perf_sched__{lat|map|replay}() Yang Jihong <yangjihong1(a)huawei.com> perf sched: Move curr_thread initialization to perf_sched__map() Yang Jihong <yangjihong1(a)huawei.com> perf sched: Fix memory leak in perf_sched__map() Yang Jihong <yangjihong1(a)huawei.com> perf sched: Move start_work_mutex and work_done_wait_mutex initialization to perf_sched__replay() Ian Rogers <irogers(a)google.com> perf sched: Avoid large stack allocations Ian Rogers <irogers(a)google.com> perf lock: Dynamically allocate lockhash_table Masami Hiramatsu (Google) <mhiramat(a)kernel.org> bootconfig: Fix the kerneldoc of _xbc_exit() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have saved_cmdlines arrays all in one allocation Rob Clark <robdclark(a)chromium.org> drm/crtc: fix uninitialized variable use even harder Jean-Loïc Charroud <lagiraudiere+linux(a)free.fr> ALSA: hda/realtek: cs35l41: Fix device ID / model name Jean-Loïc Charroud <lagiraudiere+linux(a)free.fr> ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Remove precision vsnprintf() check from print event Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Drop TSO support Gabriel Krisman Bertazi <krisman(a)suse.de> unicode: Don't special case ignorable code points Shiyang Ruan <ruansy.fnst(a)fujitsu.com> fsdax: unshare: zero destination if srcmap is HOLE or UNWRITTEN Oleksij Rempel <linux(a)rempel-privat.de> clk: imx6ul: fix "failed to get parent" error Shiyang Ruan <ruansy.fnst(a)fujitsu.com> fsdax: dax_unshare_iter() should return a valid length Namhyung Kim <namhyung(a)kernel.org> perf report: Fix segfault when 'sym' sort key is not used Haoran Zhang <wh1sper(a)zju.edu.cn> vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Gao Xiang <xiang(a)kernel.org> erofs: fix incorrect symlink detection in fast symlink Jingbo Xu <jefflexu(a)linux.alibaba.com> erofs: set block size to the on-disk block size Jingbo Xu <jefflexu(a)linux.alibaba.com> erofs: avoid hardcoded blocksize for subpage block support Gao Xiang <xiang(a)kernel.org> erofs: get rid of z_erofs_do_map_blocks() forward declaration Gao Xiang <xiang(a)kernel.org> erofs: get rid of erofs_inode_datablocks() Sumit Semwal <sumit.semwal(a)linaro.org> Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings" Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Fix possible crash when unregistering a battery hook Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Simplify battery hook locking Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sc8180x: Add GPLL9 support Heiner Kallweit <hkallweit1(a)gmail.com> r8169: add tally counter fields added with RTL8125 Colin Ian King <colin.i.king(a)gmail.com> r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" David Virag <virag.david003(a)gmail.com> clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: samsung: exynos7885: do not define number of clocks in bindings Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x Manivannan Sadhasivam <mani(a)kernel.org> dt-bindings: clock: qcom: Add missing UFS QREF clocks Udit Kumar <u-kumar1(a)ti.com> remoteproc: k3-r5: Delay notification of wakeup event Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Acquire mailbox handle during probe routine Umang Jain <umang.jain(a)ideasonboard.com> media: imx335: Fix reset-gpio handling Kieran Bingham <kieran.bingham(a)ideasonboard.com> media: i2c: imx335: Enable regulator supplies Michel Alex <Alex.Michel(a)wiedemann-group.com> clk: imx6ul: fix clock parent for IMX6UL_CLK_ENETx_REF_SEL Alexander Stein <alexander.stein(a)ew.tq-group.com> clk: imx6ul: retain early UART clocks during kernel init Oleksij Rempel <linux(a)rempel-privat.de> clk: imx6ul: add ethernet refclock mux support Oleksij Rempel <linux(a)rempel-privat.de> clk: imx6ul: fix enet1 gate configuration Johannes Weiner <hannes(a)cmpxchg.org> sched: psi: fix bogus pressure spikes from aggregation race Wang Yong <wang.yong12(a)zte.com.cn> delayacct: improve the average delay precision of getdelay tool to microsecond Yanteng Si <siyanteng(a)loongson.cn> docs/zh_CN: Update the translation of delay-accounting to 6.1-rc8 Andrii Nakryiko <andrii(a)kernel.org> lib/buildid: harden build ID parsing logic Alexey Dobriyan <adobriyan(a)gmail.com> build-id: require program headers to be right after ELF header Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` Yosry Ahmed <yosryahmed(a)google.com> mm: z3fold: deprecate CONFIG_Z3FOLD Oleg Nesterov <oleg(a)redhat.com> uprobes: fix kernel info leak via "[uprobes]" vma Jens Axboe <axboe(a)kernel.dk> io_uring/net: harden multishot termination case for recv Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround once more Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-N3 definitions Anshuman Khandual <anshuman.khandual(a)arm.com> arm64: Add Cortex-715 CPU part definition Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcm63xx: Fix missing pm_runtime_disable() David Virag <virag.david003(a)gmail.com> dt-bindings: clock: exynos7885: Fix duplicated binding Jinjie Ruan <ruanjinjie(a)huawei.com> i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled Andi Shyti <andi.shyti(a)kernel.org> i2c: xiic: Use devm_clk_get_enabled() Heiner Kallweit <hkallweit1(a)gmail.com> i2c: core: Lock address during client device instantiation Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: create debugfs entry per adapter Masahiro Yamada <masahiroy(a)kernel.org> kconfig: qconf: fix buffer overflow in debug links Uwe Kleine-König <ukleinek(a)debian.org> cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix system hang while resume with TBT monitor Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Add locking to drm_sched_entity_modify_sched Jani Nikula <jani.nikula(a)intel.com> drm/i915/gem: fix bitwise and logical AND mixup Al Viro <viro(a)zeniv.linux.org.uk> close_range(): fix the logics in descriptor table trimming Wei Li <liwei391(a)huawei.com> tracing/timerlat: Fix a race during cpuhp processing Wei Li <liwei391(a)huawei.com> tracing/hwlat: Fix a race during cpuhp processing Patrick Donnelly <pdonnell(a)redhat.com> ceph: fix cap ref leak via netfs init_request Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: davinci: fix lazy disable Filipe Manana <fdmanana(a)suse.com> btrfs: wait for fixup workers before stopping cleaner kthread during umount Filipe Manana <fdmanana(a)suse.com> btrfs: send: fix invalid clone operation for file that got its size decreased Qu Wenruo <wqu(a)suse.com> btrfs: fix a NULL pointer dereference when failed to start a new trasacntion Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] Baokun Li <libaokun1(a)huawei.com> cachefiles: fix dentry leak in cachefiles_open_file() Nuno Sa <nuno.sa(a)analog.com> Input: adp5589-keys - fix adp5589_gpio_get_value() Nuno Sa <nuno.sa(a)analog.com> Input: adp5589-keys - fix NULL pointer dereference Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rtc: at91sam9: fix OF node leak in probe() error path KhaiWenTan <khai.wen.tan(a)linux.intel.com> net: stmmac: Fix zero-division error when disabling tc cbs Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fallback to realpath if symlink's pathname does not exist Willem de Bruijn <willemb(a)google.com> gso: fix udp gso fraglist segmentation after pull from frag_list Barnabás Czémán <barnabas.czeman(a)mainlining.org> iio: magnetometer: ak8975: Fix reading for ak099xx sensors wangrong <wangrong(a)uniontech.com> smb: client: use actual path when queryfs Ajit Pandey <quic_ajipan(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix ordering of pm_runtime_enable Manivannan Sadhasivam <mani(a)kernel.org> clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable() Zheng Wang <zyytlz.wz(a)163.com> media: venus: fix use after free bug in venus_remove due to race condition Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src Mike Tipton <quic_mdtipton(a)quicinc.com> clk: qcom: clk-rpmh: Fix overflow in BCM vote Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Manivannan Sadhasivam <mani(a)kernel.org> clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable() Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: sun4i_csi: Implement link validate for sun4i_csi subdev Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks Jan Kiszka <jan.kiszka(a)siemens.com> remoteproc: k3-r5: Fix error handling when power-up failed Sebastian Reichel <sebastian.reichel(a)collabora.com> clk: rockchip: fix error for unknown clocks Chun-Yi Lee <joeyli.kernel(a)gmail.com> aoe: fix the potential use-after-free problem in more places Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix NFSv4's PUTPUBFH operation Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: map the EBADMSG to nfserr_io to avoid warning NeilBrown <neilb(a)suse.de> nfsd: fix delegation_blocked() to block correctly for at least 30 seconds Matt Fleming <matt(a)readmodwrite.com> perf hist: Update hist symbol when updating maps Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix memory leak in exfat_load_bitmap() Jisheng Zhang <jszhang(a)kernel.org> riscv: define ILLEGAL_POINTER_VALUE for 64bit Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Julian Sun <sunjunchao2870(a)gmail.com> ocfs2: fix null-ptr-deref when journal load failed. Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: remove unreasonable unlock in ocfs2_read_blocks Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: cancel dqi_sync_work before freeing oinfo Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> ocfs2: reserve space for inline xattr before attaching reflink tree Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: fix uninit-value in ocfs2_get_block() Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix the la space leak when unmounting an ocfs2 volume Danilo Krummrich <dakr(a)kernel.org> mm: krealloc: consider spare memory for __GFP_ZERO Kemeng Shi <shikemeng(a)huaweicloud.com> jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit Baokun Li <libaokun1(a)huawei.com> jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error Huang Ying <ying.huang(a)intel.com> resource: fix region_intersects() vs add_memory_driver_managed() Ma Ke <make24(a)iscas.ac.cn> drm: omapdrm: Add missing check for alloc_ordered_workqueue Andrew Jones <ajones(a)ventanamicro.com> of/irq: Support #msi-cells=<0> in of_msi_get_domain Val Packett <val(a)packett.cool> drm/rockchip: vop: clear DMA stop bit on RK3066 Helge Deller <deller(a)gmx.de> parisc: Fix stack start for ADDR_NO_RANDOMIZE personality Helge Deller <deller(a)kernel.org> parisc: Fix 64-bit userspace syscall path Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: mark fc as ineligible using an handle in ext4_xattr_set() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: use handle to mark fc as ineligible in __track_dentry_update() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix fast commit inode enqueueing during a full journal commit Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() Baokun Li <libaokun1(a)huawei.com> ext4: update orig_path in ext4_find_extent() Baokun Li <libaokun1(a)huawei.com> ext4: fix double brelse() the buffer of the extents path Baokun Li <libaokun1(a)huawei.com> ext4: aovid use-after-free in ext4_ext_insert_extent() Baokun Li <libaokun1(a)huawei.com> ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() Zhihao Cheng <chengzhihao1(a)huawei.com> ext4: dax: fix overflowing extents beyond inode size when partially writing Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() Baokun Li <libaokun1(a)huawei.com> ext4: propagate errors from ext4_find_extent() in ext4_insert_range() Baokun Li <libaokun1(a)huawei.com> ext4: fix slab-use-after-free in ext4_split_extent_at() yao.ly <yao.ly(a)linux.alibaba.com> ext4: correct encrypted dentry name hash when not casefolded Edward Adam Davis <eadavis(a)qq.com> ext4: no need to continue when the number of entries is 1 Abhishek Tamboli <abhishektamboli9(a)gmail.com> ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 Hans P. Moller <hmoller(a)uc.cl> ALSA: line6: add hw monitor volume control to POD HD500X Jan Lalinsky <lalinsky(a)c4.cz> ALSA: usb-audio: Add native DSD support for Luxman D-08u Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET Jaroslav Kysela <perex(a)perex.cz> ALSA: core: add isascii() check to card ID generator Thomas Zimmermann <tzimmermann(a)suse.de> drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS Helge Deller <deller(a)gmx.de> parisc: Fix itlb miss handler for 64-bit programs Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix small negative period being ignored Hans de Goede <hdegoede(a)redhat.com> power: supply: hwmon: Fix missing temp1_max_alarm attribute Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcm63xx: Fix module autoloading Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: ar0521: Use cansleep version of gpiod_set_value() Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Wait for TX empty to avoid missed TX NAKs Jinjie Ruan <ruanjinjie(a)huawei.com> i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() Marek Vasut <marex(a)denx.de> i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume Zach Wade <zachwade.k(a)gmail.com> platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Takashi Iwai <tiwai(a)suse.de> Revert "ALSA: hda: Conditionally use snooping for AMD HDMI" Heiko Carstens <hca(a)linux.ibm.com> selftests: vDSO: fix vdso_config for s390 Jens Remus <jremus(a)linux.ibm.com> selftests: vDSO: fix ELF hash table entry size for s390x Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Fix VDSO data access when running in a non-root time namespace David Hildenbrand <david(a)redhat.com> selftests/mm: fix charge_reserved_hugetlb.sh test Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vDSO symbols lookup for powerpc64 Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vdso_config for powerpc Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vDSO name for powerpc Yifei Liu <yifei.l.liu(a)oracle.com> selftests: breakpoints: use remaining time to check if suspend succeed Ben Dooks <ben.dooks(a)codethink.co.uk> spi: s3c64xx: fix timeout counters in flush_fifo Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled Thomas Weißschuh <linux(a)weissschuh.net> blk-integrity: register sysfs attributes on struct device Thomas Weißschuh <linux(a)weissschuh.net> blk-integrity: convert to struct device_attribute Thomas Weißschuh <linux(a)weissschuh.net> blk-integrity: use sysfs_emit Christoph Hellwig <hch(a)lst.de> iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release Artem Sadovnikov <ancowi69(a)gmail.com> ext4: fix i_data_sem unlock order in ext4_ind_migrate() Baokun Li <libaokun1(a)huawei.com> ext4: avoid use-after-free in ext4_ext_show_leaf() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: ext4_search_dir should return a proper error Haren Myneni <haren(a)linux.ibm.com> powerpc/pseries: Use correct data types from pseries_hp_errorlog struct Geert Uytterhoeven <geert+renesas(a)glider.be> of/irq: Refer to actual buffer size in of_irq_parse_one() Tim Huang <tim.huang(a)amd.com> drm/amd/pm: ensure the fw_info is not null before using it Geert Uytterhoeven <geert+renesas(a)glider.be> drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() Finn Thain <fthain(a)linux-m68k.org> scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers Tim Huang <tim.huang(a)amd.com> drm/amdgpu: fix unchecked return value warning for amdgpu_gfx Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update PRLO handling in direct attached topology Kees Cook <kees(a)kernel.org> scsi: aacraid: Rearrange order of struct aac_srb_unit Andrii Nakryiko <andrii(a)kernel.org> perf,x86: avoid missing caller address in stack traces captured in uprobe Matthew Brost <matthew.brost(a)intel.com> drm/printer: Allow NULL data in devcoredump printer Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize get_bytes_per_element's default to 1 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in DCN30 color transformation Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in degamma hardware format translation Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check stream before comparing them Yannick Fertre <yannick.fertre(a)foss.st.com> drm/stm: ltdc: reset plane transparency after plane disable Ckath <ckath(a)yandex.ru> platform/x86: touchscreen_dmi: add nanote-next quirk Vishnu Sankar <vishnuocv(a)gmail.com> HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio Jesse Zhang <jesse.zhang(a)amd.com> drm/amdkfd: Fix resource leak in criu restore queue Peng Liu <liupeng01(a)kylinos.cn> drm/amdgpu: enable gfxoff quirk on HP 705G4 Peng Liu <liupeng01(a)kylinos.cn> drm/amdgpu: add raven1 gfxoff quirk Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> jfs: Fix uninit-value access of new_ea in ea_buffer Mahesh Rajashekhara <mahesh.rajashekhara(a)microchip.com> scsi: smartpqi: correct stream detection Edward Adam Davis <eadavis(a)qq.com> jfs: check if leafidx greater than num leaves per dmap tree Edward Adam Davis <eadavis(a)qq.com> jfs: Fix uaf in dbFreeBits Remington Brasga <rbrasga(a)uci.edu> jfs: UBSAN: shift-out-of-bounds in dbFindBits Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointers before using dc->clk_mgr Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' Damien Le Moal <dlemoal(a)kernel.org> ata: sata_sil: Rename sil_blacklist to sil_quirks Damien Le Moal <dlemoal(a)kernel.org> ata: pata_serverworks: Do not use the term blacklist Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit Katya Orlova <e.orlova(a)ispras.ru> drm/stm: Avoid use-after-free issues with crtc and plane Sanjay K Kumar <sanjay.k.kumar(a)intel.com> iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Always reserve a domain ID for identity setup Andrew Davis <afd(a)ti.com> power: reset: brcmstb: Do not go into infinite loop if reset fails Marc Gonzalez <mgonzalez(a)freebox.fr> iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux Paul E. McKenney <paulmck(a)kernel.org> rcuscale: Provide clear error when async specified without primitives Kaixin Wang <kxwang23(a)m.fudan.edu.cn> fbdev: pxafb: Fix possible use after free in pxafb_task() Kees Cook <kees(a)kernel.org> x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() Thomas Weißschuh <linux(a)weissschuh.net> selftests/nolibc: avoid passing NULL to printf("%s") Takashi Iwai <tiwai(a)suse.de> ALSA: hdsp: Break infinite MIDI input flush loop Takashi Iwai <tiwai(a)suse.de> ALSA: asihpi: Fix potential OOB array access Tao Liu <ltao(a)redhat.com> x86/kexec: Add EFI config table identity mapping for kexec kernel Ahmed S. Darwish <darwi(a)linutronix.de> tools/x86/kcpuid: Protect against faulty "max subleaf" values Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa883x: Handle reading version failure Joshua Pius <joshuapius(a)chromium.org> ALSA: usb-audio: Add logitech Audio profile quirk Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Replace complex quirk lines with macros Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Define macros for quirk table entries Thomas Gleixner <tglx(a)linutronix.de> x86/ioapic: Handle allocation failures gracefully Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add input value sanity checks for standard types Jinjie Ruan <ruanjinjie(a)huawei.com> nfp: Use IRQF_NO_AUTOEN flag in request_irq() Gustavo A. R. Silva <gustavoars(a)kernel.org> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker Adrian Ratiu <adrian.ratiu(a)collabora.com> proc: add config & param to block forcing mem writes Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> ACPICA: iasl: handle empty connection_node Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix RCU list iterations Jason Xing <kernelxing(a)tencent.com> tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process Herbert Xu <herbert(a)gondor.apana.org.au> crypto: simd - Do not call crypto_alloc_tfm during registration Simon Horman <horms(a)kernel.org> net: atlantic: Avoid warning about potential string truncation Ido Schimmel <idosch(a)nvidia.com> ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: correct base HT rate mask for firmware Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). Simon Horman <horms(a)kernel.org> bnxt_en: Extend maximum length of version string by 1 byte Simon Horman <horms(a)kernel.org> net: mvpp2: Increase size of queue_name buffer Simon Horman <horms(a)kernel.org> tipc: guard against string buffer overrun Pei Xiao <xiaopei01(a)kylinos.cn> ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: EC: Do not release locks during operation region accesses Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw88: select WANT_DEV_COREDUMP Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath11k: fix array out-of-bound access in SoC stats Keith Busch <kbusch(a)kernel.org> nvme-pci: qdepth 1 quirk Konstantin Ovsepian <ovs(a)ovs.to> blk_iocost: fix more out of bound shifts Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: consistently use rcu_replace_pointer() in taprio_change() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_field() fails Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails Seiji Nishikawa <snishika(a)redhat.com> ACPI: PAD: fix crash in exit_round_robin() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_mdio: fix OF node leak in probe() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hip04: fix OF node leak in probe() Jeongjun Park <aha310510(a)gmail.com> net/xen-netback: prevent UAF in xenvif_flush_hash() Issam Hamdi <ih(a)simonwunderlich.de> wifi: cfg80211: Set correct chandef when starting CAC Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Fix a race in scan abort flow Aleksandr Mishin <amishin(a)t-argos.ru> ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() Toke Høiland-Jørgensen <toke(a)redhat.com> wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Dmitry Kandybka <d.kandybka(a)gmail.com> wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Jann Horn <jannh(a)google.com> f2fs: Require FMODE_WRITE for atomic write ioctls Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin Hui Wang <hui.wang(a)canonical.com> ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs Oder Chiou <oder_chiou(a)realtek.com> ALSA: hda/realtek: Fix the push button function for the ALC257 Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ALSA: mixer_oss: Remove some incorrect kfree_const() usages Andrei Simion <andrei.simion(a)microchip.com> ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: usbtv: Remove useless locks in usbtv_video_free() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sock: Fix not validating setsockopt user input Christoph Hellwig <hch(a)lst.de> loop: don't set QUEUE_FLAG_NOMERGES Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Try re-initialization on bus busy timeout Marc Ferland <marc.ferland(a)sonatest.com> i2c: xiic: improve error message when transfer fails to start Xin Long <lucien.xin(a)gmail.com> sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start Darrick J. Wong <djwong(a)kernel.org> iomap: constrain the file range passed to iomap_file_unshare Shiyang Ruan <ruansy.fnst(a)fujitsu.com> fsdax,xfs: port unshare to fsdax Eric Dumazet <edumazet(a)google.com> ppp: do not assume bh is held in ppp_channel_bridge_input() Anton Danilov <littlesmilingcloud(a)gmail.com> ipv4: ip_gre: Fix drops of small packets in ipgre_xmit Shenwei Wang <shenwei.wang(a)nxp.com> net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check Eric Dumazet <edumazet(a)google.com> net: add more sanity checks to qdisc_pkt_len_init() Eric Dumazet <edumazet(a)google.com> net: avoid potential underflow in qdisc_pkt_len_init() with UFO Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix memory disclosure Jinjie Ruan <ruanjinjie(a)huawei.com> Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() Eric Dumazet <edumazet(a)google.com> netfilter: nf_tables: prevent nf_skb_duplicated corruption Phil Sutter <phil(a)nwl.cc> selftests: netfilter: Fix nft_audit.sh for newer nft binaries Jinjie Ruan <ruanjinjie(a)huawei.com> net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable() Jinjie Ruan <ruanjinjie(a)huawei.com> net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() Phil Sutter <phil(a)nwl.cc> netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED Elena Salomatkina <esalomatkina(a)ispras.ru> net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Mohamed Khalfella <mkhalfella(a)purestorage.com> net/mlx5: Added cond_resched() to crdump collection Gerd Bayer <gbayer(a)linux.ibm.com> net/mlx5: Fix error path in multi-packet WQE transmit Aakash Menon <aakash.r.menon(a)gmail.com> net: sparx5: Fix invalid timestamps Jinjie Ruan <ruanjinjie(a)huawei.com> ieee802154: Fix build error Xiubo Li <xiubli(a)redhat.com> ceph: remove the incorrect Fw reference check when dirtying pages Stefan Wahren <wahrenst(a)gmx.net> mailbox: bcm2835: Fix timeout during suspend mode Liao Chen <liaochen4(a)huawei.com> mailbox: rockchip: fix a typo in module autoloading Daniel Wagner <dwagner(a)suse.de> scsi: pm8001: Do not overwrite PCI queue mapping Peter Zijlstra <peterz(a)infradead.org> jump_label: Fix static_key_slow_dec() yet again Thomas Gleixner <tglx(a)linutronix.de> jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() Thomas Gleixner <tglx(a)linutronix.de> static_call: Replace pointless WARN_ON() in static_call_module_notify() Thomas Gleixner <tglx(a)linutronix.de> static_call: Handle module init failure correctly in static_call_del_module() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: do not run mt76_unregister_device() on unregistered hw Alexey Gladkov (Intel) <legion(a)kernel.org> x86/tdx: Fix "in-kernel MMIO" check Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/PM: Mark devices disconnected if upstream PCIe link is down on resume Nathan Chancellor <nathan(a)kernel.org> powerpc: Allow CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 with ld.lld 15+ André Apitzsch <git(a)apitzsch.eu> iio: magnetometer: ak8975: Fix 'Unexpected device' error Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fail DTC counter allocation correctly Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> usb: yurex: Fix inconsistent locking bug in yurex_read() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: isch: Add missed 'else' Tommy Huang <tommy_huang(a)aspeedtech.com> i2c: aspeed: Update the stop sw state when the bus recovery occurs Liam R. Howlett <Liam.Howlett(a)oracle.com> mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with rcu read lock Dmitry Vyukov <dvyukov(a)google.com> module: Fix KCOV-ignored file name David Gow <davidgow(a)google.com> mm: only enforce minimum stack gap size if it's sensible Zhiguo Niu <zhiguo.niu(a)unisoc.com> lockdep: fix deadlock issue between lockdep and rcu Song Liu <song(a)kernel.org> bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 Eric Dumazet <edumazet(a)google.com> icmp: change the order of rate limits Jamie Bainbridge <jamie.bainbridge(a)gmail.com> icmp: Add counters for rate limits Kairui Song <kasong(a)tencent.com> mm/filemap: optimize filemap folio adding Kairui Song <kasong(a)tencent.com> lib/xarray: introduce a new helper xas_get_order Kairui Song <kasong(a)tencent.com> mm/filemap: return early if failed to allocate memory for split Dmitry Vyukov <dvyukov(a)google.com> x86/entry: Remove unwanted instrumentation in common_interrupt() Xin Li <xin3.li(a)intel.com> x86/idtentry: Incorporate definitions/declarations of the FRED entries Ma Ke <make24(a)iscas.ac.cn> pps: add an error check in parport_attach Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> pps: remove usage of the deprecated ida_simple_xx() API Pawel Laszczak <pawell(a)cadence.com> usb: xhci: fix loss of data on Cadence xHC Daehwan Jung <dh10.jung(a)samsung.com> xhci: Add a quirk for writing ERST in high-low order Lukas Wunner <lukas(a)wunner.de> xhci: Preserve RsvdP bits in ERSTBA register correctly Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Refactor interrupter code for initial multi interrupter support. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: remove xhci_test_trb_in_td_math early development check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: fix event ring segment table related masks and variables in header Oliver Neukum <oneukum(a)suse.com> USB: misc: yurex: fix race between read and write Lee Jones <lee(a)kernel.org> usb: yurex: Replace snprintf() with the safer scnprintf() variant Michael Ellerman <mpe(a)ellerman.id.au> powerpc/atomic: Use YZ constraints for DS-form instructions Nicholas Piggin <npiggin(a)gmail.com> powerpc/64: Add support to build with prefixed instructions Nicholas Piggin <npiggin(a)gmail.com> powerpc/64: Option to build big-endian with ELFv2 ABI Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: realview: fix soc_dev leak during device remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: realview: fix memory leak during device remove VanGiang Nguyen <vangiang.nguyen(a)rohde-schwarz.com> padata: use integer wrap around to prevent deadlock on seq_nr overflow Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/igen6: Fix conversion of system address to physical memory address Li Lingfeng <lilingfeng3(a)huawei.com> nfs: fix memory leak in error path of nfs4_do_reclaim Mickaël Salaün <mic(a)digikod.net> fs: Fix file_set_fowner LSM hook inconsistencies Julian Sun <sunjunchao2870(a)gmail.com> vfs: fix race between evice_inodes() and find_inode()&iput() Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency Gaosheng Cui <cuigaosheng1(a)huawei.com> hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume Gaosheng Cui <cuigaosheng1(a)huawei.com> hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init Guoqing Jiang <guoqing.jiang(a)canonical.com> hwrng: mtk - Use devm_pm_runtime_enable Chao Yu <chao(a)kernel.org> f2fs: fix to check atomic_file in f2fs ioctl interfaces Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: avoid potential int overflow in sanity_check_area_boundary() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: prevent possible int overflow in dir_block_index() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: fix several potential integer overflows in file offsets Zhen Lei <thunder.leizhen(a)huawei.com> debugobjects: Fix conditions in fill_pool() Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7615: check devm_kasprintf() returned value Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8822c: Fix reported RX band width Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix sampling synchronization Ard Biesheuvel <ardb(a)kernel.org> efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption Werner Sembach <wse(a)tuxedocomputers.com> ACPI: resource: Add another DMI match for the TongFang GMxXGxx Thomas Weißschuh <linux(a)weissschuh.net> ACPI: sysfs: validate return type of _STR method Mikhail Lobanov <m.lobanov(a)rosalinux.ru> drbd: Add NULL check for net_conf to prevent dereference in state validation Qiu-ji Chen <chenqiuji666(a)gmail.com> drbd: Fix atomicity violation in drbd_uuid_set_bm() Pavan Kumar Paluri <papaluri(a)amd.com> crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. Florian Fainelli <florian.fainelli(a)broadcom.com> tty: rp2: Fix reset with non forgiving PCIe host bridges Jann Horn <jannh(a)google.com> firmware_loader: Block path traversal Fabio Porcedda <fabio.porcedda(a)gmail.com> bus: mhi: host: pci_generic: Fix the name for the Telit FE990A Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> bus: integrator-lm: fix OF node leak in probe() Tomas Marek <tomas.marek(a)elrest.cz> usb: dwc2: drd: fix clock gating on USB role switch Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix incorrect usb_request status Oliver Neukum <oneukum(a)suse.com> USB: class: CDC-ACM: fix race between get_serial and set_serial Oliver Neukum <oneukum(a)suse.com> USB: misc: cypress_cy7c63: check for short transfer Oliver Neukum <oneukum(a)suse.com> USB: appledisplay: close race between probe and completion handler Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled Oliver Neukum <oneukum(a)suse.com> usbnet: fix cyclical race on disconnect with work queue Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Disallow bus errors during PDMA send Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Refactor polling loop Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages Martin Wilck <mwilck(a)suse.com> scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: handle caseless file creation Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow write with FILE_APPEND_DATA Hobin Woo <hobin.woo(a)samsung.com> ksmbd: make __dir_empty() compatible with POSIX Chuck Lever <chuck.lever(a)oracle.com> fs: Create a generic is_dot_dotdot() utility Roman Smirnov <r.smirnov(a)omp.ru> KEYS: prevent NULL pointer dereference in find_asymmetric_key() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Validate backlight caps are sane Robin Chen <robin.chen(a)amd.com> drm/amd/display: Round calculated vtotal Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Skip Recompute DSC Params if no Stream on Link Sean Christopherson <seanjc(a)google.com> KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() Sean Christopherson <seanjc(a)google.com> KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table Nuno Sa <nuno.sa(a)analog.com> Input: adp5588-keys - fix check on return code Roman Smirnov <r.smirnov(a)omp.ru> Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: integrator: fix OF node leak in probe() error path Ma Ke <make24(a)iscas.ac.cn> ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler Frank Li <Frank.Li(a)nxp.com> PCI: imx6: Fix missing call to phy_power_off() in error handling Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Remove *.orig pattern from .gitignore Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/sqpoll: do not put cpumask on stack Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: retain test for whether the CPU is valid Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Prevent unmapping active read buffers Scott Mayhew <smayhew(a)redhat.com> selinux,smack: don't bypass permissions check in inode_setsecctx hook Ye Bin <yebin10(a)huawei.com> vfio/pci: fix potential memory leak in vfio_intx_enable() Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/io-wq: inherit cpuset of cgroup in io worker Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/io-wq: do not allow pinning outside of cpuset Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/sqpoll: do not allow pinning outside of cpuset Simon Horman <horms(a)kernel.org> netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Keep deleted flowtable hooks until after RCU Furong Xu <0x1207(a)gmail.com> net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled Jiwon Kim <jiwonaid0(a)gmail.com> bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() Youssef Samir <quic_yabdulra(a)quicinc.com> net: qrtr: Update packets cloning when broadcasting Josh Hunt <johunt(a)akamai.com> tcp: check skb is non-NULL in tcp_rto_delta_us() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL Kaixin Wang <kxwang23(a)m.fudan.edu.cn> net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition Eric Dumazet <edumazet(a)google.com> netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix packet counting Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Schedule NAPI in two steps Mikulas Patocka <mpatocka(a)redhat.com> Revert "dm: requeue IO if mapping table not yet available" Dan Carpenter <alexander.sverdlin(a)gmail.com> ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() Jason Wang <jasowang(a)redhat.com> vhost_vdpa: assign irq bypass producer token correctly Xie Yongji <xieyongji(a)bytedance.com> vdpa: Add eventfd for the vdpa callback Yanfei Xu <yanfei.xu(a)intel.com> cxl/pci: Fix to record only non-zero ranges Dave Jiang <dave.jiang(a)intel.com> cxl/pci: Break out range register decoding from cxl_hdm_decode_init() Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: tmc: sg: Do not leak sg_table Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> iio: magnetometer: ak8975: drop incorrect AK09116 compatible Biju Das <biju.das.jz(a)bp.renesas.com> iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix read/write ops to device by adding mutexes Antoniu Miclaus <antoniu.miclaus(a)analog.com> ABI: testing: fix admv8818 attr description Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: fix standby gpio state to match the documentation Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: fix oversampling gpio array Hannes Reinecke <hare(a)kernel.org> nvme-multipath: system fails to create generic nvme device Ming Lei <ming.lei(a)redhat.com> lib/sbitmap: define swap_lock as raw_spinlock_t Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time Jinjie Ruan <ruanjinjie(a)huawei.com> spi: atmel-quadspi: Undo runtime PM changes at driver exit time Chao Yu <chao(a)kernel.org> f2fs: get rid of online repaire on corrupted directory Chao Yu <chao(a)kernel.org> f2fs: clean up w/ dotdot_name Chao Yu <chao(a)kernel.org> f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation Chao Yu <chao(a)kernel.org> f2fs: fix to wait page writeback before setting gcing flag Chao Yu <chao(a)kernel.org> f2fs: fix to avoid racing in between read and OPU dio write Christoph Hellwig <hch(a)lst.de> f2fs: factor the read/write tracing logic into a helper Chao Yu <chao(a)kernel.org> f2fs: reduce expensive checkpoint trigger frequency Chao Yu <chao(a)kernel.org> f2fs: remove unneeded check condition in __f2fs_setxattr() Chao Yu <chao(a)kernel.org> f2fs: fix to update i_ctime in __f2fs_setxattr() Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: return -EINVAL when namelen is 0 Guoqing Jiang <guoqing.jiang(a)linux.dev> nfsd: call cache_put if xdr_reserve_space returns NULL Dave Jiang <dave.jiang(a)intel.com> ntb: Force physically contiguous allocation of rx ring buffers Max Hawking <maxahawking(a)sonnenkinder.org> ntb_perf: Fix printk format Jinjie Ruan <ruanjinjie(a)huawei.com> ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> RDMA/irdma: fix error message in irdma_modify_qp_roce() Mikhail Lobanov <m.lobanov(a)rosalinux.ru> RDMA/cxgb4: Added NULL check for lookup_atid Jinjie Ruan <ruanjinjie(a)huawei.com> riscv: Fix fp alignment bug in perf_callchain_user() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Optimize hem allocation performance Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Don't modify rq next block addr in HIP09 QPC Jonas Blixt <jonas.blixt(a)actia.se> watchdog: imx_sc_wdt: Don't disable WDT in suspend Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/erdma: Return QP state in erdma_query_qp Alexandra Diupina <adiupina(a)astralinux.ru> PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Patrisious Haddad <phaddad(a)nvidia.com> IB/core: Fix ib_cache_setup_one error flow cleanup Wang Jianzheng <wangjianzheng(a)vivo.com> pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function Yangtao Li <frank.li(a)vivo.com> pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource() Jeff Layton <jlayton(a)kernel.org> nfsd: fix refcount leak when file is unhashed after being found Jeff Layton <jlayton(a)kernel.org> nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire David Lechner <dlechner(a)baylibre.com> clk: ti: dra7-atl: Fix leak of of_nodes Md Haris Iqbal <haris.iqbal(a)ionos.com> RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds Jack Wang <jinpu.wang(a)ionos.com> RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix missing error code in pcs_probe() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Clean up clock on probe failure/removal Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Fix register misspelling Li Zhijian <lizhijian(a)fujitsu.com> nvdimm: Fix devs leaks in scan_labels() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL Dan Carpenter <dan.carpenter(a)linaro.org> PCI: keystone: Fix if-statement expression in ks_pcie_quirk() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Wait for Link before restoring Downstream Buses Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/PM: Drop pci_bridge_wait_for_secondary_bus() timeout parameter Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/PM: Increase wait time after resume Junlin Li <make24(a)iscas.ac.cn> drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Junlin Li <make24(a)iscas.ac.cn> drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Input: ilitek_ts_i2c - add report id message validation Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Input: ilitek_ts_i2c - avoid wrong input subsystem sync Jonas Karlman <jonas(a)kwiboo.se> clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Initialize workqueue earlier Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Correct ddr alias for i.MX8M Peng Fan <peng.fan(a)nxp.com> clk: imx: imx8qxp: Parent should be initialized earlier than the clock Peng Fan <peng.fan(a)nxp.com> clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk Zhipeng Wang <zhipeng.wang_1(a)nxp.com> clk: imx: imx8mp: fix clock tree update of TF-A managed clocks Pengfei Li <pengfei.li_1(a)nxp.com> clk: imx: fracn-gppll: fix fractional part of PLL getting lost Peng Fan <peng.fan(a)nxp.com> clk: imx: fracn-gppll: support integer pll Ye Li <ye.li(a)nxp.com> clk: imx: composite-7ulp: Check the PCC present bit Peng Fan <peng.fan(a)nxp.com> clk: imx: composite-8m: Enable gate clk with mcore_booted Markus Elfring <elfring(a)users.sourceforge.net> clk: imx: composite-8m: Less function calls in __imx8m_clk_hw_composite() after error detection Ian Rogers <irogers(a)google.com> perf time-utils: Fix 32-bit nsec parsing Yang Jihong <yangjihong(a)bytedance.com> perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time Yicong Yang <yangyicong(a)hisilicon.com> perf stat: Display iostat headers correctly Yang Jihong <yangjihong(a)bytedance.com> perf sched timehist: Fix missing free of session in perf_sched__timehist() Ian Rogers <irogers(a)google.com> perf inject: Fix leader sampling inserting additional samples Namhyung Kim <namhyung(a)kernel.org> perf mem: Free the allocated sort string, fixing a leak Daniel Borkmann <daniel(a)iogearbox.net> bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error Daniel Borkmann <daniel(a)iogearbox.net> bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential oob read in nilfs_btree_check_delete() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: determine empty node blocks as corrupted Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: avoid OOB when system.data xattr changes underneath the filesystem Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: return error on ext4_find_inline_entry Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid negative min_clusters in find_group_orlov() Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid potential buffer_head leak in __ext4_new_inode() Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid buffer_head leak in ext4_mark_inode_used() Jiawei Ye <jiawei.ye(a)foxmail.com> smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso yangerkun <yangerkun(a)huawei.com> ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard Chen Yu <yu.c.chen(a)intel.com> kthread: fix task state in kthread worker if being frozen Lasse Collin <lasse.collin(a)tukaani.org> xz: cleanup CRC32 edits from 2018 Eduard Zingerman <eddyz87(a)gmail.com> bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compile if backtrace support missing in libc Jiri Olsa <jolsa(a)kernel.org> selftests/bpf: Move test_progs helpers to testing_helpers object Jiri Olsa <jolsa(a)kernel.org> selftests/bpf: Replace extract_build_id with read_build_id Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix C++ compile error from missing _Bool type Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling test_lru_map.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling core_reloc.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling tcp_rtt.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling flow_dissector.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling kfree_skb.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix include of <sys/fcntl.h> Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Add a cgroup prog bpf_get_ns_current_pid_tgid() test Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Refactor out some functions in ns_current_pid_tgid test Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Replace CHECK with ASSERT_* in ns_current_pid_tgid test Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing BUILD_BUG_ON() declaration Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing UINT_MAX definitions in benchmarks Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Use pid_t consistently in test_progs.c Alexei Starovoitov <ast(a)kernel.org> selftests/bpf: Workaround strict bpf_lsm return value check. Roberto Sassu <roberto.sassu(a)huawei.com> selftests/bpf: Add tests for _opts variants of bpf_*_get_fd_by_id() Yonghong Song <yhs(a)fb.com> selftests/bpf: Add selftest deny_namespace to s390x deny list Jonathan McDowell <noodles(a)meta.com> tpm: Clean up TPM space after command failure Juergen Gross <jgross(a)suse.com> xen/swiotlb: fix allocated size Juergen Gross <jgross(a)suse.com> xen/swiotlb: add alignment check for dma buffers Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Do not warn about dropped packets for first packet Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Support sequence numbers smaller than 16-bit Juergen Gross <jgross(a)suse.com> xen: use correct end address of kernel for conflict checking Yuesong Li <liyuesong(a)vivo.com> drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() Sherry Yang <sherry.yang(a)oracle.com> drm/msm: fix %s null argument error Wolfram Sang <wsa+renesas(a)sang-engineering.com> ipmi: docs: don't advertise deprecated sysfs entries Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: workaround early ring-buffer emptiness check Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: fix races in preemption evaluation stage Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: properly clear preemption records on resume Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: disable preemption in submits by default Aleksandr Mishin <amishin(a)t-argos.ru> drm/msm: Fix incorrect file name output in adreno_request_fw() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Fix kernel vs user address comparison Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Fix initial memory mapping Fei Shao <fshao(a)chromium.org> drm/mediatek: Use spin_lock_irqsave() for CRTC event lock Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config() Jeongjun Park <aha310510(a)gmail.com> jfs: fix out-of-bounds in dbNextAG() and diAlloc() Dan Carpenter <dan.carpenter(a)linaro.org> scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() Stefan Wahren <wahrenst(a)gmx.net> drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get Liu Ying <victor.liu(a)nxp.com> drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets Jonas Karlman <jonas(a)kwiboo.se> drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode Alex Bee <knaerzche(a)gmail.com> drm/rockchip: vop: Allow 4096px width scaling WangYuli <wangyuli(a)uniontech.com> drm/amd/amdgpu: Properly tune the size of struct Finn Thain <fthain(a)linux-m68k.org> scsi: NCR5380: Check for phase match during PDMA fixup Gilbert Wu <Gilbert.Wu(a)microchip.com> scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: properly handle vbios fake edid sizing Paulo Miguel Almeida <paulo.miguel.almeida.rodenas(a)gmail.com> drm/radeon: Replace one-element array with flexible-array member Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: properly handle vbios fake edid sizing Paulo Miguel Almeida <paulo.miguel.almeida.rodenas(a)gmail.com> drm/amdgpu: Replace one-element array with flexible-array member Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func Claudiu Beznea <claudiu.beznea(a)microchip.com> drm/stm: ltdc: check memory returned by devm_kzalloc() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/stm: Fix an error handling path in stm_drm_platform_probe() Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: core: Harden inter-column space in debug summary Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: mtk: Fix init error path Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips Jinjie Ruan <ruanjinjie(a)huawei.com> mtd: rawnand: mtk: Use for_each_child_of_node_scoped() Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Fix RT throttling hrtimer armed from offline CPU Charles Han <hanchunchao(a)inspur.com> mtd: powernv: Add check devm_kasprintf() returned value Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Do not set the D bit on AMD v2 table entries Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() Artur Weber <aweber.kernel(a)gmail.com> power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Remove design from min and max voltage Yuntao Liu <liuyuntao12(a)huawei.com> hwmon: (ntc_thermistor) fix module autoloading Mirsad Todorovac <mtodorovac69(a)gmail.com> mtd: slram: insert break after errors in parsing the map Guenter Roeck <linux(a)roeck-us.net> hwmon: (max16065) Fix alarm attributes Andrew Davis <afd(a)ti.com> hwmon: (max16065) Remove use of i2c_match_id() Biju Das <biju.das.jz(a)bp.renesas.com> i2c: Add i2c_get_match_data() Guenter Roeck <linux(a)roeck-us.net> hwmon: (max16065) Fix overflows seen when writing limits Finn Thain <fthain(a)linux-m68k.org> m68k: Fix kernel_clone_args.flags in m68k_clone() Yuntao Liu <liuyuntao12(a)huawei.com> ALSA: hda: cs35l41: fix module autoloading Ma Ke <make24(a)iscas.ac.cn> ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error Ankit Agrawal <agrawal.ag.ankit(a)gmail.com> clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: k210: fix OF node leak in probe() error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: berlin: fix OF node leak in probe() error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: versatile: fix OF node leak in CPUs prepare Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property Claudiu Beznea <claudiu.beznea(a)tuxon.dev> ARM: dts: microchip: sama7g5: Fix RTT clock Andrew Davis <afd(a)ti.com> arm64: dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations Alexander Dahl <ada(a)thorsis.com> ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g054: Correct GICD and GICR sizes Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g043u: Correct GICD and GICR sizes Chen-Yu Tsai <wenst(a)chromium.org> regulator: Return actual error in of_regulator_bulk_get_all() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Fix double free in OPTEE transport David Virag <virag.david003(a)gmail.com> arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB Ma Ke <make24(a)iscas.ac.cn> spi: ppc4xx: handle irq_of_parse_and_map() errors Riyan Dhiman <riyandhiman14(a)gmail.com> block: fix potential invalid pointer dereference in blk_add_partition Christian Heusel <christian(a)heusel.eu> block: print symbolic error name instead of error code Yu Kuai <yukuai3(a)huawei.com> block, bfq: don't break merge chain in bfq_split_bfqq() Yu Kuai <yukuai3(a)huawei.com> block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix possible UAF for bfqq->bic with merge chain Ming Lei <ming.lei(a)redhat.com> nbd: fix race between timeout and normal completion Eric Dumazet <edumazet(a)google.com> ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Su Hui <suhui(a)nfschina.com> net: tipc: avoid possible garbage value Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input Heiner Kallweit <hkallweit1(a)gmail.com> r8169: disable ALDPS per default for RTL8125 Jinjie Ruan <ruanjinjie(a)huawei.com> net: enetc: Use IRQF_NO_AUTOEN flag in request_irq() Guillaume Nault <gnault(a)redhat.com> bareudp: Pull inner IP header on xmit. Guillaume Nault <gnault(a)redhat.com> bareudp: Pull inner IP header in bareudp_udp_encap_recv(). Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btusb: Fix not handling ZPL/short-transfer Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_close(): stop clocks after device has been shut down Jake Hamby <Jake.Hamby(a)Teledyne.com> can: m_can: enable NAPI before enabling interrupts Markus Schneider-Pargmann <msp(a)baylibre.com> can: m_can: Remove repeated check for is_peripheral Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). Eric Dumazet <edumazet(a)google.com> sock_map: Add a cond_resched() in sock_hash_free() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED Jiawei Ye <jiawei.ye(a)foxmail.com> wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7915: fix rx filter setting for bfee functionality Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - inject error before stopping queue Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - reset device before enabling it Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - fix coding style issues Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/hpre - mask cluster timeout error Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/hpre - enable sva error interrupt event Aaron Lu <aaron.lu(a)intel.com> x86/sgx: Fix deadlock in SGX NUMA node search Nishanth Menon <nm(a)ti.com> cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Ensure dtm_idx is big enough Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Refactor node ID handling. Again. Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Improve debugfs pretty-printing for large configs Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Rework DTC counters (again) Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: remove annotation to access set timeout while holding lock Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject expiration higher than timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject element expiration with no timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire Clément Léger <cleger(a)rivosinc.com> ACPI: CPPC: Fix MASK_VAL() usage Zhang Changzhong <zhangchangzhong(a)huawei.com> can: j1939: use correct function name in comment Mark Brown <broonie(a)kernel.org> kselftest/arm64: Actually test SME vector length changes via sigreturn Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi_pcie: Record hardware counts correctly Kamlesh Gurudasani <kamlesh(a)ti.com> padata: Honor the caller's alignment in case of chunk_size 0 Vasily Khoruzhick <anarsoul(a)gmail.com> ACPICA: executer/exsystem: Don't nag user about every Stall() violating the spec Vasily Khoruzhick <anarsoul(a)gmail.com> ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: increase the time between ranging measurements Ping-Ke Shih <pkshih(a)realtek.com> wifi: mac80211: don't use rate mask for offchannel TX either Jing Zhang <renyu.zj(a)linux.alibaba.com> drivers/perf: Fix ali_drw_pmu driver interrupt status clearing Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: signal: fix/refactor SVE vector length enumeration Mark Brown <broonie(a)kernel.org> kselftest/arm64: Fix enumeration of systems without 128 bit SME for SSVE+ZA Mark Brown <broonie(a)kernel.org> kselftest/arm64: Verify simultaneous SSVE and ZA context generation Mark Brown <broonie(a)kernel.org> kselftest/arm64: Don't pass headers to the compiler as source Olaf Hering <olaf(a)aepfle.de> mount: handle OOM on mnt_warn_timestamp_expiry Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> fs/namespace: fnic: Switch to use %ptTd Andrew Jones <ajones(a)ventanamicro.com> RISC-V: KVM: Fix sbiret init before forwarding to userspace Dmitry Kandybka <d.kandybka(a)gmail.com> wifi: rtw88: remove CPT execution branch never used Yanteng Si <siyanteng(a)loongson.cn> net: stmmac: dwmac-loongson: Init ref and PTP clocks rate Toke Høiland-Jørgensen <toke(a)redhat.com> wifi: ath9k: Remove error checks when creating debugfs entries Minjie Du <duminjie(a)vivo.com> wifi: ath9k: fix parameter check in ath9k_init_debug() Aleksandr Mishin <amishin(a)t-argos.ru> ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() Helge Deller <deller(a)kernel.org> crypto: xor - fix template benchmarking Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw88: always wait for both firmware loading attempts Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Fix error injection on Zynq UltraScale+ Serge Semin <fancer.lancer(a)gmail.com> EDAC/synopsys: Fix ECC status and IRQ control race condition ------------- Diffstat: .gitignore | 1 - .../ABI/testing/sysfs-bus-iio-filter-admv8818 | 2 +- Documentation/accounting/delay-accounting.rst | 14 +- Documentation/admin-guide/kernel-parameters.txt | 10 + Documentation/arm64/silicon-errata.rst | 4 + .../iio/magnetometer/asahi-kasei,ak8975.yaml | 1 - Documentation/driver-api/ipmi.rst | 2 +- .../zh_CN/accounting/delay-accounting.rst | 17 +- Makefile | 4 +- arch/arm/boot/dts/imx7d-zii-rmu2.dts | 2 +- arch/arm/boot/dts/sam9x60.dtsi | 4 +- arch/arm/boot/dts/sama7g5.dtsi | 2 +- arch/arm/crypto/aes-ce-glue.c | 2 +- arch/arm/crypto/aes-neonbs-glue.c | 2 +- arch/arm/mach-ep93xx/clock.c | 2 +- arch/arm/mach-versatile/platsmp-realview.c | 1 + arch/arm64/Kconfig | 2 + .../boot/dts/exynos/exynos7885-jackpotlte.dts | 2 +- arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 1 + arch/arm64/boot/dts/qcom/sm8250.dtsi | 20 +- arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 4 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 4 +- arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 4 +- .../boot/dts/rockchip/rk3399-pinebook-pro.dts | 4 +- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 4 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/kernel/cpu_errata.c | 2 + arch/loongarch/configs/loongson3_defconfig | 1 - arch/loongarch/pci/acpi.c | 1 + arch/m68k/kernel/process.c | 2 +- arch/parisc/kernel/entry.S | 6 +- arch/parisc/kernel/syscall.S | 14 +- arch/powerpc/Kconfig | 23 + arch/powerpc/Makefile | 4 + arch/powerpc/include/asm/asm-compat.h | 6 + arch/powerpc/include/asm/atomic.h | 25 +- arch/powerpc/include/asm/io.h | 37 + arch/powerpc/include/asm/uaccess.h | 33 +- arch/powerpc/include/asm/vdso_datapage.h | 15 + arch/powerpc/kernel/asm-offsets.c | 2 + arch/powerpc/kernel/head_8xx.S | 6 +- arch/powerpc/kernel/trace/ftrace.c | 2 + arch/powerpc/kernel/vdso/cacheflush.S | 2 +- arch/powerpc/kernel/vdso/datapage.S | 4 +- arch/powerpc/mm/nohash/8xx.c | 4 +- arch/powerpc/platforms/Kconfig.cputype | 24 +- arch/powerpc/platforms/pseries/dlpar.c | 17 - arch/powerpc/platforms/pseries/hotplug-cpu.c | 2 +- arch/powerpc/platforms/pseries/hotplug-memory.c | 16 +- arch/powerpc/platforms/pseries/pmem.c | 2 +- arch/riscv/Kconfig | 5 + arch/riscv/include/asm/sparsemem.h | 2 +- arch/riscv/kernel/elf_kexec.c | 6 + arch/riscv/kernel/perf_callchain.c | 2 +- arch/riscv/kvm/vcpu_sbi.c | 4 +- arch/s390/boot/Makefile | 19 +- arch/s390/include/asm/facility.h | 6 +- arch/s390/kernel/early.c | 17 +- arch/s390/kernel/perf_cpum_sf.c | 12 +- arch/s390/mm/cmm.c | 18 +- arch/x86/coco/tdx/tdx.c | 6 + arch/x86/events/core.c | 63 + arch/x86/events/intel/pt.c | 15 +- arch/x86/include/asm/hardirq.h | 8 +- arch/x86/include/asm/idtentry.h | 73 +- arch/x86/include/asm/syscall.h | 7 +- arch/x86/kernel/apic/io_apic.c | 46 +- arch/x86/kernel/cpu/sgx/main.c | 27 +- arch/x86/kernel/machine_kexec_64.c | 27 + arch/x86/kvm/lapic.c | 35 +- arch/x86/net/bpf_jit_comp.c | 54 +- arch/x86/xen/setup.c | 2 +- block/bfq-iosched.c | 44 +- block/blk-integrity.c | 175 +- block/blk-iocost.c | 8 +- block/blk.h | 10 +- block/genhd.c | 12 +- block/partitions/core.c | 8 +- crypto/asymmetric_keys/asymmetric_type.c | 7 +- crypto/simd.c | 76 +- crypto/xor.c | 31 +- drivers/acpi/acpi_pad.c | 6 +- drivers/acpi/acpica/dbconvert.c | 2 + drivers/acpi/acpica/exprep.c | 3 + drivers/acpi/acpica/exsystem.c | 11 +- drivers/acpi/acpica/psargs.c | 47 + drivers/acpi/battery.c | 28 +- drivers/acpi/cppc_acpi.c | 43 +- drivers/acpi/device_sysfs.c | 5 +- drivers/acpi/ec.c | 55 +- drivers/acpi/pmic/tps68470_pmic.c | 6 +- drivers/acpi/resource.c | 20 + drivers/acpi/video_detect.c | 8 + drivers/ata/libata-eh.c | 18 +- drivers/ata/pata_serverworks.c | 16 +- drivers/ata/sata_sil.c | 12 +- drivers/base/bus.c | 6 +- drivers/base/firmware_loader/main.c | 30 + drivers/base/power/domain.c | 2 +- drivers/block/aoe/aoecmd.c | 13 +- drivers/block/drbd/drbd_main.c | 8 +- drivers/block/drbd/drbd_state.c | 2 +- drivers/block/loop.c | 15 +- drivers/block/nbd.c | 13 +- drivers/bluetooth/btmrvl_sdio.c | 3 +- drivers/bluetooth/btusb.c | 7 +- drivers/bus/arm-integrator-lm.c | 1 + drivers/bus/mhi/host/pci_generic.c | 13 +- drivers/char/hw_random/bcm2835-rng.c | 4 +- drivers/char/hw_random/cctrng.c | 1 + drivers/char/hw_random/mtk-rng.c | 2 +- drivers/char/tpm/tpm-dev-common.c | 2 + drivers/char/tpm/tpm2-space.c | 3 + drivers/char/virtio_console.c | 18 +- drivers/clk/bcm/clk-bcm53573-ilp.c | 2 +- drivers/clk/imx/clk-composite-7ulp.c | 7 + drivers/clk/imx/clk-composite-8m.c | 61 +- drivers/clk/imx/clk-fracn-gppll.c | 72 +- drivers/clk/imx/clk-imx6ul.c | 37 +- drivers/clk/imx/clk-imx7d.c | 4 +- drivers/clk/imx/clk-imx8mp.c | 4 +- drivers/clk/imx/clk-imx8qxp.c | 10 +- drivers/clk/imx/clk.h | 7 + drivers/clk/qcom/clk-alpha-pll.c | 54 +- drivers/clk/qcom/clk-alpha-pll.h | 2 + drivers/clk/qcom/clk-rpmh.c | 2 + drivers/clk/qcom/dispcc-sm8250.c | 12 +- drivers/clk/qcom/gcc-sc8180x.c | 88 +- drivers/clk/qcom/gcc-sm8250.c | 6 +- drivers/clk/qcom/gcc-sm8450.c | 4 +- drivers/clk/rockchip/clk-rk3228.c | 2 +- drivers/clk/rockchip/clk.c | 3 +- drivers/clk/samsung/clk-exynos7885.c | 14 +- drivers/clk/ti/clk-dra7-atl.c | 1 + drivers/clocksource/timer-qcom.c | 7 +- .../drivers/ni_routing/tools/convert_c_to_py.c | 5 + drivers/cpufreq/intel_pstate.c | 20 +- drivers/cpufreq/ti-cpufreq.c | 10 +- drivers/crypto/ccp/sev-dev.c | 2 + drivers/crypto/hisilicon/hpre/hpre_main.c | 57 +- drivers/crypto/hisilicon/qm.c | 180 +- drivers/crypto/hisilicon/sec2/sec_main.c | 16 +- drivers/crypto/hisilicon/sgl.c | 1 - drivers/crypto/hisilicon/zip/zip_main.c | 23 +- drivers/cxl/core/pci.c | 60 +- drivers/dax/device.c | 2 +- drivers/edac/igen6_edac.c | 2 +- drivers/edac/synopsys_edac.c | 85 +- drivers/firmware/arm_scmi/optee.c | 7 + drivers/firmware/efi/libstub/tpm.c | 2 +- drivers/firmware/tegra/bpmp.c | 6 - drivers/gpio/gpio-aspeed.c | 4 +- drivers/gpio/gpio-davinci.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgv_sriovmsg.h | 4 +- drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 26 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 4 + .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 22 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 5 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 8 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 +- .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 2 + .../gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c | 4 + drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 6 +- .../dc/dml/dcn20/display_rq_dlg_calc_20v2.c | 2 +- .../display/dc/dml/dcn21/display_rq_dlg_calc_21.c | 2 +- .../drm/amd/display/modules/freesync/freesync.c | 2 +- drivers/gpu/drm/amd/include/atombios.h | 2 +- .../drm/amd/pm/powerplay/hwmgr/processpptables.c | 2 + drivers/gpu/drm/bridge/lontium-lt8912b.c | 35 +- drivers/gpu/drm/drm_atomic_uapi.c | 2 +- drivers/gpu/drm/drm_crtc.c | 1 + drivers/gpu/drm/drm_print.c | 13 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 2 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 32 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 12 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.h | 2 + drivers/gpu/drm/msm/adreno/a5xx_preempt.c | 30 +- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 2 +- drivers/gpu/drm/msm/disp/mdp5/mdp5_smp.c | 2 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +- drivers/gpu/drm/omapdrm/omap_drv.c | 5 + drivers/gpu/drm/radeon/atombios.h | 2 +- drivers/gpu/drm/radeon/evergreen_cs.c | 62 +- drivers/gpu/drm/radeon/r100.c | 70 +- drivers/gpu/drm/radeon/radeon_atombios.c | 26 +- drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 2 + drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 20 +- drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 7 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 5 - drivers/gpu/drm/rockchip/rockchip_vop_reg.c | 20 + drivers/gpu/drm/scheduler/sched_entity.c | 2 + drivers/gpu/drm/stm/drv.c | 7 +- drivers/gpu/drm/stm/ltdc.c | 78 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 9 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 8 +- drivers/gpu/drm/vc4/vc4_perfmon.c | 7 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 12 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 + drivers/hid/amd-sfh-hid/amd_sfh_client.c | 14 +- drivers/hid/hid-ids.h | 4 + drivers/hid/hid-multitouch.c | 14 +- drivers/hid/hid-plantronics.c | 23 + drivers/hid/intel-ish-hid/ishtp-fw-loader.c | 2 +- drivers/hid/wacom_wac.c | 13 +- drivers/hid/wacom_wac.h | 2 +- drivers/hwmon/Kconfig | 3 + drivers/hwmon/max16065.c | 27 +- drivers/hwmon/ntc_thermistor.c | 1 + drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +- drivers/i2c/busses/i2c-aspeed.c | 16 +- drivers/i2c/busses/i2c-i801.c | 9 +- drivers/i2c/busses/i2c-isch.c | 3 +- drivers/i2c/busses/i2c-qcom-geni.c | 4 +- drivers/i2c/busses/i2c-stm32f7.c | 6 +- drivers/i2c/busses/i2c-xiic.c | 89 +- drivers/i2c/i2c-core-base.c | 58 + drivers/iio/adc/ad7606.c | 8 +- drivers/iio/adc/ad7606_spi.c | 5 +- drivers/iio/chemical/bme680_core.c | 7 + drivers/iio/magnetometer/ak8975.c | 117 +- drivers/infiniband/core/cache.c | 4 +- drivers/infiniband/core/iwcm.c | 2 +- drivers/infiniband/core/mad.c | 14 +- drivers/infiniband/hw/cxgb4/cm.c | 5 + drivers/infiniband/hw/erdma/erdma_verbs.c | 25 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 22 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 29 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 16 +- drivers/infiniband/hw/irdma/verbs.c | 2 +- drivers/infiniband/hw/mlx5/odp.c | 25 +- drivers/infiniband/ulp/rtrs/rtrs-clt.c | 9 +- drivers/infiniband/ulp/rtrs/rtrs-srv.c | 14 +- drivers/input/keyboard/adp5588-keys.c | 2 +- drivers/input/keyboard/adp5589-keys.c | 22 +- drivers/input/rmi4/rmi_driver.c | 6 +- drivers/input/serio/i8042-acpipnpio.h | 37 + drivers/input/touchscreen/ilitek_ts_i2c.c | 18 +- drivers/iommu/amd/io_pgtable_v2.c | 2 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 7 + drivers/iommu/intel/Kconfig | 11 - drivers/iommu/intel/Makefile | 1 - drivers/iommu/intel/dmar.c | 23 +- drivers/iommu/intel/iommu.c | 6 +- drivers/iommu/intel/iommu.h | 43 +- drivers/iommu/intel/perfmon.c | 172 - drivers/iommu/intel/perfmon.h | 40 - drivers/mailbox/bcm2835-mailbox.c | 3 +- drivers/mailbox/rockchip-mailbox.c | 2 +- drivers/md/dm-rq.c | 4 +- drivers/md/dm.c | 11 +- drivers/media/common/videobuf2/videobuf2-core.c | 8 +- drivers/media/dvb-frontends/rtl2830.c | 2 +- drivers/media/dvb-frontends/rtl2832.c | 2 +- drivers/media/i2c/ar0521.c | 5 +- drivers/media/i2c/imx335.c | 43 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/platform/qcom/venus/core.c | 1 + drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 + drivers/media/tuners/tuner-i2c.h | 4 +- drivers/media/usb/usbtv/usbtv-video.c | 7 - drivers/mtd/devices/powernv_flash.c | 3 + drivers/mtd/devices/slram.c | 2 + drivers/mtd/nand/raw/mtk_nand.c | 36 +- drivers/net/bareudp.c | 26 +- drivers/net/bonding/bond_main.c | 6 +- drivers/net/can/m_can/m_can.c | 18 +- drivers/net/dsa/b53/b53_common.c | 17 +- drivers/net/dsa/lan9303-core.c | 29 + drivers/net/ethernet/adi/adin1110.c | 4 +- .../net/ethernet/aquantia/atlantic/aq_ethtool.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 +- drivers/net/ethernet/cortina/gemini.c | 32 +- drivers/net/ethernet/freescale/enetc/enetc.c | 3 +- drivers/net/ethernet/hisilicon/hip04_eth.c | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 1 + drivers/net/ethernet/hisilicon/hns_mdio.c | 1 + drivers/net/ethernet/ibm/emac/mal.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 + drivers/net/ethernet/intel/ice/ice_main.c | 3 +- drivers/net/ethernet/intel/ice/ice_sched.c | 6 +- drivers/net/ethernet/intel/ice/ice_switch.c | 2 - drivers/net/ethernet/intel/igb/igb_main.c | 4 + drivers/net/ethernet/lantiq_etop.c | 4 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 1 - .../net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 10 + drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 +- .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 1 + .../net/ethernet/microchip/sparx5/sparx5_packet.c | 6 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 31 +- drivers/net/ethernet/realtek/r8169_phy_config.c | 2 + drivers/net/ethernet/seeq/ether3.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 3 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 18 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 1 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 37 +- drivers/net/ieee802154/Kconfig | 1 + drivers/net/ieee802154/mcr20a.c | 5 +- drivers/net/phy/bcm84881.c | 4 +- drivers/net/phy/dp83869.c | 1 - drivers/net/ppp/ppp_async.c | 2 +- drivers/net/ppp/ppp_generic.c | 4 +- drivers/net/slip/slhc.c | 57 +- drivers/net/usb/usbnet.c | 37 +- drivers/net/vxlan/vxlan_core.c | 6 +- drivers/net/vxlan/vxlan_private.h | 2 +- drivers/net/vxlan/vxlan_vnifilter.c | 19 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath9k/debug.c | 6 +- drivers/net/wireless/ath/ath9k/hif_usb.c | 6 +- drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 - drivers/net/wireless/intel/iwlwifi/fw/api/scan.h | 13 + drivers/net/wireless/intel/iwlwifi/mvm/constants.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 42 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/scan.c | 3 +- drivers/net/wireless/mediatek/mt76/mac80211.c | 8 + drivers/net/wireless/mediatek/mt76/mt76.h | 1 + drivers/net/wireless/mediatek/mt76/mt7615/init.c | 3 + drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 10 +- drivers/net/wireless/microchip/wilc1000/hif.c | 4 +- drivers/net/wireless/realtek/rtw88/Kconfig | 1 + drivers/net/wireless/realtek/rtw88/coex.c | 38 +- drivers/net/wireless/realtek/rtw88/main.c | 7 +- drivers/net/wireless/realtek/rtw88/rtw8822c.c | 12 +- drivers/net/wireless/realtek/rtw89/phy.c | 4 +- drivers/net/wwan/qcom_bam_dmux.c | 11 +- drivers/net/xen-netback/hash.c | 5 +- drivers/ntb/hw/intel/ntb_hw_gen1.c | 2 +- drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 1 + drivers/ntb/ntb_transport.c | 23 +- drivers/ntb/test/ntb_perf.c | 2 +- drivers/nvdimm/namespace_devs.c | 34 +- drivers/nvdimm/nd_virtio.c | 9 + drivers/nvme/host/multipath.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 18 +- drivers/of/irq.c | 38 +- drivers/pci/controller/dwc/pci-imx6.c | 7 +- drivers/pci/controller/dwc/pci-keystone.c | 2 +- drivers/pci/controller/dwc/pcie-kirin.c | 4 +- drivers/pci/controller/pcie-xilinx-nwl.c | 39 +- drivers/pci/pci-driver.c | 15 +- drivers/pci/pci.c | 26 +- drivers/pci/pci.h | 9 +- drivers/pci/pcie/dpc.c | 3 +- drivers/pci/quirks.c | 8 + drivers/perf/alibaba_uncore_drw_pmu.c | 2 +- drivers/perf/arm-cmn.c | 232 +- drivers/perf/hisilicon/hisi_pcie_pmu.c | 14 + drivers/pinctrl/mvebu/pinctrl-dove.c | 45 +- drivers/pinctrl/pinctrl-single.c | 3 +- .../x86/intel/speed_select_if/isst_if_common.c | 4 +- drivers/platform/x86/touchscreen_dmi.c | 26 + drivers/power/reset/brcmstb-reboot.c | 3 - drivers/power/supply/axp20x_battery.c | 16 +- drivers/power/supply/max17042_battery.c | 5 +- drivers/power/supply/power_supply_hwmon.c | 3 +- drivers/pps/clients/pps_parport.c | 14 +- drivers/regulator/of_regulator.c | 2 +- drivers/remoteproc/imx_rproc.c | 19 +- drivers/remoteproc/ti_k3_r5_remoteproc.c | 86 +- drivers/reset/reset-berlin.c | 3 +- drivers/reset/reset-k210.c | 3 +- drivers/rtc/rtc-at91sam9.c | 1 + drivers/scsi/NCR5380.c | 82 +- drivers/scsi/aacraid/aacraid.h | 2 +- drivers/scsi/elx/libefc/efc_nport.c | 2 +- drivers/scsi/lpfc/lpfc_ct.c | 12 + drivers/scsi/lpfc/lpfc_disc.h | 7 + drivers/scsi/lpfc/lpfc_els.c | 34 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 22 +- drivers/scsi/lpfc/lpfc_vport.c | 43 +- drivers/scsi/mac_scsi.c | 166 +- drivers/scsi/pm8001/pm8001_init.c | 6 +- drivers/scsi/sd.c | 2 +- drivers/scsi/smartpqi/smartpqi_init.c | 22 +- drivers/scsi/wd33c93.c | 2 +- drivers/soc/versatile/soc-integrator.c | 1 + drivers/soc/versatile/soc-realview.c | 20 +- drivers/spi/atmel-quadspi.c | 1 + drivers/spi/spi-bcm63xx.c | 9 +- drivers/spi/spi-fsl-lpspi.c | 1 + drivers/spi/spi-imx.c | 2 +- drivers/spi/spi-ppc4xx.c | 7 +- drivers/spi/spi-s3c64xx.c | 4 +- drivers/staging/vme_user/vme_fake.c | 6 + drivers/staging/vme_user/vme_tsi148.c | 6 + .../int340x_thermal/processor_thermal_device_pci.c | 23 +- drivers/tty/serial/rp2.c | 2 +- drivers/usb/cdns3/cdnsp-ring.c | 6 +- drivers/usb/cdns3/host.c | 4 +- drivers/usb/chipidea/udc.c | 8 +- drivers/usb/class/cdc-acm.c | 2 + drivers/usb/dwc2/drd.c | 9 + drivers/usb/dwc2/platform.c | 26 +- drivers/usb/dwc3/core.c | 22 +- drivers/usb/dwc3/core.h | 4 - drivers/usb/dwc3/gadget.c | 11 - drivers/usb/gadget/udc/core.c | 1 + drivers/usb/host/xhci-debugfs.c | 2 +- drivers/usb/host/xhci-mem.c | 331 +- drivers/usb/host/xhci-pci.c | 22 +- drivers/usb/host/xhci-ring.c | 82 +- drivers/usb/host/xhci.c | 54 +- drivers/usb/host/xhci.h | 32 +- drivers/usb/misc/appledisplay.c | 15 +- drivers/usb/misc/cypress_cy7c63.c | 4 + drivers/usb/misc/yurex.c | 5 +- drivers/usb/storage/unusual_devs.h | 11 + drivers/vfio/pci/vfio_pci_intrs.c | 4 +- drivers/vhost/scsi.c | 25 +- drivers/vhost/vdpa.c | 18 +- drivers/video/fbdev/core/fbcon.c | 2 + drivers/video/fbdev/hpfb.c | 1 + drivers/video/fbdev/pxafb.c | 1 + drivers/video/fbdev/sis/sis_main.c | 2 +- drivers/virtio/virtio_vdpa.c | 1 + drivers/watchdog/imx_sc_wdt.c | 24 - drivers/xen/swiotlb-xen.c | 10 +- fs/btrfs/disk-io.c | 11 + fs/btrfs/relocation.c | 2 +- fs/btrfs/send.c | 23 +- fs/btrfs/zoned.c | 2 +- fs/cachefiles/namei.c | 7 +- fs/ceph/addr.c | 6 +- fs/crypto/fname.c | 8 +- fs/dax.c | 62 + fs/ecryptfs/crypto.c | 10 - fs/erofs/data.c | 50 +- fs/erofs/decompressor.c | 6 +- fs/erofs/decompressor_lzma.c | 4 +- fs/erofs/dir.c | 22 +- fs/erofs/erofs_fs.h | 5 +- fs/erofs/fscache.c | 7 +- fs/erofs/inode.c | 37 +- fs/erofs/internal.h | 34 +- fs/erofs/namei.c | 30 +- fs/erofs/super.c | 72 +- fs/erofs/xattr.c | 40 +- fs/erofs/xattr.h | 10 +- fs/erofs/zdata.c | 16 +- fs/erofs/zmap.c | 263 +- fs/exec.c | 3 +- fs/exfat/balloc.c | 10 +- fs/ext4/dir.c | 14 +- fs/ext4/extents.c | 55 +- fs/ext4/fast_commit.c | 49 +- fs/ext4/file.c | 8 +- fs/ext4/ialloc.c | 14 +- fs/ext4/inline.c | 35 +- fs/ext4/inode.c | 11 +- fs/ext4/mballoc.c | 10 +- fs/ext4/migrate.c | 2 +- fs/ext4/move_extent.c | 1 - fs/ext4/namei.c | 14 +- fs/ext4/super.c | 9 +- fs/ext4/xattr.c | 7 +- fs/f2fs/dir.c | 3 +- fs/f2fs/extent_cache.c | 4 +- fs/f2fs/f2fs.h | 24 +- fs/f2fs/file.c | 96 +- fs/f2fs/namei.c | 69 - fs/f2fs/super.c | 4 +- fs/f2fs/xattr.c | 18 +- fs/fcntl.c | 14 +- fs/file.c | 93 +- fs/inode.c | 4 + fs/iomap/buffered-io.c | 16 +- fs/jbd2/checkpoint.c | 21 +- fs/jbd2/journal.c | 4 +- fs/jfs/jfs_discard.c | 11 +- fs/jfs/jfs_dmap.c | 11 +- fs/jfs/jfs_imap.c | 2 +- fs/jfs/xattr.c | 2 + fs/namei.c | 6 +- fs/namespace.c | 21 +- fs/nfs/callback_xdr.c | 2 + fs/nfs/client.c | 1 + fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs4state.c | 3 +- fs/nfsd/filecache.c | 7 +- fs/nfsd/nfs4idmap.c | 13 +- fs/nfsd/nfs4recover.c | 8 + fs/nfsd/nfs4state.c | 5 +- fs/nfsd/nfs4xdr.c | 10 +- fs/nfsd/vfs.c | 1 + fs/nilfs2/btree.c | 12 +- fs/ntfs3/file.c | 4 +- fs/ntfs3/frecord.c | 21 +- fs/ntfs3/fslog.c | 19 +- fs/ocfs2/aops.c | 5 +- fs/ocfs2/buffer_head_io.c | 4 +- fs/ocfs2/journal.c | 7 +- fs/ocfs2/localalloc.c | 19 + fs/ocfs2/quota_local.c | 8 +- fs/ocfs2/refcounttree.c | 26 +- fs/ocfs2/xattr.c | 11 +- fs/proc/base.c | 61 +- fs/smb/client/cifsfs.c | 13 +- fs/smb/client/cifsglob.h | 2 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2ops.c | 19 +- fs/smb/server/vfs.c | 19 +- fs/unicode/mkutf8data.c | 70 - fs/unicode/utf8data.c_shipped | 6703 ++++++++++---------- fs/xfs/xfs_reflink.c | 8 +- include/acpi/acoutput.h | 5 + include/acpi/cppc_acpi.h | 2 + include/crypto/internal/simd.h | 12 +- include/drm/drm_print.h | 54 +- include/dt-bindings/clock/exynos7885.h | 4 +- include/dt-bindings/clock/imx6ul-clock.h | 7 +- include/dt-bindings/clock/qcom,gcc-sc8180x.h | 3 + include/linux/blkdev.h | 3 - include/linux/dax.h | 2 + include/linux/f2fs_fs.h | 2 +- include/linux/fdtable.h | 8 +- include/linux/fs.h | 11 + include/linux/i2c.h | 7 + include/linux/mfd/syscon/imx6q-iomuxc-gpr.h | 6 +- include/linux/nfs_fs_sb.h | 1 + include/linux/pci_ids.h | 2 + include/linux/sbitmap.h | 2 +- include/linux/uprobes.h | 2 + include/linux/usb/usbnet.h | 15 + include/linux/vdpa.h | 6 + include/linux/xarray.h | 6 + include/net/bluetooth/hci_core.h | 4 +- include/net/ip.h | 2 + include/net/mac80211.h | 7 +- include/net/mctp.h | 2 +- include/net/rtnetlink.h | 17 + include/net/sch_generic.h | 1 - include/net/sock.h | 2 + include/net/tcp.h | 21 +- include/trace/events/erofs.h | 4 +- include/trace/events/f2fs.h | 3 +- include/uapi/linux/cec.h | 6 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- include/uapi/linux/snmp.h | 3 + io_uring/io-wq.c | 33 +- io_uring/io_uring.c | 15 + io_uring/net.c | 4 +- io_uring/sqpoll.c | 12 + kernel/bpf/arraymap.c | 3 + kernel/bpf/btf.c | 8 + kernel/bpf/hashtab.c | 3 + kernel/bpf/helpers.c | 6 +- kernel/bpf/syscall.c | 1 + kernel/bpf/verifier.c | 16 +- kernel/events/core.c | 6 +- kernel/events/uprobes.c | 4 +- kernel/fork.c | 30 +- kernel/jump_label.c | 52 +- kernel/kthread.c | 12 +- kernel/locking/lockdep.c | 50 +- kernel/module/Makefile | 2 +- kernel/padata.c | 6 +- kernel/rcu/rcuscale.c | 4 +- kernel/rcu/tree_nocb.h | 5 +- kernel/resource.c | 58 +- kernel/sched/psi.c | 26 +- kernel/static_call_inline.c | 13 +- kernel/trace/trace.c | 18 +- kernel/trace/trace_hwlat.c | 2 + kernel/trace/trace_osnoise.c | 2 + kernel/trace/trace_output.c | 6 +- lib/bootconfig.c | 3 +- lib/buildid.c | 88 +- lib/debugobjects.c | 5 +- lib/sbitmap.c | 4 +- lib/test_xarray.c | 93 + lib/xarray.c | 53 +- lib/xz/xz_crc32.c | 2 +- lib/xz/xz_private.h | 4 - mm/Kconfig | 25 +- mm/damon/vaddr.c | 2 + mm/filemap.c | 50 +- mm/secretmem.c | 4 +- mm/slab_common.c | 7 + mm/util.c | 2 +- net/bluetooth/hci_conn.c | 6 +- net/bluetooth/hci_core.c | 27 +- net/bluetooth/hci_event.c | 13 +- net/bluetooth/hci_sock.c | 21 +- net/bluetooth/hci_sync.c | 5 +- net/bluetooth/mgmt.c | 13 +- net/bluetooth/rfcomm/sock.c | 2 - net/bridge/br_netfilter_hooks.c | 5 + net/can/bcm.c | 4 +- net/can/j1939/transport.c | 8 +- net/core/dev.c | 12 +- net/core/filter.c | 44 +- net/core/rtnetlink.c | 29 + net/core/sock_map.c | 1 + net/ipv4/devinet.c | 6 +- net/ipv4/fib_frontend.c | 2 +- net/ipv4/icmp.c | 106 +- net/ipv4/ip_gre.c | 6 +- net/ipv4/netfilter/nf_dup_ipv4.c | 7 +- net/ipv4/netfilter/nf_reject_ipv4.c | 10 +- net/ipv4/netfilter/nft_fib_ipv4.c | 4 +- net/ipv4/proc.c | 8 +- net/ipv4/tcp_input.c | 31 +- net/ipv4/tcp_ipv4.c | 3 + net/ipv4/udp_offload.c | 22 +- net/ipv6/Kconfig | 1 + net/ipv6/icmp.c | 32 +- net/ipv6/netfilter/nf_dup_ipv6.c | 7 +- net/ipv6/netfilter/nf_reject_ipv6.c | 19 +- net/ipv6/netfilter/nft_fib_ipv6.c | 5 +- net/ipv6/proc.c | 1 + net/ipv6/route.c | 2 +- net/ipv6/rpl_iptunnel.c | 12 +- net/mac80211/chan.c | 4 +- net/mac80211/iface.c | 17 +- net/mac80211/mlme.c | 2 +- net/mac80211/offchannel.c | 1 + net/mac80211/rate.c | 2 +- net/mac80211/scan.c | 21 +- net/mac80211/tx.c | 2 +- net/mac80211/util.c | 4 +- net/mctp/af_mctp.c | 6 +- net/mctp/device.c | 32 +- net/mctp/neigh.c | 29 +- net/mctp/route.c | 33 +- net/mptcp/mib.c | 2 + net/mptcp/mib.h | 2 + net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 24 +- net/mptcp/subflow.c | 6 +- net/netfilter/nf_conntrack_netlink.c | 7 +- net/netfilter/nf_tables_api.c | 14 +- net/netfilter/xt_CHECKSUM.c | 33 +- net/netfilter/xt_CLASSIFY.c | 16 +- net/netfilter/xt_CONNSECMARK.c | 36 +- net/netfilter/xt_CT.c | 148 +- net/netfilter/xt_IDLETIMER.c | 59 +- net/netfilter/xt_LED.c | 39 +- net/netfilter/xt_NFLOG.c | 36 +- net/netfilter/xt_RATEEST.c | 39 +- net/netfilter/xt_SECMARK.c | 27 +- net/netfilter/xt_TRACE.c | 35 +- net/netfilter/xt_addrtype.c | 15 +- net/netfilter/xt_cluster.c | 33 +- net/netfilter/xt_connbytes.c | 4 +- net/netfilter/xt_connlimit.c | 39 +- net/netfilter/xt_connmark.c | 28 +- net/netfilter/xt_mark.c | 42 +- net/netlink/af_netlink.c | 3 +- net/qrtr/af_qrtr.c | 2 +- net/sched/sch_api.c | 7 +- net/sched/sch_taprio.c | 4 +- net/sctp/socket.c | 20 +- net/socket.c | 7 +- net/tipc/bcast.c | 2 +- net/tipc/bearer.c | 8 +- net/wireless/nl80211.c | 18 +- net/wireless/scan.c | 6 +- net/wireless/sme.c | 3 +- rust/macros/module.rs | 6 +- scripts/kconfig/qconf.cc | 2 +- security/Kconfig | 32 + security/bpf/hooks.c | 1 - security/selinux/hooks.c | 4 +- security/smack/smack_lsm.c | 4 +- security/smack/smackfs.c | 2 +- security/tomoyo/domain.c | 9 +- sound/core/init.c | 14 +- sound/core/oss/mixer_oss.c | 4 +- sound/pci/asihpi/hpimsgx.c | 2 +- sound/pci/hda/cs35l41_hda_spi.c | 1 + sound/pci/hda/hda_controller.h | 2 +- sound/pci/hda/hda_generic.c | 4 +- sound/pci/hda/hda_intel.c | 12 +- sound/pci/hda/patch_conexant.c | 24 +- sound/pci/hda/patch_realtek.c | 10 +- sound/pci/rme9652/hdsp.c | 6 +- sound/pci/rme9652/hdspm.c | 6 +- sound/soc/atmel/mchp-pdmc.c | 3 + sound/soc/codecs/rt5682.c | 4 +- sound/soc/codecs/rt5682s.c | 4 +- sound/soc/codecs/wsa883x.c | 16 +- sound/soc/fsl/imx-card.c | 1 + sound/usb/card.c | 6 + sound/usb/line6/podhd.c | 2 +- sound/usb/mixer.c | 35 +- sound/usb/mixer.h | 1 + sound/usb/quirks-table.h | 2283 ++----- sound/usb/quirks.c | 4 + tools/accounting/getdelays.c | 24 +- tools/arch/x86/kcpuid/kcpuid.c | 12 +- tools/iio/iio_generic_buffer.c | 4 + tools/lib/subcmd/parse-options.c | 8 +- tools/perf/builtin-inject.c | 1 + tools/perf/builtin-kmem.c | 2 + tools/perf/builtin-kvm.c | 3 + tools/perf/builtin-kwork.c | 3 + tools/perf/builtin-lock.c | 24 +- tools/perf/builtin-mem.c | 4 + tools/perf/builtin-sched.c | 160 +- tools/perf/util/hist.c | 7 +- tools/perf/util/session.c | 3 + tools/perf/util/stat-display.c | 3 +- tools/perf/util/time-utils.c | 4 +- tools/perf/util/tool.h | 1 + tools/testing/ktest/ktest.pl | 2 +- tools/testing/selftests/arm64/signal/Makefile | 8 +- tools/testing/selftests/arm64/signal/sve_helpers.c | 56 + tools/testing/selftests/arm64/signal/sve_helpers.h | 21 + .../testcases/fake_sigreturn_sme_change_vl.c | 46 +- .../testcases/fake_sigreturn_sve_change_vl.c | 30 +- .../selftests/arm64/signal/testcases/ssve_regs.c | 36 +- .../arm64/signal/testcases/ssve_za_regs.c | 146 + .../selftests/arm64/signal/testcases/sve_regs.c | 32 +- .../selftests/arm64/signal/testcases/za_no_regs.c | 32 +- .../selftests/arm64/signal/testcases/za_regs.c | 36 +- tools/testing/selftests/bpf/DENYLIST.s390x | 2 + tools/testing/selftests/bpf/bench.c | 1 + tools/testing/selftests/bpf/bench.h | 1 + .../selftests/bpf/map_tests/sk_storage_map.c | 2 +- .../selftests/bpf/prog_tests/bpf_iter_setsockopt.c | 2 +- .../testing/selftests/bpf/prog_tests/core_reloc.c | 1 + .../selftests/bpf/prog_tests/flow_dissector.c | 1 + tools/testing/selftests/bpf/prog_tests/kfree_skb.c | 1 + .../bpf/prog_tests/libbpf_get_fd_by_id_opts.c | 87 + .../selftests/bpf/prog_tests/ns_current_pid_tgid.c | 156 +- .../selftests/bpf/prog_tests/stacktrace_build_id.c | 19 +- .../bpf/prog_tests/stacktrace_build_id_nmi.c | 17 +- tools/testing/selftests/bpf/prog_tests/tcp_rtt.c | 1 + .../selftests/bpf/prog_tests/user_ringbuf.c | 1 + .../testing/selftests/bpf/progs/cg_storage_multi.h | 2 - .../bpf/progs/test_libbpf_get_fd_by_id_opts.c | 37 + .../selftests/bpf/progs/test_ns_current_pid_tgid.c | 17 +- tools/testing/selftests/bpf/test_cpp.cpp | 4 + tools/testing/selftests/bpf/test_lru_map.c | 3 +- tools/testing/selftests/bpf/test_progs.c | 110 +- tools/testing/selftests/bpf/test_progs.h | 2 - tools/testing/selftests/bpf/testing_helpers.c | 63 + tools/testing/selftests/bpf/testing_helpers.h | 9 + .../breakpoints/step_after_suspend_test.c | 5 +- .../selftests/net/forwarding/no_forwarding.sh | 2 +- tools/testing/selftests/net/net_helper.sh | 0 tools/testing/selftests/net/setup_loopback.sh | 0 tools/testing/selftests/netfilter/nft_audit.sh | 57 +- tools/testing/selftests/nolibc/nolibc-test.c | 4 +- tools/testing/selftests/vDSO/parse_vdso.c | 17 +- tools/testing/selftests/vDSO/vdso_config.h | 10 +- .../testing/selftests/vDSO/vdso_test_correctness.c | 6 + .../selftests/vm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/vm/write_to_hugetlbfs.c | 23 +- 762 files changed, 11900 insertions(+), 9631 deletions(-)

