- Linux-stable-mirror - lists.linaro.org

[PATCH net] udp: Compute L4 checksum as usual when not segmenting the skb

by Jakub Sitnicki

If: 1) the user requested USO, but 2) there is not enough payload for GSO to kick in, and 3) the egress device doesn't offer checksum offload, then we want to compute the L4 checksum in software early on. In the case when we taking the GSO path, but it has been requested, the software checksum fallback in skb_segment doesn't get a chance to compute the full checksum, if the egress device can't do it. As a result we end up sending UDP datagrams with only a partial checksum filled in, which the peer will discard. Fixes: 10154dbded6d ("udp: Allow GSO transmit from devices with no checksum offload") Reported-by: Ivan Babrou <ivan(a)cloudflare.com> Signed-off-by: Jakub Sitnicki <jakub(a)cloudflare.com> Cc: stable(a)vger.kernel.org --- This shouldn't have fallen through the cracks. I clearly need to extend the net/udpgso selftests further to cover the whole TX path for software USO+csum case. I will follow up with that but I wanted to get the fix out in the meantime. Apologies for the oversight. --- net/ipv4/udp.c | 4 +++- net/ipv6/udp.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 8accbf4cb295..2849b273b131 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -951,8 +951,10 @@ static int udp_send_skb(struct sk_buff *skb, struct flowi4 *fl4, skb_shinfo(skb)->gso_type = SKB_GSO_UDP_L4; skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(datalen, cork->gso_size); + + /* Don't checksum the payload, skb will get segmented */ + goto csum_partial; } - goto csum_partial; } if (is_udplite) /* UDP-Lite */ diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 52dfbb2ff1a8..0cef8ae5d1ea 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -1266,8 +1266,10 @@ static int udp_v6_send_skb(struct sk_buff *skb, struct flowi6 *fl6, skb_shinfo(skb)->gso_type = SKB_GSO_UDP_L4; skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(datalen, cork->gso_size); + + /* Don't checksum the payload, skb will get segmented */ + goto csum_partial; } - goto csum_partial; } if (is_udplite)

8 months, 2 weeks

2
2
0 0

[PATCH v6 0/4] ov08x40: Enable use of ov08x40 on Qualcomm X1E80100 CRD

by Bryan O'Donoghue

Changes in v6: - As I was applying a suggested fix from V5 of this series to other yaml schema in media/i2c it seemed to me that there were a number of properties that would be affected by converting properites: endpoint: additionalProperties: false to unevaluatedProperites: false I pinged Laurent, Sakari, Rob and Krsysztof about that leading to: link-frequencies: true is considered a valid hardware description. We don't want everything in /schemas/media/video-interfaces.yaml to be valid for each of the port{} descriptions for sensors so: a) use additionalProperties: false listing valid properties directly. b) Fixup various schema to list the valid properties in line with above. - Convert unevaluatedProperites: false to additionalProperties: false Laurent - This isn't exactly what Krsysztof gave his RB for so, I've omitted that - Add remote-endpoint: true to port{} - required as result of additionalProperties: false - I'll still follow up this series with a more general fix in-line with the above as TBH I just copy/pasted from some upstream yaml so it looks like a more general remediation is warranted, saving someone else from repeating my mistake. - Add remote-endpoint: true to port{} - required as result of additionalProperties: false - Use schemas/media/video-interface-devices.yaml# with unevaluatedProperites: false So that rotation and orientation are valid - bod - Link to v5: https://lore.kernel.org/r/20241005-b4-master-24-11-25-ov08x40-v5-0-5f1eb2e1… Changes in v5: - Fixes smatch CI splat - Link to v4: https://lore.kernel.org/r/20241003-b4-master-24-11-25-ov08x40-v4-0-7ee2c45f… Changes in v4: - Drops link-frequencies from properties: as discussed here: https://lore.kernel.org/r/Zv6STSKeNNlT83ux@kekkonen.localdomain - Link to v3: https://lore.kernel.org/r/20241002-b4-master-24-11-25-ov08x40-v3-0-483bcdcf… Changes in v3: - Drops assigned-clock-* from description retains in example - Sakari, Krzysztof - Updates example fake clock names to ov08x40_* instead of copy/paste ov9282_clk -> ov08x40_clk, ov9282_clk_parent -> ov08x40_clk_parent - bod - Link to v2: https://lore.kernel.org/r/20241001-b4-master-24-11-25-ov08x40-v2-0-e478976b… Changes in v2: - Drops "-" in ovti,ov08x40.yaml after description: - Rob - Adds ":" after first line of description text - Rob - dts -> DT in commit log - Rob - Removes dependency on 'xvclk' as a name in yaml and driver - Sakari - Uses assigned-clock, assigned-clock-parents and assigned-clock-rates - Sakari - Drops clock-frequency - Sakarai, Krzysztof - Drops dovdd-supply, avdd-supply, dvdd-supply and reset-gpios as required, its perfectly possible not to have the reset GPIO or the power rails under control of the SoC. - bod - Link to v1: https://lore.kernel.org/r/20240926-b4-master-24-11-25-ov08x40-v1-0-e4d5fbd3… V1: This series brings fixes and updates to ov08x40 which allows for use of this sensor on the Qualcomm x1e80100 CRD but also on any other dts based system. Firstly there's a fix for the pseudo burst mode code that was added in 8f667d202384 ("media: ov08x40: Reduce start streaming time"). Not every I2C controller can handle an arbitrary sized write, this is the case on Qualcomm CAMSS/CCI I2C sensor interfaces which limit the transaction size and communicate this limit via I2C quirks. A simple fix to optionally break up the large submitted burst into chunks not exceeding adapter->quirk size fixes. Secondly then is addition of a yaml description for the ov08x40 and extension of the driver to support OF probe and powering on of the power rails from the driver instead of from ACPI. Once done the sensor works without further modification on the Qualcomm x1e80100 CRD. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (4): media: ov08x40: Fix burst write sequence media: dt-bindings: Add OmniVision OV08X40 media: ov08x40: Rename ext_clk to xvclk media: ov08x40: Add OF probe support .../bindings/media/i2c/ovti,ov08x40.yaml | 120 ++++++++++++++ drivers/media/i2c/ov08x40.c | 181 ++++++++++++++++++--- 2 files changed, 277 insertions(+), 24 deletions(-) --- base-commit: 2b7275670032a98cba266bd1b8905f755b3e650f change-id: 20240926-b4-master-24-11-25-ov08x40-c6f477aaa6a4 Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