8 months, 1 week

10
812
0 0

[PATCH 6.6 000/213] 6.6.57-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.57 release. There are 213 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 16 Oct 2024 14:09:57 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.57-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.57-rc1 Johan Hovold <johan+linaro(a)kernel.org> scsi: Revert "scsi: sd: Do not repeat the starting disk message" Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: fix force smbus during suspend flow Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Restore TSO support Patrick Roy <roypat(a)amazon.co.uk> secretmem: disable memfd_secret() if arch cannot set direct map Alexander Gordeev <agordeev(a)linux.ibm.com> fs/proc/kcore.c: allow translation of physical memory addresses Frederic Weisbecker <frederic(a)kernel.org> kthread: unpark only parked kthread Luca Stefani <luca.stefani.ge1(a)gmail.com> btrfs: split remaining space to discard in chunks Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> selftests/rseq: Fix mm_cid test failure Donet Tom <donettom(a)linux.ibm.com> selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix bogus register reading Yonatan Maman <Ymaman(a)Nvidia.com> nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error Kun(llfl) <llfl(a)linux.alibaba.com> device-dax: correct pgoff align in dax_set_mapping() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not remove closing subflows Paolo Abeni <pabeni(a)redhat.com> mptcp: handle consistently DSS corruption Christian Marangi <ansuelsmth(a)gmail.com> net: phy: Remove LED entry from LEDs list on unregister Anatolij Gustschin <agust(a)denx.de> net: dsa: lan9303: ensure chip reset and wait for READY status Anastasia Kovaleva <a.kovaleva(a)yadro.com> net: Fix an unsafe loop on the list Ignat Korchagin <ignat(a)cloudflare.com> net: explicitly clear the sk pointer, when pf->create fails Niklas Cassel <cassel(a)kernel.org> ata: libata: avoid superfluous disk spin down + spin up during hibernation Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fallback when MPTCP opts are dropped after 1st data Avri Altman <avri.altman(a)wdc.com> scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb() Daniel Palmer <daniel(a)0x0f.com> scsi: wd33c93: Don't use stale scsi_pointer value Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync Jani Nikula <jani.nikula(a)intel.com> drm/i915/hdcp: fix connector refcounting Maíra Canal <mcanal(a)igalia.com> drm/vc4: Stop the active perfmon before being destroyed Maíra Canal <mcanal(a)igalia.com> drm/v3d: Stop the active perfmon before being destroyed SurajSonawane2415 <surajsonawane0215(a)gmail.com> hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: core: force synchronous registration Icenowy Zheng <uwu(a)icenowy.me> usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip Jose Alberto Reguero <jose.alberto.reguero(a)gmail.com> usb: xhci: Fix problem with xhci resume from suspend Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Stop processing of pending events if controller is halted Oliver Neukum <oneukum(a)suse.com> Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" Wade Wang <wade.wang(a)hp.com> HID: plantronics: Workaround for an unexcepted opposite volume key He Lugang <helugang(a)uniontech.com> HID: multitouch: Add support for lenovo Y9000P Touchpad Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (adt7470) Add missing dependency on REGMAP_I2C Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (adm9240) Add missing dependency on REGMAP_I2C Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C Guenter Roeck <linux(a)roeck-us.net> hwmon: (tmp513) Add missing dependency on REGMAP_I2C Peter Colberg <peter.colberg(a)intel.com> hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature Kenton Groombridge <concord(a)gentoo.org> wifi: mac80211: Avoid address calculations via out of bounds array indexing Luke D. Jones <luke(a)ljones.dev> hid-asus: add ROG Ally X prod ID to quirk list Luke D. Jones <luke(a)ljones.dev> HID: asus: add ROG Z13 lightbar Luke D. Jones <luke(a)ljones.dev> HID: asus: add ROG Ally N-Key ID and keycodes Kai-Heng Feng <kai.heng.feng(a)canonical.com> HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend Hans de Goede <hdegoede(a)redhat.com> HID: i2c-hid: Renumber I2C_HID_QUIRK_ defines Hans de Goede <hdegoede(a)redhat.com> HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk Johannes Roith <johannes(a)gnu-linux.rocks> HID: mcp2200: added driver for GPIOs of MCP2200 Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Fix rcuog wake-up from offline softirq Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Make IRQs disablement symmetric Eric Dumazet <edumazet(a)google.com> slip: make slhc_remember() more robust against malicious packets Eric Dumazet <edumazet(a)google.com> ppp: fix ppp_async_encode() illegal access Kuniyuki Iwashima <kuniyu(a)amazon.com> phonet: Handle error of rtnl_register_module(). Eric Dumazet <edumazet(a)google.com> phonet: no longer hold RTNL in route_dumpit() Kuniyuki Iwashima <kuniyu(a)amazon.com> mpls: Handle error of rtnl_register_module(). Eric Dumazet <edumazet(a)google.com> mpls: no longer hold RTNL in mpls_netconf_dump_devconf() Eric Dumazet <edumazet(a)google.com> rtnetlink: add RTNL_FLAG_DUMP_UNLOCKED flag Eric Dumazet <edumazet(a)google.com> rtnetlink: change nlk->cb_mutex role Kuniyuki Iwashima <kuniyu(a)amazon.com> mctp: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> bridge: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> vxlan: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> rtnetlink: Add bulk registration helpers for rtnetlink message handlers. Eric Dumazet <edumazet(a)google.com> net: do not delay dst_entries_add() in dst_release() Florian Westphal <fw(a)strlen.de> netfilter: fib: check correct rtable in vrf setups Florian Westphal <fw(a)strlen.de> netfilter: xtables: avoid NFPROTO_UNSPEC where needed Xin Long <lucien.xin(a)gmail.com> sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start Filipe Manana <fdmanana(a)suse.com> btrfs: zoned: fix missing RCU locking in error message when loading zone info Rosen Penev <rosenp(a)gmail.com> net: ibm: emac: mal: fix wrong goto Eric Dumazet <edumazet(a)google.com> net/sched: accept TCA_STAB only for root qdisc Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change I219 (19) devices to ADP Mohamed Khalfella <mkhalfella(a)purestorage.com> igb: Do not bring the device up after non-fatal error Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: Fix macvlan leak by synchronizing access to mac_filter_hash Wojciech Drewek <wojciech.drewek(a)intel.com> ice: Flush FDB entries before reset Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: rename switchdev to eswitch Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix netif_is_ice() in Safe Mode Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Ignore minor version change Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel/tpmi: Add defines to get version information Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Use devm_clk api to manage clock source Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Add the flush write to ensure the write complete. Yonatan Maman <Ymaman(a)Nvidia.com> nouveau/dmem: Fix privileged error in copy engine channel Ben Skeggs <bskeggs(a)nvidia.com> drm/nouveau: pass cli to nouveau_channel_new() instead of drm+device Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix jumbo frames on 10/100 ports Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow lower MTUs on BCM5325/5365 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix max MTU for BCM5325/BCM5365 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix max MTU for 1g switches Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix jumbo frame mtu check Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: adi: adin1110: Fix some error handling path in adin1110_read_fifo() Jakub Kicinski <kuba(a)kernel.org> Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled" Zhang Rui <rui.zhang(a)intel.com> thermal: intel: int340x: processor: Fix warning during module unload Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: int340x: processor_thermal: Set feature mask before proc_thermal_add Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: phy: bcm84881: Fix some error handling paths Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change Kacper Ludwinski <kac.ludwinski(a)icloud.com> selftests: net: no_forwarding: fix VID for $swp2 in one_bridge_two_pvids() test Andy Roulin <aroulin(a)nvidia.com> netfilter: br_netfilter: fix panic with metadata_dst skb David Howells <dhowells(a)redhat.com> rxrpc: Fix uninitialised variable in rxrpc_send_data() Neal Cardwell <ncardwell(a)google.com> tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out Aananth V <aananthv(a)google.com> tcp: new TCP_INFO stats for RTO events Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe Neal Cardwell <ncardwell(a)google.com> tcp: fix to allow timestamp undo if no retransmits were sent Ingo van Lil <inguin(a)gmx.de> net: phy: dp83869: fix memory corruption when enabling fiber Yanjun Zhang <zhangyanjun(a)cestc.cn> NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() Dan Carpenter <dan.carpenter(a)linaro.org> SUNRPC: Fix integer overflow in decode_rc_list() Dave Ertman <david.m.ertman(a)intel.com> ice: fix VLAN replay after reset Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: set correct dst VSI in only LAN filters Chuck Lever <chuck.lever(a)oracle.com> NFSD: Mark filecache "down" if init fails Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> x86/amd_nb: Add new PCI IDs for AMD family 0x1a Andrey Shumilin <shum.sdl(a)nppct.ru> fbdev: sisfb: Fix strbuf array overflow Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix UAF in async decryption Qianqiang Liu <qianqiang.liu(a)163.com> fbcon: Fix a NULL pointer dereference issue in fbcon_putcs Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointer before dereferencing se Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Fix double free in driver API bus_register() Riyan Dhiman <riyandhiman14(a)gmail.com> staging: vme_user: added bound check to geoid Zhu Jun <zhujun2(a)cmss.chinamobile.com> tools/iio: Add memory allocation failure check for trigger_name Philip Chen <philipchen(a)chromium.org> virtio_pmem: Check device status before requesting flush Simon Horman <horms(a)kernel.org> netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: don't try nat source port reallocation for reverse dir clash Wentao Guan <guanwentao(a)uniontech.com> LoongArch: Fix memleak in pci_acpi_scan_root() Ruffalo Lavoisier <ruffalolavoisier(a)gmail.com> comedi: ni_routing: tools: Check when the file could not be opened Shawn Shao <shawn.shao(a)jaguarmicro.com> usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: enable suspend interrupt after usb reset Wadim Egorov <w.egorov(a)phytec.de> usb: typec: tipd: Free IRQ only if it was requested before Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: protect uart_port_dtr_rts() in uart_shutdown() too Peng Fan <peng.fan(a)nxp.com> clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table Yunke Cao <yunkec(a)chromium.org> media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() Ying Sun <sunying(a)isrc.iscas.ac.cn> riscv/kexec_file: Fix relocation type R_RISCV_ADD16 and R_RISCV_SUB16 unknown Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: cadence: re-check Peripheral status with delayed_work Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults Jisheng Zhang <jszhang(a)kernel.org> riscv: avoid Imbalance in RAS Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict Kaixin Wang <kxwang23(a)m.fudan.edu.cn> ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition Jens Axboe <axboe(a)kernel.dk> io_uring: check if we need to reschedule during overflow flush Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Don't have MAX_PHYSMEM_BITS exceed phys_addr_t Kaixin Wang <kxwang23(a)m.fudan.edu.cn> i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition Alex Williamson <alex.williamson(a)redhat.com> PCI: Mark Creative Labs EMU20k2 INTx masking as broken Hans de Goede <hdegoede(a)redhat.com> i2c: i801: Use a different adapter-name for IDF adapters Subramanian Ananthanarayanan <quic_skananth(a)quicinc.com> PCI: Add ACS quirk for Qualcomm SA8775P Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: bcm: bcm53573: fix OF node leak in init Md Haris Iqbal <haris.iqbal(a)ionos.com> RDMA/rtrs-srv: Avoid null pointer deref during path establishment WangYuli <wangyuli(a)uniontech.com> PCI: Add function 0 DMA alias quirk for Glenfly Arise chip Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: intel_bus_common: enable interrupts before exiting reset Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/mad: Improve handling of timed out WRs of mad agent Daniel Jordan <daniel.m.jordan(a)oracle.com> ktest.pl: Avoid false positives with grub2 skip regex Xu Kuohai <xukuohai(a)huawei.com> bpf: Prevent tail call between progs attached to different hooks Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Handle early warnings gracefully Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Remove WARN_ON_ONCE statements Wojciech Gładysz <wojciech.gladysz(a)infogain.com> ext4: nested locking for xattr inode Jan Kara <jack(a)suse.cz> ext4: don't set SB_RDONLY after filesystem errors Yonghong Song <yonghong.song(a)linux.dev> bpf, x64: Fix a jit convergence issue Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: Add cond_resched() to cmm_alloc/free_pages() Heiko Carstens <hca(a)linux.ibm.com> s390/facility: Disable compile time optimization for decompressor code Heiko Carstens <hca(a)linux.ibm.com> s390/boot: Compile all files with the same march flag Tao Chen <chen.dylane(a)gmail.com> bpf: Check percpu map value size first Daniel Borkmann <daniel(a)iogearbox.net> selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test Mathias Krause <minipli(a)grsecurity.net> Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal Andrey Skvortsov <andrej.skvortzov(a)gmail.com> zram: don't free statically defined names Sergey Senozhatsky <senozhatsky(a)chromium.org> zram: free secondary algorithms names Diogo Jahchan Koike <djahchankoike(a)gmail.com> ntfs3: Change to non-blocking allocation in ntfs_d_hash Michael S. Tsirkin <mst(a)redhat.com> virtio_console: fix misc probe bugs Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Refactor enum_rstbl to suppress static checker Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix sparse warning in ni_fiemap Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Do not call file_modified if collapse range failed Alex Hung <alex.hung(a)amd.com> drm/amd/display: Revert "Check HDCP returned status" Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: Remove a redundant check in authenticated_dp Paul Menzel <pmenzel(a)molgen.mpg.de> lib/build_OID_registry: avoid non-destructive substitution for Perl < 5.13.2 compat Randy Dunlap <rdunlap(a)infradead.org> jbd2: fix kernel-doc for j_transaction_overhead_buffers Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix usage of __hci_cmd_sync_status Benjamin Poirier <bpoirier(a)nvidia.com> selftests: Introduce Makefile variable to list shared bash scripts Benjamin Poirier <bpoirier(a)nvidia.com> selftests: net: Remove executable bits from library scripts Aditya Gupta <adityag(a)linux.ibm.com> libsubcmd: Don't free the usage string Yang Jihong <yangjihong1(a)huawei.com> perf sched: Move curr_pid and cpu_last_switched initialization to perf_sched__{lat|map|replay}() Yang Jihong <yangjihong1(a)huawei.com> perf sched: Move curr_thread initialization to perf_sched__map() Yang Jihong <yangjihong1(a)huawei.com> perf sched: Fix memory leak in perf_sched__map() Yang Jihong <yangjihong1(a)huawei.com> perf sched: Move start_work_mutex and work_done_wait_mutex initialization to perf_sched__replay() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> bootconfig: Fix the kerneldoc of _xbc_exit() Hui Wang <hui.wang(a)canonical.com> e1000e: move force SMBUS near the end of enable_ulp function Tony Nguyen <anthony.l.nguyen(a)intel.com> i40e: Include types.h to some headers Ivan Vecera <ivecera(a)redhat.com> i40e: Fix ST code value for Clause 45 Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Do not repeat the starting disk message Damien Le Moal <dlemoal(a)kernel.org> scsi: Remove scsi device no_start_on_resume flag Gergo Koteles <soyer(a)irl.hu> ASoC: tas2781: mark dvc_tlv with __maybe_unused Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Add mask_port_map module parameter Carlos Song <carlos.song(a)nxp.com> spi: spi-fsl-lpspi: remove redundant spi_controller_put call Charlie Jenkins <charlie(a)rivosinc.com> riscv: cpufeature: Fix thead vector hwcap removal Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Have saved_cmdlines arrays all in one allocation Xiubo Li <xiubli(a)redhat.com> libceph: init the cursor when preparing sparse read in msgr2 Shannon Nelson <shannon.nelson(a)amd.com> pds_core: no health-thread in VF path Geoff Levand <geoff(a)infradead.org> Revert "powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2" Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Add support for async DMA read operation Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Add support for async DMA write operation Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Introduce async read/write callbacks Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Rename read_from_host() and write_to_host() APIs Rob Clark <robdclark(a)chromium.org> drm/crtc: fix uninitialized variable use even harder Jean-Loïc Charroud <lagiraudiere+linux(a)free.fr> ALSA: hda/realtek: cs35l41: Fix device ID / model name Jean-Loïc Charroud <lagiraudiere+linux(a)free.fr> ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Remove precision vsnprintf() check from print event Cong Yang <yangcong5(a)huaqin.corp-partner.google.com> drm/panel: boe-tv101wum-nl6: Fine tune Himax83102-j02 panel HFP and HBP (again) Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Drop TSO support Song Shuai <songshuaishuai(a)tinylab.org> riscv: Remove SHADOW_OVERFLOW_STACK_SIZE macro Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "ignore negated quota changes" Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: qd_check_sync cleanups Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "introduce qd_bh_get_or_undo" Abel Vesa <abel.vesa(a)linaro.org> phy: qualcomm: eusb2-repeater: Rework init to drop redundant zero-out loop Konrad Dybcio <konrad.dybcio(a)linaro.org> phy: qualcomm: phy-qcom-eusb2-repeater: Add tuning overrides Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Load tunings for the correct speaker models Bjorn Helgaas <bhelgaas(a)google.com> Revert "PCI/MSI: Provide stubs for IMS functions" Wei Fang <wei.fang(a)nxp.com> net: fec: don't save PTP state if PTP is unsupported Gabriel Krisman Bertazi <krisman(a)suse.de> unicode: Don't special case ignorable code points ------------- Diffstat: Documentation/dev-tools/kselftest.rst | 12 + Makefile | 4 +- arch/loongarch/pci/acpi.c | 1 + arch/powerpc/configs/ps3_defconfig | 1 - arch/riscv/include/asm/sbi.h | 2 + arch/riscv/include/asm/sparsemem.h | 2 +- arch/riscv/include/asm/thread_info.h | 1 - arch/riscv/kernel/cpu.c | 40 +- arch/riscv/kernel/cpufeature.c | 8 +- arch/riscv/kernel/elf_kexec.c | 6 + arch/riscv/kernel/entry.S | 4 +- arch/s390/boot/Makefile | 19 +- arch/s390/include/asm/facility.h | 6 +- arch/s390/include/asm/io.h | 2 + arch/s390/kernel/early.c | 17 +- arch/s390/kernel/perf_cpum_sf.c | 12 +- arch/s390/mm/cmm.c | 18 +- arch/x86/kernel/amd_nb.c | 4 + arch/x86/net/bpf_jit_comp.c | 54 +- drivers/ata/ahci.c | 85 + drivers/ata/libata-eh.c | 18 +- drivers/base/bus.c | 8 +- drivers/block/zram/zram_drv.c | 7 + drivers/bus/mhi/ep/internal.h | 1 + drivers/bus/mhi/ep/main.c | 248 +- drivers/bus/mhi/ep/ring.c | 8 +- drivers/char/virtio_console.c | 18 +- drivers/clk/bcm/clk-bcm53573-ilp.c | 2 +- drivers/clk/imx/clk-imx7d.c | 4 +- .../drivers/ni_routing/tools/convert_c_to_py.c | 5 + drivers/dax/device.c | 2 +- drivers/gpio/gpio-aspeed.c | 4 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- .../drm/amd/display/modules/hdcp/hdcp1_execution.c | 27 +- drivers/gpu/drm/drm_crtc.c | 1 + drivers/gpu/drm/i915/display/intel_hdcp.c | 10 +- drivers/gpu/drm/nouveau/dispnv04/crtc.c | 2 +- drivers/gpu/drm/nouveau/nouveau_abi16.c | 2 +- drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/nouveau/nouveau_chan.c | 21 +- drivers/gpu/drm/nouveau/nouveau_chan.h | 3 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 4 +- drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 9 +- drivers/gpu/drm/vc4/vc4_perfmon.c | 7 +- drivers/hid/Kconfig | 9 + drivers/hid/Makefile | 1 + drivers/hid/amd-sfh-hid/amd_sfh_client.c | 14 +- drivers/hid/hid-asus.c | 14 +- drivers/hid/hid-ids.h | 10 + drivers/hid/hid-mcp2200.c | 392 ++ drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-plantronics.c | 23 + drivers/hid/i2c-hid/i2c-hid-core.c | 22 +- drivers/hid/intel-ish-hid/ishtp-fw-loader.c | 2 +- drivers/hwmon/Kconfig | 4 + drivers/hwmon/intel-m10-bmc-hwmon.c | 2 +- drivers/hwmon/k10temp.c | 1 + drivers/i2c/busses/i2c-i801.c | 9 +- drivers/i3c/master/i3c-master-cdns.c | 1 + drivers/infiniband/core/mad.c | 14 +- drivers/infiniband/hw/mlx5/odp.c | 25 +- drivers/infiniband/ulp/rtrs/rtrs-srv.c | 13 +- drivers/input/rmi4/rmi_driver.c | 6 +- drivers/media/common/videobuf2/videobuf2-core.c | 8 +- drivers/mfd/intel_soc_pmic_chtwc.c | 1 - drivers/net/dsa/b53/b53_common.c | 17 +- drivers/net/dsa/lan9303-core.c | 29 + drivers/net/ethernet/adi/adin1110.c | 4 +- drivers/net/ethernet/amd/pds_core/main.c | 6 + drivers/net/ethernet/cortina/gemini.c | 32 +- drivers/net/ethernet/freescale/fec_main.c | 6 +- drivers/net/ethernet/ibm/emac/mal.c | 2 +- drivers/net/ethernet/intel/e1000e/hw.h | 4 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 55 + drivers/net/ethernet/intel/e1000e/netdev.c | 22 +- drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 1 + drivers/net/ethernet/intel/i40e/i40e_diag.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 1 + drivers/net/ethernet/intel/i40e/i40e_register.h | 2 +- drivers/net/ethernet/intel/i40e/i40e_type.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 + drivers/net/ethernet/intel/ice/ice.h | 6 +- drivers/net/ethernet/intel/ice/ice_eswitch.c | 63 +- drivers/net/ethernet/intel/ice/ice_eswitch_br.c | 17 +- drivers/net/ethernet/intel/ice/ice_eswitch_br.h | 1 + drivers/net/ethernet/intel/ice/ice_main.c | 27 +- drivers/net/ethernet/intel/ice/ice_switch.c | 2 - drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/phy/bcm84881.c | 4 +- drivers/net/phy/dp83869.c | 1 - drivers/net/phy/phy_device.c | 5 +- drivers/net/ppp/ppp_async.c | 2 +- drivers/net/slip/slhc.c | 57 +- drivers/net/vxlan/vxlan_core.c | 6 +- drivers/net/vxlan/vxlan_private.h | 2 +- drivers/net/vxlan/vxlan_vnifilter.c | 19 +- drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 1 + drivers/nvdimm/nd_virtio.c | 9 + drivers/pci/endpoint/functions/pci-epf-mhi.c | 8 +- drivers/pci/quirks.c | 8 + drivers/phy/qualcomm/phy-qcom-eusb2-repeater.c | 145 +- drivers/powercap/intel_rapl_tpmi.c | 19 +- drivers/remoteproc/imx_rproc.c | 13 +- drivers/scsi/lpfc/lpfc_ct.c | 12 + drivers/scsi/lpfc/lpfc_disc.h | 7 + drivers/scsi/lpfc/lpfc_els.c | 7 +- drivers/scsi/lpfc/lpfc_vport.c | 43 +- drivers/scsi/sd.c | 9 +- drivers/scsi/wd33c93.c | 2 +- drivers/soundwire/cadence_master.c | 39 +- drivers/soundwire/cadence_master.h | 5 + drivers/soundwire/intel.h | 2 + drivers/soundwire/intel_auxdevice.c | 1 + drivers/soundwire/intel_bus_common.c | 35 +- drivers/spi/spi-fsl-lpspi.c | 14 +- drivers/staging/vme_user/vme_fake.c | 6 + drivers/staging/vme_user/vme_tsi148.c | 6 + .../int340x_thermal/processor_thermal_device_pci.c | 23 +- drivers/tty/serial/serial_core.c | 16 +- drivers/ufs/core/ufshcd.c | 5 +- drivers/usb/chipidea/udc.c | 8 +- drivers/usb/dwc2/platform.c | 26 +- drivers/usb/dwc3/core.c | 22 +- drivers/usb/dwc3/core.h | 4 - drivers/usb/dwc3/gadget.c | 11 - drivers/usb/gadget/udc/core.c | 1 + drivers/usb/host/xhci-pci.c | 5 + drivers/usb/misc/yurex.c | 19 +- drivers/usb/storage/unusual_devs.h | 11 + drivers/usb/typec/tipd/core.c | 2 + drivers/video/fbdev/core/fbcon.c | 2 + drivers/video/fbdev/sis/sis_main.c | 2 +- fs/btrfs/extent-tree.c | 19 +- fs/btrfs/volumes.h | 6 + fs/btrfs/zoned.c | 2 +- fs/ext4/super.c | 9 +- fs/ext4/xattr.c | 4 +- fs/gfs2/quota.c | 59 +- fs/nfs/callback_xdr.c | 2 + fs/nfs/client.c | 1 + fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs4state.c | 2 +- fs/nfsd/filecache.c | 4 +- fs/ntfs3/file.c | 4 +- fs/ntfs3/frecord.c | 21 +- fs/ntfs3/fslog.c | 19 +- fs/ntfs3/namei.c | 4 +- fs/proc/kcore.c | 36 +- fs/smb/client/smb2ops.c | 47 +- fs/smb/client/smb2pdu.c | 6 + fs/unicode/mkutf8data.c | 70 - fs/unicode/utf8data.c_shipped | 6703 ++++++++++---------- include/linux/bpf.h | 1 + include/linux/intel_tpmi.h | 6 + include/linux/jbd2.h | 2 +- include/linux/mhi_ep.h | 21 +- include/linux/netlink.h | 2 + include/linux/nfs_fs_sb.h | 1 + include/linux/pci.h | 34 +- include/linux/pci_ids.h | 4 + include/linux/tcp.h | 8 + include/net/mctp.h | 2 +- include/net/rtnetlink.h | 18 + include/net/sch_generic.h | 1 - include/net/sock.h | 2 + include/scsi/scsi_device.h | 1 - include/sound/cs35l56.h | 1 + include/sound/tas2781-tlv.h | 2 +- include/uapi/linux/tcp.h | 12 + io_uring/io_uring.c | 15 + kernel/bpf/arraymap.c | 3 + kernel/bpf/core.c | 21 +- kernel/bpf/hashtab.c | 3 + kernel/kthread.c | 2 + kernel/rcu/tree.c | 9 +- kernel/rcu/tree_nocb.h | 28 +- kernel/trace/trace.c | 18 +- kernel/trace/trace_output.c | 6 +- lib/bootconfig.c | 3 +- lib/build_OID_registry | 4 +- mm/secretmem.c | 4 +- net/bluetooth/hci_conn.c | 3 + net/bluetooth/hci_core.c | 27 +- net/bluetooth/rfcomm/sock.c | 2 - net/bridge/br_netfilter_hooks.c | 5 + net/bridge/br_netlink.c | 6 +- net/bridge/br_private.h | 5 +- net/bridge/br_vlan.c | 19 +- net/ceph/messenger_v2.c | 3 + net/core/dst.c | 17 +- net/core/rtnetlink.c | 31 + net/ipv4/netfilter/nf_reject_ipv4.c | 10 +- net/ipv4/netfilter/nft_fib_ipv4.c | 4 +- net/ipv4/tcp.c | 9 + net/ipv4/tcp_input.c | 57 +- net/ipv4/tcp_minisocks.c | 4 + net/ipv4/tcp_timer.c | 17 +- net/ipv6/netfilter/nf_reject_ipv6.c | 5 +- net/ipv6/netfilter/nft_fib_ipv6.c | 5 +- net/mac80211/scan.c | 17 +- net/mctp/af_mctp.c | 6 +- net/mctp/device.c | 32 +- net/mctp/neigh.c | 29 +- net/mctp/route.c | 33 +- net/mpls/af_mpls.c | 87 +- net/mptcp/mib.c | 2 + net/mptcp/mib.h | 2 + net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 24 +- net/mptcp/subflow.c | 6 +- net/netfilter/nf_nat_core.c | 120 +- net/netfilter/xt_CHECKSUM.c | 33 +- net/netfilter/xt_CLASSIFY.c | 16 +- net/netfilter/xt_CONNSECMARK.c | 36 +- net/netfilter/xt_CT.c | 148 +- net/netfilter/xt_IDLETIMER.c | 59 +- net/netfilter/xt_LED.c | 39 +- net/netfilter/xt_NFLOG.c | 36 +- net/netfilter/xt_RATEEST.c | 39 +- net/netfilter/xt_SECMARK.c | 27 +- net/netfilter/xt_TRACE.c | 35 +- net/netfilter/xt_addrtype.c | 15 +- net/netfilter/xt_cluster.c | 33 +- net/netfilter/xt_connbytes.c | 4 +- net/netfilter/xt_connlimit.c | 39 +- net/netfilter/xt_connmark.c | 28 +- net/netfilter/xt_mark.c | 42 +- net/netlink/af_netlink.c | 38 +- net/netlink/af_netlink.h | 5 +- net/phonet/pn_netlink.c | 43 +- net/rxrpc/sendmsg.c | 10 +- net/sched/sch_api.c | 7 +- net/sctp/socket.c | 18 +- net/socket.c | 7 +- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_realtek.c | 7 +- sound/soc/codecs/cs35l56-shared.c | 36 + sound/soc/codecs/cs35l56.c | 32 +- sound/soc/codecs/cs35l56.h | 1 + tools/iio/iio_generic_buffer.c | 4 + tools/lib/subcmd/parse-options.c | 8 +- tools/perf/builtin-kmem.c | 2 + tools/perf/builtin-kvm.c | 3 + tools/perf/builtin-kwork.c | 3 + tools/perf/builtin-lock.c | 3 + tools/perf/builtin-mem.c | 3 + tools/perf/builtin-sched.c | 164 +- tools/testing/ktest/ktest.pl | 2 +- tools/testing/selftests/Makefile | 7 +- .../testing/selftests/bpf/progs/verifier_int_ptr.c | 5 +- tools/testing/selftests/lib.mk | 19 + tools/testing/selftests/mm/hmm-tests.c | 2 +- .../selftests/net/forwarding/no_forwarding.sh | 2 +- tools/testing/selftests/net/setup_loopback.sh | 0 tools/testing/selftests/rseq/rseq.c | 110 +- tools/testing/selftests/rseq/rseq.h | 10 +- 260 files changed, 6581 insertions(+), 4716 deletions(-)

8 months, 1 week

7
219
0 0

[PATCH 6.11 000/214] 6.11.4-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.11.4 release. There are 214 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 16 Oct 2024 14:09:57 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.4-rc1 Jens Axboe <axboe(a)kernel.dk> io_uring/rw: fix cflags posting for single issue multishot read Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: Pass domain number to pci_bus_release_domain_nr() explicitly Patrick Roy <roypat(a)amazon.co.uk> secretmem: disable memfd_secret() if arch cannot set direct map Alexander Gordeev <agordeev(a)linux.ibm.com> fs/proc/kcore.c: allow translation of physical memory addresses Frederic Weisbecker <frederic(a)kernel.org> kthread: unpark only parked kthread Joshua Hay <joshua.a.hay(a)intel.com> idpf: use actual mbx receive payload length Ulf Hansson <ulf.hansson(a)linaro.org> PM: domains: Fix alloc/free in dev_pm_domain_attach|detach_list() Luca Stefani <luca.stefani.ge1(a)gmail.com> btrfs: add cancellation points to trim loops Luca Stefani <luca.stefani.ge1(a)gmail.com> btrfs: split remaining space to discard in chunks Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> selftests/rseq: Fix mm_cid test failure Donet Tom <donettom(a)linux.ibm.com> selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Fix bogus register reading Yonatan Maman <Ymaman(a)Nvidia.com> nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error Gui-Dong Han <hanguidong02(a)outlook.com> ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() Gui-Dong Han <hanguidong02(a)outlook.com> ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() Kun(llfl) <llfl(a)linux.alibaba.com> device-dax: correct pgoff align in dax_set_mapping() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not remove closing subflows Paolo Abeni <pabeni(a)redhat.com> mptcp: handle consistently DSS corruption Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: realtek: Fix MMD access on RTL8126A-integrated PHY Christian Marangi <ansuelsmth(a)gmail.com> net: phy: Remove LED entry from LEDs list on unregister Anatolij Gustschin <agust(a)denx.de> net: dsa: lan9303: ensure chip reset and wait for READY status Anastasia Kovaleva <a.kovaleva(a)yadro.com> net: Fix an unsafe loop on the list Ignat Korchagin <ignat(a)cloudflare.com> net: explicitly clear the sk pointer, when pf->create fails Dan Carpenter <dan.carpenter(a)linaro.org> OPP: fix error code in dev_pm_opp_set_config() Niklas Cassel <cassel(a)kernel.org> ata: libata: avoid superfluous disk spin down + spin up during hibernation Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fallback when MPTCP opts are dropped after 1st data Michal Wilczynski <m.wilczynski(a)samsung.com> mmc: sdhci-of-dwcmshc: Prevent stale command interrupt handling Linus Walleij <linus.walleij(a)linaro.org> Revert "mmc: mvsdio: Use sg_miter for PIO" Avri Altman <avri.altman(a)wdc.com> scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb() Martin Wilck <martin.wilck(a)suse.com> scsi: fnic: Move flush_work initialization out of if block Daniel Palmer <daniel(a)0x0f.com> scsi: wd33c93: Don't use stale scsi_pointer value Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Free tzp copy along with the thermal zone Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Reference count the zone in thermal_zone_get_by_id() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync Matthew Auld <matthew.auld(a)intel.com> drm/xe/ct: fix xa_store() error checking Matthew Auld <matthew.auld(a)intel.com> drm/xe/ct: prevent UAF in send_recv() Jani Nikula <jani.nikula(a)intel.com> drm/i915/hdcp: fix connector refcounting Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: fix xa_store() error checking Hamza Mahfooz <hamza.mahfooz(a)amd.com> drm/amd/display: fix hibernate entry for DCN35+ Lang Yu <lang.yu(a)amd.com> drm/amdkfd: Fix an eviction fence leak Maíra Canal <mcanal(a)igalia.com> drm/vc4: Stop the active perfmon before being destroyed Maíra Canal <mcanal(a)igalia.com> drm/v3d: Stop the active perfmon before being destroyed Josip Pavic <Josip.Pavic(a)amd.com> drm/amd/display: Clear update flags after update has been applied Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: partially revert powerplay `__counted_by` changes Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Make Asus ExpertBook B2502 matches cover more models Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Make Asus ExpertBook B2402 matches cover more models SurajSonawane2415 <surajsonawane0215(a)gmail.com> hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma John Keeping <jkeeping(a)inmusicbrands.com> usb: gadget: core: force synchronous registration Roy Luo <royluo(a)google.com> usb: dwc3: re-enable runtime PM after failed resume Icenowy Zheng <uwu(a)icenowy.me> usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip Jose Alberto Reguero <jose.alberto.reguero(a)gmail.com> usb: xhci: Fix problem with xhci resume from suspend Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Stop processing of pending events if controller is halted Oliver Neukum <oneukum(a)suse.com> Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Hardcode (non-inverted) AES pens as BTN_TOOL_PEN Wade Wang <wade.wang(a)hp.com> HID: plantronics: Workaround for an unexcepted opposite volume key Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (ltc2991) Add missing dependency on REGMAP_I2C Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (adt7470) Add missing dependency on REGMAP_I2C Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (adm9240) Add missing dependency on REGMAP_I2C Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C Guenter Roeck <linux(a)roeck-us.net> hwmon: (tmp513) Add missing dependency on REGMAP_I2C Peter Colberg <peter.colberg(a)intel.com> hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature He Lugang <helugang(a)uniontech.com> HID: multitouch: Add support for lenovo Y9000P Touchpad Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Fix rcuog wake-up from offline softirq Eric Dumazet <edumazet(a)google.com> slip: make slhc_remember() more robust against malicious packets D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric Dumazet <edumazet(a)google.com> ppp: fix ppp_async_encode() illegal access Kuniyuki Iwashima <kuniyu(a)amazon.com> phonet: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> mpls: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> mctp: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> bridge: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> vxlan: Handle error of rtnl_register_module(). Kuniyuki Iwashima <kuniyu(a)amazon.com> rtnetlink: Add bulk registration helpers for rtnetlink message handlers. Eric Dumazet <edumazet(a)google.com> net: do not delay dst_entries_add() in dst_release() Janne Grunau <j(a)jannau.net> drm/fbdev-dma: Only cleanup deferred I/O if necessary Breno Leitao <leitao(a)debian.org> net: netconsole: fix wrong warning Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: refuse cross-chip mirroring operations Rosen Penev <rosenp(a)gmail.com> net: ibm: emac: mal: add dcr_unmap to _remove Florian Westphal <fw(a)strlen.de> netfilter: fib: check correct rtable in vrf setups Florian Westphal <fw(a)strlen.de> netfilter: xtables: avoid NFPROTO_UNSPEC where needed Xin Long <lucien.xin(a)gmail.com> sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start Filipe Manana <fdmanana(a)suse.com> btrfs: zoned: fix missing RCU locking in error message when loading zone info MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix race condition for VLAN table access Rosen Penev <rosenp(a)gmail.com> net: ibm: emac: mal: fix wrong goto Matt Roper <matthew.d.roper(a)intel.com> drm/xe: Make wedged_mode debugfs writable Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe: Restore GT freq on GSC load error Eric Dumazet <edumazet(a)google.com> net/sched: accept TCA_STAB only for root qdisc Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change I219 (19) devices to ADP Mohamed Khalfella <mkhalfella(a)purestorage.com> igb: Do not bring the device up after non-fatal error Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: Fix macvlan leak by synchronizing access to mac_filter_hash Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix increasing MSI-X on VF Wojciech Drewek <wojciech.drewek(a)intel.com> ice: Flush FDB entries before reset Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix netif_is_ice() in Safe Mode Marcin Szycik <marcin.szycik(a)linux.intel.com> ice: Fix entering Safe Mode Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl_tpmi: Ignore minor version change Juergen Gross <jgross(a)suse.com> x86/xen: mark boot CPU of PV guest in MSR_IA32_APICBASE Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Use devm_clk api to manage clock source Billy Tsai <billy_tsai(a)aspeedtech.com> gpio: aspeed: Add the flush write to ensure the write complete. Yonatan Maman <Ymaman(a)Nvidia.com> nouveau/dmem: Fix privileged error in copy engine channel Ben Skeggs <bskeggs(a)nvidia.com> drm/nouveau: pass cli to nouveau_channel_new() instead of drm+device Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix jumbo frames on 10/100 ports Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow lower MTUs on BCM5325/5365 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix max MTU for BCM5325/BCM5365 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix max MTU for 1g switches Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix jumbo frame mtu check Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: adi: adin1110: Fix some error handling path in adin1110_read_fifo() Jakub Kicinski <kuba(a)kernel.org> Revert "net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled" Zhang Rui <rui.zhang(a)intel.com> thermal: intel: int340x: processor: Fix warning during module unload Olga Kornievskaia <okorniev(a)redhat.com> nfsd: fix possible badness in FREE_STATEID Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: phy: bcm84881: Fix some error handling paths Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btusb: Don't fail external suspend requests Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change Kory Maincent <kory.maincent(a)bootlin.com> net: pse-pd: Fix enabled status mismatch Kacper Ludwinski <kac.ludwinski(a)icloud.com> selftests: net: no_forwarding: fix VID for $swp2 in one_bridge_two_pvids() test Andy Roulin <aroulin(a)nvidia.com> netfilter: br_netfilter: fix panic with metadata_dst skb Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix reception from VLAN-unaware bridges David Howells <dhowells(a)redhat.com> rxrpc: Fix uninitialised variable in rxrpc_send_data() Neal Cardwell <ncardwell(a)google.com> tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe Neal Cardwell <ncardwell(a)google.com> tcp: fix to allow timestamp undo if no retransmits were sent Abhishek Chauhan <quic_abchauha(a)quicinc.com> net: phy: aquantia: remove usage of phy_set_max_speed Abhishek Chauhan <quic_abchauha(a)quicinc.com> net: phy: aquantia: AQR115c fix up PMA capabilities Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> sfc: Don't invoke xdp_do_flush() from netpoll. Ingo van Lil <inguin(a)gmx.de> net: phy: dp83869: fix memory corruption when enabling fiber Yanjun Zhang <zhangyanjun(a)cestc.cn> NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() Dan Carpenter <dan.carpenter(a)linaro.org> SUNRPC: Fix integer overflow in decode_rc_list() Dave Ertman <david.m.ertman(a)intel.com> ice: fix VLAN replay after reset Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: fix memleak in ice_init_tx_topology() Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: clear port vlan config during reset Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: set correct dst VSI in only LAN filters NeilBrown <neilb(a)suse.de> nfsd: nfsd_destroy_serv() must call svc_destroy() even if nfsd_startup_net() failed Chuck Lever <chuck.lever(a)oracle.com> NFSD: Mark filecache "down" if init fails Andrey Shumilin <shum.sdl(a)nppct.ru> fbdev: sisfb: Fix strbuf array overflow Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix UAF in async decryption Qianqiang Liu <qianqiang.liu(a)163.com> fbcon: Fix a NULL pointer dereference issue in fbcon_putcs Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointer before dereferencing se Christian König <christian.koenig(a)amd.com> drm/amdgpu: nuke the VM PD/PT shadow handling José Roberto de Souza <jose.souza(a)intel.com> drm/xe/oa: Fix overflow in oa batch buffer Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: bus: Fix double free in driver API bus_register() Ken Raeburn <raeburn(a)redhat.com> dm vdo: don't refer to dedupe_context after releasing it Abhishek Tamboli <abhishektamboli9(a)gmail.com> usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c Riyan Dhiman <riyandhiman14(a)gmail.com> staging: vme_user: added bound check to geoid Zhu Jun <zhujun2(a)cmss.chinamobile.com> tools/iio: Add memory allocation failure check for trigger_name Philip Chen <philipchen(a)chromium.org> virtio_pmem: Check device status before requesting flush Simon Horman <horms(a)kernel.org> netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: don't try nat source port reallocation for reverse dir clash Wentao Guan <guanwentao(a)uniontech.com> LoongArch: Fix memleak in pci_acpi_scan_root() Ruffalo Lavoisier <ruffalolavoisier(a)gmail.com> comedi: ni_routing: tools: Check when the file could not be opened Frank Li <Frank.Li(a)nxp.com> usb: host: xhci-plat: Parse xhci-missing_cas_quirk and apply quirk Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Fix STALL transfer event handling Shawn Shao <shawn.shao(a)jaguarmicro.com> usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: enable suspend interrupt after usb reset Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: Don't truncate the reads Wadim Egorov <w.egorov(a)phytec.de> usb: typec: tipd: Free IRQ only if it was requested before Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: protect uart_port_dtr_rts() in uart_shutdown() too Peng Fan <peng.fan(a)nxp.com> clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table Yunke Cao <yunkec(a)chromium.org> media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() Ying Sun <sunying(a)isrc.iscas.ac.cn> riscv/kexec_file: Fix relocation type R_RISCV_ADD16 and R_RISCV_SUB16 unknown Pierre-Louis Bossart <pierre-louis.bossart(a)linux.dev> soundwire: cadence: re-check Peripheral status with delayed_work Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: endpoint: Assign PCI domain number for endpoint controllers Prudhvi Yarlagadda <quic_pyarlaga(a)quicinc.com> PCI: qcom: Disable mirroring of DBI and iATU register space in BAR region Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults Jisheng Zhang <jszhang(a)kernel.org> riscv: avoid Imbalance in RAS Samuel Holland <samuel.holland(a)sifive.com> riscv: Omit optimized string routines when using KASAN Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mfd: intel-lpss: Add Intel Panther Lake LPSS PCI IDs Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mfd: intel-lpss: Add Intel Arrow Lake-H LPSS PCI IDs Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict Kaixin Wang <kxwang23(a)m.fudan.edu.cn> ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition Jens Axboe <axboe(a)kernel.dk> io_uring: check if we need to reschedule during overflow flush Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Don't have MAX_PHYSMEM_BITS exceed phys_addr_t Kaixin Wang <kxwang23(a)m.fudan.edu.cn> i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition Alex Williamson <alex.williamson(a)redhat.com> PCI: Mark Creative Labs EMU20k2 INTx masking as broken Hans de Goede <hdegoede(a)redhat.com> i2c: i801: Use a different adapter-name for IDF adapters Subramanian Ananthanarayanan <quic_skananth(a)quicinc.com> PCI: Add ACS quirk for Qualcomm SA8775P Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: bcm: bcm53573: fix OF node leak in init Md Haris Iqbal <haris.iqbal(a)ionos.com> RDMA/rtrs-srv: Avoid null pointer deref during path establishment WangYuli <wangyuli(a)uniontech.com> PCI: Add function 0 DMA alias quirk for Glenfly Arise chip Pierre-Louis Bossart <pierre-louis.bossart(a)linux.dev> soundwire: intel_bus_common: enable interrupts before exiting reset Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/mad: Improve handling of timed out WRs of mad agent Daniel Jordan <daniel.m.jordan(a)oracle.com> ktest.pl: Avoid false positives with grub2 skip regex Xu Kuohai <xukuohai(a)huawei.com> bpf: Prevent tail call between progs attached to different hooks Heiko Carstens <hca(a)linux.ibm.com> s390/traps: Handle early warnings gracefully Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Remove WARN_ON_ONCE statements Wojciech Gładysz <wojciech.gladysz(a)infogain.com> ext4: nested locking for xattr inode Jan Kara <jack(a)suse.cz> ext4: don't set SB_RDONLY after filesystem errors Yonghong Song <yonghong.song(a)linux.dev> bpf, x64: Fix a jit convergence issue Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: Add cond_resched() to cmm_alloc/free_pages() Heiko Carstens <hca(a)linux.ibm.com> s390/facility: Disable compile time optimization for decompressor code Heiko Carstens <hca(a)linux.ibm.com> s390/boot: Compile all files with the same march flag Tao Chen <chen.dylane(a)gmail.com> bpf: Check percpu map value size first Daniel Borkmann <daniel(a)iogearbox.net> selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test Hou Tao <houtao1(a)huawei.com> bpf: Call the missed btf_record_free() when map creation fails Andrey Skvortsov <andrej.skvortzov(a)gmail.com> zram: don't free statically defined names Sergey Senozhatsky <senozhatsky(a)chromium.org> zram: free secondary algorithms names Yang Jihong <yangjihong(a)bytedance.com> perf build: Fix build feature-dwarf_getlocations fail for old libdw Yang Jihong <yangjihong(a)bytedance.com> perf build: Fix static compilation error when libdw is not installed Diogo Jahchan Koike <djahchankoike(a)gmail.com> ntfs3: Change to non-blocking allocation in ntfs_d_hash Ian Rogers <irogers(a)google.com> perf vdso: Missed put on 32-bit dsos Michael S. Tsirkin <mst(a)redhat.com> virtio_console: fix misc probe bugs Srujana Challa <schalla(a)marvell.com> vdpa/octeon_ep: Fix format specifier for pointers in debug messages Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Refactor enum_rstbl to suppress static checker Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix sparse warning in ni_fiemap Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix sparse warning for bigendian Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Optimize large writes into sparse file Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Do not call file_modified if collapse range failed Wei Fang <wei.fang(a)nxp.com> net: fec: don't save PTP state if PTP is unsupported Gabriel Krisman Bertazi <krisman(a)suse.de> unicode: Don't special case ignorable code points ------------- Diffstat: Makefile | 4 +- arch/loongarch/pci/acpi.c | 1 + arch/riscv/include/asm/sparsemem.h | 2 +- arch/riscv/include/asm/string.h | 2 + arch/riscv/kernel/elf_kexec.c | 6 + arch/riscv/kernel/entry.S | 4 +- arch/riscv/kernel/riscv_ksyms.c | 3 - arch/riscv/lib/Makefile | 2 + arch/riscv/lib/strcmp.S | 1 + arch/riscv/lib/strlen.S | 1 + arch/riscv/lib/strncmp.S | 1 + arch/riscv/purgatory/Makefile | 2 + arch/s390/boot/Makefile | 19 +- arch/s390/include/asm/facility.h | 6 +- arch/s390/include/asm/io.h | 2 + arch/s390/kernel/early.c | 17 +- arch/s390/kernel/perf_cpum_sf.c | 12 +- arch/s390/mm/cmm.c | 18 +- arch/x86/kernel/amd_nb.c | 3 + arch/x86/net/bpf_jit_comp.c | 54 +- arch/x86/xen/enlighten_pv.c | 4 + drivers/acpi/resource.c | 29 +- drivers/ata/libata-eh.c | 18 +- drivers/base/bus.c | 8 +- drivers/base/power/common.c | 25 +- drivers/block/zram/zram_drv.c | 7 + drivers/bluetooth/btusb.c | 20 +- drivers/char/virtio_console.c | 18 +- drivers/clk/bcm/clk-bcm53573-ilp.c | 2 +- drivers/clk/imx/clk-imx7d.c | 4 +- .../drivers/ni_routing/tools/convert_c_to_py.c | 5 + drivers/dax/device.c | 2 +- drivers/gpio/gpio-aspeed.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 4 - drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 87 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 67 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 21 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 17 - drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 56 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 19 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 7 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 47 +- drivers/gpu/drm/amd/pm/powerplay/inc/hwmgr.h | 26 +- drivers/gpu/drm/drm_fbdev_dma.c | 3 +- drivers/gpu/drm/i915/display/intel_hdcp.c | 10 +- drivers/gpu/drm/nouveau/dispnv04/crtc.c | 2 +- drivers/gpu/drm/nouveau/nouveau_abi16.c | 2 +- drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/nouveau/nouveau_chan.c | 21 +- drivers/gpu/drm/nouveau/nouveau_chan.h | 3 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 4 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 9 +- drivers/gpu/drm/vc4/vc4_perfmon.c | 7 +- drivers/gpu/drm/xe/xe_bb.c | 3 +- drivers/gpu/drm/xe/xe_debugfs.c | 2 +- drivers/gpu/drm/xe/xe_gt.c | 4 +- drivers/gpu/drm/xe/xe_guc_ct.c | 44 +- drivers/gpu/drm/xe/xe_guc_submit.c | 9 +- drivers/hid/amd-sfh-hid/amd_sfh_client.c | 14 +- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-plantronics.c | 23 + drivers/hid/intel-ish-hid/ishtp-fw-loader.c | 2 +- drivers/hid/wacom_wac.c | 2 + drivers/hwmon/Kconfig | 5 + drivers/hwmon/intel-m10-bmc-hwmon.c | 2 +- drivers/hwmon/k10temp.c | 1 + drivers/i2c/busses/i2c-i801.c | 9 +- drivers/i3c/master/i3c-master-cdns.c | 1 + drivers/infiniband/core/mad.c | 14 +- drivers/infiniband/hw/mlx5/odp.c | 25 +- drivers/infiniband/ulp/rtrs/rtrs-srv.c | 13 +- drivers/md/dm-vdo/dedupe.c | 3 + drivers/media/common/videobuf2/videobuf2-core.c | 8 +- drivers/mfd/intel-lpss-pci.c | 39 + drivers/mfd/intel_soc_pmic_chtwc.c | 1 - drivers/mmc/host/mvsdio.c | 71 +- drivers/mmc/host/sdhci-of-dwcmshc.c | 8 + drivers/net/dsa/b53/b53_common.c | 17 +- drivers/net/dsa/lan9303-core.c | 29 + drivers/net/dsa/sja1105/sja1105_main.c | 1 - drivers/net/ethernet/adi/adin1110.c | 4 +- drivers/net/ethernet/freescale/fec_main.c | 6 +- drivers/net/ethernet/ibm/emac/mal.c | 4 +- drivers/net/ethernet/intel/e1000e/hw.h | 4 +- drivers/net/ethernet/intel/e1000e/netdev.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 + drivers/net/ethernet/intel/ice/ice_ddp.c | 58 +- drivers/net/ethernet/intel/ice/ice_ddp.h | 4 +- drivers/net/ethernet/intel/ice/ice_dpll.c | 6 +- drivers/net/ethernet/intel/ice/ice_eswitch_br.c | 5 +- drivers/net/ethernet/intel/ice/ice_eswitch_br.h | 1 + drivers/net/ethernet/intel/ice/ice_main.c | 39 +- drivers/net/ethernet/intel/ice/ice_sriov.c | 19 +- drivers/net/ethernet/intel/ice/ice_switch.c | 2 - drivers/net/ethernet/intel/ice/ice_tc_lib.c | 11 + drivers/net/ethernet/intel/ice/ice_vf_lib.c | 9 +- .../net/ethernet/intel/ice/ice_vf_lib_private.h | 1 - drivers/net/ethernet/intel/ice/ice_vsi_vlan_lib.c | 57 + drivers/net/ethernet/intel/ice/ice_vsi_vlan_lib.h | 1 + drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 9 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 + drivers/net/ethernet/sfc/efx_channels.c | 3 +- drivers/net/ethernet/sfc/siena/efx_channels.c | 3 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/ti/icssg/icssg_config.c | 2 + drivers/net/ethernet/ti/icssg/icssg_prueth.c | 1 + drivers/net/ethernet/ti/icssg/icssg_prueth.h | 2 + drivers/net/netconsole.c | 8 +- drivers/net/phy/aquantia/aquantia_main.c | 51 +- drivers/net/phy/bcm84881.c | 4 +- drivers/net/phy/dp83869.c | 1 - drivers/net/phy/phy_device.c | 5 +- drivers/net/phy/realtek.c | 24 +- drivers/net/ppp/ppp_async.c | 2 +- drivers/net/pse-pd/pse_core.c | 11 + drivers/net/slip/slhc.c | 57 +- drivers/net/vxlan/vxlan_core.c | 6 +- drivers/net/vxlan/vxlan_private.h | 2 +- drivers/net/vxlan/vxlan_vnifilter.c | 19 +- drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 1 + drivers/nvdimm/nd_virtio.c | 9 + drivers/opp/core.c | 4 +- drivers/pci/controller/dwc/pcie-designware.c | 2 + drivers/pci/controller/dwc/pcie-designware.h | 2 + drivers/pci/controller/dwc/pcie-qcom.c | 72 +- drivers/pci/endpoint/pci-epc-core.c | 14 + drivers/pci/pci.c | 14 +- drivers/pci/probe.c | 2 +- drivers/pci/quirks.c | 8 + drivers/pci/remove.c | 2 +- drivers/powercap/intel_rapl_tpmi.c | 19 +- drivers/remoteproc/imx_rproc.c | 13 +- drivers/scsi/fnic/fnic_main.c | 2 +- drivers/scsi/lpfc/lpfc_ct.c | 22 +- drivers/scsi/lpfc/lpfc_disc.h | 7 + drivers/scsi/lpfc/lpfc_els.c | 132 +- drivers/scsi/lpfc/lpfc_vport.c | 43 +- drivers/scsi/wd33c93.c | 2 +- drivers/soundwire/cadence_master.c | 39 +- drivers/soundwire/cadence_master.h | 5 + drivers/soundwire/intel.h | 2 + drivers/soundwire/intel_auxdevice.c | 1 + drivers/soundwire/intel_bus_common.c | 35 +- drivers/staging/vme_user/vme_fake.c | 6 + drivers/staging/vme_user/vme_tsi148.c | 6 + .../int340x_thermal/processor_thermal_device_pci.c | 2 - drivers/thermal/thermal_core.c | 5 +- drivers/thermal/thermal_core.h | 3 + drivers/thermal/thermal_netlink.c | 9 +- drivers/tty/serial/serial_core.c | 16 +- drivers/ufs/core/ufshcd.c | 5 +- drivers/usb/chipidea/udc.c | 8 +- drivers/usb/dwc2/platform.c | 26 +- drivers/usb/dwc3/core.c | 30 +- drivers/usb/dwc3/core.h | 4 - drivers/usb/dwc3/gadget.c | 11 - drivers/usb/gadget/function/uvc_v4l2.c | 12 +- drivers/usb/gadget/udc/core.c | 1 + drivers/usb/host/xhci-dbgcap.c | 133 +- drivers/usb/host/xhci-dbgcap.h | 2 +- drivers/usb/host/xhci-pci.c | 5 + drivers/usb/host/xhci-plat.c | 6 + drivers/usb/misc/yurex.c | 19 +- drivers/usb/storage/unusual_devs.h | 11 + drivers/usb/typec/tipd/core.c | 3 +- drivers/usb/typec/ucsi/ucsi.c | 8 +- drivers/usb/typec/ucsi/ucsi.h | 2 + drivers/vdpa/octeon_ep/octep_vdpa_hw.c | 12 +- drivers/video/fbdev/core/fbcon.c | 2 + drivers/video/fbdev/sis/sis_main.c | 2 +- fs/btrfs/extent-tree.c | 26 +- fs/btrfs/free-space-cache.c | 4 +- fs/btrfs/free-space-cache.h | 6 + fs/btrfs/volumes.h | 6 + fs/btrfs/zoned.c | 2 +- fs/ext4/super.c | 9 +- fs/ext4/xattr.c | 4 +- fs/nfs/callback_xdr.c | 2 + fs/nfs/client.c | 1 + fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs4state.c | 2 +- fs/nfsd/filecache.c | 4 +- fs/nfsd/nfs4state.c | 1 + fs/nfsd/nfssvc.c | 6 +- fs/ntfs3/file.c | 40 +- fs/ntfs3/frecord.c | 21 +- fs/ntfs3/fslog.c | 19 +- fs/ntfs3/namei.c | 4 +- fs/ntfs3/super.c | 3 +- fs/proc/kcore.c | 36 +- fs/smb/client/smb2ops.c | 47 +- fs/smb/client/smb2pdu.c | 6 + fs/unicode/mkutf8data.c | 70 - fs/unicode/utf8data.c_shipped | 6703 ++++++++++---------- include/linux/bpf.h | 1 + include/linux/nfs_fs_sb.h | 1 + include/linux/pci-epc.h | 2 + include/linux/pci.h | 2 +- include/linux/pci_ids.h | 3 + include/net/mctp.h | 2 +- include/net/rtnetlink.h | 17 + include/net/sch_generic.h | 1 - include/net/sock.h | 2 + io_uring/io_uring.c | 15 + io_uring/rw.c | 19 +- kernel/bpf/arraymap.c | 3 + kernel/bpf/core.c | 21 +- kernel/bpf/hashtab.c | 3 + kernel/bpf/syscall.c | 19 +- kernel/kthread.c | 2 + kernel/rcu/tree_nocb.h | 8 +- mm/secretmem.c | 4 +- net/bluetooth/hci_conn.c | 3 + net/bluetooth/rfcomm/sock.c | 2 - net/bridge/br_netfilter_hooks.c | 5 + net/bridge/br_netlink.c | 6 +- net/bridge/br_private.h | 5 +- net/bridge/br_vlan.c | 19 +- net/core/dst.c | 17 +- net/core/rtnetlink.c | 29 + net/dsa/user.c | 11 +- net/ipv4/netfilter/nf_reject_ipv4.c | 10 +- net/ipv4/netfilter/nft_fib_ipv4.c | 4 +- net/ipv4/tcp_input.c | 42 +- net/ipv6/netfilter/nf_reject_ipv6.c | 5 +- net/ipv6/netfilter/nft_fib_ipv6.c | 5 +- net/mctp/af_mctp.c | 6 +- net/mctp/device.c | 32 +- net/mctp/neigh.c | 29 +- net/mctp/route.c | 33 +- net/mpls/af_mpls.c | 32 +- net/mptcp/mib.c | 2 + net/mptcp/mib.h | 2 + net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 24 +- net/mptcp/subflow.c | 6 +- net/netfilter/nf_nat_core.c | 120 +- net/netfilter/xt_CHECKSUM.c | 33 +- net/netfilter/xt_CLASSIFY.c | 16 +- net/netfilter/xt_CONNSECMARK.c | 36 +- net/netfilter/xt_CT.c | 148 +- net/netfilter/xt_IDLETIMER.c | 59 +- net/netfilter/xt_LED.c | 39 +- net/netfilter/xt_NFLOG.c | 36 +- net/netfilter/xt_RATEEST.c | 39 +- net/netfilter/xt_SECMARK.c | 27 +- net/netfilter/xt_TRACE.c | 35 +- net/netfilter/xt_addrtype.c | 15 +- net/netfilter/xt_cluster.c | 33 +- net/netfilter/xt_connbytes.c | 4 +- net/netfilter/xt_connlimit.c | 39 +- net/netfilter/xt_connmark.c | 28 +- net/netfilter/xt_mark.c | 42 +- net/netlink/af_netlink.c | 3 +- net/phonet/pn_netlink.c | 28 +- net/rxrpc/sendmsg.c | 10 +- net/sched/sch_api.c | 7 +- net/sctp/socket.c | 18 +- net/smc/smc_inet.c | 11 + net/socket.c | 7 +- sound/pci/hda/hda_intel.c | 2 +- tools/build/feature/Makefile | 5 +- tools/iio/iio_generic_buffer.c | 4 + tools/perf/Makefile.config | 7 +- tools/perf/util/vdso.c | 4 +- tools/testing/ktest/ktest.pl | 2 +- .../testing/selftests/bpf/progs/verifier_int_ptr.c | 5 +- tools/testing/selftests/mm/hmm-tests.c | 2 +- .../selftests/net/forwarding/no_forwarding.sh | 2 +- tools/testing/selftests/rseq/rseq.c | 110 +- tools/testing/selftests/rseq/rseq.h | 10 +- 276 files changed, 5984 insertions(+), 4832 deletions(-)

8 months, 1 week

10
228
0 0

Re: [PATCH 6.11 000/212] 6.11.4-rc2 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

8 months, 1 week

1
0
0 0

Yamaha Piano 10/15

by Josey Swihart

Hello, I am offering my late husband?s Yamaha piano to anyone who would truly appreciate it. If you or someone you know would be interested in receiving this instrument for free, please do not hesitate to contact me. Warm regards, Josey

8 months, 1 week

1
0
0 0

[PATCH 5.10] nvme: fix metadata handling in nvme-passthrough

by Puranjay Mohan

[ Upstream commit 7c2fd76048e95dd267055b5f5e0a48e6e7c81fd9 ] On an NVMe namespace that does not support metadata, it is possible to send an IO command with metadata through io-passthru. This allows issues like [1] to trigger in the completion code path. nvme_map_user_request() doesn't check if the namespace supports metadata before sending it forward. It also allows admin commands with metadata to be processed as it ignores metadata when bdev == NULL and may report success. Reject an IO command with metadata when the NVMe namespace doesn't support it and reject an admin command if it has metadata. [1] https://lore.kernel.org/all/mb61pcylvnym8.fsf@amazon.com/ Suggested-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Sagi Grimberg <sagi(a)grimberg.me> Reviewed-by: Anuj Gupta <anuj20.g(a)samsung.com> Signed-off-by: Keith Busch <kbusch(a)kernel.org> [ Move the changes from nvme_map_user_request() to nvme_submit_user_cmd() to make it work on 5.10 ] Signed-off-by: Puranjay Mohan <pjy(a)amazon.com> --- drivers/nvme/host/core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 30a642c8f5374..bee55902fe6ce 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -1121,11 +1121,16 @@ static int nvme_submit_user_cmd(struct request_queue *q, bool write = nvme_is_write(cmd); struct nvme_ns *ns = q->queuedata; struct gendisk *disk = ns ? ns->disk : NULL; + bool supports_metadata = disk && blk_get_integrity(disk); + bool has_metadata = meta_buffer && meta_len; struct request *req; struct bio *bio = NULL; void *meta = NULL; int ret; + if (has_metadata && !supports_metadata) + return -EINVAL; + req = nvme_alloc_request(q, cmd, 0); if (IS_ERR(req)) return PTR_ERR(req); @@ -1141,7 +1146,7 @@ static int nvme_submit_user_cmd(struct request_queue *q, goto out; bio = req->bio; bio->bi_disk = disk; - if (disk && meta_buffer && meta_len) { + if (has_metadata) { meta = nvme_add_user_metadata(bio, meta_buffer, meta_len, meta_seed, write); if (IS_ERR(meta)) { -- 2.40.1

8 months, 1 week

1
0
0 0

[PATCH 01/10] drm/amd/display: temp w/a for dGPU to enter idle optimizations

by Wayne Lin

From: Aurabindo Pillai <aurabindo.pillai(a)amd.com> [Why&How] vblank immediate disable currently does not work for all asics. On DCN401, the vblank interrupts never stop coming, and hence we never get a chance to trigger idle optimizations. Add a workaround to enable immediate disable only on APUs for now. This adds a 2-frame delay for triggering idle optimization, which is a negligible overhead. Fixes: db11e20a1144 ("drm/amd/display: use a more lax vblank enable policy for older ASICs") Fixes: 6dfb3a42a914 ("drm/amd/display: use a more lax vblank enable policy for DCN35+") Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Wayne Lin <wayne.lin(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index a4882b16ace2..6ea54eb5d68d 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -8379,7 +8379,8 @@ static void manage_dm_interrupts(struct amdgpu_device *adev, if (amdgpu_ip_version(adev, DCE_HWIP, 0) < IP_VERSION(3, 5, 0) || acrtc_state->stream->link->psr_settings.psr_version < - DC_PSR_VERSION_UNSUPPORTED) { + DC_PSR_VERSION_UNSUPPORTED || + !(adev->flags & AMD_IS_APU)) { timing = &acrtc_state->stream->timing; /* at least 2 frames */ -- 2.37.3

8 months, 1 week

2
1
0 0

[PATCH v2] mm/page_alloc: Let GFP_ATOMIC order-0 allocs access highatomic reserves

by Matt Fleming

From: Matt Fleming <mfleming(a)cloudflare.com> Under memory pressure it's possible for GFP_ATOMIC order-0 allocations to fail even though free pages are available in the highatomic reserves. GFP_ATOMIC allocations cannot trigger unreserve_highatomic_pageblock() since it's only run from reclaim. Given that such allocations will pass the watermarks in __zone_watermark_unusable_free(), it makes sense to fallback to highatomic reserves the same way that ALLOC_OOM can. This fixes order-0 page allocation failures observed on Cloudflare's fleet when handling network packets: kswapd1: page allocation failure: order:0, mode:0x820(GFP_ATOMIC), nodemask=(null),cpuset=/,mems_allowed=0-7 CPU: 10 PID: 696 Comm: kswapd1 Kdump: loaded Tainted: G O 6.6.43-CUSTOM #1 Hardware name: MACHINE Call Trace: <IRQ> dump_stack_lvl+0x3c/0x50 warn_alloc+0x13a/0x1c0 __alloc_pages_slowpath.constprop.0+0xc9d/0xd10 __alloc_pages+0x327/0x340 __napi_alloc_skb+0x16d/0x1f0 bnxt_rx_page_skb+0x96/0x1b0 [bnxt_en] bnxt_rx_pkt+0x201/0x15e0 [bnxt_en] __bnxt_poll_work+0x156/0x2b0 [bnxt_en] bnxt_poll+0xd9/0x1c0 [bnxt_en] __napi_poll+0x2b/0x1b0 bpf_trampoline_6442524138+0x7d/0x1000 __napi_poll+0x5/0x1b0 net_rx_action+0x342/0x740 handle_softirqs+0xcf/0x2b0 irq_exit_rcu+0x6c/0x90 sysvec_apic_timer_interrupt+0x72/0x90 </IRQ> Fixes: 1d91df85f399 ("mm/page_alloc: handle a missing case for memalloc_nocma_{save/restore} APIs") Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: linux-mm(a)kvack.org Cc: stable(a)vger.kernel.org # v5.9+ Link: https://lore.kernel.org/all/CAGis_TWzSu=P7QJmjD58WWiu3zjMTVKSzdOwWE8ORaGytz… Signed-off-by: Matt Fleming <mfleming(a)cloudflare.com> --- mm/page_alloc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) v2: Update comment and add Fixes, Reviewed-by, and Cc: stable tags. diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 8afab64814dc..94a2ffe28008 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2893,12 +2893,12 @@ struct page *rmqueue_buddy(struct zone *preferred_zone, struct zone *zone, page = __rmqueue(zone, order, migratetype, alloc_flags); /* - * If the allocation fails, allow OOM handling access - * to HIGHATOMIC reserves as failing now is worse than - * failing a high-order atomic allocation in the - * future. + * If the allocation fails, allow OOM handling and + * order-0 (atomic) allocs access to HIGHATOMIC + * reserves as failing now is worse than failing a + * high-order atomic allocation in the future. */ - if (!page && (alloc_flags & ALLOC_OOM)) + if (!page && (alloc_flags & (ALLOC_OOM|ALLOC_NON_BLOCK))) page = __rmqueue_smallest(zone, order, MIGRATE_HIGHATOMIC); if (!page) { -- 2.34.1

8 months, 1 week

1
0
0 0

backport mseal and mseal_test to 6.10

by Jeff Xu

Hi Greg, How are you? What is the process to backport Pedro's recent mseal fixes to 6.10 ? Specifically those 5 commits: 67203f3f2a63d429272f0c80451e5fcc469fdb46 selftests/mm: add mseal test for no-discard madvise 4d1b3416659be70a2251b494e85e25978de06519 mm: move can_modify_vma to mm/vma.h 4a2dd02b09160ee43f96c759fafa7b56dfc33816 mm/mprotect: replace can_modify_mm with can_modify_vma 23c57d1fa2b9530e38f7964b4e457fed5a7a0ae8 mseal: replace can_modify_mm_madv with a vma variant f28bdd1b17ec187eaa34845814afaaff99832762 selftests/mm: add more mseal traversal tests There will be merge conflicts, I can backport them to 5.10 and test to help the backporting process. Those 5 fixes are needed for two reasons: maintain the consistency of mseal's semantics across releases, and for ease of backporting future fixes. PS: There are also three other commits for munmap and remap (see below), they have dependency on Michael Ellerman's arch_unmap() patch [1] and maybe uprobe change [2]. If Michael and Oleg are OK with backporting their patches, then great ! Otherwise, since those commits below don't change mseal's semantics, I think it is OK to just backport above 5 patches. df2a7df9a9aa32c3df227de346693e6e802c8591 mm/munmap: replace can_modify_mm with can_modify_vma 38075679b5f157eeacd46c900e9cfc684bdbc167 mm/mremap: replace can_modify_mm with can_modify_vma 5b3db2b812a1f86dfab587324d198a5d10c7a5cf mm: remove can_modify_mm() [1] https://lore.kernel.org/all/20240812082605.743814-1-mpe@ellerman.id.au/ [2] https://lore.kernel.org/all/20240911131320.GA3448@redhat.com/ Thanks! -Jeff

8 months, 1 week

3
8
0 0

[PATCH 05/10] drm/amd/display: temp w/a for DP Link Layer compliance

by Wayne Lin

From: Aurabindo Pillai <aurabindo.pillai(a)amd.com> [Why&How] Disabling P-State support on full updates for DCN401 results in introducing additional communication with SMU. A UCLK hard min message to SMU takes 4 seconds to go through, which was due to DCN not allowing pstate switch, which was caused by incorrect value for TTU watermark before blanking the HUBP prior to DPG on for servicing the test request. Fix the issue temporarily by disallowing pstate changes for compliance test while test request handler is reworked for a proper fix. Fixes: 67ea53a4bd9d ("drm/amd/display: Disable DCN401 UCLK P-State support on full updates") Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Dillon Varone <dillon.varone(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Wayne Lin <wayne.lin(a)amd.com> --- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c index 8eaf292bc4eb..b0fea0856866 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c @@ -46,6 +46,7 @@ #include "dm_helpers.h" #include "ddc_service_types.h" +#include "clk_mgr.h" static u32 edid_extract_panel_id(struct edid *edid) { @@ -1181,6 +1182,8 @@ bool dm_helpers_dp_handle_test_pattern_request( struct pipe_ctx *pipe_ctx = NULL; struct amdgpu_dm_connector *aconnector = link->priv; struct drm_device *dev = aconnector->base.dev; + struct dc_state *dc_state = ctx->dc->current_state; + struct clk_mgr *clk_mgr = ctx->dc->clk_mgr; int i; for (i = 0; i < MAX_PIPES; i++) { @@ -1281,6 +1284,16 @@ bool dm_helpers_dp_handle_test_pattern_request( pipe_ctx->stream->test_pattern.type = test_pattern; pipe_ctx->stream->test_pattern.color_space = test_pattern_color_space; + /* Temp W/A for compliance test failure */ + dc_state->bw_ctx.bw.dcn.clk.p_state_change_support = false; + dc_state->bw_ctx.bw.dcn.clk.dramclk_khz = clk_mgr->dc_mode_softmax_enabled ? + clk_mgr->bw_params->dc_mode_softmax_memclk : clk_mgr->bw_params->max_memclk_mhz; + dc_state->bw_ctx.bw.dcn.clk.idle_dramclk_khz = dc_state->bw_ctx.bw.dcn.clk.dramclk_khz; + ctx->dc->clk_mgr->funcs->update_clocks( + ctx->dc->clk_mgr, + dc_state, + false); + dc_link_dp_set_test_pattern( (struct dc_link *) link, test_pattern, -- 2.37.3

8 months, 1 week

1
0
0 0

[PATCH ipsec v3] xfrm: fix one more kernel-infoleak in algo dumping

by Petr Vaganov

During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram_iter+0x168/0x1060 skb_copy_datagram_iter+0x5b/0x220 netlink_recvmsg+0x362/0x1700 sock_recvmsg+0x2dc/0x390 __sys_recvfrom+0x381/0x6d0 __x64_sys_recvfrom+0x130/0x200 x64_sys_call+0x32c8/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Uninit was stored to memory at: copy_to_user_state_extra+0xcc1/0x1e00 dump_one_state+0x28c/0x5f0 xfrm_state_walk+0x548/0x11e0 xfrm_dump_sa+0x1e0/0x840 netlink_dump+0x943/0x1c40 __netlink_dump_start+0x746/0xdb0 xfrm_user_rcv_msg+0x429/0xc00 netlink_rcv_skb+0x613/0x780 xfrm_netlink_rcv+0x77/0xc0 netlink_unicast+0xe90/0x1280 netlink_sendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64_sys_sendmsg+0x2d6/0x560 x64_sys_call+0x1316/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Uninit was created at: __kmalloc+0x571/0xd30 attach_auth+0x106/0x3e0 xfrm_add_sa+0x2aa0/0x4230 xfrm_user_rcv_msg+0x832/0xc00 netlink_rcv_skb+0x613/0x780 xfrm_netlink_rcv+0x77/0xc0 netlink_unicast+0xe90/0x1280 netlink_sendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64_sys_sendmsg+0x2d6/0x560 x64_sys_call+0x1316/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Bytes 328-379 of 732 are uninitialized Memory access of size 732 starts at ffff88800e18e000 Data copied to user address 00007ff30f48aff0 CPU: 2 PID: 18167 Comm: syz-executor.0 Not tainted 6.8.11 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Fixes copying of xfrm algorithms where some random data of the structure fields can end up in userspace. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space. A similar issue was resolved in the commit 8222d5910dae ("xfrm: Zero padding when dumping algos and encap") Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: c7a5899eb26e ("xfrm: redact SA secret with lockdown confidentiality") Cc: stable(a)vger.kernel.org Co-developed-by: Boris Tonofa <b.tonofa(a)ideco.ru> Signed-off-by: Boris Tonofa <b.tonofa(a)ideco.ru> Signed-off-by: Petr Vaganov <p.vaganov(a)ideco.ru> --- v3: Corrected commit description "This patch fixes copying..." to "Fixes copying..." according to accepted rules of Linux kernel commits, as suggested by Markus Elfring <elfring(a)users.sourceforge.net>. v2: Fixed typo in sizeof(sizeof(ap->alg_name) expression. The third argument for the strscpy_pad macro was chosen by analogy with those in other functions of this file - as did commit 8222d5910dae ("xfrm: Zero padding when dumping algos and encap"). I still think it would be better to leave the strscpy_pad() macro with three arguments in this patch, mainly so that it would be consistent with the existing similar code in this module. Regarding strncpy() above, we don't think it is a real issue since the uncopied parts should be already padded with zeroes by nla_reserve(). net/xfrm/xfrm_user.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 55f039ec3d59..0083faabe8be 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1098,7 +1098,9 @@ static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb) if (!nla) return -EMSGSIZE; ap = nla_data(nla); - memcpy(ap, auth, sizeof(struct xfrm_algo_auth)); + strscpy_pad(ap->alg_name, auth->alg_name, sizeof(ap->alg_name)); + ap->alg_key_len = auth->alg_key_len; + ap->alg_trunc_len = auth->alg_trunc_len; if (redact_secret && auth->alg_key_len) memset(ap->alg_key, 0, (auth->alg_key_len + 7) / 8); else -- 2.46.2

8 months, 1 week

3
2
0 0

[PATCH V4] x86/apic: Always explicitly disarm TSC-deadline timer

by Zhang Rui

New processors have become pickier about the local APIC timer state before entering low power modes. These low power modes are used (for example) when you close your laptop lid and suspend. If you put your laptop in a bag in this unnecessarily-high-power state, it is likely to get quite toasty while it quickly sucks the battery dry. The problem boils down to some CPUs' inability to power down until the kernel fully disables the local APIC timer. The current kernel code works in one-shot and periodic modes but does not work for deadline mode. Deadline mode has been the supported and preferred mode on Intel CPUs for over a decade and uses an MSR to drive the timer instead of an APIC register. Disable the TSC Deadline timer in lapic_timer_shutdown() by writing to MSR_IA32_TSC_DEADLINE when in TSC-deadline mode. Also avoid writing to the initial-count register (APIC_TMICT) which is ignored in TSC-deadline mode. Note: The APIC_LVTT|=APIC_LVT_MASKED operation should theoretically be enough to tell the hardware that the timer will not fire in any of the timer modes. But mitigating AMD erratum 411[1] also requires clearing out APIC_TMICT. Solely setting APIC_LVT_MASKED is also ineffective in practice on Intel Lunar Lake systems, which is the motivation for this change. 1. 411 Processor May Exit Message-Triggered C1E State Without an Interrupt if Local APIC Timer Reaches Zero - https://www.amd.com/content/dam/amd/en/documents/archived-tech-docs/revisio… Cc: stable(a)vger.kernel.org Fixes: 279f1461432c ("x86: apic: Use tsc deadline for oneshot when available") Suggested-by: Dave Hansen <dave.hansen(a)intel.com> Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Tested-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Tested-by: Todd Brandt <todd.e.brandt(a)intel.com> --- V2 - Improve changelog V3 - Subject and changelog rewrite - Check LAPIC Timer mode using APIC_LVTT value instead of extra CPU feature flag check - Avoid APIC_TMICT write which is ignored in TSC-deadline mode V4 - Add back Fixes tag and stable tag which was missing in V3 - Update patch recipients --- arch/x86/kernel/apic/apic.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 6513c53c9459..5436a4083065 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -440,7 +440,19 @@ static int lapic_timer_shutdown(struct clock_event_device *evt) v = apic_read(APIC_LVTT); v |= (APIC_LVT_MASKED | LOCAL_TIMER_VECTOR); apic_write(APIC_LVTT, v); - apic_write(APIC_TMICT, 0); + + /* + * Setting APIC_LVT_MASKED should be enough to tell the + * hardware that this timer will never fire. But AMD + * erratum 411 and some Intel CPU behavior circa 2024 + * say otherwise. Time for belt and suspenders programming, + * mask the timer and zero the counter registers: + */ + if (v & APIC_LVT_TIMER_TSCDEADLINE) + wrmsrl(MSR_IA32_TSC_DEADLINE, 0); + else + apic_write(APIC_TMICT, 0); + return 0; } -- 2.34.1

8 months, 1 week

1
0
0 0

+ mm-swapfile-skip-hugetlb-pages-for-unuse_vma.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/swapfile: skip HugeTLB pages for unuse_vma has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-swapfile-skip-hugetlb-pages-for-unuse_vma.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Liu Shixin <liushixin2(a)huawei.com> Subject: mm/swapfile: skip HugeTLB pages for unuse_vma Date: Tue, 15 Oct 2024 09:45:21 +0800 I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps: 1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory. 2. Swapout the above anonymous memory. 3. run swapoff and we will get a bad pud error in kernel message: mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7) We can tell that pud_clear_bad is called by pud_none_or_clear_bad in unuse_pud_range() by ftrace. And therefore the HugeTLB pages will never be freed because we lost it from page table. We can skip HugeTLB pages for unuse_vma to fix it. Link: https://lkml.kernel.org/r/20241015014521.570237-1-liushixin2@huawei.com Fixes: 0fe6e20b9c4c ("hugetlb, rmap: add reverse mapping for hugepage") Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> Acked-by: Muchun Song <muchun.song(a)linux.dev> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/swapfile.c~mm-swapfile-skip-hugetlb-pages-for-unuse_vma +++ a/mm/swapfile.c @@ -2313,7 +2313,7 @@ static int unuse_mm(struct mm_struct *mm mmap_read_lock(mm); for_each_vma(vmi, vma) { - if (vma->anon_vma) { + if (vma->anon_vma && !is_vm_hugetlb_page(vma)) { ret = unuse_vma(vma, type); if (ret) break; _ Patches currently in -mm which might be from liushixin2(a)huawei.com are mm-swapfile-skip-hugetlb-pages-for-unuse_vma.patch

8 months, 1 week

1
0
0 0

[PATCH] mm/swapfile: skip HugeTLB pages for unuse_vma

by Liu Shixin

I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps: 1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory. 2. Swapout the above anonymous memory. 3. run swapoff and we will get a bad pud error in kernel message: mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7) We can tell that pud_clear_bad is called by pud_none_or_clear_bad in unuse_pud_range() by ftrace. And therefore the HugeTLB pages will never be freed because we lost it from page table. We can skip HugeTLB pages for unuse_vma to fix it. Fixes: 0fe6e20b9c4c ("hugetlb, rmap: add reverse mapping for hugepage") Signed-off-by: Liu Shixin <liushixin2(a)huawei.com> --- mm/swapfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/swapfile.c b/mm/swapfile.c index 0cded32414a1..f4ef91513fc9 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -2312,7 +2312,7 @@ static int unuse_mm(struct mm_struct *mm, unsigned int type) mmap_read_lock(mm); for_each_vma(vmi, vma) { - if (vma->anon_vma) { + if (vma->anon_vma && !is_vm_hugetlb_page(vma)) { ret = unuse_vma(vma, type); if (ret) break; -- 2.34.1

8 months, 1 week

3
2
0 0

[PATCH 6.1.y] bpf: Fix dev's rx stats for bpf_redirect_peer traffic

by Matthew Yeazel

From: Peilin Ye <peilin.ye(a)bytedance.com> commit 024ee930cb3c9ae49e4266aee89cfde0ebb407e1 upstream Traffic redirected by bpf_redirect_peer() (used by recent CNIs like Cilium) is not accounted for in the RX stats of supported devices (that is, veth and netkit), confusing user space metrics collectors such as cAdvisor [0], as reported by Youlun. Fix it by calling dev_sw_netstats_rx_add() in skb_do_redirect(), to update RX traffic counters. Devices that support ndo_get_peer_dev _must_ use the @tstats per-CPU counters (instead of @lstats, or @dstats). To make this more fool-proof, error out when ndo_get_peer_dev is set but @tstats are not selected. [0] Specifically, the "container_network_receive_{byte,packet}s_total" counters are affected. Fixes: 9aa1206e8f48 ("bpf: Add redirect_peer helper") Reported-by: Youlun Zhang <zhangyoulun(a)bytedance.com> Signed-off-by: Peilin Ye <peilin.ye(a)bytedance.com> Co-developed-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Reviewed-by: Nikolay Aleksandrov <razor(a)blackwall.org> Link: https://lore.kernel.org/r/20231114004220.6495-6-daniel@iogearbox.net Signed-off-by: Martin KaFai Lau <martin.lau(a)kernel.org> (cherry picked from commit 024ee930cb3c9ae49e4266aee89cfde0ebb407e1) Signed-off-by: Matt Yeazel <yeazelm(a)amazon.com> --- net/core/dev.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++ net/core/filter.c | 1 + 2 files changed, 49 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index 20d8b9195ef6..9f5109a15e4c 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -9983,6 +9983,54 @@ void netif_tx_stop_all_queues(struct net_device *dev) } EXPORT_SYMBOL(netif_tx_stop_all_queues); +static int netdev_do_alloc_pcpu_stats(struct net_device *dev) +{ + void __percpu *v; + + /* Drivers implementing ndo_get_peer_dev must support tstat + * accounting, so that skb_do_redirect() can bump the dev's + * RX stats upon network namespace switch. + */ + if (dev->netdev_ops->ndo_get_peer_dev && + dev->pcpu_stat_type != NETDEV_PCPU_STAT_TSTATS) + return -EOPNOTSUPP; + + switch (dev->pcpu_stat_type) { + case NETDEV_PCPU_STAT_NONE: + return 0; + case NETDEV_PCPU_STAT_LSTATS: + v = dev->lstats = netdev_alloc_pcpu_stats(struct pcpu_lstats); + break; + case NETDEV_PCPU_STAT_TSTATS: + v = dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats); + break; + case NETDEV_PCPU_STAT_DSTATS: + v = dev->dstats = netdev_alloc_pcpu_stats(struct pcpu_dstats); + break; + default: + return -EINVAL; + } + + return v ? 0 : -ENOMEM; +} + +static void netdev_do_free_pcpu_stats(struct net_device *dev) +{ + switch (dev->pcpu_stat_type) { + case NETDEV_PCPU_STAT_NONE: + return; + case NETDEV_PCPU_STAT_LSTATS: + free_percpu(dev->lstats); + break; + case NETDEV_PCPU_STAT_TSTATS: + free_percpu(dev->tstats); + break; + case NETDEV_PCPU_STAT_DSTATS: + free_percpu(dev->dstats); + break; + } +} + /** * register_netdevice() - register a network device * @dev: device to register diff --git a/net/core/filter.c b/net/core/filter.c index 1cd5f146cafe..e318ec485cc8 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -2489,6 +2489,7 @@ int skb_do_redirect(struct sk_buff *skb) net_eq(net, dev_net(dev)))) goto out_drop; skb->dev = dev; + dev_sw_netstats_rx_add(dev, skb->len); return -EAGAIN; } return flags & BPF_F_NEIGH ? -- 2.45.2

8 months, 1 week

1
1
0 0

[PATCH] drm/radeon: Fix encoder->possible_clones

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Include the encoder itself in its possible_clones bitmask. In the past nothing validated that drivers were populating possible_clones correctly, but that changed in commit 74d2aacbe840 ("drm: Validate encoder->possible_clones"). Looks like radeon never got the memo and is still not following the rules 100% correctly. This results in some warnings during driver initialization: Bogus possible_clones: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7) WARNING: CPU: 0 PID: 170 at drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c ... Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: amd-gfx(a)lists.freedesktop.org Cc: stable(a)vger.kernel.org Fixes: 74d2aacbe840 ("drm: Validate encoder->possible_clones") Reported-by: Erhard Furtner <erhard_f(a)mailbox.org> Closes: https://lore.kernel.org/dri-devel/20241009000321.418e4294@yea/ Tested-by: Erhard Furtner <erhard_f(a)mailbox.org> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/radeon/radeon_encoders.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/radeon/radeon_encoders.c b/drivers/gpu/drm/radeon/radeon_encoders.c index 0f723292409e..fafed331e0a0 100644 --- a/drivers/gpu/drm/radeon/radeon_encoders.c +++ b/drivers/gpu/drm/radeon/radeon_encoders.c @@ -43,7 +43,7 @@ static uint32_t radeon_encoder_clones(struct drm_encoder *encoder) struct radeon_device *rdev = dev->dev_private; struct radeon_encoder *radeon_encoder = to_radeon_encoder(encoder); struct drm_encoder *clone_encoder; - uint32_t index_mask = 0; + uint32_t index_mask = drm_encoder_mask(encoder); int count; /* DIG routing gets problematic */ -- 2.45.2

8 months, 1 week

2
1
0 0

[PATCH 1/1] iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices

by Lu Baolu

Previously, the domain_context_clear() function incorrectly called pci_for_each_dma_alias() to set up context entries for non-PCI devices. This could lead to kernel hangs or other unexpected behavior. Add a check to only call pci_for_each_dma_alias() for PCI devices. For non-PCI devices, domain_context_clear_one() is called directly. Reported-by: Todd Brandt <todd.e.brandt(a)intel.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219363 Fixes: 9a16ab9d6402 ("iommu/vt-d: Make context clearing consistent with context mapping") Cc: stable(a)vger.kernel.org Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> --- drivers/iommu/intel/iommu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c index 9f6b0780f2ef..e860bc9439a2 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c @@ -3340,8 +3340,10 @@ static int domain_context_clear_one_cb(struct pci_dev *pdev, u16 alias, void *op */ static void domain_context_clear(struct device_domain_info *info) { - if (!dev_is_pci(info->dev)) + if (!dev_is_pci(info->dev)) { domain_context_clear_one(info, info->bus, info->devfn); + return; + } pci_for_each_dma_alias(to_pci_dev(info->dev), &domain_context_clear_one_cb, info); -- 2.43.0

8 months, 1 week

3
3
0 0

[PATCH 5.4.y 0/2] tracing/kprobes: Backport request about

by Sherry Yang

The added test case from commit 09bcf9254838 ("selftests/ftrace: Add new test case which checks non unique symbol") failed, it is fixed by b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols"). Backport it and its fix commit to 5.4.y together. Resolved minor context change conflicts. Resend the patch series after backpporting to 5.10.y first. Andrii Nakryiko (1): tracing/kprobes: Fix symbol counting logic by looking at modules as well Francis Laniel (1): tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols kernel/trace/trace_kprobe.c | 76 +++++++++++++++++++++++++++++++++++++ kernel/trace/trace_probe.h | 1 + 2 files changed, 77 insertions(+) -- 2.46.0

8 months, 1 week

1
2
0 0

Re: [PATCH 6.11 000/214] 6.11.4-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

8 months, 1 week

1
0
0 0

[PATCH v2] media: v4l2-core: v4l2-dv-timings: check cvt/gtf result

by Hans Verkuil

The v4l2_detect_cvt/gtf functions should check the result against the timing capabilities: these functions calculate the timings, so if they are out of bounds, they should be rejected. To do this, add the struct v4l2_dv_timings_cap as argument to those functions. This required updates to the adv7604 and adv7842 drivers since the prototype of these functions has now changed. The timings struct that is passed to v4l2_detect_cvt/gtf in those two drivers is filled with the timings detected by the hardware. The vivid driver was also updated, but an additional check was added: the width and height specified by VIDIOC_S_DV_TIMINGS has to match the calculated result, otherwise something went wrong. Note that vivid *emulates* hardware, so all the values passed to the v4l2_detect_cvt/gtf functions came from the timings struct that was filled by userspace and passed on to the driver via VIDIOC_S_DV_TIMINGS. So these fields can contain random data. Both the constraints check via struct v4l2_dv_timings_cap and the additional width/height check ensure that the resulting timings are sane and not messed up by the v4l2_detect_cvt/gtf calculations. Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> Fixes: 2576415846bc ("[media] v4l2: move dv-timings related code to v4l2-dv-timings.c") Cc: stable(a)vger.kernel.org Reported-by: syzbot+a828133770f62293563e(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-media/000000000000013050062127830a@google.com/ --- Changes since v1: - Improve the commit message - Drop a spurious newline change --- drivers/media/i2c/adv7604.c | 5 +- drivers/media/i2c/adv7842.c | 13 +-- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 ++- drivers/media/v4l2-core/v4l2-dv-timings.c | 132 ++++++++++++----------- include/media/v4l2-dv-timings.h | 18 ++-- 5 files changed, 107 insertions(+), 76 deletions(-) diff --git a/drivers/media/i2c/adv7604.c b/drivers/media/i2c/adv7604.c index 3184a2fa15322caa2a8eb415bea14312690b839c..4504909d95bce5f242e66b00be50ecb3ef2b896c 100644 --- a/drivers/media/i2c/adv7604.c +++ b/drivers/media/i2c/adv7604.c @@ -1408,12 +1408,13 @@ static int stdi2dv_timings(struct v4l2_subdev *sd, if (v4l2_detect_cvt(stdi->lcf + 1, hfreq, stdi->lcvs, 0, (stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) | (stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0), - false, timings)) + false, adv76xx_get_dv_timings_cap(sd, -1), timings)) return 0; if (v4l2_detect_gtf(stdi->lcf + 1, hfreq, stdi->lcvs, (stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) | (stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0), - false, state->aspect_ratio, timings)) + false, state->aspect_ratio, + adv76xx_get_dv_timings_cap(sd, -1), timings)) return 0; v4l2_dbg(2, debug, sd, diff --git a/drivers/media/i2c/adv7842.c b/drivers/media/i2c/adv7842.c index e445699da85b70b711edda79ba4bbcea0161914f..3c9e613af0ceba4062c854581ee981e1fc2d0b6a 100644 --- a/drivers/media/i2c/adv7842.c +++ b/drivers/media/i2c/adv7842.c @@ -1434,14 +1434,15 @@ static int stdi2dv_timings(struct v4l2_subdev *sd, } if (v4l2_detect_cvt(stdi->lcf + 1, hfreq, stdi->lcvs, 0, - (stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) | - (stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0), - false, timings)) + (stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) | + (stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0), + false, adv7842_get_dv_timings_cap(sd), timings)) return 0; if (v4l2_detect_gtf(stdi->lcf + 1, hfreq, stdi->lcvs, - (stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) | - (stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0), - false, state->aspect_ratio, timings)) + (stdi->hs_pol == '+' ? V4L2_DV_HSYNC_POS_POL : 0) | + (stdi->vs_pol == '+' ? V4L2_DV_VSYNC_POS_POL : 0), + false, state->aspect_ratio, + adv7842_get_dv_timings_cap(sd), timings)) return 0; v4l2_dbg(2, debug, sd, diff --git a/drivers/media/test-drivers/vivid/vivid-vid-cap.c b/drivers/media/test-drivers/vivid/vivid-vid-cap.c index 69620e0a35a02fb210529a1d652abf915b4445af..68318af9f0d0a97335307cef22476b8651a98891 100644 --- a/drivers/media/test-drivers/vivid/vivid-vid-cap.c +++ b/drivers/media/test-drivers/vivid/vivid-vid-cap.c @@ -1459,12 +1459,19 @@ static bool valid_cvt_gtf_timings(struct v4l2_dv_timings *timings) h_freq = (u32)bt->pixelclock / total_h_pixel; if (bt->standards == 0 || (bt->standards & V4L2_DV_BT_STD_CVT)) { + struct v4l2_dv_timings cvt = {}; + if (v4l2_detect_cvt(total_v_lines, h_freq, bt->vsync, bt->width, - bt->polarities, bt->interlaced, timings)) + bt->polarities, bt->interlaced, + &vivid_dv_timings_cap, &cvt) && + cvt.bt.width == bt->width && cvt.bt.height == bt->height) { + *timings = cvt; return true; + } } if (bt->standards == 0 || (bt->standards & V4L2_DV_BT_STD_GTF)) { + struct v4l2_dv_timings gtf = {}; struct v4l2_fract aspect_ratio; find_aspect_ratio(bt->width, bt->height, @@ -1472,8 +1479,12 @@ static bool valid_cvt_gtf_timings(struct v4l2_dv_timings *timings) &aspect_ratio.denominator); if (v4l2_detect_gtf(total_v_lines, h_freq, bt->vsync, bt->polarities, bt->interlaced, - aspect_ratio, timings)) + aspect_ratio, &vivid_dv_timings_cap, + &gtf) && + gtf.bt.width == bt->width && gtf.bt.height == bt->height) { + *timings = gtf; return true; + } } return false; } diff --git a/drivers/media/v4l2-core/v4l2-dv-timings.c b/drivers/media/v4l2-core/v4l2-dv-timings.c index 39b5fc1807c409a4cc7421edc6b7ed2b5c1452e1..d26edf157e640001569a5779ee24abffa8be09b7 100644 --- a/drivers/media/v4l2-core/v4l2-dv-timings.c +++ b/drivers/media/v4l2-core/v4l2-dv-timings.c @@ -481,25 +481,28 @@ EXPORT_SYMBOL_GPL(v4l2_calc_timeperframe); * @polarities - the horizontal and vertical polarities (same as struct * v4l2_bt_timings polarities). * @interlaced - if this flag is true, it indicates interlaced format - * @fmt - the resulting timings. + * @cap - the v4l2_dv_timings_cap capabilities. + * @timings - the resulting timings. * * This function will attempt to detect if the given values correspond to a * valid CVT format. If so, then it will return true, and fmt will be filled * in with the found CVT timings. */ -bool v4l2_detect_cvt(unsigned frame_height, - unsigned hfreq, - unsigned vsync, - unsigned active_width, +bool v4l2_detect_cvt(unsigned int frame_height, + unsigned int hfreq, + unsigned int vsync, + unsigned int active_width, u32 polarities, bool interlaced, - struct v4l2_dv_timings *fmt) + const struct v4l2_dv_timings_cap *cap, + struct v4l2_dv_timings *timings) { - int v_fp, v_bp, h_fp, h_bp, hsync; - int frame_width, image_height, image_width; + struct v4l2_dv_timings t = {}; + int v_fp, v_bp, h_fp, h_bp, hsync; + int frame_width, image_height, image_width; bool reduced_blanking; bool rb_v2 = false; - unsigned pix_clk; + unsigned int pix_clk; if (vsync < 4 || vsync > 8) return false; @@ -625,36 +628,39 @@ bool v4l2_detect_cvt(unsigned frame_height, h_fp = h_blank - hsync - h_bp; } - fmt->type = V4L2_DV_BT_656_1120; - fmt->bt.polarities = polarities; - fmt->bt.width = image_width; - fmt->bt.height = image_height; - fmt->bt.hfrontporch = h_fp; - fmt->bt.vfrontporch = v_fp; - fmt->bt.hsync = hsync; - fmt->bt.vsync = vsync; - fmt->bt.hbackporch = frame_width - image_width - h_fp - hsync; + t.type = V4L2_DV_BT_656_1120; + t.bt.polarities = polarities; + t.bt.width = image_width; + t.bt.height = image_height; + t.bt.hfrontporch = h_fp; + t.bt.vfrontporch = v_fp; + t.bt.hsync = hsync; + t.bt.vsync = vsync; + t.bt.hbackporch = frame_width - image_width - h_fp - hsync; if (!interlaced) { - fmt->bt.vbackporch = frame_height - image_height - v_fp - vsync; - fmt->bt.interlaced = V4L2_DV_PROGRESSIVE; + t.bt.vbackporch = frame_height - image_height - v_fp - vsync; + t.bt.interlaced = V4L2_DV_PROGRESSIVE; } else { - fmt->bt.vbackporch = (frame_height - image_height - 2 * v_fp - + t.bt.vbackporch = (frame_height - image_height - 2 * v_fp - 2 * vsync) / 2; - fmt->bt.il_vbackporch = frame_height - image_height - 2 * v_fp - - 2 * vsync - fmt->bt.vbackporch; - fmt->bt.il_vfrontporch = v_fp; - fmt->bt.il_vsync = vsync; - fmt->bt.flags |= V4L2_DV_FL_HALF_LINE; - fmt->bt.interlaced = V4L2_DV_INTERLACED; + t.bt.il_vbackporch = frame_height - image_height - 2 * v_fp - + 2 * vsync - t.bt.vbackporch; + t.bt.il_vfrontporch = v_fp; + t.bt.il_vsync = vsync; + t.bt.flags |= V4L2_DV_FL_HALF_LINE; + t.bt.interlaced = V4L2_DV_INTERLACED; } - fmt->bt.pixelclock = pix_clk; - fmt->bt.standards = V4L2_DV_BT_STD_CVT; + t.bt.pixelclock = pix_clk; + t.bt.standards = V4L2_DV_BT_STD_CVT; if (reduced_blanking) - fmt->bt.flags |= V4L2_DV_FL_REDUCED_BLANKING; + t.bt.flags |= V4L2_DV_FL_REDUCED_BLANKING; + if (!v4l2_valid_dv_timings(&t, cap, NULL, NULL)) + return false; + *timings = t; return true; } EXPORT_SYMBOL_GPL(v4l2_detect_cvt); @@ -699,22 +705,25 @@ EXPORT_SYMBOL_GPL(v4l2_detect_cvt); * image height, so it has to be passed explicitly. Usually * the native screen aspect ratio is used for this. If it * is not filled in correctly, then 16:9 will be assumed. - * @fmt - the resulting timings. + * @cap - the v4l2_dv_timings_cap capabilities. + * @timings - the resulting timings. * * This function will attempt to detect if the given values correspond to a * valid GTF format. If so, then it will return true, and fmt will be filled * in with the found GTF timings. */ -bool v4l2_detect_gtf(unsigned frame_height, - unsigned hfreq, - unsigned vsync, - u32 polarities, - bool interlaced, - struct v4l2_fract aspect, - struct v4l2_dv_timings *fmt) +bool v4l2_detect_gtf(unsigned int frame_height, + unsigned int hfreq, + unsigned int vsync, + u32 polarities, + bool interlaced, + struct v4l2_fract aspect, + const struct v4l2_dv_timings_cap *cap, + struct v4l2_dv_timings *timings) { + struct v4l2_dv_timings t = {}; int pix_clk; - int v_fp, v_bp, h_fp, hsync; + int v_fp, v_bp, h_fp, hsync; int frame_width, image_height, image_width; bool default_gtf; int h_blank; @@ -783,36 +792,39 @@ bool v4l2_detect_gtf(unsigned frame_height, h_fp = h_blank / 2 - hsync; - fmt->type = V4L2_DV_BT_656_1120; - fmt->bt.polarities = polarities; - fmt->bt.width = image_width; - fmt->bt.height = image_height; - fmt->bt.hfrontporch = h_fp; - fmt->bt.vfrontporch = v_fp; - fmt->bt.hsync = hsync; - fmt->bt.vsync = vsync; - fmt->bt.hbackporch = frame_width - image_width - h_fp - hsync; + t.type = V4L2_DV_BT_656_1120; + t.bt.polarities = polarities; + t.bt.width = image_width; + t.bt.height = image_height; + t.bt.hfrontporch = h_fp; + t.bt.vfrontporch = v_fp; + t.bt.hsync = hsync; + t.bt.vsync = vsync; + t.bt.hbackporch = frame_width - image_width - h_fp - hsync; if (!interlaced) { - fmt->bt.vbackporch = frame_height - image_height - v_fp - vsync; - fmt->bt.interlaced = V4L2_DV_PROGRESSIVE; + t.bt.vbackporch = frame_height - image_height - v_fp - vsync; + t.bt.interlaced = V4L2_DV_PROGRESSIVE; } else { - fmt->bt.vbackporch = (frame_height - image_height - 2 * v_fp - + t.bt.vbackporch = (frame_height - image_height - 2 * v_fp - 2 * vsync) / 2; - fmt->bt.il_vbackporch = frame_height - image_height - 2 * v_fp - - 2 * vsync - fmt->bt.vbackporch; - fmt->bt.il_vfrontporch = v_fp; - fmt->bt.il_vsync = vsync; - fmt->bt.flags |= V4L2_DV_FL_HALF_LINE; - fmt->bt.interlaced = V4L2_DV_INTERLACED; + t.bt.il_vbackporch = frame_height - image_height - 2 * v_fp - + 2 * vsync - t.bt.vbackporch; + t.bt.il_vfrontporch = v_fp; + t.bt.il_vsync = vsync; + t.bt.flags |= V4L2_DV_FL_HALF_LINE; + t.bt.interlaced = V4L2_DV_INTERLACED; } - fmt->bt.pixelclock = pix_clk; - fmt->bt.standards = V4L2_DV_BT_STD_GTF; + t.bt.pixelclock = pix_clk; + t.bt.standards = V4L2_DV_BT_STD_GTF; if (!default_gtf) - fmt->bt.flags |= V4L2_DV_FL_REDUCED_BLANKING; + t.bt.flags |= V4L2_DV_FL_REDUCED_BLANKING; + if (!v4l2_valid_dv_timings(&t, cap, NULL, NULL)) + return false; + *timings = t; return true; } EXPORT_SYMBOL_GPL(v4l2_detect_gtf); diff --git a/include/media/v4l2-dv-timings.h b/include/media/v4l2-dv-timings.h index 13830411bd6c486e863b01a2ae3ebf91235c5f67..ff07dc6b103c6bfff4bb600e466d70b3d8fad578 100644 --- a/include/media/v4l2-dv-timings.h +++ b/include/media/v4l2-dv-timings.h @@ -147,15 +147,18 @@ void v4l2_print_dv_timings(const char *dev_prefix, const char *prefix, * @polarities: the horizontal and vertical polarities (same as struct * v4l2_bt_timings polarities). * @interlaced: if this flag is true, it indicates interlaced format + * @cap: the v4l2_dv_timings_cap capabilities. * @fmt: the resulting timings. * * This function will attempt to detect if the given values correspond to a * valid CVT format. If so, then it will return true, and fmt will be filled * in with the found CVT timings. */ -bool v4l2_detect_cvt(unsigned frame_height, unsigned hfreq, unsigned vsync, - unsigned active_width, u32 polarities, bool interlaced, - struct v4l2_dv_timings *fmt); +bool v4l2_detect_cvt(unsigned int frame_height, unsigned int hfreq, + unsigned int vsync, unsigned int active_width, + u32 polarities, bool interlaced, + const struct v4l2_dv_timings_cap *cap, + struct v4l2_dv_timings *fmt); /** * v4l2_detect_gtf - detect if the given timings follow the GTF standard @@ -171,15 +174,18 @@ bool v4l2_detect_cvt(unsigned frame_height, unsigned hfreq, unsigned vsync, * image height, so it has to be passed explicitly. Usually * the native screen aspect ratio is used for this. If it * is not filled in correctly, then 16:9 will be assumed. + * @cap: the v4l2_dv_timings_cap capabilities. * @fmt: the resulting timings. * * This function will attempt to detect if the given values correspond to a * valid GTF format. If so, then it will return true, and fmt will be filled * in with the found GTF timings. */ -bool v4l2_detect_gtf(unsigned frame_height, unsigned hfreq, unsigned vsync, - u32 polarities, bool interlaced, struct v4l2_fract aspect, - struct v4l2_dv_timings *fmt); +bool v4l2_detect_gtf(unsigned int frame_height, unsigned int hfreq, + unsigned int vsync, u32 polarities, bool interlaced, + struct v4l2_fract aspect, + const struct v4l2_dv_timings_cap *cap, + struct v4l2_dv_timings *fmt); /** * v4l2_calc_aspect_ratio - calculate the aspect ratio based on bytes --- base-commit: bcd4f091cf1ea7184d813afc115af82ac9326b25 change-id: 20241014-timings-8e221a33475c Best regards, -- Hans Verkuil <hverkuil(a)xs4all.nl>

8 months, 1 week

1
0
0 0

[PATCH 2/2] ceph: extract entity name from device id

by Patrick Donnelly

From: Patrick Donnelly <pdonnell(a)redhat.com> Previously, the "name" in the new device syntax "<name>@<fsid>.<fsname>" was ignored because (presumably) tests were done using mount.ceph which also passed the entity name using "-o name=foo". If mounting is done without the mount.ceph helper, the new device id syntax fails to set the name properly. Cc: stable(a)vger.kernel.org Resolves: https://tracker.ceph.com/issues/68516 Signed-off-by: Patrick Donnelly <pdonnell(a)redhat.com> --- fs/ceph/super.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/ceph/super.c b/fs/ceph/super.c index 42bdbe5b7ef9..de03cd6eb86e 100644 --- a/fs/ceph/super.c +++ b/fs/ceph/super.c @@ -285,7 +285,9 @@ static int ceph_parse_new_source(const char *dev_name, const char *dev_name_end, size_t len; struct ceph_fsid fsid; struct ceph_parse_opts_ctx *pctx = fc->fs_private; + struct ceph_options *opts = pctx->copts; struct ceph_mount_options *fsopt = pctx->opts; + const char *name_start = dev_name; const char *fsid_start, *fs_name_start; if (*dev_name_end != '=') { @@ -296,8 +298,14 @@ static int ceph_parse_new_source(const char *dev_name, const char *dev_name_end, fsid_start = strchr(dev_name, '@'); if (!fsid_start) return invalfc(fc, "missing cluster fsid"); - ++fsid_start; /* start of cluster fsid */ + len = fsid_start - name_start; + kfree(opts->name); + opts->name = kstrndup(name_start, len, GFP_KERNEL); + if (!opts->name) + return -ENOMEM; + dout("using %s entity name", opts->name); + ++fsid_start; /* start of cluster fsid */ fs_name_start = strchr(fsid_start, '.'); if (!fs_name_start) return invalfc(fc, "missing file system name"); -- Patrick Donnelly, Ph.D. He / Him / His Red Hat Partner Engineer IBM, Inc. GPG: 19F28A586F808C2402351B93C3301A3E258DD79D

8 months, 1 week

1
0
0 0

[regression]Boot Hang on Kernel 6.1.83+ with Dell PowerEdge R770 and Intel Xeon 6710E

by Jinpu Wang

Hello all, We are experiencing a boot hang issue when booting kernel version 6.1.83+ on a Dell Inc. PowerEdge R770 equipped with an Intel Xeon 6710E processor. After extensive testing and use of `git bisect`, we have traced the issue to commit: `586e19c88a0c ("iommu/vt-d: Retrieve IOMMU perfmon capability information")` This commit appears to be part of a larger patchset, which can be found here: [Patchset on lore.kernel.org](https://lore.kernel.org/lkml/7c4b3e4e-1c5d-04f1-1891-84f68… We attempted to boot with the `intel_iommu=off` option, but the system hangs in the same manner. However, the system boots successfully after disabling `CONFIG_INTEL_IOMMU_PERF_EVENTS`. I'm reporting here in case others hit the same issue. Any assistance or guidance on understanding/resolving this issue would be greatly appreciated. Thank you. Jinpu Wang @ IONOS Cloud

8 months, 1 week

4
11
0 0

FAILED: patch "[PATCH] io_uring/rw: fix cflags posting for single issue multishot" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x c9d952b9103b600ddafc5d1c0e2f2dbd30f0b805 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101436-avalanche-approach-5c90@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: c9d952b9103b ("io_uring/rw: fix cflags posting for single issue multishot read") 6733e678ba12 ("io_uring/kbuf: pass in 'len' argument for buffer commit") ecd5c9b29643 ("io_uring/kbuf: add io_kbuf_commit() helper") 03e02e8f95fe ("io_uring/kbuf: use 'bl' directly rather than req->buf_list") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c9d952b9103b600ddafc5d1c0e2f2dbd30f0b805 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Sat, 5 Oct 2024 19:06:50 -0600 Subject: [PATCH] io_uring/rw: fix cflags posting for single issue multishot read If multishot gets disabled, and hence the request will get terminated rather than persist for more iterations, then posting the CQE with the right cflags is still important. Most notably, the buffer reference needs to be included. Refactor the return of __io_read() a bit, so that the provided buffer is always put correctly, and hence returned to the application. Reported-by: Sharon Rosner <Sharon Rosner> Link: https://github.com/axboe/liburing/issues/1257 Cc: stable(a)vger.kernel.org Fixes: 2a975d426c82 ("io_uring/rw: don't allow multishot reads without NOWAIT support") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/rw.c b/io_uring/rw.c index f023ff49c688..93ad92605884 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -972,17 +972,21 @@ int io_read_mshot(struct io_kiocb *req, unsigned int issue_flags) if (issue_flags & IO_URING_F_MULTISHOT) return IOU_ISSUE_SKIP_COMPLETE; return -EAGAIN; - } - - /* - * Any successful return value will keep the multishot read armed. - */ - if (ret > 0 && req->flags & REQ_F_APOLL_MULTISHOT) { + } else if (ret <= 0) { + io_kbuf_recycle(req, issue_flags); + if (ret < 0) + req_set_fail(req); + } else { /* - * Put our buffer and post a CQE. If we fail to post a CQE, then + * Any successful return value will keep the multishot read + * armed, if it's still set. Put our buffer and post a CQE. If + * we fail to post a CQE, or multishot is no longer set, then * jump to the termination path. This request is then done. */ cflags = io_put_kbuf(req, ret, issue_flags); + if (!(req->flags & REQ_F_APOLL_MULTISHOT)) + goto done; + rw->len = 0; /* similarly to above, reset len to 0 */ if (io_req_post_cqe(req, ret, cflags | IORING_CQE_F_MORE)) { @@ -1003,6 +1007,7 @@ int io_read_mshot(struct io_kiocb *req, unsigned int issue_flags) * Either an error, or we've hit overflow posting the CQE. For any * multishot request, hitting overflow will terminate it. */ +done: io_req_set_res(req, ret, cflags); io_req_rw_cleanup(req, issue_flags); if (issue_flags & IO_URING_F_MULTISHOT)

8 months, 1 week

3
2
0 0

[PATCH] HID: plantronics: Update to map micmute controls

by Wade Wang

telephony page of Plantronics headset is ignored currently, it caused micmute button no function, Now follow native HID key mapping for telephony page map, telephony micmute key is enabled by default Cc: stable(a)vger.kernel.org Signed-off-by: Wade Wang <wade.wang(a)hp.com> --- drivers/hid/hid-plantronics.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/hid/hid-plantronics.c b/drivers/hid/hid-plantronics.c index 2a19f3646ecb..2d17534fce61 100644 --- a/drivers/hid/hid-plantronics.c +++ b/drivers/hid/hid-plantronics.c @@ -77,10 +77,10 @@ static int plantronics_input_mapping(struct hid_device *hdev, } } /* handle standard types - plt_type is 0xffa0uuuu or 0xffa2uuuu */ - /* 'basic telephony compliant' - allow default consumer page map */ + /* 'basic telephony compliant' - allow default consumer & telephony page map */ else if ((plt_type & HID_USAGE) >= PLT_BASIC_TELEPHONY && (plt_type & HID_USAGE) != PLT_BASIC_EXCEPTION) { - if (PLT_ALLOW_CONSUMER) + if (PLT_ALLOW_CONSUMER || (usage->hid & HID_USAGE_PAGE) == HID_UP_TELEPHONY) goto defaulted; } /* not 'basic telephony' - apply legacy mapping */ -- 2.34.1

8 months, 1 week

4
8
0 0

FAILED: patch "[PATCH] net: ethernet: cortina: Restore TSO support" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 2942dfab630444d46aaa37fb7d629b620abbf6ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101406-matted-figure-a255@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 2942dfab6304 ("net: ethernet: cortina: Restore TSO support") ac631873c9e7 ("net: ethernet: cortina: Drop TSO support") d4d0c5b4d279 ("net: ethernet: cortina: Handle large frames") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2942dfab630444d46aaa37fb7d629b620abbf6ba Mon Sep 17 00:00:00 2001 From: Linus Walleij <linus.walleij(a)linaro.org> Date: Mon, 27 May 2024 21:26:44 +0200 Subject: [PATCH] net: ethernet: cortina: Restore TSO support An earlier commit deleted the TSO support in the Cortina Gemini driver because the driver was confusing gso_size and MTU, probably because what the Linux kernel calls "gso_size" was called "MTU" in the datasheet. Restore the functionality properly reading the gso_size from the skbuff. Tested with iperf3, running a server on a different machine and client on the device with the cortina gemini ethernet: Connecting to host 192.168.1.2, port 5201 60008000.ethernet-port eth0: segment offloading mss = 05ea len=1c8a 60008000.ethernet-port eth0: segment offloading mss = 05ea len=1c8a 60008000.ethernet-port eth0: segment offloading mss = 05ea len=27da 60008000.ethernet-port eth0: segment offloading mss = 05ea len=0b92 60008000.ethernet-port eth0: segment offloading mss = 05ea len=2bda (...) (The hardware MSS 0x05ea here includes the ethernet headers.) If I disable all segment offloading on the receiving host and dump packets using tcpdump -xx like this: ethtool -K enp2s0 gro off gso off tso off tcpdump -xx -i enp2s0 host 192.168.1.136 I get segmented packages such as this when running iperf3: 23:16:54.024139 IP OpenWrt.lan.59168 > Fecusia.targus-getdata1: Flags [.], seq 1486:2934, ack 1, win 4198, options [nop,nop,TS val 3886192908 ecr 3601341877], length 1448 0x0000: fc34 9701 a0c6 14d6 4da8 3c4f 0800 4500 0x0010: 05dc 16a0 4000 4006 9aa1 c0a8 0188 c0a8 0x0020: 0102 e720 1451 ff25 9822 4c52 29cf 8010 0x0030: 1066 ac8c 0000 0101 080a e7a2 990c d6a8 (...) 0x05c0: 5e49 e109 fe8c 4617 5e18 7a82 7eae d647 0x05d0: e8ee ae64 dc88 c897 3f8a 07a4 3a33 6b1b 0x05e0: 3501 a30f 2758 cc44 4b4a Several such packets often follow after each other verifying the segmentation into 0x05a8 (1448) byte packages also on the reveiving end. As can be seen, the ethernet frames are 0x05ea (1514) in size. Performance with iperf3 before this patch: ~15.5 Mbit/s Performance with iperf3 after this patch: ~175 Mbit/s This was running a 60 second test (twice) the best measurement was 179 Mbit/s. For comparison if I run iperf3 with UDP I get around 1.05 Mbit/s both before and after this patch. While this is a gigabit ethernet interface, the CPU is a cheap D-Link DIR-685 router (based on the ARMv5 Faraday FA526 at ~50 MHz), and the software is not supposed to drive traffic, as the device has a DSA chip, so this kind of numbers can be expected. Fixes: ac631873c9e7 ("net: ethernet: cortina: Drop TSO support") Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c index 5f0c9e1771db..7ebd61a3a49b 100644 --- a/drivers/net/ethernet/cortina/gemini.c +++ b/drivers/net/ethernet/cortina/gemini.c @@ -79,7 +79,8 @@ MODULE_PARM_DESC(debug, "Debug level (0=none,...,16=all)"); #define GMAC0_IRQ4_8 (GMAC0_MIB_INT_BIT | GMAC0_RX_OVERRUN_INT_BIT) #define GMAC_OFFLOAD_FEATURES (NETIF_F_SG | NETIF_F_IP_CSUM | \ - NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM) + NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM | \ + NETIF_F_TSO | NETIF_F_TSO_ECN | NETIF_F_TSO6) /** * struct gmac_queue_page - page buffer per-page info @@ -1148,13 +1149,25 @@ static int gmac_map_tx_bufs(struct net_device *netdev, struct sk_buff *skb, skb_frag_t *skb_frag; dma_addr_t mapping; void *buffer; + u16 mss; int ret; - /* TODO: implement proper TSO using MTU in word3 */ word1 = skb->len; word3 = SOF_BIT; - if (skb->len >= ETH_FRAME_LEN) { + mss = skb_shinfo(skb)->gso_size; + if (mss) { + /* This means we are dealing with TCP and skb->len is the + * sum total of all the segments. The TSO will deal with + * chopping this up for us. + */ + /* The accelerator needs the full frame size here */ + mss += skb_tcp_all_headers(skb); + netdev_dbg(netdev, "segment offloading mss = %04x len=%04x\n", + mss, skb->len); + word1 |= TSS_MTU_ENABLE_BIT; + word3 |= mss; + } else if (skb->len >= ETH_FRAME_LEN) { /* Hardware offloaded checksumming isn't working on frames * bigger than 1514 bytes. A hypothesis about this is that the * checksum buffer is only 1518 bytes, so when the frames get @@ -1169,7 +1182,9 @@ static int gmac_map_tx_bufs(struct net_device *netdev, struct sk_buff *skb, return ret; } word1 |= TSS_BYPASS_BIT; - } else if (skb->ip_summed == CHECKSUM_PARTIAL) { + } + + if (skb->ip_summed == CHECKSUM_PARTIAL) { int tcp = 0; /* We do not switch off the checksumming on non TCP/UDP

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] net: ethernet: cortina: Restore TSO support" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2942dfab630444d46aaa37fb7d629b620abbf6ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101404-contently-large-e751@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 2942dfab6304 ("net: ethernet: cortina: Restore TSO support") ac631873c9e7 ("net: ethernet: cortina: Drop TSO support") d4d0c5b4d279 ("net: ethernet: cortina: Handle large frames") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2942dfab630444d46aaa37fb7d629b620abbf6ba Mon Sep 17 00:00:00 2001 From: Linus Walleij <linus.walleij(a)linaro.org> Date: Mon, 27 May 2024 21:26:44 +0200 Subject: [PATCH] net: ethernet: cortina: Restore TSO support An earlier commit deleted the TSO support in the Cortina Gemini driver because the driver was confusing gso_size and MTU, probably because what the Linux kernel calls "gso_size" was called "MTU" in the datasheet. Restore the functionality properly reading the gso_size from the skbuff. Tested with iperf3, running a server on a different machine and client on the device with the cortina gemini ethernet: Connecting to host 192.168.1.2, port 5201 60008000.ethernet-port eth0: segment offloading mss = 05ea len=1c8a 60008000.ethernet-port eth0: segment offloading mss = 05ea len=1c8a 60008000.ethernet-port eth0: segment offloading mss = 05ea len=27da 60008000.ethernet-port eth0: segment offloading mss = 05ea len=0b92 60008000.ethernet-port eth0: segment offloading mss = 05ea len=2bda (...) (The hardware MSS 0x05ea here includes the ethernet headers.) If I disable all segment offloading on the receiving host and dump packets using tcpdump -xx like this: ethtool -K enp2s0 gro off gso off tso off tcpdump -xx -i enp2s0 host 192.168.1.136 I get segmented packages such as this when running iperf3: 23:16:54.024139 IP OpenWrt.lan.59168 > Fecusia.targus-getdata1: Flags [.], seq 1486:2934, ack 1, win 4198, options [nop,nop,TS val 3886192908 ecr 3601341877], length 1448 0x0000: fc34 9701 a0c6 14d6 4da8 3c4f 0800 4500 0x0010: 05dc 16a0 4000 4006 9aa1 c0a8 0188 c0a8 0x0020: 0102 e720 1451 ff25 9822 4c52 29cf 8010 0x0030: 1066 ac8c 0000 0101 080a e7a2 990c d6a8 (...) 0x05c0: 5e49 e109 fe8c 4617 5e18 7a82 7eae d647 0x05d0: e8ee ae64 dc88 c897 3f8a 07a4 3a33 6b1b 0x05e0: 3501 a30f 2758 cc44 4b4a Several such packets often follow after each other verifying the segmentation into 0x05a8 (1448) byte packages also on the reveiving end. As can be seen, the ethernet frames are 0x05ea (1514) in size. Performance with iperf3 before this patch: ~15.5 Mbit/s Performance with iperf3 after this patch: ~175 Mbit/s This was running a 60 second test (twice) the best measurement was 179 Mbit/s. For comparison if I run iperf3 with UDP I get around 1.05 Mbit/s both before and after this patch. While this is a gigabit ethernet interface, the CPU is a cheap D-Link DIR-685 router (based on the ARMv5 Faraday FA526 at ~50 MHz), and the software is not supposed to drive traffic, as the device has a DSA chip, so this kind of numbers can be expected. Fixes: ac631873c9e7 ("net: ethernet: cortina: Drop TSO support") Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c index 5f0c9e1771db..7ebd61a3a49b 100644 --- a/drivers/net/ethernet/cortina/gemini.c +++ b/drivers/net/ethernet/cortina/gemini.c @@ -79,7 +79,8 @@ MODULE_PARM_DESC(debug, "Debug level (0=none,...,16=all)"); #define GMAC0_IRQ4_8 (GMAC0_MIB_INT_BIT | GMAC0_RX_OVERRUN_INT_BIT) #define GMAC_OFFLOAD_FEATURES (NETIF_F_SG | NETIF_F_IP_CSUM | \ - NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM) + NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM | \ + NETIF_F_TSO | NETIF_F_TSO_ECN | NETIF_F_TSO6) /** * struct gmac_queue_page - page buffer per-page info @@ -1148,13 +1149,25 @@ static int gmac_map_tx_bufs(struct net_device *netdev, struct sk_buff *skb, skb_frag_t *skb_frag; dma_addr_t mapping; void *buffer; + u16 mss; int ret; - /* TODO: implement proper TSO using MTU in word3 */ word1 = skb->len; word3 = SOF_BIT; - if (skb->len >= ETH_FRAME_LEN) { + mss = skb_shinfo(skb)->gso_size; + if (mss) { + /* This means we are dealing with TCP and skb->len is the + * sum total of all the segments. The TSO will deal with + * chopping this up for us. + */ + /* The accelerator needs the full frame size here */ + mss += skb_tcp_all_headers(skb); + netdev_dbg(netdev, "segment offloading mss = %04x len=%04x\n", + mss, skb->len); + word1 |= TSS_MTU_ENABLE_BIT; + word3 |= mss; + } else if (skb->len >= ETH_FRAME_LEN) { /* Hardware offloaded checksumming isn't working on frames * bigger than 1514 bytes. A hypothesis about this is that the * checksum buffer is only 1518 bytes, so when the frames get @@ -1169,7 +1182,9 @@ static int gmac_map_tx_bufs(struct net_device *netdev, struct sk_buff *skb, return ret; } word1 |= TSS_BYPASS_BIT; - } else if (skb->ip_summed == CHECKSUM_PARTIAL) { + } + + if (skb->ip_summed == CHECKSUM_PARTIAL) { int tcp = 0; /* We do not switch off the checksumming on non TCP/UDP

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] net: ethernet: cortina: Restore TSO support" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2942dfab630444d46aaa37fb7d629b620abbf6ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101403-widget-outpour-ede3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 2942dfab6304 ("net: ethernet: cortina: Restore TSO support") ac631873c9e7 ("net: ethernet: cortina: Drop TSO support") d4d0c5b4d279 ("net: ethernet: cortina: Handle large frames") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2942dfab630444d46aaa37fb7d629b620abbf6ba Mon Sep 17 00:00:00 2001 From: Linus Walleij <linus.walleij(a)linaro.org> Date: Mon, 27 May 2024 21:26:44 +0200 Subject: [PATCH] net: ethernet: cortina: Restore TSO support An earlier commit deleted the TSO support in the Cortina Gemini driver because the driver was confusing gso_size and MTU, probably because what the Linux kernel calls "gso_size" was called "MTU" in the datasheet. Restore the functionality properly reading the gso_size from the skbuff. Tested with iperf3, running a server on a different machine and client on the device with the cortina gemini ethernet: Connecting to host 192.168.1.2, port 5201 60008000.ethernet-port eth0: segment offloading mss = 05ea len=1c8a 60008000.ethernet-port eth0: segment offloading mss = 05ea len=1c8a 60008000.ethernet-port eth0: segment offloading mss = 05ea len=27da 60008000.ethernet-port eth0: segment offloading mss = 05ea len=0b92 60008000.ethernet-port eth0: segment offloading mss = 05ea len=2bda (...) (The hardware MSS 0x05ea here includes the ethernet headers.) If I disable all segment offloading on the receiving host and dump packets using tcpdump -xx like this: ethtool -K enp2s0 gro off gso off tso off tcpdump -xx -i enp2s0 host 192.168.1.136 I get segmented packages such as this when running iperf3: 23:16:54.024139 IP OpenWrt.lan.59168 > Fecusia.targus-getdata1: Flags [.], seq 1486:2934, ack 1, win 4198, options [nop,nop,TS val 3886192908 ecr 3601341877], length 1448 0x0000: fc34 9701 a0c6 14d6 4da8 3c4f 0800 4500 0x0010: 05dc 16a0 4000 4006 9aa1 c0a8 0188 c0a8 0x0020: 0102 e720 1451 ff25 9822 4c52 29cf 8010 0x0030: 1066 ac8c 0000 0101 080a e7a2 990c d6a8 (...) 0x05c0: 5e49 e109 fe8c 4617 5e18 7a82 7eae d647 0x05d0: e8ee ae64 dc88 c897 3f8a 07a4 3a33 6b1b 0x05e0: 3501 a30f 2758 cc44 4b4a Several such packets often follow after each other verifying the segmentation into 0x05a8 (1448) byte packages also on the reveiving end. As can be seen, the ethernet frames are 0x05ea (1514) in size. Performance with iperf3 before this patch: ~15.5 Mbit/s Performance with iperf3 after this patch: ~175 Mbit/s This was running a 60 second test (twice) the best measurement was 179 Mbit/s. For comparison if I run iperf3 with UDP I get around 1.05 Mbit/s both before and after this patch. While this is a gigabit ethernet interface, the CPU is a cheap D-Link DIR-685 router (based on the ARMv5 Faraday FA526 at ~50 MHz), and the software is not supposed to drive traffic, as the device has a DSA chip, so this kind of numbers can be expected. Fixes: ac631873c9e7 ("net: ethernet: cortina: Drop TSO support") Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c index 5f0c9e1771db..7ebd61a3a49b 100644 --- a/drivers/net/ethernet/cortina/gemini.c +++ b/drivers/net/ethernet/cortina/gemini.c @@ -79,7 +79,8 @@ MODULE_PARM_DESC(debug, "Debug level (0=none,...,16=all)"); #define GMAC0_IRQ4_8 (GMAC0_MIB_INT_BIT | GMAC0_RX_OVERRUN_INT_BIT) #define GMAC_OFFLOAD_FEATURES (NETIF_F_SG | NETIF_F_IP_CSUM | \ - NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM) + NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM | \ + NETIF_F_TSO | NETIF_F_TSO_ECN | NETIF_F_TSO6) /** * struct gmac_queue_page - page buffer per-page info @@ -1148,13 +1149,25 @@ static int gmac_map_tx_bufs(struct net_device *netdev, struct sk_buff *skb, skb_frag_t *skb_frag; dma_addr_t mapping; void *buffer; + u16 mss; int ret; - /* TODO: implement proper TSO using MTU in word3 */ word1 = skb->len; word3 = SOF_BIT; - if (skb->len >= ETH_FRAME_LEN) { + mss = skb_shinfo(skb)->gso_size; + if (mss) { + /* This means we are dealing with TCP and skb->len is the + * sum total of all the segments. The TSO will deal with + * chopping this up for us. + */ + /* The accelerator needs the full frame size here */ + mss += skb_tcp_all_headers(skb); + netdev_dbg(netdev, "segment offloading mss = %04x len=%04x\n", + mss, skb->len); + word1 |= TSS_MTU_ENABLE_BIT; + word3 |= mss; + } else if (skb->len >= ETH_FRAME_LEN) { /* Hardware offloaded checksumming isn't working on frames * bigger than 1514 bytes. A hypothesis about this is that the * checksum buffer is only 1518 bytes, so when the frames get @@ -1169,7 +1182,9 @@ static int gmac_map_tx_bufs(struct net_device *netdev, struct sk_buff *skb, return ret; } word1 |= TSS_BYPASS_BIT; - } else if (skb->ip_summed == CHECKSUM_PARTIAL) { + } + + if (skb->ip_summed == CHECKSUM_PARTIAL) { int tcp = 0; /* We do not switch off the checksumming on non TCP/UDP

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] net: ethernet: cortina: Restore TSO support" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2942dfab630444d46aaa37fb7d629b620abbf6ba # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101401-skinless-commodity-1b95@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 2942dfab6304 ("net: ethernet: cortina: Restore TSO support") ac631873c9e7 ("net: ethernet: cortina: Drop TSO support") d4d0c5b4d279 ("net: ethernet: cortina: Handle large frames") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2942dfab630444d46aaa37fb7d629b620abbf6ba Mon Sep 17 00:00:00 2001 From: Linus Walleij <linus.walleij(a)linaro.org> Date: Mon, 27 May 2024 21:26:44 +0200 Subject: [PATCH] net: ethernet: cortina: Restore TSO support An earlier commit deleted the TSO support in the Cortina Gemini driver because the driver was confusing gso_size and MTU, probably because what the Linux kernel calls "gso_size" was called "MTU" in the datasheet. Restore the functionality properly reading the gso_size from the skbuff. Tested with iperf3, running a server on a different machine and client on the device with the cortina gemini ethernet: Connecting to host 192.168.1.2, port 5201 60008000.ethernet-port eth0: segment offloading mss = 05ea len=1c8a 60008000.ethernet-port eth0: segment offloading mss = 05ea len=1c8a 60008000.ethernet-port eth0: segment offloading mss = 05ea len=27da 60008000.ethernet-port eth0: segment offloading mss = 05ea len=0b92 60008000.ethernet-port eth0: segment offloading mss = 05ea len=2bda (...) (The hardware MSS 0x05ea here includes the ethernet headers.) If I disable all segment offloading on the receiving host and dump packets using tcpdump -xx like this: ethtool -K enp2s0 gro off gso off tso off tcpdump -xx -i enp2s0 host 192.168.1.136 I get segmented packages such as this when running iperf3: 23:16:54.024139 IP OpenWrt.lan.59168 > Fecusia.targus-getdata1: Flags [.], seq 1486:2934, ack 1, win 4198, options [nop,nop,TS val 3886192908 ecr 3601341877], length 1448 0x0000: fc34 9701 a0c6 14d6 4da8 3c4f 0800 4500 0x0010: 05dc 16a0 4000 4006 9aa1 c0a8 0188 c0a8 0x0020: 0102 e720 1451 ff25 9822 4c52 29cf 8010 0x0030: 1066 ac8c 0000 0101 080a e7a2 990c d6a8 (...) 0x05c0: 5e49 e109 fe8c 4617 5e18 7a82 7eae d647 0x05d0: e8ee ae64 dc88 c897 3f8a 07a4 3a33 6b1b 0x05e0: 3501 a30f 2758 cc44 4b4a Several such packets often follow after each other verifying the segmentation into 0x05a8 (1448) byte packages also on the reveiving end. As can be seen, the ethernet frames are 0x05ea (1514) in size. Performance with iperf3 before this patch: ~15.5 Mbit/s Performance with iperf3 after this patch: ~175 Mbit/s This was running a 60 second test (twice) the best measurement was 179 Mbit/s. For comparison if I run iperf3 with UDP I get around 1.05 Mbit/s both before and after this patch. While this is a gigabit ethernet interface, the CPU is a cheap D-Link DIR-685 router (based on the ARMv5 Faraday FA526 at ~50 MHz), and the software is not supposed to drive traffic, as the device has a DSA chip, so this kind of numbers can be expected. Fixes: ac631873c9e7 ("net: ethernet: cortina: Drop TSO support") Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c index 5f0c9e1771db..7ebd61a3a49b 100644 --- a/drivers/net/ethernet/cortina/gemini.c +++ b/drivers/net/ethernet/cortina/gemini.c @@ -79,7 +79,8 @@ MODULE_PARM_DESC(debug, "Debug level (0=none,...,16=all)"); #define GMAC0_IRQ4_8 (GMAC0_MIB_INT_BIT | GMAC0_RX_OVERRUN_INT_BIT) #define GMAC_OFFLOAD_FEATURES (NETIF_F_SG | NETIF_F_IP_CSUM | \ - NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM) + NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM | \ + NETIF_F_TSO | NETIF_F_TSO_ECN | NETIF_F_TSO6) /** * struct gmac_queue_page - page buffer per-page info @@ -1148,13 +1149,25 @@ static int gmac_map_tx_bufs(struct net_device *netdev, struct sk_buff *skb, skb_frag_t *skb_frag; dma_addr_t mapping; void *buffer; + u16 mss; int ret; - /* TODO: implement proper TSO using MTU in word3 */ word1 = skb->len; word3 = SOF_BIT; - if (skb->len >= ETH_FRAME_LEN) { + mss = skb_shinfo(skb)->gso_size; + if (mss) { + /* This means we are dealing with TCP and skb->len is the + * sum total of all the segments. The TSO will deal with + * chopping this up for us. + */ + /* The accelerator needs the full frame size here */ + mss += skb_tcp_all_headers(skb); + netdev_dbg(netdev, "segment offloading mss = %04x len=%04x\n", + mss, skb->len); + word1 |= TSS_MTU_ENABLE_BIT; + word3 |= mss; + } else if (skb->len >= ETH_FRAME_LEN) { /* Hardware offloaded checksumming isn't working on frames * bigger than 1514 bytes. A hypothesis about this is that the * checksum buffer is only 1518 bytes, so when the frames get @@ -1169,7 +1182,9 @@ static int gmac_map_tx_bufs(struct net_device *netdev, struct sk_buff *skb, return ret; } word1 |= TSS_BYPASS_BIT; - } else if (skb->ip_summed == CHECKSUM_PARTIAL) { + } + + if (skb->ip_summed == CHECKSUM_PARTIAL) { int tcp = 0; /* We do not switch off the checksumming on non TCP/UDP

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mptcp: fallback when MPTCP opts are dropped after 1st data" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 119d51e225febc8152476340a880f5415a01e99e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101443-lunchroom-refinish-4251@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 119d51e225fe ("mptcp: fallback when MPTCP opts are dropped after 1st data") ae66fb2ba6c3 ("mptcp: Do TCP fallback on early DSS checksum failure") 4cf86ae84c71 ("mptcp: strict local address ID selection") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 119d51e225febc8152476340a880f5415a01e99e Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Tue, 8 Oct 2024 13:04:54 +0200 Subject: [PATCH] mptcp: fallback when MPTCP opts are dropped after 1st data As reported by Christoph [1], before this patch, an MPTCP connection was wrongly reset when a host received a first data packet with MPTCP options after the 3wHS, but got the next ones without. According to the MPTCP v1 specs [2], a fallback should happen in this case, because the host didn't receive a DATA_ACK from the other peer, nor receive data for more than the initial window which implies a DATA_ACK being received by the other peer. The patch here re-uses the same logic as the one used in other places: by looking at allow_infinite_fallback, which is disabled at the creation of an additional subflow. It's not looking at the first DATA_ACK (or implying one received from the other side) as suggested by the RFC, but it is in continuation with what was already done, which is safer, and it fixes the reported issue. The next step, looking at this first DATA_ACK, is tracked in [4]. This patch has been validated using the following Packetdrill script: 0 socket(..., SOCK_STREAM, IPPROTO_MPTCP) = 3 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 1) = 0 // 3WHS is OK +0.0 < S 0:0(0) win 65535 <mss 1460, sackOK, nop, nop, nop, wscale 6, mpcapable v1 flags[flag_h] nokey> +0.0 > S. 0:0(0) ack 1 <mss 1460, nop, nop, sackOK, nop, wscale 8, mpcapable v1 flags[flag_h] key[skey]> +0.1 < . 1:1(0) ack 1 win 2048 <mpcapable v1 flags[flag_h] key[ckey=2, skey]> +0 accept(3, ..., ...) = 4 // Data from the client with valid MPTCP options (no DATA_ACK: normal) +0.1 < P. 1:501(500) ack 1 win 2048 <mpcapable v1 flags[flag_h] key[skey, ckey] mpcdatalen 500, nop, nop> // From here, the MPTCP options will be dropped by a middlebox +0.0 > . 1:1(0) ack 501 <dss dack8=501 dll=0 nocs> +0.1 read(4, ..., 500) = 500 +0 write(4, ..., 100) = 100 // The server replies with data, still thinking MPTCP is being used +0.0 > P. 1:101(100) ack 501 <dss dack8=501 dsn8=1 ssn=1 dll=100 nocs, nop, nop> // But the client already did a fallback to TCP, because the two previous packets have been received without MPTCP options +0.1 < . 501:501(0) ack 101 win 2048 +0.0 < P. 501:601(100) ack 101 win 2048 // The server should fallback to TCP, not reset: it didn't get a DATA_ACK, nor data for more than the initial window +0.0 > . 101:101(0) ack 601 Note that this script requires Packetdrill with MPTCP support, see [3]. Fixes: dea2b1ea9c70 ("mptcp: do not reset MP_CAPABLE subflow on mapping errors") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/518 [1] Link: https://datatracker.ietf.org/doc/html/rfc8684#name-fallback [2] Link: https://github.com/multipath-tcp/packetdrill [3] Link: https://github.com/multipath-tcp/mptcp_net-next/issues/519 [4] Reviewed-by: Paolo Abeni <pabeni(a)redhat.com> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20241008-net-mptcp-fallback-fixes-v1-3-c6fb8e93e55… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index e1046a696ab5..25dde81bcb75 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1282,7 +1282,7 @@ static bool subflow_can_fallback(struct mptcp_subflow_context *subflow) else if (READ_ONCE(msk->csum_enabled)) return !subflow->valid_csum_seen; else - return !subflow->fully_established; + return READ_ONCE(msk->allow_infinite_fallback); } static void mptcp_subflow_fail(struct mptcp_sock *msk, struct sock *ssk)

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 18fd04ad856df07733f5bb07e7f7168e7443d393 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101446-approve-rants-581d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 18fd04ad856d ("Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 18fd04ad856df07733f5bb07e7f7168e7443d393 Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Date: Wed, 2 Oct 2024 11:17:26 -0400 Subject: [PATCH] Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync This checks if the ACL connection remains valid as it could be destroyed while hci_enhanced_setup_sync is pending on cmd_sync leading to the following trace: BUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60 Read of size 1 at addr ffff888002328ffd by task kworker/u5:2/37 CPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 Workqueue: hci0 hci_cmd_sync_work Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 ? hci_enhanced_setup_sync+0x91b/0xa60 print_report+0x152/0x4c0 ? hci_enhanced_setup_sync+0x91b/0xa60 ? __virt_addr_valid+0x1fa/0x420 ? hci_enhanced_setup_sync+0x91b/0xa60 kasan_report+0xda/0x1b0 ? hci_enhanced_setup_sync+0x91b/0xa60 hci_enhanced_setup_sync+0x91b/0xa60 ? __pfx_hci_enhanced_setup_sync+0x10/0x10 ? __pfx___mutex_lock+0x10/0x10 hci_cmd_sync_work+0x1c2/0x330 process_one_work+0x7d9/0x1360 ? __pfx_lock_acquire+0x10/0x10 ? __pfx_process_one_work+0x10/0x10 ? assign_work+0x167/0x240 worker_thread+0x5b7/0xf60 ? __kthread_parkme+0xac/0x1c0 ? __pfx_worker_thread+0x10/0x10 ? __pfx_worker_thread+0x10/0x10 kthread+0x293/0x360 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 34: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __hci_conn_add+0x187/0x17d0 hci_connect_sco+0x2e1/0xb90 sco_sock_connect+0x2a2/0xb80 __sys_connect+0x227/0x2a0 __x64_sys_connect+0x6d/0xb0 do_syscall_64+0x71/0x140 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 37: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x101/0x160 kfree+0xd0/0x250 device_release+0x9a/0x210 kobject_put+0x151/0x280 hci_conn_del+0x448/0xbf0 hci_abort_conn_sync+0x46f/0x980 hci_cmd_sync_work+0x1c2/0x330 process_one_work+0x7d9/0x1360 worker_thread+0x5b7/0xf60 kthread+0x293/0x360 ret_from_fork+0x2f/0x70 ret_from_fork_asm+0x1a/0x30 Cc: stable(a)vger.kernel.org Fixes: e07a06b4eb41 ("Bluetooth: Convert SCO configure_datapath to hci_sync") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index d083117ee36c..c4c74b82ed21 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -289,6 +289,9 @@ static int hci_enhanced_setup_sync(struct hci_dev *hdev, void *data) kfree(conn_handle); + if (!hci_conn_valid(hdev, conn)) + return -ECANCELED; + bt_dev_dbg(hdev, "hcon %p", conn); configure_datapath_sync(hdev, &conn->codec);

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/vc4: Stop the active perfmon before being destroyed" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0b2ad4f6f2bec74a5287d96cb2325a5e11706f22 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101425-pug-throwback-22c7@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0b2ad4f6f2be ("drm/vc4: Stop the active perfmon before being destroyed") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0b2ad4f6f2bec74a5287d96cb2325a5e11706f22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ADra=20Canal?= <mcanal(a)igalia.com> Date: Fri, 4 Oct 2024 09:36:00 -0300 Subject: [PATCH] drm/vc4: Stop the active perfmon before being destroyed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upon closing the file descriptor, the active performance monitor is not stopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`, the active performance monitor's pointer (`vc4->active_perfmon`) is still retained. If we open a new file descriptor and submit a few jobs with performance monitors, the driver will attempt to stop the active performance monitor using the stale pointer in `vc4->active_perfmon`. However, this pointer is no longer valid because the previous process has already terminated, and all performance monitors associated with it have been destroyed and freed. To fix this, when the active performance monitor belongs to a given process, explicitly stop it before destroying and freeing it. Cc: stable(a)vger.kernel.org # v4.17+ Cc: Boris Brezillon <bbrezillon(a)kernel.org> Cc: Juan A. Suarez Romero <jasuarez(a)igalia.com> Fixes: 65101d8c9108 ("drm/vc4: Expose performance counters to userspace") Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Reviewed-by: Juan A. Suarez <jasuarez(a)igalia.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241004123817.890016-2-mcana… diff --git a/drivers/gpu/drm/vc4/vc4_perfmon.c b/drivers/gpu/drm/vc4/vc4_perfmon.c index c4ac2c946238..c00a5cc2316d 100644 --- a/drivers/gpu/drm/vc4/vc4_perfmon.c +++ b/drivers/gpu/drm/vc4/vc4_perfmon.c @@ -116,6 +116,11 @@ void vc4_perfmon_open_file(struct vc4_file *vc4file) static int vc4_perfmon_idr_del(int id, void *elem, void *data) { struct vc4_perfmon *perfmon = elem; + struct vc4_dev *vc4 = (struct vc4_dev *)data; + + /* If the active perfmon is being destroyed, stop it first */ + if (perfmon == vc4->active_perfmon) + vc4_perfmon_stop(vc4, perfmon, false); vc4_perfmon_put(perfmon); @@ -130,7 +135,7 @@ void vc4_perfmon_close_file(struct vc4_file *vc4file) return; mutex_lock(&vc4file->perfmon.lock); - idr_for_each(&vc4file->perfmon.idr, vc4_perfmon_idr_del, NULL); + idr_for_each(&vc4file->perfmon.idr, vc4_perfmon_idr_del, vc4); idr_destroy(&vc4file->perfmon.idr); mutex_unlock(&vc4file->perfmon.lock); mutex_destroy(&vc4file->perfmon.lock);

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/vc4: Stop the active perfmon before being destroyed" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0b2ad4f6f2bec74a5287d96cb2325a5e11706f22 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101424-skinning-tightness-ecf1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0b2ad4f6f2be ("drm/vc4: Stop the active perfmon before being destroyed") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0b2ad4f6f2bec74a5287d96cb2325a5e11706f22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ADra=20Canal?= <mcanal(a)igalia.com> Date: Fri, 4 Oct 2024 09:36:00 -0300 Subject: [PATCH] drm/vc4: Stop the active perfmon before being destroyed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upon closing the file descriptor, the active performance monitor is not stopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`, the active performance monitor's pointer (`vc4->active_perfmon`) is still retained. If we open a new file descriptor and submit a few jobs with performance monitors, the driver will attempt to stop the active performance monitor using the stale pointer in `vc4->active_perfmon`. However, this pointer is no longer valid because the previous process has already terminated, and all performance monitors associated with it have been destroyed and freed. To fix this, when the active performance monitor belongs to a given process, explicitly stop it before destroying and freeing it. Cc: stable(a)vger.kernel.org # v4.17+ Cc: Boris Brezillon <bbrezillon(a)kernel.org> Cc: Juan A. Suarez Romero <jasuarez(a)igalia.com> Fixes: 65101d8c9108 ("drm/vc4: Expose performance counters to userspace") Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Reviewed-by: Juan A. Suarez <jasuarez(a)igalia.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241004123817.890016-2-mcana… diff --git a/drivers/gpu/drm/vc4/vc4_perfmon.c b/drivers/gpu/drm/vc4/vc4_perfmon.c index c4ac2c946238..c00a5cc2316d 100644 --- a/drivers/gpu/drm/vc4/vc4_perfmon.c +++ b/drivers/gpu/drm/vc4/vc4_perfmon.c @@ -116,6 +116,11 @@ void vc4_perfmon_open_file(struct vc4_file *vc4file) static int vc4_perfmon_idr_del(int id, void *elem, void *data) { struct vc4_perfmon *perfmon = elem; + struct vc4_dev *vc4 = (struct vc4_dev *)data; + + /* If the active perfmon is being destroyed, stop it first */ + if (perfmon == vc4->active_perfmon) + vc4_perfmon_stop(vc4, perfmon, false); vc4_perfmon_put(perfmon); @@ -130,7 +135,7 @@ void vc4_perfmon_close_file(struct vc4_file *vc4file) return; mutex_lock(&vc4file->perfmon.lock); - idr_for_each(&vc4file->perfmon.idr, vc4_perfmon_idr_del, NULL); + idr_for_each(&vc4file->perfmon.idr, vc4_perfmon_idr_del, vc4); idr_destroy(&vc4file->perfmon.idr); mutex_unlock(&vc4file->perfmon.lock); mutex_destroy(&vc4file->perfmon.lock);

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/vc4: Stop the active perfmon before being destroyed" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0b2ad4f6f2bec74a5287d96cb2325a5e11706f22 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101412-stipulate-plentiful-20b6@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 0b2ad4f6f2be ("drm/vc4: Stop the active perfmon before being destroyed") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0b2ad4f6f2bec74a5287d96cb2325a5e11706f22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ADra=20Canal?= <mcanal(a)igalia.com> Date: Fri, 4 Oct 2024 09:36:00 -0300 Subject: [PATCH] drm/vc4: Stop the active perfmon before being destroyed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upon closing the file descriptor, the active performance monitor is not stopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`, the active performance monitor's pointer (`vc4->active_perfmon`) is still retained. If we open a new file descriptor and submit a few jobs with performance monitors, the driver will attempt to stop the active performance monitor using the stale pointer in `vc4->active_perfmon`. However, this pointer is no longer valid because the previous process has already terminated, and all performance monitors associated with it have been destroyed and freed. To fix this, when the active performance monitor belongs to a given process, explicitly stop it before destroying and freeing it. Cc: stable(a)vger.kernel.org # v4.17+ Cc: Boris Brezillon <bbrezillon(a)kernel.org> Cc: Juan A. Suarez Romero <jasuarez(a)igalia.com> Fixes: 65101d8c9108 ("drm/vc4: Expose performance counters to userspace") Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Reviewed-by: Juan A. Suarez <jasuarez(a)igalia.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241004123817.890016-2-mcana… diff --git a/drivers/gpu/drm/vc4/vc4_perfmon.c b/drivers/gpu/drm/vc4/vc4_perfmon.c index c4ac2c946238..c00a5cc2316d 100644 --- a/drivers/gpu/drm/vc4/vc4_perfmon.c +++ b/drivers/gpu/drm/vc4/vc4_perfmon.c @@ -116,6 +116,11 @@ void vc4_perfmon_open_file(struct vc4_file *vc4file) static int vc4_perfmon_idr_del(int id, void *elem, void *data) { struct vc4_perfmon *perfmon = elem; + struct vc4_dev *vc4 = (struct vc4_dev *)data; + + /* If the active perfmon is being destroyed, stop it first */ + if (perfmon == vc4->active_perfmon) + vc4_perfmon_stop(vc4, perfmon, false); vc4_perfmon_put(perfmon); @@ -130,7 +135,7 @@ void vc4_perfmon_close_file(struct vc4_file *vc4file) return; mutex_lock(&vc4file->perfmon.lock); - idr_for_each(&vc4file->perfmon.idr, vc4_perfmon_idr_del, NULL); + idr_for_each(&vc4file->perfmon.idr, vc4_perfmon_idr_del, vc4); idr_destroy(&vc4file->perfmon.idr); mutex_unlock(&vc4file->perfmon.lock); mutex_destroy(&vc4file->perfmon.lock);

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] net: dsa: lan9303: ensure chip reset and wait for READY" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 5c14e51d2d7df49fe0d4e64a12c58d2542f452ff # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101451-twisting-shorts-fd38@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 5c14e51d2d7d ("net: dsa: lan9303: ensure chip reset and wait for READY status") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5c14e51d2d7df49fe0d4e64a12c58d2542f452ff Mon Sep 17 00:00:00 2001 From: Anatolij Gustschin <agust(a)denx.de> Date: Fri, 4 Oct 2024 13:36:54 +0200 Subject: [PATCH] net: dsa: lan9303: ensure chip reset and wait for READY status Accessing device registers seems to be not reliable, the chip revision is sometimes detected wrongly (0 instead of expected 1). Ensure that the chip reset is performed via reset GPIO and then wait for 'Device Ready' status in HW_CFG register before doing any register initializations. Cc: stable(a)vger.kernel.org Fixes: a1292595e006 ("net: dsa: add new DSA switch driver for the SMSC-LAN9303") Signed-off-by: Anatolij Gustschin <agust(a)denx.de> [alex: reworked using read_poll_timeout()] Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> Reviewed-by: Vladimir Oltean <olteanv(a)gmail.com> Link: https://patch.msgid.link/20241004113655.3436296-1-alexander.sverdlin@siemen… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/dsa/lan9303-core.c b/drivers/net/dsa/lan9303-core.c index 268949939636..d246f95d57ec 100644 --- a/drivers/net/dsa/lan9303-core.c +++ b/drivers/net/dsa/lan9303-core.c @@ -6,6 +6,7 @@ #include <linux/module.h> #include <linux/gpio/consumer.h> #include <linux/regmap.h> +#include <linux/iopoll.h> #include <linux/mutex.h> #include <linux/mii.h> #include <linux/of.h> @@ -839,6 +840,8 @@ static void lan9303_handle_reset(struct lan9303 *chip) if (!chip->reset_gpio) return; + gpiod_set_value_cansleep(chip->reset_gpio, 1); + if (chip->reset_duration != 0) msleep(chip->reset_duration); @@ -864,8 +867,34 @@ static int lan9303_disable_processing(struct lan9303 *chip) static int lan9303_check_device(struct lan9303 *chip) { int ret; + int err; u32 reg; + /* In I2C-managed configurations this polling loop will clash with + * switch's reading of EEPROM right after reset and this behaviour is + * not configurable. While lan9303_read() already has quite long retry + * timeout, seems not all cases are being detected as arbitration error. + * + * According to datasheet, EEPROM loader has 30ms timeout (in case of + * missing EEPROM). + * + * Loading of the largest supported EEPROM is expected to take at least + * 5.9s. + */ + err = read_poll_timeout(lan9303_read, ret, + !ret && reg & LAN9303_HW_CFG_READY, + 20000, 6000000, false, + chip->regmap, LAN9303_HW_CFG, &reg); + if (ret) { + dev_err(chip->dev, "failed to read HW_CFG reg: %pe\n", + ERR_PTR(ret)); + return ret; + } + if (err) { + dev_err(chip->dev, "HW_CFG not ready: 0x%08x\n", reg); + return err; + } + ret = lan9303_read(chip->regmap, LAN9303_CHIP_REV, &reg); if (ret) { dev_err(chip->dev, "failed to read chip revision register: %d\n",

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/vc4: Stop the active perfmon before being destroyed" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 0b2ad4f6f2bec74a5287d96cb2325a5e11706f22 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101431-able-caress-7fe5@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 0b2ad4f6f2be ("drm/vc4: Stop the active perfmon before being destroyed") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0b2ad4f6f2bec74a5287d96cb2325a5e11706f22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ADra=20Canal?= <mcanal(a)igalia.com> Date: Fri, 4 Oct 2024 09:36:00 -0300 Subject: [PATCH] drm/vc4: Stop the active perfmon before being destroyed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upon closing the file descriptor, the active performance monitor is not stopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`, the active performance monitor's pointer (`vc4->active_perfmon`) is still retained. If we open a new file descriptor and submit a few jobs with performance monitors, the driver will attempt to stop the active performance monitor using the stale pointer in `vc4->active_perfmon`. However, this pointer is no longer valid because the previous process has already terminated, and all performance monitors associated with it have been destroyed and freed. To fix this, when the active performance monitor belongs to a given process, explicitly stop it before destroying and freeing it. Cc: stable(a)vger.kernel.org # v4.17+ Cc: Boris Brezillon <bbrezillon(a)kernel.org> Cc: Juan A. Suarez Romero <jasuarez(a)igalia.com> Fixes: 65101d8c9108 ("drm/vc4: Expose performance counters to userspace") Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Reviewed-by: Juan A. Suarez <jasuarez(a)igalia.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241004123817.890016-2-mcana… diff --git a/drivers/gpu/drm/vc4/vc4_perfmon.c b/drivers/gpu/drm/vc4/vc4_perfmon.c index c4ac2c946238..c00a5cc2316d 100644 --- a/drivers/gpu/drm/vc4/vc4_perfmon.c +++ b/drivers/gpu/drm/vc4/vc4_perfmon.c @@ -116,6 +116,11 @@ void vc4_perfmon_open_file(struct vc4_file *vc4file) static int vc4_perfmon_idr_del(int id, void *elem, void *data) { struct vc4_perfmon *perfmon = elem; + struct vc4_dev *vc4 = (struct vc4_dev *)data; + + /* If the active perfmon is being destroyed, stop it first */ + if (perfmon == vc4->active_perfmon) + vc4_perfmon_stop(vc4, perfmon, false); vc4_perfmon_put(perfmon); @@ -130,7 +135,7 @@ void vc4_perfmon_close_file(struct vc4_file *vc4file) return; mutex_lock(&vc4file->perfmon.lock); - idr_for_each(&vc4file->perfmon.idr, vc4_perfmon_idr_del, NULL); + idr_for_each(&vc4file->perfmon.idr, vc4_perfmon_idr_del, vc4); idr_destroy(&vc4file->perfmon.idr); mutex_unlock(&vc4file->perfmon.lock); mutex_destroy(&vc4file->perfmon.lock);

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] net: dsa: lan9303: ensure chip reset and wait for READY" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 5c14e51d2d7df49fe0d4e64a12c58d2542f452ff # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101400-rectal-cattle-3833@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 5c14e51d2d7d ("net: dsa: lan9303: ensure chip reset and wait for READY status") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5c14e51d2d7df49fe0d4e64a12c58d2542f452ff Mon Sep 17 00:00:00 2001 From: Anatolij Gustschin <agust(a)denx.de> Date: Fri, 4 Oct 2024 13:36:54 +0200 Subject: [PATCH] net: dsa: lan9303: ensure chip reset and wait for READY status Accessing device registers seems to be not reliable, the chip revision is sometimes detected wrongly (0 instead of expected 1). Ensure that the chip reset is performed via reset GPIO and then wait for 'Device Ready' status in HW_CFG register before doing any register initializations. Cc: stable(a)vger.kernel.org Fixes: a1292595e006 ("net: dsa: add new DSA switch driver for the SMSC-LAN9303") Signed-off-by: Anatolij Gustschin <agust(a)denx.de> [alex: reworked using read_poll_timeout()] Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> Reviewed-by: Vladimir Oltean <olteanv(a)gmail.com> Link: https://patch.msgid.link/20241004113655.3436296-1-alexander.sverdlin@siemen… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/dsa/lan9303-core.c b/drivers/net/dsa/lan9303-core.c index 268949939636..d246f95d57ec 100644 --- a/drivers/net/dsa/lan9303-core.c +++ b/drivers/net/dsa/lan9303-core.c @@ -6,6 +6,7 @@ #include <linux/module.h> #include <linux/gpio/consumer.h> #include <linux/regmap.h> +#include <linux/iopoll.h> #include <linux/mutex.h> #include <linux/mii.h> #include <linux/of.h> @@ -839,6 +840,8 @@ static void lan9303_handle_reset(struct lan9303 *chip) if (!chip->reset_gpio) return; + gpiod_set_value_cansleep(chip->reset_gpio, 1); + if (chip->reset_duration != 0) msleep(chip->reset_duration); @@ -864,8 +867,34 @@ static int lan9303_disable_processing(struct lan9303 *chip) static int lan9303_check_device(struct lan9303 *chip) { int ret; + int err; u32 reg; + /* In I2C-managed configurations this polling loop will clash with + * switch's reading of EEPROM right after reset and this behaviour is + * not configurable. While lan9303_read() already has quite long retry + * timeout, seems not all cases are being detected as arbitration error. + * + * According to datasheet, EEPROM loader has 30ms timeout (in case of + * missing EEPROM). + * + * Loading of the largest supported EEPROM is expected to take at least + * 5.9s. + */ + err = read_poll_timeout(lan9303_read, ret, + !ret && reg & LAN9303_HW_CFG_READY, + 20000, 6000000, false, + chip->regmap, LAN9303_HW_CFG, &reg); + if (ret) { + dev_err(chip->dev, "failed to read HW_CFG reg: %pe\n", + ERR_PTR(ret)); + return ret; + } + if (err) { + dev_err(chip->dev, "HW_CFG not ready: 0x%08x\n", reg); + return err; + } + ret = lan9303_read(chip->regmap, LAN9303_CHIP_REV, &reg); if (ret) { dev_err(chip->dev, "failed to read chip revision register: %d\n",

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: add cancellation points to trim loops" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 69313850dce33ce8c24b38576a279421f4c60996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101412-backfire-pacific-1f0b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 69313850dce3 ("btrfs: add cancellation points to trim loops") a99fcb015897 ("btrfs: split remaining space to discard in chunks") 602035d7fecf ("btrfs: add forward declarations and headers, part 2") 22b46bdc5f11 ("btrfs: add forward declarations and headers, part 1") 2b712e3bb2c4 ("btrfs: remove unused included headers") f86f7a75e2fb ("btrfs: use the flags of an extent map to identify the compression type") 1a9fb16c6052 ("btrfs: avoid useless rbtree iterations when attempting to merge extent map") ad21f15b0f79 ("btrfs: switch to the new mount API") f044b318675f ("btrfs: handle the ro->rw transition for mounting different subvolumes") 3bb17a25bcb0 ("btrfs: add get_tree callback for new mount API") eddb1a433f26 ("btrfs: add reconfigure callback for fs_context") 0f85e244dfc5 ("btrfs: add fs context handling functions") 17b3612022fe ("btrfs: add parse_param callback for the new mount API") 15ddcdd34ebf ("btrfs: add fs_parameter definitions") a6a8f22a4af6 ("btrfs: move space cache settings into open_ctree") 2b41b19dd6d0 ("btrfs: split out the mount option validation code into its own helper") 3c0e918b8fb3 ("btrfs: remove no longer used EXTENT_MAP_DELALLOC block start value") 7dc66abb5a47 ("btrfs: use a dedicated data structure for chunk maps") 2ecec0d6a5b5 ("btrfs: unexport extent_map_block_end()") 3128b548c759 ("btrfs: split assert into two different asserts when removing block group") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 69313850dce33ce8c24b38576a279421f4c60996 Mon Sep 17 00:00:00 2001 From: Luca Stefani <luca.stefani.ge1(a)gmail.com> Date: Tue, 17 Sep 2024 22:33:05 +0200 Subject: [PATCH] btrfs: add cancellation points to trim loops There are reports that system cannot suspend due to running trim because the task responsible for trimming the device isn't able to finish in time, especially since we have a free extent discarding phase, which can trim a lot of unallocated space. There are no limits on the trim size (unlike the block group part). Since trime isn't a critical call it can be interrupted at any time, in such cases we stop the trim, report the amount of discarded bytes and return an error. Link: https://bugzilla.kernel.org/show_bug.cgi?id=219180 Link: https://bugzilla.suse.com/show_bug.cgi?id=1229737 CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Luca Stefani <luca.stefani.ge1(a)gmail.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index ad70548d1f72..d9f511babd89 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -1316,6 +1316,11 @@ static int btrfs_issue_discard(struct block_device *bdev, u64 start, u64 len, start += bytes_to_discard; bytes_left -= bytes_to_discard; *discarded_bytes += bytes_to_discard; + + if (btrfs_trim_interrupted()) { + ret = -ERESTARTSYS; + break; + } } return ret; @@ -6470,7 +6475,7 @@ static int btrfs_trim_free_extents(struct btrfs_device *device, u64 *trimmed) start += len; *trimmed += bytes; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index eaa1dbd31352..f4bcb2530660 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3809,7 +3809,7 @@ static int trim_no_bitmap(struct btrfs_block_group *block_group, if (async && *total_trimmed) break; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } @@ -4000,7 +4000,7 @@ static int trim_bitmaps(struct btrfs_block_group *block_group, } block_group->discard_cursor = start; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { if (start != offset) reset_trimming_bitmap(ctl, offset); ret = -ERESTARTSYS; diff --git a/fs/btrfs/free-space-cache.h b/fs/btrfs/free-space-cache.h index 83774bfd7b3b..9f1dbfdee8ca 100644 --- a/fs/btrfs/free-space-cache.h +++ b/fs/btrfs/free-space-cache.h @@ -10,6 +10,7 @@ #include <linux/list.h> #include <linux/spinlock.h> #include <linux/mutex.h> +#include <linux/freezer.h> #include "fs.h" struct inode; @@ -56,6 +57,11 @@ static inline bool btrfs_free_space_trimming_bitmap( return (info->trim_state == BTRFS_TRIM_STATE_TRIMMING); } +static inline bool btrfs_trim_interrupted(void) +{ + return fatal_signal_pending(current) || freezing(current); +} + /* * Deltas are an effective way to populate global statistics. Give macro names * to make it clear what we're doing. An example is discard_extents in

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: add cancellation points to trim loops" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 69313850dce33ce8c24b38576a279421f4c60996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101413-famine-default-fecd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 69313850dce3 ("btrfs: add cancellation points to trim loops") a99fcb015897 ("btrfs: split remaining space to discard in chunks") 602035d7fecf ("btrfs: add forward declarations and headers, part 2") 22b46bdc5f11 ("btrfs: add forward declarations and headers, part 1") 2b712e3bb2c4 ("btrfs: remove unused included headers") f86f7a75e2fb ("btrfs: use the flags of an extent map to identify the compression type") 1a9fb16c6052 ("btrfs: avoid useless rbtree iterations when attempting to merge extent map") ad21f15b0f79 ("btrfs: switch to the new mount API") f044b318675f ("btrfs: handle the ro->rw transition for mounting different subvolumes") 3bb17a25bcb0 ("btrfs: add get_tree callback for new mount API") eddb1a433f26 ("btrfs: add reconfigure callback for fs_context") 0f85e244dfc5 ("btrfs: add fs context handling functions") 17b3612022fe ("btrfs: add parse_param callback for the new mount API") 15ddcdd34ebf ("btrfs: add fs_parameter definitions") a6a8f22a4af6 ("btrfs: move space cache settings into open_ctree") 2b41b19dd6d0 ("btrfs: split out the mount option validation code into its own helper") 3c0e918b8fb3 ("btrfs: remove no longer used EXTENT_MAP_DELALLOC block start value") 7dc66abb5a47 ("btrfs: use a dedicated data structure for chunk maps") 2ecec0d6a5b5 ("btrfs: unexport extent_map_block_end()") 3128b548c759 ("btrfs: split assert into two different asserts when removing block group") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 69313850dce33ce8c24b38576a279421f4c60996 Mon Sep 17 00:00:00 2001 From: Luca Stefani <luca.stefani.ge1(a)gmail.com> Date: Tue, 17 Sep 2024 22:33:05 +0200 Subject: [PATCH] btrfs: add cancellation points to trim loops There are reports that system cannot suspend due to running trim because the task responsible for trimming the device isn't able to finish in time, especially since we have a free extent discarding phase, which can trim a lot of unallocated space. There are no limits on the trim size (unlike the block group part). Since trime isn't a critical call it can be interrupted at any time, in such cases we stop the trim, report the amount of discarded bytes and return an error. Link: https://bugzilla.kernel.org/show_bug.cgi?id=219180 Link: https://bugzilla.suse.com/show_bug.cgi?id=1229737 CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Luca Stefani <luca.stefani.ge1(a)gmail.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index ad70548d1f72..d9f511babd89 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -1316,6 +1316,11 @@ static int btrfs_issue_discard(struct block_device *bdev, u64 start, u64 len, start += bytes_to_discard; bytes_left -= bytes_to_discard; *discarded_bytes += bytes_to_discard; + + if (btrfs_trim_interrupted()) { + ret = -ERESTARTSYS; + break; + } } return ret; @@ -6470,7 +6475,7 @@ static int btrfs_trim_free_extents(struct btrfs_device *device, u64 *trimmed) start += len; *trimmed += bytes; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index eaa1dbd31352..f4bcb2530660 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3809,7 +3809,7 @@ static int trim_no_bitmap(struct btrfs_block_group *block_group, if (async && *total_trimmed) break; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } @@ -4000,7 +4000,7 @@ static int trim_bitmaps(struct btrfs_block_group *block_group, } block_group->discard_cursor = start; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { if (start != offset) reset_trimming_bitmap(ctl, offset); ret = -ERESTARTSYS; diff --git a/fs/btrfs/free-space-cache.h b/fs/btrfs/free-space-cache.h index 83774bfd7b3b..9f1dbfdee8ca 100644 --- a/fs/btrfs/free-space-cache.h +++ b/fs/btrfs/free-space-cache.h @@ -10,6 +10,7 @@ #include <linux/list.h> #include <linux/spinlock.h> #include <linux/mutex.h> +#include <linux/freezer.h> #include "fs.h" struct inode; @@ -56,6 +57,11 @@ static inline bool btrfs_free_space_trimming_bitmap( return (info->trim_state == BTRFS_TRIM_STATE_TRIMMING); } +static inline bool btrfs_trim_interrupted(void) +{ + return fatal_signal_pending(current) || freezing(current); +} + /* * Deltas are an effective way to populate global statistics. Give macro names * to make it clear what we're doing. An example is discard_extents in

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: add cancellation points to trim loops" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 69313850dce33ce8c24b38576a279421f4c60996 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101412-diaphragm-sly-ea40@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 69313850dce3 ("btrfs: add cancellation points to trim loops") a99fcb015897 ("btrfs: split remaining space to discard in chunks") 602035d7fecf ("btrfs: add forward declarations and headers, part 2") 22b46bdc5f11 ("btrfs: add forward declarations and headers, part 1") 2b712e3bb2c4 ("btrfs: remove unused included headers") f86f7a75e2fb ("btrfs: use the flags of an extent map to identify the compression type") 1a9fb16c6052 ("btrfs: avoid useless rbtree iterations when attempting to merge extent map") ad21f15b0f79 ("btrfs: switch to the new mount API") f044b318675f ("btrfs: handle the ro->rw transition for mounting different subvolumes") 3bb17a25bcb0 ("btrfs: add get_tree callback for new mount API") eddb1a433f26 ("btrfs: add reconfigure callback for fs_context") 0f85e244dfc5 ("btrfs: add fs context handling functions") 17b3612022fe ("btrfs: add parse_param callback for the new mount API") 15ddcdd34ebf ("btrfs: add fs_parameter definitions") a6a8f22a4af6 ("btrfs: move space cache settings into open_ctree") 2b41b19dd6d0 ("btrfs: split out the mount option validation code into its own helper") 3c0e918b8fb3 ("btrfs: remove no longer used EXTENT_MAP_DELALLOC block start value") 7dc66abb5a47 ("btrfs: use a dedicated data structure for chunk maps") 2ecec0d6a5b5 ("btrfs: unexport extent_map_block_end()") 3128b548c759 ("btrfs: split assert into two different asserts when removing block group") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 69313850dce33ce8c24b38576a279421f4c60996 Mon Sep 17 00:00:00 2001 From: Luca Stefani <luca.stefani.ge1(a)gmail.com> Date: Tue, 17 Sep 2024 22:33:05 +0200 Subject: [PATCH] btrfs: add cancellation points to trim loops There are reports that system cannot suspend due to running trim because the task responsible for trimming the device isn't able to finish in time, especially since we have a free extent discarding phase, which can trim a lot of unallocated space. There are no limits on the trim size (unlike the block group part). Since trime isn't a critical call it can be interrupted at any time, in such cases we stop the trim, report the amount of discarded bytes and return an error. Link: https://bugzilla.kernel.org/show_bug.cgi?id=219180 Link: https://bugzilla.suse.com/show_bug.cgi?id=1229737 CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Luca Stefani <luca.stefani.ge1(a)gmail.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index ad70548d1f72..d9f511babd89 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -1316,6 +1316,11 @@ static int btrfs_issue_discard(struct block_device *bdev, u64 start, u64 len, start += bytes_to_discard; bytes_left -= bytes_to_discard; *discarded_bytes += bytes_to_discard; + + if (btrfs_trim_interrupted()) { + ret = -ERESTARTSYS; + break; + } } return ret; @@ -6470,7 +6475,7 @@ static int btrfs_trim_free_extents(struct btrfs_device *device, u64 *trimmed) start += len; *trimmed += bytes; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index eaa1dbd31352..f4bcb2530660 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3809,7 +3809,7 @@ static int trim_no_bitmap(struct btrfs_block_group *block_group, if (async && *total_trimmed) break; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } @@ -4000,7 +4000,7 @@ static int trim_bitmaps(struct btrfs_block_group *block_group, } block_group->discard_cursor = start; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { if (start != offset) reset_trimming_bitmap(ctl, offset); ret = -ERESTARTSYS; diff --git a/fs/btrfs/free-space-cache.h b/fs/btrfs/free-space-cache.h index 83774bfd7b3b..9f1dbfdee8ca 100644 --- a/fs/btrfs/free-space-cache.h +++ b/fs/btrfs/free-space-cache.h @@ -10,6 +10,7 @@ #include <linux/list.h> #include <linux/spinlock.h> #include <linux/mutex.h> +#include <linux/freezer.h> #include "fs.h" struct inode; @@ -56,6 +57,11 @@ static inline bool btrfs_free_space_trimming_bitmap( return (info->trim_state == BTRFS_TRIM_STATE_TRIMMING); } +static inline bool btrfs_trim_interrupted(void) +{ + return fatal_signal_pending(current) || freezing(current); +} + /* * Deltas are an effective way to populate global statistics. Give macro names * to make it clear what we're doing. An example is discard_extents in

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: split remaining space to discard in chunks" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a99fcb0158978ed332009449b484e5f3ca2d7df4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101458-lyrically-defile-5bc8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: a99fcb015897 ("btrfs: split remaining space to discard in chunks") 29e70be261d9 ("btrfs: use SECTOR_SHIFT to convert physical offset to LBA") b7d463a1d125 ("btrfs: store a pointer to the original btrfs_bio in struct compressed_bio") 690834e47cf7 ("btrfs: pass a btrfs_bio to btrfs_submit_compressed_read") 7edb9a3e7200 ("btrfs: move zero filling of compressed read bios into common code") 32586c5bca72 ("btrfs: factor out a btrfs_free_compressed_pages helper") 10e924bc320a ("btrfs: factor out a btrfs_add_compressed_bio_pages helper") d7294e4deeb9 ("btrfs: use the bbio file offset in add_ra_bio_pages") e7aff33e3161 ("btrfs: use the bbio file offset in btrfs_submit_compressed_read") 798c9fc74d03 ("btrfs: remove redundant free_extent_map in btrfs_submit_compressed_read") 544fe4a903ce ("btrfs: embed a btrfs_bio into struct compressed_bio") d5e4377d5051 ("btrfs: split zone append bios in btrfs_submit_bio") 35a8d7da3ca8 ("btrfs: remove now spurious bio submission helpers") 285599b6fe15 ("btrfs: remove the fs_info argument to btrfs_submit_bio") 48253076c3a9 ("btrfs: open code submit_encoded_read_bio") 30493ff49f81 ("btrfs: remove stripe boundary calculation for compressed I/O") 2380220e1e13 ("btrfs: remove stripe boundary calculation for buffered I/O") 67d669825090 ("btrfs: pass the iomap bio to btrfs_submit_bio") 852eee62d31a ("btrfs: allow btrfs_submit_bio to split bios") 69ccf3f4244a ("btrfs: handle recording of zoned writes in the storage layer") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a99fcb0158978ed332009449b484e5f3ca2d7df4 Mon Sep 17 00:00:00 2001 From: Luca Stefani <luca.stefani.ge1(a)gmail.com> Date: Tue, 17 Sep 2024 22:33:04 +0200 Subject: [PATCH] btrfs: split remaining space to discard in chunks Per Qu Wenruo in case we have a very large disk, e.g. 8TiB device, mostly empty although we will do the split according to our super block locations, the last super block ends at 256G, we can submit a huge discard for the range [256G, 8T), causing a large delay. Split the space left to discard based on BTRFS_MAX_DISCARD_CHUNK_SIZE in preparation of introduction of cancellation points to trim. The value of the chunk size is arbitrary, it can be higher or derived from actual device capabilities but we can't easily read that using bio_discard_limit(). Link: https://bugzilla.kernel.org/show_bug.cgi?id=219180 Link: https://bugzilla.suse.com/show_bug.cgi?id=1229737 CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Luca Stefani <luca.stefani.ge1(a)gmail.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index a5966324607d..ad70548d1f72 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -1300,13 +1300,24 @@ static int btrfs_issue_discard(struct block_device *bdev, u64 start, u64 len, bytes_left = end - start; } - if (bytes_left) { + while (bytes_left) { + u64 bytes_to_discard = min(BTRFS_MAX_DISCARD_CHUNK_SIZE, bytes_left); + ret = blkdev_issue_discard(bdev, start >> SECTOR_SHIFT, - bytes_left >> SECTOR_SHIFT, + bytes_to_discard >> SECTOR_SHIFT, GFP_NOFS); - if (!ret) - *discarded_bytes += bytes_left; + + if (ret) { + if (ret != -EOPNOTSUPP) + break; + continue; + } + + start += bytes_to_discard; + bytes_left -= bytes_to_discard; + *discarded_bytes += bytes_to_discard; } + return ret; } diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h index 03d2d60afe0c..4481575dd70f 100644 --- a/fs/btrfs/volumes.h +++ b/fs/btrfs/volumes.h @@ -30,6 +30,12 @@ struct btrfs_zoned_device_info; #define BTRFS_MAX_DATA_CHUNK_SIZE (10ULL * SZ_1G) +/* + * Arbitratry maximum size of one discard request to limit potentially long time + * spent in blkdev_issue_discard(). + */ +#define BTRFS_MAX_DISCARD_CHUNK_SIZE (SZ_1G) + extern struct mutex uuid_mutex; #define BTRFS_STRIPE_LEN SZ_64K