8 months, 2 weeks

1
1
0 0

[PATCH 6.11 000/558] 6.11.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.11.3 release. There are 558 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Oct 2024 11:55:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.3-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.3-rc1 Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: core: Reduce debug summary table width Namhyung Kim <namhyung(a)kernel.org> perf report: Fix segfault when 'sym' sort key is not used Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Revert Avoid overflow assignment Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx* - Select CRYPTO_AUTHENC Takashi Iwai <tiwai(a)suse.de> ALSA: control: Fix leftover snd_power_unref() Haoran Zhang <wh1sper(a)zju.edu.cn> vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() David Howells <dhowells(a)redhat.com> rxrpc: Fix a race between socket set up and I/O thread creation Christian König <christian.koenig(a)amd.com> drm/sched: revert "Always increment correct scheduler score" Jonathan Gray <jsg(a)jsg.id.au> Revert "drm/amd/display: Skip Recompute DSC Params if no Stream on Link" Matthew Auld <matthew.auld(a)intel.com> drm/xe/vram: fix ccs offset calculation Val Packett <val(a)packett.cool> drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 Matthew Auld <matthew.auld(a)intel.com> drm/xe/vm: move xa_alloc to prevent UAF Matthew Brost <matthew.brost(a)intel.com> drm/xe: Clean up VM / exec queue file lock usage. Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Fix possible crash when unregistering a battery hook Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Simplify battery hook locking Heiner Kallweit <hkallweit1(a)gmail.com> r8169: add tally counter fields added with RTL8125 Colin Ian King <colin.i.king(a)gmail.com> r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" Udit Kumar <u-kumar1(a)ti.com> remoteproc: k3-r5: Delay notification of wakeup event Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Acquire mailbox handle during probe routine Chuck Lever <chuck.lever(a)oracle.com> NFSD: Limit the number of concurrent async COPY operations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Async COPY result needs to return a write verifier NeilBrown <neilb(a)suse.de> sunrpc: change sp_nrthreads from atomic_t to unsigned int. Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` Yosry Ahmed <yosryahmed(a)google.com> mm: z3fold: deprecate CONFIG_Z3FOLD Oleg Nesterov <oleg(a)redhat.com> uprobes: fix kernel info leak via "[uprobes]" vma Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround once more Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-N3 definitions Masahiro Yamada <masahiroy(a)kernel.org> kconfig: qconf: fix buffer overflow in debug links Masahiro Yamada <masahiroy(a)kernel.org> kconfig: qconf: move conf_read() before drawing tree pain Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix infinite loop in sym_calc_choice() Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix system hang while resume with TBT monitor Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 Leo Li <sunpeng.li(a)amd.com> drm/amd/display: Enable idle workqueue for more IPS modes Alex Hung <alex.hung(a)amd.com> drm/amd/display: Add HDR workaround for specific eDP Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Restore Optimized pbn Value if Failed to Disable DSC Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Always increment correct scheduler score Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Add locking to drm_sched_entity_modify_sched Rob Clark <robdclark(a)chromium.org> drm/sched: Fix dynamic job-flow control race Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Don't declare a queue blocked if deferred operations are pending Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Don't add write fences to the shared BOs Jani Nikula <jani.nikula(a)intel.com> drm/i915/gem: fix bitwise and logical AND mixup Al Viro <viro(a)zeniv.linux.org.uk> close_range(): fix the logics in descriptor table trimming Thomas Zimmermann <tzimmermann(a)suse.de> firmware/sysfb: Disable sysfb for firmware buffers with unknown parent Eder Zulian <ezulian(a)redhat.com> rtla: Fix the help text in osnoise and timerlat top tools Wei Li <liwei391(a)huawei.com> tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline Wei Li <liwei391(a)huawei.com> tracing/timerlat: Fix a race during cpuhp processing Wei Li <liwei391(a)huawei.com> tracing/timerlat: Drop interface_lock in stop_kthread() Wei Li <liwei391(a)huawei.com> tracing/hwlat: Fix a race during cpuhp processing Patrick Donnelly <pdonnell(a)redhat.com> ceph: fix cap ref leak via netfs init_request Jens Axboe <axboe(a)kernel.dk> io_uring/net: harden multishot termination case for recv Jiawei Ye <jiawei.ye(a)foxmail.com> mac802154: Fix potential RCU dereference issue in mac802154_scan_worker Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Jiawen Wu <jiawenwu(a)trustnetic.com> net: pcs: xpcs: fix the wrong register that was written back Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: davinci: fix lazy disable Uwe Kleine-König <ukleinek(a)debian.org> cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock Miquel Sabaté Solà <mikisabate(a)gmail.com> cpufreq: Avoid a bad reference count on CPU node Filipe Manana <fdmanana(a)suse.com> btrfs: wait for fixup workers before stopping cleaner kthread during umount Filipe Manana <fdmanana(a)suse.com> btrfs: send: fix invalid clone operation for file that got its size decreased Josef Bacik <josef(a)toxicpanda.com> btrfs: drop the backref cache during relocation if we commit Qu Wenruo <wqu(a)suse.com> btrfs: fix a NULL pointer dereference when failed to start a new trasacntion Filipe Manana <fdmanana(a)suse.com> btrfs: send: fix buffer overflow detection when copying path to cache entry Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Loosen the Asus E1404GAB DMI match to also cover the E1404GA Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Remove duplicate Asus E1504GAB IRQ override Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add backlight=native quirk for Dell OptiPlex 5480 AIO Christian Brauner <brauner(a)kernel.org> pidfs: check for valid pid namespace Baokun Li <libaokun1(a)huawei.com> cachefiles: fix dentry leak in cachefiles_open_file() Benjamin Tissoires <bentiss(a)kernel.org> HID: bpf: fix cfi stubs for hid_bpf_ops Nuno Sa <nuno.sa(a)analog.com> Input: adp5589-keys - fix adp5589_gpio_get_value() Nuno Sa <nuno.sa(a)analog.com> Input: adp5589-keys - fix NULL pointer dereference Steve Sistare <steven.sistare(a)oracle.com> mm/hugetlb: simplify refs in memfd_alloc_folio Steve Sistare <steven.sistare(a)oracle.com> mm/gup: fix memfd_pin_folios alloc race panic Steve Sistare <steven.sistare(a)oracle.com> mm/gup: fix memfd_pin_folios hugetlb page allocation Steve Sistare <steven.sistare(a)oracle.com> mm/hugetlb: fix memfd_pin_folios resv_huge_pages leak Steve Sistare <steven.sistare(a)oracle.com> mm/hugetlb: fix memfd_pin_folios free_huge_pages leak Steve Sistare <steven.sistare(a)oracle.com> mm/filemap: fix filemap_get_folios_contig THP panic Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rtc: at91sam9: fix OF node leak in probe() error path KhaiWenTan <khai.wen.tan(a)linux.intel.com> net: stmmac: Fix zero-division error when disabling tc cbs Muhammad Usama Anjum <usama.anjum(a)collabora.com> kselftests: mm: fix wrong __NR_userfaultfd value Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fallback to realpath if symlink's pathname does not exist Willem de Bruijn <willemb(a)google.com> gso: fix udp gso fraglist segmentation after pull from frag_list Felix Fietkau <nbd(a)nbd.name> net: gso: fix tcp fraglist segmentation after pull from frag_list Willem de Bruijn <willemb(a)google.com> vrf: revert "vrf: Remove unnecessary RCU-bh critical section" Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Fix waiting time for BMP3xx configuration Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Fix regmap for BMP280 device Barnabás Czémán <barnabas.czeman(a)mainlining.org> iio: magnetometer: ak8975: Fix reading for ak099xx sensors Steve French <stfrench(a)microsoft.com> smb3: fix incorrect mode displayed for read-only files wangrong <wangrong(a)uniontech.com> smb: client: use actual path when queryfs Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: avoid set dispclk to 0 Ajit Pandey <quic_ajipan(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix ordering of pm_runtime_enable Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sc8180x: Add GPLL9 support Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Remove use_count guard in stop_streaming Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable() Zheng Wang <zyytlz.wz(a)163.com> media: venus: fix use after free bug in venus_remove due to race condition Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src David Virag <virag.david003(a)gmail.com> clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix Mike Tipton <quic_mdtipton(a)quicinc.com> clk: qcom: clk-rpmh: Fix overflow in BCM vote Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on sc8180x Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable() Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: sun4i_csi: Implement link validate for sun4i_csi subdev Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: videobuf2: Drop minimum allocation requirement of 2 buffers Julian Sun <sunjunchao2870(a)gmail.com> gfs2: fix double destroy_workqueue error Jan Kiszka <jan.kiszka(a)siemens.com> remoteproc: k3-r5: Fix error handling when power-up failed Bastien Curutchet <bastien.curutchet(a)bootlin.com> leds: pca9532: Remove irrelevant blink configuration error message Sebastian Reichel <sebastian.reichel(a)collabora.com> clk: rockchip: fix error for unknown clocks Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: ov5675: Fix power on/off delay timings Umang Jain <umang.jain(a)ideasonboard.com> media: imx335: Fix reset-gpio handling Chun-Yi Lee <joeyli.kernel(a)gmail.com> aoe: fix the potential use-after-free problem in more places Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix kernel stack size when KASAN is enabled Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Align errno for unsupported perf event Long Li <longli(a)microsoft.com> RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page Long Li <longli(a)microsoft.com> RDMA/mana_ib: use the correct page table index based on hardware page size Thomas Weißschuh <linux(a)weissschuh.net> sysctl: avoid spurious permanent empty tables Kaixin Wang <kxwang23(a)m.fudan.edu.cn> i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix NFSv4's PUTPUBFH operation Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: map the EBADMSG to nfserr_io to avoid warning NeilBrown <neilb(a)suse.de> nfsd: fix delegation_blocked() to block correctly for at least 30 seconds Matt Fleming <matt(a)readmodwrite.com> perf hist: Update hist symbol when updating maps Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Disable -Wno-cast-function-type-mismatch if present on clang Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix memory leak in exfat_load_bitmap() Jisheng Zhang <jszhang(a)kernel.org> riscv: define ILLEGAL_POINTER_VALUE for 64bit Johannes Weiner <hannes(a)cmpxchg.org> sched: psi: fix bogus pressure spikes from aggregation race Youssef Esmat <youssefesmat(a)google.com> sched/core: Clear prev->dl_server in CFS pick fast path Joel Fernandes (Google) <joel(a)joelfernandes.org> sched/core: Add clearing of ->dl_server in put_prev_task_balance() Daniel Bristot de Oliveira <bristot(a)kernel.org> sched/deadline: Comment sched_dl_entity::dl_server variable José Roberto de Souza <jose.souza(a)intel.com> drm/xe/oa: Don't reset OAC_CONTEXT_ENABLE on OA stream close Matthew Auld <matthew.auld(a)intel.com> drm/xe: fix UAF around queue destruction Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 Mark Rutland <mark.rutland(a)arm.com> arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> scripts/gdb: fix lx-mounts command error Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> scripts/gdb: add iteration function for rbtree Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> scripts/gdb: fix timerlist parsing issue Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Julian Sun <sunjunchao2870(a)gmail.com> ocfs2: fix null-ptr-deref when journal load failed. Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: remove unreasonable unlock in ocfs2_read_blocks Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: cancel dqi_sync_work before freeing oinfo Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> ocfs2: reserve space for inline xattr before attaching reflink tree Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: fix uninit-value in ocfs2_get_block() Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix the la space leak when unmounting an ocfs2 volume Danilo Krummrich <dakr(a)kernel.org> mm: krealloc: consider spare memory for __GFP_ZERO Kemeng Shi <shikemeng(a)huaweicloud.com> jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit Baokun Li <libaokun1(a)huawei.com> jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error Andrii Nakryiko <andrii(a)kernel.org> lib/buildid: harden build ID parsing logic Huang Ying <ying.huang(a)intel.com> resource: fix region_intersects() vs add_memory_driver_managed() Ma Ke <make24(a)iscas.ac.cn> drm: omapdrm: Add missing check for alloc_ordered_workqueue Andrew Jones <ajones(a)ventanamicro.com> of/irq: Support #msi-cells=<0> in of_msi_get_domain Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Report error on resource bounds overflow Val Packett <val(a)packett.cool> drm/rockchip: vop: clear DMA stop bit on RK3066 Helge Deller <deller(a)gmx.de> parisc: Fix stack start for ADDR_NO_RANDOMIZE personality Helge Deller <deller(a)kernel.org> parisc: Allow mmap(MAP_STACK) memory to automatically expand upwards Helge Deller <deller(a)kernel.org> parisc: Fix 64-bit userspace syscall path Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Generate oob before compiling anything Baokun Li <libaokun1(a)huawei.com> ext4: fix off by one issue in alloc_flex_gd() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: mark fc as ineligible using an handle in ext4_xattr_set() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: use handle to mark fc as ineligible in __track_dentry_update() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix fast commit inode enqueueing during a full journal commit Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() Baokun Li <libaokun1(a)huawei.com> ext4: update orig_path in ext4_find_extent() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix access to uninitialised lock in fc replay path Xiaxi Shen <shenxiaxi26(a)gmail.com> ext4: fix timer use-after-free on failed mount Baokun Li <libaokun1(a)huawei.com> ext4: fix double brelse() the buffer of the extents path Baokun Li <libaokun1(a)huawei.com> ext4: aovid use-after-free in ext4_ext_insert_extent() Baokun Li <libaokun1(a)huawei.com> ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() Zhihao Cheng <chengzhihao1(a)huawei.com> ext4: dax: fix overflowing extents beyond inode size when partially writing Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() Baokun Li <libaokun1(a)huawei.com> ext4: propagate errors from ext4_find_extent() in ext4_insert_range() Baokun Li <libaokun1(a)huawei.com> ext4: fix slab-use-after-free in ext4_split_extent_at() yao.ly <yao.ly(a)linux.alibaba.com> ext4: correct encrypted dentry name hash when not casefolded Edward Adam Davis <eadavis(a)qq.com> ext4: no need to continue when the number of entries is 1 Abhishek Tamboli <abhishektamboli9(a)gmail.com> ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 Nikolai Afanasenkov <nikolai.afanasenkov(a)hp.com> ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 Hans P. Moller <hmoller(a)uc.cl> ALSA: line6: add hw monitor volume control to POD HD500X Jan Lalinsky <lalinsky(a)c4.cz> ALSA: usb-audio: Add native DSD support for Luxman D-08u Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET Jaroslav Kysela <perex(a)perex.cz> ALSA: core: add isascii() check to card ID generator Baojun Xu <baojun.xu(a)ti.com> ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop Thomas Zimmermann <tzimmermann(a)suse.de> drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS Javier Carrasco <javier.carrasco.cruz(a)gmail.com> drm/mediatek: ovl_adaptor: Add missing of_node_put() Helge Deller <deller(a)gmx.de> parisc: Fix itlb miss handler for 64-bit programs Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/v3d: Prevent out of bounds access in performance query extensions Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix small negative period being ignored Hans de Goede <hdegoede(a)redhat.com> power: supply: Drop use_cnt check from power_supply_property_is_writeable() Peng Fan <peng.fan(a)nxp.com> mm, slub: avoid zeroing kmalloc redzone Hans de Goede <hdegoede(a)redhat.com> power: supply: hwmon: Fix missing temp1_max_alarm attribute Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcm63xx: Fix missing pm_runtime_disable() Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcm63xx: Fix module autoloading David Virag <virag.david003(a)gmail.com> dt-bindings: clock: exynos7885: Fix duplicated binding Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> memory: tegra186-emc: drop unused to_tegra186_emc() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() Mike Baynton <mike(a)mbaynton.com> ovl: fail if trusted xattrs are needed but caller lacks permission Alice Ryhl <aliceryhl(a)google.com> rust: sync: require `T: Sync` for `LockedBy::access` Ard Biesheuvel <ardb(a)kernel.org> i2c: synquacer: Deal with optional PCLK correctly Kimriver Liu <kimriver.liu(a)siengine.com> i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled Jinjie Ruan <ruanjinjie(a)huawei.com> i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled Heiner Kallweit <hkallweit1(a)gmail.com> i2c: core: Lock address during client device instantiation Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: ar0521: Use cansleep version of gpiod_set_value() Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Wait for TX empty to avoid missed TX NAKs Jinjie Ruan <ruanjinjie(a)huawei.com> i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() Marek Vasut <marex(a)denx.de> i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume Marc Zyngier <maz(a)kernel.org> KVM: arm64: Fix kvm_has_feat*() handling of negative features Zach Wade <zachwade.k(a)gmail.com> platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors Takashi Iwai <tiwai(a)suse.de> Revert "ALSA: hda: Conditionally use snooping for AMD HDMI" Daeho Jeong <daehojeong(a)google.com> f2fs: forcibly migrate to secure space for zoned device file pinning Daeho Jeong <daehojeong(a)google.com> f2fs: do FG_GC when GC boosting is required for zoned devices Daeho Jeong <daehojeong(a)google.com> f2fs: increase BG GC migration window granularity when boosted for zoned devices Daeho Jeong <daehojeong(a)google.com> f2fs: introduce migration_window_granularity Daeho Jeong <daehojeong(a)google.com> f2fs: make BG GC more aggressive for zoned devices Heiko Carstens <hca(a)linux.ibm.com> selftests: vDSO: fix vdso_config for s390 Jens Remus <jremus(a)linux.ibm.com> selftests: vDSO: fix ELF hash table entry size for s390x Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Fix VDSO data access when running in a non-root time namespace Chao Yu <chao(a)kernel.org> f2fs: fix to don't panic system for no free segment fault injection Liao Yuanhong <liaoyuanhong(a)vivo.com> f2fs: add write priority option based on zone UFS Arnd Bergmann <arnd(a)arndb.de> nvme-tcp: fix link failure for TCP auth David Hildenbrand <david(a)redhat.com> selftests/mm: fix charge_reserved_hugetlb.sh test Gabriel Krisman Bertazi <krisman(a)suse.de> ext4: fix error message when rejecting the default hash Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vDSO symbols lookup for powerpc64 Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vdso_config for powerpc Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vDSO name for powerpc Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Fix memory leak on xe_alloc_pf_queue failure Matthew Auld <matthew.auld(a)intel.com> drm/xe: fixup xe_alloc_pf_queue Namhyung Kim <namhyung(a)kernel.org> perf: Really fix event_function_call() locking Ian Rogers <irogers(a)google.com> perf callchain: Fix stitch LBR memory leaks Takashi Iwai <tiwai(a)suse.de> ALSA: control: Fix power_ref lock order for compat code, too Biju Das <biju.das.jz(a)bp.renesas.com> spi: rpc-if: Add missing MODULE_DEVICE_TABLE Alexander F. Lent <lx(a)xanderlent.com> accel/ivpu: Add missing MODULE_FIRMWARE metadata Yifei Liu <yifei.l.liu(a)oracle.com> selftests: breakpoints: use remaining time to check if suspend succeed Alessandro Zanni <alessandro.zanni87(a)gmail.com> kselftest/devices/probe: Fix SyntaxWarning in regex strings for Python3 Ben Dooks <ben.dooks(a)codethink.co.uk> spi: s3c64xx: fix timeout counters in flush_fifo Yun Lu <luyun(a)kylinos.cn> selftest: hid: add missing run-hid-tools-tests.sh Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-cadence: Fix missing spi_controller_is_target() check Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-cadence: Fix pm_runtime_set_suspended() with runtime pm enabled Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled Ben Cheatham <Benjamin.Cheatham(a)amd.com> EINJ, CXL: Fix CXL device SBDF calculation Yonghong Song <yonghong.song(a)linux.dev> bpf: Fix a sdiv overflow issue Kuan-Wei Chiu <visitorckw(a)gmail.com> bpftool: Fix undefined behavior in qsort(NULL, 0, ...) Christoph Hellwig <hch(a)lst.de> iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release Kuan-Wei Chiu <visitorckw(a)gmail.com> bpftool: Fix undefined behavior caused by shifting into the sign bit Artem Sadovnikov <ancowi69(a)gmail.com> ext4: fix i_data_sem unlock order in ext4_ind_migrate() Baokun Li <libaokun1(a)huawei.com> ext4: avoid use-after-free in ext4_ext_show_leaf() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: ext4_search_dir should return a proper error Juntong Deng <juntong.deng(a)outlook.com> bpf: Make the pointer returned by iter next method valid Jan Kara <jack(a)suse.cz> ext4: don't set SB_RDONLY after filesystem errors Lizhi Xu <lizhi.xu(a)windriver.com> ext4: filesystems without casefold feature cannot be mounted with siphash Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Adjust Xiaomi Pad 2 bottom bezel touch buttons LED Luiz Capitulino <luizcap(a)redhat.com> platform/mellanox: mlxbf-pmc: fix lockdep warning Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add refcnt to ksmbd_conn struct Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: i2c-hid: ensure various commands do not interfere with each other Zhu Jun <zhujun2(a)cmss.chinamobile.com> tools/hv: Add memory allocation check in hv_fcopy_start Gergo Koteles <soyer(a)irl.hu> platform/x86: lenovo-ymc: Ignore the 0x0 state Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx10: use rlc safe mode for soft recovery Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: use rlc safe mode for soft recovery Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx12: use rlc safe mode for soft recovery Amir Goldstein <amir73il(a)gmail.com> ovl: fsync after metadata copy-up Haren Myneni <haren(a)linux.ibm.com> powerpc/pseries: Use correct data types from pseries_hp_errorlog struct Ahmed, Muhammad <Ahmed.Ahmed(a)amd.com> drm/amd/display: guard write a 0 post_divider value to HW Geert Uytterhoeven <geert+renesas(a)glider.be> of/irq: Refer to actual buffer size in of_irq_parse_one() Matthew Brost <matthew.brost(a)intel.com> drm/xe: Drop warn on xe_guc_pc_gucrc_disable in guc pc fini Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdkfd: Check int source id for utcl2 poison event Tim Huang <tim.huang(a)amd.com> drm/amd/pm: ensure the fw_info is not null before using it Stuart Summers <stuart.summers(a)intel.com> drm/xe: Use topology to determine page fault queue size Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: enter safe mode before touching CP_INT_CNTL Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: use rlc safe mode for soft recovery Victor Skvortsov <victor.skvortsov(a)amd.com> drm/amdgpu: Block MMR_READ IOCTL in reset Sunil Khatri <sunil.khatri(a)amd.com> drm/amdgpu: fix ptr check warning in gfx11 ip_dump Sunil Khatri <sunil.khatri(a)amd.com> drm/amdgpu: fix ptr check warning in gfx10 ip_dump Sunil Khatri <sunil.khatri(a)amd.com> drm/amdgpu: fix ptr check warning in gfx9 ip_dump Austin Zheng <Austin.Zheng(a)amd.com> drm/amd/display: Unlock Pipes Based On DET Allocation Geert Uytterhoeven <geert+renesas(a)glider.be> drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() Finn Thain <fthain(a)linux-m68k.org> scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers Peter Zijlstra <peterz(a)infradead.org> perf: Fix event_function_call() locking Tim Huang <tim.huang(a)amd.com> drm/amdgpu: fix unchecked return value warning for amdgpu_atombios Tim Huang <tim.huang(a)amd.com> drm/amdgpu: fix unchecked return value warning for amdgpu_gfx Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Force enable 3DLUT DMA check for dcn401 in DML Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update PRLO handling in direct attached topology Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths Kees Cook <kees(a)kernel.org> scsi: aacraid: Rearrange order of struct aac_srb_unit Andrii Nakryiko <andrii(a)kernel.org> perf,x86: avoid missing caller address in stack traces captured in uprobe Matthew Brost <matthew.brost(a)intel.com> drm/printer: Allow NULL data in devcoredump printer Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize get_bytes_per_element's default to 1 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Avoid overflow assignment in link_dp_cts Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check stream_status before it is used Alex Hung <alex.hung(a)amd.com> drm/amd/display: Fix possible overflow in integer multiplication Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: properly handle error ints on all pipes Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx12: properly handle error ints on all pipes Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in DCN30 color transformation Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Implement bounds check for stream encoder creation in DCN401 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in degamma hardware format translation Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Increase array size of dummy_boolean Chris Park <chris.park(a)amd.com> drm/amd/display: Deallocate DML memory if allocation fails Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check stream before comparing them Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check phantom_stream before it is used Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null-initialized variables Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize denominators' default to 1 Yannick Fertre <yannick.fertre(a)foss.st.com> drm/stm: ltdc: reset plane transparency after plane disable Uma Shankar <uma.shankar(a)intel.com> drm/xe/fbdev: Limit the usage of stolen for LNL+ Matthew Brost <matthew.brost(a)intel.com> drm/xe: Add timeout to preempt fences aln8 <aln8un(a)gmail.com> platform/x86/amd: pmf: Add quirk for TUF Gaming A14 Ckath <ckath(a)yandex.ru> platform/x86: touchscreen_dmi: add nanote-next quirk Vishnu Sankar <vishnuocv(a)gmail.com> HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio Jesse Zhang <jesse.zhang(a)amd.com> drm/amdkfd: Fix resource leak in criu restore queue Peng Liu <liupeng01(a)kylinos.cn> drm/amdgpu: enable gfxoff quirk on HP 705G4 Peng Liu <liupeng01(a)kylinos.cn> drm/amdgpu: add raven1 gfxoff quirk Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> jfs: Fix uninit-value access of new_ea in ea_buffer Konrad Dybcio <konradybcio(a)kernel.org> drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs David Strahan <David.Strahan(a)microchip.com> scsi: smartpqi: add new