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] btrfs: split remaining space to discard in chunks" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a99fcb0158978ed332009449b484e5f3ca2d7df4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101454-pouncing-unrobed-994a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: a99fcb015897 ("btrfs: split remaining space to discard in chunks") 29e70be261d9 ("btrfs: use SECTOR_SHIFT to convert physical offset to LBA") b7d463a1d125 ("btrfs: store a pointer to the original btrfs_bio in struct compressed_bio") 690834e47cf7 ("btrfs: pass a btrfs_bio to btrfs_submit_compressed_read") 7edb9a3e7200 ("btrfs: move zero filling of compressed read bios into common code") 32586c5bca72 ("btrfs: factor out a btrfs_free_compressed_pages helper") 10e924bc320a ("btrfs: factor out a btrfs_add_compressed_bio_pages helper") d7294e4deeb9 ("btrfs: use the bbio file offset in add_ra_bio_pages") e7aff33e3161 ("btrfs: use the bbio file offset in btrfs_submit_compressed_read") 798c9fc74d03 ("btrfs: remove redundant free_extent_map in btrfs_submit_compressed_read") 544fe4a903ce ("btrfs: embed a btrfs_bio into struct compressed_bio") d5e4377d5051 ("btrfs: split zone append bios in btrfs_submit_bio") 35a8d7da3ca8 ("btrfs: remove now spurious bio submission helpers") 285599b6fe15 ("btrfs: remove the fs_info argument to btrfs_submit_bio") 48253076c3a9 ("btrfs: open code submit_encoded_read_bio") 30493ff49f81 ("btrfs: remove stripe boundary calculation for compressed I/O") 2380220e1e13 ("btrfs: remove stripe boundary calculation for buffered I/O") 67d669825090 ("btrfs: pass the iomap bio to btrfs_submit_bio") 852eee62d31a ("btrfs: allow btrfs_submit_bio to split bios") 69ccf3f4244a ("btrfs: handle recording of zoned writes in the storage layer") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a99fcb0158978ed332009449b484e5f3ca2d7df4 Mon Sep 17 00:00:00 2001 From: Luca Stefani <luca.stefani.ge1(a)gmail.com> Date: Tue, 17 Sep 2024 22:33:04 +0200 Subject: [PATCH] btrfs: split remaining space to discard in chunks Per Qu Wenruo in case we have a very large disk, e.g. 8TiB device, mostly empty although we will do the split according to our super block locations, the last super block ends at 256G, we can submit a huge discard for the range [256G, 8T), causing a large delay. Split the space left to discard based on BTRFS_MAX_DISCARD_CHUNK_SIZE in preparation of introduction of cancellation points to trim. The value of the chunk size is arbitrary, it can be higher or derived from actual device capabilities but we can't easily read that using bio_discard_limit(). Link: https://bugzilla.kernel.org/show_bug.cgi?id=219180 Link: https://bugzilla.suse.com/show_bug.cgi?id=1229737 CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Luca Stefani <luca.stefani.ge1(a)gmail.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index a5966324607d..ad70548d1f72 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -1300,13 +1300,24 @@ static int btrfs_issue_discard(struct block_device *bdev, u64 start, u64 len, bytes_left = end - start; } - if (bytes_left) { + while (bytes_left) { + u64 bytes_to_discard = min(BTRFS_MAX_DISCARD_CHUNK_SIZE, bytes_left); + ret = blkdev_issue_discard(bdev, start >> SECTOR_SHIFT, - bytes_left >> SECTOR_SHIFT, + bytes_to_discard >> SECTOR_SHIFT, GFP_NOFS); - if (!ret) - *discarded_bytes += bytes_left; + + if (ret) { + if (ret != -EOPNOTSUPP) + break; + continue; + } + + start += bytes_to_discard; + bytes_left -= bytes_to_discard; + *discarded_bytes += bytes_to_discard; } + return ret; } diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h index 03d2d60afe0c..4481575dd70f 100644 --- a/fs/btrfs/volumes.h +++ b/fs/btrfs/volumes.h @@ -30,6 +30,12 @@ struct btrfs_zoned_device_info; #define BTRFS_MAX_DATA_CHUNK_SIZE (10ULL * SZ_1G) +/* + * Arbitratry maximum size of one discard request to limit potentially long time + * spent in blkdev_issue_discard(). + */ +#define BTRFS_MAX_DISCARD_CHUNK_SIZE (SZ_1G) + extern struct mutex uuid_mutex; #define BTRFS_STRIPE_LEN SZ_64K

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] selftests/mm: fix incorrect buffer->mirror size in hmm2" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 76503e1fa1a53ef041a120825d5ce81c7fe7bdd7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101402-aspirate-saline-b8e9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 76503e1fa1a5 ("selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76503e1fa1a53ef041a120825d5ce81c7fe7bdd7 Mon Sep 17 00:00:00 2001 From: Donet Tom <donettom(a)linux.ibm.com> Date: Fri, 27 Sep 2024 00:07:52 -0500 Subject: [PATCH] selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The hmm2 double_map test was failing due to an incorrect buffer->mirror size. The buffer->mirror size was 6, while buffer->ptr size was 6 * PAGE_SIZE. The test failed because the kernel's copy_to_user function was attempting to copy a 6 * PAGE_SIZE buffer to buffer->mirror. Since the size of buffer->mirror was incorrect, copy_to_user failed. This patch corrects the buffer->mirror size to 6 * PAGE_SIZE. Test Result without this patch ============================== # RUN hmm2.hmm2_device_private.double_map ... # hmm-tests.c:1680:double_map:Expected ret (-14) == 0 (0) # double_map: Test terminated by assertion # FAIL hmm2.hmm2_device_private.double_map not ok 53 hmm2.hmm2_device_private.double_map Test Result with this patch =========================== # RUN hmm2.hmm2_device_private.double_map ... # OK hmm2.hmm2_device_private.double_map ok 53 hmm2.hmm2_device_private.double_map Link: https://lkml.kernel.org/r/20240927050752.51066-1-donettom@linux.ibm.com Fixes: fee9f6d1b8df ("mm/hmm/test: add selftests for HMM") Signed-off-by: Donet Tom <donettom(a)linux.ibm.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Cc: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/tools/testing/selftests/mm/hmm-tests.c b/tools/testing/selftests/mm/hmm-tests.c index d2cfc9b494a0..141bf63cbe05 100644 --- a/tools/testing/selftests/mm/hmm-tests.c +++ b/tools/testing/selftests/mm/hmm-tests.c @@ -1657,7 +1657,7 @@ TEST_F(hmm2, double_map) buffer->fd = -1; buffer->size = size; - buffer->mirror = malloc(npages); + buffer->mirror = malloc(size); ASSERT_NE(buffer->mirror, NULL); /* Reserve a range of addresses. */

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] selftests/mm: fix incorrect buffer->mirror size in hmm2" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 76503e1fa1a53ef041a120825d5ce81c7fe7bdd7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101401-envelope-repurpose-0c02@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 76503e1fa1a5 ("selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76503e1fa1a53ef041a120825d5ce81c7fe7bdd7 Mon Sep 17 00:00:00 2001 From: Donet Tom <donettom(a)linux.ibm.com> Date: Fri, 27 Sep 2024 00:07:52 -0500 Subject: [PATCH] selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The hmm2 double_map test was failing due to an incorrect buffer->mirror size. The buffer->mirror size was 6, while buffer->ptr size was 6 * PAGE_SIZE. The test failed because the kernel's copy_to_user function was attempting to copy a 6 * PAGE_SIZE buffer to buffer->mirror. Since the size of buffer->mirror was incorrect, copy_to_user failed. This patch corrects the buffer->mirror size to 6 * PAGE_SIZE. Test Result without this patch ============================== # RUN hmm2.hmm2_device_private.double_map ... # hmm-tests.c:1680:double_map:Expected ret (-14) == 0 (0) # double_map: Test terminated by assertion # FAIL hmm2.hmm2_device_private.double_map not ok 53 hmm2.hmm2_device_private.double_map Test Result with this patch =========================== # RUN hmm2.hmm2_device_private.double_map ... # OK hmm2.hmm2_device_private.double_map ok 53 hmm2.hmm2_device_private.double_map Link: https://lkml.kernel.org/r/20240927050752.51066-1-donettom@linux.ibm.com Fixes: fee9f6d1b8df ("mm/hmm/test: add selftests for HMM") Signed-off-by: Donet Tom <donettom(a)linux.ibm.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Cc: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/tools/testing/selftests/mm/hmm-tests.c b/tools/testing/selftests/mm/hmm-tests.c index d2cfc9b494a0..141bf63cbe05 100644 --- a/tools/testing/selftests/mm/hmm-tests.c +++ b/tools/testing/selftests/mm/hmm-tests.c @@ -1657,7 +1657,7 @@ TEST_F(hmm2, double_map) buffer->fd = -1; buffer->size = size; - buffer->mirror = malloc(npages); + buffer->mirror = malloc(size); ASSERT_NE(buffer->mirror, NULL); /* Reserve a range of addresses. */

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] selftests/mm: fix incorrect buffer->mirror size in hmm2" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 76503e1fa1a53ef041a120825d5ce81c7fe7bdd7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101400-sensually-talon-9006@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 76503e1fa1a5 ("selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76503e1fa1a53ef041a120825d5ce81c7fe7bdd7 Mon Sep 17 00:00:00 2001 From: Donet Tom <donettom(a)linux.ibm.com> Date: Fri, 27 Sep 2024 00:07:52 -0500 Subject: [PATCH] selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The hmm2 double_map test was failing due to an incorrect buffer->mirror size. The buffer->mirror size was 6, while buffer->ptr size was 6 * PAGE_SIZE. The test failed because the kernel's copy_to_user function was attempting to copy a 6 * PAGE_SIZE buffer to buffer->mirror. Since the size of buffer->mirror was incorrect, copy_to_user failed. This patch corrects the buffer->mirror size to 6 * PAGE_SIZE. Test Result without this patch ============================== # RUN hmm2.hmm2_device_private.double_map ... # hmm-tests.c:1680:double_map:Expected ret (-14) == 0 (0) # double_map: Test terminated by assertion # FAIL hmm2.hmm2_device_private.double_map not ok 53 hmm2.hmm2_device_private.double_map Test Result with this patch =========================== # RUN hmm2.hmm2_device_private.double_map ... # OK hmm2.hmm2_device_private.double_map ok 53 hmm2.hmm2_device_private.double_map Link: https://lkml.kernel.org/r/20240927050752.51066-1-donettom@linux.ibm.com Fixes: fee9f6d1b8df ("mm/hmm/test: add selftests for HMM") Signed-off-by: Donet Tom <donettom(a)linux.ibm.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Cc: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/tools/testing/selftests/mm/hmm-tests.c b/tools/testing/selftests/mm/hmm-tests.c index d2cfc9b494a0..141bf63cbe05 100644 --- a/tools/testing/selftests/mm/hmm-tests.c +++ b/tools/testing/selftests/mm/hmm-tests.c @@ -1657,7 +1657,7 @@ TEST_F(hmm2, double_map) buffer->fd = -1; buffer->size = size; - buffer->mirror = malloc(npages); + buffer->mirror = malloc(size); ASSERT_NE(buffer->mirror, NULL); /* Reserve a range of addresses. */

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tcp: fix mptcp DSS corruption due to large pmtu xmit" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 4dabcdf581217e60690467a37c956a5b8dbc6bd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101447-fling-blurred-fcdd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 4dabcdf58121 ("tcp: fix mptcp DSS corruption due to large pmtu xmit") 65249feb6b3d ("net: add support for skbs with unreadable frags") 071115301838 ("tcp: wrap mptcp and decrypted checks into tcp_skb_can_collapse_rx()") e958da0ddbe8 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4dabcdf581217e60690467a37c956a5b8dbc6bd9 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Tue, 8 Oct 2024 13:04:53 +0200 Subject: [PATCH] tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Modules linked in: CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 <0f> 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff RSP: 0018:ffffc90000006db8 EFLAGS: 00010246 RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00 RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0 RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8 R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000 R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5 FS: 000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> move_skbs_to_msk net/mptcp/protocol.c:811 [inline] mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854 subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490 tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283 tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 __netif_receive_skb_one_core net/core/dev.c:5662 [inline] __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6107 __napi_poll+0xcb/0x490 net/core/dev.c:6771 napi_poll net/core/dev.c:6840 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6962 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554 do_softirq+0x11b/0x1e0 kernel/softirq.c:455 </IRQ> <TASK> __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451 dev_queue_xmit include/linux/netdevice.h:3094 [inline] neigh_hh_output include/net/neighbour.h:526 [inline] neigh_output include/net/neighbour.h:540 [inline] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 ip_local_out net/ipv4/ip_output.c:130 [inline] __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536 __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline] tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752 __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015 tcp_push_pending_frames include/net/tcp.h:2107 [inline] tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline] tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 sk_backlog_rcv include/net/sock.h:1113 [inline] __release_sock+0x214/0x350 net/core/sock.c:3072 release_sock+0x61/0x1f0 net/core/sock.c:3626 mptcp_push_release net/mptcp/protocol.c:1486 [inline] __mptcp_push_pending+0x6b5/0x9f0 net/mptcp/protocol.c:1625 mptcp_sendmsg+0x10bb/0x1b10 net/mptcp/protocol.c:1903 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2603 ___sys_sendmsg net/socket.c:2657 [inline] __sys_sendmsg+0x2aa/0x390 net/socket.c:2686 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb06e9317f9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe2cfd4f98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fb06e97f468 RCX: 00007fb06e9317f9 RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 RBP: 00007fb06e97f446 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007fb06e97f406 R13: 0000000000000001 R14: 00007ffe2cfd4fe0 R15: 0000000000000003 </TASK> Additionally syzkaller provided a nice reproducer. The repro enables pmtu on the loopback device, leading to tcp_mtu_probe() generating very large probe packets. tcp_can_coalesce_send_queue_head() currently does not check for mptcp-level invariants, and allowed the creation of cross-DSS probes, leading to the mentioned corruption. Address the issue teaching tcp_can_coalesce_send_queue_head() about mptcp using the tcp_skb_can_collapse(), also reducing the code duplication. Fixes: 85712484110d ("tcp: coalesce/collapse must respect MPTCP extensions") Cc: stable(a)vger.kernel.org Reported-by: syzbot+d1bff73460e33101f0e7(a)syzkaller.appspotmail.com Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/513 Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Acked-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20241008-net-mptcp-fallback-fixes-v1-2-c6fb8e93e55… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 4fd746bd4d54..68804fd01daf 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -2342,10 +2342,7 @@ static bool tcp_can_coalesce_send_queue_head(struct sock *sk, int len) if (len <= skb->len) break; - if (unlikely(TCP_SKB_CB(skb)->eor) || - tcp_has_tx_tstamp(skb) || - !skb_pure_zcopy_same(skb, next) || - skb_frags_readable(skb) != skb_frags_readable(next)) + if (tcp_has_tx_tstamp(skb) || !tcp_skb_can_collapse(skb, next)) return false; len -= skb->len;

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tcp: fix mptcp DSS corruption due to large pmtu xmit" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4dabcdf581217e60690467a37c956a5b8dbc6bd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101440-ladder-jargon-2ca9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 4dabcdf58121 ("tcp: fix mptcp DSS corruption due to large pmtu xmit") 65249feb6b3d ("net: add support for skbs with unreadable frags") 071115301838 ("tcp: wrap mptcp and decrypted checks into tcp_skb_can_collapse_rx()") e958da0ddbe8 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4dabcdf581217e60690467a37c956a5b8dbc6bd9 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Tue, 8 Oct 2024 13:04:53 +0200 Subject: [PATCH] tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Modules linked in: CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 <0f> 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff RSP: 0018:ffffc90000006db8 EFLAGS: 00010246 RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00 RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0 RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8 R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000 R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5 FS: 000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> move_skbs_to_msk net/mptcp/protocol.c:811 [inline] mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854 subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490 tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283 tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 __netif_receive_skb_one_core net/core/dev.c:5662 [inline] __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6107 __napi_poll+0xcb/0x490 net/core/dev.c:6771 napi_poll net/core/dev.c:6840 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6962 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554 do_softirq+0x11b/0x1e0 kernel/softirq.c:455 </IRQ> <TASK> __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451 dev_queue_xmit include/linux/netdevice.h:3094 [inline] neigh_hh_output include/net/neighbour.h:526 [inline] neigh_output include/net/neighbour.h:540 [inline] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 ip_local_out net/ipv4/ip_output.c:130 [inline] __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536 __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline] tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752 __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015 tcp_push_pending_frames include/net/tcp.h:2107 [inline] tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline] tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 sk_backlog_rcv include/net/sock.h:1113 [inline] __release_sock+0x214/0x350 net/core/sock.c:3072 release_sock+0x61/0x1f0 net/core/sock.c:3626 mptcp_push_release net/mptcp/protocol.c:1486 [inline] __mptcp_push_pending+0x6b5/0x9f0 net/mptcp/protocol.c:1625 mptcp_sendmsg+0x10bb/0x1b10 net/mptcp/protocol.c:1903 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2603 ___sys_sendmsg net/socket.c:2657 [inline] __sys_sendmsg+0x2aa/0x390 net/socket.c:2686 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb06e9317f9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe2cfd4f98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fb06e97f468 RCX: 00007fb06e9317f9 RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 RBP: 00007fb06e97f446 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007fb06e97f406 R13: 0000000000000001 R14: 00007ffe2cfd4fe0 R15: 0000000000000003 </TASK> Additionally syzkaller provided a nice reproducer. The repro enables pmtu on the loopback device, leading to tcp_mtu_probe() generating very large probe packets. tcp_can_coalesce_send_queue_head() currently does not check for mptcp-level invariants, and allowed the creation of cross-DSS probes, leading to the mentioned corruption. Address the issue teaching tcp_can_coalesce_send_queue_head() about mptcp using the tcp_skb_can_collapse(), also reducing the code duplication. Fixes: 85712484110d ("tcp: coalesce/collapse must respect MPTCP extensions") Cc: stable(a)vger.kernel.org Reported-by: syzbot+d1bff73460e33101f0e7(a)syzkaller.appspotmail.com Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/513 Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Acked-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20241008-net-mptcp-fallback-fixes-v1-2-c6fb8e93e55… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 4fd746bd4d54..68804fd01daf 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -2342,10 +2342,7 @@ static bool tcp_can_coalesce_send_queue_head(struct sock *sk, int len) if (len <= skb->len) break; - if (unlikely(TCP_SKB_CB(skb)->eor) || - tcp_has_tx_tstamp(skb) || - !skb_pure_zcopy_same(skb, next) || - skb_frags_readable(skb) != skb_frags_readable(next)) + if (tcp_has_tx_tstamp(skb) || !tcp_skb_can_collapse(skb, next)) return false; len -= skb->len;

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tcp: fix mptcp DSS corruption due to large pmtu xmit" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4dabcdf581217e60690467a37c956a5b8dbc6bd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101438-muster-onlooker-0be8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 4dabcdf58121 ("tcp: fix mptcp DSS corruption due to large pmtu xmit") 65249feb6b3d ("net: add support for skbs with unreadable frags") 071115301838 ("tcp: wrap mptcp and decrypted checks into tcp_skb_can_collapse_rx()") e958da0ddbe8 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4dabcdf581217e60690467a37c956a5b8dbc6bd9 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Tue, 8 Oct 2024 13:04:53 +0200 Subject: [PATCH] tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Modules linked in: CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 <0f> 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff RSP: 0018:ffffc90000006db8 EFLAGS: 00010246 RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00 RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0 RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8 R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000 R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5 FS: 000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> move_skbs_to_msk net/mptcp/protocol.c:811 [inline] mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854 subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490 tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283 tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 __netif_receive_skb_one_core net/core/dev.c:5662 [inline] __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6107 __napi_poll+0xcb/0x490 net/core/dev.c:6771 napi_poll net/core/dev.c:6840 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6962 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554 do_softirq+0x11b/0x1e0 kernel/softirq.c:455 </IRQ> <TASK> __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451 dev_queue_xmit include/linux/netdevice.h:3094 [inline] neigh_hh_output include/net/neighbour.h:526 [inline] neigh_output include/net/neighbour.h:540 [inline] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 ip_local_out net/ipv4/ip_output.c:130 [inline] __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536 __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline] tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752 __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015 tcp_push_pending_frames include/net/tcp.h:2107 [inline] tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline] tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 sk_backlog_rcv include/net/sock.h:1113 [inline] __release_sock+0x214/0x350 net/core/sock.c:3072 release_sock+0x61/0x1f0 net/core/sock.c:3626 mptcp_push_release net/mptcp/protocol.c:1486 [inline] __mptcp_push_pending+0x6b5/0x9f0 net/mptcp/protocol.c:1625 mptcp_sendmsg+0x10bb/0x1b10 net/mptcp/protocol.c:1903 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2603 ___sys_sendmsg net/socket.c:2657 [inline] __sys_sendmsg+0x2aa/0x390 net/socket.c:2686 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb06e9317f9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe2cfd4f98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fb06e97f468 RCX: 00007fb06e9317f9 RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 RBP: 00007fb06e97f446 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007fb06e97f406 R13: 0000000000000001 R14: 00007ffe2cfd4fe0 R15: 0000000000000003 </TASK> Additionally syzkaller provided a nice reproducer. The repro enables pmtu on the loopback device, leading to tcp_mtu_probe() generating very large probe packets. tcp_can_coalesce_send_queue_head() currently does not check for mptcp-level invariants, and allowed the creation of cross-DSS probes, leading to the mentioned corruption. Address the issue teaching tcp_can_coalesce_send_queue_head() about mptcp using the tcp_skb_can_collapse(), also reducing the code duplication. Fixes: 85712484110d ("tcp: coalesce/collapse must respect MPTCP extensions") Cc: stable(a)vger.kernel.org Reported-by: syzbot+d1bff73460e33101f0e7(a)syzkaller.appspotmail.com Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/513 Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Acked-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20241008-net-mptcp-fallback-fixes-v1-2-c6fb8e93e55… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 4fd746bd4d54..68804fd01daf 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -2342,10 +2342,7 @@ static bool tcp_can_coalesce_send_queue_head(struct sock *sk, int len) if (len <= skb->len) break; - if (unlikely(TCP_SKB_CB(skb)->eor) || - tcp_has_tx_tstamp(skb) || - !skb_pure_zcopy_same(skb, next) || - skb_frags_readable(skb) != skb_frags_readable(next)) + if (tcp_has_tx_tstamp(skb) || !tcp_skb_can_collapse(skb, next)) return false; len -= skb->len;

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tcp: fix mptcp DSS corruption due to large pmtu xmit" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4dabcdf581217e60690467a37c956a5b8dbc6bd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101436-outspoken-slept-ab92@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 4dabcdf58121 ("tcp: fix mptcp DSS corruption due to large pmtu xmit") 65249feb6b3d ("net: add support for skbs with unreadable frags") 071115301838 ("tcp: wrap mptcp and decrypted checks into tcp_skb_can_collapse_rx()") e958da0ddbe8 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4dabcdf581217e60690467a37c956a5b8dbc6bd9 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Tue, 8 Oct 2024 13:04:53 +0200 Subject: [PATCH] tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Modules linked in: CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 <0f> 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff RSP: 0018:ffffc90000006db8 EFLAGS: 00010246 RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00 RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0 RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8 R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000 R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5 FS: 000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> move_skbs_to_msk net/mptcp/protocol.c:811 [inline] mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854 subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490 tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283 tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 __netif_receive_skb_one_core net/core/dev.c:5662 [inline] __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6107 __napi_poll+0xcb/0x490 net/core/dev.c:6771 napi_poll net/core/dev.c:6840 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6962 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554 do_softirq+0x11b/0x1e0 kernel/softirq.c:455 </IRQ> <TASK> __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451 dev_queue_xmit include/linux/netdevice.h:3094 [inline] neigh_hh_output include/net/neighbour.h:526 [inline] neigh_output include/net/neighbour.h:540 [inline] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 ip_local_out net/ipv4/ip_output.c:130 [inline] __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536 __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline] tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752 __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015 tcp_push_pending_frames include/net/tcp.h:2107 [inline] tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline] tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 sk_backlog_rcv include/net/sock.h:1113 [inline] __release_sock+0x214/0x350 net/core/sock.c:3072 release_sock+0x61/0x1f0 net/core/sock.c:3626 mptcp_push_release net/mptcp/protocol.c:1486 [inline] __mptcp_push_pending+0x6b5/0x9f0 net/mptcp/protocol.c:1625 mptcp_sendmsg+0x10bb/0x1b10 net/mptcp/protocol.c:1903 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2603 ___sys_sendmsg net/socket.c:2657 [inline] __sys_sendmsg+0x2aa/0x390 net/socket.c:2686 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb06e9317f9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe2cfd4f98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fb06e97f468 RCX: 00007fb06e9317f9 RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 RBP: 00007fb06e97f446 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007fb06e97f406 R13: 0000000000000001 R14: 00007ffe2cfd4fe0 R15: 0000000000000003 </TASK> Additionally syzkaller provided a nice reproducer. The repro enables pmtu on the loopback device, leading to tcp_mtu_probe() generating very large probe packets. tcp_can_coalesce_send_queue_head() currently does not check for mptcp-level invariants, and allowed the creation of cross-DSS probes, leading to the mentioned corruption. Address the issue teaching tcp_can_coalesce_send_queue_head() about mptcp using the tcp_skb_can_collapse(), also reducing the code duplication. Fixes: 85712484110d ("tcp: coalesce/collapse must respect MPTCP extensions") Cc: stable(a)vger.kernel.org Reported-by: syzbot+d1bff73460e33101f0e7(a)syzkaller.appspotmail.com Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/513 Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Acked-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20241008-net-mptcp-fallback-fixes-v1-2-c6fb8e93e55… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 4fd746bd4d54..68804fd01daf 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -2342,10 +2342,7 @@ static bool tcp_can_coalesce_send_queue_head(struct sock *sk, int len) if (len <= skb->len) break; - if (unlikely(TCP_SKB_CB(skb)->eor) || - tcp_has_tx_tstamp(skb) || - !skb_pure_zcopy_same(skb, next) || - skb_frags_readable(skb) != skb_frags_readable(next)) + if (tcp_has_tx_tstamp(skb) || !tcp_skb_can_collapse(skb, next)) return false; len -= skb->len;

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] tcp: fix mptcp DSS corruption due to large pmtu xmit" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 4dabcdf581217e60690467a37c956a5b8dbc6bd9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101434-refuse-multiply-eddc@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 4dabcdf58121 ("tcp: fix mptcp DSS corruption due to large pmtu xmit") 65249feb6b3d ("net: add support for skbs with unreadable frags") 071115301838 ("tcp: wrap mptcp and decrypted checks into tcp_skb_can_collapse_rx()") e958da0ddbe8 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4dabcdf581217e60690467a37c956a5b8dbc6bd9 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Tue, 8 Oct 2024 13:04:53 +0200 Subject: [PATCH] tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Modules linked in: CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 <0f> 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff RSP: 0018:ffffc90000006db8 EFLAGS: 00010246 RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00 RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0 RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8 R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000 R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5 FS: 000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> move_skbs_to_msk net/mptcp/protocol.c:811 [inline] mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854 subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490 tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283 tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 __netif_receive_skb_one_core net/core/dev.c:5662 [inline] __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6107 __napi_poll+0xcb/0x490 net/core/dev.c:6771 napi_poll net/core/dev.c:6840 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6962 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554 do_softirq+0x11b/0x1e0 kernel/softirq.c:455 </IRQ> <TASK> __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451 dev_queue_xmit include/linux/netdevice.h:3094 [inline] neigh_hh_output include/net/neighbour.h:526 [inline] neigh_output include/net/neighbour.h:540 [inline] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 ip_local_out net/ipv4/ip_output.c:130 [inline] __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536 __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline] tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752 __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015 tcp_push_pending_frames include/net/tcp.h:2107 [inline] tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline] tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 sk_backlog_rcv include/net/sock.h:1113 [inline] __release_sock+0x214/0x350 net/core/sock.c:3072 release_sock+0x61/0x1f0 net/core/sock.c:3626 mptcp_push_release net/mptcp/protocol.c:1486 [inline] __mptcp_push_pending+0x6b5/0x9f0 net/mptcp/protocol.c:1625 mptcp_sendmsg+0x10bb/0x1b10 net/mptcp/protocol.c:1903 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2603 ___sys_sendmsg net/socket.c:2657 [inline] __sys_sendmsg+0x2aa/0x390 net/socket.c:2686 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb06e9317f9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe2cfd4f98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fb06e97f468 RCX: 00007fb06e9317f9 RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 RBP: 00007fb06e97f446 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007fb06e97f406 R13: 0000000000000001 R14: 00007ffe2cfd4fe0 R15: 0000000000000003 </TASK> Additionally syzkaller provided a nice reproducer. The repro enables pmtu on the loopback device, leading to tcp_mtu_probe() generating very large probe packets. tcp_can_coalesce_send_queue_head() currently does not check for mptcp-level invariants, and allowed the creation of cross-DSS probes, leading to the mentioned corruption. Address the issue teaching tcp_can_coalesce_send_queue_head() about mptcp using the tcp_skb_can_collapse(), also reducing the code duplication. Fixes: 85712484110d ("tcp: coalesce/collapse must respect MPTCP extensions") Cc: stable(a)vger.kernel.org Reported-by: syzbot+d1bff73460e33101f0e7(a)syzkaller.appspotmail.com Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/513 Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Acked-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20241008-net-mptcp-fallback-fixes-v1-2-c6fb8e93e55… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 4fd746bd4d54..68804fd01daf 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -2342,10 +2342,7 @@ static bool tcp_can_coalesce_send_queue_head(struct sock *sk, int len) if (len <= skb->len) break; - if (unlikely(TCP_SKB_CB(skb)->eor) || - tcp_has_tx_tstamp(skb) || - !skb_pure_zcopy_same(skb, next) || - skb_frags_readable(skb) != skb_frags_readable(next)) + if (tcp_has_tx_tstamp(skb) || !tcp_skb_can_collapse(skb, next)) return false; len -= skb->len;

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mptcp: handle consistently DSS corruption" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e32d262c89e2b22cb0640223f953b548617ed8a6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101414-scouting-grower-43fe@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: e32d262c89e2 ("mptcp: handle consistently DSS corruption") 104125b82e5c ("mptcp: add mib for infinite map sending") 1e39e5a32ad7 ("mptcp: infinite mapping sending") 0eb4e7ee1655 ("mptcp: add tracepoint in mptcp_sendmsg_frag") f284c0c77321 ("mptcp: implement fastclose xmit path") f70cad1085d1 ("mptcp: stop relying on tcp_tx_skb_cache") efe686ffce01 ("mptcp: ensure tx skbs always have the MPTCP ext") 1094c6fe7280 ("mptcp: fix possible divide by zero") 5580d41b758a ("mptcp: MP_FAIL suboption receiving") c25aeb4e0953 ("mptcp: MP_FAIL suboption sending") d7b269083786 ("mptcp: shrink mptcp_out_options struct") 1bff1e43a30e ("mptcp: optimize out option generation") 1f5e9e2f5fd5 ("mptcp: move drop_other_suboptions check under pm lock") df377be38725 ("mptcp: add deny_join_id0 in mptcp_options_received") bab6b88e0560 ("mptcp: add allow_join_id0 in mptcp_out_options") 8ce568ed06ce ("mptcp: drop tx skb cache") 4e14867d5e91 ("mptcp: tune re-injections for csum enabled mode") 208e8f66926c ("mptcp: receive checksum for MP_CAPABLE with data") 0625118115cf ("mptcp: add csum_reqd in mptcp_options_received") c5b39e26d003 ("mptcp: send out checksum for DSS") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e32d262c89e2b22cb0640223f953b548617ed8a6 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Tue, 8 Oct 2024 13:04:52 +0200 Subject: [PATCH] mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUG_NET assertions, to avoid the splat on some builds and handle consistently the error, dumping related MIBs and performing fallback and/or reset according to the subflow type. Fixes: 6771bfd9ee24 ("mptcp: update mptcp ack sequence from work queue") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20241008-net-mptcp-fallback-fixes-v1-1-c6fb8e93e55… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/mib.c b/net/mptcp/mib.c index 38c2efc82b94..ad88bd3c58df 100644 --- a/net/mptcp/mib.c +++ b/net/mptcp/mib.c @@ -32,6 +32,8 @@ static const struct snmp_mib mptcp_snmp_list[] = { SNMP_MIB_ITEM("MPJoinSynTxBindErr", MPTCP_MIB_JOINSYNTXBINDERR), SNMP_MIB_ITEM("MPJoinSynTxConnectErr", MPTCP_MIB_JOINSYNTXCONNECTERR), SNMP_MIB_ITEM("DSSNotMatching", MPTCP_MIB_DSSNOMATCH), + SNMP_MIB_ITEM("DSSCorruptionFallback", MPTCP_MIB_DSSCORRUPTIONFALLBACK), + SNMP_MIB_ITEM("DSSCorruptionReset", MPTCP_MIB_DSSCORRUPTIONRESET), SNMP_MIB_ITEM("InfiniteMapTx", MPTCP_MIB_INFINITEMAPTX), SNMP_MIB_ITEM("InfiniteMapRx", MPTCP_MIB_INFINITEMAPRX), SNMP_MIB_ITEM("DSSNoMatchTCP", MPTCP_MIB_DSSTCPMISMATCH), diff --git a/net/mptcp/mib.h b/net/mptcp/mib.h index c8ffe18a8722..3206cdda8bb1 100644 --- a/net/mptcp/mib.h +++ b/net/mptcp/mib.h @@ -27,6 +27,8 @@ enum linux_mptcp_mib_field { MPTCP_MIB_JOINSYNTXBINDERR, /* Not able to bind() the address when sending a SYN + MP_JOIN */ MPTCP_MIB_JOINSYNTXCONNECTERR, /* Not able to connect() when sending a SYN + MP_JOIN */ MPTCP_MIB_DSSNOMATCH, /* Received a new mapping that did not match the previous one */ + MPTCP_MIB_DSSCORRUPTIONFALLBACK,/* DSS corruption detected, fallback */ + MPTCP_MIB_DSSCORRUPTIONRESET, /* DSS corruption detected, MPJ subflow reset */ MPTCP_MIB_INFINITEMAPTX, /* Sent an infinite mapping */ MPTCP_MIB_INFINITEMAPRX, /* Received an infinite mapping */ MPTCP_MIB_DSSTCPMISMATCH, /* DSS-mapping did not map with TCP's sequence numbers */ diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index c2317919fc14..6d0e201c3eb2 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -620,6 +620,18 @@ static bool mptcp_check_data_fin(struct sock *sk) return ret; } +static void mptcp_dss_corruption(struct mptcp_sock *msk, struct sock *ssk) +{ + if (READ_ONCE(msk->allow_infinite_fallback)) { + MPTCP_INC_STATS(sock_net(ssk), + MPTCP_MIB_DSSCORRUPTIONFALLBACK); + mptcp_do_fallback(ssk); + } else { + MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_DSSCORRUPTIONRESET); + mptcp_subflow_reset(ssk); + } +} + static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, struct sock *ssk, unsigned int *bytes) @@ -692,10 +704,16 @@ static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, moved += len; seq += len; - if (WARN_ON_ONCE(map_remaining < len)) - break; + if (unlikely(map_remaining < len)) { + DEBUG_NET_WARN_ON_ONCE(1); + mptcp_dss_corruption(msk, ssk); + } } else { - WARN_ON_ONCE(!fin); + if (unlikely(!fin)) { + DEBUG_NET_WARN_ON_ONCE(1); + mptcp_dss_corruption(msk, ssk); + } + sk_eat_skb(ssk, skb); done = true; } diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1040b3b9696b..e1046a696ab5 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -975,8 +975,10 @@ static bool skb_is_fully_mapped(struct sock *ssk, struct sk_buff *skb) unsigned int skb_consumed; skb_consumed = tcp_sk(ssk)->copied_seq - TCP_SKB_CB(skb)->seq; - if (WARN_ON_ONCE(skb_consumed >= skb->len)) + if (unlikely(skb_consumed >= skb->len)) { + DEBUG_NET_WARN_ON_ONCE(1); return true; + } return skb->len - skb_consumed <= subflow->map_data_len - mptcp_subflow_get_map_offset(subflow);

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mptcp: handle consistently DSS corruption" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e32d262c89e2b22cb0640223f953b548617ed8a6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101413-murky-haiku-4511@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: e32d262c89e2 ("mptcp: handle consistently DSS corruption") 104125b82e5c ("mptcp: add mib for infinite map sending") 1e39e5a32ad7 ("mptcp: infinite mapping sending") 0eb4e7ee1655 ("mptcp: add tracepoint in mptcp_sendmsg_frag") f284c0c77321 ("mptcp: implement fastclose xmit path") f70cad1085d1 ("mptcp: stop relying on tcp_tx_skb_cache") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e32d262c89e2b22cb0640223f953b548617ed8a6 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Tue, 8 Oct 2024 13:04:52 +0200 Subject: [PATCH] mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUG_NET assertions, to avoid the splat on some builds and handle consistently the error, dumping related MIBs and performing fallback and/or reset according to the subflow type. Fixes: 6771bfd9ee24 ("mptcp: update mptcp ack sequence from work queue") Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20241008-net-mptcp-fallback-fixes-v1-1-c6fb8e93e55… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/mib.c b/net/mptcp/mib.c index 38c2efc82b94..ad88bd3c58df 100644 --- a/net/mptcp/mib.c +++ b/net/mptcp/mib.c @@ -32,6 +32,8 @@ static const struct snmp_mib mptcp_snmp_list[] = { SNMP_MIB_ITEM("MPJoinSynTxBindErr", MPTCP_MIB_JOINSYNTXBINDERR), SNMP_MIB_ITEM("MPJoinSynTxConnectErr", MPTCP_MIB_JOINSYNTXCONNECTERR), SNMP_MIB_ITEM("DSSNotMatching", MPTCP_MIB_DSSNOMATCH), + SNMP_MIB_ITEM("DSSCorruptionFallback", MPTCP_MIB_DSSCORRUPTIONFALLBACK), + SNMP_MIB_ITEM("DSSCorruptionReset", MPTCP_MIB_DSSCORRUPTIONRESET), SNMP_MIB_ITEM("InfiniteMapTx", MPTCP_MIB_INFINITEMAPTX), SNMP_MIB_ITEM("InfiniteMapRx", MPTCP_MIB_INFINITEMAPRX), SNMP_MIB_ITEM("DSSNoMatchTCP", MPTCP_MIB_DSSTCPMISMATCH), diff --git a/net/mptcp/mib.h b/net/mptcp/mib.h index c8ffe18a8722..3206cdda8bb1 100644 --- a/net/mptcp/mib.h +++ b/net/mptcp/mib.h @@ -27,6 +27,8 @@ enum linux_mptcp_mib_field { MPTCP_MIB_JOINSYNTXBINDERR, /* Not able to bind() the address when sending a SYN + MP_JOIN */ MPTCP_MIB_JOINSYNTXCONNECTERR, /* Not able to connect() when sending a SYN + MP_JOIN */ MPTCP_MIB_DSSNOMATCH, /* Received a new mapping that did not match the previous one */ + MPTCP_MIB_DSSCORRUPTIONFALLBACK,/* DSS corruption detected, fallback */ + MPTCP_MIB_DSSCORRUPTIONRESET, /* DSS corruption detected, MPJ subflow reset */ MPTCP_MIB_INFINITEMAPTX, /* Sent an infinite mapping */ MPTCP_MIB_INFINITEMAPRX, /* Received an infinite mapping */ MPTCP_MIB_DSSTCPMISMATCH, /* DSS-mapping did not map with TCP's sequence numbers */ diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index c2317919fc14..6d0e201c3eb2 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -620,6 +620,18 @@ static bool mptcp_check_data_fin(struct sock *sk) return ret; } +static void mptcp_dss_corruption(struct mptcp_sock *msk, struct sock *ssk) +{ + if (READ_ONCE(msk->allow_infinite_fallback)) { + MPTCP_INC_STATS(sock_net(ssk), + MPTCP_MIB_DSSCORRUPTIONFALLBACK); + mptcp_do_fallback(ssk); + } else { + MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_DSSCORRUPTIONRESET); + mptcp_subflow_reset(ssk); + } +} + static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, struct sock *ssk, unsigned int *bytes) @@ -692,10 +704,16 @@ static bool __mptcp_move_skbs_from_subflow(struct mptcp_sock *msk, moved += len; seq += len; - if (WARN_ON_ONCE(map_remaining < len)) - break; + if (unlikely(map_remaining < len)) { + DEBUG_NET_WARN_ON_ONCE(1); + mptcp_dss_corruption(msk, ssk); + } } else { - WARN_ON_ONCE(!fin); + if (unlikely(!fin)) { + DEBUG_NET_WARN_ON_ONCE(1); + mptcp_dss_corruption(msk, ssk); + } + sk_eat_skb(ssk, skb); done = true; } diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1040b3b9696b..e1046a696ab5 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -975,8 +975,10 @@ static bool skb_is_fully_mapped(struct sock *ssk, struct sk_buff *skb) unsigned int skb_consumed; skb_consumed = tcp_sk(ssk)->copied_seq - TCP_SKB_CB(skb)->seq; - if (WARN_ON_ONCE(skb_consumed >= skb->len)) + if (unlikely(skb_consumed >= skb->len)) { + DEBUG_NET_WARN_ON_ONCE(1); return true; + } return skb->len - skb_consumed <= subflow->map_data_len - mptcp_subflow_get_map_offset(subflow);

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d5130c5a093257aa4542aaded8034ef116a7624a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101436-violin-agreement-b115@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: d5130c5a0932 ("scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb()") 06caeb536b2b ("scsi: ufs: core: Rename symbol sizeof_utp_transfer_cmd_desc()") 5149452ca662 ("scsi: ufs: core: Fix MCQ tag calculation") f87b2c41822a ("scsi: ufs: mcq: Add completion support of a CQE") 854f84e7feeb ("scsi: ufs: core: mcq: Find hardware queue to queue request") 22a2d563de14 ("scsi: ufs: core: Prepare ufshcd_send_command() for MCQ") 2468da61ea09 ("scsi: ufs: core: mcq: Configure operation and runtime interface") 4682abfae2eb ("scsi: ufs: core: mcq: Allocate memory for MCQ mode") 7224c806876e ("scsi: ufs: core: mcq: Calculate queue depth") c263b4ef737e ("scsi: ufs: core: mcq: Configure resource regions") 57b1c0ef89ac ("scsi: ufs: core: mcq: Add support to allocate multiple queues") 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported") 305a357d3595 ("scsi: ufs: core: Introduce multi-circular queue capability") 6e1d850acff9 ("scsi: ufs: core: Probe for EXT_IID support") baf5ddac90dc ("scsi: ufs: ufs-qcom: Add support for reinitializing the UFS device") 96a7141da332 ("scsi: ufs: core: Add support for reinitializing the UFS device") c2c38c573a2e ("scsi: ufs: core: Add reinit_notify() callback") 031312dbc695 ("scsi: ufs: ufs-qcom: Remove unnecessary goto statements") 4a5bd1a928a2 ("Merge patch series "Prepare for upstreaming Pixel 6 and 7 UFS support"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d5130c5a093257aa4542aaded8034ef116a7624a Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Tue, 10 Sep 2024 07:45:43 +0300 Subject: [PATCH] scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb() Replace manual offset calculations for response_upiu and prd_table in ufshcd_init_lrb() with pre-calculated offsets already stored in the utp_transfer_req_desc structure. The pre-calculated offsets are set differently in ufshcd_host_memory_configure() based on the UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk, ensuring correct alignment and access. Fixes: 26f968d7de82 ("scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk") Cc: stable(a)vger.kernel.org Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Link: https://lore.kernel.org/r/20240910044543.3812642-1-avri.altman@wdc.com Acked-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 24a32e2fd75e..6a71ebf953e2 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -2933,9 +2933,8 @@ static void ufshcd_init_lrb(struct ufs_hba *hba, struct ufshcd_lrb *lrb, int i) struct utp_transfer_req_desc *utrdlp = hba->utrdl_base_addr; dma_addr_t cmd_desc_element_addr = hba->ucdl_dma_addr + i * ufshcd_get_ucd_size(hba); - u16 response_offset = offsetof(struct utp_transfer_cmd_desc, - response_upiu); - u16 prdt_offset = offsetof(struct utp_transfer_cmd_desc, prd_table); + u16 response_offset = le16_to_cpu(utrdlp[i].response_upiu_offset); + u16 prdt_offset = le16_to_cpu(utrdlp[i].prd_table_offset); lrb->utr_descriptor_ptr = utrdlp + i; lrb->utrd_dma_addr = hba->utrdl_dma_addr +

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d5130c5a093257aa4542aaded8034ef116a7624a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101436-cherub-rehydrate-8076@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d5130c5a0932 ("scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb()") 06caeb536b2b ("scsi: ufs: core: Rename symbol sizeof_utp_transfer_cmd_desc()") 5149452ca662 ("scsi: ufs: core: Fix MCQ tag calculation") f87b2c41822a ("scsi: ufs: mcq: Add completion support of a CQE") 854f84e7feeb ("scsi: ufs: core: mcq: Find hardware queue to queue request") 22a2d563de14 ("scsi: ufs: core: Prepare ufshcd_send_command() for MCQ") 2468da61ea09 ("scsi: ufs: core: mcq: Configure operation and runtime interface") 4682abfae2eb ("scsi: ufs: core: mcq: Allocate memory for MCQ mode") 7224c806876e ("scsi: ufs: core: mcq: Calculate queue depth") c263b4ef737e ("scsi: ufs: core: mcq: Configure resource regions") 57b1c0ef89ac ("scsi: ufs: core: mcq: Add support to allocate multiple queues") 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported") 305a357d3595 ("scsi: ufs: core: Introduce multi-circular queue capability") 6e1d850acff9 ("scsi: ufs: core: Probe for EXT_IID support") baf5ddac90dc ("scsi: ufs: ufs-qcom: Add support for reinitializing the UFS device") 96a7141da332 ("scsi: ufs: core: Add support for reinitializing the UFS device") c2c38c573a2e ("scsi: ufs: core: Add reinit_notify() callback") 031312dbc695 ("scsi: ufs: ufs-qcom: Remove unnecessary goto statements") 4a5bd1a928a2 ("Merge patch series "Prepare for upstreaming Pixel 6 and 7 UFS support"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d5130c5a093257aa4542aaded8034ef116a7624a Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Tue, 10 Sep 2024 07:45:43 +0300 Subject: [PATCH] scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb() Replace manual offset calculations for response_upiu and prd_table in ufshcd_init_lrb() with pre-calculated offsets already stored in the utp_transfer_req_desc structure. The pre-calculated offsets are set differently in ufshcd_host_memory_configure() based on the UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk, ensuring correct alignment and access. Fixes: 26f968d7de82 ("scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk") Cc: stable(a)vger.kernel.org Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Link: https://lore.kernel.org/r/20240910044543.3812642-1-avri.altman@wdc.com Acked-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 24a32e2fd75e..6a71ebf953e2 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -2933,9 +2933,8 @@ static void ufshcd_init_lrb(struct ufs_hba *hba, struct ufshcd_lrb *lrb, int i) struct utp_transfer_req_desc *utrdlp = hba->utrdl_base_addr; dma_addr_t cmd_desc_element_addr = hba->ucdl_dma_addr + i * ufshcd_get_ucd_size(hba); - u16 response_offset = offsetof(struct utp_transfer_cmd_desc, - response_upiu); - u16 prdt_offset = offsetof(struct utp_transfer_cmd_desc, prd_table); + u16 response_offset = le16_to_cpu(utrdlp[i].response_upiu_offset); + u16 prdt_offset = le16_to_cpu(utrdlp[i].prd_table_offset); lrb->utr_descriptor_ptr = utrdlp + i; lrb->utrd_dma_addr = hba->utrdl_dma_addr +

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d5130c5a093257aa4542aaded8034ef116a7624a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101435-champion-obsessive-c47b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d5130c5a0932 ("scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb()") 06caeb536b2b ("scsi: ufs: core: Rename symbol sizeof_utp_transfer_cmd_desc()") 5149452ca662 ("scsi: ufs: core: Fix MCQ tag calculation") f87b2c41822a ("scsi: ufs: mcq: Add completion support of a CQE") 854f84e7feeb ("scsi: ufs: core: mcq: Find hardware queue to queue request") 22a2d563de14 ("scsi: ufs: core: Prepare ufshcd_send_command() for MCQ") 2468da61ea09 ("scsi: ufs: core: mcq: Configure operation and runtime interface") 4682abfae2eb ("scsi: ufs: core: mcq: Allocate memory for MCQ mode") 7224c806876e ("scsi: ufs: core: mcq: Calculate queue depth") c263b4ef737e ("scsi: ufs: core: mcq: Configure resource regions") 57b1c0ef89ac ("scsi: ufs: core: mcq: Add support to allocate multiple queues") 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported") 305a357d3595 ("scsi: ufs: core: Introduce multi-circular queue capability") 6e1d850acff9 ("scsi: ufs: core: Probe for EXT_IID support") baf5ddac90dc ("scsi: ufs: ufs-qcom: Add support for reinitializing the UFS device") 96a7141da332 ("scsi: ufs: core: Add support for reinitializing the UFS device") c2c38c573a2e ("scsi: ufs: core: Add reinit_notify() callback") 031312dbc695 ("scsi: ufs: ufs-qcom: Remove unnecessary goto statements") 4a5bd1a928a2 ("Merge patch series "Prepare for upstreaming Pixel 6 and 7 UFS support"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d5130c5a093257aa4542aaded8034ef116a7624a Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Tue, 10 Sep 2024 07:45:43 +0300 Subject: [PATCH] scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb() Replace manual offset calculations for response_upiu and prd_table in ufshcd_init_lrb() with pre-calculated offsets already stored in the utp_transfer_req_desc structure. The pre-calculated offsets are set differently in ufshcd_host_memory_configure() based on the UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk, ensuring correct alignment and access. Fixes: 26f968d7de82 ("scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk") Cc: stable(a)vger.kernel.org Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Link: https://lore.kernel.org/r/20240910044543.3812642-1-avri.altman@wdc.com Acked-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 24a32e2fd75e..6a71ebf953e2 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -2933,9 +2933,8 @@ static void ufshcd_init_lrb(struct ufs_hba *hba, struct ufshcd_lrb *lrb, int i) struct utp_transfer_req_desc *utrdlp = hba->utrdl_base_addr; dma_addr_t cmd_desc_element_addr = hba->ucdl_dma_addr + i * ufshcd_get_ucd_size(hba); - u16 response_offset = offsetof(struct utp_transfer_cmd_desc, - response_upiu); - u16 prdt_offset = offsetof(struct utp_transfer_cmd_desc, prd_table); + u16 response_offset = le16_to_cpu(utrdlp[i].response_upiu_offset); + u16 prdt_offset = le16_to_cpu(utrdlp[i].prd_table_offset); lrb->utr_descriptor_ptr = utrdlp + i; lrb->utrd_dma_addr = hba->utrdl_dma_addr +

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/hdcp: fix connector refcounting" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4cc2718f621a6a57a02581125bb6d914ce74d23b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101406-gallows-construct-02e9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 4cc2718f621a ("drm/i915/hdcp: fix connector refcounting") 848a4e5c096d ("drm/i915: add a dedicated workqueue inside drm_i915_private") f48eab290287 ("drm/i915/dp: Add link training debug and error printing helpers") f60500f31e99 ("drm/i915/display/dp: 128/132b LT requirement") 40053823baad ("drm/i915/display: move modeset probe/remove functions to intel_display_driver.c") 15e4f0b541d4 ("drm/i915/display: rename intel_modeset_probe_defer() -> intel_display_driver_probe_defer()") ff2c80be1a00 ("drm/i915/display: move intel_modeset_probe_defer() to intel_display_driver.[ch]") 77316e755213 ("drm/i915/display: start high level display driver file") 99cfbed19d06 ("drm/i915/vrr: Relocate VRR enable/disable") ecaeecea9263 ("drm/i915/vrr: Tell intel_crtc_update_active_timings() about VRR explicitly") fa9e4fce52ec ("drm/i915/vrr: Make delayed vblank operational in VRR mode on adl/dg2") b25e07419fee ("drm/i915/vrr: Eliminate redundant function arguments") 6a9856075563 ("drm/i915: Generalize planes_{enabling,disabling}()") c5de248484af ("drm/i915/dpt: Add a modparam to disable DPT via the chicken bit") 5a08585d38d6 ("drm/i915: Add PLANE_CHICKEN registers") 1a324a40b452 ("i915/display/dp: SDP CRC16 for 128b132b link layer") b5202a93cd37 ("drm/i915: Extract intel_crtc_scanline_offset()") 84f4ebe8c1ab ("drm/i915: Relocate intel_crtc_update_active_timings()") 6e8acb6686d8 ("drm/i915: Add belts and suspenders locking for seamless M/N changes") 8cb1f95cca68 ("drm/i915: Update vblank timestamping stuff on seamless M/N change") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4cc2718f621a6a57a02581125bb6d914ce74d23b Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Tue, 24 Sep 2024 18:30:22 +0300 Subject: [PATCH] drm/i915/hdcp: fix connector refcounting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We acquire a connector reference before scheduling an HDCP prop work, and expect the work function to release the reference. However, if the work was already queued, it won't be queued multiple times, and the reference is not dropped. Release the reference immediately if the work was already queued. Fixes: a6597faa2d59 ("drm/i915: Protect workers against disappearing connectors") Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Suraj Kandpal <suraj.kandpal(a)intel.com> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: stable(a)vger.kernel.org # v5.10+ Reviewed-by: Suraj Kandpal <suraj.kandpal(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924153022.2255299-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit abc0742c79bdb3b164eacab24aea0916d2ec1cb5) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_hdcp.c b/drivers/gpu/drm/i915/display/intel_hdcp.c index 6980b98792c2..377939de0ff4 100644 --- a/drivers/gpu/drm/i915/display/intel_hdcp.c +++ b/drivers/gpu/drm/i915/display/intel_hdcp.c @@ -1094,7 +1094,8 @@ static void intel_hdcp_update_value(struct intel_connector *connector, hdcp->value = value; if (update_property) { drm_connector_get(&connector->base); - queue_work(i915->unordered_wq, &hdcp->prop_work); + if (!queue_work(i915->unordered_wq, &hdcp->prop_work)) + drm_connector_put(&connector->base); } } @@ -2524,7 +2525,8 @@ void intel_hdcp_update_pipe(struct intel_atomic_state *state, mutex_lock(&hdcp->mutex); hdcp->value = DRM_MODE_CONTENT_PROTECTION_DESIRED; drm_connector_get(&connector->base); - queue_work(i915->unordered_wq, &hdcp->prop_work); + if (!queue_work(i915->unordered_wq, &hdcp->prop_work)) + drm_connector_put(&connector->base); mutex_unlock(&hdcp->mutex); } @@ -2541,7 +2543,9 @@ void intel_hdcp_update_pipe(struct intel_atomic_state *state, */ if (!desired_and_not_enabled && !content_protection_type_changed) { drm_connector_get(&connector->base); - queue_work(i915->unordered_wq, &hdcp->prop_work); + if (!queue_work(i915->unordered_wq, &hdcp->prop_work)) + drm_connector_put(&connector->base); + } }

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/hdcp: fix connector refcounting" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4cc2718f621a6a57a02581125bb6d914ce74d23b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101405-upstate-waggle-385b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 4cc2718f621a ("drm/i915/hdcp: fix connector refcounting") 848a4e5c096d ("drm/i915: add a dedicated workqueue inside drm_i915_private") f48eab290287 ("drm/i915/dp: Add link training debug and error printing helpers") f60500f31e99 ("drm/i915/display/dp: 128/132b LT requirement") 40053823baad ("drm/i915/display: move modeset probe/remove functions to intel_display_driver.c") 15e4f0b541d4 ("drm/i915/display: rename intel_modeset_probe_defer() -> intel_display_driver_probe_defer()") ff2c80be1a00 ("drm/i915/display: move intel_modeset_probe_defer() to intel_display_driver.[ch]") 77316e755213 ("drm/i915/display: start high level display driver file") 99cfbed19d06 ("drm/i915/vrr: Relocate VRR enable/disable") ecaeecea9263 ("drm/i915/vrr: Tell intel_crtc_update_active_timings() about VRR explicitly") fa9e4fce52ec ("drm/i915/vrr: Make delayed vblank operational in VRR mode on adl/dg2") b25e07419fee ("drm/i915/vrr: Eliminate redundant function arguments") 6a9856075563 ("drm/i915: Generalize planes_{enabling,disabling}()") c5de248484af ("drm/i915/dpt: Add a modparam to disable DPT via the chicken bit") 5a08585d38d6 ("drm/i915: Add PLANE_CHICKEN registers") 1a324a40b452 ("i915/display/dp: SDP CRC16 for 128b132b link layer") b5202a93cd37 ("drm/i915: Extract intel_crtc_scanline_offset()") 84f4ebe8c1ab ("drm/i915: Relocate intel_crtc_update_active_timings()") 6e8acb6686d8 ("drm/i915: Add belts and suspenders locking for seamless M/N changes") 8cb1f95cca68 ("drm/i915: Update vblank timestamping stuff on seamless M/N change") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4cc2718f621a6a57a02581125bb6d914ce74d23b Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Tue, 24 Sep 2024 18:30:22 +0300 Subject: [PATCH] drm/i915/hdcp: fix connector refcounting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We acquire a connector reference before scheduling an HDCP prop work, and expect the work function to release the reference. However, if the work was already queued, it won't be queued multiple times, and the reference is not dropped. Release the reference immediately if the work was already queued. Fixes: a6597faa2d59 ("drm/i915: Protect workers against disappearing connectors") Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Suraj Kandpal <suraj.kandpal(a)intel.com> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: stable(a)vger.kernel.org # v5.10+ Reviewed-by: Suraj Kandpal <suraj.kandpal(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924153022.2255299-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit abc0742c79bdb3b164eacab24aea0916d2ec1cb5) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_hdcp.c b/drivers/gpu/drm/i915/display/intel_hdcp.c index 6980b98792c2..377939de0ff4 100644 --- a/drivers/gpu/drm/i915/display/intel_hdcp.c +++ b/drivers/gpu/drm/i915/display/intel_hdcp.c @@ -1094,7 +1094,8 @@ static void intel_hdcp_update_value(struct intel_connector *connector, hdcp->value = value; if (update_property) { drm_connector_get(&connector->base); - queue_work(i915->unordered_wq, &hdcp->prop_work); + if (!queue_work(i915->unordered_wq, &hdcp->prop_work)) + drm_connector_put(&connector->base); } } @@ -2524,7 +2525,8 @@ void intel_hdcp_update_pipe(struct intel_atomic_state *state, mutex_lock(&hdcp->mutex); hdcp->value = DRM_MODE_CONTENT_PROTECTION_DESIRED; drm_connector_get(&connector->base); - queue_work(i915->unordered_wq, &hdcp->prop_work); + if (!queue_work(i915->unordered_wq, &hdcp->prop_work)) + drm_connector_put(&connector->base); mutex_unlock(&hdcp->mutex); } @@ -2541,7 +2543,9 @@ void intel_hdcp_update_pipe(struct intel_atomic_state *state, */ if (!desired_and_not_enabled && !content_protection_type_changed) { drm_connector_get(&connector->base); - queue_work(i915->unordered_wq, &hdcp->prop_work); + if (!queue_work(i915->unordered_wq, &hdcp->prop_work)) + drm_connector_put(&connector->base); + } }

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/hdcp: fix connector refcounting" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4cc2718f621a6a57a02581125bb6d914ce74d23b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101404-ferment-uptight-0034@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 4cc2718f621a ("drm/i915/hdcp: fix connector refcounting") 848a4e5c096d ("drm/i915: add a dedicated workqueue inside drm_i915_private") f48eab290287 ("drm/i915/dp: Add link training debug and error printing helpers") f60500f31e99 ("drm/i915/display/dp: 128/132b LT requirement") 40053823baad ("drm/i915/display: move modeset probe/remove functions to intel_display_driver.c") 15e4f0b541d4 ("drm/i915/display: rename intel_modeset_probe_defer() -> intel_display_driver_probe_defer()") ff2c80be1a00 ("drm/i915/display: move intel_modeset_probe_defer() to intel_display_driver.[ch]") 77316e755213 ("drm/i915/display: start high level display driver file") 99cfbed19d06 ("drm/i915/vrr: Relocate VRR enable/disable") ecaeecea9263 ("drm/i915/vrr: Tell intel_crtc_update_active_timings() about VRR explicitly") fa9e4fce52ec ("drm/i915/vrr: Make delayed vblank operational in VRR mode on adl/dg2") b25e07419fee ("drm/i915/vrr: Eliminate redundant function arguments") 6a9856075563 ("drm/i915: Generalize planes_{enabling,disabling}()") c5de248484af ("drm/i915/dpt: Add a modparam to disable DPT via the chicken bit") 5a08585d38d6 ("drm/i915: Add PLANE_CHICKEN registers") 1a324a40b452 ("i915/display/dp: SDP CRC16 for 128b132b link layer") b5202a93cd37 ("drm/i915: Extract intel_crtc_scanline_offset()") 84f4ebe8c1ab ("drm/i915: Relocate intel_crtc_update_active_timings()") 6e8acb6686d8 ("drm/i915: Add belts and suspenders locking for seamless M/N changes") 8cb1f95cca68 ("drm/i915: Update vblank timestamping stuff on seamless M/N change") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4cc2718f621a6a57a02581125bb6d914ce74d23b Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Tue, 24 Sep 2024 18:30:22 +0300 Subject: [PATCH] drm/i915/hdcp: fix connector refcounting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We acquire a connector reference before scheduling an HDCP prop work, and expect the work function to release the reference. However, if the work was already queued, it won't be queued multiple times, and the reference is not dropped. Release the reference immediately if the work was already queued. Fixes: a6597faa2d59 ("drm/i915: Protect workers against disappearing connectors") Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Suraj Kandpal <suraj.kandpal(a)intel.com> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: stable(a)vger.kernel.org # v5.10+ Reviewed-by: Suraj Kandpal <suraj.kandpal(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924153022.2255299-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit abc0742c79bdb3b164eacab24aea0916d2ec1cb5) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_hdcp.c b/drivers/gpu/drm/i915/display/intel_hdcp.c index 6980b98792c2..377939de0ff4 100644 --- a/drivers/gpu/drm/i915/display/intel_hdcp.c +++ b/drivers/gpu/drm/i915/display/intel_hdcp.c @@ -1094,7 +1094,8 @@ static void intel_hdcp_update_value(struct intel_connector *connector, hdcp->value = value; if (update_property) { drm_connector_get(&connector->base); - queue_work(i915->unordered_wq, &hdcp->prop_work); + if (!queue_work(i915->unordered_wq, &hdcp->prop_work)) + drm_connector_put(&connector->base); } } @@ -2524,7 +2525,8 @@ void intel_hdcp_update_pipe(struct intel_atomic_state *state, mutex_lock(&hdcp->mutex); hdcp->value = DRM_MODE_CONTENT_PROTECTION_DESIRED; drm_connector_get(&connector->base); - queue_work(i915->unordered_wq, &hdcp->prop_work); + if (!queue_work(i915->unordered_wq, &hdcp->prop_work)) + drm_connector_put(&connector->base); mutex_unlock(&hdcp->mutex); } @@ -2541,7 +2543,9 @@ void intel_hdcp_update_pipe(struct intel_atomic_state *state, */ if (!desired_and_not_enabled && !content_protection_type_changed) { drm_connector_get(&connector->base); - queue_work(i915->unordered_wq, &hdcp->prop_work); + if (!queue_work(i915->unordered_wq, &hdcp->prop_work)) + drm_connector_put(&connector->base); + } }

8 months, 1 week

1
0
0 0

Re: Patch "cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons" has been added to the 6.6-stable tree

by Dhananjay Ugwekar

Hello, This patch is only needed post the commit cpufreq: amd-pstate: Unify computation of {max,min,nominal,lowest_nonlinear}_freq. Hence, please do not add it to the 6.6 stable tree. Thanks, Dhananjay On 10/11/2024 5:48 AM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > cpufreq-amd-pstate-ut-convert-nominal_freq-to-khz-du.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 09778adee7fa70b5efeaefd17a6e0a0b9d7de62e > Author: Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> > Date: Tue Jul 2 08:14:13 2024 +0000 > > cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons > > [ Upstream commit f21ab5ed4e8758b06230900f44b9dcbcfdc0c3ae ] > > cpudata->nominal_freq being in MHz whereas other frequencies being in > KHz breaks the amd-pstate-ut frequency sanity check. This fixes it. > > Fixes: e4731baaf294 ("cpufreq: amd-pstate: Fix the inconsistency in max frequency units") > Reported-by: David Arcari <darcari(a)redhat.com> > Signed-off-by: Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> > Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> > Reviewed-by: Gautham R. Shenoy <gautham.shenoy(a)amd.com> > Link: https://lore.kernel.org/r/20240702081413.5688-2-Dhananjay.Ugwekar@amd.com > Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/cpufreq/amd-pstate-ut.c b/drivers/cpufreq/amd-pstate-ut.c > index f04ae67dda372..f5e0151f50083 100644 > --- a/drivers/cpufreq/amd-pstate-ut.c > +++ b/drivers/cpufreq/amd-pstate-ut.c > @@ -201,6 +201,7 @@ static void amd_pstate_ut_check_freq(u32 index) > int cpu = 0; > struct cpufreq_policy *policy = NULL; > struct amd_cpudata *cpudata = NULL; > + u32 nominal_freq_khz; > > for_each_possible_cpu(cpu) { > policy = cpufreq_cpu_get(cpu); > @@ -208,13 +209,14 @@ static void amd_pstate_ut_check_freq(u32 index) > break; > cpudata = policy->driver_data; > > - if (!((cpudata->max_freq >= cpudata->nominal_freq) && > - (cpudata->nominal_freq > cpudata->lowest_nonlinear_freq) && > + nominal_freq_khz = cpudata->nominal_freq*1000; > + if (!((cpudata->max_freq >= nominal_freq_khz) && > + (nominal_freq_khz > cpudata->lowest_nonlinear_freq) && > (cpudata->lowest_nonlinear_freq > cpudata->min_freq) && > (cpudata->min_freq > 0))) { > amd_pstate_ut_cases[index].result = AMD_PSTATE_UT_RESULT_FAIL; > pr_err("%s cpu%d max=%d >= nominal=%d > lowest_nonlinear=%d > min=%d > 0, the formula is incorrect!\n", > - __func__, cpu, cpudata->max_freq, cpudata->nominal_freq, > + __func__, cpu, cpudata->max_freq, nominal_freq_khz, > cpudata->lowest_nonlinear_freq, cpudata->min_freq); > goto skip_test; > } > @@ -228,13 +230,13 @@ static void amd_pstate_ut_check_freq(u32 index) > > if (cpudata->boost_supported) { > if ((policy->max == cpudata->max_freq) || > - (policy->max == cpudata->nominal_freq)) > + (policy->max == nominal_freq_khz)) > amd_pstate_ut_cases[index].result = AMD_PSTATE_UT_RESULT_PASS; > else { > amd_pstate_ut_cases[index].result = AMD_PSTATE_UT_RESULT_FAIL; > pr_err("%s cpu%d policy_max=%d should be equal cpu_max=%d or cpu_nominal=%d !\n", > __func__, cpu, policy->max, cpudata->max_freq, > - cpudata->nominal_freq); > + nominal_freq_khz); > goto skip_test; > } > } else {

8 months, 1 week

2
2
0 0

FAILED: patch "[PATCH] usb: dwc3: core: Stop processing of pending events if" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 0d410e8913f5cffebcca79ffdd596009d4a13a28 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024101439-storable-submerge-797a@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d410e8913f5cffebcca79ffdd596009d4a13a28 Mon Sep 17 00:00:00 2001 From: Selvarasu Ganesan <selvarasu.g(a)samsung.com> Date: Tue, 17 Sep 2024 04:48:09 +0530 Subject: [PATCH] usb: dwc3: core: Stop processing of pending events if controller is halted This commit addresses an issue where events were being processed when the controller was in a halted state. To fix this issue by stop processing the events as the event count was considered stale or invalid when the controller was halted. Fixes: fc8bb91bc83e ("usb: dwc3: implement runtime PM") Cc: stable(a)kernel.org Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com> Suggested-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Link: https://lore.kernel.org/r/20240916231813.206-1-selvarasu.g@samsung.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 40611a5511c1..21740e2b8f07 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -544,6 +544,7 @@ static int dwc3_alloc_event_buffers(struct dwc3 *dwc, unsigned int length) int dwc3_event_buffers_setup(struct dwc3 *dwc) { struct dwc3_event_buffer *evt; + u32 reg; if (!dwc->ev_buf) return 0; @@ -556,8 +557,10 @@ int dwc3_event_buffers_setup(struct dwc3 *dwc) upper_32_bits(evt->dma)); dwc3_writel(dwc->regs, DWC3_GEVNTSIZ(0), DWC3_GEVNTSIZ_SIZE(evt->length)); - dwc3_writel(dwc->regs, DWC3_GEVNTCOUNT(0), 0); + /* Clear any stale event */ + reg = dwc3_readl(dwc->regs, DWC3_GEVNTCOUNT(0)); + dwc3_writel(dwc->regs, DWC3_GEVNTCOUNT(0), reg); return 0; } @@ -584,7 +587,10 @@ void dwc3_event_buffers_cleanup(struct dwc3 *dwc) dwc3_writel(dwc->regs, DWC3_GEVNTADRHI(0), 0); dwc3_writel(dwc->regs, DWC3_GEVNTSIZ(0), DWC3_GEVNTSIZ_INTMASK | DWC3_GEVNTSIZ_SIZE(0)); - dwc3_writel(dwc->regs, DWC3_GEVNTCOUNT(0), 0); + + /* Clear any stale event */ + reg = dwc3_readl(dwc->regs, DWC3_GEVNTCOUNT(0)); + dwc3_writel(dwc->regs, DWC3_GEVNTCOUNT(0), reg); } static void dwc3_core_num_eps(struct dwc3 *dwc) @@ -2499,7 +2505,11 @@ static int dwc3_runtime_resume(struct device *dev) switch (dwc->current_dr_role) { case DWC3_GCTL_PRTCAP_DEVICE: - dwc3_gadget_process_pending_events(dwc); + if (dwc->pending_events) { + pm_runtime_put(dwc->dev); + dwc->pending_events = false; + enable_irq(dwc->irq_gadget); + } break; case DWC3_GCTL_PRTCAP_HOST: default: @@ -2587,6 +2597,12 @@ static void dwc3_complete(struct device *dev) static const struct dev_pm_ops dwc3_dev_pm_ops = { SET_SYSTEM_SLEEP_PM_OPS(dwc3_suspend, dwc3_resume) .complete = dwc3_complete, + + /* + * Runtime suspend halts the controller on disconnection. It relies on + * platforms with custom connection notification to start the controller + * again. + */ SET_RUNTIME_PM_OPS(dwc3_runtime_suspend, dwc3_runtime_resume, dwc3_runtime_idle) }; diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index c71240e8f7c7..9c508e0c5cdf 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1675,7 +1675,6 @@ static inline void dwc3_otg_host_init(struct dwc3 *dwc) #if !IS_ENABLED(CONFIG_USB_DWC3_HOST) int dwc3_gadget_suspend(struct dwc3 *dwc); int dwc3_gadget_resume(struct dwc3 *dwc); -void dwc3_gadget_process_pending_events(struct dwc3 *dwc); #else static inline int dwc3_gadget_suspend(struct dwc3 *dwc) { @@ -1687,9 +1686,6 @@ static inline int dwc3_gadget_resume(struct dwc3 *dwc) return 0; } -static inline void dwc3_gadget_process_pending_events(struct dwc3 *dwc) -{ -} #endif /* !IS_ENABLED(CONFIG_USB_DWC3_HOST) */ #if IS_ENABLED(CONFIG_USB_DWC3_ULPI) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 291bc549935b..10178e5eda5a 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4728,14 +4728,3 @@ int dwc3_gadget_resume(struct dwc3 *dwc) return dwc3_gadget_soft_connect(dwc); } - -void dwc3_gadget_process_pending_events(struct dwc3 *dwc) -{ - if (dwc->pending_events) { - dwc3_interrupt(dwc->irq_gadget, dwc->ev_buf); - dwc3_thread_interrupt(dwc->irq_gadget, dwc->ev_buf); - pm_runtime_put(dwc->dev); - dwc->pending_events = false; - enable_irq(dwc->irq_gadget); - } -}

8 months, 1 week

1
0
0 0

Re: [PATCH v3 net-next 1/2] net: fec: Move `fec_ptp_read()` to the top of the file

by Csókás Bence

Hi, I just noticed this series' `Fixes:` tag was dropped when it was committed. However, we believe it should be considered for backporting to stable, so let this be a heads-up to the stable team. Bence On 2024. 08. 14. 4:30, patchwork-bot+netdevbpf(a)kernel.org wrote: > Hello: > > This series was applied to netdev/net-next.git (main) > by Jakub Kicinski <kuba(a)kernel.org>: > > On Mon, 12 Aug 2024 11:47:13 +0200 you wrote: >> This function is used in `fec_ptp_enable_pps()` through >> struct cyclecounter read(). Moving the declaration makes >> it clearer, what's happening. >> >> Fixes: 61d5e2a251fb ("fec: Fix timer capture timing in `fec_ptp_enable_pps()`") >> Suggested-by: Frank Li <Frank.li(a)nxp.com> >> Link: https://lore.kernel.org/netdev/20240805144754.2384663-1-csokas.bence@prolan… >> Signed-off-by: Csókás, Bence <csokas.bence(a)prolan.hu> >> >> [...] > > Here is the summary with links: > - [v3,net-next,1/2] net: fec: Move `fec_ptp_read()` to the top of the file > https://git.kernel.org/netdev/net-next/c/4374a1fe580a > - [v3,net-next,2/2] net: fec: Remove duplicated code > https://git.kernel.org/netdev/net-next/c/713ebaed68d8 > > You are awesome, thank you!

8 months, 1 week

2
1
0 0

[PATCH v3 2/2] staging: vchiq_arm: Utilize devm_kzalloc() for allocation

by Umang Jain

The struct drv_mgmt 'mgmt' is currently allocated dynamically using kzalloc(). Unfortunately, it is subjected to memory leaks in the error handling paths of the probe() function. To address this issue, use device resource management helper devm_kzalloc(), to ensure cleanup after the allocation. Cc: stable(a)vger.kernel.org Fixes: 1c9e16b73166 ("staging: vc04_services: vchiq_arm: Split driver static and runtime data") Signed-off-by: Umang Jain <umang.jain(a)ideasonboard.com> --- drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c index 7ece82c361ee..8412be7183fc 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c @@ -1343,7 +1343,7 @@ static int vchiq_probe(struct platform_device *pdev) return -ENOENT; } - mgmt = kzalloc(sizeof(*mgmt), GFP_KERNEL); + mgmt = devm_kzalloc(&pdev->dev, sizeof(*mgmt), GFP_KERNEL); if (!mgmt) return -ENOMEM; @@ -1397,8 +1397,6 @@ static void vchiq_remove(struct platform_device *pdev) arm_state = vchiq_platform_get_arm_state(&mgmt->state); kthread_stop(arm_state->ka_thread); - - kfree(mgmt); } static struct platform_driver vchiq_driver = { -- 2.45.2

8 months, 1 week

1
0
0 0

[PATCH v3 1/2] staging: vchiq_arm: Utilise devm_kzalloc() for allocation

by Umang Jain

The struct vchiq_arm_state 'platform_state' is currently allocated dynamically using kzalloc(). Unfortunately, it is never freed and is subjected to memory leaks in the error handling paths of the probe() function. To address the issue, use device resource management helper devm_kzalloc(), to ensure cleanup after its allocation. Fixes: 71bad7f08641 ("staging: add bcm2708 vchiq driver") Cc: stable(a)vger.kernel.org Signed-off-by: Umang Jain <umang.jain(a)ideasonboard.com> --- drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c index af623ad87c15..7ece82c361ee 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c @@ -285,7 +285,7 @@ vchiq_platform_init_state(struct vchiq_state *state) { struct vchiq_arm_state *platform_state; - platform_state = kzalloc(sizeof(*platform_state), GFP_KERNEL); + platform_state = devm_kzalloc(state->dev, sizeof(*platform_state), GFP_KERNEL); if (!platform_state) return -ENOMEM; -- 2.45.2

8 months, 1 week

1
0
0 0

Re: Patch "Revert "mm/filemap: avoid buffered read/write race to read inconsistent data"" has been added to the 6.6-stable tree

by Baokun Li

On 2024/10/11 8:17, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > Revert "mm/filemap: avoid buffered read/write race to read inconsistent data" > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > revert-mm-filemap-avoid-buffered-read-write-race-to-.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Hi Sasha, The current patch is a cleanup after adding smp_load_acquire/store_release() to i_size_read/write(). In my opinion stable versions continue to use smp_rmb just fine, no need to backport the current patch to stable. In addition, the current patch belongs to a patch set: https://lore.kernel.org/all/20240124142857.4146716-1-libaokun1@huawei.com/ If the current patch does need to be backported to stable, then the entire patch set needs to be backported or problems will be introduced. All the patches in the patch set are listed below: d8f899d13d72 ("fs: make the i_size_read/write helpers be smp_load_acquire/store_release()") 4b944f8ef996 ("Revert "mm/filemap: avoid buffered read/write race to read inconsistent data"") ad72872eb3ae ("asm-generic: remove extra type checking in acquire/release for non-SMP case") Thanks, Baokun > > commit d87bcb0965636a9b665231560ce147d06a7a18d8 > Author: Baokun Li <libaokun1(a)huawei.com> > Date: Wed Jan 24 22:28:56 2024 +0800 > > Revert "mm/filemap: avoid buffered read/write race to read inconsistent data" > > [ Upstream commit 4b944f8ef99641d5af287c7d9df91d20ef5d3e88 ] > > This reverts commit e2c27b803bb6 ("mm/filemap: avoid buffered read/write > race to read inconsistent data"). After making the i_size_read/write > helpers be smp_load_acquire/store_release(), it is already guaranteed that > changes to page contents are visible before we see increased inode size, > so the extra smp_rmb() in filemap_read() can be removed. > > Signed-off-by: Baokun Li <libaokun1(a)huawei.com> > Link: https://lore.kernel.org/r/20240124142857.4146716-3-libaokun1@huawei.com > Signed-off-by: Christian Brauner <brauner(a)kernel.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/mm/filemap.c b/mm/filemap.c > index e6c112f3a211f..cd028f3be6026 100644 > --- a/mm/filemap.c > +++ b/mm/filemap.c > @@ -2694,15 +2694,6 @@ ssize_t filemap_read(struct kiocb *iocb, struct iov_iter *iter, > goto put_folios; > end_offset = min_t(loff_t, isize, iocb->ki_pos + iter->count); > > - /* > - * Pairs with a barrier in > - * block_write_end()->mark_buffer_dirty() or other page > - * dirtying routines like iomap_write_end() to ensure > - * changes to page contents are visible before we see > - * increased inode size. > - */ > - smp_rmb(); > - > /* > * Once we start copying data, we don't want to be touching any > * cachelines that might be contended:

8 months, 1 week

2
1
0 0

[PATCH v2 0/2] staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node

by Javier Carrasco

This series refactors some useless goto instructions as a preparation for the fix of a missing of_node_put() by means of the cleanup attribute. Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Changes in v2: - Refactor vchiq_probe() to remove goto instructions. - Declare and initialize the node right before its first usage. - Link to v1: https://lore.kernel.org/r/20241013-vchiq_arm-of_node_put-v1-1-f72b2a6e47d0@… --- Javier Carrasco (2): staging: vchiq_arm: refactor goto instructions in vchiq_probe() staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) --- base-commit: d61a00525464bfc5fe92c6ad713350988e492b88 change-id: 20241013-vchiq_arm-of_node_put-60a5eaaafd70 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

8 months, 1 week

3
3
0 0

[PATCH RESEND v3 3/3] block: fix ordering between checking BLK_MQ_S_STOPPED and adding requests

by Muchun Song

Supposing first scenario with a virtio_blk driver. CPU0 CPU1 blk_mq_try_issue_directly() __blk_mq_issue_directly() q->mq_ops->queue_rq() virtio_queue_rq() blk_mq_stop_hw_queue() virtblk_done() blk_mq_request_bypass_insert() 1) store blk_mq_start_stopped_hw_queue() clear_bit(BLK_MQ_S_STOPPED) 3) store blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) 4) load return blk_mq_sched_dispatch_requests() blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) return blk_mq_sched_dispatch_requests() if (blk_mq_hctx_stopped()) 2) load return __blk_mq_sched_dispatch_requests() Supposing another scenario. CPU0 CPU1 blk_mq_requeue_work() blk_mq_insert_request() 1) store virtblk_done() blk_mq_start_stopped_hw_queue() blk_mq_run_hw_queues() clear_bit(BLK_MQ_S_STOPPED) 3) store blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) 4) load return blk_mq_sched_dispatch_requests() if (blk_mq_hctx_stopped()) 2) load continue blk_mq_run_hw_queue() Both scenarios are similar, the full memory barrier should be inserted between 1) and 2), as well as between 3) and 4) to make sure that either CPU0 sees BLK_MQ_S_STOPPED is cleared or CPU1 sees dispatch list. Otherwise, either CPU will not rerun the hardware queue causing starvation of the request. The easy way to fix it is to add the essential full memory barrier into helper of blk_mq_hctx_stopped(). In order to not affect the fast path (hardware queue is not stopped most of the time), we only insert the barrier into the slow path. Actually, only slow path needs to care about missing of dispatching the request to the low-level device driver. Fixes: 320ae51feed5 ("blk-mq: new multi-queue block IO queueing mechanism") Cc: stable(a)vger.kernel.org Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-mq.c | 6 ++++++ block/blk-mq.h | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/block/blk-mq.c b/block/blk-mq.c index ff6df6c7eeb25..b90c1680cb780 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2413,6 +2413,12 @@ void blk_mq_start_stopped_hw_queue(struct blk_mq_hw_ctx *hctx, bool async) return; clear_bit(BLK_MQ_S_STOPPED, &hctx->state); + /* + * Pairs with the smp_mb() in blk_mq_hctx_stopped() to order the + * clearing of BLK_MQ_S_STOPPED above and the checking of dispatch + * list in the subsequent routine. + */ + smp_mb__after_atomic(); blk_mq_run_hw_queue(hctx, async); } EXPORT_SYMBOL_GPL(blk_mq_start_stopped_hw_queue); diff --git a/block/blk-mq.h b/block/blk-mq.h index 260beea8e332c..f36f3bff70d86 100644 --- a/block/blk-mq.h +++ b/block/blk-mq.h @@ -228,6 +228,19 @@ static inline struct blk_mq_tags *blk_mq_tags_from_data(struct blk_mq_alloc_data static inline bool blk_mq_hctx_stopped(struct blk_mq_hw_ctx *hctx) { + /* Fast path: hardware queue is not stopped most of the time. */ + if (likely(!test_bit(BLK_MQ_S_STOPPED, &hctx->state))) + return false; + + /* + * This barrier is used to order adding of dispatch list before and + * the test of BLK_MQ_S_STOPPED below. Pairs with the memory barrier + * in blk_mq_start_stopped_hw_queue() so that dispatch code could + * either see BLK_MQ_S_STOPPED is cleared or dispatch list is not + * empty to avoid missing dispatching requests. + */ + smp_mb(); + return test_bit(BLK_MQ_S_STOPPED, &hctx->state); } -- 2.20.1

8 months, 1 week

1
0
0 0

[PATCH RESEND v3 2/3] block: fix ordering between checking QUEUE_FLAG_QUIESCED and adding requests

by Muchun Song

Supposing the following scenario. CPU0 CPU1 blk_mq_insert_request() 1) store blk_mq_unquiesce_queue() blk_queue_flag_clear() 3) store blk_mq_run_hw_queues() blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) 4) load return blk_mq_run_hw_queue() if (blk_queue_quiesced()) 2) load return blk_mq_sched_dispatch_requests() The full memory barrier should be inserted between 1) and 2), as well as between 3) and 4) to make sure that either CPU0 sees QUEUE_FLAG_QUIESCED is cleared or CPU1 sees dispatch list or setting of bitmap of software queue. Otherwise, either CPU will not rerun the hardware queue causing starvation. So the first solution is to 1) add a pair of memory barrier to fix the problem, another solution is to 2) use hctx->queue->queue_lock to synchronize QUEUE_FLAG_QUIESCED. Here, we chose 2) to fix it since memory barrier is not easy to be maintained. Fixes: f4560ffe8cec ("blk-mq: use QUEUE_FLAG_QUIESCED to quiesce queue") Cc: stable(a)vger.kernel.org Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-mq.c | 47 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/block/blk-mq.c b/block/blk-mq.c index b2d0f22de0c7f..ff6df6c7eeb25 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2202,6 +2202,24 @@ void blk_mq_delay_run_hw_queue(struct blk_mq_hw_ctx *hctx, unsigned long msecs) } EXPORT_SYMBOL(blk_mq_delay_run_hw_queue); +static inline bool blk_mq_hw_queue_need_run(struct blk_mq_hw_ctx *hctx) +{ + bool need_run; + + /* + * When queue is quiesced, we may be switching io scheduler, or + * updating nr_hw_queues, or other things, and we can't run queue + * any more, even blk_mq_hctx_has_pending() can't be called safely. + * + * And queue will be rerun in blk_mq_unquiesce_queue() if it is + * quiesced. + */ + __blk_mq_run_dispatch_ops(hctx->queue, false, + need_run = !blk_queue_quiesced(hctx->queue) && + blk_mq_hctx_has_pending(hctx)); + return need_run; +} + /** * blk_mq_run_hw_queue - Start to run a hardware queue. * @hctx: Pointer to the hardware queue to run. @@ -2222,20 +2240,23 @@ void blk_mq_run_hw_queue(struct blk_mq_hw_ctx *hctx, bool async) might_sleep_if(!async && hctx->flags & BLK_MQ_F_BLOCKING); - /* - * When queue is quiesced, we may be switching io scheduler, or - * updating nr_hw_queues, or other things, and we can't run queue - * any more, even __blk_mq_hctx_has_pending() can't be called safely. - * - * And queue will be rerun in blk_mq_unquiesce_queue() if it is - * quiesced. - */ - __blk_mq_run_dispatch_ops(hctx->queue, false, - need_run = !blk_queue_quiesced(hctx->queue) && - blk_mq_hctx_has_pending(hctx)); + need_run = blk_mq_hw_queue_need_run(hctx); + if (!need_run) { + unsigned long flags; - if (!need_run) - return; + /* + * Synchronize with blk_mq_unquiesce_queue(), because we check + * if hw queue is quiesced locklessly above, we need the use + * ->queue_lock to make sure we see the up-to-date status to + * not miss rerunning the hw queue. + */ + spin_lock_irqsave(&hctx->queue->queue_lock, flags); + need_run = blk_mq_hw_queue_need_run(hctx); + spin_unlock_irqrestore(&hctx->queue->queue_lock, flags); + + if (!need_run) + return; + } if (async || !cpumask_test_cpu(raw_smp_processor_id(), hctx->cpumask)) { blk_mq_delay_run_hw_queue(hctx, 0); -- 2.20.1

8 months, 1 week

1
0
0 0

[PATCH RESEND v3 1/3] block: fix missing dispatching request when queue is started or unquiesced

by Muchun Song

Supposing the following scenario with a virtio_blk driver. CPU0 CPU1 CPU2 blk_mq_try_issue_directly() __blk_mq_issue_directly() q->mq_ops->queue_rq() virtio_queue_rq() blk_mq_stop_hw_queue() virtblk_done() blk_mq_try_issue_directly() if (blk_mq_hctx_stopped()) blk_mq_request_bypass_insert() blk_mq_run_hw_queue() blk_mq_run_hw_queue() blk_mq_run_hw_queue() blk_mq_insert_request() return After CPU0 has marked the queue as stopped, CPU1 will see the queue is stopped. But before CPU1 puts the request on the dispatch list, CPU2 receives the interrupt of completion of request, so it will run the hardware queue and marks the queue as non-stopped. Meanwhile, CPU1 also runs the same hardware queue. After both CPU1 and CPU2 complete blk_mq_run_hw_queue(), CPU1 just puts the request to the same hardware queue and returns. It misses dispatching a request. Fix it by running the hardware queue explicitly. And blk_mq_request_issue_directly() should handle a similar situation. Fix it as well. Fixes: d964f04a8fde ("blk-mq: fix direct issue") Cc: stable(a)vger.kernel.org Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-mq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/block/blk-mq.c b/block/blk-mq.c index e3c3c0c21b553..b2d0f22de0c7f 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2619,6 +2619,7 @@ static void blk_mq_try_issue_directly(struct blk_mq_hw_ctx *hctx, if (blk_mq_hctx_stopped(hctx) || blk_queue_quiesced(rq->q)) { blk_mq_insert_request(rq, 0); + blk_mq_run_hw_queue(hctx, false); return; } @@ -2649,6 +2650,7 @@ static blk_status_t blk_mq_request_issue_directly(struct request *rq, bool last) if (blk_mq_hctx_stopped(hctx) || blk_queue_quiesced(rq->q)) { blk_mq_insert_request(rq, 0); + blk_mq_run_hw_queue(hctx, false); return BLK_STS_OK; } -- 2.20.1

8 months, 1 week

1
0
0 0

[PATCH] staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node

by Javier Carrasco

An error path was introduced without including the required call to of_node_put() to decrement the node's refcount and avoid leaking memory. If the call to kzalloc() for 'mgmt' fails, the probe returns without decrementing the refcount. Use the automatic cleanup facility to fix the bug and protect the code against new error paths where the call to of_node_put() might be missing again. Cc: stable(a)vger.kernel.org Fixes: 1c9e16b73166 ("staging: vc04_services: vchiq_arm: Split driver static and runtime data") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c index 27ceaac8f6cc..792cf3a807e1 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c @@ -1332,7 +1332,8 @@ MODULE_DEVICE_TABLE(of, vchiq_of_match); static int vchiq_probe(struct platform_device *pdev) { - struct device_node *fw_node; + struct device_node *fw_node __free(device_node) = + of_find_compatible_node(NULL, NULL, "raspberrypi,bcm2835-firmware"); const struct vchiq_platform_info *info; struct vchiq_drv_mgmt *mgmt; int ret; @@ -1341,8 +1342,6 @@ static int vchiq_probe(struct platform_device *pdev) if (!info) return -EINVAL; - fw_node = of_find_compatible_node(NULL, NULL, - "raspberrypi,bcm2835-firmware"); if (!fw_node) { dev_err(&pdev->dev, "Missing firmware node\n"); return -ENOENT; @@ -1353,7 +1352,6 @@ static int vchiq_probe(struct platform_device *pdev) return -ENOMEM; mgmt->fw = devm_rpi_firmware_get(&pdev->dev, fw_node); - of_node_put(fw_node); if (!mgmt->fw) return -EPROBE_DEFER; --- base-commit: d61a00525464bfc5fe92c6ad713350988e492b88 change-id: 20241013-vchiq_arm-of_node_put-60a5eaaafd70 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

8 months, 1 week

5
12
0 0

[PATCH 0/2] s390: two bugfixes (for kunit)

by Thomas Weißschuh

When trying to use kunit for s390 with ./tools/testing/kunit/kunit.py run --arch=s390 --kunitconfig drivers/base/test --cross_compile=$CROSS_COMPILE I ran into some bugs. Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> --- Thomas Weißschuh (2): s390/sclp: deactivate sclp after all its users s390/sclp_vt220: convert newlines to CRLF instead of LFCR drivers/s390/char/sclp.c | 3 ++- drivers/s390/char/sclp_vt220.c | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) --- base-commit: 6485cf5ea253d40d507cd71253c9568c5470cd27 change-id: 20241014-s390-kunit-47cbc26a99e6 Best regards, -- Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>

8 months, 1 week

3
4
0 0

[PATCH] staging: vchiq_arm: Utilize devm_kzalloc in the probe() function

by Umang Jain

The two resources, 'mgmt' and 'platform_state' are currently allocated dynamically using kzalloc(). Unfortunately, both are subject to memory leaks in the error handling paths of the probe() function. To address this issue, use device resource management helper devm_kzalloc() for proper cleanup during allocation. Cc: stable(a)vger.kernel.org Fixes: 1c9e16b73166 ("staging: vc04_services: vchiq_arm: Split driver static and runtime data") Signed-off-by: Umang Jain <umang.jain(a)ideasonboard.com> --- .../staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c index 29e78700463f..373cfdd5b020 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c @@ -285,7 +285,7 @@ vchiq_platform_init_state(struct vchiq_state *state) { struct vchiq_arm_state *platform_state; - platform_state = kzalloc(sizeof(*platform_state), GFP_KERNEL); + platform_state = devm_kzalloc(state->dev, sizeof(*platform_state), GFP_KERNEL); if (!platform_state) return -ENOMEM; @@ -1344,7 +1344,7 @@ static int vchiq_probe(struct platform_device *pdev) return -ENOENT; } - mgmt = kzalloc(sizeof(*mgmt), GFP_KERNEL); + mgmt = devm_kzalloc(&pdev->dev, sizeof(*mgmt), GFP_KERNEL); if (!mgmt) return -ENOMEM; @@ -1402,8 +1402,6 @@ static void vchiq_remove(struct platform_device *pdev) arm_state = vchiq_platform_get_arm_state(&mgmt->state); kthread_stop(arm_state->ka_thread); - - kfree(mgmt); } static struct platform_driver vchiq_driver = { -- 2.45.2

8 months, 1 week

1
1
0 0

[PATCH v4 03/12] drm/fbdev-dma: Select FB_DEFERRED_IO

by Thomas Zimmermann

Commit 808a40b69468 ("drm/fbdev-dma: Implement damage handling and deferred I/O") added deferred I/O for fbdev-dma. Also select the Kconfig symbol FB_DEFERRED_IO (via FB_DMAMEM_HELPERS_DEFERRED). Fixes build errors about missing fbdefio, such as drivers/gpu/drm/drm_fbdev_dma.c:218:26: error: 'struct drm_fb_helper' has no member named 'fbdefio' 218 | fb_helper->fbdefio.delay = HZ / 20; | ^~ drivers/gpu/drm/drm_fbdev_dma.c:219:26: error: 'struct drm_fb_helper' has no member named 'fbdefio' 219 | fb_helper->fbdefio.deferred_io = drm_fb_helper_deferred_io; | ^~ drivers/gpu/drm/drm_fbdev_dma.c:221:21: error: 'struct fb_info' has no member named 'fbdefio' 221 | info->fbdefio = &fb_helper->fbdefio; | ^~ drivers/gpu/drm/drm_fbdev_dma.c:221:43: error: 'struct drm_fb_helper' has no member named 'fbdefio' 221 | info->fbdefio = &fb_helper->fbdefio; | ^~ Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202410050241.Mox9QRjP-lkp@intel.com/ Fixes: 808a40b69468 ("drm/fbdev-dma: Implement damage handling and deferred I/O") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: <stable(a)vger.kernel.org> # v6.11+ Reviewed-by: Jonathan Cavitt <jonathan.cavitt(a)intel.com> --- drivers/gpu/drm/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig index 1df4e627e3d3..db2e206a117c 100644 --- a/drivers/gpu/drm/Kconfig +++ b/drivers/gpu/drm/Kconfig @@ -338,7 +338,7 @@ config DRM_TTM_HELPER config DRM_GEM_DMA_HELPER tristate depends on DRM - select FB_DMAMEM_HELPERS if DRM_FBDEV_EMULATION + select FB_DMAMEM_HELPERS_DEFERRED if DRM_FBDEV_EMULATION help Choose this if you need the GEM DMA helper functions -- 2.46.0

8 months, 1 week

1
0
0 0

[PATCH 5.4.y 0/2] tracing/kprobes: Backport request about

by Sherry Yang

The new test case which checks non unique symbol kprobe_non_uniq_symbol.tc failed because of missing kernel functionality support from commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols"). Backport it and its fix commit to 5.4.y together. Resolved minor context change conflicts. Andrii Nakryiko (1): tracing/kprobes: Fix symbol counting logic by looking at modules as well Francis Laniel (1): tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols kernel/trace/trace_kprobe.c | 76 +++++++++++++++++++++++++++++++++++++ kernel/trace/trace_probe.h | 1 + 2 files changed, 77 insertions(+) -- 2.46.0

8 months, 1 week

2
5
0 0

[PATCH 6.1] ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error

by Vitaliy Shevtsov

From: Ma Ke <make24(a)iscas.ac.cn> commit 3ff810b9bebe5578a245cfa97c252ab602e703f1 upstream. Return devm_of_clk_add_hw_provider() in order to transfer the error, if it fails due to resource allocation failure or device tree clock provider registration failure. Fixes: bdd229ab26be ("ASoC: rt5682s: Add driver for ALC5682I-VS codec") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Link: https://patch.msgid.link/20240717115436.3449492-1-make24@iscas.ac.cn Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> --- sound/soc/codecs/rt5682s.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sound/soc/codecs/rt5682s.c b/sound/soc/codecs/rt5682s.c index 80c673aa14db..07d514b4ce70 100644 --- a/sound/soc/codecs/rt5682s.c +++ b/sound/soc/codecs/rt5682s.c @@ -2828,7 +2828,9 @@ static int rt5682s_register_dai_clks(struct snd_soc_component *component) } if (dev->of_node) { - devm_of_clk_add_hw_provider(dev, of_clk_hw_simple_get, dai_clk_hw); + ret = devm_of_clk_add_hw_provider(dev, of_clk_hw_simple_get, dai_clk_hw); + if (ret) + return ret; } else { ret = devm_clk_hw_register_clkdev(dev, dai_clk_hw, init.name, dev_name(dev)); -- 2.46.2

8 months, 1 week

1
0
0 0

[PATCH v2] drm/xe/ufence: ufence can be signaled right after wait_woken

by Nirmoy Das

do_comapre() can return success after a timedout wait_woken() which was treated as -ETIME. The loop calling wait_woken() sets correct err so there is no need to re-evaluate err. v2: Remove entire check that reevaluate err at the end(Matt) Fixes: e670f0b4ef24 ("drm/xe/uapi: Return correct error code for xe_wait_user_fence_ioctl") Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1630 Cc: <stable(a)vger.kernel.org> # v6.8+ Cc: Bommu Krishnaiah <krishnaiah.bommu(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Nirmoy Das <nirmoy.das(a)intel.com> --- drivers/gpu/drm/xe/xe_wait_user_fence.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_wait_user_fence.c b/drivers/gpu/drm/xe/xe_wait_user_fence.c index d46fa8374980..f5deb81eba01 100644 --- a/drivers/gpu/drm/xe/xe_wait_user_fence.c +++ b/drivers/gpu/drm/xe/xe_wait_user_fence.c @@ -169,9 +169,6 @@ int xe_wait_user_fence_ioctl(struct drm_device *dev, void *data, args->timeout = 0; } - if (!timeout && !(err < 0)) - err = -ETIME; - if (q) xe_exec_queue_put(q); -- 2.46.0

8 months, 1 week

3
2
0 0

[PATCH v2 1/2] staging: vchiq_arm: Utilise devm_kzalloc() for allocation

by Umang Jain

The struct vchiq_arm_state 'platform_state' is currently allocated dynamically using kzalloc(). Unfortunately, it is never freed and is subjected to memory leaks in the error handling paths of the probe() function. To address the issue, use device resource management helper devm_kzalloc(), to ensure cleanup after its allocation. Cc: stable(a)vger.kernel.org Signed-off-by: Umang Jain <umang.jain(a)ideasonboard.com> --- drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c index 29e78700463f..146442a3552c 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c @@ -285,7 +285,7 @@ vchiq_platform_init_state(struct vchiq_state *state) { struct vchiq_arm_state *platform_state; - platform_state = kzalloc(sizeof(*platform_state), GFP_KERNEL); + platform_state = devm_kzalloc(state->dev, sizeof(*platform_state), GFP_KERNEL); if (!platform_state) return -ENOMEM; -- 2.45.2

8 months, 1 week

2
1
0 0

[PATCH v2 2/2] staging: vchiq_arm: Utilize devm_kzalloc() for allocation

by Umang Jain

The struct drv_mgmt 'mgmt' is currently allocated dynamically using kzalloc(). Unfortunately, it is subjected to memory leaks in the error handling paths of the probe() function. To address this issue, use device resource management helper devm_kzalloc(), to ensure cleanup after the allocation. Cc: stable(a)vger.kernel.org Fixes: 1c9e16b73166 ("staging: vc04_services: vchiq_arm: Split driver static and runtime data") Signed-off-by: Umang Jain <umang.jain(a)ideasonboard.com> --- drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c index 146442a3552c..373cfdd5b020 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c @@ -1344,7 +1344,7 @@ static int vchiq_probe(struct platform_device *pdev) return -ENOENT; } - mgmt = kzalloc(sizeof(*mgmt), GFP_KERNEL); + mgmt = devm_kzalloc(&pdev->dev, sizeof(*mgmt), GFP_KERNEL); if (!mgmt) return -ENOMEM; @@ -1402,8 +1402,6 @@ static void vchiq_remove(struct platform_device *pdev) arm_state = vchiq_platform_get_arm_state(&mgmt->state); kthread_stop(arm_state->ka_thread); - - kfree(mgmt); } static struct platform_driver vchiq_driver = { -- 2.45.2

8 months, 1 week

1
0
0 0

Re: Patch "cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons" has been added to the 6.1-stable tree

by Dhananjay Ugwekar

Hello, This patch is only needed post the commit cpufreq: amd-pstate: Unify computation of {max,min,nominal,lowest_nonlinear}_freq (https://github.com/torvalds/linux/commit/5547c0ebfc2efdab6ee93a7fd4d9c411ad…). Hence, please do not add it to the 6.1 stable tree. Thanks, Dhananjay On 10/11/2024 5:49 AM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > cpufreq-amd-pstate-ut-convert-nominal_freq-to-khz-du.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit f73b7329361c75898fc97abd91c86a12bfe34830 > Author: Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> > Date: Tue Jul 2 08:14:13 2024 +0000 > > cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons > > [ Upstream commit f21ab5ed4e8758b06230900f44b9dcbcfdc0c3ae ] > > cpudata->nominal_freq being in MHz whereas other frequencies being in > KHz breaks the amd-pstate-ut frequency sanity check. This fixes it. > > Fixes: e4731baaf294 ("cpufreq: amd-pstate: Fix the inconsistency in max frequency units") > Reported-by: David Arcari <darcari(a)redhat.com> > Signed-off-by: Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> > Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> > Reviewed-by: Gautham R. Shenoy <gautham.shenoy(a)amd.com> > Link: https://lore.kernel.org/r/20240702081413.5688-2-Dhananjay.Ugwekar@amd.com > Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/cpufreq/amd-pstate-ut.c b/drivers/cpufreq/amd-pstate-ut.c > index b448c8d6a16dd..9c1fc386c010f 100644 > --- a/drivers/cpufreq/amd-pstate-ut.c > +++ b/drivers/cpufreq/amd-pstate-ut.c > @@ -201,6 +201,7 @@ static void amd_pstate_ut_check_freq(u32 index) > int cpu = 0; > struct cpufreq_policy *policy = NULL; > struct amd_cpudata *cpudata = NULL; > + u32 nominal_freq_khz; > > for_each_possible_cpu(cpu) { > policy = cpufreq_cpu_get(cpu); > @@ -208,13 +209,14 @@ static void amd_pstate_ut_check_freq(u32 index) > break; > cpudata = policy->driver_data; > > - if (!((cpudata->max_freq >= cpudata->nominal_freq) && > - (cpudata->nominal_freq > cpudata->lowest_nonlinear_freq) && > + nominal_freq_khz = cpudata->nominal_freq*1000; > + if (!((cpudata->max_freq >= nominal_freq_khz) && > + (nominal_freq_khz > cpudata->lowest_nonlinear_freq) && > (cpudata->lowest_nonlinear_freq > cpudata->min_freq) && > (cpudata->min_freq > 0))) { > amd_pstate_ut_cases[index].result = AMD_PSTATE_UT_RESULT_FAIL; > pr_err("%s cpu%d max=%d >= nominal=%d > lowest_nonlinear=%d > min=%d > 0, the formula is incorrect!\n", > - __func__, cpu, cpudata->max_freq, cpudata->nominal_freq, > + __func__, cpu, cpudata->max_freq, nominal_freq_khz, > cpudata->lowest_nonlinear_freq, cpudata->min_freq); > goto skip_test; > } > @@ -228,13 +230,13 @@ static void amd_pstate_ut_check_freq(u32 index) > > if (cpudata->boost_supported) { > if ((policy->max == cpudata->max_freq) || > - (policy->max == cpudata->nominal_freq)) > + (policy->max == nominal_freq_khz)) > amd_pstate_ut_cases[index].result = AMD_PSTATE_UT_RESULT_PASS; > else { > amd_pstate_ut_cases[index].result = AMD_PSTATE_UT_RESULT_FAIL; > pr_err("%s cpu%d policy_max=%d should be equal cpu_max=%d or cpu_nominal=%d !\n", > __func__, cpu, policy->max, cpudata->max_freq, > - cpudata->nominal_freq); > + nominal_freq_khz); > goto skip_test; > } > } else {

8 months, 1 week

1
0
0 0

[PATCH 5.4.y 0/4] lockdep: deadlock fix and dependencies

by Carlos Llamas

This patchset adds the dependencies to apply commit a6f88ac32c6e ("lockdep: fix deadlock issue between lockdep and rcu") to the 5.4-stable tree. See the "FAILED" report at [1]. Note the dependencies actually fix a UAF and a bad recursion pattern. Thus it makes sense to also backport them. [1] https://lore.kernel.org/all/2024100226-unselfish-triangle-e5eb@gregkh/ Peter Zijlstra (2): locking/lockdep: Fix bad recursion pattern locking/lockdep: Rework lockdep_lock Waiman Long (1): locking/lockdep: Avoid potential access of invalid memory in lock_class Zhiguo Niu (1): lockdep: fix deadlock issue between lockdep and rcu kernel/locking/lockdep.c | 215 +++++++++++++++++++++++---------------- 1 file changed, 125 insertions(+), 90 deletions(-) -- 2.47.0.rc1.288.g06298d1525-goog

8 months, 1 week

2
7
0 0

[PATCH AUTOSEL 4.19 1/2] net: amd: mvme147: Fix probe banner message

by Sasha Levin

From: Daniel Palmer <daniel(a)0x0f.com> [ Upstream commit 82c5b53140faf89c31ea2b3a0985a2f291694169 ] Currently this driver prints this line with what looks like a rogue format specifier when the device is probed: [ 2.840000] eth%d: MVME147 at 0xfffe1800, irq 12, Hardware Address xx:xx:xx:xx:xx:xx Change the printk() for netdev_info() and move it after the registration has completed so it prints out the name of the interface properly. Signed-off-by: Daniel Palmer <daniel(a)0x0f.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/amd/mvme147.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/amd/mvme147.c b/drivers/net/ethernet/amd/mvme147.c index 0a920448522f3..0bb27f4dd6428 100644 --- a/drivers/net/ethernet/amd/mvme147.c +++ b/drivers/net/ethernet/amd/mvme147.c @@ -105,10 +105,6 @@ struct net_device * __init mvme147lance_probe(int unit) address = address >> 8; dev->dev_addr[3] = address&0xff; - printk("%s: MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", - dev->name, dev->base_addr, MVME147_LANCE_IRQ, - dev->dev_addr); - lp = netdev_priv(dev); lp->ram = __get_dma_pages(GFP_ATOMIC, 3); /* 32K */ if (!lp->ram) { @@ -138,6 +134,9 @@ struct net_device * __init mvme147lance_probe(int unit) return ERR_PTR(err); } + netdev_info(dev, "MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", + dev->base_addr, MVME147_LANCE_IRQ, dev->dev_addr); + return dev; } -- 2.43.0

8 months, 1 week

1
1
0 0

[PATCH AUTOSEL 5.4 1/2] net: amd: mvme147: Fix probe banner message

by Sasha Levin

From: Daniel Palmer <daniel(a)0x0f.com> [ Upstream commit 82c5b53140faf89c31ea2b3a0985a2f291694169 ] Currently this driver prints this line with what looks like a rogue format specifier when the device is probed: [ 2.840000] eth%d: MVME147 at 0xfffe1800, irq 12, Hardware Address xx:xx:xx:xx:xx:xx Change the printk() for netdev_info() and move it after the registration has completed so it prints out the name of the interface properly. Signed-off-by: Daniel Palmer <daniel(a)0x0f.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/amd/mvme147.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/amd/mvme147.c b/drivers/net/ethernet/amd/mvme147.c index 72abd3f82249b..eb7b1da2fb06f 100644 --- a/drivers/net/ethernet/amd/mvme147.c +++ b/drivers/net/ethernet/amd/mvme147.c @@ -106,10 +106,6 @@ struct net_device * __init mvme147lance_probe(int unit) address = address >> 8; dev->dev_addr[3] = address&0xff; - printk("%s: MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", - dev->name, dev->base_addr, MVME147_LANCE_IRQ, - dev->dev_addr); - lp = netdev_priv(dev); lp->ram = __get_dma_pages(GFP_ATOMIC, 3); /* 32K */ if (!lp->ram) { @@ -139,6 +135,9 @@ struct net_device * __init mvme147lance_probe(int unit) return ERR_PTR(err); } + netdev_info(dev, "MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", + dev->base_addr, MVME147_LANCE_IRQ, dev->dev_addr); + return dev; } -- 2.43.0

8 months, 1 week

1
1
0 0

[PATCH AUTOSEL 5.10 1/3] net: amd: mvme147: Fix probe banner message

by Sasha Levin

From: Daniel Palmer <daniel(a)0x0f.com> [ Upstream commit 82c5b53140faf89c31ea2b3a0985a2f291694169 ] Currently this driver prints this line with what looks like a rogue format specifier when the device is probed: [ 2.840000] eth%d: MVME147 at 0xfffe1800, irq 12, Hardware Address xx:xx:xx:xx:xx:xx Change the printk() for netdev_info() and move it after the registration has completed so it prints out the name of the interface properly. Signed-off-by: Daniel Palmer <daniel(a)0x0f.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/amd/mvme147.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/amd/mvme147.c b/drivers/net/ethernet/amd/mvme147.c index 3f2e4cdd0b83e..133fe0f1166b0 100644 --- a/drivers/net/ethernet/amd/mvme147.c +++ b/drivers/net/ethernet/amd/mvme147.c @@ -106,10 +106,6 @@ struct net_device * __init mvme147lance_probe(int unit) address = address >> 8; dev->dev_addr[3] = address&0xff; - printk("%s: MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", - dev->name, dev->base_addr, MVME147_LANCE_IRQ, - dev->dev_addr); - lp = netdev_priv(dev); lp->ram = __get_dma_pages(GFP_ATOMIC, 3); /* 32K */ if (!lp->ram) { @@ -139,6 +135,9 @@ struct net_device * __init mvme147lance_probe(int unit) return ERR_PTR(err); } + netdev_info(dev, "MVME147 at 0x%08lx, irq %d, Hardware Address %pM\n", + dev->base_addr, MVME147_LANCE_IRQ, dev->dev_addr); + return dev; } -- 2.43.0

8 months, 1 week

1
2
0 0

[PATCH AUTOSEL 5.15 1/8] fs/ntfs3: Check if more than chunk-size bytes are written

by Sasha Levin

From: Andrew Ballance <andrewjballance(a)gmail.com> [ Upstream commit 9931122d04c6d431b2c11b5bb7b10f28584067f0 ] A incorrectly formatted chunk may decompress into more than LZNT_CHUNK_SIZE bytes and a index out of bounds will occur in s_max_off. Signed-off-by: Andrew Ballance <andrewjballance(a)gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/lznt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/ntfs3/lznt.c b/fs/ntfs3/lznt.c index 28f654561f279..09db01c1098cd 100644 --- a/fs/ntfs3/lznt.c +++ b/fs/ntfs3/lznt.c @@ -236,6 +236,9 @@ static inline ssize_t decompress_chunk(u8 *unc, u8 *unc_end, const u8 *cmpr, /* Do decompression until pointers are inside range. */ while (up < unc_end && cmpr < cmpr_end) { + // return err if more than LZNT_CHUNK_SIZE bytes are written + if (up - unc > LZNT_CHUNK_SIZE) + return -EINVAL; /* Correct index */ while (unc + s_max_off[index] < up) index += 1; -- 2.43.0

8 months, 1 week

1
7
0 0

[PATCH AUTOSEL 6.1 01/10] fs/ntfs3: Check if more than chunk-size bytes are written

by Sasha Levin

From: Andrew Ballance <andrewjballance(a)gmail.com> [ Upstream commit 9931122d04c6d431b2c11b5bb7b10f28584067f0 ] A incorrectly formatted chunk may decompress into more than LZNT_CHUNK_SIZE bytes and a index out of bounds will occur in s_max_off. Signed-off-by: Andrew Ballance <andrewjballance(a)gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/lznt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/ntfs3/lznt.c b/fs/ntfs3/lznt.c index 28f654561f279..09db01c1098cd 100644 --- a/fs/ntfs3/lznt.c +++ b/fs/ntfs3/lznt.c @@ -236,6 +236,9 @@ static inline ssize_t decompress_chunk(u8 *unc, u8 *unc_end, const u8 *cmpr, /* Do decompression until pointers are inside range. */ while (up < unc_end && cmpr < cmpr_end) { + // return err if more than LZNT_CHUNK_SIZE bytes are written + if (up - unc > LZNT_CHUNK_SIZE) + return -EINVAL; /* Correct index */ while (unc + s_max_off[index] < up) index += 1; -- 2.43.0

8 months, 1 week

1
9
0 0

[PATCH AUTOSEL 6.6 01/17] ntfs3: Add bounds checking to mi_enum_attr()

by Sasha Levin

From: lei lu <llfamsec(a)gmail.com> [ Upstream commit 556bdf27c2dd5c74a9caacbe524b943a6cd42d99 ] Added bounds checking to make sure that every attr don't stray beyond valid memory region. Signed-off-by: lei lu <llfamsec(a)gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/record.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index 6c76503edc200..2a375247b3c09 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -223,28 +223,19 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) prev_type = 0; attr = Add2Ptr(rec, off); } else { - /* Check if input attr inside record. */ + /* + * We don't need to check previous attr here. There is + * a bounds checking in the previous round. + */ off = PtrOffset(rec, attr); - if (off >= used) - return NULL; asize = le32_to_cpu(attr->size); - if (asize < SIZEOF_RESIDENT) { - /* Impossible 'cause we should not return such attribute. */ - return NULL; - } - - /* Overflow check. */ - if (off + asize < off) - return NULL; prev_type = le32_to_cpu(attr->type); attr = Add2Ptr(attr, asize); off += asize; } - asize = le32_to_cpu(attr->size); - /* Can we use the first field (attr->type). */ if (off + 8 > used) { static_assert(ALIGN(sizeof(enum ATTR_TYPE), 8) == 8); @@ -265,6 +256,12 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) if (t32 < prev_type) return NULL; + asize = le32_to_cpu(attr->size); + if (asize < SIZEOF_RESIDENT) { + /* Impossible 'cause we should not return such attribute. */ + return NULL; + } + /* Check overflow and boundary. */ if (off + asize < off || off + asize > used) return NULL; -- 2.43.0

8 months, 1 week

1
16
0 0

[PATCH AUTOSEL 6.11 01/20] ntfs3: Add bounds checking to mi_enum_attr()

by Sasha Levin

From: lei lu <llfamsec(a)gmail.com> [ Upstream commit 556bdf27c2dd5c74a9caacbe524b943a6cd42d99 ] Added bounds checking to make sure that every attr don't stray beyond valid memory region. Signed-off-by: lei lu <llfamsec(a)gmail.com> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/record.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index 6c76503edc200..2a375247b3c09 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -223,28 +223,19 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) prev_type = 0; attr = Add2Ptr(rec, off); } else { - /* Check if input attr inside record. */ + /* + * We don't need to check previous attr here. There is + * a bounds checking in the previous round. + */ off = PtrOffset(rec, attr); - if (off >= used) - return NULL; asize = le32_to_cpu(attr->size); - if (asize < SIZEOF_RESIDENT) { - /* Impossible 'cause we should not return such attribute. */ - return NULL; - } - - /* Overflow check. */ - if (off + asize < off) - return NULL; prev_type = le32_to_cpu(attr->type); attr = Add2Ptr(attr, asize); off += asize; } - asize = le32_to_cpu(attr->size); - /* Can we use the first field (attr->type). */ if (off + 8 > used) { static_assert(ALIGN(sizeof(enum ATTR_TYPE), 8) == 8); @@ -265,6 +256,12 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) if (t32 < prev_type) return NULL; + asize = le32_to_cpu(attr->size); + if (asize < SIZEOF_RESIDENT) { + /* Impossible 'cause we should not return such attribute. */ + return NULL; + } + /* Check overflow and boundary. */ if (off + asize < off || off + asize > used) return NULL; -- 2.43.0

8 months, 1 week

1
19
0 0

[PATCH v2] platform/chrome: cros_ec_typec: fix missing fwnode reference decrement

by Javier Carrasco

The device_for_each_child_node() macro requires explicit calls to fwnode_handle_put() upon early exits (return, break, goto) to decrement the fwnode's refcount, and avoid levaing a node reference behind. Add the missing fwnode_handle_put() after the common label for all error paths. Cc: stable(a)vger.kernel.org Fixes: fdc6b21e2444 ("platform/chrome: Add Type C connector class driver") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- I usually switch to the scoped variant of the macro to fix such issues, but given that the fix is relevant for stable kernels, I have provided the "classical" approach by adding the missing fwnode_handle_put(). If switching to the scoped variant is desired, please let me know. This driver and cross_typec_switch could be easily converted. --- Changes in v2: - fix typos in the commit description. - Link to v1: https://lore.kernel.org/r/20241009-cross_ec_typec_fwnode_handle_put-v1-1-f1… --- drivers/platform/chrome/cros_ec_typec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/platform/chrome/cros_ec_typec.c b/drivers/platform/chrome/cros_ec_typec.c index c7781aea0b88..f1324466efac 100644 --- a/drivers/platform/chrome/cros_ec_typec.c +++ b/drivers/platform/chrome/cros_ec_typec.c @@ -409,6 +409,7 @@ static int cros_typec_init_ports(struct cros_typec_data *typec) return 0; unregister_ports: + fwnode_handle_put(fwnode); cros_unregister_ports(typec); return ret; } --- base-commit: b6270c3bca987530eafc6a15f9d54ecd0033e0e3 change-id: 20241009-cross_ec_typec_fwnode_handle_put-9f13b4bd467f Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

8 months, 1 week

2
1
0 0

[PATCH] staging: vchiq_arm: Utilize devm_kzalloc in the probe() function

by Umang Jain

The two resources, 'mgmt' and 'platform_state' are currently allocated dynamically using kzalloc(). Unfortunately, both are subject to memory leaks in the error handling paths of the probe() function. To address this issue, use device resource management helper devm_kzalloc() for proper cleanup during allocation. Cc: stable(a)vger.kernel.org Fixes: 1c9e16b73166 ("staging: vc04_services: vchiq_arm: Split driver static and runtime data") Signed-off-by: Umang Jain <umang.jain(a)ideasonboard.com> --- .../staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c index 29e78700463f..373cfdd5b020 100644 --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c @@ -285,7 +285,7 @@ vchiq_platform_init_state(struct vchiq_state *state) { struct vchiq_arm_state *platform_state; - platform_state = kzalloc(sizeof(*platform_state), GFP_KERNEL); + platform_state = devm_kzalloc(state->dev, sizeof(*platform_state), GFP_KERNEL); if (!platform_state) return -ENOMEM; @@ -1344,7 +1344,7 @@ static int vchiq_probe(struct platform_device *pdev) return -ENOENT; } - mgmt = kzalloc(sizeof(*mgmt), GFP_KERNEL); + mgmt = devm_kzalloc(&pdev->dev, sizeof(*mgmt), GFP_KERNEL); if (!mgmt) return -ENOMEM; @@ -1402,8 +1402,6 @@ static void vchiq_remove(struct platform_device *pdev) arm_state = vchiq_platform_get_arm_state(&mgmt->state); kthread_stop(arm_state->ka_thread); - - kfree(mgmt); } static struct platform_driver vchiq_driver = { -- 2.45.2

8 months, 1 week

2
1
0 0

[PATCH AUTOSEL 4.19 1/6] usbnet: ipheth: race between ipheth_close and error handling

by Sasha Levin

From: Oliver Neukum <oneukum(a)suse.com> [ Upstream commit e5876b088ba03a62124266fa20d00e65533c7269 ] ipheth_sndbulk_callback() can submit carrier_work as a part of its error handling. That means that the driver must make sure that the work is cancelled after it has made sure that no more URB can terminate with an error condition. Hence the order of actions in ipheth_close() needs to be inverted. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Foster Snowhill <forst(a)pen.gy> Tested-by: Georgi Valkov <gvalkov(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/usb/ipheth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c index cea005cc7b2ab..c762335587a43 100644 --- a/drivers/net/usb/ipheth.c +++ b/drivers/net/usb/ipheth.c @@ -407,8 +407,8 @@ static int ipheth_close(struct net_device *net) { struct ipheth_device *dev = netdev_priv(net); - cancel_delayed_work_sync(&dev->carrier_work); netif_stop_queue(net); + cancel_delayed_work_sync(&dev->carrier_work); return 0; } -- 2.43.0

8 months, 1 week

2
6
0 0

[PATCH AUTOSEL 5.10 1/9] usbnet: ipheth: race between ipheth_close and error handling

by Sasha Levin

From: Oliver Neukum <oneukum(a)suse.com> [ Upstream commit e5876b088ba03a62124266fa20d00e65533c7269 ] ipheth_sndbulk_callback() can submit carrier_work as a part of its error handling. That means that the driver must make sure that the work is cancelled after it has made sure that no more URB can terminate with an error condition. Hence the order of actions in ipheth_close() needs to be inverted. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Foster Snowhill <forst(a)pen.gy> Tested-by: Georgi Valkov <gvalkov(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/usb/ipheth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c index 06d9f19ca142a..0774d753dd316 100644 --- a/drivers/net/usb/ipheth.c +++ b/drivers/net/usb/ipheth.c @@ -353,8 +353,8 @@ static int ipheth_close(struct net_device *net) { struct ipheth_device *dev = netdev_priv(net); - cancel_delayed_work_sync(&dev->carrier_work); netif_stop_queue(net); + cancel_delayed_work_sync(&dev->carrier_work); return 0; } -- 2.43.0

8 months, 1 week

2
9
0 0

[PATCH AUTOSEL 6.1 01/13] ksmbd: override fsids for share path check

by Sasha Levin

From: Namjae Jeon <linkinjeon(a)kernel.org> [ Upstream commit a018c1b636e79b60149b41151ded7c2606d8606e ] Sangsoo reported that a DAC denial error occurred when accessing files through the ksmbd thread. This patch override fsids for share path check. Reported-by: Sangsoo Lee <constant.lee(a)samsung.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/smb/server/mgmt/share_config.c | 15 ++++++++++++--- fs/smb/server/mgmt/share_config.h | 4 +++- fs/smb/server/mgmt/tree_connect.c | 9 +++++---- fs/smb/server/mgmt/tree_connect.h | 4 ++-- fs/smb/server/smb2pdu.c | 2 +- fs/smb/server/smb_common.c | 9 +++++++-- fs/smb/server/smb_common.h | 2 ++ 7 files changed, 32 insertions(+), 13 deletions(-) diff --git a/fs/smb/server/mgmt/share_config.c b/fs/smb/server/mgmt/share_config.c index e0a6b758094fc..d8d03070ae44b 100644 --- a/fs/smb/server/mgmt/share_config.c +++ b/fs/smb/server/mgmt/share_config.c @@ -15,6 +15,7 @@ #include "share_config.h" #include "user_config.h" #include "user_session.h" +#include "../connection.h" #include "../transport_ipc.h" #include "../misc.h" @@ -120,12 +121,13 @@ static int parse_veto_list(struct ksmbd_share_config *share, return 0; } -static struct ksmbd_share_config *share_config_request(struct unicode_map *um, +static struct ksmbd_share_config *share_config_request(struct ksmbd_work *work, const char *name) { struct ksmbd_share_config_response *resp; struct ksmbd_share_config *share = NULL; struct ksmbd_share_config *lookup; + struct unicode_map *um = work->conn->um; int ret; resp = ksmbd_ipc_share_config_request(name); @@ -181,7 +183,14 @@ static struct ksmbd_share_config *share_config_request(struct unicode_map *um, KSMBD_SHARE_CONFIG_VETO_LIST(resp), resp->veto_list_sz); if (!ret && share->path) { + if (__ksmbd_override_fsids(work, share)) { + kill_share(share); + share = NULL; + goto out; + } + ret = kern_path(share->path, 0, &share->vfs_path); + ksmbd_revert_fsids(work); if (ret) { ksmbd_debug(SMB, "failed to access '%s'\n", share->path); @@ -214,7 +223,7 @@ static struct ksmbd_share_config *share_config_request(struct unicode_map *um, return share; } -struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, +struct ksmbd_share_config *ksmbd_share_config_get(struct ksmbd_work *work, const char *name) { struct ksmbd_share_config *share; @@ -227,7 +236,7 @@ struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, if (share) return share; - return share_config_request(um, name); + return share_config_request(work, name); } bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, diff --git a/fs/smb/server/mgmt/share_config.h b/fs/smb/server/mgmt/share_config.h index 5f591751b9236..d4ac2dd4de204 100644 --- a/fs/smb/server/mgmt/share_config.h +++ b/fs/smb/server/mgmt/share_config.h @@ -11,6 +11,8 @@ #include <linux/path.h> #include <linux/unicode.h> +struct ksmbd_work; + struct ksmbd_share_config { char *name; char *path; @@ -68,7 +70,7 @@ static inline void ksmbd_share_config_put(struct ksmbd_share_config *share) __ksmbd_share_config_put(share); } -struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, +struct ksmbd_share_config *ksmbd_share_config_get(struct ksmbd_work *work, const char *name); bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, const char *filename); diff --git a/fs/smb/server/mgmt/tree_connect.c b/fs/smb/server/mgmt/tree_connect.c index d2c81a8a11dda..94a52a75014a4 100644 --- a/fs/smb/server/mgmt/tree_connect.c +++ b/fs/smb/server/mgmt/tree_connect.c @@ -16,17 +16,18 @@ #include "user_session.h" struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, - const char *share_name) +ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) { struct ksmbd_tree_conn_status status = {-ENOENT, NULL}; struct ksmbd_tree_connect_response *resp = NULL; struct ksmbd_share_config *sc; struct ksmbd_tree_connect *tree_conn = NULL; struct sockaddr *peer_addr; + struct ksmbd_conn *conn = work->conn; + struct ksmbd_session *sess = work->sess; int ret; - sc = ksmbd_share_config_get(conn->um, share_name); + sc = ksmbd_share_config_get(work, share_name); if (!sc) return status; @@ -61,7 +62,7 @@ ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, struct ksmbd_share_config *new_sc; ksmbd_share_config_del(sc); - new_sc = ksmbd_share_config_get(conn->um, share_name); + new_sc = ksmbd_share_config_get(work, share_name); if (!new_sc) { pr_err("Failed to update stale share config\n"); status.ret = -ESTALE; diff --git a/fs/smb/server/mgmt/tree_connect.h b/fs/smb/server/mgmt/tree_connect.h index 6377a70b811c8..a42cdd0510411 100644 --- a/fs/smb/server/mgmt/tree_connect.h +++ b/fs/smb/server/mgmt/tree_connect.h @@ -13,6 +13,7 @@ struct ksmbd_share_config; struct ksmbd_user; struct ksmbd_conn; +struct ksmbd_work; enum { TREE_NEW = 0, @@ -50,8 +51,7 @@ static inline int test_tree_conn_flag(struct ksmbd_tree_connect *tree_conn, struct ksmbd_session; struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, - const char *share_name); +ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name); void ksmbd_tree_connect_put(struct ksmbd_tree_connect *tcon); int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 4ba6bf1535da1..d97c7982bb3ee 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -1971,7 +1971,7 @@ int smb2_tree_connect(struct ksmbd_work *work) ksmbd_debug(SMB, "tree connect request for tree %s treename %s\n", name, treename); - status = ksmbd_tree_conn_connect(conn, sess, name); + status = ksmbd_tree_conn_connect(work, name); if (status.ret == KSMBD_TREE_CONN_STATUS_OK) rsp->hdr.Id.SyncId.TreeId = cpu_to_le32(status.tree_conn->id); else diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index e90a1e8c1951d..bdcdc0fc9cad5 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -729,10 +729,10 @@ bool is_asterisk(char *p) return p && p[0] == '*'; } -int ksmbd_override_fsids(struct ksmbd_work *work) +int __ksmbd_override_fsids(struct ksmbd_work *work, + struct ksmbd_share_config *share) { struct ksmbd_session *sess = work->sess; - struct ksmbd_share_config *share = work->tcon->share_conf; struct cred *cred; struct group_info *gi; unsigned int uid; @@ -772,6 +772,11 @@ int ksmbd_override_fsids(struct ksmbd_work *work) return 0; } +int ksmbd_override_fsids(struct ksmbd_work *work) +{ + return __ksmbd_override_fsids(work, work->tcon->share_conf); +} + void ksmbd_revert_fsids(struct ksmbd_work *work) { const struct cred *cred; diff --git a/fs/smb/server/smb_common.h b/fs/smb/server/smb_common.h index f1092519c0c28..4a3148b0167f5 100644 --- a/fs/smb/server/smb_common.h +++ b/fs/smb/server/smb_common.h @@ -447,6 +447,8 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command); int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp); +int __ksmbd_override_fsids(struct ksmbd_work *work, + struct ksmbd_share_config *share); int ksmbd_override_fsids(struct ksmbd_work *work); void ksmbd_revert_fsids(struct ksmbd_work *work); -- 2.43.0

8 months, 1 week

2
13
0 0

patch "iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 4c4834fd8696a949d1b1f1c2c5b96e1ad2083b02 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:50 +0200 Subject: iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Fixes: 2a86487786b5 ("iio: adc: ti-ads8688: add trigger and buffer support") Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Reviewed-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20241003-iio-select-v1-4-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index c1197ee3dc68..1bf915c3d053 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -1483,6 +1483,8 @@ config TI_ADS8344 config TI_ADS8688 tristate "Texas Instruments ADS8688" depends on SPI + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER help If you say yes here you get support for Texas Instruments ADS8684 and and ADS8688 ADC chips -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iioc: dac: ltc2664: Fix span variable usage in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iioc: dac: ltc2664: Fix span variable usage in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From ccf9af8b0dadd0aecc24503ef289cbc178208418 Mon Sep 17 00:00:00 2001 From: Mohammed Anees <pvmohammedanees2003(a)gmail.com> Date: Sun, 6 Oct 2024 01:34:35 +0530 Subject: iioc: dac: ltc2664: Fix span variable usage in ltc2664_channel_config() In the current implementation of the ltc2664_channel_config() function, a variable named span is declared and initialized to 0, intended to capture the return value of the ltc2664_set_span() function. However, the output of ltc2664_set_span() is directly assigned to chan->span, leaving span unchanged. As a result, when the function later checks if (span < 0), this condition will never trigger an error since span remains 0, this flaw leads to ineffective error handling. Resolve this issue by using the ret variable to get the return value and later assign it if successful and remove unused span variable. Fixes: 4cc2fc445d2e ("iio: dac: ltc2664: Add driver for LTC2664 and LTC2672") Signed-off-by: Mohammed Anees <pvmohammedanees2003(a)gmail.com> Link: https://patch.msgid.link/20241005200435.25061-1-pvmohammedanees2003@gmail.c… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/dac/ltc2664.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/drivers/iio/dac/ltc2664.c b/drivers/iio/dac/ltc2664.c index 5be5345ac5c8..67f14046cf77 100644 --- a/drivers/iio/dac/ltc2664.c +++ b/drivers/iio/dac/ltc2664.c @@ -516,7 +516,7 @@ static int ltc2664_channel_config(struct ltc2664_state *st) const struct ltc2664_chip_info *chip_info = st->chip_info; struct device *dev = &st->spi->dev; u32 reg, tmp[2], mspan; - int ret, span = 0; + int ret; mspan = LTC2664_MSPAN_SOFTSPAN; ret = device_property_read_u32(dev, "adi,manual-span-operation-config", @@ -579,20 +579,21 @@ static int ltc2664_channel_config(struct ltc2664_state *st) ret = fwnode_property_read_u32_array(child, "output-range-microvolt", tmp, ARRAY_SIZE(tmp)); if (!ret && mspan == LTC2664_MSPAN_SOFTSPAN) { - chan->span = ltc2664_set_span(st, tmp[0] / 1000, - tmp[1] / 1000, reg); - if (span < 0) - return dev_err_probe(dev, span, + ret = ltc2664_set_span(st, tmp[0] / 1000, tmp[1] / 1000, reg); + if (ret < 0) + return dev_err_probe(dev, ret, "Failed to set span\n"); + chan->span = ret; } ret = fwnode_property_read_u32_array(child, "output-range-microamp", tmp, ARRAY_SIZE(tmp)); if (!ret) { - chan->span = ltc2664_set_span(st, 0, tmp[1] / 1000, reg); - if (span < 0) - return dev_err_probe(dev, span, + ret = ltc2664_set_span(st, 0, tmp[1] / 1000, reg); + if (ret < 0) + return dev_err_probe(dev, ret, "Failed to set span\n"); + chan->span = ret; } } -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: hid-sensors: Fix an error handling path in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: hid-sensors: Fix an error handling path in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 3a29b84cf7fbf912a6ab1b9c886746f02b74ea25 Mon Sep 17 00:00:00 2001 From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Date: Thu, 3 Oct 2024 20:41:12 +0200 Subject: iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() If hid_sensor_set_report_latency() fails, the error code should be returned instead of a value likely to be interpreted as 'success'. Fixes: 138bc7969c24 ("iio: hid-sensor-hub: Implement batch mode") Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Acked-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Link: https://patch.msgid.link/c50640665f091a04086e5092cf50f73f2055107a.172798082… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/common/hid-sensors/hid-sensor-trigger.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/common/hid-sensors/hid-sensor-trigger.c b/drivers/iio/common/hid-sensors/hid-sensor-trigger.c index ad8910e6ad59..abb09fefc792 100644 --- a/drivers/iio/common/hid-sensors/hid-sensor-trigger.c +++ b/drivers/iio/common/hid-sensors/hid-sensor-trigger.c @@ -32,7 +32,7 @@ static ssize_t _hid_sensor_set_report_latency(struct device *dev, latency = integer * 1000 + fract / 1000; ret = hid_sensor_set_report_latency(attrb, latency); if (ret < 0) - return len; + return ret; attrb->latency_ms = hid_sensor_get_report_latency(attrb); -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 252ff06a4cb4e572cb3c7fcfa697db96b08a7781 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 18:49:39 +0200 Subject: iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig This driver makes use of regmap_spi, but does not select the required module. Add the missing 'select REGMAP_SPI'. Fixes: 8316cebd1e59 ("iio: dac: add support for ltc1660") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20241003-ad2s1210-select-v1-7-4019453f8c33@gmail.c… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/dac/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/dac/Kconfig b/drivers/iio/dac/Kconfig index 2e0a9c94439f..25f6d1fd62df 100644 --- a/drivers/iio/dac/Kconfig +++ b/drivers/iio/dac/Kconfig @@ -358,6 +358,7 @@ config LPC18XX_DAC config LTC1660 tristate "Linear Technology LTC1660/LTC1665 DAC SPI driver" depends on SPI + select REGMAP_SPI help Say yes here to build support for Linear Technology LTC1660 and LTC1665 Digital to Analog Converters. -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 27b6aa68a68105086aef9f0cb541cd688e5edea8 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 18:49:40 +0200 Subject: iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig This driver makes use of regmap_mmio, but does not select the required module. Add the missing 'select REGMAP_MMIO'. Fixes: 4d4b30526eb8 ("iio: dac: add support for stm32 DAC") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20241003-ad2s1210-select-v1-8-4019453f8c33@gmail.c… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/dac/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/dac/Kconfig b/drivers/iio/dac/Kconfig index 25f6d1fd62df..45e337c6d256 100644 --- a/drivers/iio/dac/Kconfig +++ b/drivers/iio/dac/Kconfig @@ -489,6 +489,7 @@ config STM32_DAC config STM32_DAC_CORE tristate + select REGMAP_MMIO config TI_DAC082S085 tristate "Texas Instruments 8/10/12-bit 2/4-channel DAC driver" -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From b7983033a10baa0d98784bb411b2679bfb207d9a Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 18:49:37 +0200 Subject: iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig This driver makes use of regmap_spi, but does not select the required module. Add the missing 'select REGMAP_SPI'. Fixes: 28b4c30bfa5f ("iio: amplifiers: ada4250: add support for ADA4250") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20241003-ad2s1210-select-v1-5-4019453f8c33@gmail.c… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/amplifiers/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/amplifiers/Kconfig b/drivers/iio/amplifiers/Kconfig index b54fe01734b0..55eb16b32f6c 100644 --- a/drivers/iio/amplifiers/Kconfig +++ b/drivers/iio/amplifiers/Kconfig @@ -27,6 +27,7 @@ config AD8366 config ADA4250 tristate "Analog Devices ADA4250 Instrumentation Amplifier" depends on SPI + select REGMAP_SPI help Say yes here to build support for Analog Devices ADA4250 SPI Amplifier's support. The driver provides direct access via -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From bcdab6f74c91cda19714354fd4e9e3ef3c9a78b3 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 18:49:38 +0200 Subject: iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig This driver makes use of regmap_spi, but does not select the required module. Add the missing 'select REGMAP_SPI'. Fixes: cbbb819837f6 ("iio: dac: ad5770r: Add AD5770R support") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20241003-ad2s1210-select-v1-6-4019453f8c33@gmail.c… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/dac/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/dac/Kconfig b/drivers/iio/dac/Kconfig index bb6cb9af9ed9..2e0a9c94439f 100644 --- a/drivers/iio/dac/Kconfig +++ b/drivers/iio/dac/Kconfig @@ -266,6 +266,7 @@ config AD5766 config AD5770R tristate "Analog Devices AD5770R IDAC driver" depends on SPI_MASTER + select REGMAP_SPI help Say yes here to build support for Analog Devices AD5770R Digital to Analog Converter. -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: resolver: ad2s1210: add missing select (TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: resolver: ad2s1210: add missing select (TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 2caa67b6251c802e0c2257920b225c765e86bf4a Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 18:49:34 +0200 Subject: iio: resolver: ad2s1210: add missing select (TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Fixes: 128b9389db0e ("staging: iio: resolver: ad2s1210: add triggered buffer support") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20241003-ad2s1210-select-v1-2-4019453f8c33@gmail.c… Cc: <stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/resolver/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/resolver/Kconfig b/drivers/iio/resolver/Kconfig index 640aef3e5c94..de2dee3832a1 100644 --- a/drivers/iio/resolver/Kconfig +++ b/drivers/iio/resolver/Kconfig @@ -32,6 +32,8 @@ config AD2S1210 depends on COMMON_CLK depends on GPIOLIB || COMPILE_TEST select REGMAP + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER help Say yes here to build support for Analog Devices spi resolver to digital converters, ad2s1210, provides direct access via sysfs. -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From c64643ed4eaa5dfd0b3bab7ef1c50b84f3dbaba4 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 18:49:35 +0200 Subject: iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig This driver makes use of regmap_spi, but does not select the required module. Add the missing 'select REGMAP_SPI'. Fixes: eda549e2e524 ("iio: frequency: adf4377: add support for ADF4377") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20241003-ad2s1210-select-v1-3-4019453f8c33@gmail.c… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/frequency/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/frequency/Kconfig b/drivers/iio/frequency/Kconfig index c455be7d4a1c..89ae09db5ca5 100644 --- a/drivers/iio/frequency/Kconfig +++ b/drivers/iio/frequency/Kconfig @@ -53,6 +53,7 @@ config ADF4371 config ADF4377 tristate "Analog Devices ADF4377 Microwave Wideband Synthesizer" depends on SPI && COMMON_CLK + select REGMAP_SPI help Say yes here to build support for Analog Devices ADF4377 Microwave Wideband Synthesizer. -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: pressure: bm1390: add missing select IIO_(TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: pressure: bm1390: add missing select IIO_(TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 3f7b25f6ad0925b9ae9b70656a49abb5af111483 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:58 +0200 Subject: iio: pressure: bm1390: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Note the original driver patch had wrong part number hence the odd fixes entry. Fixes: 81ca5979b6ed ("iio: pressure: Support ROHM BU1390") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Acked-by: Matti Vaittinen <mazziesaccount(a)gmail.com> Link: https://patch.msgid.link/20241003-iio-select-v1-12-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/pressure/Kconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/iio/pressure/Kconfig b/drivers/iio/pressure/Kconfig index df65438c771e..d2cb8c871f6a 100644 --- a/drivers/iio/pressure/Kconfig +++ b/drivers/iio/pressure/Kconfig @@ -19,6 +19,9 @@ config ABP060MG config ROHM_BM1390 tristate "ROHM BM1390GLV-Z pressure sensor driver" depends on I2C + select REGMAP_I2C + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER help Support for the ROHM BM1390 pressure sensor. The BM1390GLV-Z can measure pressures ranging from 300 hPa to 1300 hPa with -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 75461a0b15d7c026924d0001abce0476bbc7eda8 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:59 +0200 Subject: iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Fixes: 16b05261537e ("mb1232.c: add distance iio sensor with i2c") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20241003-iio-select-v1-13-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/proximity/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/proximity/Kconfig b/drivers/iio/proximity/Kconfig index 31c679074b25..a562a78b7d0d 100644 --- a/drivers/iio/proximity/Kconfig +++ b/drivers/iio/proximity/Kconfig @@ -86,6 +86,8 @@ config LIDAR_LITE_V2 config MB1232 tristate "MaxSonar I2CXL family ultrasonic sensors" depends on I2C + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER help Say Y to build a driver for the ultrasonic sensors I2CXL of MaxBotix which have an i2c interface. It can be used to measure -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: resolver: ad2s1210 add missing select REGMAP in Kconfig" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: resolver: ad2s1210 add missing select REGMAP in Kconfig to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 17a99360184cf02b2b3bc3c1972e777326bfa63b Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 18:49:33 +0200 Subject: iio: resolver: ad2s1210 add missing select REGMAP in Kconfig This driver makes use of regmap, but does not select the required module. Add the missing 'select REGMAP'. Fixes: b3689e14415a ("staging: iio: resolver: ad2s1210: use regmap for config registers") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20241003-ad2s1210-select-v1-1-4019453f8c33@gmail.c… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/resolver/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/resolver/Kconfig b/drivers/iio/resolver/Kconfig index 424529d36080..640aef3e5c94 100644 --- a/drivers/iio/resolver/Kconfig +++ b/drivers/iio/resolver/Kconfig @@ -31,6 +31,7 @@ config AD2S1210 depends on SPI depends on COMMON_CLK depends on GPIOLIB || COMPILE_TEST + select REGMAP help Say yes here to build support for Analog Devices spi resolver to digital converters, ad2s1210, provides direct access via sysfs. -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: magnetometer: af8133j: add missing select IIO_(TRIGGERED_)BUFFER" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: magnetometer: af8133j: add missing select IIO_(TRIGGERED_)BUFFER to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From fbb913895e3da36cb42e1e7a5a3cae1c6d150cf6 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:57 +0200 Subject: iio: magnetometer: af8133j: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Fixes: 1d8f4b04621f ("iio: magnetometer: add a driver for Voltafield AF8133J magnetometer") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Reviewed-by: Andrey Skvortsov <andrej.skvortzov(a)gmail.com> Link: https://patch.msgid.link/20241003-iio-select-v1-11-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/magnetometer/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/magnetometer/Kconfig b/drivers/iio/magnetometer/Kconfig index 8eb718f5e50f..f69ac75500f9 100644 --- a/drivers/iio/magnetometer/Kconfig +++ b/drivers/iio/magnetometer/Kconfig @@ -11,6 +11,8 @@ config AF8133J depends on I2C depends on OF select REGMAP_I2C + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER help Say yes here to build support for Voltafield AF8133J I2C-based 3-axis magnetometer chip. -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: chemical: ens160: add missing select IIO_(TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: chemical: ens160: add missing select IIO_(TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 3fd8bbf93926162eb59153a5bcd2a53b0cc04cf0 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:55 +0200 Subject: iio: chemical: ens160: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Fixes: 0fc26596b4b3 ("iio: chemical: ens160: add triggered buffer support") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Acked-by: Gustavo Silva <gustavograzs(a)gmail.com> Link: https://patch.msgid.link/20241003-iio-select-v1-9-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/chemical/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/chemical/Kconfig b/drivers/iio/chemical/Kconfig index 678a6adb9a75..6c87223f58d9 100644 --- a/drivers/iio/chemical/Kconfig +++ b/drivers/iio/chemical/Kconfig @@ -80,6 +80,8 @@ config ENS160 tristate "ScioSense ENS160 sensor driver" depends on (I2C || SPI) select REGMAP + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER select ENS160_I2C if I2C select ENS160_SPI if SPI help -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: light: bu27008: add missing select IIO_(TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: light: bu27008: add missing select IIO_(TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From aa99ef68eff5bc6df4959a372ae355b3b73f9930 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:56 +0200 Subject: iio: light: bu27008: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Fixes: 41ff93d14f78 ("iio: light: ROHM BU27008 color sensor") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Acked-by: Matti Vaittinen <mazziesaccount(a)gmail.com> Link: https://patch.msgid.link/20241003-iio-select-v1-10-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/light/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/light/Kconfig b/drivers/iio/light/Kconfig index 515ff46b5b82..f2f3e414849a 100644 --- a/drivers/iio/light/Kconfig +++ b/drivers/iio/light/Kconfig @@ -335,6 +335,8 @@ config ROHM_BU27008 depends on I2C select REGMAP_I2C select IIO_GTS_HELPER + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER help Enable support for the ROHM BU27008 color sensor. The ROHM BU27008 is a sensor with 5 photodiodes (red, green, -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 62ec3df342cca6a8eb7ed33fd4ac8d0fbfcb9391 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:54 +0200 Subject: iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Fixes: 885b9790c25a ("drivers:iio:dac:ad5766.c: Add trigger buffer") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20241003-iio-select-v1-8-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/dac/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/dac/Kconfig b/drivers/iio/dac/Kconfig index 9d4600ce0427..bb6cb9af9ed9 100644 --- a/drivers/iio/dac/Kconfig +++ b/drivers/iio/dac/Kconfig @@ -254,6 +254,8 @@ config AD5764 config AD5766 tristate "Analog Devices AD5766/AD5767 DAC driver" depends on SPI_MASTER + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER help Say yes here to build support for Analog Devices AD5766, AD5767 Digital to Analog Converter. -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From a985576af824426e33100554a5958a6beda60a13 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:52 +0200 Subject: iio: adc: ti-lmp92064: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Fixes: 6c7bc1d27bb2 ("iio: adc: ti-lmp92064: add buffering support") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20241003-iio-select-v1-6-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index 68640fa26f4e..c1197ee3dc68 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -1530,6 +1530,8 @@ config TI_LMP92064 tristate "Texas Instruments LMP92064 ADC driver" depends on SPI select REGMAP_SPI + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER help Say yes here to build support for the LMP92064 Precision Current and Voltage sensor. -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 5bede948670f447154df401458aef4e2fd446ba8 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:53 +0200 Subject: iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Fixes: 8f2b54824b28 ("drivers:iio:dac: Add AD3552R driver support") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20241003-iio-select-v1-7-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/dac/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/dac/Kconfig b/drivers/iio/dac/Kconfig index 1cfd7e2a622f..9d4600ce0427 100644 --- a/drivers/iio/dac/Kconfig +++ b/drivers/iio/dac/Kconfig @@ -9,6 +9,8 @@ menu "Digital to analog converters" config AD3552R tristate "Analog Devices AD3552R DAC driver" depends on SPI_MASTER + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER help Say yes here to build support for Analog Devices AD3552R Digital to Analog Converter. -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From eb143d05def52bc6d193e813018e5fa1a0e47c77 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:49 +0200 Subject: iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Fixes: e717f8c6dfec ("iio: adc: Add the TI ads124s08 ADC code") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20241003-iio-select-v1-3-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index 6790e62700fe..45872a4e2acf 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -1493,6 +1493,8 @@ config TI_ADS8688 config TI_ADS124S08 tristate "Texas Instruments ADS124S08" depends on SPI + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER help If you say yes here you get support for Texas Instruments ADS124S08 and ADS124S06 ADC chips -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From f3fe8c52c580e99c6dc0c7859472ec48176af32d Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:51 +0200 Subject: iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig This driver makes use of regmap_spi, but does not select the required module. Add the missing 'select REGMAP_SPI'. Fixes: 627198942641 ("iio: adc: add ADC driver for the TI LMP92064 controller") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20241003-iio-select-v1-5-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index 45872a4e2acf..68640fa26f4e 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -1529,6 +1529,7 @@ config TI_AM335X_ADC config TI_LMP92064 tristate "Texas Instruments LMP92064 ADC driver" depends on SPI + select REGMAP_SPI help Say yes here to build support for the LMP92064 Precision Current and Voltage sensor. -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: adc: ad7944: add missing select IIO_(TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7944: add missing select IIO_(TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From f4dc96f05149d5e14d7a03c3b16171098847fee9 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:48 +0200 Subject: iio: adc: ad7944: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Fixes: d1efcf8871db ("iio: adc: ad7944: add driver for AD7944/AD7985/AD7986") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Reviewed-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20241003-iio-select-v1-2-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index 97ece1a4b7e3..6790e62700fe 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -328,6 +328,8 @@ config AD7923 config AD7944 tristate "Analog Devices AD7944 and similar ADCs driver" depends on SPI + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER help Say yes here to build support for Analog Devices AD7944, AD7985, AD7986 ADCs. -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 96666f05d11acf0370cedca17a4c3ab6f9554b35 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 3 Oct 2024 23:04:47 +0200 Subject: iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig This driver makes use of triggered buffers, but does not select the required modules. Add the missing 'select IIO_BUFFER' and 'select IIO_TRIGGERED_BUFFER'. Fixes: 7c1d1677b322 ("iio: accel: Support Kionix/ROHM KX022A accelerometer") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Acked-by: Matti Vaittinen <mazziesaccount(a)gmail.com> Link: https://patch.msgid.link/20241003-iio-select-v1-1-67c0385197cd@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/accel/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/accel/Kconfig b/drivers/iio/accel/Kconfig index 516c1a8e4d56..8c3f7cf55d5f 100644 --- a/drivers/iio/accel/Kconfig +++ b/drivers/iio/accel/Kconfig @@ -447,6 +447,8 @@ config IIO_ST_ACCEL_SPI_3AXIS config IIO_KX022A tristate + select IIO_BUFFER + select IIO_TRIGGERED_BUFFER config IIO_KX022A_SPI tristate "Kionix KX022A tri-axis digital accelerometer SPI interface" -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: light: veml6030: fix ALS sensor resolution" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: light: veml6030: fix ALS sensor resolution to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From c9e9746f275c45108f2b0633a4855d65d9ae0736 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Mon, 23 Sep 2024 00:17:49 +0200 Subject: iio: light: veml6030: fix ALS sensor resolution The driver still uses the sensor resolution provided in the datasheet until Rev. 1.6, 28-Apr-2022, which was updated with Rev 1.7, 28-Nov-2023. The original ambient light resolution has been updated from 0.0036 lx/ct to 0.0042 lx/ct, which is the value that can be found in the current device datasheet. Update the default resolution for IT = 100 ms and GAIN = 1/8 from the original 4608 mlux/cnt to the current value from the "Resolution and maximum detection range" table (Application Note 84367, page 5), 5376 mlux/cnt. Cc: <stable(a)vger.kernel.org> Fixes: 7b779f573c48 ("iio: light: add driver for veml6030 ambient light sensor") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://patch.msgid.link/20240923-veml6035-v2-1-58c72a0df31c@gmail.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/light/veml6030.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/light/veml6030.c b/drivers/iio/light/veml6030.c index df2ba3078b91..9630de1c578e 100644 --- a/drivers/iio/light/veml6030.c +++ b/drivers/iio/light/veml6030.c @@ -779,7 +779,7 @@ static int veml6030_hw_init(struct iio_dev *indio_dev) /* Cache currently active measurement parameters */ data->cur_gain = 3; - data->cur_resolution = 4608; + data->cur_resolution = 5376; data->cur_integration_time = 3; return ret; -- 2.47.0

8 months, 1 week

1
0
0 0

patch "iio: light: opt3001: add missing full-scale range value" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: light: opt3001: add missing full-scale range value to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 530688e39c644543b71bdd9cb45fdfb458a28eaa Mon Sep 17 00:00:00 2001 From: Emil Gedenryd <emil.gedenryd(a)axis.com> Date: Fri, 13 Sep 2024 11:57:02 +0200 Subject: iio: light: opt3001: add missing full-scale range value The opt3001 driver uses predetermined full-scale range values to determine what exponent to use for event trigger threshold values. The problem is that one of the values specified in the datasheet is missing from the implementation. This causes larger values to be scaled down to an incorrect exponent, effectively reducing the maximum settable threshold value by a factor of 2. Add missing full-scale range array value. Fixes: 94a9b7b1809f ("iio: light: add support for TI's opt3001 light sensor") Signed-off-by: Emil Gedenryd <emil.gedenryd(a)axis.com> Cc: <Stable(a)vger.kernel.org> Link: https://patch.msgid.link/20240913-add_opt3002-v2-1-69e04f840360@axis.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/light/opt3001.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/iio/light/opt3001.c b/drivers/iio/light/opt3001.c index 887c4b776a86..176e54bb48c3 100644 --- a/drivers/iio/light/opt3001.c +++ b/drivers/iio/light/opt3001.c @@ -138,6 +138,10 @@ static const struct opt3001_scale opt3001_scales[] = { .val = 20966, .val2 = 400000, }, + { + .val = 41932, + .val2 = 800000, + }, { .val = 83865, .val2 = 600000, -- 2.47.0

8 months, 1 week

1
0
0 0

[PATCH] soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()

by Javier Carrasco

of_find_compatible_node() requires a call to of_node_put() when the pointer to the node is not required anymore to decrement its refcount and avoid leaking memory. Add the missing call to of_node_put() after the node has been used. Cc: stable(a)vger.kernel.org Fixes: e95f287deed2 ("soc: fsl: handle RCPM errata A-008646 on SoC LS1021A") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- drivers/soc/fsl/rcpm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/soc/fsl/rcpm.c b/drivers/soc/fsl/rcpm.c index 3d0cae30c769..06bd94b29fb3 100644 --- a/drivers/soc/fsl/rcpm.c +++ b/drivers/soc/fsl/rcpm.c @@ -36,6 +36,7 @@ static void copy_ippdexpcr1_setting(u32 val) return; regs = of_iomap(np, 0); + of_node_put(np); if (!regs) return; --- base-commit: d61a00525464bfc5fe92c6ad713350988e492b88 change-id: 20241013-rcpm-of_node_put-5e94e5bf1230 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

8 months, 1 week

1
0
0 0

[PATCH] firmware: tf: fix missing of_node_put() in of_register_trusted_foundation()

by Javier Carrasco

of_find_compatible_node() requires a call to of_node_put() when the pointer to the node is not required anymore to decrement its refcount and avoid leaking memory. Add the missing call to of_node_put() after the node has been used. Cc: stable(a)vger.kernel.org Fixes: d9a1beaa10e8 ("ARM: add basic support for Trusted Foundations") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- drivers/firmware/trusted_foundations.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/firmware/trusted_foundations.c b/drivers/firmware/trusted_foundations.c index 1389fa9418a7..e9fc79805c3e 100644 --- a/drivers/firmware/trusted_foundations.c +++ b/drivers/firmware/trusted_foundations.c @@ -175,6 +175,7 @@ void of_register_trusted_foundations(void) &pdata.version_minor); if (err != 0) panic("Trusted Foundation: missing version-minor property\n"); + of_node_put(node); register_trusted_foundations(&pdata); } --- base-commit: d61a00525464bfc5fe92c6ad713350988e492b88 change-id: 20241013-trusted_foundations-of_node_put-4b905f3ba009 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

8 months, 1 week

1
0
0 0

[PATCH] soc: imx8m: Fix missing refcount decrement in error path for np

by Javier Carrasco

An error path was introduced without including the required call to of_node_put() to decrement the node's refcount and avoid leaking memory. If the call to of_clk_get_by_name() for 'clk' fails, the probe returns without decrementing the refcount. Use the automatic cleanup facility to fix the bug and protect the code against new error paths where the call to of_node_put() might be missing again. Cc: stable(a)vger.kernel.org Fixes: 836fb30949d9 ("soc: imx8m: Enable OCOTP clock before reading the register") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- drivers/soc/imx/soc-imx8m.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/soc/imx/soc-imx8m.c b/drivers/soc/imx/soc-imx8m.c index fe111bae38c8..ba8c0bdd60aa 100644 --- a/drivers/soc/imx/soc-imx8m.c +++ b/drivers/soc/imx/soc-imx8m.c @@ -99,12 +99,12 @@ static u32 __init imx8mq_soc_revision(void) static void __init imx8mm_soc_uid(void) { void __iomem *ocotp_base; - struct device_node *np; + struct device_node *np __free(device_node) = + of_find_compatible_node(NULL, NULL, "fsl,imx8mm-ocotp"); struct clk *clk; u32 offset = of_machine_is_compatible("fsl,imx8mp") ? IMX8MP_OCOTP_UID_OFFSET : 0; - np = of_find_compatible_node(NULL, NULL, "fsl,imx8mm-ocotp"); if (!np) return; @@ -125,7 +125,6 @@ static void __init imx8mm_soc_uid(void) clk_disable_unprepare(clk); clk_put(clk); iounmap(ocotp_base); - of_node_put(np); } static u32 __init imx8mm_soc_revision(void) --- base-commit: d61a00525464bfc5fe92c6ad713350988e492b88 change-id: 20241013-soc-imx8m-of_node_put-526a1c8ab540 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

8 months, 1 week

1
0
0 0

[PATCH 6.1+] HID: multitouch: Add support for lenovo Y9000P Touchpad

by WangYuli

From: He Lugang <helugang(a)uniontech.com> [ Upstream commit 251efae73bd46b097deec4f9986d926813aed744 ] The 2024 Lenovo Y9000P which use GT7868Q chip also needs a fixup. The information of the chip is as follows: I2C HID v1.00 Mouse [GXTP5100:00 27C6:01E0] Signed-off-by: He Lugang <helugang(a)uniontech.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- drivers/hid/hid-ids.h | 1 + drivers/hid/hid-multitouch.c | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h index 06104a4e0fdc..86820a3d9766 100644 --- a/drivers/hid/hid-ids.h +++ b/drivers/hid/hid-ids.h @@ -505,6 +505,7 @@ #define USB_DEVICE_ID_GENERAL_TOUCH_WIN8_PIT_E100 0xe100 #define I2C_VENDOR_ID_GOODIX 0x27c6 +#define I2C_DEVICE_ID_GOODIX_01E0 0x01e0 #define I2C_DEVICE_ID_GOODIX_01E8 0x01e8 #define I2C_DEVICE_ID_GOODIX_01E9 0x01e9 #define I2C_DEVICE_ID_GOODIX_01F0 0x01f0 diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index c4a6908bbe54..847462650549 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -1446,7 +1446,8 @@ static __u8 *mt_report_fixup(struct hid_device *hdev, __u8 *rdesc, { if (hdev->vendor == I2C_VENDOR_ID_GOODIX && (hdev->product == I2C_DEVICE_ID_GOODIX_01E8 || - hdev->product == I2C_DEVICE_ID_GOODIX_01E9)) { + hdev->product == I2C_DEVICE_ID_GOODIX_01E9 || + hdev->product == I2C_DEVICE_ID_GOODIX_01E0)) { if (rdesc[607] == 0x15) { rdesc[607] = 0x25; dev_info( @@ -2065,7 +2066,10 @@ static const struct hid_device_id mt_devices[] = { I2C_DEVICE_ID_GOODIX_01E8) }, { .driver_data = MT_CLS_WIN_8_FORCE_MULTI_INPUT_NSMU, HID_DEVICE(BUS_I2C, HID_GROUP_ANY, I2C_VENDOR_ID_GOODIX, - I2C_DEVICE_ID_GOODIX_01E8) }, + I2C_DEVICE_ID_GOODIX_01E9) }, + { .driver_data = MT_CLS_WIN_8_FORCE_MULTI_INPUT_NSMU, + HID_DEVICE(BUS_I2C, HID_GROUP_ANY, I2C_VENDOR_ID_GOODIX, + I2C_DEVICE_ID_GOODIX_01E0) }, /* GoodTouch panels */ { .driver_data = MT_CLS_NSMU, -- 2.45.2

8 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] lockdep: fix deadlock issue between lockdep and rcu" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a6f88ac32c6e63e69c595bfae220d8641704c9b7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100226-unselfish-triangle-e5eb@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: a6f88ac32c6e ("lockdep: fix deadlock issue between lockdep and rcu") 61cc4534b655 ("locking/lockdep: Avoid potential access of invalid memory in lock_class") 248efb2158f1 ("locking/lockdep: Rework lockdep_lock") 10476e630422 ("locking/lockdep: Fix bad recursion pattern") 25016bd7f4ca ("locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a6f88ac32c6e63e69c595bfae220d8641704c9b7 Mon Sep 17 00:00:00 2001 From: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Date: Thu, 20 Jun 2024 22:54:34 +0000 Subject: [PATCH] lockdep: fix deadlock issue between lockdep and rcu There is a deadlock scenario between lockdep and rcu when rcu nocb feature is enabled, just as following call stack: rcuop/x -000|queued_spin_lock_slowpath(lock = 0xFFFFFF817F2A8A80, val = ?) -001|queued_spin_lock(inline) // try to hold nocb_gp_lock -001|do_raw_spin_lock(lock = 0xFFFFFF817F2A8A80) -002|__raw_spin_lock_irqsave(inline) -002|_raw_spin_lock_irqsave(lock = 0xFFFFFF817F2A8A80) -003|wake_nocb_gp_defer(inline) -003|__call_rcu_nocb_wake(rdp = 0xFFFFFF817F30B680) -004|__call_rcu_common(inline) -004|call_rcu(head = 0xFFFFFFC082EECC28, func = ?) -005|call_rcu_zapped(inline) -005|free_zapped_rcu(ch = ?)// hold graph lock -006|rcu_do_batch(rdp = 0xFFFFFF817F245680) -007|nocb_cb_wait(inline) -007|rcu_nocb_cb_kthread(arg = 0xFFFFFF817F245680) -008|kthread(_create = 0xFFFFFF80803122C0) -009|ret_from_fork(asm) rcuop/y -000|queued_spin_lock_slowpath(lock = 0xFFFFFFC08291BBC8, val = 0) -001|queued_spin_lock() -001|lockdep_lock() -001|graph_lock() // try to hold graph lock -002|lookup_chain_cache_add() -002|validate_chain() -003|lock_acquire -004|_raw_spin_lock_irqsave(lock = 0xFFFFFF817F211D80) -005|lock_timer_base(inline) -006|mod_timer(inline) -006|wake_nocb_gp_defer(inline)// hold nocb_gp_lock -006|__call_rcu_nocb_wake(rdp = 0xFFFFFF817F2A8680) -007|__call_rcu_common(inline) -007|call_rcu(head = 0xFFFFFFC0822E0B58, func = ?) -008|call_rcu_hurry(inline) -008|rcu_sync_call(inline) -008|rcu_sync_func(rhp = 0xFFFFFFC0822E0B58) -009|rcu_do_batch(rdp = 0xFFFFFF817F266680) -010|nocb_cb_wait(inline) -010|rcu_nocb_cb_kthread(arg = 0xFFFFFF817F266680) -011|kthread(_create = 0xFFFFFF8080363740) -012|ret_from_fork(asm) rcuop/x and rcuop/y are rcu nocb threads with the same nocb gp thread. This patch release the graph lock before lockdep call_rcu. Fixes: a0b0fd53e1e6 ("locking/lockdep: Free lock classes that are no longer in use") Cc: stable(a)vger.kernel.org Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Waiman Long <longman(a)redhat.com> Cc: Carlos Llamas <cmllamas(a)google.com> Cc: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Xuewen Yan <xuewen.yan(a)unisoc.com> Reviewed-by: Waiman Long <longman(a)redhat.com> Reviewed-by: Carlos Llamas <cmllamas(a)google.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Acked-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> Link: https://lore.kernel.org/r/20240620225436.3127927-1-cmllamas@google.com diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c index 266f57f36f69..b172ead28f1c 100644 --- a/kernel/locking/lockdep.c +++ b/kernel/locking/lockdep.c @@ -6186,25 +6186,27 @@ static struct pending_free *get_pending_free(void) static void free_zapped_rcu(struct rcu_head *cb); /* - * Schedule an RCU callback if no RCU callback is pending. Must be called with - * the graph lock held. - */ -static void call_rcu_zapped(struct pending_free *pf) +* See if we need to queue an RCU callback, must called with +* the lockdep lock held, returns false if either we don't have +* any pending free or the callback is already scheduled. +* Otherwise, a call_rcu() must follow this function call. +*/ +static bool prepare_call_rcu_zapped(struct pending_free *pf) { WARN_ON_ONCE(inside_selftest()); if (list_empty(&pf->zapped)) - return; + return false; if (delayed_free.scheduled) - return; + return false; delayed_free.scheduled = true; WARN_ON_ONCE(delayed_free.pf + delayed_free.index != pf); delayed_free.index ^= 1; - call_rcu(&delayed_free.rcu_head, free_zapped_rcu); + return true; } /* The caller must hold the graph lock. May be called from RCU context. */ @@ -6230,6 +6232,7 @@ static void free_zapped_rcu(struct rcu_head *ch) { struct pending_free *pf; unsigned long flags; + bool need_callback; if (WARN_ON_ONCE(ch != &delayed_free.rcu_head)) return; @@ -6241,14 +6244,18 @@ static void free_zapped_rcu(struct rcu_head *ch) pf = delayed_free.pf + (delayed_free.index ^ 1); __free_zapped_classes(pf); delayed_free.scheduled = false; - - /* - * If there's anything on the open list, close and start a new callback. - */ - call_rcu_zapped(delayed_free.pf + delayed_free.index); - + need_callback = + prepare_call_rcu_zapped(delayed_free.pf + delayed_free.index); lockdep_unlock(); raw_local_irq_restore(flags); + + /* + * If there's pending free and its callback has not been scheduled, + * queue an RCU callback. + */ + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); + } /* @@ -6288,6 +6295,7 @@ static void lockdep_free_key_range_reg(void *start, unsigned long size) { struct pending_free *pf; unsigned long flags; + bool need_callback; init_data_structures_once(); @@ -6295,10 +6303,11 @@ static void lockdep_free_key_range_reg(void *start, unsigned long size) lockdep_lock(); pf = get_pending_free(); __lockdep_free_key_range(pf, start, size); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); lockdep_unlock(); raw_local_irq_restore(flags); - + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); /* * Wait for any possible iterators from look_up_lock_class() to pass * before continuing to free the memory they refer to. @@ -6392,6 +6401,7 @@ static void lockdep_reset_lock_reg(struct lockdep_map *lock) struct pending_free *pf; unsigned long flags; int locked; + bool need_callback = false; raw_local_irq_save(flags); locked = graph_lock(); @@ -6400,11 +6410,13 @@ static void lockdep_reset_lock_reg(struct lockdep_map *lock) pf = get_pending_free(); __lockdep_reset_lock(pf, lock); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); graph_unlock(); out_irq: raw_local_irq_restore(flags); + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); } /* @@ -6448,6 +6460,7 @@ void lockdep_unregister_key(struct lock_class_key *key) struct pending_free *pf; unsigned long flags; bool found = false; + bool need_callback = false; might_sleep(); @@ -6468,11 +6481,14 @@ void lockdep_unregister_key(struct lock_class_key *key) if (found) { pf = get_pending_free(); __lockdep_free_key_range(pf, key, 1); - call_rcu_zapped(pf); + need_callback = prepare_call_rcu_zapped(pf); } lockdep_unlock(); raw_local_irq_restore(flags); + if (need_callback) + call_rcu(&delayed_free.rcu_head, free_zapped_rcu); + /* Wait until is_dynamic_key() has finished accessing k->hash_entry. */ synchronize_rcu(); }

8 months, 1 week

3
3
0 0

+ mm-dont-install-pmd-mappings-when-thps-are-disabled-by-the-hw-process-vma.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: don't install PMD mappings when THPs are disabled by the hw/process/vma has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-dont-install-pmd-mappings-when-thps-are-disabled-by-the-hw-process-vma.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm: don't install PMD mappings when THPs are disabled by the hw/process/vma Date: Fri, 11 Oct 2024 12:24:45 +0200 We (or rather, readahead logic :) ) might be allocating a THP in the pagecache and then try mapping it into a process that explicitly disabled THP: we might end up installing PMD mappings. This is a problem for s390x KVM, which explicitly remaps all PMD-mapped THPs to be PTE-mapped in s390_enable_sie()->thp_split_mm(), before starting the VM. For example, starting a VM backed on a file system with large folios supported makes the VM crash when the VM tries accessing such a mapping using KVM. Is it also a problem when the HW disabled THP using TRANSPARENT_HUGEPAGE_UNSUPPORTED? At least on x86 this would be the case without X86_FEATURE_PSE. In the future, we might be able to do better on s390x and only disallow PMD mappings -- what s390x and likely TRANSPARENT_HUGEPAGE_UNSUPPORTED really wants. For now, fix it by essentially performing the same check as would be done in __thp_vma_allowable_orders() or in shmem code, where this works as expected, and disallow PMD mappings, making us fallback to PTE mappings. Link: https://lkml.kernel.org/r/20241011102445.934409-3-david@redhat.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Leo Fu <bfu(a)redhat.com> Tested-by: Thomas Huth <thuth(a)redhat.com> Cc: Thomas Huth <thuth(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Janosch Frank <frankja(a)linux.ibm.com> Cc: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/mm/memory.c~mm-dont-install-pmd-mappings-when-thps-are-disabled-by-the-hw-process-vma +++ a/mm/memory.c @@ -4931,6 +4931,15 @@ vm_fault_t do_set_pmd(struct vm_fault *v pmd_t entry; vm_fault_t ret = VM_FAULT_FALLBACK; + /* + * It is too late to allocate a small folio, we already have a large + * folio in the pagecache: especially s390 KVM cannot tolerate any + * PMD mappings, but PTE-mapped THP are fine. So let's simply refuse any + * PMD mappings if THPs are disabled. + */ + if (thp_disabled_by_hw() || vma_thp_disabled(vma, vma->vm_flags)) + return ret; + if (!thp_vma_suitable_order(vma, haddr, PMD_ORDER)) return ret; _ Patches currently in -mm which might be from david(a)redhat.com are mm-dont-install-pmd-mappings-when-thps-are-disabled-by-the-hw-process-vma.patch selftests-mm-hugetlb_fault_after_madv-use-default-hguetlb-page-size.patch selftests-mm-hugetlb_fault_after_madv-improve-test-output.patch

8 months, 1 week

1
0
0 0

+ mm-huge_memory-add-vma_thp_disabled-and-thp_disabled_by_hw.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: huge_memory: add vma_thp_disabled() and thp_disabled_by_hw() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-add-vma_thp_disabled-and-thp_disabled_by_hw.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kefeng Wang <wangkefeng.wang(a)huawei.com> Subject: mm: huge_memory: add vma_thp_disabled() and thp_disabled_by_hw() Date: Fri, 11 Oct 2024 12:24:44 +0200 Patch series "mm: don't install PMD mappings when THPs are disabled by the hw/process/vma". During testing, it was found that we can get PMD mappings in processes where THP (and more precisely, PMD mappings) are supposed to be disabled. While it works as expected for anon+shmem, the pagecache is the problematic bit. For s390 KVM this currently means that a VM backed by a file located on filesystem with large folio support can crash when KVM tries accessing the problematic page, because the readahead logic might decide to use a PMD-sized THP and faulting it into the page tables will install a PMD mapping, something that s390 KVM cannot tolerate. This might also be a problem with HW that does not support PMD mappings, but I did not try reproducing it. Fix it by respecting the ways to disable THPs when deciding whether we can install a PMD mapping. khugepaged should already be taking care of not collapsing if THPs are effectively disabled for the hw/process/vma. This patch (of 2): Add vma_thp_disabled() and thp_disabled_by_hw() helpers to be shared by shmem_allowable_huge_orders() and __thp_vma_allowable_orders(). [david(a)redhat.com: rename to vma_thp_disabled(), split out thp_disabled_by_hw() ] Link: https://lkml.kernel.org/r/20241011102445.934409-2-david@redhat.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Leo Fu <bfu(a)redhat.com> Tested-by: Thomas Huth <thuth(a)redhat.com> Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Boqiao Fu <bfu(a)redhat.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Janosch Frank <frankja(a)linux.ibm.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/huge_mm.h | 18 ++++++++++++++++++ mm/huge_memory.c | 13 +------------ mm/shmem.c | 7 +------ 3 files changed, 20 insertions(+), 18 deletions(-) --- a/include/linux/huge_mm.h~mm-huge_memory-add-vma_thp_disabled-and-thp_disabled_by_hw +++ a/include/linux/huge_mm.h @@ -322,6 +322,24 @@ struct thpsize { (transparent_hugepage_flags & \ (1<<TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG)) +static inline bool vma_thp_disabled(struct vm_area_struct *vma, + unsigned long vm_flags) +{ + /* + * Explicitly disabled through madvise or prctl, or some + * architectures may disable THP for some mappings, for + * example, s390 kvm. + */ + return (vm_flags & VM_NOHUGEPAGE) || + test_bit(MMF_DISABLE_THP, &vma->vm_mm->flags); +} + +static inline bool thp_disabled_by_hw(void) +{ + /* If the hardware/firmware marked hugepage support disabled. */ + return transparent_hugepage_flags & (1 << TRANSPARENT_HUGEPAGE_UNSUPPORTED); +} + unsigned long thp_get_unmapped_area(struct file *filp, unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags); unsigned long thp_get_unmapped_area_vmflags(struct file *filp, unsigned long addr, --- a/mm/huge_memory.c~mm-huge_memory-add-vma_thp_disabled-and-thp_disabled_by_hw +++ a/mm/huge_memory.c @@ -109,18 +109,7 @@ unsigned long __thp_vma_allowable_orders if (!vma->vm_mm) /* vdso */ return 0; - /* - * Explicitly disabled through madvise or prctl, or some - * architectures may disable THP for some mappings, for - * example, s390 kvm. - * */ - if ((vm_flags & VM_NOHUGEPAGE) || - test_bit(MMF_DISABLE_THP, &vma->vm_mm->flags)) - return 0; - /* - * If the hardware/firmware marked hugepage support disabled. - */ - if (transparent_hugepage_flags & (1 << TRANSPARENT_HUGEPAGE_UNSUPPORTED)) + if (thp_disabled_by_hw() || vma_thp_disabled(vma, vm_flags)) return 0; /* khugepaged doesn't collapse DAX vma, but page fault is fine. */ --- a/mm/shmem.c~mm-huge_memory-add-vma_thp_disabled-and-thp_disabled_by_hw +++ a/mm/shmem.c @@ -1664,12 +1664,7 @@ unsigned long shmem_allowable_huge_order loff_t i_size; int order; - if (vma && ((vm_flags & VM_NOHUGEPAGE) || - test_bit(MMF_DISABLE_THP, &vma->vm_mm->flags))) - return 0; - - /* If the hardware/firmware marked hugepage support disabled. */ - if (transparent_hugepage_flags & (1 << TRANSPARENT_HUGEPAGE_UNSUPPORTED)) + if (thp_disabled_by_hw() || (vma && vma_thp_disabled(vma, vm_flags))) return 0; global_huge = shmem_huge_global_enabled(inode, index, write_end, _ Patches currently in -mm which might be from wangkefeng.wang(a)huawei.com are mm-huge_memory-add-vma_thp_disabled-and-thp_disabled_by_hw.patch mm-remove-unused-hugepage-for-vma_alloc_folio.patch