controller PCI IDs Mahesh Rajashekhara <mahesh.rajashekhara(a)microchip.com> scsi: smartpqi: correct stream detection Edward Adam Davis <eadavis(a)qq.com> jfs: check if leafidx greater than num leaves per dmap tree Edward Adam Davis <eadavis(a)qq.com> jfs: Fix uaf in dbFreeBits Remington Brasga <rbrasga(a)uci.edu> jfs: UBSAN: shift-out-of-bounds in dbFindBits Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: add list empty check to avoid null pointer issue Tim Huang <tim.huang(a)amd.com> drm/amd/display: fix double free issue during amdgpu module unload Matt Roper <matthew.d.roper(a)intel.com> drm/xe: Name and document Wa_14019789679 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Check null pointer before try to access it Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointers before using dc->clk_mgr Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2) Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: fix a UBSAN warning in DML2.1 Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for function pointer in dcn401_set_output_transfer_func Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' Daniel Sa <Daniel.Sa(a)amd.com> drm/amd/display: Underflow Seen on DCN401 eGPU Hans de Goede <hdegoede(a)redhat.com> HID: Ignore battery for all ELAN I2C-HID devices David Strahan <David.Strahan(a)microchip.com> scsi: smartpqi: Add new controller PCI IDs Jiri Olsa <olsajiri(a)gmail.com> selftests/bpf: fix uprobe.path leak in bpf_testmod Damien Le Moal <dlemoal(a)kernel.org> ata: sata_sil: Rename sil_blacklist to sil_quirks Damien Le Moal <dlemoal(a)kernel.org> ata: pata_serverworks: Do not use the term blacklist Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe Suraj Kandpal <suraj.kandpal(a)intel.com> drm/xe/hdcp: Check GSC structure validity Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointers before multiple uses Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointers before used Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointers before using them Alex Hung <alex.hung(a)amd.com> drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags Katya Orlova <e.orlova(a)ispras.ru> drm/stm: Avoid use-after-free issues with crtc and plane Michal Koutný <mkoutny(a)suse.com> cgroup: Disallow mounting v1 hierarchies without controller implementation Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Do not use devm for the cd table allocations Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Unconditionally flush device TLB for pasid table updates Sanjay K Kumar <sanjay.k.kumar(a)intel.com> iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Always reserve a domain ID for identity setup Mostafa Saleh <smostafa(a)google.com> iommu/arm-smmu-v3: Match Stall behaviour for S2 Andrew Davis <afd(a)ti.com> power: reset: brcmstb: Do not go into infinite loop if reset fails Paul E. McKenney <paulmck(a)kernel.org> rcuscale: Provide clear error when async specified without primitives Ulf Hansson <ulf.hansson(a)linaro.org> pmdomain: core: Use dev_name() instead of kobject_get_path() in debugfs Ulf Hansson <ulf.hansson(a)linaro.org> pmdomain: core: Don't hold the genpd-lock when calling dev_pm_domain_set() Kaixin Wang <kxwang23(a)m.fudan.edu.cn> fbdev: pxafb: Fix possible use after free in pxafb_task() Thomas Weißschuh <linux(a)weissschuh.net> fbdev: efifb: Register sysfs groups through driver core Denis Pauk <pauk.denis(a)gmail.com> hwmon: (nct6775) add G15CF to ASUS WMI monitoring list Zqiang <qiang.zhang1211(a)gmail.com> rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb() Pierre-Louis Bossart <pierre-louis.bossart(a)linux.dev> ASoC: Intel: boards: always check the result of acpi_dev_get_first_match_dev() Kees Cook <kees(a)kernel.org> x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() Thomas Weißschuh <linux(a)weissschuh.net> selftests/nolibc: avoid passing NULL to printf("%s") Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: powerpc: limit stack-protector workaround to GCC Takashi Iwai <tiwai(a)suse.de> ALSA: hdsp: Break infinite MIDI input flush loop Takashi Iwai <tiwai(a)suse.de> ALSA: asihpi: Fix potential OOB array access Steve Wahl <steve.wahl(a)hpe.com> x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Tao Liu <ltao(a)redhat.com> x86/kexec: Add EFI config table identity mapping for kexec kernel Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> x86/pkeys: Restore altstack access in sigreturn() Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> x86/pkeys: Add PKRU as a parameter in signal handling functions Ahmed S. Darwish <darwi(a)linutronix.de> tools/x86/kcpuid: Protect against faulty "max subleaf" values Takashi Iwai <tiwai(a)suse.de> ALSA: control: Take power_ref lock primarily Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa883x: Handle reading version failure Joshua Pius <joshuapius(a)chromium.org> ALSA: usb-audio: Add logitech Audio profile quirk Joshua Grisham <josh(a)joshuagrisham.com> ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init Asahi Lina <lina(a)asahilina.net> ALSA: usb-audio: Add mixer quirk for RME Digiface USB Cyan Nyan <cyan.vtb(a)gmail.com> ALSA: usb-audio: Add quirk for RME Digiface USB Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Replace complex quirk lines with macros Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Define macros for quirk table entries Karol Kosik <k.kosik(a)outlook.com> ALSA: usb-audio: Support multiple control interfaces Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Remove logical destination mode for 64-bit Thomas Gleixner <tglx(a)linutronix.de> x86/ioapic: Handle allocation failures gracefully Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add input value sanity checks for standard types Jinjie Ruan <ruanjinjie(a)huawei.com> nfp: Use IRQF_NO_AUTOEN flag in request_irq() David Howells <dhowells(a)redhat.com> netfs: Cancel dirty folios that have no storage destination Gustavo A. R. Silva <gustavoars(a)kernel.org> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation Yang Shen <shenyang39(a)huawei.com> crypto: hisilicon - fix missed error branch Joe Damato <jdamato(a)fastly.com> net: napi: Prevent overflow of napi_defer_hard_irqs David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix handling when SRSO mitigation is disabled Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bugs: Add missing NO_SSB flag Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: avoid reading out of bounds when loading TX power FW elements Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: phy: Check for read errors in SIOCGMIIREG Fares Mehanna <faresx(a)amazon.de> arm64: trans_pgd: mark PTEs entries as valid to avoid dead kexec() Huacai Chen <chenhuacai(a)kernel.org> cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request() Anastasia Belova <abelova(a)astralinux.ru> cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value Alexey Dobriyan <adobriyan(a)gmail.com> block: fix integer overflow in BLKSECDISCARD Marek Vasut <marex(a)denx.de> wifi: wilc1000: Do not operate uninitialized hardware during suspend/resume Joe Damato <jdamato(a)fastly.com> netdev-genl: Set extack and fix error on napi-get Stefan Mätje <stefan.maetje(a)esd.eu> can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode Puranjay Mohan <pjy(a)amazon.com> nvme: fix metadata handling in nvme-passthrough James Clark <james.clark(a)linaro.org> drivers/perf: arm_spe: Use perf_allow_kernel() for permissions Mateusz Guzik <mjguzik(a)gmail.com> vfs: use RCU in ilookup Adrian Ratiu <adrian.ratiu(a)collabora.com> proc: add config & param to block forcing mem writes Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> ACPICA: iasl: handle empty connection_node Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix RCU list iterations Nikunj A Dadhania <nikunj(a)amd.com> virt: sev-guest: Ensure the SNP guest messages do not exceed a page Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: avoid NULL pointer dereference Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: allow only CN mcc from WRDD Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: use correct key iteration Jason Xing <kernelxing(a)tencent.com> tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process Breno Leitao <leitao(a)debian.org> netpoll: Ensure clean state on setup failures Herbert Xu <herbert(a)gondor.apana.org.au> crypto: simd - Do not call crypto_alloc_tfm during registration Simon Horman <horms(a)kernel.org> net: atlantic: Avoid warning about potential string truncation Hannes Reinecke <hare(a)kernel.org> nvme-tcp: check for invalidated or revoked key Hannes Reinecke <hare(a)kernel.org> nvme-tcp: sanitize TLS key handling Hannes Reinecke <hare(a)kernel.org> nvme-keyring: restrict match length for version '1' identifiers Ido Schimmel <idosch(a)nvidia.com> ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: do not remove elements if set backend implements .abort Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: correct base HT rate mask for firmware Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). Simon Horman <horms(a)kernel.org> bnxt_en: Extend maximum length of version string by 1 byte Simon Horman <horms(a)kernel.org> net: mvpp2: Increase size of queue_name buffer Jakub Kicinski <kuba(a)kernel.org> net: skbuff: sprinkle more __GFP_NOWARN on ingress allocs Simon Horman <horms(a)kernel.org> tipc: guard against string buffer overrun Pei Xiao <xiaopei01(a)kylinos.cn> ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: EC: Do not release locks during operation region accesses Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: 885xb: reset IDMEM mode to prevent download firmware failure James Chapman <jchapman(a)katalix.com> l2tp: use rcu list add/del when updating lists James Chapman <jchapman(a)katalix.com> l2tp: free sessions using rcu Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw88: select WANT_DEV_COREDUMP Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath11k: fix array out-of-bound access in SoC stats Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: fix array out-of-bound access in SoC stats Johannes Thumshirn <jthumshirn(a)wdc.com> btrfs: don't readahead the relocation inode on RST Konstantin Ovsepian <ovs(a)ovs.to> blk_iocost: fix more out of bound shifts Mario Limonciello <mario.limonciello(a)amd.com> ACPI: CPPC: Add support for setting EPP register in FFH Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btrtl: Set msft ext address filter quirk for RTL8852B Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: consistently use rcu_replace_pointer() in taprio_change() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Vivobook Go E1404GAB Li Zhijian <lizhijian(a)fujitsu.com> fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name Mateusz Guzik <mjguzik(a)gmail.com> exec: don't WARN for racy path_noexec check Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_field() fails Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails Seiji Nishikawa <snishika(a)redhat.com> ACPI: PAD: fix crash in exit_round_robin() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_mdio: fix OF node leak in probe() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hip04: fix OF node leak in probe() Jeongjun Park <aha310510(a)gmail.com> net/xen-netback: prevent UAF in xenvif_flush_hash() Issam Hamdi <ih(a)simonwunderlich.de> wifi: cfg80211: Set correct chandef when starting CAC Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: drop wrong STA selection in TX Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Fix a race in scan abort flow Aleksandr Mishin <amishin(a)t-argos.ru> ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx2 - Fix authenc setkey Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx - Fix authenc setkey Fangrui Song <maskray(a)google.com> crypto: x86/sha256 - Add parentheses around macros' single arguments Kai-Heng Feng <kai.heng.feng(a)canonical.com> intel_idle: Disable promotion to C1E on Jasper Lake and Elkhart Lake Toke Høiland-Jørgensen <toke(a)redhat.com> wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: avoid to add interface to list twice when SER Dmitry Kandybka <d.kandybka(a)gmail.com> wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() James Chapman <jchapman(a)katalix.com> l2tp: prevent possible tunnel refcount underflow Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: avoid failing the system during pm_suspend Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Re-enable panel replay feature Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix VRR cannot enable Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Disable replay if VRR capability is false Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ALSA: gus: Fix some error handling paths related to get_bpos() usage Ben Hutchings <benh(a)debian.org> tools/rtla: Fix installation from out-of-tree build Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() Pali Rohár <pali(a)kernel.org> cifs: Do not convert delimiter when parsing NFS-style symlinks Pali Rohár <pali(a)kernel.org> cifs: Fix buffer overflow when parsing NFS reparse points Zhanjun Dong <zhanjun.dong(a)intel.com> drm/xe: Prevent null pointer access in xe_migrate_copy Matthew Brost <matthew.brost(a)intel.com> drm/xe: Resume TDR after GT reset Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: add missing locking in wedged_fini Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Restore pci state upon resume Hui Wang <hui.wang(a)canonical.com> ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Lock the VM resv before calling drm_gpuvm_bo_obtain_prealloc() Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create reparse call Oder Chiou <oder_chiou(a)realtek.com> ALSA: hda/realtek: Fix the push button function for the ALC257 Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ALSA: mixer_oss: Remove some incorrect kfree_const() usages Dirk Behme <dirk.behme(a)de.bosch.com> rust: mutex: fix __mutex_init() usage in case of PREEMPT_RT Gary Guo <gary(a)garyguo.net> rust: kbuild: auto generate helper exports Andreas Hindborg <a.hindborg(a)kernel.org> rust: kbuild: split up helpers.c Guixin Liu <kanie(a)linux.alibaba.com> io_uring: fix memory leak when cache init fail Derek Foreman <derek.foreman(a)collabora.com> drm/connector: hdmi: Fix writing Dynamic Range Mastering infoframes Andrei Simion <andrei.simion(a)microchip.com> ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized Steven Price <steven.price(a)arm.com> drm/panthor: Fix race when converting group handle to group object Tang Bin <tangbin(a)cmss.chinamobile.com> ASoC: topology: Fix incorrect addressing assignments Xin Long <lucien.xin(a)gmail.com> sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start Ravikanth Tuniki <ravikanth.tuniki(a)amd.com> dt-bindings: net: xlnx,axi-ethernet: Add missing reg minItems Darrick J. Wong <djwong(a)kernel.org> iomap: constrain the file range passed to iomap_file_unshare Eddie James <eajames(a)linux.ibm.com> net/ncsi: Disable the ncsi work before freeing the associated structure Ido Schimmel <idosch(a)nvidia.com> bridge: mcast: Fail MDB get request on empty entry Hui Wang <hui.wang(a)canonical.com> net: phy: realtek: Check the index value in led_hw_control_get Eric Dumazet <edumazet(a)google.com> ppp: do not assume bh is held in ppp_channel_bridge_input() Eric Dumazet <edumazet(a)google.com> net: test for not too small csum_start in virtio_net_hdr_to_skb() David Howells <dhowells(a)redhat.com> netfs: Fix missing wakeup after issuing writes Anton Danilov <littlesmilingcloud(a)gmail.com> ipv4: ip_gre: Fix drops of small packets in ipgre_xmit Shenwei Wang <shenwei.wang(a)nxp.com> net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check Eric Dumazet <edumazet(a)google.com> net: add more sanity checks to qdisc_pkt_len_init() Eric Dumazet <edumazet(a)google.com> net: avoid potential underflow in qdisc_pkt_len_init() with UFO Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Reload PTP registers after link-state change Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Restart PPS after link state change Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix memory disclosure Daniel Borkmann <daniel(a)iogearbox.net> net: Fix gso_features_check to check for both dev->gso_{ipv4_,}max_size Daniel Borkmann <daniel(a)iogearbox.net> net: Add netif_get_gro_max_size helper for GRO Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: improve shutdown sequence David Howells <dhowells(a)redhat.com> afs: Fix the setting of the server responding flag David Howells <dhowells(a)redhat.com> afs: Fix missing wire-up of afs_retry_request() Jinjie Ruan <ruanjinjie(a)huawei.com> Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix uaf in l2cap_connect Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix possible crash on mgmt_index_removed zhang jiao <zhangjiao2(a)cmss.chinamobile.com> selftests: netfilter: Add missing return value Eric Dumazet <edumazet(a)google.com> netfilter: nf_tables: prevent nf_skb_duplicated corruption Phil Sutter <phil(a)nwl.cc> selftests: netfilter: Fix nft_audit.sh for newer nft binaries Jinjie Ruan <ruanjinjie(a)huawei.com> net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable() Jinjie Ruan <ruanjinjie(a)huawei.com> net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() Phil Sutter <phil(a)nwl.cc> netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix overflow of hd_per_wq Elena Salomatkina <esalomatkina(a)ispras.ru> net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Mohamed Khalfella <mkhalfella(a)purestorage.com> net/mlx5: Added cond_resched() to crdump collection Gerd Bayer <gbayer(a)linux.ibm.com> net/mlx5: Fix error path in multi-packet WQE transmit Aakash Menon <aakash.r.menon(a)gmail.com> net: sparx5: Fix invalid timestamps Jinjie Ruan <ruanjinjie(a)huawei.com> ieee802154: Fix build error Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dp: Fix colorimetry detection Xiubo Li <xiubli(a)redhat.com> ceph: remove the incorrect Fw reference check when dirtying pages Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ceph: fix a memory leak on cap_auths in MDS client Stefan Wahren <wahrenst(a)gmx.net> mailbox: bcm2835: Fix timeout during suspend mode Liao Chen <liaochen4(a)huawei.com> mailbox: rockchip: fix a typo in module autoloading Geert Uytterhoeven <geert+renesas(a)glider.be> mailbox: ARM_MHU_V3 should depend on ARM64 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix warning: comparison of distinct pointer types lacks a cast Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> drm/amd/display: handle nulled pipe context in DCE110's set_drr() Asad Kamal <asad.kamal(a)amd.com> drm/amdgpu: Fix get each xcp macro Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix AUX IO power enabling for eDP PSR Arun R Murthy <arun.r.murthy(a)intel.com> drm/i915/display: BMG supports UHBR13.5 Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Do not wait for PSR being idle on on Panel Replay Daniel Wagner <dwagner(a)suse.de> scsi: pm8001: Do not overwrite PCI queue mapping Rafael Rocha <rrochavi(a)fnal.gov> scsi: st: Fix input/output error on empty drive reset Peter Zijlstra <peterz(a)infradead.org> jump_label: Fix static_key_slow_dec() yet again Thomas Gleixner <tglx(a)linutronix.de> static_call: Replace pointless WARN_ON() in static_call_module_notify() Thomas Gleixner <tglx(a)linutronix.de> static_call: Handle module init failure correctly in static_call_del_module() ------------- Diffstat: Documentation/ABI/testing/sysfs-fs-f2fs | 22 + Documentation/admin-guide/kernel-parameters.txt | 10 + Documentation/arch/arm64/silicon-errata.rst | 6 + .../devicetree/bindings/net/xlnx,axi-ethernet.yaml | 3 +- .../networking/net_cachelines/net_device.rst | 2 +- Documentation/rust/general-information.rst | 4 +- Makefile | 4 +- arch/arm/crypto/aes-ce-glue.c | 2 +- arch/arm/crypto/aes-neonbs-glue.c | 2 +- arch/arm64/Kconfig | 7 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/kvm_host.h | 25 +- arch/arm64/kernel/cpu_errata.c | 3 + arch/arm64/mm/trans_pgd.c | 6 +- arch/loongarch/configs/loongson3_defconfig | 1 - arch/parisc/include/asm/mman.h | 14 + arch/parisc/kernel/entry.S | 6 +- arch/parisc/kernel/syscall.S | 14 +- arch/powerpc/configs/ppc64_defconfig | 1 - arch/powerpc/include/asm/vdso_datapage.h | 15 + arch/powerpc/kernel/asm-offsets.c | 2 + arch/powerpc/kernel/vdso/cacheflush.S | 2 +- arch/powerpc/kernel/vdso/datapage.S | 4 +- arch/powerpc/platforms/pseries/dlpar.c | 17 - arch/powerpc/platforms/pseries/hotplug-cpu.c | 2 +- arch/powerpc/platforms/pseries/hotplug-memory.c | 16 +- arch/powerpc/platforms/pseries/pmem.c | 2 +- arch/riscv/Kconfig | 8 +- arch/riscv/include/asm/thread_info.h | 7 +- arch/x86/crypto/sha256-avx2-asm.S | 16 +- arch/x86/events/core.c | 63 + arch/x86/include/asm/apic.h | 8 - arch/x86/include/asm/fpu/signal.h | 2 +- arch/x86/include/asm/sev.h | 2 +- arch/x86/include/asm/syscall.h | 7 +- arch/x86/kernel/apic/apic_flat_64.c | 119 +- arch/x86/kernel/apic/io_apic.c | 46 +- arch/x86/kernel/cpu/bugs.c | 14 +- arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kernel/fpu/signal.c | 6 +- arch/x86/kernel/machine_kexec_64.c | 27 + arch/x86/kernel/signal.c | 3 +- arch/x86/kernel/signal_64.c | 6 +- arch/x86/mm/ident_map.c | 23 +- block/blk-iocost.c | 8 +- block/ioctl.c | 9 +- crypto/simd.c | 76 +- drivers/accel/ivpu/ivpu_fw.c | 4 + drivers/acpi/acpi_pad.c | 6 +- drivers/acpi/acpica/dbconvert.c | 2 + drivers/acpi/acpica/exprep.c | 3 + drivers/acpi/acpica/psargs.c | 47 + drivers/acpi/apei/einj-cxl.c | 2 +- drivers/acpi/battery.c | 28 +- drivers/acpi/cppc_acpi.c | 10 +- drivers/acpi/ec.c | 55 +- drivers/acpi/resource.c | 22 +- drivers/acpi/video_detect.c | 17 + drivers/ata/pata_serverworks.c | 16 +- drivers/ata/sata_sil.c | 12 +- drivers/block/aoe/aoecmd.c | 13 +- drivers/bluetooth/btmrvl_sdio.c | 3 +- drivers/bluetooth/btrtl.c | 1 + drivers/bluetooth/btusb.c | 2 + drivers/clk/qcom/clk-alpha-pll.c | 2 +- drivers/clk/qcom/clk-rpmh.c | 2 + drivers/clk/qcom/dispcc-sm8250.c | 3 + drivers/clk/qcom/gcc-sc8180x.c | 438 ++-- drivers/clk/qcom/gcc-sm8250.c | 6 +- drivers/clk/qcom/gcc-sm8450.c | 4 +- drivers/clk/rockchip/clk.c | 3 +- drivers/clk/samsung/clk-exynos7885.c | 2 +- drivers/cpufreq/amd-pstate.c | 14 +- drivers/cpufreq/intel_pstate.c | 16 +- drivers/cpufreq/loongson3_cpufreq.c | 2 +- drivers/crypto/hisilicon/sgl.c | 14 +- drivers/crypto/marvell/Kconfig | 2 + drivers/crypto/marvell/octeontx/otx_cptvf_algs.c | 265 +-- drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c | 256 +- drivers/firmware/sysfb.c | 4 +- drivers/firmware/tegra/bpmp.c | 6 - drivers/gpio/gpio-davinci.c | 8 +- drivers/gpio/gpiolib.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 10 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 35 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 45 +- drivers/gpu/drm/amd/amdgpu/amdgpu_xcp.h | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 12 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 132 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 54 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 50 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 4 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 18 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 5 +- drivers/gpu/drm/amd/amdkfd/soc15_int.h | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 86 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 4 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 20 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 3 +- .../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 8 +- .../gpu/drm/amd/display/dc/core/dc_hw_sequencer.c | 96 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 34 +- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 10 +- drivers/gpu/drm/amd/display/dc/dc_types.h | 1 + .../gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 3 +- .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 2 + .../gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c | 4 + .../display/dc/dml/dcn20/display_rq_dlg_calc_20.c | 2 +- .../dc/dml/dcn20/display_rq_dlg_calc_20v2.c | 2 +- .../display/dc/dml/dcn21/display_rq_dlg_calc_21.c | 2 +- .../gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 7 +- .../amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 +- .../dc/dml2/dml21/dml21_translation_helper.c | 6 +- .../dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 89 +- .../dc/dml2/dml21/src/dml2_core/dml2_core_shared.c | 4 +- .../dml21/src/dml2_core/dml2_core_shared_types.h | 2 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c | 1 - .../amd/display/dc/dml2/dml2_translation_helper.c | 20 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h | 1 + .../amd/display/dc/hubbub/dcn401/dcn401_hubbub.c | 23 + .../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 3 +- .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 3 +- .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 24 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 4 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 48 +- .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 7 +- .../drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c | 4 +- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 11 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 8 +- .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 111 +- .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.h | 2 + .../drm/amd/display/dc/hwss/dcn401/dcn401_init.c | 2 +- drivers/gpu/drm/amd/display/dc/inc/hw/dchubbub.h | 1 + drivers/gpu/drm/amd/display/dc/inc/resource.h | 5 + .../amd/display/dc/link/accessories/link_dp_cts.c | 5 +- .../drm/amd/display/dc/link/hwss/link_hwss_dio.c | 5 +- drivers/gpu/drm/amd/display/dc/link/link_factory.c | 2 +- .../display/dc/link/protocols/link_dp_capability.c | 2 +- .../display/dc/resource/dce112/dce112_resource.c | 5 +- .../amd/display/dc/resource/dcn20/dcn20_resource.c | 3 +- .../display/dc/resource/dcn201/dcn201_resource.c | 4 +- .../amd/display/dc/resource/dcn21/dcn21_resource.c | 3 +- .../amd/display/dc/resource/dcn32/dcn32_resource.c | 10 +- .../dc/resource/dcn32/dcn32_resource_helpers.c | 14 +- .../display/dc/resource/dcn351/dcn351_resource.c | 1 + .../display/dc/resource/dcn401/dcn401_resource.c | 3 +- .../drm/amd/pm/powerplay/hwmgr/processpptables.c | 2 + drivers/gpu/drm/display/drm_hdmi_state_helper.c | 4 +- drivers/gpu/drm/drm_atomic_uapi.c | 2 +- drivers/gpu/drm/drm_debugfs.c | 4 +- drivers/gpu/drm/drm_print.c | 13 +- drivers/gpu/drm/i915/display/intel_ddi.c | 2 +- drivers/gpu/drm/i915/display/intel_dp.c | 22 +- drivers/gpu/drm/i915/display/intel_psr.c | 32 +- drivers/gpu/drm/i915/display/intel_psr.h | 2 + drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 2 +- drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 4 +- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 1 + drivers/gpu/drm/msm/msm_gpu.c | 1 - drivers/gpu/drm/omapdrm/omap_drv.c | 5 + drivers/gpu/drm/panthor/panthor_mmu.c | 8 + drivers/gpu/drm/panthor/panthor_sched.c | 36 +- drivers/gpu/drm/radeon/r100.c | 70 +- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 + drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 1 + drivers/gpu/drm/rockchip/rockchip_vop_reg.c | 2 + drivers/gpu/drm/scheduler/sched_entity.c | 14 +- drivers/gpu/drm/scheduler/sched_main.c | 7 +- drivers/gpu/drm/stm/drv.c | 3 +- drivers/gpu/drm/stm/ltdc.c | 76 +- drivers/gpu/drm/v3d/v3d_submit.c | 6 + drivers/gpu/drm/xe/Makefile | 24 +- drivers/gpu/drm/xe/display/intel_fbdev_fb.c | 6 +- drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 8 +- drivers/gpu/drm/xe/display/xe_plane_initial.c | 6 + drivers/gpu/drm/xe/xe_bo.c | 4 +- drivers/gpu/drm/xe/xe_device.c | 8 +- drivers/gpu/drm/xe/xe_device_types.h | 17 +- drivers/gpu/drm/xe/xe_drm_client.c | 9 +- drivers/gpu/drm/xe/xe_exec_queue.c | 2 - drivers/gpu/drm/xe/xe_exec_queue_types.h | 6 +- drivers/gpu/drm/xe/xe_execlist.c | 3 +- drivers/gpu/drm/xe/xe_gpu_scheduler.c | 5 + drivers/gpu/drm/xe/xe_gpu_scheduler.h | 2 + drivers/gpu/drm/xe/xe_gt_pagefault.c | 55 +- drivers/gpu/drm/xe/xe_gt_types.h | 9 +- drivers/gpu/drm/xe/xe_guc_pc.c | 2 +- drivers/gpu/drm/xe/xe_guc_submit.c | 76 +- drivers/gpu/drm/xe/xe_guc_types.h | 2 + drivers/gpu/drm/xe/xe_lrc.c | 35 +- drivers/gpu/drm/xe/xe_oa.c | 9 +- drivers/gpu/drm/xe/xe_pci.c | 2 + drivers/gpu/drm/xe/xe_preempt_fence.c | 12 +- drivers/gpu/drm/xe/xe_vm.c | 32 +- drivers/gpu/drm/xe/xe_vram.c | 1 + drivers/gpu/drm/xe/xe_wa_oob.rules | 3 + drivers/hid/bpf/hid_bpf_struct_ops.c | 14 + drivers/hid/hid-ids.h | 17 +- drivers/hid/hid-input.c | 37 +- drivers/hid/hid-multitouch.c | 6 + drivers/hid/i2c-hid/i2c-hid-core.c | 42 +- drivers/hwmon/nct6775-platform.c | 1 + drivers/i2c/busses/i2c-designware-common.c | 14 + drivers/i2c/busses/i2c-designware-core.