8 months, 1 week

1
0
0 0

+ mm-khugepaged-fix-the-arguments-order-in-khugepaged_collapse_file-trace-point.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-khugepaged-fix-the-arguments-order-in-khugepaged_collapse_file-trace-point.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yang Shi <yang(a)os.amperecomputing.com> Subject: mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point Date: Fri, 11 Oct 2024 18:17:02 -0700 The "addr" and "is_shmem" arguments have different order in TP_PROTO and TP_ARGS. This resulted in the incorrect trace result: text-hugepage-644429 [276] 392092.878683: mm_khugepaged_collapse_file: mm=0xffff20025d52c440, hpage_pfn=0x200678c00, index=512, addr=1, is_shmem=0, filename=text-hugepage, nr=512, result=failed The value of "addr" is wrong because it was treated as bool value, the type of is_shmem. Fix the order in TP_PROTO to keep "addr" is before "is_shmem" since the original patch review suggested this order to achieve best packing. And use "lx" for "addr" instead of "ld" in TP_printk because address is typically shown in hex. After the fix, the trace result looks correct: text-hugepage-7291 [004] 128.627251: mm_khugepaged_collapse_file: mm=0xffff0001328f9500, hpage_pfn=0x20016ea00, index=512, addr=0x400000, is_shmem=0, filename=text-hugepage, nr=512, result=failed Link: https://lkml.kernel.org/r/20241012011702.1084846-1-yang@os.amperecomputing.… Fixes: 4c9473e87e75 ("mm/khugepaged: add tracepoint to collapse_file()") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Cc: Gautam Menghani <gautammenghani201(a)gmail.com> Cc: Steven Rostedt (Google) <rostedt(a)goodmis.org> Cc: <stable(a)vger.kernel.org> [6.2+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/trace/events/huge_memory.h | 4 ++-- mm/khugepaged.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) --- a/include/trace/events/huge_memory.h~mm-khugepaged-fix-the-arguments-order-in-khugepaged_collapse_file-trace-point +++ a/include/trace/events/huge_memory.h @@ -208,7 +208,7 @@ TRACE_EVENT(mm_khugepaged_scan_file, TRACE_EVENT(mm_khugepaged_collapse_file, TP_PROTO(struct mm_struct *mm, struct folio *new_folio, pgoff_t index, - bool is_shmem, unsigned long addr, struct file *file, + unsigned long addr, bool is_shmem, struct file *file, int nr, int result), TP_ARGS(mm, new_folio, index, addr, is_shmem, file, nr, result), TP_STRUCT__entry( @@ -233,7 +233,7 @@ TRACE_EVENT(mm_khugepaged_collapse_file, __entry->result = result; ), - TP_printk("mm=%p, hpage_pfn=0x%lx, index=%ld, addr=%ld, is_shmem=%d, filename=%s, nr=%d, result=%s", + TP_printk("mm=%p, hpage_pfn=0x%lx, index=%ld, addr=%lx, is_shmem=%d, filename=%s, nr=%d, result=%s", __entry->mm, __entry->hpfn, __entry->index, --- a/mm/khugepaged.c~mm-khugepaged-fix-the-arguments-order-in-khugepaged_collapse_file-trace-point +++ a/mm/khugepaged.c @@ -2227,7 +2227,7 @@ rollback: folio_put(new_folio); out: VM_BUG_ON(!list_empty(&pagelist)); - trace_mm_khugepaged_collapse_file(mm, new_folio, index, is_shmem, addr, file, HPAGE_PMD_NR, result); + trace_mm_khugepaged_collapse_file(mm, new_folio, index, addr, is_shmem, file, HPAGE_PMD_NR, result); return result; } _ Patches currently in -mm which might be from yang(a)os.amperecomputing.com are mm-khugepaged-fix-the-arguments-order-in-khugepaged_collapse_file-trace-point.patch

8 months, 1 week

1
0
0 0

[PATCH net v1 1] net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-link PHY

by Oleksij Rempel

A boot delay was introduced by commit 79540d133ed6 ("net: macb: Fix handling of fixed-link node"). This delay was caused by the call to `mdiobus_register()` in cases where a fixed-link PHY was present. The MDIO bus registration triggered unnecessary PHY address scans, leading to a 20-second delay due to attempts to detect Clause 45 (C45) compatible PHYs, despite no MDIO bus being attached. The commit 79540d133ed6 ("net: macb: Fix handling of fixed-link node") was originally introduced to fix a regression caused by commit 7897b071ac3b4 ("net: macb: convert to phylink"), which caused the driver to misinterpret fixed-link nodes as PHY nodes. This resulted in warnings like: mdio_bus f0028000.ethernet-ffffffff: fixed-link has invalid PHY address mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 0 ... mdio_bus f0028000.ethernet-ffffffff: scan phy fixed-link at address 31 This patch reworks the logic to avoid registering and allocation of the MDIO bus when: - The device tree contains a fixed-link node. - There is no "mdio" child node in the device tree. If a child node named "mdio" exists, the MDIO bus will be registered to support PHYs attached to the MACB's MDIO bus. Otherwise, with only a fixed-link, the MDIO bus is skipped. Tested on a sama5d35 based system with a ksz8863 switch attached to macb0. Fixes: 79540d133ed6 ("net: macb: Fix handling of fixed-link node") Signed-off-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Cc: stable(a)vger.kernel.org --- drivers/net/ethernet/cadence/macb_main.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index f06babec04a0b..e4ee55bc53ba7 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -930,9 +930,6 @@ static int macb_mdiobus_register(struct macb *bp) return ret; } - if (of_phy_is_fixed_link(np)) - return mdiobus_register(bp->mii_bus); - /* Only create the PHY from the device tree if at least one PHY is * described. Otherwise scan the entire MDIO bus. We do this to support * old device tree that did not follow the best practices and did not @@ -953,8 +950,19 @@ static int macb_mdiobus_register(struct macb *bp) static int macb_mii_init(struct macb *bp) { + struct device_node *child, *np = bp->pdev->dev.of_node; int err = -ENXIO; + /* With fixed-link, we don't need to register the MDIO bus, + * except if we have a child named "mdio" in the device tree. + * In that case, some PHYs may be attached to the MACB's MDIO bus. + */ + child = of_get_child_by_name(np, "mdio"); + if (child) + of_node_put(child); + else if (of_phy_is_fixed_link(np)) + return macb_mii_probe(bp->dev); + /* Enable management port */ macb_writel(bp, NCR, MACB_BIT(MPE)); -- 2.39.5

8 months, 1 week

2
1
0 0

[PATCH v5 00/10] iio: add support for the ad3552r AXI DAC IP

by Angelo Dureghello

Purpose is to add ad3552r AXI DAC (fpga-based) support. The "ad3552r" AXI IP, a variant of the generic "DAC" AXI IP, has been created to reach the maximum speed (33MUPS) supported from the ad3552r. To obtain the maximum transfer rate, a custom IP core module has been implemented with a QSPI interface with DDR (Double Data Rate) mode. The design is actually using the DAC backend since the register map is the same of the generic DAC IP, except for some customized bitfields. For this reason, a new "compatible" has been added in adi-axi-dac.c. Also, backend has been extended with all the needed functions for this use case, keeping the names gneric. The following patch is actually applying to linux-iio/testing. --- Changes in v2: - use unsigned int on bus_reg_read/write - add a compatible in axi-dac backend for the ad3552r DAC IP - minor code alignment fixes - fix a return value not checked - change devicetree structure setting ad3552r-axi as a backend subnode - add synchronous_mode_available in the ABI doc Changes in v3: - changing AXI backend approach using a dac ip compatible - fdt bindings updates accordingly - fdt, ad3552r device must be a subnode of the backend - allow probe of child devices - passing QSPI bus access function by platform data - move synchronous mode as a fdt parameter - reorganizing defines in proper patches - fix make dt_binding_check errors - fix ad3552r maximum SPI speed - fix samplerate calulcation - minor code style fixes Changes in v4: - fix Kconfig - fix backend documentation - driver renamed to a more gneric "high speed" (ad3552r-hs) - restyled axi-dac register names - removed synchronous support, dead code (could be added in the future with David sugestions if needed) - renaming backend buffer enable/disable calls - using model_data in common code - using devm_add_action_or_reset - minor code style fixes Changes in v5: - patch 2/11 set before fix of ADI_DAC_R1_MODE patch - fix dt binding check error - patch 4/11 removed - fix stream enable/disable call names - fix axi-dac clock names - fix axi-dac platform device unregistering - minor code style fixes Signed-off-by: Angelo Dureghello <adureghello(a)baylibre.com> --- Angelo Dureghello (10): iio: dac: adi-axi-dac: fix wrong register bitfield iio: dac: adi-axi-dac: update register names dt-bindings: iio: dac: ad3552r: add iio backend support dt-bindings: iio: dac: adi-axi-dac: add ad3552r axi variant iio: backend: extend features iio: dac: adi-axi-dac: extend features iio: dac: ad3552r: changes to use FIELD_PREP iio: dac: ad3552r: extract common code (no changes in behavior intended) iio: dac: ad3552r: add high-speed platform driver iio: dac: adi-axi-dac: add registering of child fdt node .../devicetree/bindings/iio/dac/adi,ad3552r.yaml | 7 + .../devicetree/bindings/iio/dac/adi,axi-dac.yaml | 56 ++- drivers/iio/dac/Kconfig | 14 + drivers/iio/dac/Makefile | 3 +- drivers/iio/dac/ad3552r-common.c | 170 +++++++ drivers/iio/dac/ad3552r-hs.c | 526 +++++++++++++++++++++ drivers/iio/dac/ad3552r.c | 461 +++--------------- drivers/iio/dac/ad3552r.h | 207 ++++++++ drivers/iio/dac/adi-axi-dac.c | 483 ++++++++++++++++--- drivers/iio/industrialio-backend.c | 78 +++ include/linux/iio/backend.h | 17 + include/linux/platform_data/ad3552r-hs.h | 18 + 12 files changed, 1573 insertions(+), 467 deletions(-) --- base-commit: a620cae575523a8c922ad0842647ca38fc6ccd3c change-id: 20241008-wip-bl-ad3552r-axi-v0-iio-testing-3d15e90e1eb5 Best regards, -- Angelo Dureghello <adureghello(a)baylibre.com>

8 months, 1 week

2
2
0 0

[PATCH AUTOSEL 5.15 1/9] usbnet: ipheth: race between ipheth_close and error handling

by Sasha Levin

From: Oliver Neukum <oneukum(a)suse.com> [ Upstream commit e5876b088ba03a62124266fa20d00e65533c7269 ] ipheth_sndbulk_callback() can submit carrier_work as a part of its error handling. That means that the driver must make sure that the work is cancelled after it has made sure that no more URB can terminate with an error condition. Hence the order of actions in ipheth_close() needs to be inverted. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Foster Snowhill <forst(a)pen.gy> Tested-by: Georgi Valkov <gvalkov(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/usb/ipheth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c index d56e276e4d805..4485388dcff2e 100644 --- a/drivers/net/usb/ipheth.c +++ b/drivers/net/usb/ipheth.c @@ -353,8 +353,8 @@ static int ipheth_close(struct net_device *net) { struct ipheth_device *dev = netdev_priv(net); - cancel_delayed_work_sync(&dev->carrier_work); netif_stop_queue(net); + cancel_delayed_work_sync(&dev->carrier_work); return 0; } -- 2.43.0

8 months, 1 week

1
8
0 0

[PATCH AUTOSEL 6.6 01/20] ksmbd: override fsids for share path check

by Sasha Levin

From: Namjae Jeon <linkinjeon(a)kernel.org> [ Upstream commit a018c1b636e79b60149b41151ded7c2606d8606e ] Sangsoo reported that a DAC denial error occurred when accessing files through the ksmbd thread. This patch override fsids for share path check. Reported-by: Sangsoo Lee <constant.lee(a)samsung.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/smb/server/mgmt/share_config.c | 15 ++++++++++++--- fs/smb/server/mgmt/share_config.h | 4 +++- fs/smb/server/mgmt/tree_connect.c | 9 +++++---- fs/smb/server/mgmt/tree_connect.h | 4 ++-- fs/smb/server/smb2pdu.c | 2 +- fs/smb/server/smb_common.c | 9 +++++++-- fs/smb/server/smb_common.h | 2 ++ 7 files changed, 32 insertions(+), 13 deletions(-) diff --git a/fs/smb/server/mgmt/share_config.c b/fs/smb/server/mgmt/share_config.c index e0a6b758094fc..d8d03070ae44b 100644 --- a/fs/smb/server/mgmt/share_config.c +++ b/fs/smb/server/mgmt/share_config.c @@ -15,6 +15,7 @@ #include "share_config.h" #include "user_config.h" #include "user_session.h" +#include "../connection.h" #include "../transport_ipc.h" #include "../misc.h" @@ -120,12 +121,13 @@ static int parse_veto_list(struct ksmbd_share_config *share, return 0; } -static struct ksmbd_share_config *share_config_request(struct unicode_map *um, +static struct ksmbd_share_config *share_config_request(struct ksmbd_work *work, const char *name) { struct ksmbd_share_config_response *resp; struct ksmbd_share_config *share = NULL; struct ksmbd_share_config *lookup; + struct unicode_map *um = work->conn->um; int ret; resp = ksmbd_ipc_share_config_request(name); @@ -181,7 +183,14 @@ static struct ksmbd_share_config *share_config_request(struct unicode_map *um, KSMBD_SHARE_CONFIG_VETO_LIST(resp), resp->veto_list_sz); if (!ret && share->path) { + if (__ksmbd_override_fsids(work, share)) { + kill_share(share); + share = NULL; + goto out; + } + ret = kern_path(share->path, 0, &share->vfs_path); + ksmbd_revert_fsids(work); if (ret) { ksmbd_debug(SMB, "failed to access '%s'\n", share->path); @@ -214,7 +223,7 @@ static struct ksmbd_share_config *share_config_request(struct unicode_map *um, return share; } -struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, +struct ksmbd_share_config *ksmbd_share_config_get(struct ksmbd_work *work, const char *name) { struct ksmbd_share_config *share; @@ -227,7 +236,7 @@ struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, if (share) return share; - return share_config_request(um, name); + return share_config_request(work, name); } bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, diff --git a/fs/smb/server/mgmt/share_config.h b/fs/smb/server/mgmt/share_config.h index 5f591751b9236..d4ac2dd4de204 100644 --- a/fs/smb/server/mgmt/share_config.h +++ b/fs/smb/server/mgmt/share_config.h @@ -11,6 +11,8 @@ #include <linux/path.h> #include <linux/unicode.h> +struct ksmbd_work; + struct ksmbd_share_config { char *name; char *path; @@ -68,7 +70,7 @@ static inline void ksmbd_share_config_put(struct ksmbd_share_config *share) __ksmbd_share_config_put(share); } -struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, +struct ksmbd_share_config *ksmbd_share_config_get(struct ksmbd_work *work, const char *name); bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, const char *filename); diff --git a/fs/smb/server/mgmt/tree_connect.c b/fs/smb/server/mgmt/tree_connect.c index d2c81a8a11dda..94a52a75014a4 100644 --- a/fs/smb/server/mgmt/tree_connect.c +++ b/fs/smb/server/mgmt/tree_connect.c @@ -16,17 +16,18 @@ #include "user_session.h" struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, - const char *share_name) +ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) { struct ksmbd_tree_conn_status status = {-ENOENT, NULL}; struct ksmbd_tree_connect_response *resp = NULL; struct ksmbd_share_config *sc; struct ksmbd_tree_connect *tree_conn = NULL; struct sockaddr *peer_addr; + struct ksmbd_conn *conn = work->conn; + struct ksmbd_session *sess = work->sess; int ret; - sc = ksmbd_share_config_get(conn->um, share_name); + sc = ksmbd_share_config_get(work, share_name); if (!sc) return status; @@ -61,7 +62,7 @@ ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, struct ksmbd_share_config *new_sc; ksmbd_share_config_del(sc); - new_sc = ksmbd_share_config_get(conn->um, share_name); + new_sc = ksmbd_share_config_get(work, share_name); if (!new_sc) { pr_err("Failed to update stale share config\n"); status.ret = -ESTALE; diff --git a/fs/smb/server/mgmt/tree_connect.h b/fs/smb/server/mgmt/tree_connect.h index 6377a70b811c8..a42cdd0510411 100644 --- a/fs/smb/server/mgmt/tree_connect.h +++ b/fs/smb/server/mgmt/tree_connect.h @@ -13,6 +13,7 @@ struct ksmbd_share_config; struct ksmbd_user; struct ksmbd_conn; +struct ksmbd_work; enum { TREE_NEW = 0, @@ -50,8 +51,7 @@ static inline int test_tree_conn_flag(struct ksmbd_tree_connect *tree_conn, struct ksmbd_session; struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, - const char *share_name); +ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name); void ksmbd_tree_connect_put(struct ksmbd_tree_connect *tcon); int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 592a2cdfd0670..646c874d151a8 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -1955,7 +1955,7 @@ int smb2_tree_connect(struct ksmbd_work *work) ksmbd_debug(SMB, "tree connect request for tree %s treename %s\n", name, treename); - status = ksmbd_tree_conn_connect(conn, sess, name); + status = ksmbd_tree_conn_connect(work, name); if (status.ret == KSMBD_TREE_CONN_STATUS_OK) rsp->hdr.Id.SyncId.TreeId = cpu_to_le32(status.tree_conn->id); else diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index 474dadf6b7b8b..13818ecb6e1b2 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -732,10 +732,10 @@ bool is_asterisk(char *p) return p && p[0] == '*'; } -int ksmbd_override_fsids(struct ksmbd_work *work) +int __ksmbd_override_fsids(struct ksmbd_work *work, + struct ksmbd_share_config *share) { struct ksmbd_session *sess = work->sess; - struct ksmbd_share_config *share = work->tcon->share_conf; struct cred *cred; struct group_info *gi; unsigned int uid; @@ -775,6 +775,11 @@ int ksmbd_override_fsids(struct ksmbd_work *work) return 0; } +int ksmbd_override_fsids(struct ksmbd_work *work) +{ + return __ksmbd_override_fsids(work, work->tcon->share_conf); +} + void ksmbd_revert_fsids(struct ksmbd_work *work) { const struct cred *cred; diff --git a/fs/smb/server/smb_common.h b/fs/smb/server/smb_common.h index f1092519c0c28..4a3148b0167f5 100644 --- a/fs/smb/server/smb_common.h +++ b/fs/smb/server/smb_common.h @@ -447,6 +447,8 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command); int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp); +int __ksmbd_override_fsids(struct ksmbd_work *work, + struct ksmbd_share_config *share); int ksmbd_override_fsids(struct ksmbd_work *work); void ksmbd_revert_fsids(struct ksmbd_work *work); -- 2.43.0

8 months, 1 week

1
19
0 0

[PATCH AUTOSEL 6.11 01/16] drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit d92b90f9a54d9300a6e883258e79f36dab53bfae ] Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a "memcpy: detected field-spanning write error" warning: [ 13.319813] memcpy: detected field-spanning write (size 16896) of single field "p->data" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4) [ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo] [ 13.320038] Call Trace: [ 13.320173] hgsmi_update_pointer_shape [vboxvideo] [ 13.320184] vbox_cursor_atomic_update [vboxvideo] Note as mentioned in the added comment it seems the original length calculation for the allocated and send hgsmi buffer is 4 bytes too large. Changing this is not the goal of this patch, so this behavior is kept. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240827104523.17442-1-hdegoe… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/vboxvideo/hgsmi_base.c | 10 +++++++++- drivers/gpu/drm/vboxvideo/vboxvideo.h | 4 +--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/vboxvideo/hgsmi_base.c b/drivers/gpu/drm/vboxvideo/hgsmi_base.c index 8c041d7ce4f1b..87dccaecc3e57 100644 --- a/drivers/gpu/drm/vboxvideo/hgsmi_base.c +++ b/drivers/gpu/drm/vboxvideo/hgsmi_base.c @@ -139,7 +139,15 @@ int hgsmi_update_pointer_shape(struct gen_pool *ctx, u32 flags, flags |= VBOX_MOUSE_POINTER_VISIBLE; } - p = hgsmi_buffer_alloc(ctx, sizeof(*p) + pixel_len, HGSMI_CH_VBVA, + /* + * The 4 extra bytes come from switching struct vbva_mouse_pointer_shape + * from having a 4 bytes fixed array at the end to using a proper VLA + * at the end. These 4 extra bytes were not subtracted from sizeof(*p) + * before the switch to the VLA, so this way the behavior is unchanged. + * Chances are these 4 extra bytes are not necessary but they are kept + * to avoid regressions. + */ + p = hgsmi_buffer_alloc(ctx, sizeof(*p) + pixel_len + 4, HGSMI_CH_VBVA, VBVA_MOUSE_POINTER_SHAPE); if (!p) return -ENOMEM; diff --git a/drivers/gpu/drm/vboxvideo/vboxvideo.h b/drivers/gpu/drm/vboxvideo/vboxvideo.h index f60d82504da02..79ec8481de0e4 100644 --- a/drivers/gpu/drm/vboxvideo/vboxvideo.h +++ b/drivers/gpu/drm/vboxvideo/vboxvideo.h @@ -351,10 +351,8 @@ struct vbva_mouse_pointer_shape { * Bytes in the gap between the AND and the XOR mask are undefined. * XOR mask scanlines have no gap between them and size of XOR mask is: * xor_len = width * 4 * height. - * - * Preallocate 4 bytes for accessing actual data as p->data. */ - u8 data[4]; + u8 data[]; } __packed; /* pointer is visible */ -- 2.43.0

8 months, 1 week

1
15
0 0

[PATCH] ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc

by Krzysztof Kozlowski

Commit 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream alloc to soundcards") moved the allocation of Soundwire stream runtime from the Qualcomm Soundwire driver to each individual machine sound card driver, except that it forgot to update SC7280 card. Just like for other Qualcomm sound cards using Soundwire, the card driver should allocate and release the runtime. Otherwise sound playback will result in a NULL pointer dereference or other effect of uninitialized memory accesses (which was confirmed on SDM845 having similar issue). Cc: stable(a)vger.kernel.org Cc: Alexey Klimov <alexey.klimov(a)linaro.org> Cc: Steev Klimaszewski <steev(a)kali.org> Fixes: 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream alloc to soundcards") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Not tested on hardware. The sc7280 sound card differs a bit from the ones I am working on, thus please kindly test and confirm. Without the patch KASAN should show something similar to: https://lore.kernel.org/linux-sound/20241009213922.999355-1-alexey.klimov@l… The patch should fix it. --- sound/soc/qcom/sc7280.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sound/soc/qcom/sc7280.c b/sound/soc/qcom/sc7280.c index 207ac5da4dd4..230af8d7b205 100644 --- a/sound/soc/qcom/sc7280.c +++ b/sound/soc/qcom/sc7280.c @@ -23,6 +23,7 @@ #include "common.h" #include "lpass.h" #include "qdsp6/q6afe.h" +#include "sdw.h" #define DEFAULT_MCLK_RATE 19200000 #define RT5682_PLL_FREQ (48000 * 512) @@ -316,6 +317,7 @@ static void sc7280_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_card *card = rtd->card; struct sc7280_snd_data *data = snd_soc_card_get_drvdata(card); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); + struct sdw_stream_runtime *sruntime = data->sruntime[cpu_dai->id]; switch (cpu_dai->id) { case MI2S_PRIMARY: @@ -333,6 +335,9 @@ static void sc7280_snd_shutdown(struct snd_pcm_substream *substream) default: break; } + + data->sruntime[cpu_dai->id] = NULL; + sdw_release_stream(sruntime); } static int sc7280_snd_startup(struct snd_pcm_substream *substream) @@ -347,6 +352,8 @@ static int sc7280_snd_startup(struct snd_pcm_substream *substream) switch (cpu_dai->id) { case MI2S_PRIMARY: ret = sc7280_rt5682_init(rtd); + if (ret) + return ret; break; case SECONDARY_MI2S_RX: codec_dai_fmt |= SND_SOC_DAIFMT_NB_NF | SND_SOC_DAIFMT_I2S; @@ -360,7 +367,8 @@ static int sc7280_snd_startup(struct snd_pcm_substream *substream) default: break; } - return ret; + + return qcom_snd_sdw_startup(substream); } static const struct snd_soc_ops sc7280_ops = { -- 2.43.0

8 months, 1 week

3
2
0 0

[PATCH] drm/xe/xe_sync: initialise ufence.signalled

by Matthew Auld

We can incorrectly think that the fence has signalled, if we get a non-zero value here from the kmalloc, which is quite plausible. Just use kzalloc to prevent stuff like this. Fixes: 977e5b82e090 ("drm/xe: Expose user fence from xe_sync_entry") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Mika Kuoppala <mika.kuoppala(a)linux.intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ --- drivers/gpu/drm/xe/xe_sync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_sync.c b/drivers/gpu/drm/xe/xe_sync.c index bb3c2a830362..c6cf227ead40 100644 --- a/drivers/gpu/drm/xe/xe_sync.c +++ b/drivers/gpu/drm/xe/xe_sync.c @@ -58,7 +58,7 @@ static struct xe_user_fence *user_fence_create(struct xe_device *xe, u64 addr, if (!access_ok(ptr, sizeof(*ptr))) return ERR_PTR(-EFAULT); - ufence = kmalloc(sizeof(*ufence), GFP_KERNEL); + ufence = kzalloc(sizeof(*ufence), GFP_KERNEL); if (!ufence) return ERR_PTR(-ENOMEM); -- 2.46.2

8 months, 1 week

3
2
0 0

[PATCH 6.1.y] rust: macros: provide correct provenance when constructing THIS_MODULE

by Boqun Feng

commit a5a3c952e82c1ada12bf8c55b73af26f1a454bd2 upstream. Currently while defining `THIS_MODULE` symbol in `module!()`, the pointer used to construct `ThisModule` is derived from an immutable reference of `__this_module`, which means the pointer doesn't have the provenance for writing, and that means any write to that pointer is UB regardless of data races or not. However, the usage of `THIS_MODULE` includes passing this pointer to functions that may write to it (probably in unsafe code), and this will create soundness issues. One way to fix this is using `addr_of_mut!()` but that requires the unstable feature "const_mut_refs". So instead of `addr_of_mut()!`, an extern static `Opaque` is used here: since `Opaque<T>` is transparent to `T`, an extern static `Opaque` will just wrap the C symbol (defined in a C compile unit) in an `Opaque`, which provides a pointer with writable provenance via `Opaque::get()`. This fix the potential UBs because of pointer provenance unmatched. Reported-by: Alice Ryhl <aliceryhl(a)google.com> Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Reviewed-by: Trevor Gross <tmgross(a)umich.edu> Reviewed-by: Benno Lossin <benno.lossin(a)proton.me> Reviewed-by: Gary Guo <gary(a)garyguo.net> Closes: https://rust-for-linux.zulipchat.com/#narrow/stream/x/topic/x/near/465412664 Fixes: 1fbde52bde73 ("rust: add `macros` crate") Cc: stable(a)vger.kernel.org # 6.6.x: be2ca1e03965: ("rust: types: Make Opaque::get const") Link: https://lore.kernel.org/r/20240828180129.4046355-1-boqun.feng@gmail.com [ Fixed two typos, reworded title. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> [ Boqun: Use `UnsafeCell` since `Opaque` is not in v6.1, as suggested by Gary Guo, `UnsafeCell` also suffices for this particular case because `__this_module` is only used to create `THIS_MODULE`, no other Rust code will touch it. ] Signed-off-by: Boqun Feng <boqun.feng(a)gmail.com> --- Backports for 6.6+ are already done automatically, we have to do a special backport for 6.1 because of lacking an API. I've tested it on x86 with the rust_minimal module based on 6.1.112 rust/macros/module.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rust/macros/module.rs b/rust/macros/module.rs index 031028b3dc41..94a92ab82b6b 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -183,7 +183,11 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { // freed until the module is unloaded. #[cfg(MODULE)] static THIS_MODULE: kernel::ThisModule = unsafe {{ - kernel::ThisModule::from_ptr(&kernel::bindings::__this_module as *const _ as *mut _) + extern \"C\" {{ + static __this_module: core::cell::UnsafeCell<kernel::bindings::module>; + }} + + kernel::ThisModule::from_ptr(__this_module.get()) }}; #[cfg(not(MODULE))] static THIS_MODULE: kernel::ThisModule = unsafe {{ -- 2.45.2

8 months, 1 week

1
0
0 0

[PATCH v4 net 0/4] net: enetc: fix some issues of XDP

by Wei Fang

We found some bugs when testing the XDP function of enetc driver, and these bugs are easy to reproduce. This is not only causes XDP to not work, but also the network cannot be restored after exiting the XDP program. So the patch set is mainly to fix these bugs. For details, please see the commit message of each patch. --- v1 link: https://lore.kernel.org/bpf/20240919084104.661180-1-wei.fang@nxp.com/T/ v2 link: https://lore.kernel.org/netdev/20241008224806.2onzkt3gbslw5jxb@skbuf/T/ v3 link: https://lore.kernel.org/imx/20241009090327.146461-1-wei.fang@nxp.com/T/ --- Wei Fang (4): net: enetc: remove xdp_drops statistic from enetc_xdp_drop() net: enetc: block concurrent XDP transmissions during ring reconfiguration net: enetc: disable Tx BD rings after they are empty net: enetc: disable NAPI after all rings are disabled drivers/net/ethernet/freescale/enetc/enetc.c | 56 +++++++++++++++----- drivers/net/ethernet/freescale/enetc/enetc.h | 1 + 2 files changed, 44 insertions(+), 13 deletions(-) -- 2.34.1

8 months, 1 week

3
8
0 0

[PATCH 5.15.y 5.10.y 5.4.y] RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt

by Sherry Yang

From: Bob Pearson <rpearsonhpe(a)gmail.com> [ Upstream commit 2b23b6097303ed0ba5f4bc036a1c07b6027af5c6 ] In rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the resp_pkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb is dereferenced to bump a 'hw' performance counter. This is wrong because if the completer task is already running in a separate thread it may have already processed the skb and freed it which can cause a seg fault. This has been observed infrequently in testing at high scale. This patch fixes this by changing the order of enqueuing the packet until after the counter is accessed. Link: https://lore.kernel.org/r/20240329145513.35381-4-rpearsonhpe@gmail.com Signed-off-by: Bob Pearson <rpearsonhpe(a)gmail.com> Fixes: 0b1e5b99a48b ("IB/rxe: Add port protocol stats") Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Sherry: bp to fix CVE-2024-38544. Fix conflict due to missing commit: dccb23f6c312 ("RDMA/rxe: Split rxe_run_task() into two subroutines") which is not necessary to backport] Signed-off-by: Sherry Yang <sherry.yang(a)oracle.com> --- drivers/infiniband/sw/rxe/rxe_comp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/sw/rxe/rxe_comp.c b/drivers/infiniband/sw/rxe/rxe_comp.c index 48a3864ada29..250494306932 100644 --- a/drivers/infiniband/sw/rxe/rxe_comp.c +++ b/drivers/infiniband/sw/rxe/rxe_comp.c @@ -124,12 +124,12 @@ void rxe_comp_queue_pkt(struct rxe_qp *qp, struct sk_buff *skb) { int must_sched; - skb_queue_tail(&qp->resp_pkts, skb); - - must_sched = skb_queue_len(&qp->resp_pkts) > 1; + must_sched = skb_queue_len(&qp->resp_pkts) > 0; if (must_sched != 0) rxe_counter_inc(SKB_TO_PKT(skb)->rxe, RXE_CNT_COMPLETER_SCHED); + skb_queue_tail(&qp->resp_pkts, skb); + rxe_run_task(&qp->comp.task, must_sched); } -- 2.46.0

8 months, 1 week

1
0
0 0

[PATCH 5.15.y] platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

by Sherry Yang

From: Hans de Goede <hdegoede(a)redhat.com> commit f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 upstream. The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array is big enough. Not all panasonic laptops have this many SINF array entries, for example the Toughbook CF-18 model only has 10 SINF array entries. So it only supports the AC+DC brightness entries and mute. Check that the SINF array has a minimum size which covers all AC+DC brightness entries and refuse to load if the SINF array is smaller. For higher SINF indexes hide the sysfs attributes when the SINF array does not contain an entry for that attribute, avoiding show()/store() accessing the array out of bounds and add bounds checking to the probe() and resume() code accessing these. Fixes: e424fb8cc4e6 ("panasonic-laptop: avoid overflow in acpi_pcc_hotkey_add()") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240909113227.254470-1-hdegoede@redhat.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Sherry: clean cherry-pick backport, fix CVE-2024-46859] Signed-off-by: Sherry Yang <sherry.yang(a)oracle.com> --- drivers/platform/x86/panasonic-laptop.c | 49 ++++++++++++++++++++----- 1 file changed, 39 insertions(+), 10 deletions(-) diff --git a/drivers/platform/x86/panasonic-laptop.c b/drivers/platform/x86/panasonic-laptop.c index 7ca49b3fc6c2..b06382dcecf7 100644 --- a/drivers/platform/x86/panasonic-laptop.c +++ b/drivers/platform/x86/panasonic-laptop.c @@ -773,6 +773,24 @@ static DEVICE_ATTR_RW(dc_brightness); static DEVICE_ATTR_RW(current_brightness); static DEVICE_ATTR_RW(cdpower); +static umode_t pcc_sysfs_is_visible(struct kobject *kobj, struct attribute *attr, int idx) +{ + struct device *dev = kobj_to_dev(kobj); + struct acpi_device *acpi = to_acpi_device(dev); + struct pcc_acpi *pcc = acpi_driver_data(acpi); + + if (attr == &dev_attr_mute.attr) + return (pcc->num_sifr > SINF_MUTE) ? attr->mode : 0; + + if (attr == &dev_attr_eco_mode.attr) + return (pcc->num_sifr > SINF_ECO_MODE) ? attr->mode : 0; + + if (attr == &dev_attr_current_brightness.attr) + return (pcc->num_sifr > SINF_CUR_BRIGHT) ? attr->mode : 0; + + return attr->mode; +} + static struct attribute *pcc_sysfs_entries[] = { &dev_attr_numbatt.attr, &dev_attr_lcdtype.attr, @@ -787,8 +805,9 @@ static struct attribute *pcc_sysfs_entries[] = { }; static const struct attribute_group pcc_attr_group = { - .name = NULL, /* put in device directory */ - .attrs = pcc_sysfs_entries, + .name = NULL, /* put in device directory */ + .attrs = pcc_sysfs_entries, + .is_visible = pcc_sysfs_is_visible, }; @@ -941,12 +960,15 @@ static int acpi_pcc_hotkey_resume(struct device *dev) if (!pcc) return -EINVAL; - acpi_pcc_write_sset(pcc, SINF_MUTE, pcc->mute); - acpi_pcc_write_sset(pcc, SINF_ECO_MODE, pcc->eco_mode); + if (pcc->num_sifr > SINF_MUTE) + acpi_pcc_write_sset(pcc, SINF_MUTE, pcc->mute); + if (pcc->num_sifr > SINF_ECO_MODE) + acpi_pcc_write_sset(pcc, SINF_ECO_MODE, pcc->eco_mode); acpi_pcc_write_sset(pcc, SINF_STICKY_KEY, pcc->sticky_key); acpi_pcc_write_sset(pcc, SINF_AC_CUR_BRIGHT, pcc->ac_brightness); acpi_pcc_write_sset(pcc, SINF_DC_CUR_BRIGHT, pcc->dc_brightness); - acpi_pcc_write_sset(pcc, SINF_CUR_BRIGHT, pcc->current_brightness); + if (pcc->num_sifr > SINF_CUR_BRIGHT) + acpi_pcc_write_sset(pcc, SINF_CUR_BRIGHT, pcc->current_brightness); return 0; } @@ -963,8 +985,12 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) num_sifr = acpi_pcc_get_sqty(device); - if (num_sifr < 0 || num_sifr > 255) { - pr_err("num_sifr out of range"); + /* + * pcc->sinf is expected to at least have the AC+DC brightness entries. + * Accesses to higher SINF entries are checked against num_sifr. + */ + if (num_sifr <= SINF_DC_CUR_BRIGHT || num_sifr > 255) { + pr_err("num_sifr %d out of range %d - 255\n", num_sifr, SINF_DC_CUR_BRIGHT + 1); return -ENODEV; } @@ -1016,11 +1042,14 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) acpi_pcc_write_sset(pcc, SINF_STICKY_KEY, 0); pcc->sticky_key = 0; - pcc->eco_mode = pcc->sinf[SINF_ECO_MODE]; - pcc->mute = pcc->sinf[SINF_MUTE]; pcc->ac_brightness = pcc->sinf[SINF_AC_CUR_BRIGHT]; pcc->dc_brightness = pcc->sinf[SINF_DC_CUR_BRIGHT]; - pcc->current_brightness = pcc->sinf[SINF_CUR_BRIGHT]; + if (pcc->num_sifr > SINF_MUTE) + pcc->mute = pcc->sinf[SINF_MUTE]; + if (pcc->num_sifr > SINF_ECO_MODE) + pcc->eco_mode = pcc->sinf[SINF_ECO_MODE]; + if (pcc->num_sifr > SINF_CUR_BRIGHT) + pcc->current_brightness = pcc->sinf[SINF_CUR_BRIGHT]; /* add sysfs attributes */ result = sysfs_create_group(&device->dev.kobj, &pcc_attr_group); -- 2.46.0

8 months, 1 week

2
2
0 0

[PATCH 1/1] nfsd: fix race between laundromat and free_stateid

by Olga Kornievskaia

There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread finds that delegation has expired and needs to be revoked so it marks the delegation stid revoked and it puts it on a reaper list but then it unlock the state lock and the actual delegation revocation happens without the lock. Once the stid is marked revoked a racing free_stateid processing thread does the following (1) it calls list_del_init() which removes it from the reaper list and (2) frees the delegation stid structure. The laundromat thread ends up not calling the revoke_delegation() function for this particular delegation but that means it will no release the lock lease that exists on the file. Now, a new open for this file comes in and ends up finding that lease list isn't empty and calls nfsd_breaker_owns_lease() which ends up trying to derefence a freed delegation stateid. Leading to the followint use-after-free KASAN warning: kernel: ================================================================== kernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd] kernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205 kernel: kernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9 kernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024 kernel: Call trace: kernel: dump_backtrace+0x98/0x120 kernel: show_stack+0x1c/0x30 kernel: dump_stack_lvl+0x80/0xe8 kernel: print_address_description.constprop.0+0x84/0x390 kernel: print_report+0xa4/0x268 kernel: kasan_report+0xb4/0xf8 kernel: __asan_report_load8_noabort+0x1c/0x28 kernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd] kernel: leases_conflict+0x68/0x370 kernel: __break_lease+0x204/0xc38 kernel: nfsd_open_break_lease+0x8c/0xf0 [nfsd] kernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd] kernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd] kernel: nfs4_get_vfs_file+0x634/0x958 [nfsd] kernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd] kernel: nfsd4_open+0xa08/0xe80 [nfsd] kernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd] kernel: nfsd_dispatch+0x22c/0x718 [nfsd] kernel: svc_process_common+0x8e8/0x1960 [sunrpc] kernel: svc_process+0x3d4/0x7e0 [sunrpc] kernel: svc_handle_xprt+0x828/0xe10 [sunrpc] kernel: svc_recv+0x2cc/0x6a8 [sunrpc] kernel: nfsd+0x270/0x400 [nfsd] kernel: kthread+0x288/0x310 kernel: ret_from_fork+0x10/0x20 Proposing to have laundromat thread hold the state_lock over both marking thru revoking the delegation as well as making free_stateid acquire state_lock before accessing the list. Making sure that revoke_delegation() (ie kernel_setlease(unlock)) is called for every delegation that was revoked and added to the reaper list. CC: stable(a)vger.kernel.org Signed-off-by: Olga Kornievskaia <okorniev(a)redhat.com> --- I can't figure out the Fixes: tag. Laundromat's behaviour has been like that forever. But the free_stateid bits wont apply before the 1e3577a4521e ("SUNRPC: discard sv_refcnt, and svc_get/svc_put"). But we used that fixes tag already with a previous fix for a different problem. --- fs/nfsd/nfs4state.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 9c2b1d251ab3..c97907d7fb38 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -6605,13 +6605,13 @@ nfs4_laundromat(struct nfsd_net *nn) unhash_delegation_locked(dp, SC_STATUS_REVOKED); list_add(&dp->dl_recall_lru, &reaplist); } - spin_unlock(&state_lock); while (!list_empty(&reaplist)) { dp = list_first_entry(&reaplist, struct nfs4_delegation, dl_recall_lru); list_del_init(&dp->dl_recall_lru); revoke_delegation(dp); } + spin_unlock(&state_lock); spin_lock(&nn->client_lock); while (!list_empty(&nn->close_lru)) { @@ -7213,7 +7213,9 @@ nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, if (s->sc_status & SC_STATUS_REVOKED) { spin_unlock(&s->sc_lock); dp = delegstateid(s); + spin_lock(&state_lock); list_del_init(&dp->dl_recall_lru); + spin_unlock(&state_lock); spin_unlock(&cl->cl_lock); nfs4_put_stid(s); ret = nfs_ok; -- 2.43.5

8 months, 1 week

5
10
0 0

[PATCH RFC v2] mm: Enforce the stack gap when changing inaccessible VMAs

by Jann Horn

As explained in the comment block this change adds, we can't tell what userspace's intent is when the stack grows towards an inaccessible VMA. We should ensure that, as long as code is compiled with something like -fstack-check, a stack overflow in this code can never cause the main stack to overflow into adjacent heap memory - so the bottom of a stack should never be directly adjacent to an accessible VMA. As suggested by Lorenzo, enforce this by blocking attempts to: - make an inaccessible VMA accessible with mprotect() when it is too close to a stack - replace an inaccessible VMA with another VMA using MAP_FIXED when it is too close to a stack I have a (highly contrived) C testcase for 32-bit x86 userspace with glibc that mixes malloc(), pthread creation, and recursion in just the right way such that the main stack overflows into malloc() arena memory, see the linked list post. I don't know of any specific scenario where this is actually exploitable, but it seems like it could be a security problem for sufficiently unlucky userspace. Link: https://lore.kernel.org/r/CAG48ez2v=r9-37JADA5DgnZdMLCjcbVxAjLt5eH5uoBohRdq… Suggested-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Fixes: 561b5e0709e4 ("mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> --- This is an attempt at the alternate fix approach suggested by Lorenzo. This turned into more code than I would prefer to have for a scenario like this... Also, the way the gap is enforced in my patch for MAP_FIXED_NOREPLACE is a bit ugly. In the existing code, __get_unmapped_area() normally already enforces the stack gap even when it is called with a hint; but when MAP_FIXED_NOREPLACE is used, we kinda lie to __get_unmapped_area() and tell it we'll do a MAP_FIXED mapping (introduced in commit a4ff8e8620d3f when MAP_FIXED_NOREPLACE was created), then afterwards manually reject overlapping mappings. So I ended up also doing the gap check separately for MAP_FIXED_NOREPLACE. The following test program exercises scenarios that could lead to the stack becoming directly adjacent to another accessible VMA, and passes with this patch applied: <<< int main(void) { setbuf(stdout, NULL); char *ptr = (char*)( (unsigned long)(STACK_POINTER() - (1024*1024*4)/*4MiB*/) & ~0xfffUL ); if (mmap(ptr, 0x1000, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0) != ptr) err(1, "mmap distant-from-stack"); *(volatile char *)(ptr + 0x1000); /* expand stack */ system("echo;cat /proc/$PPID/maps;echo"); /* test transforming PROT_NONE mapping adjacent to stack */ if (mprotect(ptr, 0x1000, PROT_READ|PROT_WRITE|PROT_EXEC) == 0) errx(1, "mprotect adjacent to stack allowed"); if (mmap(ptr, 0x1000, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED, -1, 0) != MAP_FAILED) errx(1, "MAP_FIXED adjacent to stack allowed"); if (munmap(ptr, 0x1000)) err(1, "munmap failed???"); /* test creating new mapping adjacent to stack */ if (mmap(ptr, 0x1000, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0) != MAP_FAILED) errx(1, "MAP_FIXED_NOREPLACE adjacent to stack allowed"); if (mmap(ptr, 0x1000, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0) == ptr) errx(1, "mmap hint adjacent to stack accepted"); printf("all tests passed\n"); } >>> --- Changes in v2: - Entirely new approach (suggested by Lorenzo) - Link to v1: https://lore.kernel.org/r/20241008-stack-gap-inaccessible-v1-1-848d4d891f21… --- include/linux/mm.h | 1 + mm/mmap.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ mm/mprotect.c | 6 +++++ 3 files changed, 72 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index ecf63d2b0582..ecd4afc304ca 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -3520,6 +3520,7 @@ unsigned long change_prot_numa(struct vm_area_struct *vma, struct vm_area_struct *find_extend_vma_locked(struct mm_struct *, unsigned long addr); +bool overlaps_stack_gap(struct mm_struct *mm, unsigned long addr, unsigned long len); int remap_pfn_range(struct vm_area_struct *, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t); int remap_pfn_range_notrack(struct vm_area_struct *vma, unsigned long addr, diff --git a/mm/mmap.c b/mm/mmap.c index dd4b35a25aeb..937361be3c48 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -359,6 +359,20 @@ unsigned long do_mmap(struct file *file, unsigned long addr, return -EEXIST; } + /* + * This does two things: + * + * 1. Disallow MAP_FIXED replacing a PROT_NONE VMA adjacent to a stack + * with an accessible VMA. + * 2. Disallow MAP_FIXED_NOREPLACE creating a new accessible VMA + * adjacent to a stack. + */ + if ((flags & (MAP_FIXED_NOREPLACE | MAP_FIXED)) && + (prot & (PROT_READ | PROT_WRITE | PROT_EXEC)) && + !(vm_flags & (VM_GROWSUP|VM_GROWSDOWN)) && + overlaps_stack_gap(mm, addr, len)) + return (flags & MAP_FIXED) ? -ENOMEM : -EEXIST; + if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; @@ -1341,6 +1355,57 @@ struct vm_area_struct *expand_stack(struct mm_struct *mm, unsigned long addr) return vma; } +/* + * Does the specified VA range overlap the stack gap of a preceding or following + * stack VMA? + * Overlapping stack VMAs are ignored - so if someone deliberately creates a + * MAP_FIXED mapping in the middle of a stack or such, we let that go through. + * + * This is needed partly because userspace's intent when making PROT_NONE + * mappings is unclear; there are two different reasons for creating PROT_NONE + * mappings: + * + * A) Userspace wants to create its own guard mapping, for example for stacks. + * According to + * <https://lore.kernel.org/all/1499126133.2707.20.camel@decadent.org.uk/T/>, + * some Rust/Java programs do this with the main stack. + * Enforcing the kernel's stack gap between these userspace guard mappings and + * the main stack breaks stuff. + * + * B) Userspace wants to reserve some virtual address space for later mappings. + * This is done by memory allocators. + * In this case, we want to enforce a stack gap between the mapping and the + * stack. + * + * Because we can't tell these cases apart when a PROT_NONE mapping is created, + * we instead enforce the stack gap when a PROT_NONE mapping is made accessible + * (using mprotect()) or replaced with an accessible one (using MAP_FIXED). + */ +bool overlaps_stack_gap(struct mm_struct *mm, unsigned long addr, unsigned long len) +{ + + struct vm_area_struct *vma, *prev_vma; + + /* step 1: search for a non-overlapping following stack VMA */ + vma = find_vma(mm, addr+len); + if (vma && vma->vm_start >= addr+len) { + /* is it too close? */ + if (vma->vm_start - (addr+len) < stack_guard_start_gap(vma)) + return true; + } + + /* step 2: search for a non-overlapping preceding stack VMA */ + if (!IS_ENABLED(CONFIG_STACK_GROWSUP)) + return false; + vma = find_vma_prev(mm, addr, &prev_vma); + /* don't handle cases where the VA start overlaps a VMA */ + if (vma && vma->vm_start < addr) + return false; + if (!prev_vma || !(prev_vma->vm_flags & VM_GROWSUP)) + return false; + return addr - prev_vma->vm_end < stack_guard_gap; +} + /* do_munmap() - Wrapper function for non-maple tree aware do_munmap() calls. * @mm: The mm_struct * @start: The start address to munmap diff --git a/mm/mprotect.c b/mm/mprotect.c index 0c5d6d06107d..2300e2eff956 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -772,6 +772,12 @@ static int do_mprotect_pkey(unsigned long start, size_t len, } } + error = -ENOMEM; + if ((prot & (PROT_READ | PROT_WRITE | PROT_EXEC)) && + !(vma->vm_flags & (VM_GROWSUP|VM_GROWSDOWN)) && + overlaps_stack_gap(current->mm, start, end - start)) + goto out; + prev = vma_prev(&vmi); if (start > vma->vm_start) prev = vma; --- base-commit: 8cf0b93919e13d1e8d4466eb4080a4c4d9d66d7b change-id: 20241008-stack-gap-inaccessible-c7319f7d4b1b -- Jann Horn <jannh(a)google.com>

8 months, 1 week

2
3
0 0

[PATCH v2] x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load

by John Allen

A problem was introduced with commit f69759be251d ("x86/CPU/AMD: Move Zenbleed check to the Zen2 init function") where a bit in the DE_CFG MSR is getting set after a microcode late load. The problem seems to be that the microcode late load path calls into amd_check_microcode() and subsequently zen2_zenbleed_check(). Since the patch removes the cpu_has_amd_erratum() check from zen2_zenbleed_check(), this will cause all non-Zen2 CPUs to go through the function and set the bit in the DE_CFG MSR. Call into the zenbleed fix path on Zen2 CPUs only. Fixes: f69759be251d ("x86/CPU/AMD: Move Zenbleed check to the Zen2 init function") Cc: <stable(a)vger.kernel.org> Acked-by: Borislav Petkov (AMD) <bp(a)alien8.de> Signed-off-by: John Allen <john.allen(a)amd.com> --- v2: - Clean up commit description --- arch/x86/kernel/cpu/amd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 015971adadfc..368344e1394b 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -1202,5 +1202,6 @@ void amd_check_microcode(void) if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD) return; - on_each_cpu(zenbleed_check_cpu, NULL, 1); + if (boot_cpu_has(X86_FEATURE_ZEN2)) + on_each_cpu(zenbleed_check_cpu, NULL, 1); } -- 2.34.1

8 months, 1 week

2
1
0 0

[PATCH] pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func()

by Harshit Mogalapalli

'new_map' is allocated using devm_* which takes care of freeing the allocated data on device removal, call to .dt_free_map = pinconf_generic_dt_free_map double frees the map as pinconf_generic_dt_free_map() calls pinctrl_utils_free_map(). Fix this by using kcalloc() instead of auto-managed devm_kcalloc(). Cc: stable(a)vger.kernel.org Fixes: f805e356313b ("pinctrl: nuvoton: Add ma35d1 pinctrl and GPIO driver") Reported-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- This is based on static analysis and reading code, only compile tested. Added the stable tag as the commit in Fixes is also in 6.11.y --- drivers/pinctrl/nuvoton/pinctrl-ma35.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pinctrl/nuvoton/pinctrl-ma35.c b/drivers/pinctrl/nuvoton/pinctrl-ma35.c index 1fa00a23534a..59c4e7c6cdde 100644 --- a/drivers/pinctrl/nuvoton/pinctrl-ma35.c +++ b/drivers/pinctrl/nuvoton/pinctrl-ma35.c @@ -218,7 +218,7 @@ static int ma35_pinctrl_dt_node_to_map_func(struct pinctrl_dev *pctldev, } map_num += grp->npins; - new_map = devm_kcalloc(pctldev->dev, map_num, sizeof(*new_map), GFP_KERNEL); + new_map = kcalloc(map_num, sizeof(*new_map), GFP_KERNEL); if (!new_map) return -ENOMEM; -- 2.39.3

8 months, 1 week

2
1
0 0

Add commit "59c34008d3bd x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h" to stable kernel 6.11.y

by Gong, Richard

Hi, The following commit is to make amd_pmc and amd_pmf drivers work properly on AMD family 1Ah model 60h processors, 59c34008d3bd x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h Please add this commit to stable kernel 6.11.y. Thanks! Regards, Richard

8 months, 1 week

1
0
0 0

[PATCH v3] xhci: tegra: fix checked USB2 port number

by Henry Lin

If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. The USB2 port number owned by an USB2 root hub in a Virtual Function may be less than total USB2 phy number supported by the Tegra XUSB controller. Using total USB2 phy number as port number to check all PORTSC values would cause invalid memory access. [ 116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f ... [ 117.213640] Call trace: [ 117.216783] tegra_xusb_enter_elpg+0x23c/0x658 [ 117.222021] tegra_xusb_runtime_suspend+0x40/0x68 [ 117.227260] pm_generic_runtime_suspend+0x30/0x50 [ 117.232847] __rpm_callback+0x84/0x3c0 [ 117.237038] rpm_suspend+0x2dc/0x740 [ 117.241229] pm_runtime_work+0xa0/0xb8 [ 117.245769] process_scheduled_works+0x24c/0x478 [ 117.251007] worker_thread+0x23c/0x328 [ 117.255547] kthread+0x104/0x1b0 [ 117.259389] ret_from_fork+0x10/0x20 [ 117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100) Cc: <stable(a)vger.kernel.org> # v6.3+ Fixes: a30951d31b25 ("xhci: tegra: USB2 pad power controls") Signed-off-by: Henry Lin <henryl(a)nvidia.com> --- drivers/usb/host/xhci-tegra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-tegra.c b/drivers/usb/host/xhci-tegra.c index 6246d5ad1468..76f228e7443c 100644 --- a/drivers/usb/host/xhci-tegra.c +++ b/drivers/usb/host/xhci-tegra.c @@ -2183,7 +2183,7 @@ static int tegra_xusb_enter_elpg(struct tegra_xusb *tegra, bool runtime) goto out; } - for (i = 0; i < tegra->num_usb_phys; i++) { + for (i = 0; i < xhci->usb2_rhub.num_ports; i++) { if (!xhci->usb2_rhub.ports[i]) continue; portsc = readl(xhci->usb2_rhub.ports[i]->addr); -- 2.25.1

8 months, 1 week

2
1
0 0

[PATCH] arm64: dts: rockchip: Prevent thermal runaways in RK3308 SoC dtsi

by Dragan Simic

Until the TSADC, thermal zones, thermal trips and cooling maps are defined in the RK3308 SoC dtsi, none of the CPU OPPs except the slowest one may be enabled under any circumstances. Allowing the DVFS to scale the CPU cores up without even just the critical CPU thermal trip in place can rather easily result in thermal runaways and damaged SoCs, which is bad. Thus, leave only the lowest available CPU OPP enabled for now. Fixes: 6913c45239fd ("arm64: dts: rockchip: Add core dts for RK3308 SOC") Cc: stable(a)vger.kernel.org Signed-off-by: Dragan Simic <dsimic(a)manjaro.org> --- arch/arm64/boot/dts/rockchip/rk3308.dtsi | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/boot/dts/rockchip/rk3308.dtsi b/arch/arm64/boot/dts/rockchip/rk3308.dtsi index 31c25de2d689..a7698e1f6b9e 100644 --- a/arch/arm64/boot/dts/rockchip/rk3308.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3308.dtsi @@ -120,16 +120,19 @@ opp-600000000 { opp-hz = /bits/ 64 <600000000>; opp-microvolt = <950000 950000 1340000>; clock-latency-ns = <40000>; + status = "disabled"; }; opp-816000000 { opp-hz = /bits/ 64 <816000000>; opp-microvolt = <1025000 1025000 1340000>; clock-latency-ns = <40000>; + status = "disabled"; }; opp-1008000000 { opp-hz = /bits/ 64 <1008000000>; opp-microvolt = <1125000 1125000 1340000>; clock-latency-ns = <40000>; + status = "disabled"; }; };