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 38 + drivers/i2c/busses/i2c-qcom-geni.c | 4 +- drivers/i2c/busses/i2c-stm32f7.c | 6 +- drivers/i2c/busses/i2c-synquacer.c | 5 +- drivers/i2c/busses/i2c-xiic.c | 21 +- drivers/i2c/i2c-core-base.c | 28 + drivers/i3c/master/svc-i3c-master.c | 1 + drivers/idle/intel_idle.c | 14 +- drivers/iio/magnetometer/ak8975.c | 32 +- drivers/iio/pressure/bmp280-core.c | 9 +- drivers/iio/pressure/bmp280-regmap.c | 45 +- drivers/iio/pressure/bmp280.h | 1 + drivers/infiniband/hw/mana/main.c | 8 +- drivers/input/keyboard/adp5589-keys.c | 22 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 37 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 + drivers/iommu/intel/dmar.c | 16 +- drivers/iommu/intel/iommu.c | 6 +- drivers/iommu/intel/pasid.c | 12 +- drivers/leds/leds-pca9532.c | 5 +- drivers/mailbox/Kconfig | 1 + drivers/mailbox/bcm2835-mailbox.c | 3 +- drivers/mailbox/rockchip-mailbox.c | 2 +- drivers/media/common/videobuf2/videobuf2-core.c | 7 - drivers/media/i2c/ar0521.c | 5 +- drivers/media/i2c/imx335.c | 9 +- drivers/media/i2c/ov5675.c | 12 +- drivers/media/platform/qcom/camss/camss-video.c | 6 - drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/platform/qcom/venus/core.c | 1 + drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 + drivers/memory/tegra/tegra186-emc.c | 5 - drivers/net/can/dev/netlink.c | 102 +- .../net/ethernet/aquantia/atlantic/aq_ethtool.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 +- drivers/net/ethernet/freescale/fec.h | 9 + drivers/net/ethernet/freescale/fec_main.c | 11 +- drivers/net/ethernet/freescale/fec_ptp.c | 50 + drivers/net/ethernet/hisilicon/hip04_eth.c | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 1 + drivers/net/ethernet/hisilicon/hns_mdio.c | 1 + drivers/net/ethernet/intel/e1000e/netdev.c | 19 +- drivers/net/ethernet/intel/ice/ice_sched.c | 6 +- drivers/net/ethernet/lantiq_etop.c | 4 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 + .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 1 - .../net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 10 + .../net/ethernet/microchip/sparx5/sparx5_packet.c | 6 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 31 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 18 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 1 + drivers/net/ieee802154/Kconfig | 1 + drivers/net/ieee802154/mcr20a.c | 5 +- drivers/net/pcs/pcs-xpcs-wx.c | 2 +- drivers/net/phy/phy.c | 17 +- drivers/net/phy/realtek.c | 3 + drivers/net/ppp/ppp_generic.c | 4 +- drivers/net/vrf.c | 2 + drivers/net/wireless/ath/ath11k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath9k/debug.c | 4 +- drivers/net/wireless/ath/ath9k/hif_usb.c | 6 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 5 + drivers/net/wireless/intel/iwlwifi/fw/api/scan.h | 13 + drivers/net/wireless/intel/iwlwifi/fw/regulatory.h | 2 + drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/uefi.h | 2 - drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 16 +- drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c | 12 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 42 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 12 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/scan.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 1 + drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 7 + drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 10 +- drivers/net/wireless/microchip/wilc1000/sdio.c | 7 + drivers/net/wireless/realtek/rtw88/Kconfig | 1 + drivers/net/wireless/realtek/rtw89/core.h | 18 +- drivers/net/wireless/realtek/rtw89/mac.c | 2 +- drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw89/phy.c | 4 +- drivers/net/wireless/realtek/rtw89/util.h | 18 + drivers/net/wwan/qcom_bam_dmux.c | 11 +- drivers/net/xen-netback/hash.c | 5 +- drivers/nvme/common/keyring.c | 58 +- drivers/nvme/host/Kconfig | 3 +- drivers/nvme/host/core.c | 1 - drivers/nvme/host/fabrics.c | 2 +- drivers/nvme/host/ioctl.c | 22 +- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/host/sysfs.c | 4 +- drivers/nvme/host/tcp.c | 55 +- drivers/of/address.c | 5 + drivers/of/irq.c | 38 +- drivers/perf/arm_spe_pmu.c | 9 +- drivers/perf/riscv_pmu_legacy.c | 4 +- drivers/perf/riscv_pmu_sbi.c | 4 +- drivers/platform/mellanox/mlxbf-pmc.c | 5 + drivers/platform/x86/amd/pmf/pmf-quirks.c | 8 + .../x86/intel/speed_select_if/isst_if_common.c | 4 +- drivers/platform/x86/lenovo-ymc.c | 2 + drivers/platform/x86/touchscreen_dmi.c | 26 + drivers/platform/x86/x86-android-tablets/core.c | 6 +- drivers/platform/x86/x86-android-tablets/other.c | 10 +- drivers/pmdomain/core.c | 40 +- drivers/power/reset/brcmstb-reboot.c | 3 - drivers/power/supply/power_supply_core.c | 6 +- drivers/power/supply/power_supply_hwmon.c | 3 +- drivers/remoteproc/ti_k3_r5_remoteproc.c | 86 +- drivers/rtc/rtc-at91sam9.c | 1 + drivers/scsi/NCR5380.c | 4 + drivers/scsi/aacraid/aacraid.h | 2 +- drivers/scsi/lpfc/lpfc.h | 12 +- drivers/scsi/lpfc/lpfc_els.c | 73 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 14 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 22 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 11 + drivers/scsi/pm8001/pm8001_init.c | 6 +- drivers/scsi/smartpqi/smartpqi_init.c | 130 +- drivers/scsi/st.c | 5 +- drivers/spi/spi-bcm63xx.c | 9 +- drivers/spi/spi-cadence.c | 8 +- drivers/spi/spi-imx.c | 2 +- drivers/spi/spi-rpc-if.c | 7 + drivers/spi/spi-s3c64xx.c | 4 +- drivers/vhost/scsi.c | 25 +- drivers/video/fbdev/efifb.c | 11 +- drivers/video/fbdev/pxafb.c | 1 + drivers/virt/coco/sev-guest/sev-guest.c | 2 + fs/afs/file.c | 1 + fs/afs/fs_operation.c | 2 +- fs/btrfs/backref.c | 12 +- fs/btrfs/disk-io.c | 11 + fs/btrfs/relocation.c | 99 +- fs/btrfs/send.c | 31 +- fs/cachefiles/namei.c | 7 +- fs/ceph/addr.c | 6 +- fs/ceph/mds_client.c | 12 + fs/dax.c | 6 +- fs/exec.c | 34 +- fs/exfat/balloc.c | 10 +- fs/ext4/dir.c | 14 +- fs/ext4/ext4.h | 1 + fs/ext4/extents.c | 55 +- fs/ext4/fast_commit.c | 49 +- fs/ext4/file.c | 8 +- fs/ext4/inode.c | 11 +- fs/ext4/migrate.c | 2 +- fs/ext4/move_extent.c | 1 - fs/ext4/namei.c | 14 +- fs/ext4/resize.c | 18 +- fs/ext4/super.c | 34 +- fs/ext4/xattr.c | 3 +- fs/f2fs/f2fs.h | 31 +- fs/f2fs/gc.c | 85 +- fs/f2fs/gc.h | 23 + fs/f2fs/segment.c | 31 +- fs/f2fs/super.c | 8 + fs/f2fs/sysfs.c | 18 + fs/file.c | 93 +- fs/gfs2/glock.c | 1 + fs/gfs2/ops_fstype.c | 3 +- fs/inode.c | 14 +- fs/iomap/buffered-io.c | 16 +- fs/jbd2/checkpoint.c | 21 +- fs/jbd2/journal.c | 4 +- fs/jfs/jfs_discard.c | 11 +- fs/jfs/jfs_dmap.c | 7 +- fs/jfs/xattr.c | 2 + fs/netfs/write_issue.c | 48 +- fs/nfsd/netns.h | 1 + fs/nfsd/nfs4proc.c | 36 +- fs/nfsd/nfs4state.c | 6 +- fs/nfsd/nfs4xdr.c | 10 +- fs/nfsd/nfsctl.c | 2 +- fs/nfsd/nfssvc.c | 2 +- fs/nfsd/vfs.c | 1 + fs/nfsd/xdr4.h | 1 + fs/ocfs2/aops.c | 5 +- fs/ocfs2/buffer_head_io.c | 4 +- fs/ocfs2/journal.c | 7 +- fs/ocfs2/localalloc.c | 19 + fs/ocfs2/quota_local.c | 8 +- fs/ocfs2/refcounttree.c | 26 +- fs/ocfs2/xattr.c | 11 +- fs/overlayfs/copy_up.c | 43 +- fs/overlayfs/params.c | 38 +- fs/pidfs.c | 5 +- fs/proc/base.c | 61 +- fs/proc/proc_sysctl.c | 11 +- fs/smb/client/cifsfs.c | 13 +- fs/smb/client/cifsglob.h | 2 +- fs/smb/client/inode.c | 19 +- fs/smb/client/reparse.c | 16 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 24 +- fs/smb/client/smb2ops.c | 19 +- fs/smb/server/connection.c | 4 +- fs/smb/server/connection.h | 1 + fs/smb/server/oplock.c | 55 +- fs/smb/server/smb2pdu.c | 5 +- fs/smb/server/vfs_cache.c | 3 + fs/smb/server/vfs_cache.h | 4 +- include/crypto/internal/simd.h | 12 +- include/drm/drm_print.h | 54 +- include/drm/gpu_scheduler.h | 2 +- include/dt-bindings/clock/exynos7885.h | 2 +- include/dt-bindings/clock/qcom,gcc-sc8180x.h | 1 + include/linux/cpufreq.h | 6 +- include/linux/fdtable.h | 8 +- include/linux/hdmi.h | 9 + include/linux/hugetlb.h | 10 + include/linux/i2c.h | 3 + include/linux/netdevice.h | 22 +- include/linux/nvme-keyring.h | 6 +- include/linux/perf_event.h | 8 +- include/linux/sched.h | 2 + include/linux/sunrpc/svc.h | 4 +- include/linux/uprobes.h | 2 + include/linux/virtio_net.h | 4 +- include/trace/events/netfs.h | 1 + include/uapi/linux/cec.h | 6 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- io_uring/io_uring.c | 5 +- io_uring/net.c | 4 +- kernel/bpf/verifier.c | 119 +- kernel/cgroup/cgroup-v1.c | 12 +- kernel/events/core.c | 33 +- kernel/events/uprobes.c | 4 +- kernel/fork.c | 32 +- kernel/jump_label.c | 34 +- kernel/rcu/rcuscale.c | 4 +- kernel/rcu/tasks.h | 82 +- kernel/resource.c | 58 +- kernel/sched/core.c | 23 +- kernel/sched/psi.c | 26 +- kernel/static_call_inline.c | 13 +- kernel/trace/trace_hwlat.c | 2 + kernel/trace/trace_osnoise.c | 22 +- lib/buildid.c | 74 +- mm/Kconfig | 25 +- mm/filemap.c | 4 + mm/gup.c | 1 + mm/hugetlb.c | 17 + mm/memfd.c | 20 +- mm/slab_common.c | 7 + mm/slub.c | 100 +- net/bluetooth/hci_core.c | 2 + net/bluetooth/hci_event.c | 15 +- net/bluetooth/l2cap_core.c | 8 - net/bluetooth/mgmt.c | 23 +- net/bridge/br_mdb.c | 2 +- net/core/dev.c | 14 +- net/core/gro.c | 9 +- net/core/net-sysfs.c | 6 +- net/core/netdev-genl.c | 8 +- net/core/netpoll.c | 15 +- net/core/skbuff.c | 15 +- net/dsa/dsa.c | 7 + net/ipv4/devinet.c | 6 +- net/ipv4/fib_frontend.c | 2 +- net/ipv4/ip_gre.c | 6 +- net/ipv4/netfilter/nf_dup_ipv4.c | 7 +- net/ipv4/tcp_ipv4.c | 3 + net/ipv4/tcp_offload.c | 10 +- net/ipv4/udp_offload.c | 22 +- net/ipv6/netfilter/nf_dup_ipv6.c | 7 +- net/ipv6/tcpv6_offload.c | 10 +- net/l2tp/l2tp_core.c | 40 +- net/l2tp/l2tp_core.h | 4 +- net/l2tp/l2tp_netlink.c | 4 +- net/l2tp/l2tp_ppp.c | 3 +- net/mac80211/chan.c | 4 +- net/mac80211/mlme.c | 2 +- net/mac80211/scan.c | 2 +- net/mac80211/util.c | 4 +- net/mac802154/scan.c | 4 +- net/ncsi/ncsi-manage.c | 2 + net/netfilter/nf_tables_api.c | 5 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/io_thread.c | 10 +- net/rxrpc/local_object.c | 2 +- net/sched/sch_taprio.c | 4 +- net/sctp/socket.c | 4 +- net/sunrpc/svc.c | 31 +- net/tipc/bearer.c | 8 +- net/wireless/nl80211.c | 15 +- rust/Makefile | 22 +- rust/exports.c | 1 + rust/helpers.c | 239 -- rust/helpers/blk.c | 14 + rust/helpers/bug.c | 8 + rust/helpers/build_assert.c | 25 + rust/helpers/build_bug.c | 9 + rust/helpers/err.c | 19 + rust/helpers/helpers.c | 25 + rust/helpers/kunit.c | 9 + rust/helpers/mutex.c | 15 + rust/helpers/page.c | 19 + rust/helpers/refcount.c | 19 + rust/helpers/signal.c | 9 + rust/helpers/slab.c | 9 + rust/helpers/spinlock.c | 24 + rust/helpers/task.c | 19 + rust/helpers/uaccess.c | 15 + rust/helpers/wait.c | 9 + rust/helpers/workqueue.c | 15 + rust/kernel/sync/locked_by.rs | 18 +- scripts/gdb/linux/proc.py | 4 +- scripts/gdb/linux/rbtree.py | 12 + scripts/gdb/linux/timerlist.py | 31 +- scripts/kconfig/parser.y | 10 +- scripts/kconfig/qconf.cc | 6 +- security/Kconfig | 32 + security/tomoyo/domain.c | 9 +- sound/core/control.c | 55 +- sound/core/control_compat.c | 45 +- sound/core/init.c | 14 +- sound/core/oss/mixer_oss.c | 4 +- sound/isa/gus/gus_pcm.c | 4 +- sound/pci/asihpi/hpimsgx.c | 2 +- sound/pci/hda/hda_controller.h | 2 +- sound/pci/hda/hda_generic.c | 4 +- sound/pci/hda/hda_intel.c | 10 +- sound/pci/hda/patch_conexant.c | 24 +- sound/pci/hda/patch_realtek.c | 156 +- sound/pci/hda/samsung_helper.c | 310 --- sound/pci/rme9652/hdsp.c | 6 +- sound/pci/rme9652/hdspm.c | 6 +- sound/soc/atmel/mchp-pdmc.c | 3 + sound/soc/codecs/wsa883x.c | 16 +- sound/soc/fsl/imx-card.c | 1 + sound/soc/intel/boards/bytcht_cx2072x.c | 4 + sound/soc/intel/boards/bytcht_da7213.c | 4 + sound/soc/intel/boards/bytcht_es8316.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 +- sound/soc/intel/boards/bytcr_rt5651.c | 2 +- sound/soc/intel/boards/cht_bsw_rt5645.c | 4 + sound/soc/intel/boards/cht_bsw_rt5672.c | 4 + sound/soc/intel/boards/sof_es8336.c | 2 +- sound/soc/intel/boards/sof_wm8804.c | 4 + sound/soc/intel/common/soc-acpi-intel-rpl-match.c | 1 + sound/soc/soc-topology.c | 4 +- sound/usb/card.c | 8 + sound/usb/clock.c | 62 +- sound/usb/format.c | 6 +- sound/usb/helper.c | 34 + sound/usb/helper.h | 10 +- sound/usb/line6/podhd.c | 2 +- sound/usb/mixer.c | 37 +- sound/usb/mixer.h | 1 + sound/usb/mixer_quirks.c | 430 +++- sound/usb/mixer_scarlett.c | 4 +- sound/usb/power.c | 3 +- sound/usb/power.h | 1 + sound/usb/quirks-table.h | 2455 +++++++------------- sound/usb/quirks.c | 62 + sound/usb/stream.c | 21 +- sound/usb/usbaudio.h | 12 + tools/arch/x86/kcpuid/kcpuid.c | 12 +- tools/bpf/bpftool/net.c | 11 +- tools/hv/hv_fcopy_uio_daemon.c | 7 + tools/include/nolibc/arch-powerpc.h | 2 +- tools/perf/util/hist.c | 7 +- tools/perf/util/machine.c | 17 +- tools/perf/util/setup.py | 2 + tools/perf/util/thread.c | 4 + tools/perf/util/thread.h | 1 + .../selftests/bpf/bpf_testmod/bpf_testmod.c | 1 + .../breakpoints/step_after_suspend_test.c | 5 +- .../devices/probe/test_discoverable_devices.py | 4 +- tools/testing/selftests/hid/Makefile | 2 + .../selftests/mm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/mm/pagemap_ioctl.c | 2 +- tools/testing/selftests/mm/write_to_hugetlbfs.c | 23 +- .../selftests/net/netfilter/conntrack_dump_flush.c | 1 + tools/testing/selftests/net/netfilter/nft_audit.sh | 57 +- tools/testing/selftests/nolibc/nolibc-test.c | 4 +- tools/testing/selftests/vDSO/parse_vdso.c | 17 +- tools/testing/selftests/vDSO/vdso_config.h | 10 +- .../testing/selftests/vDSO/vdso_test_correctness.c | 6 + tools/tracing/rtla/Makefile.rtla | 2 +- tools/tracing/rtla/src/osnoise_top.c | 2 +- tools/tracing/rtla/src/timerlat_top.c | 4 +- 605 files changed, 7495 insertions(+), 5321 deletions(-)

8 months, 2 weeks

20
583
0 0

[PATCH v2] ASoC: dapm: avoid container_of() to get component

by Benjamin Bara

From: Benjamin Bara <benjamin.bara(a)skidata.com> The current implementation does not work for widgets of DAPMs without component, as snd_soc_dapm_to_component() requires it. If the widget is directly owned by the card, e.g. as it is the case for the tegra implementation, the call leads to UB. Therefore directly access the component of the widget's DAPM to be able to check if a component is available. Fixes: f82eb06a40c8 ("ASoC: tegra: machine: Handle component name prefix") Cc: stable(a)vger.kernel.org # v6.7+ Signed-off-by: Benjamin Bara <benjamin.bara(a)skidata.com> --- Hi! I handled the new patch as V2 of the initial one, although it has a different summary. Hope this is fine. --- Changes in v2: - fix snd_soc_dapm_widget_name_cmp() instead of reverting commit - don't pick up R-b of Krzysztof, as different implementation - Link to v1: https://lore.kernel.org/r/20241007-tegra-dapm-v1-1-bede7983fa76@skidata.com --- sound/soc/soc-dapm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c index 9330f1a3f7589dc467c04238830f2009a619a998..c34934c31ffec3970b34b24dcaa0826dfb7d8e86 100644 --- a/sound/soc/soc-dapm.c +++ b/sound/soc/soc-dapm.c @@ -2785,10 +2785,10 @@ EXPORT_SYMBOL_GPL(snd_soc_dapm_update_dai); int snd_soc_dapm_widget_name_cmp(struct snd_soc_dapm_widget *widget, const char *s) { - struct snd_soc_component *component = snd_soc_dapm_to_component(widget->dapm); + struct snd_soc_component *component = widget->dapm->component; const char *wname = widget->name; - if (component->name_prefix) + if (component && component->name_prefix) wname += strlen(component->name_prefix) + 1; /* plus space */ return strcmp(wname, s); --- base-commit: 8cf0b93919e13d1e8d4466eb4080a4c4d9d66d7b change-id: 20241007-tegra-dapm-ef969b8f762a Best regards, -- Benjamin Bara <benjamin.bara(a)skidata.com>

8 months, 2 weeks

2
1
0 0

Linux 6.6.56

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.56 kernel. This fixes a build error in perf that I should have caught before 6.6.55 was released (my fault, it was correctly reported...). If you do not use the perf tool in the 6.6.y tree, there is no need to upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 4 ++-- tools/perf/util/machine.c | 17 ++--------------- tools/perf/util/thread.c | 4 ---- tools/perf/util/thread.h | 1 - 4 files changed, 4 insertions(+), 22 deletions(-) Greg Kroah-Hartman (2): Revert "perf callchain: Fix stitch LBR memory leaks" Linux 6.6.56

8 months, 2 weeks

1
1
0 0

Linux 6.6.55

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.55 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 10 Documentation/arch/arm64/silicon-errata.rst | 6 Documentation/devicetree/bindings/net/xlnx,axi-ethernet.yaml | 3 Makefile | 2 arch/arm/crypto/aes-ce-glue.c | 2 arch/arm/crypto/aes-neonbs-glue.c | 2 arch/arm64/Kconfig | 7 arch/arm64/include/asm/cputype.h | 2 arch/arm64/kernel/cpu_errata.c | 3 arch/loongarch/configs/loongson3_defconfig | 1 arch/parisc/include/asm/mman.h | 14 arch/parisc/kernel/entry.S | 6 arch/parisc/kernel/syscall.S | 14 arch/powerpc/configs/ppc64_defconfig | 1 arch/powerpc/include/asm/vdso_datapage.h | 15 arch/powerpc/kernel/asm-offsets.c | 2 arch/powerpc/kernel/vdso/cacheflush.S | 2 arch/powerpc/kernel/vdso/datapage.S | 4 arch/powerpc/platforms/pseries/dlpar.c | 17 arch/powerpc/platforms/pseries/hotplug-cpu.c | 2 arch/powerpc/platforms/pseries/hotplug-memory.c | 16 arch/powerpc/platforms/pseries/pmem.c | 2 arch/riscv/Kconfig | 8 arch/riscv/include/asm/thread_info.h | 7 arch/x86/crypto/sha256-avx2-asm.S | 16 arch/x86/events/core.c | 63 arch/x86/include/asm/fpu/signal.h | 2 arch/x86/include/asm/syscall.h | 7 arch/x86/kernel/apic/io_apic.c | 46 arch/x86/kernel/fpu/signal.c | 6 arch/x86/kernel/machine_kexec_64.c | 27 arch/x86/kernel/signal.c | 3 arch/x86/kernel/signal_64.c | 6 block/blk-iocost.c | 8 crypto/simd.c | 76 drivers/accel/ivpu/ivpu_fw.c | 4 drivers/acpi/acpi_pad.c | 6 drivers/acpi/acpica/dbconvert.c | 2 drivers/acpi/acpica/exprep.c | 3 drivers/acpi/acpica/psargs.c | 47 drivers/acpi/battery.c | 28 drivers/acpi/cppc_acpi.c | 10 drivers/acpi/ec.c | 55 drivers/acpi/resource.c | 14 drivers/acpi/video_detect.c | 8 drivers/ata/pata_serverworks.c | 16 drivers/ata/sata_sil.c | 12 drivers/block/aoe/aoecmd.c | 13 drivers/block/loop.c | 15 drivers/block/null_blk/main.c | 45 drivers/bluetooth/btmrvl_sdio.c | 3 drivers/bluetooth/btrtl.c | 1 drivers/bluetooth/btusb.c | 2 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/clk-rpmh.c | 2 drivers/clk/qcom/dispcc-sm8250.c | 3 drivers/clk/qcom/gcc-sc8180x.c | 88 drivers/clk/qcom/gcc-sm8250.c | 6 drivers/clk/qcom/gcc-sm8450.c | 4 drivers/clk/rockchip/clk.c | 3 drivers/clk/samsung/clk-exynos7885.c | 2 drivers/cpufreq/intel_pstate.c | 20 drivers/crypto/marvell/Kconfig | 2 drivers/crypto/marvell/octeontx/otx_cptvf_algs.c | 261 - drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c | 254 - drivers/firmware/efi/unaccepted_memory.c | 4 drivers/firmware/tegra/bpmp.c | 6 drivers/gpio/gpio-davinci.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 43 drivers/gpu/drm/amd/amdgpu/amdgpu_xcp.h | 2 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 3 drivers/gpu/drm/amd/display/dc/core/dc.c | 6 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 drivers/gpu/drm/amd/display/dc/dc_types.h | 1 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 2 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c | 2 drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_dp.c | 12 drivers/gpu/drm/amd/display/dc/link/link_factory.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c | 2 drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 22 drivers/gpu/drm/drm_atomic_uapi.c | 2 drivers/gpu/drm/drm_print.c | 13 drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 2 drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 4 drivers/gpu/drm/msm/adreno/adreno_gpu.c | 1 drivers/gpu/drm/msm/msm_gpu.c | 1 drivers/gpu/drm/omapdrm/omap_drv.c | 5 drivers/gpu/drm/radeon/r100.c | 70 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 1 drivers/gpu/drm/rockchip/rockchip_vop_reg.c | 2 drivers/gpu/drm/scheduler/sched_entity.c | 2 drivers/gpu/drm/stm/drv.c | 3 drivers/gpu/drm/stm/ltdc.c | 76 drivers/hid/hid-ids.h | 17 drivers/hid/hid-input.c | 37 drivers/hid/hid-multitouch.c | 6 drivers/hwmon/nct6775-platform.c | 1 drivers/i2c/busses/i2c-designware-common.c | 14 drivers/i2c/busses/i2c-designware-core.h | 1 drivers/i2c/busses/i2c-designware-master.c | 38 drivers/i2c/busses/i2c-qcom-geni.c | 4 drivers/i2c/busses/i2c-stm32f7.c | 6 drivers/i2c/busses/i2c-synquacer.c | 12 drivers/i2c/busses/i2c-xiic.c | 69 drivers/i2c/i2c-core-base.c | 39 drivers/i3c/master/svc-i3c-master.c | 1 drivers/iio/magnetometer/ak8975.c | 32 drivers/iio/pressure/bmp280-core.c | 185 drivers/iio/pressure/bmp280-regmap.c | 47 drivers/iio/pressure/bmp280-spi.c | 4 drivers/iio/pressure/bmp280.h | 49 drivers/infiniband/hw/mana/main.c | 8 drivers/input/keyboard/adp5589-keys.c | 22 drivers/iommu/intel/dmar.c | 16 drivers/iommu/intel/iommu.c | 6 drivers/iommu/iommufd/selftest.c | 27 drivers/mailbox/bcm2835-mailbox.c | 3 drivers/mailbox/rockchip-mailbox.c | 2 drivers/media/i2c/ar0521.c | 5 drivers/media/i2c/imx335.c | 43 drivers/media/i2c/ov5675.c | 12 drivers/media/platform/qcom/camss/camss-video.c | 6 drivers/media/platform/qcom/camss/camss.c | 5 drivers/media/platform/qcom/venus/core.c | 1 drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 drivers/media/usb/usbtv/usbtv-video.c | 7 drivers/memory/tegra/tegra186-emc.c | 5 drivers/net/can/dev/netlink.c | 102 drivers/net/ethernet/aquantia/atlantic/aq_ethtool.c | 4 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 drivers/net/ethernet/freescale/fec.h | 9 drivers/net/ethernet/freescale/fec_main.c | 11 drivers/net/ethernet/freescale/fec_ptp.c | 50 drivers/net/ethernet/hisilicon/hip04_eth.c | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 1 drivers/net/ethernet/hisilicon/hns_mdio.c | 1 drivers/net/ethernet/intel/e1000e/netdev.c | 19 drivers/net/ethernet/intel/ice/ice_sched.c | 6 drivers/net/ethernet/lantiq_etop.c | 4 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 8 drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 1 drivers/net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 10 drivers/net/ethernet/microchip/sparx5/sparx5_packet.c | 6 drivers/net/ethernet/microsoft/Kconfig | 3 drivers/net/ethernet/microsoft/mana/gdma_main.c | 10 drivers/net/ethernet/microsoft/mana/hw_channel.c | 14 drivers/net/ethernet/microsoft/mana/mana_en.c | 8 drivers/net/ethernet/microsoft/mana/shm_channel.c | 13 drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 31 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 18 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 8 drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 19 drivers/net/ieee802154/Kconfig | 1 drivers/net/ieee802154/mcr20a.c | 5 drivers/net/pcs/pcs-xpcs-wx.c | 2 drivers/net/ppp/ppp_generic.c | 4 drivers/net/vrf.c | 2 drivers/net/wireless/ath/ath11k/dp_rx.c | 2 drivers/net/wireless/ath/ath12k/dp_rx.c | 2 drivers/net/wireless/ath/ath9k/debug.c | 4 drivers/net/wireless/ath/ath9k/hif_usb.c | 6 drivers/net/wireless/intel/iwlwifi/fw/api/scan.h | 13 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 16 drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c | 12 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 42 drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 12 drivers/net/wireless/marvell/mwifiex/fw.h | 2 drivers/net/wireless/marvell/mwifiex/scan.c | 3 drivers/net/wireless/mediatek/mt76/mt7915/init.c | 1 drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 4 drivers/net/wireless/mediatek/mt76/mt7915/main.c | 7 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 10 drivers/net/wireless/realtek/rtw88/Kconfig | 1 drivers/net/wireless/realtek/rtw89/mac80211.c | 4 drivers/net/wireless/realtek/rtw89/phy.c | 4 drivers/net/wireless/realtek/rtw89/util.h | 18 drivers/net/wwan/qcom_bam_dmux.c | 11 drivers/net/xen-netback/hash.c | 5 drivers/of/address.c | 5 drivers/of/irq.c | 38 drivers/perf/arm_spe_pmu.c | 9 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 4 drivers/platform/x86/lenovo-ymc.c | 2 drivers/platform/x86/think-lmi.c | 16 drivers/platform/x86/touchscreen_dmi.c | 26 drivers/platform/x86/x86-android-tablets/core.c | 57 drivers/power/reset/brcmstb-reboot.c | 3 drivers/power/supply/power_supply_hwmon.c | 3 drivers/remoteproc/ti_k3_r5_remoteproc.c | 86 drivers/rtc/rtc-at91sam9.c | 1 drivers/scsi/NCR5380.c | 4 drivers/scsi/aacraid/aacraid.h | 2 drivers/scsi/lpfc/lpfc_els.c | 27 drivers/scsi/lpfc/lpfc_nportdisc.c | 22 drivers/scsi/pm8001/pm8001_init.c | 6 drivers/scsi/smartpqi/smartpqi_init.c | 2 drivers/scsi/st.c | 5 drivers/spi/spi-bcm63xx.c | 9 drivers/spi/spi-cadence.c | 31 drivers/spi/spi-imx.c | 2 drivers/spi/spi-rpc-if.c | 7 drivers/spi/spi-s3c64xx.c | 4 drivers/vhost/scsi.c | 27 drivers/video/fbdev/efifb.c | 11 drivers/video/fbdev/pxafb.c | 1 fs/btrfs/backref.c | 12 fs/btrfs/disk-io.c | 11 fs/btrfs/relocation.c | 150 fs/btrfs/relocation.h | 9 fs/btrfs/send.c | 23 fs/cachefiles/namei.c | 7 fs/ceph/addr.c | 6 fs/dax.c | 6 fs/exec.c | 3 fs/exfat/balloc.c | 10 fs/ext4/dir.c | 14 fs/ext4/extents.c | 55 fs/ext4/fast_commit.c | 49 fs/ext4/file.c | 8 fs/ext4/inode.c | 11 fs/ext4/migrate.c | 2 fs/ext4/move_extent.c | 1 fs/ext4/namei.c | 14 fs/ext4/super.c | 2 fs/ext4/xattr.c | 3 fs/file.c | 95 fs/iomap/buffered-io.c | 16 fs/jbd2/checkpoint.c | 21 fs/jbd2/journal.c | 4 fs/jfs/jfs_discard.c | 11 fs/jfs/jfs_dmap.c | 7 fs/jfs/xattr.c | 2 fs/nfsd/nfs4state.c | 5 fs/nfsd/nfs4xdr.c | 10 fs/nfsd/vfs.c | 1 fs/ocfs2/aops.c | 5 fs/ocfs2/buffer_head_io.c | 4 fs/ocfs2/journal.c | 7 fs/ocfs2/localalloc.c | 19 fs/ocfs2/quota_local.c | 8 fs/ocfs2/refcounttree.c | 26 fs/ocfs2/xattr.c | 11 fs/overlayfs/params.c | 38 fs/proc/base.c | 61 fs/smb/client/cifsfs.c | 13 fs/smb/client/cifsglob.h | 2 fs/smb/client/inode.c | 19 fs/smb/client/reparse.c | 16 fs/smb/client/smb1ops.c | 2 fs/smb/client/smb2inode.c | 24 fs/smb/client/smb2ops.c | 19 fs/smb/server/connection.c | 4 fs/smb/server/connection.h | 1 fs/smb/server/oplock.c | 55 fs/smb/server/vfs_cache.c | 3 include/crypto/internal/simd.h | 12 include/drm/drm_print.h | 54 include/dt-bindings/clock/exynos7885.h | 2 include/dt-bindings/clock/qcom,gcc-sc8180x.h | 3 include/linux/cpufreq.h | 6 include/linux/fdtable.h | 8 include/linux/i2c.h | 5 include/linux/netdevice.h | 18 include/linux/perf_event.h | 8 include/linux/stmmac.h | 1 include/linux/uprobes.h | 2 include/linux/virtio_net.h | 4 include/net/mana/gdma.h | 10 include/net/mana/mana.h | 3 include/uapi/linux/cec.h | 6 include/uapi/linux/netfilter/nf_tables.h | 2 io_uring/net.c | 4 kernel/bpf/verifier.c | 26 kernel/events/core.c | 33 kernel/events/uprobes.c | 4 kernel/fork.c | 32 kernel/jump_label.c | 52 kernel/rcu/rcuscale.c | 4 kernel/resource.c | 58 kernel/sched/psi.c | 26 kernel/static_call_inline.c | 13 kernel/trace/trace_hwlat.c | 2 kernel/trace/trace_osnoise.c | 22 lib/buildid.c | 90 mm/Kconfig | 25 mm/slab_common.c | 7 net/bluetooth/hci_core.c | 2 net/bluetooth/hci_event.c | 15 net/bluetooth/hci_sock.c | 21 net/bluetooth/iso.c | 36 net/bluetooth/l2cap_core.c | 8 net/bluetooth/l2cap_sock.c | 52 net/bluetooth/mgmt.c | 23 net/core/dev.c | 14 net/core/gro.c | 9 net/core/netpoll.c | 15 net/dsa/slave.c | 7 net/ipv4/devinet.c | 6 net/ipv4/fib_frontend.c | 2 net/ipv4/ip_gre.c | 6 net/ipv4/netfilter/nf_dup_ipv4.c | 7 net/ipv4/tcp_ipv4.c | 3 net/ipv4/udp_offload.c | 22 net/ipv6/netfilter/nf_dup_ipv6.c | 7 net/mac80211/chan.c | 4 net/mac80211/mlme.c | 2 net/mac80211/scan.c | 2 net/mac80211/util.c | 4 net/mac802154/scan.c | 4 net/netfilter/nf_tables_api.c | 57 net/netfilter/nft_set_bitmap.c | 4 net/netfilter/nft_set_hash.c | 8 net/netfilter/nft_set_pipapo.c | 5 net/netfilter/nft_set_rbtree.c | 4 net/rxrpc/ar-internal.h | 2 net/rxrpc/io_thread.c | 10 net/rxrpc/local_object.c | 2 net/sched/sch_taprio.c | 4 net/sctp/socket.c | 4 net/tipc/bearer.c | 8 net/wireless/nl80211.c | 15 rust/kernel/sync/locked_by.rs | 18 scripts/kconfig/qconf.cc | 2 security/Kconfig | 32 security/tomoyo/domain.c | 9 sound/core/init.c | 14 sound/core/oss/mixer_oss.c | 4 sound/isa/gus/gus_pcm.c | 4 sound/pci/asihpi/hpimsgx.c | 2 sound/pci/hda/hda_controller.h | 2 sound/pci/hda/hda_generic.c | 4 sound/pci/hda/hda_intel.c | 10 sound/pci/hda/patch_conexant.c | 24 sound/pci/hda/patch_realtek.c | 4 sound/pci/rme9652/hdsp.c | 6 sound/pci/rme9652/hdspm.c | 6 sound/soc/atmel/mchp-pdmc.c | 3 sound/soc/codecs/wsa883x.c | 16 sound/soc/fsl/imx-card.c | 1 sound/usb/card.c | 6 sound/usb/line6/podhd.c | 2 sound/usb/mixer.c | 35 sound/usb/mixer.h | 1 sound/usb/quirks-table.h | 2287 ++-------- sound/usb/quirks.c | 4 tools/arch/x86/kcpuid/kcpuid.c | 12 tools/bpf/bpftool/net.c | 11 tools/include/nolibc/arch-powerpc.h | 2 tools/perf/util/hist.c | 7 tools/perf/util/machine.c | 17 tools/perf/util/setup.py | 4 tools/perf/util/thread.c | 4 tools/perf/util/thread.h | 1 tools/testing/selftests/breakpoints/step_after_suspend_test.c | 5 tools/testing/selftests/hid/Makefile | 2 tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 2 tools/testing/selftests/mm/write_to_hugetlbfs.c | 21 tools/testing/selftests/netfilter/nft_audit.sh | 57 tools/testing/selftests/nolibc/nolibc-test.c | 4 tools/testing/selftests/vDSO/parse_vdso.c | 17 tools/testing/selftests/vDSO/vdso_config.h | 10 tools/testing/selftests/vDSO/vdso_test_correctness.c | 6 tools/tracing/rtla/src/osnoise_top.c | 2 tools/tracing/rtla/src/timerlat_top.c | 4 387 files changed, 4126 insertions(+), 3851 deletions(-) Aakash Menon (1): net: sparx5: Fix invalid timestamps Abhishek Tamboli (1): ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 Adrian Ratiu (1): proc: add config & param to block forcing mem writes Ahmed S. Darwish (1): tools/x86/kcpuid: Protect against faulty "max subleaf" values Ai Chao (1): ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 Ajit Pandey (1): clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL Al Viro (1): close_range(): fix the logics in descriptor table trimming Aleksander Jan Bajkowski (1): net: ethernet: lantiq_etop: fix memory disclosure Aleksandr Mishin (1): ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() Aleksandrs Vinarskis (1): ACPICA: iasl: handle empty connection_node Alex Deucher (3): drm/amdgpu/gfx9: use rlc safe mode for soft recovery drm/amdgpu/gfx11: use rlc safe mode for soft recovery drm/amdgpu/gfx10: use rlc safe mode for soft recovery Alex Hung (7): drm/amd/display: Check null pointers before using dc->clk_mgr drm/amd/display: Check stream before comparing them drm/amd/display: Check link_res->hpo_dp_link_enc before using it drm/amd/display: Avoid overflow assignment in link_dp_cts drm/amd/display: Initialize get_bytes_per_element's default to 1 drm/amd/display: Add HDR workaround for specific eDP drm/amd/display: enable_hpo_dp_link_output: Check link_res->hpo_dp_link_enc before using it Alexander F. Lent (1): accel/ivpu: Add missing MODULE_FIRMWARE metadata Alexander Shiyan (1): media: i2c: ar0521: Use cansleep version of gpiod_set_value() Alexandre Ghiti (1): riscv: Fix kernel stack size when KASAN is enabled Alexey Dobriyan (1): build-id: require program headers to be right after ELF header Alice Ryhl (1): rust: sync: require `T: Sync` for `LockedBy::access` Andrei Simion (1): ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized Andrew Davis (1): power: reset: brcmstb: Do not go into infinite loop if reset fails Andrew Jones (1): of/irq: Support #msi-cells=<0> in of_msi_get_domain Andrii Nakryiko (2): perf,x86: avoid missing caller address in stack traces captured in uprobe lib/buildid: harden build ID parsing logic Angel Iglesias (1): iio: pressure: bmp280: Allow multiple chips id per family of devices Anton Danilov (1): ipv4: ip_gre: Fix drops of small packets in ipgre_xmit Ard Biesheuvel (1): i2c: synquacer: Deal with optional PCLK correctly Armin Wolf (4): ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails ACPICA: Fix memory leak if acpi_ps_get_next_field() fails ACPI: battery: Simplify battery hook locking ACPI: battery: Fix possible crash when unregistering a battery hook Arnaldo Carvalho de Melo (2): perf python: Disable -Wno-cast-function-type-mismatch if present on clang perf python: Allow checking for the existence of warning options in clang Artem Sadovnikov (1): ext4: fix i_data_sem unlock order in ext4_ind_migrate() Aruna Ramakrishna (2): x86/pkeys: Add PKRU as a parameter in signal handling functions x86/pkeys: Restore altstack access in sigreturn() Asad Kamal (1): drm/amdgpu: Fix get each xcp macro Baojun Xu (1): ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop Baokun Li (9): ext4: avoid use-after-free in ext4_ext_show_leaf() ext4: fix slab-use-after