8 months, 1 week

5
8
0 0

[PATCH 6.10 000/482] 6.10.14-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.14 release. There are 482 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Oct 2024 11:55:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.14-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.14-rc1 Alex Hung <alex.hung(a)amd.com> drm/amd/display: enable_hpo_dp_link_output: Check link_res->hpo_dp_link_enc before using it Namhyung Kim <namhyung(a)kernel.org> perf report: Fix segfault when 'sym' sort key is not used Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Revert Avoid overflow assignment Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx* - Select CRYPTO_AUTHENC Takashi Iwai <tiwai(a)suse.de> ALSA: control: Fix leftover snd_power_unref() Haoran Zhang <wh1sper(a)zju.edu.cn> vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() David Howells <dhowells(a)redhat.com> rxrpc: Fix a race between socket set up and I/O thread creation Christian König <christian.koenig(a)amd.com> drm/sched: revert "Always increment correct scheduler score" Jonathan Gray <jsg(a)jsg.id.au> Revert "drm/amd/display: Skip Recompute DSC Params if no Stream on Link" Val Packett <val(a)packett.cool> drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Fix possible crash when unregistering a battery hook Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Simplify battery hook locking Heiner Kallweit <hkallweit1(a)gmail.com> r8169: add tally counter fields added with RTL8125 Colin Ian King <colin.i.king(a)gmail.com> r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Fix waiting time for BMP3xx configuration Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Fix regmap for BMP280 device Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Use BME prefix for BME280 specifics Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Improve indentation and line wrapping Udit Kumar <u-kumar1(a)ti.com> remoteproc: k3-r5: Delay notification of wakeup event Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Acquire mailbox handle during probe routine Long Li <longli(a)microsoft.com> RDMA/mana_ib: use the correct page table index based on hardware page size Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Add support for page sizes other than 4KB on ARM64 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Limit the number of concurrent async COPY operations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Async COPY result needs to return a write verifier NeilBrown <neilb(a)suse.de> sunrpc: change sp_nrthreads from atomic_t to unsigned int. Johannes Weiner <hannes(a)cmpxchg.org> sched: psi: fix bogus pressure spikes from aggregation race Matthew Auld <matthew.auld(a)intel.com> drm/xe: fix UAF around queue destruction Matthew Brost <matthew.brost(a)intel.com> drm/xe: Delete unused GuC submission_state.suspend Andrii Nakryiko <andrii(a)kernel.org> lib/buildid: harden build ID parsing logic Alexey Dobriyan <adobriyan(a)gmail.com> build-id: require program headers to be right after ELF header Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` Yosry Ahmed <yosryahmed(a)google.com> mm: z3fold: deprecate CONFIG_Z3FOLD Oleg Nesterov <oleg(a)redhat.com> uprobes: fix kernel info leak via "[uprobes]" vma Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround once more Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-N3 definitions Masahiro Yamada <masahiroy(a)kernel.org> kconfig: qconf: fix buffer overflow in debug links Uwe Kleine-König <ukleinek(a)debian.org> cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix system hang while resume with TBT monitor Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Add HDR workaround for specific eDP Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Always increment correct scheduler score Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Add locking to drm_sched_entity_modify_sched Rob Clark <robdclark(a)chromium.org> drm/sched: Fix dynamic job-flow control race Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Don't declare a queue blocked if deferred operations are pending Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Don't add write fences to the shared BOs Jani Nikula <jani.nikula(a)intel.com> drm/i915/gem: fix bitwise and logical AND mixup Al Viro <viro(a)zeniv.linux.org.uk> close_range(): fix the logics in descriptor table trimming Thomas Zimmermann <tzimmermann(a)suse.de> firmware/sysfb: Disable sysfb for firmware buffers with unknown parent Eder Zulian <ezulian(a)redhat.com> rtla: Fix the help text in osnoise and timerlat top tools Wei Li <liwei391(a)huawei.com> tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline Wei Li <liwei391(a)huawei.com> tracing/timerlat: Fix a race during cpuhp processing Wei Li <liwei391(a)huawei.com> tracing/timerlat: Drop interface_lock in stop_kthread() Wei Li <liwei391(a)huawei.com> tracing/hwlat: Fix a race during cpuhp processing Patrick Donnelly <pdonnell(a)redhat.com> ceph: fix cap ref leak via netfs init_request Jens Axboe <axboe(a)kernel.dk> io_uring/net: harden multishot termination case for recv Jiawei Ye <jiawei.ye(a)foxmail.com> mac802154: Fix potential RCU dereference issue in mac802154_scan_worker Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Jiawen Wu <jiawenwu(a)trustnetic.com> net: pcs: xpcs: fix the wrong register that was written back Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: davinci: fix lazy disable Miquel Sabaté Solà <mikisabate(a)gmail.com> cpufreq: Avoid a bad reference count on CPU node Filipe Manana <fdmanana(a)suse.com> btrfs: wait for fixup workers before stopping cleaner kthread during umount Filipe Manana <fdmanana(a)suse.com> btrfs: send: fix invalid clone operation for file that got its size decreased Josef Bacik <josef(a)toxicpanda.com> btrfs: drop the backref cache during relocation if we commit Qu Wenruo <wqu(a)suse.com> btrfs: fix a NULL pointer dereference when failed to start a new trasacntion Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Loosen the Asus E1404GAB DMI match to also cover the E1404GA Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Remove duplicate Asus E1504GAB IRQ override Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add backlight=native quirk for Dell OptiPlex 5480 AIO Baokun Li <libaokun1(a)huawei.com> cachefiles: fix dentry leak in cachefiles_open_file() Nuno Sa <nuno.sa(a)analog.com> Input: adp5589-keys - fix adp5589_gpio_get_value() Nuno Sa <nuno.sa(a)analog.com> Input: adp5589-keys - fix NULL pointer dereference Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rtc: at91sam9: fix OF node leak in probe() error path KhaiWenTan <khai.wen.tan(a)linux.intel.com> net: stmmac: Fix zero-division error when disabling tc cbs Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fallback to realpath if symlink's pathname does not exist Willem de Bruijn <willemb(a)google.com> gso: fix udp gso fraglist segmentation after pull from frag_list Felix Fietkau <nbd(a)nbd.name> net: gso: fix tcp fraglist segmentation after pull from frag_list Willem de Bruijn <willemb(a)google.com> vrf: revert "vrf: Remove unnecessary RCU-bh critical section" Barnabás Czémán <barnabas.czeman(a)mainlining.org> iio: magnetometer: ak8975: Fix reading for ak099xx sensors Steve French <stfrench(a)microsoft.com> smb3: fix incorrect mode displayed for read-only files wangrong <wangrong(a)uniontech.com> smb: client: use actual path when queryfs Ajit Pandey <quic_ajipan(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix ordering of pm_runtime_enable Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sc8180x: Add GPLL9 support Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Remove use_count guard in stop_streaming Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable() Zheng Wang <zyytlz.wz(a)163.com> media: venus: fix use after free bug in venus_remove due to race condition Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src David Virag <virag.david003(a)gmail.com> clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix Mike Tipton <quic_mdtipton(a)quicinc.com> clk: qcom: clk-rpmh: Fix overflow in BCM vote Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable() Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: sun4i_csi: Implement link validate for sun4i_csi subdev Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: videobuf2: Drop minimum allocation requirement of 2 buffers Jan Kiszka <jan.kiszka(a)siemens.com> remoteproc: k3-r5: Fix error handling when power-up failed Sebastian Reichel <sebastian.reichel(a)collabora.com> clk: rockchip: fix error for unknown clocks Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: ov5675: Fix power on/off delay timings Umang Jain <umang.jain(a)ideasonboard.com> media: imx335: Fix reset-gpio handling Chun-Yi Lee <joeyli.kernel(a)gmail.com> aoe: fix the potential use-after-free problem in more places Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix kernel stack size when KASAN is enabled Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Align errno for unsupported perf event Long Li <longli(a)microsoft.com> RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page Thomas Weißschuh <linux(a)weissschuh.net> sysctl: avoid spurious permanent empty tables Kaixin Wang <kxwang23(a)m.fudan.edu.cn> i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix NFSv4's PUTPUBFH operation Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: map the EBADMSG to nfserr_io to avoid warning NeilBrown <neilb(a)suse.de> nfsd: fix delegation_blocked() to block correctly for at least 30 seconds Matt Fleming <matt(a)readmodwrite.com> perf hist: Update hist symbol when updating maps Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Disable -Wno-cast-function-type-mismatch if present on clang Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix memory leak in exfat_load_bitmap() Jisheng Zhang <jszhang(a)kernel.org> riscv: define ILLEGAL_POINTER_VALUE for 64bit Youssef Esmat <youssefesmat(a)google.com> sched/core: Clear prev->dl_server in CFS pick fast path Joel Fernandes (Google) <joel(a)joelfernandes.org> sched/core: Add clearing of ->dl_server in put_prev_task_balance() Daniel Bristot de Oliveira <bristot(a)kernel.org> sched/deadline: Comment sched_dl_entity::dl_server variable Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 Mark Rutland <mark.rutland(a)arm.com> arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> scripts/gdb: fix lx-mounts command error Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> scripts/gdb: add iteration function for rbtree Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> scripts/gdb: fix timerlist parsing issue Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Julian Sun <sunjunchao2870(a)gmail.com> ocfs2: fix null-ptr-deref when journal load failed. Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: remove unreasonable unlock in ocfs2_read_blocks Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: cancel dqi_sync_work before freeing oinfo Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> ocfs2: reserve space for inline xattr before attaching reflink tree Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: fix uninit-value in ocfs2_get_block() Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix the la space leak when unmounting an ocfs2 volume Danilo Krummrich <dakr(a)kernel.org> mm: krealloc: consider spare memory for __GFP_ZERO Kemeng Shi <shikemeng(a)huaweicloud.com> jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit Baokun Li <libaokun1(a)huawei.com> jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error Huang Ying <ying.huang(a)intel.com> resource: fix region_intersects() vs add_memory_driver_managed() Ma Ke <make24(a)iscas.ac.cn> drm: omapdrm: Add missing check for alloc_ordered_workqueue Andrew Jones <ajones(a)ventanamicro.com> of/irq: Support #msi-cells=<0> in of_msi_get_domain Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Report error on resource bounds overflow Val Packett <val(a)packett.cool> drm/rockchip: vop: clear DMA stop bit on RK3066 Helge Deller <deller(a)gmx.de> parisc: Fix stack start for ADDR_NO_RANDOMIZE personality Helge Deller <deller(a)kernel.org> parisc: Allow mmap(MAP_STACK) memory to automatically expand upwards Helge Deller <deller(a)kernel.org> parisc: Fix 64-bit userspace syscall path Baokun Li <libaokun1(a)huawei.com> ext4: fix off by one issue in alloc_flex_gd() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: mark fc as ineligible using an handle in ext4_xattr_set() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: use handle to mark fc as ineligible in __track_dentry_update() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix fast commit inode enqueueing during a full journal commit Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() Baokun Li <libaokun1(a)huawei.com> ext4: update orig_path in ext4_find_extent() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix access to uninitialised lock in fc replay path Xiaxi Shen <shenxiaxi26(a)gmail.com> ext4: fix timer use-after-free on failed mount Baokun Li <libaokun1(a)huawei.com> ext4: fix double brelse() the buffer of the extents path Baokun Li <libaokun1(a)huawei.com> ext4: aovid use-after-free in ext4_ext_insert_extent() Baokun Li <libaokun1(a)huawei.com> ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() Zhihao Cheng <chengzhihao1(a)huawei.com> ext4: dax: fix overflowing extents beyond inode size when partially writing Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() Baokun Li <libaokun1(a)huawei.com> ext4: propagate errors from ext4_find_extent() in ext4_insert_range() Baokun Li <libaokun1(a)huawei.com> ext4: fix slab-use-after-free in ext4_split_extent_at() yao.ly <yao.ly(a)linux.alibaba.com> ext4: correct encrypted dentry name hash when not casefolded Edward Adam Davis <eadavis(a)qq.com> ext4: no need to continue when the number of entries is 1 Abhishek Tamboli <abhishektamboli9(a)gmail.com> ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 Nikolai Afanasenkov <nikolai.afanasenkov(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 Hans P. Moller <hmoller(a)uc.cl> ALSA: line6: add hw monitor volume control to POD HD500X Jan Lalinsky <lalinsky(a)c4.cz> ALSA: usb-audio: Add native DSD support for Luxman D-08u Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET Jaroslav Kysela <perex(a)perex.cz> ALSA: core: add isascii() check to card ID generator Baojun Xu <baojun.xu(a)ti.com> ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop Thomas Zimmermann <tzimmermann(a)suse.de> drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS Javier Carrasco <javier.carrasco.cruz(a)gmail.com> drm/mediatek: ovl_adaptor: Add missing of_node_put() Helge Deller <deller(a)gmx.de> parisc: Fix itlb miss handler for 64-bit programs Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/v3d: Prevent out of bounds access in performance query extensions Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix small negative period being ignored Peng Fan <peng.fan(a)nxp.com> mm, slub: avoid zeroing kmalloc redzone Hans de Goede <hdegoede(a)redhat.com> power: supply: hwmon: Fix missing temp1_max_alarm attribute Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcm63xx: Fix missing pm_runtime_disable() Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcm63xx: Fix module autoloading David Virag <virag.david003(a)gmail.com> dt-bindings: clock: exynos7885: Fix duplicated binding Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> memory: tegra186-emc: drop unused to_tegra186_emc() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() Mike Baynton <mike(a)mbaynton.com> ovl: fail if trusted xattrs are needed but caller lacks permission Alice Ryhl <aliceryhl(a)google.com> rust: sync: require `T: Sync` for `LockedBy::access` Ard Biesheuvel <ardb(a)kernel.org> i2c: synquacer: Deal with optional PCLK correctly Kimriver Liu <kimriver.liu(a)siengine.com> i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled Jinjie Ruan <ruanjinjie(a)huawei.com> i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled Heiner Kallweit <hkallweit1(a)gmail.com> i2c: core: Lock address during client device instantiation Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: ar0521: Use cansleep version of gpiod_set_value() Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Wait for TX empty to avoid missed TX NAKs Jinjie Ruan <ruanjinjie(a)huawei.com> i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() Marek Vasut <marex(a)denx.de> i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume Marc Zyngier <maz(a)kernel.org> KVM: arm64: Fix kvm_has_feat*() handling of negative features Zach Wade <zachwade.k(a)gmail.com> platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors Takashi Iwai <tiwai(a)suse.de> Revert "ALSA: hda: Conditionally use snooping for AMD HDMI" Daeho Jeong <daehojeong(a)google.com> f2fs: forcibly migrate to secure space for zoned device file pinning Daeho Jeong <daehojeong(a)google.com> f2fs: do FG_GC when GC boosting is required for zoned devices Daeho Jeong <daehojeong(a)google.com> f2fs: increase BG GC migration window granularity when boosted for zoned devices Daeho Jeong <daehojeong(a)google.com> f2fs: introduce migration_window_granularity Daeho Jeong <daehojeong(a)google.com> f2fs: make BG GC more aggressive for zoned devices Heiko Carstens <hca(a)linux.ibm.com> selftests: vDSO: fix vdso_config for s390 Jens Remus <jremus(a)linux.ibm.com> selftests: vDSO: fix ELF hash table entry size for s390x Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Fix VDSO data access when running in a non-root time namespace Chao Yu <chao(a)kernel.org> f2fs: fix to don't panic system for no free segment fault injection Liao Yuanhong <liaoyuanhong(a)vivo.com> f2fs: add write priority option based on zone UFS Arnd Bergmann <arnd(a)arndb.de> nvme-tcp: fix link failure for TCP auth David Hildenbrand <david(a)redhat.com> selftests/mm: fix charge_reserved_hugetlb.sh test Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vDSO symbols lookup for powerpc64 Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vdso_config for powerpc Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vDSO name for powerpc Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Fix memory leak on xe_alloc_pf_queue failure Matthew Auld <matthew.auld(a)intel.com> drm/xe: fixup xe_alloc_pf_queue Namhyung Kim <namhyung(a)kernel.org> perf: Really fix event_function_call() locking Ian Rogers <irogers(a)google.com> perf callchain: Fix stitch LBR memory leaks Takashi Iwai <tiwai(a)suse.de> ALSA: control: Fix power_ref lock order for compat code, too Biju Das <biju.das.jz(a)bp.renesas.com> spi: rpc-if: Add missing MODULE_DEVICE_TABLE Alexander F. Lent <lx(a)xanderlent.com> accel/ivpu: Add missing MODULE_FIRMWARE metadata Yifei Liu <yifei.l.liu(a)oracle.com> selftests: breakpoints: use remaining time to check if suspend succeed Alessandro Zanni <alessandro.zanni87(a)gmail.com> kselftest/devices/probe: Fix SyntaxWarning in regex strings for Python3 Ben Dooks <ben.dooks(a)codethink.co.uk> spi: s3c64xx: fix timeout counters in flush_fifo Yun Lu <luyun(a)kylinos.cn> selftest: hid: add missing run-hid-tools-tests.sh Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-cadence: Fix missing spi_controller_is_target() check Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-cadence: Fix pm_runtime_set_suspended() with runtime pm enabled Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled Ben Cheatham <Benjamin.Cheatham(a)amd.com> EINJ, CXL: Fix CXL device SBDF calculation Yonghong Song <yonghong.song(a)linux.dev> bpf: Fix a sdiv overflow issue Kuan-Wei Chiu <visitorckw(a)gmail.com> bpftool: Fix undefined behavior in qsort(NULL, 0, ...) Christoph Hellwig <hch(a)lst.de> iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release Kuan-Wei Chiu <visitorckw(a)gmail.com> bpftool: Fix undefined behavior caused by shifting into the sign bit Artem Sadovnikov <ancowi69(a)gmail.com> ext4: fix i_data_sem unlock order in ext4_ind_migrate() Baokun Li <libaokun1(a)huawei.com> ext4: avoid use-after-free in ext4_ext_show_leaf() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: ext4_search_dir should return a proper error Juntong Deng <juntong.deng(a)outlook.com> bpf: Make the pointer returned by iter next method valid Jan Kara <jack(a)suse.cz> ext4: don't set SB_RDONLY after filesystem errors Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Adjust Xiaomi Pad 2 bottom bezel touch buttons LED Luiz Capitulino <luizcap(a)redhat.com> platform/mellanox: mlxbf-pmc: fix lockdep warning Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add refcnt to ksmbd_conn struct Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: i2c-hid: ensure various commands do not interfere with each other Zhu Jun <zhujun2(a)cmss.chinamobile.com> tools/hv: Add memory allocation check in hv_fcopy_start Gergo Koteles <soyer(a)irl.hu> platform/x86: lenovo-ymc: Ignore the 0x0 state Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx10: use rlc safe mode for soft recovery Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: use rlc safe mode for soft recovery Amir Goldstein <amir73il(a)gmail.com> ovl: fsync after metadata copy-up Haren Myneni <haren(a)linux.ibm.com> powerpc/pseries: Use correct data types from pseries_hp_errorlog struct Geert Uytterhoeven <geert+renesas(a)glider.be> of/irq: Refer to actual buffer size in of_irq_parse_one() Matthew Brost <matthew.brost(a)intel.com> drm/xe: Drop warn on xe_guc_pc_gucrc_disable in guc pc fini Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdkfd: Check int source id for utcl2 poison event Tim Huang <tim.huang(a)amd.com> drm/amd/pm: ensure the fw_info is not null before using it Stuart Summers <stuart.summers(a)intel.com> drm/xe: Use topology to determine page fault queue size Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: enter safe mode before touching CP_INT_CNTL Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: use rlc safe mode for soft recovery Victor Skvortsov <victor.skvortsov(a)amd.com> drm/amdgpu: Block MMR_READ IOCTL in reset Geert Uytterhoeven <geert+renesas(a)glider.be> drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() Finn Thain <fthain(a)linux-m68k.org> scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers Peter Zijlstra <peterz(a)infradead.org> perf: Fix event_function_call() locking Tim Huang <tim.huang(a)amd.com> drm/amdgpu: fix unchecked return value warning for amdgpu_atombios Tim Huang <tim.huang(a)amd.com> drm/amdgpu: fix unchecked return value warning for amdgpu_gfx Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update PRLO handling in direct attached topology Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths Kees Cook <kees(a)kernel.org> scsi: aacraid: Rearrange order of struct aac_srb_unit Andrii Nakryiko <andrii(a)kernel.org> perf,x86: avoid missing caller address in stack traces captured in uprobe Matthew Brost <matthew.brost(a)intel.com> drm/printer: Allow NULL data in devcoredump printer Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize get_bytes_per_element's default to 1 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Avoid overflow assignment in link_dp_cts Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: properly handle error ints on all pipes Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in DCN30 color transformation Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in degamma hardware format translation Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check link_res->hpo_dp_link_enc before using it Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check stream before comparing them Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check phantom_stream before it is used Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null-initialized variables Yannick Fertre <yannick.fertre(a)foss.st.com> drm/stm: ltdc: reset plane transparency after plane disable aln8 <aln8un(a)gmail.com> platform/x86/amd: pmf: Add quirk for TUF Gaming A14 Ckath <ckath(a)yandex.ru> platform/x86: touchscreen_dmi: add nanote-next quirk Vishnu Sankar <vishnuocv(a)gmail.com> HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio Jesse Zhang <jesse.zhang(a)amd.com> drm/amdkfd: Fix resource leak in criu restore queue Peng Liu <liupeng01(a)kylinos.cn> drm/amdgpu: enable gfxoff quirk on HP 705G4 Peng Liu <liupeng01(a)kylinos.cn> drm/amdgpu: add raven1 gfxoff quirk Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> jfs: Fix uninit-value access of new_ea in ea_buffer Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs David Strahan <David.Strahan(a)microchip.com> scsi: smartpqi: add new controller PCI IDs Mahesh Rajashekhara <mahesh.rajashekhara(a)microchip.com> scsi: smartpqi: correct stream detection Edward Adam Davis <eadavis(a)qq.com> jfs: check if leafidx greater than num leaves per dmap tree Edward Adam Davis <eadavis(a)qq.com> jfs: Fix uaf in dbFreeBits Remington Brasga <rbrasga(a)uci.edu> jfs: UBSAN: shift-out-of-bounds in dbFindBits Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: add list empty check to avoid null pointer issue Tim Huang <tim.huang(a)amd.com> drm/amd/display: fix double free issue during amdgpu module unload Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointers before using dc->clk_mgr Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' Hans de Goede <hdegoede(a)redhat.com> HID: Ignore battery for all ELAN I2C-HID devices David Strahan <David.Strahan(a)microchip.com> scsi: smartpqi: Add new controller PCI IDs Damien Le Moal <dlemoal(a)kernel.org> ata: sata_sil: Rename sil_blacklist to sil_quirks Damien Le Moal <dlemoal(a)kernel.org> ata: pata_serverworks: Do not use the term blacklist Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream Suraj Kandpal <suraj.kandpal(a)intel.com> drm/xe/hdcp: Check GSC structure validity Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointers before using them Alex Hung <alex.hung(a)amd.com> drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags Katya Orlova <e.orlova(a)ispras.ru> drm/stm: Avoid use-after-free issues with crtc and plane Michal Koutný <mkoutny(a)suse.com> cgroup: Disallow mounting v1 hierarchies without controller implementation Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Do not use devm for the cd table allocations Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Unconditionally flush device TLB for pasid table updates Sanjay K Kumar <sanjay.k.kumar(a)intel.com> iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Always reserve a domain ID for identity setup Mostafa Saleh <smostafa(a)google.com> iommu/arm-smmu-v3: Match Stall behaviour for S2 Andrew Davis <afd(a)ti.com> power: reset: brcmstb: Do not go into infinite loop if reset fails Paul E. McKenney <paulmck(a)kernel.org> rcuscale: Provide clear error when async specified without primitives Ulf Hansson <ulf.hansson(a)linaro.org> pmdomain: core: Don't hold the genpd-lock when calling dev_pm_domain_set() Kaixin Wang <kxwang23(a)m.fudan.edu.cn> fbdev: pxafb: Fix possible use after free in pxafb_task() Thomas Weißschuh <linux(a)weissschuh.net> fbdev: efifb: Register sysfs groups through driver core Denis Pauk <pauk.denis(a)gmail.com> hwmon: (nct6775) add G15CF to ASUS WMI monitoring list Zqiang <qiang.zhang1211(a)gmail.com> rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb() Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: boards: always check the result of acpi_dev_get_first_match_dev() Kees Cook <kees(a)kernel.org> x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() Thomas Weißschuh <linux(a)weissschuh.net> selftests/nolibc: avoid passing NULL to printf("%s") Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: powerpc: limit stack-protector workaround to GCC Takashi Iwai <tiwai(a)suse.de> ALSA: hdsp: Break infinite MIDI input flush loop Takashi Iwai <tiwai(a)suse.de> ALSA: asihpi: Fix potential OOB array access Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Tao Liu <ltao(a)redhat.com> x86/kexec: Add EFI config table identity mapping for kexec kernel Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> x86/pkeys: Restore altstack access in sigreturn() Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> x86/pkeys: Add PKRU as a parameter in signal handling functions Ahmed S. Darwish <darwi(a)linutronix.de> tools/x86/kcpuid: Protect against faulty "max subleaf" values Takashi Iwai <tiwai(a)suse.de> ALSA: control: Take power_ref lock primarily Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa883x: Handle reading version failure Joshua Pius <joshuapius(a)chromium.org> ALSA: usb-audio: Add logitech Audio profile quirk Asahi Lina <lina(a)asahilina.net> ALSA: usb-audio: Add mixer quirk for RME Digiface USB Cyan Nyan <cyan.vtb(a)gmail.com> ALSA: usb-audio: Add quirk for RME Digiface USB Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Replace complex quirk lines with macros Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Define macros for quirk table entries Karol Kosik <k.kosik(a)outlook.com> ALSA: usb-audio: Support multiple control interfaces Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Remove logical destination mode for 64-bit Thomas Gleixner <tglx(a)linutronix.de> x86/ioapic: Handle allocation failures gracefully Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add input value sanity checks for standard types Jinjie Ruan <ruanjinjie(a)huawei.com> nfp: Use IRQF_NO_AUTOEN flag in request_irq() David Howells <dhowells(a)redhat.com> netfs: Cancel dirty folios that have no storage destination Gustavo A. R. Silva <gustavoars(a)kernel.org> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation Yang Shen <shenyang39(a)huawei.com> crypto: hisilicon - fix missed error branch Joe Damato <jdamato(a)fastly.com> net: napi: Prevent overflow of napi_defer_hard_irqs David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix handling when SRSO mitigation is disabled Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bugs: Add missing NO_SSB flag Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: avoid reading out of bounds when loading TX power FW elements Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: phy: Check for read errors in SIOCGMIIREG Fares Mehanna <faresx(a)amazon.de> arm64: trans_pgd: mark PTEs entries as valid to avoid dead kexec() Alexey Dobriyan <adobriyan(a)gmail.com> block: fix integer overflow in BLKSECDISCARD Joe Damato <jdamato(a)fastly.com> netdev-genl: Set extack and fix error on napi-get Stefan Mätje <stefan.maetje(a)esd.eu> can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode James Clark <james.clark(a)linaro.org> drivers/perf: arm_spe: Use perf_allow_kernel() for permissions Adrian Ratiu <adrian.ratiu(a)collabora.com> proc: add config & param to block forcing mem writes Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> ACPICA: iasl: handle empty connection_node Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix RCU list iterations Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: avoid NULL pointer dereference Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: allow only CN mcc from WRDD Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: use correct key iteration Jason Xing <kernelxing(a)tencent.com> tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process Breno Leitao <leitao(a)debian.org> netpoll: Ensure clean state on setup failures Herbert Xu <herbert(a)gondor.apana.org.au> crypto: simd - Do not call crypto_alloc_tfm during registration Simon Horman <horms(a)kernel.org> net: atlantic: Avoid warning about potential string truncation Hannes Reinecke <hare(a)kernel.org> nvme-tcp: check for invalidated or revoked key Hannes Reinecke <hare(a)kernel.org> nvme-tcp: sanitize TLS key handling Hannes Reinecke <hare(a)kernel.org> nvme-keyring: restrict match length for version '1' identifiers Ido Schimmel <idosch(a)nvidia.com> ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: correct base HT rate mask for firmware Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). Simon Horman <horms(a)kernel.org> bnxt_en: Extend maximum length of version string by 1 byte Simon Horman <horms(a)kernel.org> net: mvpp2: Increase size of queue_name buffer Simon Horman <horms(a)kernel.org> tipc: guard against string buffer overrun Pei Xiao <xiaopei01(a)kylinos.cn> ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: EC: Do not release locks during operation region accesses Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw88: select WANT_DEV_COREDUMP Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath11k: fix array out-of-bound access in SoC stats Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: fix array out-of-bound access in SoC stats Konstantin Ovsepian <ovs(a)ovs.to> blk_iocost: fix more out of bound shifts Mario Limonciello <mario.limonciello(a)amd.com> ACPI: CPPC: Add support for setting EPP register in FFH Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btrtl: Set msft ext address filter quirk for RTL8852B Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: consistently use rcu_replace_pointer() in taprio_change() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Vivobook Go E1404GAB Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: avoid failing the system during pm_suspend Li Zhijian <lizhijian(a)fujitsu.com> fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_field() fails Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails Seiji Nishikawa <snishika(a)redhat.com> ACPI: PAD: fix crash in exit_round_robin() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_mdio: fix OF node leak in probe() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hip04: fix OF node leak in probe() Jeongjun Park <aha310510(a)gmail.com> net/xen-netback: prevent UAF in xenvif_flush_hash() Issam Hamdi <ih(a)simonwunderlich.de> wifi: cfg80211: Set correct chandef when starting CAC Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: drop wrong STA selection in TX Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Fix a race in scan abort flow Aleksandr Mishin <amishin(a)t-argos.ru> ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx2 - Fix authenc setkey Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx - Fix authenc setkey Fangrui Song <maskray(a)google.com> crypto: x86/sha256 - Add parentheses around macros' single arguments Toke Høiland-Jørgensen <toke(a)redhat.com> wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: avoid to add interface to list twice when SER Dmitry Kandybka <d.kandybka(a)gmail.com> wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ALSA: gus: Fix some error handling paths related to get_bpos() usage Ben Hutchings <benh(a)debian.org> tools/rtla: Fix installation from out-of-tree build Pali Rohár <pali(a)kernel.org> cifs: Do not convert delimiter when parsing NFS-style symlinks Pali Rohár <pali(a)kernel.org> cifs: Fix buffer overflow when parsing NFS reparse points Zhanjun Dong <zhanjun.dong(a)intel.com> drm/xe: Prevent null pointer access in xe_migrate_copy Matthew Brost <matthew.brost(a)intel.com> drm/xe: Resume TDR after GT reset Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Restore pci state upon resume Hui Wang <hui.wang(a)canonical.com> ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Lock the VM resv before calling drm_gpuvm_bo_obtain_prealloc() Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create reparse call Oder Chiou <oder_chiou(a)realtek.com> ALSA: hda/realtek: Fix the push button function for the ALC257 Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ALSA: mixer_oss: Remove some incorrect kfree_const() usages Guixin Liu <kanie(a)linux.alibaba.com> io_uring: fix memory leak when cache init fail Andrei Simion <andrei.simion(a)microchip.com> ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized Steven Price <steven.price(a)arm.com> drm/panthor: Fix race when converting group handle to group object Christoph Hellwig <hch(a)lst.de> loop: don't set QUEUE_FLAG_NOMERGES Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Try re-initialization on bus busy timeout Marc Ferland <marc.ferland(a)sonatest.com> i2c: xiic: improve error message when transfer fails to start Jeff Xu <jeffxu(a)chromium.org> selftest mm/mseal: fix test_seal_mremap_move_dontunmap_anyaddr Xin Long <lucien.xin(a)gmail.com> sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start Ravikanth Tuniki <ravikanth.tuniki(a)amd.com> dt-bindings: net: xlnx,axi-ethernet: Add missing reg minItems Darrick J. Wong <djwong(a)kernel.org> iomap: constrain the file range passed to iomap_file_unshare Eddie James <eajames(a)linux.ibm.com> net/ncsi: Disable the ncsi work before freeing the associated structure Ido Schimmel <idosch(a)nvidia.com> bridge: mcast: Fail MDB get request on empty entry Eric Dumazet <edumazet(a)google.com> ppp: do not assume bh is held in ppp_channel_bridge_input() Eric Dumazet <edumazet(a)google.com> net: test for not too small csum_start in virtio_net_hdr_to_skb() Anton Danilov <littlesmilingcloud(a)gmail.com> ipv4: ip_gre: Fix drops of small packets in ipgre_xmit Shenwei Wang <shenwei.wang(a)nxp.com> net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check Eric Dumazet <edumazet(a)google.com> net: add more sanity checks to qdisc_pkt_len_init() Eric Dumazet <edumazet(a)google.com> net: avoid potential underflow in qdisc_pkt_len_init() with UFO Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Reload PTP registers after link-state change Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Restart PPS after link state change Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix memory disclosure Daniel Borkmann <daniel(a)iogearbox.net> net: Fix gso_features_check to check for both dev->gso_{ipv4_,}max_size Daniel Borkmann <daniel(a)iogearbox.net> net: Add netif_get_gro_max_size helper for GRO Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: improve shutdown sequence David Howells <dhowells(a)redhat.com> afs: Fix the setting of the server responding flag David Howells <dhowells(a)redhat.com> afs: Fix missing wire-up of afs_retry_request() Jinjie Ruan <ruanjinjie(a)huawei.com> Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix uaf in l2cap_connect Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix possible crash on mgmt_index_removed zhang jiao <zhangjiao2(a)cmss.chinamobile.com> selftests: netfilter: Add missing return value Eric Dumazet <edumazet(a)google.com> netfilter: nf_tables: prevent nf_skb_duplicated corruption Phil Sutter <phil(a)nwl.cc> selftests: netfilter: Fix nft_audit.sh for newer nft binaries Jinjie Ruan <ruanjinjie(a)huawei.com> net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable() Jinjie Ruan <ruanjinjie(a)huawei.com> net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() Phil Sutter <phil(a)nwl.cc> netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice Elena Salomatkina <esalomatkina(a)ispras.ru> net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Mohamed Khalfella <mkhalfella(a)purestorage.com> net/mlx5: Added cond_resched() to crdump collection Gerd Bayer <gbayer(a)linux.ibm.com> net/mlx5: Fix error path in multi-packet WQE transmit Aakash Menon <aakash.r.menon(a)gmail.com> net: sparx5: Fix invalid timestamps Jinjie Ruan <ruanjinjie(a)huawei.com> ieee802154: Fix build error Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dp: Fix colorimetry detection Xiubo Li <xiubli(a)redhat.com> ceph: remove the incorrect Fw reference check when dirtying pages Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ceph: fix a memory leak on cap_auths in MDS client Stefan Wahren <wahrenst(a)gmx.net> mailbox: bcm2835: Fix timeout during suspend mode Liao Chen <liaochen4(a)huawei.com> mailbox: rockchip: fix a typo in module autoloading Geert Uytterhoeven <geert+renesas(a)glider.be> mailbox: ARM_MHU_V3 should depend on ARM64 Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> drm/amd/display: handle nulled pipe context in DCE110's set_drr() Asad Kamal <asad.kamal(a)amd.com> drm/amdgpu: Fix get each xcp macro Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix AUX IO power enabling for eDP PSR Daniel Wagner <dwagner(a)suse.de> scsi: pm8001: Do not overwrite PCI queue mapping Rafael Rocha <rrochavi(a)fnal.gov> scsi: st: Fix input/output error on empty drive reset Peter Zijlstra <peterz(a)infradead.org> jump_label: Fix static_key_slow_dec() yet again Thomas Gleixner <tglx(a)linutronix.de> jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() Thomas Gleixner <tglx(a)linutronix.de> static_call: Replace pointless WARN_ON() in static_call_module_notify() Thomas Gleixner <tglx(a)linutronix.de> static_call: Handle module init failure correctly in static_call_del_module() ------------- Diffstat: Documentation/ABI/testing/sysfs-fs-f2fs | 22 + Documentation/admin-guide/kernel-parameters.txt | 10 + Documentation/arch/arm64/silicon-errata.rst | 6 + .../devicetree/bindings/net/xlnx,axi-ethernet.yaml | 3 +- .../networking/net_cachelines/net_device.rst | 2 +- Makefile | 4 +- arch/arm/crypto/aes-ce-glue.c | 2 +- arch/arm/crypto/aes-neonbs-glue.c | 2 +- arch/arm64/Kconfig | 7 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/kvm_host.h | 25 +- arch/arm64/kernel/cpu_errata.c | 3 + arch/arm64/mm/trans_pgd.c | 6 +- arch/loongarch/configs/loongson3_defconfig | 1 - arch/parisc/include/asm/mman.h | 14 + arch/parisc/kernel/entry.S | 6 +- arch/parisc/kernel/syscall.S | 14 +- arch/powerpc/configs/ppc64_defconfig | 1 - arch/powerpc/include/asm/vdso_datapage.h | 15 + arch/powerpc/kernel/asm-offsets.c | 2 + arch/powerpc/kernel/vdso/cacheflush.S | 2 +- arch/powerpc/kernel/vdso/datapage.S | 4 +- arch/powerpc/platforms/pseries/dlpar.c | 17 - arch/powerpc/platforms/pseries/hotplug-cpu.c | 2 +- arch/powerpc/platforms/pseries/hotplug-memory.c | 16 +- arch/powerpc/platforms/pseries/pmem.c | 2 +- arch/riscv/Kconfig | 8 +- arch/riscv/include/asm/thread_info.h | 7 +- arch/x86/crypto/sha256-avx2-asm.S | 16 +- arch/x86/events/core.c | 63 + arch/x86/include/asm/apic.h | 8 - arch/x86/include/asm/fpu/signal.h | 2 +- arch/x86/include/asm/syscall.h | 7 +- arch/x86/kernel/apic/apic_flat_64.c | 119 +- arch/x86/kernel/apic/io_apic.c | 46 +- arch/x86/kernel/cpu/bugs.c | 14 +- arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kernel/fpu/signal.c | 6 +- arch/x86/kernel/machine_kexec_64.c | 27 + arch/x86/kernel/signal.c | 3 +- arch/x86/kernel/signal_64.c | 6 +- arch/x86/mm/ident_map.c | 23 +- block/blk-iocost.c | 8 +- block/ioctl.c | 9 +- crypto/simd.c | 76 +- drivers/accel/ivpu/ivpu_fw.c | 4 + drivers/acpi/acpi_pad.c | 6 +- drivers/acpi/acpica/dbconvert.c | 2 + drivers/acpi/acpica/exprep.c | 3 + drivers/acpi/acpica/psargs.c | 47 + drivers/acpi/apei/einj-cxl.c | 2 +- drivers/acpi/battery.c | 28 +- drivers/acpi/cppc_acpi.c | 10 +- drivers/acpi/ec.c | 55 +- drivers/acpi/resource.c | 22 +- drivers/acpi/video_detect.c | 17 + drivers/ata/pata_serverworks.c | 16 +- drivers/ata/sata_sil.c | 12 +- drivers/block/aoe/aoecmd.c | 13 +- drivers/block/loop.c | 15 +- drivers/bluetooth/btmrvl_sdio.c | 3 +- drivers/bluetooth/btrtl.c | 1 + drivers/bluetooth/btusb.c | 2 + drivers/clk/qcom/clk-alpha-pll.c | 2 +- drivers/clk/qcom/clk-rpmh.c | 2 + drivers/clk/qcom/dispcc-sm8250.c | 3 + drivers/clk/qcom/gcc-sc8180x.c | 88 +- drivers/clk/qcom/gcc-sm8250.c | 6 +- drivers/clk/qcom/gcc-sm8450.c | 4 +- drivers/clk/rockchip/clk.c | 3 +- drivers/clk/samsung/clk-exynos7885.c | 2 +- drivers/cpufreq/intel_pstate.c | 16 +- drivers/crypto/hisilicon/sgl.c | 14 +- drivers/crypto/marvell/Kconfig | 2 + drivers/crypto/marvell/octeontx/otx_cptvf_algs.c | 265 +-- drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c | 256 +- drivers/firmware/sysfb.c | 4 +- drivers/firmware/tegra/bpmp.c | 6 - drivers/gpio/gpio-davinci.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 10 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 35 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 45 +- drivers/gpu/drm/amd/amdgpu/amdgpu_xcp.h | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 50 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 50 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 4 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 18 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 5 +- drivers/gpu/drm/amd/amdkfd/soc15_int.h | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 31 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 4 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 3 - .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 +- drivers/gpu/drm/amd/display/dc/dc_types.h | 1 + .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 2 + .../gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c | 4 + .../dc/dml/dcn20/display_rq_dlg_calc_20v2.c | 2 +- .../display/dc/dml/dcn21/display_rq_dlg_calc_21.c | 2 +- .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 7 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c | 1 - .../amd/display/dc/dml2/dml2_translation_helper.c | 20 +- .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 19 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 3 +- .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 7 +- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 11 +- .../amd/display/dc/link/hwss/link_hwss_hpo_dp.c | 12 + drivers/gpu/drm/amd/display/dc/link/link_factory.c | 2 +- .../amd/display/dc/resource/dcn20/dcn20_resource.c | 3 +- .../display/dc/resource/dcn201/dcn201_resource.c | 4 +- .../amd/display/dc/resource/dcn21/dcn21_resource.c | 3 +- .../amd/display/dc/resource/dcn32/dcn32_resource.c | 7 +- .../drm/amd/pm/powerplay/hwmgr/processpptables.c | 2 + drivers/gpu/drm/drm_atomic_uapi.c | 2 +- drivers/gpu/drm/drm_print.c | 13 +- drivers/gpu/drm/i915/display/intel_ddi.c | 2 +- drivers/gpu/drm/i915/display/intel_dp.c | 9 +- drivers/gpu/drm/i915/display/intel_psr.c | 19 + drivers/gpu/drm/i915/display/intel_psr.h | 2 + drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 2 +- drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 4 +- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 1 + drivers/gpu/drm/msm/msm_gpu.c | 1 - drivers/gpu/drm/omapdrm/omap_drv.c | 5 + drivers/gpu/drm/panthor/panthor_mmu.c | 8 + drivers/gpu/drm/panthor/panthor_sched.c | 36 +- drivers/gpu/drm/radeon/r100.c | 70 +- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 + drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 1 + drivers/gpu/drm/rockchip/rockchip_vop_reg.c | 2 + drivers/gpu/drm/scheduler/sched_entity.c | 14 +- drivers/gpu/drm/scheduler/sched_main.c | 7 +- drivers/gpu/drm/stm/drv.c | 3 +- drivers/gpu/drm/stm/ltdc.c | 76 +- drivers/gpu/drm/v3d/v3d_submit.c | 6 + drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 8 +- drivers/gpu/drm/xe/xe_bo.c | 4 +- drivers/gpu/drm/xe/xe_device.c | 6 +- drivers/gpu/drm/xe/xe_device_types.h | 3 + drivers/gpu/drm/xe/xe_gpu_scheduler.c | 5 + drivers/gpu/drm/xe/xe_gpu_scheduler.h | 2 + drivers/gpu/drm/xe/xe_gt_pagefault.c | 55 +- drivers/gpu/drm/xe/xe_gt_types.h | 9 +- drivers/gpu/drm/xe/xe_guc_pc.c | 2 +- drivers/gpu/drm/xe/xe_guc_submit.c | 29 +- drivers/gpu/drm/xe/xe_guc_types.h | 11 +- drivers/gpu/drm/xe/xe_pci.c | 2 + drivers/hid/hid-ids.h | 17 +- drivers/hid/hid-input.c | 37 +- drivers/hid/hid-multitouch.c | 6 + drivers/hid/i2c-hid/i2c-hid-core.c | 42 +- drivers/hwmon/nct6775-platform.c | 1 + drivers/i2c/busses/i2c-designware-common.c | 14 + drivers/i2c/busses/i2c-designware-core.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 38 + drivers/i2c/busses/i2c-qcom-geni.c | 4 +- drivers/i2c/busses/i2c-stm32f7.c | 6 +- drivers/i2c/busses/i2c-synquacer.c | 5 +- drivers/i2c/busses/i2c-xiic.c | 69 +- drivers/i2c/i2c-core-base.c | 28 + drivers/i3c/master/svc-i3c-master.c | 1 + drivers/iio/magnetometer/ak8975.c | 32 +- drivers/iio/pressure/bmp280-core.c | 150 +- drivers/iio/pressure/bmp280-regmap.c | 47 +- drivers/iio/pressure/bmp280-spi.c | 4 +- drivers/iio/pressure/bmp280.h | 46 +- drivers/infiniband/hw/mana/main.c | 8 +- drivers/input/keyboard/adp5589-keys.c | 22 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 37 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 + drivers/iommu/intel/dmar.c | 16 +- drivers/iommu/intel/iommu.c | 6 +- drivers/iommu/intel/pasid.c | 12 +- drivers/mailbox/Kconfig | 1 + drivers/mailbox/bcm2835-mailbox.c | 3 +- drivers/mailbox/rockchip-mailbox.c | 2 +- drivers/media/common/videobuf2/videobuf2-core.c | 7 - drivers/media/i2c/ar0521.c | 5 +- drivers/media/i2c/imx335.c | 9 +- drivers/media/i2c/ov5675.c | 12 +- drivers/media/platform/qcom/camss/camss-video.c | 6 - drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/platform/qcom/venus/core.c | 1 + drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 + drivers/memory/tegra/tegra186-emc.c | 5 - drivers/net/can/dev/netlink.c | 102 +- .../net/ethernet/aquantia/atlantic/aq_ethtool.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 +- drivers/net/ethernet/freescale/fec.h | 9 + drivers/net/ethernet/freescale/fec_main.c | 11 +- drivers/net/ethernet/freescale/fec_ptp.c | 50 + drivers/net/ethernet/hisilicon/hip04_eth.c | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 1 + drivers/net/ethernet/hisilicon/hns_mdio.c | 1 + drivers/net/ethernet/intel/e1000e/netdev.c | 19 +- drivers/net/ethernet/intel/ice/ice_sched.c | 6 +- drivers/net/ethernet/lantiq_etop.c | 4 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 + .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 1 - .../net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 10 + .../net/ethernet/microchip/sparx5/sparx5_packet.c | 6 +- drivers/net/ethernet/microsoft/Kconfig | 2 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 10 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 14 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 8 +- drivers/net/ethernet/microsoft/mana/shm_channel.c | 13 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 31 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 18 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 1 + drivers/net/ieee802154/Kconfig | 1 + drivers/net/ieee802154/mcr20a.c | 5 +- drivers/net/pcs/pcs-xpcs-wx.c | 2 +- drivers/net/phy/phy.c | 17 +- drivers/net/ppp/ppp_generic.c | 4 +- drivers/net/vrf.c | 2 + drivers/net/wireless/ath/ath11k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath9k/debug.c | 4 +- drivers/net/wireless/ath/ath9k/hif_usb.c | 6 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 5 + drivers/net/wireless/intel/iwlwifi/fw/api/scan.h | 13 + drivers/net/wireless/intel/iwlwifi/fw/regulatory.h | 2 + drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/uefi.h | 2 - drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 16 +- drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c | 12 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 42 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 12 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/scan.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 1 + drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 7 + drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 10 +- drivers/net/wireless/realtek/rtw88/Kconfig | 1 + drivers/net/wireless/realtek/rtw89/core.h | 18 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw89/phy.c | 4 +- drivers/net/wireless/realtek/rtw89/util.h | 18 + drivers/net/wwan/qcom_bam_dmux.c | 11 +- drivers/net/xen-netback/hash.c | 5 +- drivers/nvme/common/keyring.c | 58 +- drivers/nvme/host/Kconfig | 3 +- drivers/nvme/host/core.c | 1 - drivers/nvme/host/fabrics.c | 2 +- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/host/sysfs.c | 4 +- drivers/nvme/host/tcp.c | 55 +- drivers/of/address.c | 5 + drivers/of/irq.c | 38 +- drivers/perf/arm_spe_pmu.c | 9 +- drivers/perf/riscv_pmu_legacy.c | 4 +- drivers/perf/riscv_pmu_sbi.c | 4 +- drivers/platform/mellanox/mlxbf-pmc.c | 5 + drivers/platform/x86/amd/pmf/pmf-quirks.c | 8 + .../x86/intel/speed_select_if/isst_if_common.c | 4 +- drivers/platform/x86/lenovo-ymc.c | 2 + drivers/platform/x86/touchscreen_dmi.c | 26 + drivers/platform/x86/x86-android-tablets/core.c | 6 +- drivers/platform/x86/x86-android-tablets/other.c | 10 +- drivers/pmdomain/core.c | 5 +- drivers/power/reset/brcmstb-reboot.c | 3 - drivers/power/supply/power_supply_hwmon.c | 3 +- drivers/remoteproc/ti_k3_r5_remoteproc.c | 86 +- drivers/rtc/rtc-at91sam9.c | 1 + drivers/scsi/NCR5380.c | 4 + drivers/scsi/aacraid/aacraid.h | 2 +- drivers/scsi/lpfc/lpfc.h | 12 +- drivers/scsi/lpfc/lpfc_els.c | 73 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 14 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 22 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 11 + drivers/scsi/pm8001/pm8001_init.c | 6 +- drivers/scsi/smartpqi/smartpqi_init.c | 130 +- drivers/scsi/st.c | 5 +- drivers/spi/spi-bcm63xx.c | 9 +- drivers/spi/spi-cadence.c | 8 +- drivers/spi/spi-imx.c | 2 +- drivers/spi/spi-rpc-if.c | 7 + drivers/spi/spi-s3c64xx.c | 4 +- drivers/vhost/scsi.c | 25 +- drivers/video/fbdev/efifb.c | 11 +- drivers/video/fbdev/pxafb.c | 1 + fs/afs/file.c | 1 + fs/afs/fs_operation.c | 2 +- fs/btrfs/backref.c | 12 +- fs/btrfs/disk-io.c | 11 + fs/btrfs/relocation.c | 77 +- fs/btrfs/send.c | 23 +- fs/cachefiles/namei.c | 7 +- fs/ceph/addr.c | 6 +- fs/ceph/mds_client.c | 12 + fs/dax.c | 6 +- fs/exec.c | 3 +- fs/exfat/balloc.c | 10 +- fs/ext4/dir.c | 14 +- fs/ext4/extents.c | 55 +- fs/ext4/fast_commit.c | 49 +- fs/ext4/file.c | 8 +- fs/ext4/inode.c | 11 +- fs/ext4/migrate.c | 2 +- fs/ext4/move_extent.c | 1 - fs/ext4/namei.c | 14 +- fs/ext4/resize.c | 18 +- fs/ext4/super.c | 14 +- fs/ext4/xattr.c | 3 +- fs/f2fs/f2fs.h | 31 +- fs/f2fs/gc.c | 85 +- fs/f2fs/gc.h | 23 + fs/f2fs/segment.c | 31 +- fs/f2fs/super.c | 8 + fs/f2fs/sysfs.c | 18 + fs/file.c | 93 +- fs/inode.c | 10 +- fs/iomap/buffered-io.c | 16 +- fs/jbd2/checkpoint.c | 21 +- fs/jbd2/journal.c | 4 +- fs/jfs/jfs_discard.c | 11 +- fs/jfs/jfs_dmap.c | 7 +- fs/jfs/xattr.c | 2 + fs/netfs/write_issue.c | 6 +- fs/nfsd/netns.h | 1 + fs/nfsd/nfs4proc.c | 36 +- fs/nfsd/nfs4state.c | 6 +- fs/nfsd/nfs4xdr.c | 10 +- fs/nfsd/nfsctl.c | 2 +- fs/nfsd/nfssvc.c | 2 +- fs/nfsd/vfs.c | 1 + fs/nfsd/xdr4.h | 1 + fs/ocfs2/aops.c | 5 +- fs/ocfs2/buffer_head_io.c | 4 +- fs/ocfs2/journal.c | 7 +- fs/ocfs2/localalloc.c | 19 + fs/ocfs2/quota_local.c | 8 +- fs/ocfs2/refcounttree.c | 26 +- fs/ocfs2/xattr.c | 11 +- fs/overlayfs/copy_up.c | 43 +- fs/overlayfs/params.c | 38 +- fs/proc/base.c | 61 +- fs/proc/proc_sysctl.c | 11 +- fs/smb/client/cifsfs.c | 13 +- fs/smb/client/cifsglob.h | 2 +- fs/smb/client/inode.c | 19 +- fs/smb/client/reparse.c | 16 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 24 +- fs/smb/client/smb2ops.c | 19 +- fs/smb/server/connection.c | 4 +- fs/smb/server/connection.h | 1 + fs/smb/server/oplock.c | 55 +- fs/smb/server/vfs_cache.c | 3 + include/crypto/internal/simd.h | 12 +- include/drm/drm_print.h | 54 +- include/drm/gpu_scheduler.h | 2 +- include/dt-bindings/clock/exynos7885.h | 2 +- include/dt-bindings/clock/qcom,gcc-sc8180x.h | 1 + include/linux/cpufreq.h | 6 +- include/linux/fdtable.h | 8 +- include/linux/i2c.h | 3 + include/linux/netdevice.h | 22 +- include/linux/nvme-keyring.h | 6 +- include/linux/perf_event.h | 8 +- include/linux/sched.h | 2 + include/linux/sunrpc/svc.h | 4 +- include/linux/uprobes.h | 2 + include/linux/virtio_net.h | 4 +- include/net/mana/gdma.h | 10 +- include/net/mana/mana.h | 3 +- include/trace/events/netfs.h | 1 + include/uapi/linux/cec.h | 6 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- io_uring/io_uring.c | 5 +- io_uring/net.c | 4 +- kernel/bpf/verifier.c | 119 +- kernel/cgroup/cgroup-v1.c | 12 +- kernel/events/core.c | 33 +- kernel/events/uprobes.c | 4 +- kernel/fork.c | 32 +- kernel/jump_label.c | 52 +- kernel/rcu/rcuscale.c | 4 +- kernel/rcu/tasks.h | 82 +- kernel/resource.c | 58 +- kernel/sched/core.c | 23 +- kernel/sched/psi.c | 26 +- kernel/static_call_inline.c | 13 +- kernel/trace/trace_hwlat.c | 2 + kernel/trace/trace_osnoise.c | 22 +- lib/buildid.c | 88 +- mm/Kconfig | 25 +- mm/slab_common.c | 7 + mm/slub.c | 100 +- net/bluetooth/hci_core.c | 2 + net/bluetooth/hci_event.c | 15 +- net/bluetooth/l2cap_core.c | 8 - net/bluetooth/mgmt.c | 23 +- net/bridge/br_mdb.c | 2 +- net/core/dev.c | 14 +- net/core/gro.c | 9 +- net/core/net-sysfs.c | 6 +- net/core/netdev-genl.c | 8 +- net/core/netpoll.c | 15 +- net/dsa/dsa.c | 7 + net/ipv4/devinet.c | 6 +- net/ipv4/fib_frontend.c | 2 +- net/ipv4/ip_gre.c | 6 +- net/ipv4/netfilter/nf_dup_ipv4.c | 7 +- net/ipv4/tcp_ipv4.c | 3 + net/ipv4/tcp_offload.c | 10 +- net/ipv4/udp_offload.c | 22 +- net/ipv6/netfilter/nf_dup_ipv6.c | 7 +- net/ipv6/tcpv6_offload.c | 10 +- net/mac80211/chan.c | 4 +- net/mac80211/mlme.c | 2 +- net/mac80211/scan.c | 2 +- net/mac80211/util.c | 4 +- net/mac802154/scan.c | 4 +- net/ncsi/ncsi-manage.c | 2 + net/rxrpc/ar-internal.h | 2 +- net/rxrpc/io_thread.c | 10 +- net/rxrpc/local_object.c | 2 +- net/sched/sch_taprio.c | 4 +- net/sctp/socket.c | 4 +- net/sunrpc/svc.c | 31 +- net/tipc/bearer.c | 8 +- net/wireless/nl80211.c | 15 +- rust/kernel/sync/locked_by.rs | 18 +- scripts/gdb/linux/proc.py | 4 +- scripts/gdb/linux/rbtree.py | 12 + scripts/gdb/linux/timerlist.py | 31 +- scripts/kconfig/qconf.cc | 2 +- security/Kconfig | 32 + security/tomoyo/domain.c | 9 +- sound/core/control.c | 55 +- sound/core/control_compat.c | 45 +- sound/core/init.c | 14 +- sound/core/oss/mixer_oss.c | 4 +- sound/isa/gus/gus_pcm.c | 4 +- sound/pci/asihpi/hpimsgx.c | 2 +- sound/pci/hda/hda_controller.h | 2 +- sound/pci/hda/hda_generic.c | 4 +- sound/pci/hda/hda_intel.c | 10 +- sound/pci/hda/patch_conexant.c | 24 +- sound/pci/hda/patch_realtek.c | 5 + sound/pci/rme9652/hdsp.c | 6 +- sound/pci/rme9652/hdspm.c | 6 +- sound/soc/atmel/mchp-pdmc.c | 3 + sound/soc/codecs/wsa883x.c | 16 +- sound/soc/fsl/imx-card.c | 1 + sound/soc/intel/boards/bytcht_cx2072x.c | 4 + sound/soc/intel/boards/bytcht_da7213.c | 4 + sound/soc/intel/boards/bytcht_es8316.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 +- sound/soc/intel/boards/bytcr_rt5651.c | 2 +- sound/soc/intel/boards/cht_bsw_rt5645.c | 4 + sound/soc/intel/boards/cht_bsw_rt5672.c | 4 + sound/soc/intel/boards/sof_es8336.c | 2 +- sound/soc/intel/boards/sof_wm8804.c | 4 + sound/usb/card.c | 8 + sound/usb/clock.c | 62 +- sound/usb/format.c | 6 +- sound/usb/helper.c | 34 + sound/usb/helper.h | 10 +- sound/usb/line6/podhd.c | 2 +- sound/usb/mixer.c | 37 +- sound/usb/mixer.h | 1 + sound/usb/mixer_quirks.c | 430 +++- sound/usb/mixer_scarlett.c | 4 +- sound/usb/power.c | 3 +- sound/usb/power.h | 1 + sound/usb/quirks-table.h | 2455 +++++++------------- sound/usb/quirks.c | 62 + sound/usb/stream.c | 21 +- sound/usb/usbaudio.h | 12 + tools/arch/x86/kcpuid/kcpuid.c | 12 +- tools/bpf/bpftool/net.c | 11 +- tools/hv/hv_fcopy_uio_daemon.c | 7 + tools/include/nolibc/arch-powerpc.h | 2 +- tools/perf/util/hist.c | 7 +- tools/perf/util/machine.c | 17 +- tools/perf/util/setup.py | 2 + tools/perf/util/thread.c | 4 + tools/perf/util/thread.h | 1 + .../breakpoints/step_after_suspend_test.c | 5 +- .../selftests/devices/test_discoverable_devices.py | 4 +- tools/testing/selftests/hid/Makefile | 2 + .../selftests/mm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/mm/mseal_test.c | 57 +- tools/testing/selftests/mm/write_to_hugetlbfs.c | 23 +- .../selftests/net/netfilter/conntrack_dump_flush.c | 1 + tools/testing/selftests/net/netfilter/nft_audit.sh | 57 +- tools/testing/selftests/nolibc/nolibc-test.c | 4 +- tools/testing/selftests/vDSO/parse_vdso.c | 17 +- tools/testing/selftests/vDSO/vdso_config.h | 10 +- .../testing/selftests/vDSO/vdso_test_correctness.c | 6 + tools/tracing/rtla/Makefile.rtla | 2 +- tools/tracing/rtla/src/osnoise_top.c | 2 +- tools/tracing/rtla/src/timerlat_top.c | 4 +- 512 files changed, 6151 insertions(+), 4351 deletions(-)

8 months, 1 week

17
502
0 0

[PATCH] drm/xe/ufence: ufence can be signaled right after wait_woken

by Nirmoy Das

do_comapre() can return success after wait_woken() which is treated as -ETIME here. Fixes: e670f0b4ef24 ("drm/xe/uapi: Return correct error code for xe_wait_user_fence_ioctl") Cc: <stable(a)vger.kernel.org> # v6.8+ Cc: Bommu Krishnaiah <krishnaiah.bommu(a)intel.com> Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1630 Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Nirmoy Das <nirmoy.das(a)intel.com> --- drivers/gpu/drm/xe/xe_wait_user_fence.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_wait_user_fence.c b/drivers/gpu/drm/xe/xe_wait_user_fence.c index d46fa8374980..d532283d4aa3 100644 --- a/drivers/gpu/drm/xe/xe_wait_user_fence.c +++ b/drivers/gpu/drm/xe/xe_wait_user_fence.c @@ -169,7 +169,7 @@ int xe_wait_user_fence_ioctl(struct drm_device *dev, void *data, args->timeout = 0; } - if (!timeout && !(err < 0)) + if (!timeout && err < 0) err = -ETIME; if (q) -- 2.46.0

8 months, 1 week

2
3
0 0

[PATCH] ASoC: qcom: sdm845: add missing soundwire runtime stream alloc

by Alexey Klimov

During the migration of Soundwire runtime stream allocation from the Qualcomm Soundwire controller to SoC's soundcard drivers the sdm845 soundcard was forgotten. At this point any playback attempt or audio daemon startup, for instance on sdm845-db845c (Qualcomm RB3 board), will result in stream pointer NULL dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101ecf000 [0000000000000020] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP Modules linked in: ... CPU: 5 UID: 0 PID: 1198 Comm: aplay Not tainted 6.12.0-rc2-qcomlt-arm64-00059-g9d78f315a362-dirty #18 Hardware name: Thundercomm Dragonboard 845c (DT) pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : sdw_stream_add_slave+0x44/0x380 [soundwire_bus] lr : sdw_stream_add_slave+0x44/0x380 [soundwire_bus] sp : ffff80008a2035c0 x29: ffff80008a2035c0 x28: ffff80008a203978 x27: 0000000000000000 x26: 00000000000000c0 x25: 0000000000000000 x24: ffff1676025f4800 x23: ffff167600ff1cb8 x22: ffff167600ff1c98 x21: 0000000000000003 x20: ffff167607316000 x19: ffff167604e64e80 x18: 0000000000000000 x17: 0000000000000000 x16: ffffcec265074160 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff167600ff1cec x5 : ffffcec22cfa2010 x4 : 0000000000000000 x3 : 0000000000000003 x2 : ffff167613f836c0 x1 : 0000000000000000 x0 : ffff16761feb60b8 Call trace: sdw_stream_add_slave+0x44/0x380 [soundwire_bus] wsa881x_hw_params+0x68/0x80 [snd_soc_wsa881x] snd_soc_dai_hw_params+0x3c/0xa4 __soc_pcm_hw_params+0x230/0x660 dpcm_be_dai_hw_params+0x1d0/0x3f8 dpcm_fe_dai_hw_params+0x98/0x268 snd_pcm_hw_params+0x124/0x460 snd_pcm_common_ioctl+0x998/0x16e8 snd_pcm_ioctl+0x34/0x58 __arm64_sys_ioctl+0xac/0xf8 invoke_syscall+0x48/0x104 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xe0 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x190/0x194 Code: aa0403fb f9418400 9100e000 9400102f (f8420f22) ---[ end trace 0000000000000000 ]--- 0000000000006108 <sdw_stream_add_slave>: 6108: d503233f paciasp 610c: a9b97bfd stp x29, x30, [sp, #-112]! 6110: 910003fd mov x29, sp 6114: a90153f3 stp x19, x20, [sp, #16] 6118: a9025bf5 stp x21, x22, [sp, #32] 611c: aa0103f6 mov x22, x1 6120: 2a0303f5 mov w21, w3 6124: a90363f7 stp x23, x24, [sp, #48] 6128: aa0003f8 mov x24, x0 612c: aa0203f7 mov x23, x2 6130: a9046bf9 stp x25, x26, [sp, #64] 6134: aa0403f9 mov x25, x4 <-- x4 copied to x25 6138: a90573fb stp x27, x28, [sp, #80] 613c: aa0403fb mov x27, x4 6140: f9418400 ldr x0, [x0, #776] 6144: 9100e000 add x0, x0, #0x38 6148: 94000000 bl 0 <mutex_lock> 614c: f8420f22 ldr x2, [x25, #32]! <-- offset 0x44 ^^^ This is 0x6108 + offset 0x44 from the beginning of sdw_stream_add_slave() where data abort happens. wsa881x_hw_params() is called with stream = NULL and passes it further in register x4 (5th argument) to sdw_stream_add_slave() without any checks. Value from x4 is copied to x25 and finally it aborts on trying to load a value from address in x25 plus offset 32 (in dec) which corresponds to master_list member in struct sdw_stream_runtime: struct sdw_stream_runtime { const char * name; /* 0 8 */ struct sdw_stream_params params; /* 8 12 */ enum sdw_stream_state state; /* 20 4 */ enum sdw_stream_type type; /* 24 4 */ /* XXX 4 bytes hole, try to pack */ here-> struct list_head master_list; /* 32 16 */ int m_rt_count; /* 48 4 */ /* size: 56, cachelines: 1, members: 6 */ /* sum members: 48, holes: 1, sum holes: 4 */ /* padding: 4 */ /* last cacheline: 56 bytes */ Fix this by adding required calls to qcom_snd_sdw_startup() and sdw_release_stream() to startup and shutdown routines which restores the previous correct behaviour when ->set_stream() method is called to set a valid stream runtime pointer on playback startup. Reproduced and then fix was tested on db845c RB3 board. Reported-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Cc: stable(a)vger.kernel.org Fixes: 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream alloc to soundcards") Cc: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Cc: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Cc: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Cc: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Signed-off-by: Alexey Klimov <alexey.klimov(a)linaro.org> --- sound/soc/qcom/sdm845.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sound/soc/qcom/sdm845.c b/sound/soc/qcom/sdm845.c index 75701546b6ea..a479d7e5b7fb 100644 --- a/sound/soc/qcom/sdm845.c +++ b/sound/soc/qcom/sdm845.c @@ -15,6 +15,7 @@ #include <uapi/linux/input-event-codes.h> #include "common.h" #include "qdsp6/q6afe.h" +#include "sdw.h" #include "../codecs/rt5663.h" #define DRIVER_NAME "sdm845" @@ -416,7 +417,7 @@ static int sdm845_snd_startup(struct snd_pcm_substream *substream) pr_err("%s: invalid dai id 0x%x\n", __func__, cpu_dai->id); break; } - return 0; + return qcom_snd_sdw_startup(substream); } static void sdm845_snd_shutdown(struct snd_pcm_substream *substream) @@ -425,6 +426,7 @@ static void sdm845_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_card *card = rtd->card; struct sdm845_snd_data *data = snd_soc_card_get_drvdata(card); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); + struct sdw_stream_runtime *sruntime = data->sruntime[cpu_dai->id]; switch (cpu_dai->id) { case PRIMARY_MI2S_RX: @@ -463,6 +465,9 @@ static void sdm845_snd_shutdown(struct snd_pcm_substream *substream) pr_err("%s: invalid dai id 0x%x\n", __func__, cpu_dai->id); break; } + + data->sruntime[cpu_dai->id] = NULL; + sdw_release_stream(sruntime); } static int sdm845_snd_prepare(struct snd_pcm_substream *substream) -- 2.45.2

8 months, 1 week

5
6
0 0

[PATCH V2] x86/apic: Stop the TSC Deadline timer during lapic timer shutdown

by Zhang Rui

This 12-year-old bug prevents some modern processors from achieving maximum power savings during suspend. For example, Lunar Lake systems gets 0% package C-states during suspend to idle and this causes energy star compliance tests to fail. According to Intel SDM, for the local APIC timer, 1. "The initial-count register is a read-write register. A write of 0 to the initial-count register effectively stops the local APIC timer, in both one-shot and periodic mode." 2. "In TSC deadline mode, writes to the initial-count register are ignored; and current-count register always reads 0. Instead, timer behavior is controlled using the IA32_TSC_DEADLINE MSR." "In TSC-deadline mode, writing 0 to the IA32_TSC_DEADLINE MSR disarms the local-APIC timer." Stop the TSC Deadline timer in lapic_timer_shutdown() by writing 0 to MSR_IA32_TSC_DEADLINE. Cc: stable(a)vger.kernel.org Fixes: 279f1461432c ("x86: apic: Use tsc deadline for oneshot when available") Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> --- Changes since V1 - improve changelog --- arch/x86/kernel/apic/apic.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 6513c53c9459..d1006531729a 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -441,6 +441,10 @@ static int lapic_timer_shutdown(struct clock_event_device *evt) v |= (APIC_LVT_MASKED | LOCAL_TIMER_VECTOR); apic_write(APIC_LVTT, v); apic_write(APIC_TMICT, 0); + + if (boot_cpu_has(X86_FEATURE_TSC_DEADLINE_TIMER)) + wrmsrl(MSR_IA32_TSC_DEADLINE, 0); + return 0; } -- 2.34.1

8 months, 1 week

6
13
0 0

[PATCH 4.19] wifi: mac80211: sdata can be NULL during AMPDU start

by hsimeliere.opensource＠witekio.com

From: Alexander Wetzel <alexander(a)wetzel-home.de> commit 69403bad97aa0162e3d7911b27e25abe774093df upstream. ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthentication is ongoing. Here a trace triggering the race with the hostapd test multi_ap_fronthaul_on_ap: (gdb) list *drv_ampdu_action+0x46 0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396). 391 int ret = -EOPNOTSUPP; 392 393 might_sleep(); 394 395 sdata = get_bss_sdata(sdata); 396 if (!check_sdata_in_driver(sdata)) 397 return -EIO; 398 399 trace_drv_ampdu_action(local, sdata, params); 400 wlan0: moving STA 02:00:00:00:03:00 to state 3 wlan0: associated wlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING) wlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0 wlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port) wlan0: moving STA 02:00:00:00:03:00 to state 2 wlan0: moving STA 02:00:00:00:03:00 to state 1 wlan0: Removed STA 02:00:00:00:03:00 wlan0: Destroyed STA 02:00:00:00:03:00 BUG: unable to handle page fault for address: fffffffffffffb48 PGD 11814067 P4D 11814067 PUD 11816067 PMD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 Workqueue: phy3 ieee80211_ba_session_work [mac80211] RIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211] Code: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 <8b> 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85 RSP: 0018:ffffc900025ebd20 EFLAGS: 00010287 RAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240 RDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40 RBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0 R13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8 FS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0 Call Trace: <TASK> ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211] ieee80211_ba_session_work+0xff/0x2e0 [mac80211] process_one_work+0x29f/0x620 worker_thread+0x4d/0x3d0 ? process_one_work+0x620/0x620 kthread+0xfb/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 </TASK> Signed-off-by: Alexander Wetzel <alexander(a)wetzel-home.de> Link: https://lore.kernel.org/r/20221230121850.218810-2-alexander@wetzel-home.de Cc: stable(a)vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- net/mac80211/agg-tx.c | 6 +++++- net/mac80211/driver-ops.c | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c index 79138225e880..43e8c6b0618a 100644 --- a/net/mac80211/agg-tx.c +++ b/net/mac80211/agg-tx.c @@ -455,7 +455,7 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) { struct tid_ampdu_tx *tid_tx; struct ieee80211_local *local = sta->local; - struct ieee80211_sub_if_data *sdata = sta->sdata; + struct ieee80211_sub_if_data *sdata; struct ieee80211_ampdu_params params = { .sta = &sta->sta, .action = IEEE80211_AMPDU_TX_START, @@ -486,9 +486,13 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) */ synchronize_net(); + sdata = sta->sdata; params.ssn = sta->tid_seq[tid] >> 4; ret = drv_ampdu_action(local, sdata, &params); if (ret) { + if (!sdata) + return; + ht_dbg(sdata, "BA request denied - HW unavailable for %pM tid %d\n", sta->sta.addr, tid); diff --git a/net/mac80211/driver-ops.c b/net/mac80211/driver-ops.c index 9f0f437a09b9..208ee342eb27 100644 --- a/net/mac80211/driver-ops.c +++ b/net/mac80211/driver-ops.c @@ -313,6 +313,9 @@ int drv_ampdu_action(struct ieee80211_local *local, might_sleep(); + if (!sdata) + return -EIO; + sdata = get_bss_sdata(sdata); if (!check_sdata_in_driver(sdata)) return -EIO; -- 2.43.0

8 months, 1 week

1
0
0 0

[PATCH 5.4] wifi: mac80211: sdata can be NULL during AMPDU start

by hsimeliere.opensource＠witekio.com

From: Alexander Wetzel <alexander(a)wetzel-home.de> commit 69403bad97aa0162e3d7911b27e25abe774093df upstream. ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthentication is ongoing. Here a trace triggering the race with the hostapd test multi_ap_fronthaul_on_ap: (gdb) list *drv_ampdu_action+0x46 0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396). 391 int ret = -EOPNOTSUPP; 392 393 might_sleep(); 394 395 sdata = get_bss_sdata(sdata); 396 if (!check_sdata_in_driver(sdata)) 397 return -EIO; 398 399 trace_drv_ampdu_action(local, sdata, params); 400 wlan0: moving STA 02:00:00:00:03:00 to state 3 wlan0: associated wlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING) wlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0 wlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port) wlan0: moving STA 02:00:00:00:03:00 to state 2 wlan0: moving STA 02:00:00:00:03:00 to state 1 wlan0: Removed STA 02:00:00:00:03:00 wlan0: Destroyed STA 02:00:00:00:03:00 BUG: unable to handle page fault for address: fffffffffffffb48 PGD 11814067 P4D 11814067 PUD 11816067 PMD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 Workqueue: phy3 ieee80211_ba_session_work [mac80211] RIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211] Code: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 <8b> 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85 RSP: 0018:ffffc900025ebd20 EFLAGS: 00010287 RAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240 RDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40 RBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0 R13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8 FS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0 Call Trace: <TASK> ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211] ieee80211_ba_session_work+0xff/0x2e0 [mac80211] process_one_work+0x29f/0x620 worker_thread+0x4d/0x3d0 ? process_one_work+0x620/0x620 kthread+0xfb/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 </TASK> Signed-off-by: Alexander Wetzel <alexander(a)wetzel-home.de> Link: https://lore.kernel.org/r/20221230121850.218810-2-alexander@wetzel-home.de Cc: stable(a)vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- net/mac80211/agg-tx.c | 6 +++++- net/mac80211/driver-ops.c | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c index f30cdd7f3a73..52712a47463e 100644 --- a/net/mac80211/agg-tx.c +++ b/net/mac80211/agg-tx.c @@ -489,7 +489,7 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) { struct tid_ampdu_tx *tid_tx; struct ieee80211_local *local = sta->local; - struct ieee80211_sub_if_data *sdata = sta->sdata; + struct ieee80211_sub_if_data *sdata; struct ieee80211_ampdu_params params = { .sta = &sta->sta, .action = IEEE80211_AMPDU_TX_START, @@ -519,10 +519,14 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) */ synchronize_net(); + sdata = sta->sdata; params.ssn = sta->tid_seq[tid] >> 4; ret = drv_ampdu_action(local, sdata, &params); tid_tx->ssn = params.ssn; if (ret) { + if (!sdata) + return; + ht_dbg(sdata, "BA request denied - HW unavailable for %pM tid %d\n", sta->sta.addr, tid); diff --git a/net/mac80211/driver-ops.c b/net/mac80211/driver-ops.c index 48322e45e7dd..120bd9cdf7df 100644 --- a/net/mac80211/driver-ops.c +++ b/net/mac80211/driver-ops.c @@ -331,6 +331,9 @@ int drv_ampdu_action(struct ieee80211_local *local, might_sleep(); + if (!sdata) + return -EIO; + sdata = get_bss_sdata(sdata); if (!check_sdata_in_driver(sdata)) return -EIO; -- 2.43.0

8 months, 1 week

1
0
0 0

[PATCH v3 3/8] media: qcom: camss: Fix potential crash if domain attach fails

by Vikram Sharma

Fix a potential crash in camss by ensuring detach is skipped if attach is unsuccessful. Fixes: d89751c61279 ("media: qcom: camss: Add support for named power-domains") CC: stable(a)vger.kernel.org Signed-off-by: Vikram Sharma <quic_vikramsa(a)quicinc.com> --- drivers/media/platform/qcom/camss/camss.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c index d64985ca6e88..b6658df37709 100644 --- a/drivers/media/platform/qcom/camss/camss.c +++ b/drivers/media/platform/qcom/camss/camss.c @@ -2131,8 +2131,7 @@ static int camss_configure_pd(struct camss *camss) camss->genpd = dev_pm_domain_attach_by_name(camss->dev, camss->res->pd_name); if (IS_ERR(camss->genpd)) { - ret = PTR_ERR(camss->genpd); - goto fail_pm; + return PTR_ERR(camss->genpd); } } @@ -2149,7 +2148,7 @@ static int camss_configure_pd(struct camss *camss) ret = -ENODEV; else ret = PTR_ERR(camss->genpd); - goto fail_pm; + return ret; } camss->genpd_link = device_link_add(camss->dev, camss->genpd, DL_FLAG_STATELESS | DL_FLAG_PM_RUNTIME | -- 2.25.1

8 months, 1 week

1
0
0 0

[PATCH AUTOSEL 6.6 001/139] wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()

by Sasha Levin

From: Dmitry Kandybka <d.kandybka(a)gmail.com> [ Upstream commit 3f66f26703093886db81f0610b97a6794511917c ] In 'ath9k_get_et_stats()', promote TX stats counters to 'u64' to avoid possible integer overflow. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Kandybka <d.kandybka(a)gmail.com> Acked-by: Toke Høiland-Jørgensen <toke(a)toke.dk> Signed-off-by: Kalle Valo <quic_kvalo(a)quicinc.com> Link: https://patch.msgid.link/20240725111743.14422-1-d.kandybka@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/wireless/ath/ath9k/debug.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wireless/ath/ath9k/debug.c index a0376a6787b8d..aaad285042864 100644 --- a/drivers/net/wireless/ath/ath9k/debug.c +++ b/drivers/net/wireless/ath/ath9k/debug.c @@ -1325,11 +1325,11 @@ void ath9k_get_et_stats(struct ieee80211_hw *hw, struct ath_softc *sc = hw->priv; int i = 0; - data[i++] = (sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BE)].tx_pkts_all + + data[i++] = ((u64)sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BE)].tx_pkts_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BK)].tx_pkts_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_VI)].tx_pkts_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_VO)].tx_pkts_all); - data[i++] = (sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BE)].tx_bytes_all + + data[i++] = ((u64)sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BE)].tx_bytes_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BK)].tx_bytes_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_VI)].tx_bytes_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_VO)].tx_bytes_all); -- 2.43.0

8 months, 1 week

7
147
0 0

[PATCH AUTOSEL 6.11 01/76] bpf: Call the missed btf_record_free() when map creation fails

by Sasha Levin

From: Hou Tao <houtao1(a)huawei.com> [ Upstream commit 87e9675a0dfd0bf4a36550e4a0e673038ec67aee ] When security_bpf_map_create() in map_create() fails, map_create() will call btf_put() and ->map_free() callback to free the map. It doesn't free the btf_record of map value, so add the missed btf_record_free() when map creation fails. However btf_record_free() needs to be called after ->map_free() just like bpf_map_free_deferred() did, because ->map_free() may use the btf_record to free the special fields in preallocated map value. So factor out bpf_map_free() helper to free the map, btf_record, and btf orderly and use the helper in both map_create() and bpf_map_free_deferred(). Signed-off-by: Hou Tao <houtao1(a)huawei.com> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lore.kernel.org/r/20240912012845.3458483-2-houtao@huaweicloud.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/bpf/syscall.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index bf6c5f685ea22..931ae9ad78149 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -733,15 +733,11 @@ void bpf_obj_free_fields(const struct btf_record *rec, void *obj) } } -/* called from workqueue */ -static void bpf_map_free_deferred(struct work_struct *work) +static void bpf_map_free(struct bpf_map *map) { - struct bpf_map *map = container_of(work, struct bpf_map, work); struct btf_record *rec = map->record; struct btf *btf = map->btf; - security_bpf_map_free(map); - bpf_map_release_memcg(map); /* implementation dependent freeing */ map->ops->map_free(map); /* Delay freeing of btf_record for maps, as map_free @@ -760,6 +756,16 @@ static void bpf_map_free_deferred(struct work_struct *work) btf_put(btf); } +/* called from workqueue */ +static void bpf_map_free_deferred(struct work_struct *work) +{ + struct bpf_map *map = container_of(work, struct bpf_map, work); + + security_bpf_map_free(map); + bpf_map_release_memcg(map); + bpf_map_free(map); +} + static void bpf_map_put_uref(struct bpf_map *map) { if (atomic64_dec_and_test(&map->usercnt)) { @@ -1411,8 +1417,7 @@ static int map_create(union bpf_attr *attr) free_map_sec: security_bpf_map_free(map); free_map: - btf_put(map->btf); - map->ops->map_free(map); + bpf_map_free(map); put_token: bpf_token_put(token); return err; -- 2.43.0

8 months, 1 week

4
80
0 0

[PATCH AUTOSEL 6.10 01/70] bpf: Call the missed btf_record_free() when map creation fails

by Sasha Levin

From: Hou Tao <houtao1(a)huawei.com> [ Upstream commit 87e9675a0dfd0bf4a36550e4a0e673038ec67aee ] When security_bpf_map_create() in map_create() fails, map_create() will call btf_put() and ->map_free() callback to free the map. It doesn't free the btf_record of map value, so add the missed btf_record_free() when map creation fails. However btf_record_free() needs to be called after ->map_free() just like bpf_map_free_deferred() did, because ->map_free() may use the btf_record to free the special fields in preallocated map value. So factor out bpf_map_free() helper to free the map, btf_record, and btf orderly and use the helper in both map_create() and bpf_map_free_deferred(). Signed-off-by: Hou Tao <houtao1(a)huawei.com> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lore.kernel.org/r/20240912012845.3458483-2-houtao@huaweicloud.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/bpf/syscall.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index f45ed6adc092a..92590ddb2042d 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -733,15 +733,11 @@ void bpf_obj_free_fields(const struct btf_record *rec, void *obj) } } -/* called from workqueue */ -static void bpf_map_free_deferred(struct work_struct *work) +static void bpf_map_free(struct bpf_map *map) { - struct bpf_map *map = container_of(work, struct bpf_map, work); struct btf_record *rec = map->record; struct btf *btf = map->btf; - security_bpf_map_free(map); - bpf_map_release_memcg(map); /* implementation dependent freeing */ map->ops->map_free(map); /* Delay freeing of btf_record for maps, as map_free @@ -760,6 +756,16 @@ static void bpf_map_free_deferred(struct work_struct *work) btf_put(btf); } +/* called from workqueue */ +static void bpf_map_free_deferred(struct work_struct *work) +{ + struct bpf_map *map = container_of(work, struct bpf_map, work); + + security_bpf_map_free(map); + bpf_map_release_memcg(map); + bpf_map_free(map); +} + static void bpf_map_put_uref(struct bpf_map *map) { if (atomic64_dec_and_test(&map->usercnt)) { @@ -1411,8 +1417,7 @@ static int map_create(union bpf_attr *attr) free_map_sec: security_bpf_map_free(map); free_map: - btf_put(map->btf); - map->ops->map_free(map); + bpf_map_free(map); put_token: bpf_token_put(token); return err; -- 2.43.0

8 months, 1 week

2
71
0 0

[PATCH v5.4-v4.19] CDC-NCM: avoid overflow in sanity checking

by hsimeliere.opensource＠witekio.com

From: Oliver Neukum <oneukum(a)suse.com> commit 8d2b1a1ec9f559d30b724877da4ce592edc41fdc upstream. A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the sanity check. Both offset and offset + len need to be checked in such a manner that no overflow can occur. And those quantities should be unsigned. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Reviewed-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- drivers/net/usb/cdc_ncm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c index 65dac36d8d4f..64d83f7905d0 100644 --- a/drivers/net/usb/cdc_ncm.c +++ b/drivers/net/usb/cdc_ncm.c @@ -1708,10 +1708,10 @@ int cdc_ncm_rx_fixup(struct usbnet *dev, struct sk_buff *skb_in) { struct sk_buff *skb; struct cdc_ncm_ctx *ctx = (struct cdc_ncm_ctx *)dev->data[0]; - int len; + unsigned int len; int nframes; int x; - int offset; + unsigned int offset; union { struct usb_cdc_ncm_ndp16 *ndp16; struct usb_cdc_ncm_ndp32 *ndp32; @@ -1783,8 +1783,8 @@ int cdc_ncm_rx_fixup(struct usbnet *dev, struct sk_buff *skb_in) break; } - /* sanity checking */ - if (((offset + len) > skb_in->len) || + /* sanity checking - watch out for integer wrap*/ + if ((offset > skb_in->len) || (len > skb_in->len - offset) || (len > ctx->rx_max) || (len < ETH_HLEN)) { netif_dbg(dev, rx_err, dev->net, "invalid frame detected (ignored) offset[%u]=%u, length=%u, skb=%p\n", -- 2.43.0

8 months, 1 week

1
0
0 0

[RFC PATCH v2] sched/fair: Fix integer underflow

by Pierre Gondois

(struct sg_lb_stats).idle_cpus is of type 'unsigned int'. (local->idle_cpus - busiest->idle_cpus) can underflow to UINT_MAX for instance, and max_t(long, 0, UINT_MAX) will output UINT_MAX. Use lsub_positive() instead of max_t(). Fixes: 16b0a7a1a0af ("sched/fair: Ensure tasks spreading in LLC during LB") cc: stable(a)vger.kernel.org Signed-off-by: Pierre Gondois <pierre.gondois(a)arm.com> Reviewed-by: Vincent Guittot <vincent.guittot(a)linaro.org> --- kernel/sched/fair.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 9057584ec06d..6d9124499f52 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -10775,8 +10775,8 @@ static inline void calculate_imbalance(struct lb_env *env, struct sd_lb_stats *s * idle CPUs. */ env->migration_type = migrate_task; - env->imbalance = max_t(long, 0, - (local->idle_cpus - busiest->idle_cpus)); + env->imbalance = local->idle_cpus; + lsub_positive(&env->imbalance, busiest->idle_cpus); } #ifdef CONFIG_NUMA -- 2.25.1

8 months, 1 week

1
1
0 0

[PATCH 4.19] net: ipv6: ensure we call ipv6_mc_down() at most once

by hsimeliere.opensource＠witekio.com

From: "j.nixdorf(a)avm.de" <j.nixdorf(a)avm.de> commit 9995b408f17ff8c7f11bc725c8aa225ba3a63b1c upstream. There are two reasons for addrconf_notify() to be called with NETDEV_DOWN: either the network device is actually going down, or IPv6 was disabled on the interface. If either of them stays down while the other is toggled, we repeatedly call the code for NETDEV_DOWN, including ipv6_mc_down(), while never calling the corresponding ipv6_mc_up() in between. This will cause a new entry in idev->mc_tomb to be allocated for each multicast group the interface is subscribed to, which in turn leaks one struct ifmcaddr6 per nontrivial multicast group the interface is subscribed to. The following reproducer will leak at least $n objects: ip addr add ff2e::4242/32 dev eth0 autojoin sysctl -w net.ipv6.conf.eth0.disable_ipv6=1 for i in $(seq 1 $n); do ip link set up eth0; ip link set down eth0 done Joining groups with IPV6_ADD_MEMBERSHIP (unprivileged) or setting the sysctl net.ipv6.conf.eth0.forwarding to 1 (=> subscribing to ff02::2) can also be used to create a nontrivial idev->mc_list, which will the leak objects with the right up-down-sequence. Based on both sources for NETDEV_DOWN events the interface IPv6 state should be considered: - not ready if the network interface is not ready OR IPv6 is disabled for it - ready if the network interface is ready AND IPv6 is enabled for it The functions ipv6_mc_up() and ipv6_down() should only be run when this state changes. Implement this by remembering when the IPv6 state is ready, and only run ipv6_mc_down() if it actually changed from ready to not ready. The other direction (not ready -> ready) already works correctly, as: - the interface notification triggered codepath for NETDEV_UP / NETDEV_CHANGE returns early if ipv6 is disabled, and - the disable_ipv6=0 triggered codepath skips fully initializing the interface as long as addrconf_link_ready(dev) returns false - calling ipv6_mc_up() repeatedly does not leak anything Fixes: 3ce62a84d53c ("ipv6: exit early in addrconf_notify() if IPv6 is disabled") Signed-off-by: Johannes Nixdorf <j.nixdorf(a)avm.de> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Bruno VERNAY <bruno.vernay(a)se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- net/ipv6/addrconf.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 9058d59acd0a..7763b7f672fa 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -3679,6 +3679,7 @@ static int addrconf_ifdown(struct net_device *dev, int how) struct inet6_ifaddr *ifa; LIST_HEAD(tmp_addr_list); bool keep_addr = false; + bool was_ready; int state, i; ASSERT_RTNL(); @@ -3744,7 +3745,10 @@ static int addrconf_ifdown(struct net_device *dev, int how) addrconf_del_rs_timer(idev); - /* Step 2: clear flags for stateless addrconf */ + /* Step 2: clear flags for stateless addrconf, repeated down + * detection + */ + was_ready = idev->if_flags & IF_READY; if (!how) idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD|IF_READY); @@ -3824,7 +3828,7 @@ static int addrconf_ifdown(struct net_device *dev, int how) if (how) { ipv6_ac_destroy_dev(idev); ipv6_mc_destroy_dev(idev); - } else { + } else if (was_ready) { ipv6_mc_down(idev); } -- 2.43.0

8 months, 1 week

1
0
0 0

[PATCH 0/3] drm: logicvc: add of_node_put() and switch to a more secure approach

by Javier Carrasco

This driver has faced several issues due to the wrong or missing usage of of_node_put() to release device nodes after they are no longer required. The first implementation was missing the of_node_put() for 'layers_node', and it put 'layer_node' twice. Then commit 'd3a453416270 ("drm: fix device_node_continue.cocci warnings")' removed the extra of_node_put(layer_node), which would have been ok if it had stayed only in the error path. Later, commit 'e9fcc60ddd29 ("drm/logicvc: add missing of_node_put() in logicvc_layers_init()")' added the missing of_node_put(layers_node), but not the one for the child node. It should be clear how easy someone can mess up with this pattern, especially with variables that have similar names. To fix the bug for stable kernels, and provide a more robust solution that accounts for new error paths, this series provides a first patch with the classical approach of adding the missing of_node_put(), and two more patches to use the cleanup attribute and avoid issues with device nodes again. Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Javier Carrasco (3): drm: logicvc: fix missing of_node_put() in for_each_child_of_node() drm: logicvc: switch to for_each_child_of_node_scoped() drm: logicvc: use automatic cleanup facility for layers_node drivers/gpu/drm/logicvc/logicvc_layer.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) --- base-commit: 0cca97bf23640ff68a6e8a74e9b6659fdc27f48c change-id: 20241010-logicvc_layer_of_node_put-bc4cb207280b Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

8 months, 1 week

2
2
0 0

FAILED: patch "[PATCH] zram: free secondary algorithms names" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 684826f8271ad97580b138b9ffd462005e470b99 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100723-syndrome-yeast-a812@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 684826f8271a ("zram: free secondary algorithms names") f2bac7ad187d ("zram: introduce zcomp_params structure") 1d3100cf148d ("zram: add 842 compression backend support") 84112e314f69 ("zram: add zlib compression backend support") dbf2763cec21 ("zram: pass estimated src size hint to zstd") 73e7d81abbc8 ("zram: add zstd compression backend support") c60a4ef54446 ("zram: add lz4hc compression backend support") 22d651c3b339 ("zram: add lz4 compression backend support") 2152247c55b6 ("zram: add lzo and lzorle compression backends support") 917a59e81c34 ("zram: introduce custom comp backends API") 04cb7502a5d7 ("zsmalloc: use all available 24 bits of page_type") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 684826f8271ad97580b138b9ffd462005e470b99 Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Date: Wed, 11 Sep 2024 11:54:56 +0900 Subject: [PATCH] zram: free secondary algorithms names We need to kfree() secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [senozhatsky(a)chromium.org: kfree(NULL) is legal] Link: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org Link: https://lkml.kernel.org/r/20240911025600.3681789-1-senozhatsky@chromium.org Fixes: 001d92735701 ("zram: add recompression algorithm sysfs knob") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: Minchan Kim <minchan(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 1f1bf175a6c3..0207a7fc0a97 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -2112,6 +2112,11 @@ static void zram_destroy_comps(struct zram *zram) zram->num_active_comps--; } + for (prio = ZRAM_SECONDARY_COMP; prio < ZRAM_MAX_COMPS; prio++) { + kfree(zram->comp_algs[prio]); + zram->comp_algs[prio] = NULL; + } + zram_comp_params_reset(zram); }

8 months, 1 week

3
3
0 0

[PATCH 5.10.y 0/4] Backport fix commit for kprobe_non_uniq_symbol.tc test failure

by Sherry Yang

5.10.y backported the commit 09bcf9254838 ("selftests/ftrace: Add new test case which checks non unique symbol") which added a new test case to check non-unique symbol. However, 5.10.y didn't backport the kernel commit b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols")to support the functionality from kernel side. Backport it in this patch series. The first two patches are presiquisites. The 4th commit is a fix commit for the 3rd one. Build and test case passed. [73] Test failure of registering kprobe on non unique symbol [PASS] Andrii Nakryiko (1): tracing/kprobes: Fix symbol counting logic by looking at modules as well Francis Laniel (1): tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols Jiri Olsa (2): kallsyms: Make kallsyms_on_each_symbol generally available kallsyms: Make module_kallsyms_on_each_symbol generally available include/linux/kallsyms.h | 7 +++- include/linux/module.h | 9 +++++ kernel/kallsyms.c | 2 - kernel/module.c | 2 - kernel/trace/trace_kprobe.c | 76 +++++++++++++++++++++++++++++++++++++ kernel/trace/trace_probe.h | 1 + 6 files changed, 92 insertions(+), 5 deletions(-) -- 2.46.0

8 months, 1 week

5
10
0 0

[PATCH 6.1 0/3] Fix block integrity violation of kobject rules

by Thadeu Lima de Souza Cascardo

integrity_kobj did not have a release function and with CONFIG_DEBUG_KOBJECT_RELEASE, a use-after-free would be triggered as its holding struct gendisk would be freed without relying on its refcount. Thomas Weißschuh (3): blk-integrity: use sysfs_emit blk-integrity: convert to struct device_attribute blk-integrity: register sysfs attributes on struct device block/blk-integrity.c | 175 ++++++++++++++--------------------------- block/blk.h | 10 +-- block/genhd.c | 12 +-- include/linux/blkdev.h | 3 - 4 files changed, 66 insertions(+), 134 deletions(-) -- 2.34.1

8 months, 1 week

2
4
0 0

[PATCH v6 5/8] clk: qcom: gcc-x1e80100: Fix halt_check for pipediv2 clocks

by Qiang Yu

The pipediv2_clk's source from the same mux as pipe clock. So they have same limitation, which is that the PHY sequence requires to enable these local CBCs before the PHY is actually outputting a clock to them. This means the clock won't actually turn on when we vote them. Hence, let's skip the halt bit check of the pipediv2_clk, otherwise pipediv2_clk may stuck at off state during bootup. Cc: stable(a)vger.kernel.org Fixes: 161b7c401f4b ("clk: qcom: Add Global Clock controller (GCC) driver for X1E80100") Suggested-by: Mike Tipton <quic_mdtipton(a)quicinc.com> Signed-off-by: Qiang Yu <quic_qianyu(a)quicinc.com> Reviewed-by: Konrad Dybcio <konradybcio(a)kernel.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/clk/qcom/gcc-x1e80100.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/clk/qcom/gcc-x1e80100.c b/drivers/clk/qcom/gcc-x1e80100.c index 0f578771071f..81ba5ceab342 100644 --- a/drivers/clk/qcom/gcc-x1e80100.c +++ b/drivers/clk/qcom/gcc-x1e80100.c @@ -3123,7 +3123,7 @@ static struct clk_branch gcc_pcie_3_pipe_clk = { static struct clk_branch gcc_pcie_3_pipediv2_clk = { .halt_reg = 0x58060, - .halt_check = BRANCH_HALT_VOTED, + .halt_check = BRANCH_HALT_SKIP, .clkr = { .enable_reg = 0x52020, .enable_mask = BIT(5), @@ -3248,7 +3248,7 @@ static struct clk_branch gcc_pcie_4_pipe_clk = { static struct clk_branch gcc_pcie_4_pipediv2_clk = { .halt_reg = 0x6b054, - .halt_check = BRANCH_HALT_VOTED, + .halt_check = BRANCH_HALT_SKIP, .clkr = { .enable_reg = 0x52010, .enable_mask = BIT(27), @@ -3373,7 +3373,7 @@ static struct clk_branch gcc_pcie_5_pipe_clk = { static struct clk_branch gcc_pcie_5_pipediv2_clk = { .halt_reg = 0x2f054, - .halt_check = BRANCH_HALT_VOTED, + .halt_check = BRANCH_HALT_SKIP, .clkr = { .enable_reg = 0x52018, .enable_mask = BIT(19), @@ -3511,7 +3511,7 @@ static struct clk_branch gcc_pcie_6a_pipe_clk = { static struct clk_branch gcc_pcie_6a_pipediv2_clk = { .halt_reg = 0x31060, - .halt_check = BRANCH_HALT_VOTED, + .halt_check = BRANCH_HALT_SKIP, .clkr = { .enable_reg = 0x52018, .enable_mask = BIT(28), @@ -3649,7 +3649,7 @@ static struct clk_branch gcc_pcie_6b_pipe_clk = { static struct clk_branch gcc_pcie_6b_pipediv2_clk = { .halt_reg = 0x8d060, - .halt_check = BRANCH_HALT_VOTED, + .halt_check = BRANCH_HALT_SKIP, .clkr = { .enable_reg = 0x52010, .enable_mask = BIT(28), -- 2.34.1

8 months, 2 weeks

1
0
0 0

[PATCH 5.15.y] RDMA/hns: Fix UAF for cq async event

by haixiao.yan.cn＠windriver.com

From: Chengchang Tang <tangchengchang(a)huawei.com> [ Upstream commit a942ec2745ca864cd8512142100e4027dc306a42 ] The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_lock() to protect the CQ refcount. Fixes: 9a4435375cd1 ("IB/hns: Add driver files for hns RoCE driver") Signed-off-by: Chengchang Tang <tangchengchang(a)huawei.com> Signed-off-by: Junxian Huang <huangjunxian6(a)hisilicon.com> Link: https://lore.kernel.org/r/20240412091616.370789-6-huangjunxian6@hisilicon.c… Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Signed-off-by: Haixiao Yan <haixiao.yan.cn(a)windriver.com> --- This commit is backporting a942ec2745ca to the branch linux-5.15.y to solve the CVE-2024-38545. Please merge this commit to linux-5.15.y. drivers/infiniband/hw/hns/hns_roce_cq.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/drivers/infiniband/hw/hns/hns_roce_cq.c b/drivers/infiniband/hw/hns/hns_roce_cq.c index d763f097599f..5ecd4075de93 100644 --- a/drivers/infiniband/hw/hns/hns_roce_cq.c +++ b/drivers/infiniband/hw/hns/hns_roce_cq.c @@ -125,7 +125,7 @@ static int alloc_cqc(struct hns_roce_dev *hr_dev, struct hns_roce_cq *hr_cq) goto err_out; } - ret = xa_err(xa_store(&cq_table->array, hr_cq->cqn, hr_cq, GFP_KERNEL)); + ret = xa_err(xa_store_irq(&cq_table->array, hr_cq->cqn, hr_cq, GFP_KERNEL)); if (ret) { ibdev_err(ibdev, "failed to xa_store CQ, ret = %d.\n", ret); goto err_put; @@ -160,8 +160,7 @@ static int alloc_cqc(struct hns_roce_dev *hr_dev, struct hns_roce_cq *hr_cq) return 0; err_xa: - xa_erase(&cq_table->array, hr_cq->cqn); - + xa_erase_irq(&cq_table->array, hr_cq->cqn); err_put: hns_roce_table_put(hr_dev, &cq_table->table, hr_cq->cqn); @@ -182,7 +181,7 @@ static void free_cqc(struct hns_roce_dev *hr_dev, struct hns_roce_cq *hr_cq) dev_err(dev, "DESTROY_CQ failed (%d) for CQN %06lx\n", ret, hr_cq->cqn); - xa_erase(&cq_table->array, hr_cq->cqn); + xa_erase_irq(&cq_table->array, hr_cq->cqn); /* Waiting interrupt process procedure carried out */ synchronize_irq(hr_dev->eq_table.eq[hr_cq->vector].irq); @@ -478,13 +477,6 @@ void hns_roce_cq_event(struct hns_roce_dev *hr_dev, u32 cqn, int event_type) struct ib_event event; struct ib_cq *ibcq; - hr_cq = xa_load(&hr_dev->cq_table.array, - cqn & (hr_dev->caps.num_cqs - 1)); - if (!hr_cq) { - dev_warn(dev, "Async event for bogus CQ 0x%06x\n", cqn); - return; - } - if (event_type != HNS_ROCE_EVENT_TYPE_CQ_ID_INVALID && event_type != HNS_ROCE_EVENT_TYPE_CQ_ACCESS_ERROR && event_type != HNS_ROCE_EVENT_TYPE_CQ_OVERFLOW) { @@ -493,7 +485,16 @@ void hns_roce_cq_event(struct hns_roce_dev *hr_dev, u32 cqn, int event_type) return; } - refcount_inc(&hr_cq->refcount); + xa_lock(&hr_dev->cq_table.array); + hr_cq = xa_load(&hr_dev->cq_table.array, + cqn & (hr_dev->caps.num_cqs - 1)); + if (hr_cq) + refcount_inc(&hr_cq->refcount); + xa_unlock(&hr_dev->cq_table.array); + if (!hr_cq) { + dev_warn(dev, "async event for bogus CQ 0x%06x\n", cqn); + return; + } ibcq = &hr_cq->ib_cq; if (ibcq->event_handler) { -- 2.34.1

8 months, 2 weeks

1
0
0 0

[v2] xhci: tegra: fix checked USB2 port number

by Henry Lin

USB2 root hub in VF may contain less port number than supported USB2 phy number. Checking all USB2 phy number here would cause invalid memory access. [ 116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f ... [ 117.213640] Call trace: [ 117.216783] tegra_xusb_enter_elpg+0x23c/0x658 [ 117.222021] tegra_xusb_runtime_suspend+0x40/0x68 [ 117.227260] pm_generic_runtime_suspend+0x30/0x50 [ 117.232847] __rpm_callback+0x84/0x3c0 [ 117.237038] rpm_suspend+0x2dc/0x740 [ 117.241229] pm_runtime_work+0xa0/0xb8 [ 117.245769] process_scheduled_works+0x24c/0x478 [ 117.251007] worker_thread+0x23c/0x328 [ 117.255547] kthread+0x104/0x1b0 [ 117.259389] ret_from_fork+0x10/0x20 [ 117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100) Cc: <stable(a)vger.kernel.org> # 6.3+ Fixes: a30951d31b25 ("xhci: tegra: USB2 pad power controls") Signed-off-by: Henry Lin <henryl(a)nvidia.com> --- v2: - Added Fixes tag and the cc stable line drivers/usb/host/xhci-tegra.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-tegra.c b/drivers/usb/host/xhci-tegra.c index 6246d5ad1468..76f228e7443c 100644 --- a/drivers/usb/host/xhci-tegra.c +++ b/drivers/usb/host/xhci-tegra.c @@ -2183,7 +2183,7 @@ static int tegra_xusb_enter_elpg(struct tegra_xusb *tegra, bool runtime) goto out; } - for (i = 0; i < tegra->num_usb_phys; i++) { + for (i = 0; i < xhci->usb2_rhub.num_ports; i++) { if (!xhci->usb2_rhub.ports[i]) continue; portsc = readl(xhci->usb2_rhub.ports[i]->addr); -- 2.25.1

8 months, 2 weeks

1
0
0 0

[PATCH v2] ALSA: scarlett2: Add error check after retrieving PEQ filter values

by Zhu Jun

Add error check after retrieving PEQ filter values in scarlett2_update_filter_values that ensure function returns error if PEQ filter value retrieval fails. Signed-off-by: Zhu Jun <zhujun2(a)cmss.chinamobile.com> Cc: <stable(a)vger.kernel.org> --- V1 -> V2: - commit wit a dot - add tag "Cc" - delete a blank before the return value check sound/usb/mixer_scarlett2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/usb/mixer_scarlett2.c b/sound/usb/mixer_scarlett2.c index 1150cf104985..4cddf84db631 100644 --- a/sound/usb/mixer_scarlett2.c +++ b/sound/usb/mixer_scarlett2.c @@ -5613,6 +5613,8 @@ static int scarlett2_update_filter_values(struct usb_mixer_interface *mixer) info->peq_flt_total_count * SCARLETT2_BIQUAD_COEFFS, peq_flt_values); + if (err < 0) + return err; for (i = 0, dst_idx = 0; i < info->dsp_input_count; i++) { src_idx = i * -- 2.17.1

8 months, 2 weeks

2
1
0 0

[PATCH] HID: wacom: Hardcode (non-inverted) AES pens as BTN_TOOL_PEN

by Gerecke, Jason

From: Jason Gerecke <jason.gerecke(a)wacom.com> Unlike EMR tools which encode type information in their tool ID, tools for AES sensors are all "generic pens". It is inappropriate to make use of the wacom_intuos_get_tool_type function when dealing with these kinds of devices. Instead, we should only ever report BTN_TOOL_PEN or BTN_TOOL_RUBBER, as depending on the state of the Eraser and Invert bits. Fixes: 9c2913b962da ("HID: wacom: more appropriate tool type categorization") Signed-off-by: Jason Gerecke <jason.gerecke(a)wacom.com> Cc: stable(a)vger.kernel.org --- drivers/hid/wacom_wac.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c index 59a13ad9371cd..413606bdf476d 100644 --- a/drivers/hid/wacom_wac.c +++ b/drivers/hid/wacom_wac.c @@ -2567,6 +2567,8 @@ static void wacom_wac_pen_report(struct hid_device *hdev, /* Going into range select tool */ if (wacom_wac->hid_data.invert_state) wacom_wac->tool[0] = BTN_TOOL_RUBBER; + else if (wacom_wac->features.quirks & WACOM_QUIRK_AESPEN) + wacom_wac->tool[0] = BTN_TOOL_PEN; else if (wacom_wac->id[0]) wacom_wac->tool[0] = wacom_intuos_get_tool_type(wacom_wac->id[0]); else -- 2.46.2

8 months, 2 weeks

3
3
0 0

[PATCH v3 3/9] serial: qcom-geni: fix shutdown race

by Johan Hovold

A commit adding back the stopping of tx on port shutdown failed to add back the locking which had also been removed by commit e83766334f96 ("tty: serial: qcom_geni_serial: No need to stop tx/rx on UART shutdown"). Holding the port lock is needed to serialise against the console code, which may update the interrupt enable register and access the port state. Fixes: d8aca2f96813 ("tty: serial: qcom-geni-serial: stop operations in progress at shutdown") Fixes: 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") Cc: stable(a)vger.kernel.org # 6.3 Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 2e4a5361f137..87cd974b76bf 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -1114,10 +1114,12 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) { disable_irq(uport->irq); + uart_port_lock_irq(uport); qcom_geni_serial_stop_tx(uport); qcom_geni_serial_stop_rx(uport); qcom_geni_serial_cancel_tx_cmd(uport); + uart_port_unlock_irq(uport); } static void qcom_geni_serial_flush_buffer(struct uart_port *uport) -- 2.45.2

8 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2848ff28d180bd63a95da8e5dcbcdd76c1beeb7b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090809-plaything-sash-1d57@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 2848ff28d180 ("x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported") c33f0a81a2cf ("x86/fpu: Add fpu_state_config::legacy_features") d72c87018d00 ("x86/fpu/xstate: Move remaining xfeature helpers to core") eda32f4f93b4 ("x86/fpu: Rework restore_regs_from_fpstate()") daddee247319 ("x86/fpu: Mop up xfeatures_mask_uabi()") 1c253ff2287f ("x86/fpu: Move xstate feature masks to fpu_*_cfg") 2bd264bce238 ("x86/fpu: Move xstate size to fpu_*_cfg") cd9ae7617449 ("x86/fpu/xstate: Cleanup size calculations") 617473acdfe4 ("x86/fpu: Cleanup fpu__init_system_xstate_size_legacy()") 578971f4e228 ("x86/fpu: Provide struct fpu_config") 5509cc78080d ("x86/fpu/signal: Use fpstate for size and features") ad6ede407aae ("x86/fpu: Use fpstate in fpu_copy_kvm_uabi_to_fpstate()") be31dfdfd75b ("x86/fpu: Use fpstate::size") 248452ce21ae ("x86/fpu: Add size and mask information to fpstate") 2dd8eedc80b1 ("x86/process: Move arch_thread_struct_whitelist() out of line") c20942ce5128 ("x86/fpu/core: Convert to fpstate") 7e049e8b7459 ("x86/fpu/signal: Convert to fpstate") 087df48c298c ("x86/fpu: Replace KVMs xstate component clearing") 18b3fa1ad15f ("x86/fpu: Convert restore_fpregs_from_fpstate() to struct fpstate") f83ac56acdad ("x86/fpu: Convert fpstate_init() to struct fpstate") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2848ff28d180bd63a95da8e5dcbcdd76c1beeb7b Mon Sep 17 00:00:00 2001 From: Mitchell Levy <levymitchell0(a)gmail.com> Date: Mon, 12 Aug 2024 13:44:12 -0700 Subject: [PATCH] x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported There are two distinct CPU features related to the use of XSAVES and LBR: whether LBR is itself supported and whether XSAVES supports LBR. The LBR subsystem correctly checks both in intel_pmu_arch_lbr_init(), but the XSTATE subsystem does not. The LBR bit is only removed from xfeatures_mask_independent when LBR is not supported by the CPU, but there is no validation of XSTATE support. If XSAVES does not support LBR the write to IA32_XSS causes a #GP fault, leaving the state of IA32_XSS unchanged, i.e. zero. The fault is handled with a warning and the boot continues. Consequently the next XRSTORS which tries to restore supervisor state fails with #GP because the RFBM has zero for all supervisor features, which does not match the XCOMP_BV field. As XFEATURE_MASK_FPSTATE includes supervisor features setting up the FPU causes a #GP, which ends up in fpu_reset_from_exception_fixup(). That fails due to the same problem resulting in recursive #GPs until the kernel runs out of stack space and double faults. Prevent this by storing the supported independent features in fpu_kernel_cfg during XSTATE initialization and use that cached value for retrieving the independent feature bits to be written into IA32_XSS. [ tglx: Massaged change log ] Fixes: f0dccc9da4c0 ("x86/fpu/xstate: Support dynamic supervisor feature for LBR") Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Mitchell Levy <levymitchell0(a)gmail.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240812-xsave-lbr-fix-v3-1-95bac1bf62f4@gmail.… diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index eb17f31b06d2..de16862bf230 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -591,6 +591,13 @@ struct fpu_state_config { * even without XSAVE support, i.e. legacy features FP + SSE */ u64 legacy_features; + /* + * @independent_features: + * + * Features that are supported by XSAVES, but not managed as part of + * the FPU core, such as LBR + */ + u64 independent_features; }; /* FPU state configuration information */ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index c5a026fee5e0..1339f8328db5 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -788,6 +788,9 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) goto out_disable; } + fpu_kernel_cfg.independent_features = fpu_kernel_cfg.max_features & + XFEATURE_MASK_INDEPENDENT; + /* * Clear XSAVE features that are disabled in the normal CPUID. */ diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index 2ee0b9c53dcc..afb404cd2059 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -62,9 +62,9 @@ static inline u64 xfeatures_mask_supervisor(void) static inline u64 xfeatures_mask_independent(void) { if (!cpu_feature_enabled(X86_FEATURE_ARCH_LBR)) - return XFEATURE_MASK_INDEPENDENT & ~XFEATURE_MASK_LBR; + return fpu_kernel_cfg.independent_features & ~XFEATURE_MASK_LBR; - return XFEATURE_MASK_INDEPENDENT; + return fpu_kernel_cfg.independent_features; } /* XSAVE/XRSTOR wrapper functions */

8 months, 2 weeks

3
2
0 0

[PATCH 6.6 000/386] 6.6.55-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.55 release. There are 386 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Oct 2024 11:55:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.55-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.55-rc1 Zhihao Cheng <chengzhihao1(a)huawei.com> Revert "ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path" Damien Le Moal <dlemoal(a)kernel.org> null_blk: Fix return value of nullb_device_power_store() Alex Hung <alex.hung(a)amd.com> drm/amd/display: enable_hpo_dp_link_output: Check link_res->hpo_dp_link_enc before using it Namhyung Kim <namhyung(a)kernel.org> perf report: Fix segfault when 'sym' sort key is not used Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Revert Avoid overflow assignment Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx* - Select CRYPTO_AUTHENC Haoran Zhang <wh1sper(a)zju.edu.cn> vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() David Howells <dhowells(a)redhat.com> rxrpc: Fix a race between socket set up and I/O thread creation Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: move the EST lock to struct stmmac_priv Yu Kuai <yukuai3(a)huawei.com> null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> null_blk: Remove usage of the deprecated ida_simple_xx() API Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: think-lmi: Fix password opcode ordering for workstations Chen Yu <yu.c.chen(a)intel.com> efi/unaccepted: touch soft lockup during memory accept Mads Bligaard Nielsen <bli(a)bang-olufsen.dk> drm/bridge: adv7511: fix crash on irq during probe Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix protection fault in iommufd_test_syz_conv_iova Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restore set elements when delete set fails Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fix memleak in map from abort path Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Jonathan Gray <jsg(a)jsg.id.au> Revert "drm/amd/display: Skip Recompute DSC Params if no Stream on Link" Val Packett <val(a)packett.cool> drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 Josef Bacik <josef(a)toxicpanda.com> btrfs: drop the backref cache during relocation if we commit David Sterba <dsterba(a)suse.com> btrfs: relocation: constify parameters where possible David Sterba <dsterba(a)suse.com> btrfs: relocation: return bool from btrfs_should_ignore_reloc_root Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Fix possible crash when unregistering a battery hook Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Simplify battery hook locking Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sc8180x: Add GPLL9 support Heiner Kallweit <hkallweit1(a)gmail.com> r8169: add tally counter fields added with RTL8125 Colin Ian King <colin.i.king(a)gmail.com> r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Fix waiting time for BMP3xx configuration Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Fix regmap for BMP280 device Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Use BME prefix for BME280 specifics Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Improve indentation and line wrapping Angel Iglesias <ang.iglesiasg(a)gmail.com> iio: pressure: bmp280: Allow multiple chips id per family of devices Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x Manivannan Sadhasivam <mani(a)kernel.org> dt-bindings: clock: qcom: Add missing UFS QREF clocks Udit Kumar <u-kumar1(a)ti.com> remoteproc: k3-r5: Delay notification of wakeup event Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Acquire mailbox handle during probe routine Umang Jain <umang.jain(a)ideasonboard.com> media: imx335: Fix reset-gpio handling Kieran Bingham <kieran.bingham(a)ideasonboard.com> media: i2c: imx335: Enable regulator supplies Long Li <longli(a)microsoft.com> RDMA/mana_ib: use the correct page table index based on hardware page size Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Add support for page sizes other than 4KB on ARM64 Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Enable MANA driver on ARM64 with 4K page size Johannes Weiner <hannes(a)cmpxchg.org> sched: psi: fix bogus pressure spikes from aggregation race Andrii Nakryiko <andrii(a)kernel.org> lib/buildid: harden build ID parsing logic Alexey Dobriyan <adobriyan(a)gmail.com> build-id: require program headers to be right after ELF header Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` Yosry Ahmed <yosryahmed(a)google.com> mm: z3fold: deprecate CONFIG_Z3FOLD Oleg Nesterov <oleg(a)redhat.com> uprobes: fix kernel info leak via "[uprobes]" vma Jens Axboe <axboe(a)kernel.dk> io_uring/net: harden multishot termination case for recv Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround once more Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-N3 definitions Ard Biesheuvel <ardb(a)kernel.org> i2c: synquacer: Deal with optional PCLK correctly Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: synquacer: Remove a clk reference from struct synquacer_i2c Heiner Kallweit <hkallweit1(a)gmail.com> i2c: core: Lock address during client device instantiation Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: create debugfs entry per adapter Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Create a platform_device from module_init() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: qconf: fix buffer overflow in debug links Uwe Kleine-König <ukleinek(a)debian.org> cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix system hang while resume with TBT monitor Alex Hung <alex.hung(a)amd.com> drm/amd/display: Add HDR workaround for specific eDP Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Add locking to drm_sched_entity_modify_sched Jani Nikula <jani.nikula(a)intel.com> drm/i915/gem: fix bitwise and logical AND mixup Al Viro <viro(a)zeniv.linux.org.uk> close_range(): fix the logics in descriptor table trimming Eder Zulian <ezulian(a)redhat.com> rtla: Fix the help text in osnoise and timerlat top tools Wei Li <liwei391(a)huawei.com> tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline Wei Li <liwei391(a)huawei.com> tracing/timerlat: Fix a race during cpuhp processing Wei Li <liwei391(a)huawei.com> tracing/timerlat: Drop interface_lock in stop_kthread() Wei Li <liwei391(a)huawei.com> tracing/hwlat: Fix a race during cpuhp processing Patrick Donnelly <pdonnell(a)redhat.com> ceph: fix cap ref leak via netfs init_request Jiawei Ye <jiawei.ye(a)foxmail.com> mac802154: Fix potential RCU dereference issue in mac802154_scan_worker Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Jiawen Wu <jiawenwu(a)trustnetic.com> net: pcs: xpcs: fix the wrong register that was written back Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: davinci: fix lazy disable Miquel Sabaté Solà <mikisabate(a)gmail.com> cpufreq: Avoid a bad reference count on CPU node Filipe Manana <fdmanana(a)suse.com> btrfs: wait for fixup workers before stopping cleaner kthread during umount Filipe Manana <fdmanana(a)suse.com> btrfs: send: fix invalid clone operation for file that got its size decreased Qu Wenruo <wqu(a)suse.com> btrfs: fix a NULL pointer dereference when failed to start a new trasacntion Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] Baokun Li <libaokun1(a)huawei.com> cachefiles: fix dentry leak in cachefiles_open_file() Nuno Sa <nuno.sa(a)analog.com> Input: adp5589-keys - fix adp5589_gpio_get_value() Nuno Sa <nuno.sa(a)analog.com> Input: adp5589-keys - fix NULL pointer dereference Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rtc: at91sam9: fix OF node leak in probe() error path KhaiWenTan <khai.wen.tan(a)linux.intel.com> net: stmmac: Fix zero-division error when disabling tc cbs Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fallback to realpath if symlink's pathname does not exist Willem de Bruijn <willemb(a)google.com> gso: fix udp gso fraglist segmentation after pull from frag_list Willem de Bruijn <willemb(a)google.com> vrf: revert "vrf: Remove unnecessary RCU-bh critical section" Barnabás Czémán <barnabas.czeman(a)mainlining.org> iio: magnetometer: ak8975: Fix reading for ak099xx sensors Steve French <stfrench(a)microsoft.com> smb3: fix incorrect mode displayed for read-only files wangrong <wangrong(a)uniontech.com> smb: client: use actual path when queryfs Ajit Pandey <quic_ajipan(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix ordering of pm_runtime_enable Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Remove use_count guard in stop_streaming Manivannan Sadhasivam <mani(a)kernel.org> clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable() Zheng Wang <zyytlz.wz(a)163.com> media: venus: fix use after free bug in venus_remove due to race condition Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src David Virag <virag.david003(a)gmail.com> clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix Mike Tipton <quic_mdtipton(a)quicinc.com> clk: qcom: clk-rpmh: Fix overflow in BCM vote Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Manivannan Sadhasivam <mani(a)kernel.org> clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable() Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: sun4i_csi: Implement link validate for sun4i_csi subdev Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks Jan Kiszka <jan.kiszka(a)siemens.com> remoteproc: k3-r5: Fix error handling when power-up failed Sebastian Reichel <sebastian.reichel(a)collabora.com> clk: rockchip: fix error for unknown clocks Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: ov5675: Fix power on/off delay timings Chun-Yi Lee <joeyli.kernel(a)gmail.com> aoe: fix the potential use-after-free problem in more places Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix kernel stack size when KASAN is enabled Long Li <longli(a)microsoft.com> RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page Kaixin Wang <kxwang23(a)m.fudan.edu.cn> i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix NFSv4's PUTPUBFH operation Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: map the EBADMSG to nfserr_io to avoid warning NeilBrown <neilb(a)suse.de> nfsd: fix delegation_blocked() to block correctly for at least 30 seconds Matt Fleming <matt(a)readmodwrite.com> perf hist: Update hist symbol when updating maps Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Disable -Wno-cast-function-type-mismatch if present on clang Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix memory leak in exfat_load_bitmap() Jisheng Zhang <jszhang(a)kernel.org> riscv: define ILLEGAL_POINTER_VALUE for 64bit Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 Mark Rutland <mark.rutland(a)arm.com> arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Julian Sun <sunjunchao2870(a)gmail.com> ocfs2: fix null-ptr-deref when journal load failed. Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: remove unreasonable unlock in ocfs2_read_blocks Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: cancel dqi_sync_work before freeing oinfo Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> ocfs2: reserve space for inline xattr before attaching reflink tree Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: fix uninit-value in ocfs2_get_block() Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix the la space leak when unmounting an ocfs2 volume Danilo Krummrich <dakr(a)kernel.org> mm: krealloc: consider spare memory for __GFP_ZERO Kemeng Shi <shikemeng(a)huaweicloud.com> jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit Baokun Li <libaokun1(a)huawei.com> jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error Huang Ying <ying.huang(a)intel.com> resource: fix region_intersects() vs add_memory_driver_managed() Ma Ke <make24(a)iscas.ac.cn> drm: omapdrm: Add missing check for alloc_ordered_workqueue Andrew Jones <ajones(a)ventanamicro.com> of/irq: Support #msi-cells=<0> in of_msi_get_domain Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Report error on resource bounds overflow Val Packett <val(a)packett.cool> drm/rockchip: vop: clear DMA stop bit on RK3066 Helge Deller <deller(a)gmx.de> parisc: Fix stack start for ADDR_NO_RANDOMIZE personality Helge Deller <deller(a)kernel.org> parisc: Allow mmap(MAP_STACK) memory to automatically expand upwards Helge Deller <deller(a)kernel.org> parisc: Fix 64-bit userspace syscall path Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: mark fc as ineligible using an handle in ext4_xattr_set() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: use handle to mark fc as ineligible in __track_dentry_update() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix fast commit inode enqueueing during a full journal commit Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() Baokun Li <libaokun1(a)huawei.com> ext4: update orig_path in ext4_find_extent() Xiaxi Shen <shenxiaxi26(a)gmail.com> ext4: fix timer use-after-free on failed mount Baokun Li <libaokun1(a)huawei.com> ext4: fix double brelse() the buffer of the extents path Baokun Li <libaokun1(a)huawei.com> ext4: aovid use-after-free in ext4_ext_insert_extent() Baokun Li <libaokun1(a)huawei.com> ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() Zhihao Cheng <chengzhihao1(a)huawei.com> ext4: dax: fix overflowing extents beyond inode size when partially writing Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() Baokun Li <libaokun1(a)huawei.com> ext4: propagate errors from ext4_find_extent() in ext4_insert_range() Baokun Li <libaokun1(a)huawei.com> ext4: fix slab-use-after-free in ext4_split_extent_at() yao.ly <yao.ly(a)linux.alibaba.com> ext4: correct encrypted dentry name hash when not casefolded Edward Adam Davis <eadavis(a)qq.com> ext4: no need to continue when the number of entries is 1 Abhishek Tamboli <abhishektamboli9(a)gmail.com> ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 Hans P. Moller <hmoller(a)uc.cl> ALSA: line6: add hw monitor volume control to POD HD500X Jan Lalinsky <lalinsky(a)c4.cz> ALSA: usb-audio: Add native DSD support for Luxman D-08u Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET Jaroslav Kysela <perex(a)perex.cz> ALSA: core: add isascii() check to card ID generator Baojun Xu <baojun.xu(a)ti.com> ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop Thomas Zimmermann <tzimmermann(a)suse.de> drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS Javier Carrasco <javier.carrasco.cruz(a)gmail.com> drm/mediatek: ovl_adaptor: Add missing of_node_put() Helge Deller <deller(a)gmx.de> parisc: Fix itlb miss handler for 64-bit programs Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix small negative period being ignored Hans de Goede <hdegoede(a)redhat.com> power: supply: hwmon: Fix missing temp1_max_alarm attribute Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcm63xx: Fix missing pm_runtime_disable() Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcm63xx: Fix module autoloading David Virag <virag.david003(a)gmail.com> dt-bindings: clock: exynos7885: Fix duplicated binding Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> memory: tegra186-emc: drop unused to_tegra186_emc() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() Mike Baynton <mike(a)mbaynton.com> ovl: fail if trusted xattrs are needed but caller lacks permission Alice Ryhl <aliceryhl(a)google.com> rust: sync: require `T: Sync` for `LockedBy::access` Kimriver Liu <kimriver.liu(a)siengine.com> i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled Jinjie Ruan <ruanjinjie(a)huawei.com> i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: ar0521: Use cansleep version of gpiod_set_value() Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Wait for TX empty to avoid missed TX NAKs Jinjie Ruan <ruanjinjie(a)huawei.com> i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() Marek Vasut <marex(a)denx.de> i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume Zach Wade <zachwade.k(a)gmail.com> platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Takashi Iwai <tiwai(a)suse.de> Revert "ALSA: hda: Conditionally use snooping for AMD HDMI" Heiko Carstens <hca(a)linux.ibm.com> selftests: vDSO: fix vdso_config for s390 Jens Remus <jremus(a)linux.ibm.com> selftests: vDSO: fix ELF hash table entry size for s390x Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Fix VDSO data access when running in a non-root time namespace David Hildenbrand <david(a)redhat.com> selftests/mm: fix charge_reserved_hugetlb.sh test Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vDSO symbols lookup for powerpc64 Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vdso_config for powerpc Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vDSO name for powerpc Namhyung Kim <namhyung(a)kernel.org> perf: Really fix event_function_call() locking Ian Rogers <irogers(a)google.com> perf callchain: Fix stitch LBR memory leaks Biju Das <biju.das.jz(a)bp.renesas.com> spi: rpc-if: Add missing MODULE_DEVICE_TABLE Alexander F. Lent <lx(a)xanderlent.com> accel/ivpu: Add missing MODULE_FIRMWARE metadata Yifei Liu <yifei.l.liu(a)oracle.com> selftests: breakpoints: use remaining time to check if suspend succeed Ben Dooks <ben.dooks(a)codethink.co.uk> spi: s3c64xx: fix timeout counters in flush_fifo Yun Lu <luyun(a)kylinos.cn> selftest: hid: add missing run-hid-tools-tests.sh Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-cadence: Fix missing spi_controller_is_target() check Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-cadence: Fix pm_runtime_set_suspended() with runtime pm enabled Li Zetao <lizetao1(a)huawei.com> spi: spi-cadence: Use helper function devm_clk_get_enabled() Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled Kuan-Wei Chiu <visitorckw(a)gmail.com> bpftool: Fix undefined behavior in qsort(NULL, 0, ...) Christoph Hellwig <hch(a)lst.de> iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release Kuan-Wei Chiu <visitorckw(a)gmail.com> bpftool: Fix undefined behavior caused by shifting into the sign bit Artem Sadovnikov <ancowi69(a)gmail.com> ext4: fix i_data_sem unlock order in ext4_ind_migrate() Baokun Li <libaokun1(a)huawei.com> ext4: avoid use-after-free in ext4_ext_show_leaf() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: ext4_search_dir should return a proper error Juntong Deng <juntong.deng(a)outlook.com> bpf: Make the pointer returned by iter next method valid Jan Kara <jack(a)suse.cz> ext4: don't set SB_RDONLY after filesystem errors Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add refcnt to ksmbd_conn struct Gergo Koteles <soyer(a)irl.hu> platform/x86: lenovo-ymc: Ignore the 0x0 state Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx10: use rlc safe mode for soft recovery Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: use rlc safe mode for soft recovery Haren Myneni <haren(a)linux.ibm.com> powerpc/pseries: Use correct data types from pseries_hp_errorlog struct Geert Uytterhoeven <geert+renesas(a)glider.be> of/irq: Refer to actual buffer size in of_irq_parse_one() Tim Huang <tim.huang(a)amd.com> drm/amd/pm: ensure the fw_info is not null before using it Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: use rlc safe mode for soft recovery Victor Skvortsov <victor.skvortsov(a)amd.com> drm/amdgpu: Block MMR_READ IOCTL in reset Geert Uytterhoeven <geert+renesas(a)glider.be> drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() Finn Thain <fthain(a)linux-m68k.org> scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers Peter Zijlstra <peterz(a)infradead.org> perf: Fix event_function_call() locking Tim Huang <tim.huang(a)amd.com> drm/amdgpu: fix unchecked return value warning for amdgpu_gfx Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update PRLO handling in direct attached topology Kees Cook <kees(a)kernel.org> scsi: aacraid: Rearrange order of struct aac_srb_unit Andrii Nakryiko <andrii(a)kernel.org> perf,x86: avoid missing caller address in stack traces captured in uprobe Matthew Brost <matthew.brost(a)intel.com> drm/printer: Allow NULL data in devcoredump printer Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize get_bytes_per_element's default to 1 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Avoid overflow assignment in link_dp_cts Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in DCN30 color transformation Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in degamma hardware format translation Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check link_res->hpo_dp_link_enc before using it Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check stream before comparing them Yannick Fertre <yannick.fertre(a)foss.st.com> drm/stm: ltdc: reset plane transparency after plane disable Ckath <ckath(a)yandex.ru> platform/x86: touchscreen_dmi: add nanote-next quirk Vishnu Sankar <vishnuocv(a)gmail.com> HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio Jesse Zhang <jesse.zhang(a)amd.com> drm/amdkfd: Fix resource leak in criu restore queue Peng Liu <liupeng01(a)kylinos.cn> drm/amdgpu: enable gfxoff quirk on HP 705G4 Peng Liu <liupeng01(a)kylinos.cn> drm/amdgpu: add raven1 gfxoff quirk Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> jfs: Fix uninit-value access of new_ea in ea_buffer Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs Mahesh Rajashekhara <mahesh.rajashekhara(a)microchip.com> scsi: smartpqi: correct stream detection Edward Adam Davis <eadavis(a)qq.com> jfs: check if leafidx greater than num leaves per dmap tree Edward Adam Davis <eadavis(a)qq.com> jfs: Fix uaf in dbFreeBits Remington Brasga <rbrasga(a)uci.edu> jfs: UBSAN: shift-out-of-bounds in dbFindBits Tim Huang <tim.huang(a)amd.com> drm/amd/display: fix double free issue during amdgpu module unload Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointers before using dc->clk_mgr Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' Hans de Goede <hdegoede(a)redhat.com> HID: Ignore battery for all ELAN I2C-HID devices Damien Le Moal <dlemoal(a)kernel.org> ata: sata_sil: Rename sil_blacklist to sil_quirks Damien Le Moal <dlemoal(a)kernel.org> ata: pata_serverworks: Do not use the term blacklist Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit Katya Orlova <e.orlova(a)ispras.ru> drm/stm: Avoid use-after-free issues with crtc and plane Michal Koutný <mkoutny(a)suse.com> cgroup: Disallow mounting v1 hierarchies without controller implementation Sanjay K Kumar <sanjay.k.kumar(a)intel.com> iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Always reserve a domain ID for identity setup Andrew Davis <afd(a)ti.com> power: reset: brcmstb: Do not go into infinite loop if reset fails Paul E. McKenney <paulmck(a)kernel.org> rcuscale: Provide clear error when async specified without primitives Kaixin Wang <kxwang23(a)m.fudan.edu.cn> fbdev: pxafb: Fix possible use after free in pxafb_task() Thomas Weißschuh <linux(a)weissschuh.net> fbdev: efifb: Register sysfs groups through driver core Denis Pauk <pauk.denis(a)gmail.com> hwmon: (nct6775) add G15CF to ASUS WMI monitoring list Kees Cook <kees(a)kernel.org> x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() Thomas Weißschuh <linux(a)weissschuh.net> selftests/nolibc: avoid passing NULL to printf("%s") Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: powerpc: limit stack-protector workaround to GCC Takashi Iwai <tiwai(a)suse.de> ALSA: hdsp: Break infinite MIDI input flush loop Takashi Iwai <tiwai(a)suse.de> ALSA: asihpi: Fix potential OOB array access Tao Liu <ltao(a)redhat.com> x86/kexec: Add EFI config table identity mapping for kexec kernel Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> x86/pkeys: Restore altstack access in sigreturn() Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> x86/pkeys: Add PKRU as a parameter in signal handling functions Ahmed S. Darwish <darwi(a)linutronix.de> tools/x86/kcpuid: Protect against faulty "max subleaf" values Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa883x: Handle reading version failure Joshua Pius <joshuapius(a)chromium.org> ALSA: usb-audio: Add logitech Audio profile quirk Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Replace complex quirk lines with macros Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Define macros for quirk table entries Karol Kosik <k.kosik(a)outlook.com> ALSA: usb-audio: Support multiple control interfaces Thomas Gleixner <tglx(a)linutronix.de> x86/ioapic: Handle allocation failures gracefully Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add input value sanity checks for standard types Jinjie Ruan <ruanjinjie(a)huawei.com> nfp: Use IRQF_NO_AUTOEN flag in request_irq() Gustavo A. R. Silva <gustavoars(a)kernel.org> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation Stefan Mätje <stefan.maetje(a)esd.eu> can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode James Clark <james.clark(a)linaro.org> drivers/perf: arm_spe: Use perf_allow_kernel() for permissions Adrian Ratiu <adrian.ratiu(a)collabora.com> proc: add config & param to block forcing mem writes Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> ACPICA: iasl: handle empty connection_node Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix RCU list iterations Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: avoid NULL pointer dereference Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: use correct key iteration Jason Xing <kernelxing(a)tencent.com> tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process Breno Leitao <leitao(a)debian.org> netpoll: Ensure clean state on setup failures Herbert Xu <herbert(a)gondor.apana.org.au> crypto: simd - Do not call crypto_alloc_tfm during registration Simon Horman <horms(a)kernel.org> net: atlantic: Avoid warning about potential string truncation Ido Schimmel <idosch(a)nvidia.com> ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: correct base HT rate mask for firmware Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). Simon Horman <horms(a)kernel.org> bnxt_en: Extend maximum length of version string by 1 byte Simon Horman <horms(a)kernel.org> net: mvpp2: Increase size of queue_name buffer Simon Horman <horms(a)kernel.org> tipc: guard against string buffer overrun Pei Xiao <xiaopei01(a)kylinos.cn> ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: EC: Do not release locks during operation region accesses Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw88: select WANT_DEV_COREDUMP Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath11k: fix array out-of-bound access in SoC stats Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: fix array out-of-bound access in SoC stats Konstantin Ovsepian <ovs(a)ovs.to> blk_iocost: fix more out of bound shifts Mario Limonciello <mario.limonciello(a)amd.com> ACPI: CPPC: Add support for setting EPP register in FFH Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btrtl: Set msft ext address filter quirk for RTL8852B Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: consistently use rcu_replace_pointer() in taprio_change() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: avoid failing the system during pm_suspend Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_field() fails Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails Seiji Nishikawa <snishika(a)redhat.com> ACPI: PAD: fix crash in exit_round_robin() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_mdio: fix OF node leak in probe() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hip04: fix OF node leak in probe() Jeongjun Park <aha310510(a)gmail.com> net/xen-netback: prevent UAF in xenvif_flush_hash() Issam Hamdi <ih(a)simonwunderlich.de> wifi: cfg80211: Set correct chandef when starting CAC Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: drop wrong STA selection in TX Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Fix a race in scan abort flow Aleksandr Mishin <amishin(a)t-argos.ru> ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx2 - Fix authenc setkey Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx - Fix authenc setkey Fangrui Song <maskray(a)google.com> crypto: x86/sha256 - Add parentheses around macros' single arguments Toke Høiland-Jørgensen <toke(a)redhat.com> wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: avoid to add interface to list twice when SER Dmitry Kandybka <d.kandybka(a)gmail.com> wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ALSA: gus: Fix some error handling paths related to get_bpos() usage Pali Rohár <pali(a)kernel.org> cifs: Do not convert delimiter when parsing NFS-style symlinks Pali Rohár <pali(a)kernel.org> cifs: Fix buffer overflow when parsing NFS reparse points Hui Wang <hui.wang(a)canonical.com> ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create reparse call Oder Chiou <oder_chiou(a)realtek.com> ALSA: hda/realtek: Fix the push button function for the ALC257 Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ALSA: mixer_oss: Remove some incorrect kfree_const() usages Andrei Simion <andrei.simion(a)microchip.com> ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix not validating setsockopt user input Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: usbtv: Remove useless locks in usbtv_video_free() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sock: Fix not validating setsockopt user input Christoph Hellwig <hch(a)lst.de> loop: don't set QUEUE_FLAG_NOMERGES Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Try re-initialization on bus busy timeout Marc Ferland <marc.ferland(a)sonatest.com> i2c: xiic: improve error message when transfer fails to start Xin Long <lucien.xin(a)gmail.com> sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start Ravikanth Tuniki <ravikanth.tuniki(a)amd.com> dt-bindings: net: xlnx,axi-ethernet: Add missing reg minItems Darrick J. Wong <djwong(a)kernel.org> iomap: constrain the file range passed to iomap_file_unshare Eric Dumazet <edumazet(a)google.com> ppp: do not assume bh is held in ppp_channel_bridge_input() Eric Dumazet <edumazet(a)google.com> net: test for not too small csum_start in virtio_net_hdr_to_skb() Anton Danilov <littlesmilingcloud(a)gmail.com> ipv4: ip_gre: Fix drops of small packets in ipgre_xmit Shenwei Wang <shenwei.wang(a)nxp.com> net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check Eric Dumazet <edumazet(a)google.com> net: add more sanity checks to qdisc_pkt_len_init() Eric Dumazet <edumazet(a)google.com> net: avoid potential underflow in qdisc_pkt_len_init() with UFO Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Reload PTP registers after link-state change Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Restart PPS after link state change Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix memory disclosure Daniel Borkmann <daniel(a)iogearbox.net> net: Fix gso_features_check to check for both dev->gso_{ipv4_,}max_size Daniel Borkmann <daniel(a)iogearbox.net> net: Add netif_get_gro_max_size helper for GRO Jinjie Ruan <ruanjinjie(a)huawei.com> Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix uaf in l2cap_connect Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix possible crash on mgmt_index_removed Eric Dumazet <edumazet(a)google.com> netfilter: nf_tables: prevent nf_skb_duplicated corruption Phil Sutter <phil(a)nwl.cc> selftests: netfilter: Fix nft_audit.sh for newer nft binaries Jinjie Ruan <ruanjinjie(a)huawei.com> net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable() Jinjie Ruan <ruanjinjie(a)huawei.com> net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() Phil Sutter <phil(a)nwl.cc> netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice Elena Salomatkina <esalomatkina(a)ispras.ru> net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Mohamed Khalfella <mkhalfella(a)purestorage.com> net/mlx5: Added cond_resched() to crdump collection Gerd Bayer <gbayer(a)linux.ibm.com> net/mlx5: Fix error path in multi-packet WQE transmit Aakash Menon <aakash.r.menon(a)gmail.com> net: sparx5: Fix invalid timestamps Jinjie Ruan <ruanjinjie(a)huawei.com> ieee802154: Fix build error Xiubo Li <xiubli(a)redhat.com> ceph: remove the incorrect Fw reference check when dirtying pages Stefan Wahren <wahrenst(a)gmx.net> mailbox: bcm2835: Fix timeout during suspend mode Liao Chen <liaochen4(a)huawei.com> mailbox: rockchip: fix a typo in module autoloading Asad Kamal <asad.kamal(a)amd.com> drm/amdgpu: Fix get each xcp macro Daniel Wagner <dwagner(a)suse.de> scsi: pm8001: Do not overwrite PCI queue mapping Rafael Rocha <rrochavi(a)fnal.gov> scsi: st: Fix input/output error on empty drive reset Peter Zijlstra <peterz(a)infradead.org> jump_label: Fix static_key_slow_dec() yet again Thomas Gleixner <tglx(a)linutronix.de> jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() Thomas Gleixner <tglx(a)linutronix.de> static_call: Replace pointless WARN_ON() in static_call_module_notify() Thomas Gleixner <tglx(a)linutronix.de> static_call: Handle module init failure correctly in static_call_del_module() ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 10 + Documentation/arch/arm64/silicon-errata.rst | 6 + .../devicetree/bindings/net/xlnx,axi-ethernet.yaml | 3 +- Makefile | 4 +- arch/arm/crypto/aes-ce-glue.c | 2 +- arch/arm/crypto/aes-neonbs-glue.c | 2 +- arch/arm64/Kconfig | 7 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/kernel/cpu_errata.c | 3 + arch/loongarch/configs/loongson3_defconfig | 1 - arch/parisc/include/asm/mman.h | 14 + arch/parisc/kernel/entry.S | 6 +- arch/parisc/kernel/syscall.S | 14 +- arch/powerpc/configs/ppc64_defconfig | 1 - arch/powerpc/include/asm/vdso_datapage.h | 15 + arch/powerpc/kernel/asm-offsets.c | 2 + arch/powerpc/kernel/vdso/cacheflush.S | 2 +- arch/powerpc/kernel/vdso/datapage.S | 4 +- arch/powerpc/platforms/pseries/dlpar.c | 17 - arch/powerpc/platforms/pseries/hotplug-cpu.c | 2 +- arch/powerpc/platforms/pseries/hotplug-memory.c | 16 +- arch/powerpc/platforms/pseries/pmem.c | 2 +- arch/riscv/Kconfig | 8 +- arch/riscv/include/asm/thread_info.h | 7 +- arch/x86/crypto/sha256-avx2-asm.S | 16 +- arch/x86/events/core.c | 63 + arch/x86/include/asm/fpu/signal.h | 2 +- arch/x86/include/asm/syscall.h | 7 +- arch/x86/kernel/apic/io_apic.c | 46 +- arch/x86/kernel/fpu/signal.c | 6 +- arch/x86/kernel/machine_kexec_64.c | 27 + arch/x86/kernel/signal.c | 3 +- arch/x86/kernel/signal_64.c | 6 +- block/blk-iocost.c | 8 +- crypto/simd.c | 76 +- drivers/accel/ivpu/ivpu_fw.c | 4 + drivers/acpi/acpi_pad.c | 6 +- drivers/acpi/acpica/dbconvert.c | 2 + drivers/acpi/acpica/exprep.c | 3 + drivers/acpi/acpica/psargs.c | 47 + drivers/acpi/battery.c | 28 +- drivers/acpi/cppc_acpi.c | 10 +- drivers/acpi/ec.c | 55 +- drivers/acpi/resource.c | 14 + drivers/acpi/video_detect.c | 8 + drivers/ata/pata_serverworks.c | 16 +- drivers/ata/sata_sil.c | 12 +- drivers/block/aoe/aoecmd.c | 13 +- drivers/block/loop.c | 15 +- drivers/block/null_blk/main.c | 45 +- drivers/bluetooth/btmrvl_sdio.c | 3 +- drivers/bluetooth/btrtl.c | 1 + drivers/bluetooth/btusb.c | 2 + drivers/clk/qcom/clk-alpha-pll.c | 2 +- drivers/clk/qcom/clk-rpmh.c | 2 + drivers/clk/qcom/dispcc-sm8250.c | 3 + drivers/clk/qcom/gcc-sc8180x.c | 88 +- drivers/clk/qcom/gcc-sm8250.c | 6 +- drivers/clk/qcom/gcc-sm8450.c | 4 +- drivers/clk/rockchip/clk.c | 3 +- drivers/clk/samsung/clk-exynos7885.c | 2 +- drivers/cpufreq/intel_pstate.c | 20 +- drivers/crypto/marvell/Kconfig | 2 + drivers/crypto/marvell/octeontx/otx_cptvf_algs.c | 265 +-- drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c | 256 +-- drivers/firmware/efi/unaccepted_memory.c | 4 + drivers/firmware/tegra/bpmp.c | 6 - drivers/gpio/gpio-davinci.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 45 +- drivers/gpu/drm/amd/amdgpu/amdgpu_xcp.h | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 6 + drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 4 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 4 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 3 - .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 +- drivers/gpu/drm/amd/display/dc/dc_types.h | 1 + .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 2 + .../gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c | 4 + .../dc/dml/dcn20/display_rq_dlg_calc_20v2.c | 2 +- .../display/dc/dml/dcn21/display_rq_dlg_calc_21.c | 2 +- .../amd/display/dc/link/hwss/link_hwss_hpo_dp.c | 12 + drivers/gpu/drm/amd/display/dc/link/link_factory.c | 2 +- .../drm/amd/pm/powerplay/hwmgr/processpptables.c | 2 + drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 22 +- drivers/gpu/drm/drm_atomic_uapi.c | 2 +- drivers/gpu/drm/drm_print.c | 13 +- drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 2 +- drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 4 +- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 1 + drivers/gpu/drm/msm/msm_gpu.c | 1 - drivers/gpu/drm/omapdrm/omap_drv.c | 5 + drivers/gpu/drm/radeon/r100.c | 70 +- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 + drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 1 + drivers/gpu/drm/rockchip/rockchip_vop_reg.c | 2 + drivers/gpu/drm/scheduler/sched_entity.c | 2 + drivers/gpu/drm/stm/drv.c | 3 +- drivers/gpu/drm/stm/ltdc.c | 76 +- drivers/hid/hid-ids.h | 17 +- drivers/hid/hid-input.c | 37 +- drivers/hid/hid-multitouch.c | 6 + drivers/hwmon/nct6775-platform.c | 1 + drivers/i2c/busses/i2c-designware-common.c | 14 + drivers/i2c/busses/i2c-designware-core.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 38 + drivers/i2c/busses/i2c-qcom-geni.c | 4 +- drivers/i2c/busses/i2c-stm32f7.c | 6 +- drivers/i2c/busses/i2c-synquacer.c | 12 +- drivers/i2c/busses/i2c-xiic.c | 69 +- drivers/i2c/i2c-core-base.c | 39 + drivers/i3c/master/svc-i3c-master.c | 1 + drivers/iio/magnetometer/ak8975.c | 32 +- drivers/iio/pressure/bmp280-core.c | 185 +- drivers/iio/pressure/bmp280-regmap.c | 47 +- drivers/iio/pressure/bmp280-spi.c | 4 +- drivers/iio/pressure/bmp280.h | 49 +- drivers/infiniband/hw/mana/main.c | 8 +- drivers/input/keyboard/adp5589-keys.c | 22 +- drivers/iommu/intel/dmar.c | 16 +- drivers/iommu/intel/iommu.c | 6 +- drivers/iommu/iommufd/selftest.c | 27 +- drivers/mailbox/bcm2835-mailbox.c | 3 +- drivers/mailbox/rockchip-mailbox.c | 2 +- drivers/media/i2c/ar0521.c | 5 +- drivers/media/i2c/imx335.c | 43 +- drivers/media/i2c/ov5675.c | 12 +- drivers/media/platform/qcom/camss/camss-video.c | 6 - drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/platform/qcom/venus/core.c | 1 + drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 + drivers/media/usb/usbtv/usbtv-video.c | 7 - drivers/memory/tegra/tegra186-emc.c | 5 - drivers/net/can/dev/netlink.c | 102 +- .../net/ethernet/aquantia/atlantic/aq_ethtool.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 +- drivers/net/ethernet/freescale/fec.h | 9 + drivers/net/ethernet/freescale/fec_main.c | 11 +- drivers/net/ethernet/freescale/fec_ptp.c | 50 + drivers/net/ethernet/hisilicon/hip04_eth.c | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 1 + drivers/net/ethernet/hisilicon/hns_mdio.c | 1 + drivers/net/ethernet/intel/e1000e/netdev.c | 19 +- drivers/net/ethernet/intel/ice/ice_sched.c | 6 +- drivers/net/ethernet/lantiq_etop.c | 4 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 + .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 1 - .../net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 10 + .../net/ethernet/microchip/sparx5/sparx5_packet.c | 6 +- drivers/net/ethernet/microsoft/Kconfig | 3 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 10 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 14 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 8 +- drivers/net/ethernet/microsoft/mana/shm_channel.c | 13 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 31 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 18 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 8 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 19 +- drivers/net/ieee802154/Kconfig | 1 + drivers/net/ieee802154/mcr20a.c | 5 +- drivers/net/pcs/pcs-xpcs-wx.c | 2 +- drivers/net/ppp/ppp_generic.c | 4 +- drivers/net/vrf.c | 2 + drivers/net/wireless/ath/ath11k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath9k/debug.c | 4 +- drivers/net/wireless/ath/ath9k/hif_usb.c | 6 +- drivers/net/wireless/intel/iwlwifi/fw/api/scan.h | 13 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 16 +- drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c | 12 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 42 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 12 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/scan.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 1 + drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 7 + drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 10 +- drivers/net/wireless/realtek/rtw88/Kconfig | 1 + drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw89/phy.c | 4 +- drivers/net/wireless/realtek/rtw89/util.h | 18 + drivers/net/wwan/qcom_bam_dmux.c | 11 +- drivers/net/xen-netback/hash.c | 5 +- drivers/of/address.c | 5 + drivers/of/irq.c | 38 +- drivers/perf/arm_spe_pmu.c | 9 +- .../x86/intel/speed_select_if/isst_if_common.c | 4 +- drivers/platform/x86/lenovo-ymc.c | 2 + drivers/platform/x86/think-lmi.c | 16 +- drivers/platform/x86/touchscreen_dmi.c | 26 + drivers/platform/x86/x86-android-tablets/core.c | 57 +- drivers/power/reset/brcmstb-reboot.c | 3 - drivers/power/supply/power_supply_hwmon.c | 3 +- drivers/remoteproc/ti_k3_r5_remoteproc.c | 86 +- drivers/rtc/rtc-at91sam9.c | 1 + drivers/scsi/NCR5380.c | 4 + drivers/scsi/aacraid/aacraid.h | 2 +- drivers/scsi/lpfc/lpfc_els.c | 27 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 22 +- drivers/scsi/pm8001/pm8001_init.c | 6 +- drivers/scsi/smartpqi/smartpqi_init.c | 2 +- drivers/scsi/st.c | 5 +- drivers/spi/spi-bcm63xx.c | 9 +- drivers/spi/spi-cadence.c | 31 +- drivers/spi/spi-imx.c | 2 +- drivers/spi/spi-rpc-if.c | 7 + drivers/spi/spi-s3c64xx.c | 4 +- drivers/vhost/scsi.c | 25 +- drivers/video/fbdev/efifb.c | 11 +- drivers/video/fbdev/pxafb.c | 1 + fs/btrfs/backref.c | 12 +- fs/btrfs/disk-io.c | 11 + fs/btrfs/relocation.c | 150 +- fs/btrfs/relocation.h | 9 +- fs/btrfs/send.c | 23 +- fs/cachefiles/namei.c | 7 +- fs/ceph/addr.c | 6 +- fs/dax.c | 6 +- fs/exec.c | 3 +- fs/exfat/balloc.c | 10 +- fs/ext4/dir.c | 14 +- fs/ext4/extents.c | 55 +- fs/ext4/fast_commit.c | 49 +- fs/ext4/file.c | 8 +- fs/ext4/inode.c | 11 +- fs/ext4/migrate.c | 2 +- fs/ext4/move_extent.c | 1 - fs/ext4/namei.c | 14 +- fs/ext4/super.c | 11 +- fs/ext4/xattr.c | 3 +- fs/file.c | 93 +- fs/iomap/buffered-io.c | 16 +- fs/jbd2/checkpoint.c | 21 +- fs/jbd2/journal.c | 4 +- fs/jfs/jfs_discard.c | 11 +- fs/jfs/jfs_dmap.c | 7 +- fs/jfs/xattr.c | 2 + fs/nfsd/nfs4state.c | 5 +- fs/nfsd/nfs4xdr.c | 10 +- fs/nfsd/vfs.c | 1 + fs/ocfs2/aops.c | 5 +- fs/ocfs2/buffer_head_io.c | 4 +- fs/ocfs2/journal.c | 7 +- fs/ocfs2/localalloc.c | 19 + fs/ocfs2/quota_local.c | 8 +- fs/ocfs2/refcounttree.c | 26 +- fs/ocfs2/xattr.c | 11 +- fs/overlayfs/params.c | 38 +- fs/proc/base.c | 61 +- fs/smb/client/cifsfs.c | 13 +- fs/smb/client/cifsglob.h | 2 +- fs/smb/client/inode.c | 19 +- fs/smb/client/reparse.c | 16 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 24 +- fs/smb/client/smb2ops.c | 19 +- fs/smb/server/connection.c | 4 +- fs/smb/server/connection.h | 1 + fs/smb/server/oplock.c | 55 +- fs/smb/server/vfs_cache.c | 3 + include/crypto/internal/simd.h | 12 +- include/drm/drm_print.h | 54 +- include/dt-bindings/clock/exynos7885.h | 2 +- include/dt-bindings/clock/qcom,gcc-sc8180x.h | 3 + include/linux/cpufreq.h | 6 +- include/linux/fdtable.h | 8 +- include/linux/i2c.h | 5 + include/linux/netdevice.h | 18 + include/linux/perf_event.h | 8 +- include/linux/stmmac.h | 1 - include/linux/uprobes.h | 2 + include/linux/virtio_net.h | 4 +- include/net/mana/gdma.h | 10 +- include/net/mana/mana.h | 3 +- include/uapi/linux/cec.h | 6 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- io_uring/net.c | 4 +- kernel/bpf/verifier.c | 26 +- kernel/cgroup/cgroup-v1.c | 12 +- kernel/events/core.c | 33 +- kernel/events/uprobes.c | 4 +- kernel/fork.c | 32 +- kernel/jump_label.c | 52 +- kernel/rcu/rcuscale.c | 4 +- kernel/resource.c | 58 +- kernel/sched/psi.c | 26 +- kernel/static_call_inline.c | 13 +- kernel/trace/trace_hwlat.c | 2 + kernel/trace/trace_osnoise.c | 22 +- lib/buildid.c | 88 +- mm/Kconfig | 25 +- mm/slab_common.c | 7 + net/bluetooth/hci_core.c | 2 + net/bluetooth/hci_event.c | 15 +- net/bluetooth/hci_sock.c | 21 +- net/bluetooth/iso.c | 36 +- net/bluetooth/l2cap_core.c | 8 - net/bluetooth/l2cap_sock.c | 52 +- net/bluetooth/mgmt.c | 23 +- net/core/dev.c | 14 +- net/core/gro.c | 9 +- net/core/netpoll.c | 15 +- net/dsa/slave.c | 7 +- net/ipv4/devinet.c | 6 +- net/ipv4/fib_frontend.c | 2 +- net/ipv4/ip_gre.c | 6 +- net/ipv4/netfilter/nf_dup_ipv4.c | 7 +- net/ipv4/tcp_ipv4.c | 3 + net/ipv4/udp_offload.c | 22 +- net/ipv6/netfilter/nf_dup_ipv6.c | 7 +- net/mac80211/chan.c | 4 +- net/mac80211/mlme.c | 2 +- net/mac80211/scan.c | 2 +- net/mac80211/util.c | 4 +- net/mac802154/scan.c | 4 +- net/netfilter/nf_tables_api.c | 57 +- net/netfilter/nft_set_bitmap.c | 4 +- net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 5 +- net/netfilter/nft_set_rbtree.c | 4 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/io_thread.c | 10 +- net/rxrpc/local_object.c | 2 +- net/sched/sch_taprio.c | 4 +- net/sctp/socket.c | 4 +- net/tipc/bearer.c | 8 +- net/wireless/nl80211.c | 15 +- rust/kernel/sync/locked_by.rs | 18 +- scripts/kconfig/qconf.cc | 2 +- security/Kconfig | 32 + security/tomoyo/domain.c | 9 +- sound/core/init.c | 14 +- sound/core/oss/mixer_oss.c | 4 +- sound/isa/gus/gus_pcm.c | 4 +- sound/pci/asihpi/hpimsgx.c | 2 +- sound/pci/hda/hda_controller.h | 2 +- sound/pci/hda/hda_generic.c | 4 +- sound/pci/hda/hda_intel.c | 10 +- sound/pci/hda/patch_conexant.c | 24 +- sound/pci/hda/patch_realtek.c | 4 + sound/pci/rme9652/hdsp.c | 6 +- sound/pci/rme9652/hdspm.c | 6 +- sound/soc/atmel/mchp-pdmc.c | 3 + sound/soc/codecs/wsa883x.c | 16 +- sound/soc/fsl/imx-card.c | 1 + sound/usb/card.c | 8 + sound/usb/clock.c | 62 +- sound/usb/format.c | 6 +- sound/usb/helper.c | 34 + sound/usb/helper.h | 10 +- sound/usb/line6/podhd.c | 2 +- sound/usb/mixer.c | 37 +- sound/usb/mixer.h | 1 + sound/usb/mixer_quirks.c | 17 +- sound/usb/mixer_scarlett.c | 4 +- sound/usb/power.c | 3 +- sound/usb/power.h | 1 + sound/usb/quirks-table.h | 2283 ++++++-------------- sound/usb/quirks.c | 4 + sound/usb/stream.c | 21 +- sound/usb/usbaudio.h | 12 + tools/arch/x86/kcpuid/kcpuid.c | 12 +- tools/bpf/bpftool/net.c | 11 +- tools/include/nolibc/arch-powerpc.h | 2 +- tools/perf/util/hist.c | 7 +- tools/perf/util/machine.c | 17 +- tools/perf/util/setup.py | 2 + tools/perf/util/thread.c | 4 + tools/perf/util/thread.h | 1 + .../breakpoints/step_after_suspend_test.c | 5 +- tools/testing/selftests/hid/Makefile | 2 + .../selftests/mm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/mm/write_to_hugetlbfs.c | 23 +- tools/testing/selftests/netfilter/nft_audit.sh | 57 +- tools/testing/selftests/nolibc/nolibc-test.c | 4 +- tools/testing/selftests/vDSO/parse_vdso.c | 17 +- tools/testing/selftests/vDSO/vdso_config.h | 10 +- .../testing/selftests/vDSO/vdso_test_correctness.c | 6 + tools/tracing/rtla/src/osnoise_top.c | 2 +- tools/tracing/rtla/src/timerlat_top.c | 4 +- 398 files changed, 4268 insertions(+), 3904 deletions(-)

8 months, 2 weeks

16
407
0 0

[PATCH] platform/chrome: cross_ec_type: fix missing fwnode reference decrement

by Javier Carrasco

The device_for_each_child_node() macro requires explicit calls to fwnode_handle_put() upon early exits (return, break, goto) to decrement the fwnode's refcount, and avoid levaing a node reference behind. Add the missing fwnode_handle_put() after the common label for all error paths. Cc: stable(a)vger.kernel.org Fixes: fdc6b21e2444 ("platform/chrome: Add Type C connector class driver") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- I usually switch to the scoped variant of the macro to fix such issues, but given that the fix is relevant for stable kernels, I have provided the "classical" approach by adding the missing fwnode_handle_put(). If switching to the scoped variant is desired, please let me know. This driver and cross_typec_switch could be easily converted. By the way, I wonder why all error paths are redirected to the same label to unregister ports, even before registering them (which seems to be harmless because unregistered ports are ignored, but still). With this fix, that jump to the label is definitely required, but if the scoped variant is used, maybe some simple returns would be enough. --- drivers/platform/chrome/cros_ec_typec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/platform/chrome/cros_ec_typec.c b/drivers/platform/chrome/cros_ec_typec.c index c7781aea0b88..f1324466efac 100644 --- a/drivers/platform/chrome/cros_ec_typec.c +++ b/drivers/platform/chrome/cros_ec_typec.c @@ -409,6 +409,7 @@ static int cros_typec_init_ports(struct cros_typec_data *typec) return 0; unregister_ports: + fwnode_handle_put(fwnode); cros_unregister_ports(typec); return ret; } --- base-commit: b6270c3bca987530eafc6a15f9d54ecd0033e0e3 change-id: 20241009-cross_ec_typec_fwnode_handle_put-9f13b4bd467f Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

8 months, 2 weeks

2
2
0 0

[PATCHSET v5.0 3/9] xfs: metadata inode directory trees

by Darrick J. Wong

Hi all, This series delivers a new feature -- metadata inode directories. This is a separate directory tree (rooted in the superblock) that contains only inodes that contain filesystem metadata. Different metadata objects can be looked up with regular paths. Start by creating xfs_imeta{dir,file}* functions to mediate access to the metadata directory tree. By the end of this mega series, all existing metadata inodes (rt+quota) will use this directory tree instead of the superblock. Next, define the metadir on-disk format, which consists of marking inodes with a new iflag that says they're metadata. This prevents bulkstat and friends from ever getting their hands on fs metadata files. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. This has been running on the djcloud for months with no problems. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=me… xfsprogs git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfsprogs-dev.git/log/?h… --- Commits in this patchset: * xfs: constify the xfs_sb predicates * xfs: constify the xfs_inode predicates * xfs: define the on-disk format for the metadir feature * xfs: undefine the sb_bad_features2 when metadir is enabled * xfs: iget for metadata inodes * xfs: load metadata directory root at mount time * xfs: enforce metadata inode flag * xfs: read and write metadata inode directory tree * xfs: disable the agi rotor for metadata inodes * xfs: hide metadata inodes from everyone because they are special * xfs: advertise metadata directory feature * xfs: allow bulkstat to return metadata directories * xfs: don't count metadata directory files to quota * xfs: mark quota inodes as metadata files * xfs: adjust xfs_bmap_add_attrfork for metadir * xfs: record health problems with the metadata directory * xfs: refactor directory tree root predicates * xfs: do not count metadata directory files when doing online quotacheck * xfs: don't fail repairs on metadata files with no attr fork * xfs: metadata files can have xattrs if metadir is enabled * xfs: adjust parent pointer scrubber for sb-rooted metadata files * xfs: fix di_metatype field of inodes that won't load * xfs: scrub metadata directories * xfs: check the metadata directory inumber in superblocks * xfs: move repair temporary files to the metadata directory tree * xfs: check metadata directory file path connectivity * xfs: confirm dotdot target before replacing it during a repair * xfs: repair metadata directory file path connectivity --- fs/xfs/Makefile | 5 fs/xfs/libxfs/xfs_attr.c | 5 fs/xfs/libxfs/xfs_bmap.c | 5 fs/xfs/libxfs/xfs_format.h | 176 ++++++++++--- fs/xfs/libxfs/xfs_fs.h | 25 ++ fs/xfs/libxfs/xfs_health.h | 6 fs/xfs/libxfs/xfs_ialloc.c | 58 +++- fs/xfs/libxfs/xfs_inode_buf.c | 83 ++++++ fs/xfs/libxfs/xfs_inode_buf.h | 3 fs/xfs/libxfs/xfs_inode_util.c | 2 fs/xfs/libxfs/xfs_log_format.h | 2 fs/xfs/libxfs/xfs_metadir.c | 481 ++++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_metadir.h | 47 ++++ fs/xfs/libxfs/xfs_metafile.c | 52 ++++ fs/xfs/libxfs/xfs_metafile.h | 31 ++ fs/xfs/libxfs/xfs_ondisk.h | 2 fs/xfs/libxfs/xfs_sb.c | 33 ++ fs/xfs/scrub/agheader.c | 14 + fs/xfs/scrub/common.c | 65 ++++- fs/xfs/scrub/common.h | 5 fs/xfs/scrub/dir.c | 10 + fs/xfs/scrub/dir_repair.c | 20 + fs/xfs/scrub/dirtree.c | 32 ++ fs/xfs/scrub/dirtree.h | 12 - fs/xfs/scrub/findparent.c | 28 ++ fs/xfs/scrub/health.c | 1 fs/xfs/scrub/inode.c | 35 ++- fs/xfs/scrub/inode_repair.c | 34 ++- fs/xfs/scrub/metapath.c | 521 +++++++++++++++++++++++++++++++++++++++ fs/xfs/scrub/nlinks.c | 4 fs/xfs/scrub/nlinks_repair.c | 4 fs/xfs/scrub/orphanage.c | 4 fs/xfs/scrub/parent.c | 39 ++- fs/xfs/scrub/parent_repair.c | 37 ++- fs/xfs/scrub/quotacheck.c | 7 - fs/xfs/scrub/repair.c | 22 +- fs/xfs/scrub/repair.h | 3 fs/xfs/scrub/scrub.c | 9 + fs/xfs/scrub/scrub.h | 2 fs/xfs/scrub/stats.c | 1 fs/xfs/scrub/tempfile.c | 105 ++++++++ fs/xfs/scrub/tempfile.h | 3 fs/xfs/scrub/trace.c | 1 fs/xfs/scrub/trace.h | 42 +++ fs/xfs/xfs_dquot.c | 1 fs/xfs/xfs_health.c | 2 fs/xfs/xfs_icache.c | 73 +++++ fs/xfs/xfs_inode.c | 15 + fs/xfs/xfs_inode.h | 34 ++- fs/xfs/xfs_inode_item.c | 7 - fs/xfs/xfs_inode_item_recover.c | 5 fs/xfs/xfs_ioctl.c | 7 + fs/xfs/xfs_iops.c | 15 + fs/xfs/xfs_itable.c | 33 ++ fs/xfs/xfs_itable.h | 3 fs/xfs/xfs_mount.c | 31 ++ fs/xfs/xfs_mount.h | 3 fs/xfs/xfs_qm.c | 36 +++ fs/xfs/xfs_quota.h | 5 fs/xfs/xfs_rtalloc.c | 38 ++- fs/xfs/xfs_super.c | 4 fs/xfs/xfs_trace.c | 2 fs/xfs/xfs_trace.h | 102 ++++++++ fs/xfs/xfs_trans_dquot.c | 6 64 files changed, 2302 insertions(+), 196 deletions(-) create mode 100644 fs/xfs/libxfs/xfs_metadir.c create mode 100644 fs/xfs/libxfs/xfs_metadir.h create mode 100644 fs/xfs/libxfs/xfs_metafile.c create mode 100644 fs/xfs/libxfs/xfs_metafile.h create mode 100644 fs/xfs/scrub/metapath.c

8 months, 2 weeks

1
1
0 0

[PATCH v2] usb: dwc3: core: Fix system suspend on TI AM62 platforms

by Roger Quadros

Since commit 6d735722063a ("usb: dwc3: core: Prevent phy suspend during init"), system suspend is broken on AM62 TI platforms. Before that commit, both DWC3_GUSB3PIPECTL_SUSPHY and DWC3_GUSB2PHYCFG_SUSPHY bits (hence forth called 2 SUSPHY bits) were being set during core initialization and even during core re-initialization after a system suspend/resume. These bits are required to be set for system suspend/resume to work correctly on AM62 platforms. Since that commit, the 2 SUSPHY bits are not set for DEVICE/OTG mode if gadget driver is not loaded and started. For Host mode, the 2 SUSPHY bits are set before the first system suspend but get cleared at system resume during core re-init and are never set again. This patch resovles these two issues by ensuring the 2 SUSPHY bits are set before system suspend and restored to the original state during system resume. Cc: stable(a)vger.kernel.org # v6.9+ Fixes: 6d735722063a ("usb: dwc3: core: Prevent phy suspend during init") Link: https://lore.kernel.org/all/1519dbe7-73b6-4afc-bfe3-23f4f75d772f@kernel.org/ Signed-off-by: Roger Quadros <rogerq(a)kernel.org> --- Changes in v2: - Fix comment style - Use both USB3 and USB2 SUSPHY bits to determine susphy_state during system suspend/resume. - Restore SUSPHY bits at system resume regardless if it was set or cleared before system suspend. - Link to v1: https://lore.kernel.org/r/20241001-am62-lpm-usb-v1-1-9916b71165f7@kernel.org --- drivers/usb/dwc3/core.c | 21 +++++++++++++++++++++ drivers/usb/dwc3/core.h | 2 ++ 2 files changed, 23 insertions(+) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 9eb085f359ce..20209de2b295 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2336,6 +2336,11 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) u32 reg; int i; + dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & + DWC3_GUSB2PHYCFG_SUSPHY) || + (dwc3_readl(dwc->regs, DWC3_GUSB3PIPECTL(0)) & + DWC3_GUSB3PIPECTL_SUSPHY); + switch (dwc->current_dr_role) { case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) @@ -2387,6 +2392,15 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; } + if (!PMSG_IS_AUTO(msg)) { + /* + * TI AM62 platform requires SUSPHY to be + * enabled for system suspend to work. + */ + if (!dwc->susphy_state) + dwc3_enable_susphy(dwc, true); + } + return 0; } @@ -2454,6 +2468,13 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) break; } + if (!PMSG_IS_AUTO(msg)) { + /* + * restore SUSPHY state to that before system suspend. + */ + dwc3_enable_susphy(dwc, dwc->susphy_state); + } + return 0; } diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index c71240e8f7c7..b2ed5aba4c72 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1150,6 +1150,7 @@ struct dwc3_scratchpad_array { * @sys_wakeup: set if the device may do system wakeup. * @wakeup_configured: set if the device is configured for remote wakeup. * @suspended: set to track suspend event due to U3/L2. + * @susphy_state: state of DWC3_GUSB2PHYCFG_SUSPHY before PM suspend. * @imod_interval: set the interrupt moderation interval in 250ns * increments or 0 to disable. * @max_cfg_eps: current max number of IN eps used across all USB configs. @@ -1382,6 +1383,7 @@ struct dwc3 { unsigned sys_wakeup:1; unsigned wakeup_configured:1; unsigned suspended:1; + unsigned susphy_state:1; u16 imod_interval; --- base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc change-id: 20240923-am62-lpm-usb-f420917bd707 Best regards, -- Roger Quadros <rogerq(a)kernel.org>

8 months, 2 weeks

2
1
0 0

[PATCH v3 5/9] serial: qcom-geni: fix receiver enable

by Johan Hovold

The receiver is supposed to be enabled in the startup() callback and not in set_termios() which is called also during console setup. This specifically avoids accepting input before the port has been opened (and interrupts enabled), something which can also break the GENI firmware (cancel fails and after abort, the "stale" counter handling appears to be broken so that later input is not processed until twelve chars have been received). There also does not appear to be any need to keep the receiver disabled while updating the port settings. Since commit 6f3c3cafb115 ("serial: qcom-geni: disable interrupts during console writes") the calls to manipulate the secondary interrupts, which were done without holding the port lock, can also lead to the receiver being left disabled when set_termios() races with the console code (e.g. when init opens the tty during boot). This can manifest itself as a serial getty not accepting input. The calls to stop and start rx in set_termios() can similarly race with DMA completion and, for example, cause the DMA buffer to be unmapped twice or the mapping to be leaked. Fix this by only enabling the receiver during startup and while holding the port lock to avoid racing with the console code. Fixes: 6f3c3cafb115 ("serial: qcom-geni: disable interrupts during console writes") Fixes: 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 6.3 Cc: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index aaf24bd037a7..6c4349ea5720 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -1197,6 +1197,11 @@ static int qcom_geni_serial_startup(struct uart_port *uport) if (ret) return ret; } + + uart_port_lock_irq(uport); + qcom_geni_serial_start_rx(uport); + uart_port_unlock_irq(uport); + enable_irq(uport->irq); return 0; @@ -1282,7 +1287,6 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, unsigned int avg_bw_core; unsigned long timeout; - qcom_geni_serial_stop_rx(uport); /* baud rate */ baud = uart_get_baud_rate(uport, termios, old, 300, 4000000); @@ -1298,7 +1302,7 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, dev_err(port->se.dev, "Couldn't find suitable clock rate for %u\n", baud * sampling_rate); - goto out_restart_rx; + return; } dev_dbg(port->se.dev, "desired_rate = %u, clk_rate = %lu, clk_div = %u\n", @@ -1389,8 +1393,6 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, writel(stop_bit_len, uport->membase + SE_UART_TX_STOP_BIT_LEN); writel(ser_clk_cfg, uport->membase + GENI_SER_M_CLK_CFG); writel(ser_clk_cfg, uport->membase + GENI_SER_S_CLK_CFG); -out_restart_rx: - qcom_geni_serial_start_rx(uport); } #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE -- 2.45.2

8 months, 2 weeks

2
1
0 0

[PATCH v3 1/9] serial: qcom-geni: fix polled console initialisation

by Johan Hovold

The polled console (KGDB/KDB) implementation must not call port setup unconditionally as the port may already be in use by the console or a getty. Only make sure that the receiver is enabled, but do not enable any device interrupts. Fixes: d8851a96ba25 ("tty: serial: qcom-geni-serial: Add a poll_init() function") Cc: stable(a)vger.kernel.org # 6.4 Cc: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 6f0db310cf69..c237c9d107cd 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -147,6 +147,7 @@ static struct uart_driver qcom_geni_uart_driver; static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); +static int qcom_geni_serial_port_setup(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { @@ -395,6 +396,23 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, writel(c, uport->membase + SE_GENI_TX_FIFOn); qcom_geni_serial_poll_tx_done(uport); } + +static int qcom_geni_serial_poll_init(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + int ret; + + if (!port->setup) { + ret = qcom_geni_serial_port_setup(uport); + if (ret) + return ret; + } + + if (!qcom_geni_serial_secondary_active(uport)) + geni_se_setup_s_cmd(&port->se, UART_START_READ, 0); + + return 0; +} #endif #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE @@ -1582,7 +1600,7 @@ static const struct uart_ops qcom_geni_console_pops = { #ifdef CONFIG_CONSOLE_POLL .poll_get_char = qcom_geni_serial_get_char, .poll_put_char = qcom_geni_serial_poll_put_char, - .poll_init = qcom_geni_serial_port_setup, + .poll_init = qcom_geni_serial_poll_init, #endif .pm = qcom_geni_serial_pm, }; -- 2.45.2

8 months, 2 weeks

2
1
0 0

[PATCH] clk: actions: prevent overflow in owl_pll_recalc_rate

by Anastasia Belova

In case of OWL S900 SoC clock driver there are cases where bfreq = 24000000, shift = 0. If value read from CMU_COREPLL or CMU_DDRPLL to val is big enough, an overflow may occur. Add explicit casting to prevent it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 2792c37e94c8 ("clk: actions: Add pll clock support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Anastasia Belova <abelova(a)astralinux.ru> --- drivers/clk/actions/owl-pll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/actions/owl-pll.c b/drivers/clk/actions/owl-pll.c index 155f313986b4..fa17567665ec 100644 --- a/drivers/clk/actions/owl-pll.c +++ b/drivers/clk/actions/owl-pll.c @@ -104,7 +104,7 @@ static unsigned long owl_pll_recalc_rate(struct clk_hw *hw, val = val >> pll_hw->shift; val &= mul_mask(pll_hw); - return pll_hw->bfreq * val; + return (unsigned long)pll_hw->bfreq * val; } static int owl_pll_is_enabled(struct clk_hw *hw) -- 2.30.2

8 months, 2 weeks

3
2
0 0

[to-be-updated] mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: enforce a minimal stack gap even against inaccessible VMAs has been removed from the -mm tree. Its filename was mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm: enforce a minimal stack gap even against inaccessible VMAs Date: Tue, 08 Oct 2024 00:55:39 +0200 As explained in the comment block this change adds, we can't tell what userspace's intent is when the stack grows towards an inaccessible VMA. I have a (highly contrived) C testcase for 32-bit x86 userspace with glibc that mixes malloc(), pthread creation, and recursion in just the right way such that the main stack overflows into malloc() arena memory. I don't know of any specific scenario where this is actually exploitable, but it seems like it could be a security problem for sufficiently unlucky userspace. I believe we should ensure that, as long as code is compiled with something like -fstack-check, a stack overflow in it can never cause the main stack to overflow into adjacent heap memory. My fix effectively reverts the behavior for !vma_is_accessible() VMAs to the behavior before commit 1be7107fbe18 ("mm: larger stack guard gap, between vmas"), so I think it should be a fairly safe change even in case A. [akpm(a)linux-foundation.org: s/prev/next/ in !CONFIG_STACK_GROWSUP section, per Lorenzo] Closes: https://lore.kernel.org/oe-kbuild-all/202410090632.brLG8w0b-lkp@intel.com/ Link: https://lkml.kernel.org/r/20241008-stack-gap-inaccessible-v1-1-848d4d891f21… Fixes: 561b5e0709e4 ("mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack") Signed-off-by: Jann Horn <jannh(a)google.com> Cc: Ben Hutchings <ben(a)decadent.org.uk> Cc: Helge Deller <deller(a)gmx.de> Cc: Hugh Dickins <hughd(a)google.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Willy Tarreau <w(a)1wt.eu> Cc: <stable(a)vger.kernel.org> Cc: kernel test robot <lkp(a)intel.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 53 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 7 deletions(-) --- a/mm/mmap.c~mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas +++ a/mm/mmap.c @@ -1064,10 +1064,12 @@ static int expand_upwards(struct vm_area gap_addr = TASK_SIZE; next = find_vma_intersection(mm, vma->vm_end, gap_addr); - if (next && vma_is_accessible(next)) { - if (!(next->vm_flags & VM_GROWSUP)) + if (next && !(next->vm_flags & VM_GROWSUP)) { + /* see comments in expand_downwards() */ + if (vma_is_accessible(next)) + return -ENOMEM; + if (address == next->vm_start) return -ENOMEM; - /* Check that both stack segments have the same anon_vma? */ } if (next) @@ -1155,10 +1157,47 @@ int expand_downwards(struct vm_area_stru /* Enforce stack_guard_gap */ prev = vma_prev(&vmi); /* Check that both stack segments have the same anon_vma? */ - if (prev) { - if (!(prev->vm_flags & VM_GROWSDOWN) && - vma_is_accessible(prev) && - (address - prev->vm_end < stack_guard_gap)) + if (prev && !(prev->vm_flags & VM_GROWSDOWN) && + (address - prev->vm_end < stack_guard_gap)) { + /* + * If the previous VMA is accessible, this is the normal case + * where the main stack is growing down towards some unrelated + * VMA. Enforce the full stack guard gap. + */ + if (vma_is_accessible(prev)) + return -ENOMEM; + + /* + * If the previous VMA is not accessible, we have a problem: + * We can't tell what userspace's intent is. + * + * Case A: + * Maybe userspace wants to use the previous VMA as a + * "guard region" at the bottom of the main stack, in which case + * userspace wants us to grow the stack until it is adjacent to + * the guard region. Apparently some Java runtime environments + * and Rust do that? + * That is kind of ugly, and in that case userspace really ought + * to ensure that the stack is fully expanded immediately, but + * we have to handle this case. + * + * Case B: + * But maybe the previous VMA is entirely unrelated to the stack + * and is only *temporarily* PROT_NONE. For example, glibc + * malloc arenas create a big PROT_NONE region and then + * progressively mark parts of it as writable. + * In that case, we must not let the stack become adjacent to + * the previous VMA. Otherwise, after the region later becomes + * writable, a stack overflow will cause the stack to grow into + * the previous VMA, and we won't have any stack gap to protect + * against this. + * + * As an ugly tradeoff, enforce a single-page gap. + * A single page will hopefully be small enough to not be + * noticed in case A, while providing the same level of + * protection in case B that normal userspace threads get. + */ + if (address == prev->vm_end) return -ENOMEM; } _ Patches currently in -mm which might be from jannh(a)google.com are mm-mremap-fix-move_normal_pmd-retract_page_tables-race.patch

8 months, 2 weeks

1
0
0 0

+ mm-damon-fix-memory-leak-in-damon_sysfs_test_add_targets.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-fix-memory-leak-in-damon_sysfs_test_add_targets.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jinjie Ruan <ruanjinjie(a)huawei.com> Subject: mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets() Date: Thu, 10 Oct 2024 20:53:23 +0800 The sysfs_target->regions allocated in damon_sysfs_regions_alloc() is not freed in damon_sysfs_test_add_targets(), which cause the following memory leak, free it to fix it. unreferenced object 0xffffff80c2a8db80 (size 96): comm "kunit_try_catch", pid 187, jiffies 4294894363 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): [<0000000001e3714d>] kmemleak_alloc+0x34/0x40 [<000000008e6835c1>] __kmalloc_cache_noprof+0x26c/0x2f4 [<000000001286d9f8>] damon_sysfs_test_add_targets+0x1cc/0x738 [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000adf936cf>] kthread+0x2e8/0x374 [<0000000041bb1628>] ret_from_fork+0x10/0x20 Link: https://lkml.kernel.org/r/20241010125323.3127187-1-ruanjinjie@huawei.com Fixes: b8ee5575f763 ("mm/damon/sysfs-test: add a unit test for damon_sysfs_set_targets()") Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/tests/sysfs-kunit.h | 1 + 1 file changed, 1 insertion(+) --- a/mm/damon/tests/sysfs-kunit.h~mm-damon-fix-memory-leak-in-damon_sysfs_test_add_targets +++ a/mm/damon/tests/sysfs-kunit.h @@ -67,6 +67,7 @@ static void damon_sysfs_test_add_targets damon_destroy_ctx(ctx); kfree(sysfs_targets->targets_arr); kfree(sysfs_targets); + kfree(sysfs_target->regions); kfree(sysfs_target); } _ Patches currently in -mm which might be from ruanjinjie(a)huawei.com are mm-damon-fix-memory-leak-in-damon_sysfs_test_add_targets.patch

8 months, 2 weeks

1
0
0 0

[PATCH 6.1] ASoC: Intel: sof_realtek_common: set ret = 0 as initial value

by Vitaliy Shevtsov

From: Bard Liao <yung-chuan.liao(a)linux.intel.com> commit 47d2b66fec133cb27da3a551334686e465d19469 upstream. 'ret' will not be initialized if dai_fmt is not DSP_A or DSP_B. Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Signed-off-by: Bard Liao <yung-chuan.liao(a)linux.intel.com> Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Link: https://lore.kernel.org/r/20221206212507.359993-4-pierre-louis.bossart@linu… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> --- sound/soc/intel/boards/sof_realtek_common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/intel/boards/sof_realtek_common.c b/sound/soc/intel/boards/sof_realtek_common.c index ff2851fc8930..6c12ca92f371 100644 --- a/sound/soc/intel/boards/sof_realtek_common.c +++ b/sound/soc/intel/boards/sof_realtek_common.c @@ -267,7 +267,8 @@ static int rt1015_hw_params(struct snd_pcm_substream *substream, struct snd_soc_pcm_runtime *rtd = asoc_substream_to_rtd(substream); struct snd_soc_dai_link *dai_link = rtd->dai_link; struct snd_soc_dai *codec_dai; - int i, clk_freq, ret; + int i, clk_freq; + int ret = 0; clk_freq = sof_dai_get_bclk(rtd); -- 2.46.2

8 months, 2 weeks

1
0
0 0

[PATCH] drm/vmwgfx: Handle surface check failure correctly

by Nikolay Kuratov

Currently if condition (!bo and !vmw_kms_srf_ok()) was met we go to err_out with ret == 0. err_out dereferences vfb if ret == 0, but in our case vfb is still NULL. Fix this by assigning sensible error to ret. Found by Linux Verification Center (linuxtesting.org) with SVACE Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru> Cc: stable(a)vger.kernel.org Fixes: 810b3e1683d0 ("drm/vmwgfx: Support topology greater than texture size") --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index 288ed0bb75cb..752510a11e1b 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -1539,6 +1539,7 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, DRM_ERROR("Surface size cannot exceed %dx%d\n", dev_priv->texture_max_width, dev_priv->texture_max_height); + ret = -EINVAL; goto err_out; } -- 2.34.1

8 months, 2 weeks

2
1
0 0

[PATCH V2 1/3] perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The EAX of the CPUID Leaf 023H enumerates the mask of valid sub-leaves. To tell the availability of the sub-leaf 1 (enumerate the counter mask), perf should check the bit 1 (0x2) of EAS, rather than bit 0 (0x1). The error is not user-visible on bare metal. Because the sub-leaf 0 and the sub-leaf 1 are always available. However, it may bring issues in a virtualization environment when a VMM only enumerates the sub-leaf 0. Fixes: eb467aaac21e ("perf/x86/intel: Support Architectural PerfMon Extension leaf") Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/core.c | 4 ++-- arch/x86/include/asm/perf_event.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 7ca40002a19b..2f3bf3bbbd77 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -4886,8 +4886,8 @@ static void update_pmu_cap(struct x86_hybrid_pmu *pmu) if (ebx & ARCH_PERFMON_EXT_EQ) pmu->config_mask |= ARCH_PERFMON_EVENTSEL_EQ; - if (sub_bitmaps & ARCH_PERFMON_NUM_COUNTER_LEAF_BIT) { - cpuid_count(ARCH_PERFMON_EXT_LEAF, ARCH_PERFMON_NUM_COUNTER_LEAF, + if (sub_bitmaps & ARCH_PERFMON_NUM_COUNTER_LEAF) { + cpuid_count(ARCH_PERFMON_EXT_LEAF, ARCH_PERFMON_NUM_COUNTER_LEAF_BIT, &eax, &ebx, &ecx, &edx); pmu->cntr_mask64 = eax; pmu->fixed_cntr_mask64 = ebx; diff --git a/arch/x86/include/asm/perf_event.h b/arch/x86/include/asm/perf_event.h index 91b73571412f..41ace8431e01 100644 --- a/arch/x86/include/asm/perf_event.h +++ b/arch/x86/include/asm/perf_event.h @@ -190,7 +190,7 @@ union cpuid10_edx { #define ARCH_PERFMON_EXT_UMASK2 0x1 #define ARCH_PERFMON_EXT_EQ 0x2 #define ARCH_PERFMON_NUM_COUNTER_LEAF_BIT 0x1 -#define ARCH_PERFMON_NUM_COUNTER_LEAF 0x1 +#define ARCH_PERFMON_NUM_COUNTER_LEAF BIT(ARCH_PERFMON_NUM_COUNTER_LEAF_BIT) /* * Intel Architectural LBR CPUID detection/enumeration details: -- 2.38.1

8 months, 2 weeks

1
0
0 0

[PATCH] vt: prevent kernel-infoleak in con_font_get()

by Jeongjun Park

font.data may not initialize all memory spaces depending on the implementation of vc->vc_sw->con_font_get. This may cause info-leak, so to prevent this, it is safest to modify it to initialize the allocated memory space to 0, and it generally does not affect the overall performance of the system. Cc: stable(a)vger.kernel.org Reported-by: syzbot+955da2d57931604ee691(a)syzkaller.appspotmail.com Fixes: 05e2600cb0a4 ("VT: Bump font size limitation to 64x128 pixels") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- drivers/tty/vt/vt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c index cd87e3d1291e..96842ce817af 100644 --- a/drivers/tty/vt/vt.c +++ b/drivers/tty/vt/vt.c @@ -4726,7 +4726,7 @@ static int con_font_get(struct vc_data *vc, struct console_font_op *op) return -EINVAL; if (op->data) { - font.data = kvmalloc(max_font_size, GFP_KERNEL); + font.data = kvzalloc(max_font_size, GFP_KERNEL); if (!font.data) return -ENOMEM; } else --

8 months, 2 weeks

1
0
0 0

[PATCH] mm: Enforce a minimal stack gap even against inaccessible VMAs

by Jann Horn

As explained in the comment block this change adds, we can't tell what userspace's intent is when the stack grows towards an inaccessible VMA. I have a (highly contrived) C testcase for 32-bit x86 userspace with glibc that mixes malloc(), pthread creation, and recursion in just the right way such that the main stack overflows into malloc() arena memory. (Let me know if you want me to share that.) I don't know of any specific scenario where this is actually exploitable, but it seems like it could be a security problem for sufficiently unlucky userspace. I believe we should ensure that, as long as code is compiled with something like -fstack-check, a stack overflow in it can never cause the main stack to overflow into adjacent heap memory. My fix effectively reverts the behavior for !vma_is_accessible() VMAs to the behavior before commit 1be7107fbe18 ("mm: larger stack guard gap, between vmas"), so I think it should be a fairly safe change even in case A. Fixes: 561b5e0709e4 ("mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> --- I have tested that Libreoffice still launches after this change, though I don't know if that means anything. Note that I haven't tested the growsup code. --- mm/mmap.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 7 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index dd4b35a25aeb..971bfd6c1cea 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1064,10 +1064,12 @@ static int expand_upwards(struct vm_area_struct *vma, unsigned long address) gap_addr = TASK_SIZE; next = find_vma_intersection(mm, vma->vm_end, gap_addr); - if (next && vma_is_accessible(next)) { - if (!(next->vm_flags & VM_GROWSUP)) + if (next && !(next->vm_flags & VM_GROWSUP)) { + /* see comments in expand_downwards() */ + if (vma_is_accessible(prev)) + return -ENOMEM; + if (address == next->vm_start) return -ENOMEM; - /* Check that both stack segments have the same anon_vma? */ } if (next) @@ -1155,10 +1157,47 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) /* Enforce stack_guard_gap */ prev = vma_prev(&vmi); /* Check that both stack segments have the same anon_vma? */ - if (prev) { - if (!(prev->vm_flags & VM_GROWSDOWN) && - vma_is_accessible(prev) && - (address - prev->vm_end < stack_guard_gap)) + if (prev && !(prev->vm_flags & VM_GROWSDOWN) && + (address - prev->vm_end < stack_guard_gap)) { + /* + * If the previous VMA is accessible, this is the normal case + * where the main stack is growing down towards some unrelated + * VMA. Enforce the full stack guard gap. + */ + if (vma_is_accessible(prev)) + return -ENOMEM; + + /* + * If the previous VMA is not accessible, we have a problem: + * We can't tell what userspace's intent is. + * + * Case A: + * Maybe userspace wants to use the previous VMA as a + * "guard region" at the bottom of the main stack, in which case + * userspace wants us to grow the stack until it is adjacent to + * the guard region. Apparently some Java runtime environments + * and Rust do that? + * That is kind of ugly, and in that case userspace really ought + * to ensure that the stack is fully expanded immediately, but + * we have to handle this case. + * + * Case B: + * But maybe the previous VMA is entirely unrelated to the stack + * and is only *temporarily* PROT_NONE. For example, glibc + * malloc arenas create a big PROT_NONE region and then + * progressively mark parts of it as writable. + * In that case, we must not let the stack become adjacent to + * the previous VMA. Otherwise, after the region later becomes + * writable, a stack overflow will cause the stack to grow into + * the previous VMA, and we won't have any stack gap to protect + * against this. + * + * As an ugly tradeoff, enforce a single-page gap. + * A single page will hopefully be small enough to not be + * noticed in case A, while providing the same level of + * protection in case B that normal userspace threads get. + */ + if (address == prev->vm_end) return -ENOMEM; } --- base-commit: 8cf0b93919e13d1e8d4466eb4080a4c4d9d66d7b change-id: 20241008-stack-gap-inaccessible-c7319f7d4b1b -- Jann Horn <jannh(a)google.com>

8 months, 2 weeks

4
8
0 0

[PATCH v2 0/3] Fix bugs in qla2xxx driver

by Anastasia Kovaleva

This series of patches contains 3 separate changes that fix some bugs in the qla2xxx driver. --- v2: - Change a spinlock wrap to a WRITE_ONCE() in patch 1 - Add Reviewed-by tags on patches 2 and 3 --- Anastasia Kovaleva (3): scsi: qla2xxx: Drop starvation counter on success scsi: qla2xxx: Make target send correct LOGO scsi: qla2xxx: Remove incorrect trap drivers/scsi/qla2xxx/qla_iocb.c | 11 +++++++++++ drivers/scsi/qla2xxx/qla_isr.c | 4 ++++ drivers/scsi/qla2xxx/qla_target.c | 16 +++++++--------- 3 files changed, 22 insertions(+), 9 deletions(-) -- 2.40.1

8 months, 2 weeks

3
7
0 0

[PATCH v2] spi: stm32: fix missing device mode capability in stm32mp25

by Alain Volmat

The STM32MP25 SOC has capability to behave in device mode however missing .has_device_mode within its stm32mp25_spi_cfg structure leads to not being able to enable the device mode. Fixes: f6cd66231aa5 ("spi: stm32: add st,stm32mp25-spi compatible supporting STM32MP25 soc") Cc: stable(a)vger.kernel.org Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> --- Changes in v2: - correct Fixes commit sha1 - Link to v1: https://lore.kernel.org/r/20241009-spi-mp25-device-fix-v1-1-8e5ca7db7838@fo… --- drivers/spi/spi-stm32.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/spi/spi-stm32.c b/drivers/spi/spi-stm32.c index f2dd8ab12df831d54758d21ec1a68ffc40e2f0a6..da3517d7102dce5f830cdf0dbdee3e19184f69c5 100644 --- a/drivers/spi/spi-stm32.c +++ b/drivers/spi/spi-stm32.c @@ -2044,6 +2044,7 @@ static const struct stm32_spi_cfg stm32mp25_spi_cfg = { .baud_rate_div_max = STM32H7_SPI_MBR_DIV_MAX, .has_fifo = true, .prevent_dma_burst = true, + .has_device_mode = true, }; static const struct of_device_id stm32_spi_of_match[] = { --- base-commit: c2a59c892f20379a3e48124a83491a12374cd7e0 change-id: 20241009-spi-mp25-device-fix-e03406280c02 Best regards, -- Alain Volmat <alain.volmat(a)foss.st.com>

8 months, 2 weeks

2
1
0 0

[PATCH] spi: stm32: fix missing device mode capability in stm32mp25

by Alain Volmat

The STM32MP25 SOC has capability to behave in device mode however missing .has_device_mode within its stm32mp25_spi_cfg structure leads to not being able to enable the device mode. Fixes: a4e7908abf0c ("spi: stm32: add st,stm32mp25-spi compatible supporting STM32MP25 soc") Cc: stable(a)vger.kernel.org Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> --- drivers/spi/spi-stm32.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/spi/spi-stm32.c b/drivers/spi/spi-stm32.c index f2dd8ab12df831d54758d21ec1a68ffc40e2f0a6..da3517d7102dce5f830cdf0dbdee3e19184f69c5 100644 --- a/drivers/spi/spi-stm32.c +++ b/drivers/spi/spi-stm32.c @@ -2044,6 +2044,7 @@ static const struct stm32_spi_cfg stm32mp25_spi_cfg = { .baud_rate_div_max = STM32H7_SPI_MBR_DIV_MAX, .has_fifo = true, .prevent_dma_burst = true, + .has_device_mode = true, }; static const struct of_device_id stm32_spi_of_match[] = { --- base-commit: c2a59c892f20379a3e48124a83491a12374cd7e0 change-id: 20241009-spi-mp25-device-fix-e03406280c02 Best regards, -- Alain Volmat <alain.volmat(a)foss.st.com>

8 months, 2 weeks

2
3
0 0

[PATCH] drm/vblank: Require a driver register vblank support for 0 or all CRTCs

by Lyude Paul

Currently, there's nothing actually stopping a driver from only registering vblank support for some of it's CRTCs and not for others. As far as I can tell, this isn't really defined behavior on the C side of things - as the documentation explicitly mentions to not use drm_vblank_init() if you don't have vblank support - since DRM then steps in and adds its own vblank emulation implementation. So, let's fix this edge case and check to make sure it's all or none. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Fixes: 3ed4351a83ca ("drm: Extract drm_vblank.[hc]") Cc: Stefan Agner <stefan(a)agner.ch> Cc: Daniel Vetter <daniel.vetter(a)intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: David Airlie <airlied(a)gmail.com> Cc: Simona Vetter <simona(a)ffwll.ch> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.13+ --- drivers/gpu/drm/drm_vblank.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/gpu/drm/drm_vblank.c b/drivers/gpu/drm/drm_vblank.c index 94e45ed6869d0..4d00937e8ca2e 100644 --- a/drivers/gpu/drm/drm_vblank.c +++ b/drivers/gpu/drm/drm_vblank.c @@ -525,9 +525,19 @@ static void drm_vblank_init_release(struct drm_device *dev, void *ptr) */ int drm_vblank_init(struct drm_device *dev, unsigned int num_crtcs) { + struct drm_crtc *crtc; int ret; unsigned int i; + // Confirm that the required vblank functions have been filled out for all CRTCS + drm_for_each_crtc(crtc, dev) { + if (!crtc->funcs->enable_vblank || !crtc->funcs->disable_vblank) { + drm_err(dev, "CRTC vblank functions not initialized for %s, abort\n", + crtc->name); + return -EINVAL; + } + } + spin_lock_init(&dev->vbl_lock); spin_lock_init(&dev->vblank_time_lock); base-commit: 22512c3ee0f47faab5def71c4453638923c62522 -- 2.46.1

8 months, 2 weeks

3
2
0 0

[PATCH] PM: domains: Fix return value of API dev_pm_get_subsys_data()

by Zijun Hu

From: Zijun Hu <quic_zijuhu(a)quicinc.com> dev_pm_get_subsys_data() has below 2 issues under condition (@dev->power.subsys_data != NULL): - it will do unnecessary kzalloc() and kfree(). - it will return -ENOMEM if the kzalloc() fails, that is wrong since the kzalloc() is not needed. Fixed by not doing kzalloc() and returning 0 for the condition. Fixes: ef27bed1870d ("PM: Reference counting of power.subsys_data") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- drivers/base/power/common.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/base/power/common.c b/drivers/base/power/common.c index 8c34ae1cd8d5..13cb1f2a06e7 100644 --- a/drivers/base/power/common.c +++ b/drivers/base/power/common.c @@ -26,6 +26,14 @@ int dev_pm_get_subsys_data(struct device *dev) { struct pm_subsys_data *psd; + spin_lock_irq(&dev->power.lock); + if (dev->power.subsys_data) { + dev->power.subsys_data->refcount++; + spin_unlock_irq(&dev->power.lock); + return 0; + } + spin_unlock_irq(&dev->power.lock); + psd = kzalloc(sizeof(*psd), GFP_KERNEL); if (!psd) return -ENOMEM; --- base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc change-id: 20241010-fix_dev_pm_get_subsys_data-2478bb200fde Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

8 months, 2 weeks

1
0
0 0

[PATCH stable 6.1] devlink: Fix RCU stall when unregistering a devlink instance

by Ido Schimmel

When a devlink instance is unregistered the following happens (among other things): t0 - The instance is marked with 'DEVLINK_UNREGISTERING'. t1 - Blocking until an RCU grace period passes. t2 - The 'DEVLINK_UNREGISTERING' mark is cleared from the instance. When iterating over devlink instances (f.e., when requesting a dump of available instances) and encountering an instance that is currently being unregistered, the current code will loop around until the 'DEVLINK_UNREGISTERING' mark is cleared. The iteration over devlink instances happens in an RCU critical section, so if the instance that is currently being unregistered was encountered between t0 and t1, the system will deadlock and RCU stalls will be reported [1]. The task unregistering the instance will forever wait for an RCU grace period to pass and the task iterating over the instances will forever wait for the mark to be cleared. The issue can be reliably reproduced by increasing the time window between t0 and t1 (used a 60 seconds sleep) and running the following reproducer [2]. Fix by skipping over instances that are currently being unregistered. [1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu: Tasks blocked on level-0 rcu_node (CPUs 0-7): P344 (detected by 4, t=26002 jiffies, g=5773, q=12 ncpus=8) task:devlink state:R running task stack:25568 pid:344 ppid:260 flags:0x00004002 [...] Call Trace: xa_get_mark+0x184/0x3e0 devlinks_xa_find_get.constprop.0+0xc6/0x2e0 devlink_nl_cmd_get_dumpit+0x105/0x3f0 netlink_dump+0x568/0xff0 __netlink_dump_start+0x651/0x900 genl_family_rcv_msg_dumpit+0x201/0x340 genl_rcv_msg+0x573/0x780 netlink_rcv_skb+0x15f/0x430 genl_rcv+0x29/0x40 netlink_unicast+0x546/0x800 netlink_sendmsg+0x958/0xe60 __sys_sendto+0x3a2/0x480 __x64_sys_sendto+0xe1/0x1b0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x68/0xd2 [2] # echo 10 > /sys/bus/netdevsim/new_device # echo 10 > /sys/bus/netdevsim/del_device & # devlink dev Fixes: c2368b19807a ("net: devlink: introduce "unregistering" mark and use it during devlinks iteration") Reported-by: Vivek Reddy Karri <vkarri(a)nvidia.com> Signed-off-by: Ido Schimmel <idosch(a)nvidia.com> --- I read the stable rules and I am not providing an "upstream commit ID" since the code in upstream has been reworked, making this fix irrelevant. The only affected stable kernel is 6.1.y. --- net/devlink/leftover.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/devlink/leftover.c b/net/devlink/leftover.c index 032c7af065cd..c6f781a08d06 100644 --- a/net/devlink/leftover.c +++ b/net/devlink/leftover.c @@ -301,6 +301,9 @@ devlinks_xa_find_get(struct net *net, unsigned long *indexp, xa_mark_t filter, if (!devlink) goto unlock; + /* For a possible retry, the xa_find_after() should be always used */ + xa_find_fn = xa_find_after; + /* In case devlink_unregister() was already called and "unregistering" * mark was set, do not allow to get a devlink reference here. * This prevents live-lock of devlink_unregister() wait for completion. @@ -308,8 +311,6 @@ devlinks_xa_find_get(struct net *net, unsigned long *indexp, xa_mark_t filter, if (xa_get_mark(&devlinks, *indexp, DEVLINK_UNREGISTERING)) goto retry; - /* For a possible retry, the xa_find_after() should be always used */ - xa_find_fn = xa_find_after; if (!devlink_try_get(devlink)) goto retry; if (!net_eq(devlink_net(devlink), net)) { -- 2.46.1

8 months, 2 weeks

5
8
0 0

[PATCH 6.1/6.6] ASoC: SOF: Fix runtime pm usage counter balance after fw exception

by Vitaliy Shevtsov

From: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> commit b30289e7fa927f921bfb4d0d04727461706ae822 upstream. If the retain context is enabled we will unconditionally increment the device's pm use count on each exception and when the drivers are unloaded we do not correct this (as we don't know how many times we 'prevented d3 entry'). Introduce a flag to make sure that we do not increment the use count more than once and on module unload decrement the use count if needed to balance it. Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Link: https://msgid.link/r/20240213114729.7055-1-peter.ujfalusi@linux.intel.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> --- sound/soc/sof/core.c | 10 ++++++++++ sound/soc/sof/debug.c | 8 +++++--- sound/soc/sof/sof-priv.h | 1 + 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/sound/soc/sof/core.c b/sound/soc/sof/core.c index 0938b259f703..cba0af5b86aa 100644 --- a/sound/soc/sof/core.c +++ b/sound/soc/sof/core.c @@ -477,6 +477,16 @@ int snd_sof_device_remove(struct device *dev) */ snd_sof_machine_unregister(sdev, pdata); + /* + * Balance the runtime pm usage count in case we are faced with an + * exception and we forcably prevented D3 power state to preserve + * context + */ + if (sdev->d3_prevented) { + sdev->d3_prevented = false; + pm_runtime_put_noidle(sdev->dev); + } + if (sdev->fw_state > SOF_FW_BOOT_NOT_STARTED) { sof_fw_trace_free(sdev); ret = snd_sof_dsp_power_down_notify(sdev); diff --git a/sound/soc/sof/debug.c b/sound/soc/sof/debug.c index d547318e0d32..7c8aafca8fde 100644 --- a/sound/soc/sof/debug.c +++ b/sound/soc/sof/debug.c @@ -433,13 +433,15 @@ static void snd_sof_ipc_dump(struct snd_sof_dev *sdev) void snd_sof_handle_fw_exception(struct snd_sof_dev *sdev, const char *msg) { - if (IS_ENABLED(CONFIG_SND_SOC_SOF_DEBUG_RETAIN_DSP_CONTEXT) || - sof_debug_check_flag(SOF_DBG_RETAIN_CTX)) { + if ((IS_ENABLED(CONFIG_SND_SOC_SOF_DEBUG_RETAIN_DSP_CONTEXT) || + sof_debug_check_flag(SOF_DBG_RETAIN_CTX)) && !sdev->d3_prevented) { /* should we prevent DSP entering D3 ? */ if (!sdev->ipc_dump_printed) dev_info(sdev->dev, "Attempting to prevent DSP from entering D3 state to preserve context\n"); - pm_runtime_get_if_in_use(sdev->dev); + + if (pm_runtime_get_if_in_use(sdev->dev) == 1) + sdev->d3_prevented = true; } /* dump vital information to the logs */ diff --git a/sound/soc/sof/sof-priv.h b/sound/soc/sof/sof-priv.h index d4f6702e93dc..b27a5f9e1bc8 100644 --- a/sound/soc/sof/sof-priv.h +++ b/sound/soc/sof/sof-priv.h @@ -593,6 +593,7 @@ struct snd_sof_dev { struct list_head dfsentry_list; bool dbg_dump_printed; bool ipc_dump_printed; + bool d3_prevented; /* runtime pm use count incremented to prevent context lost */ /* firmware loader */ struct sof_ipc_fw_ready fw_ready; -- 2.46.2

8 months, 2 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror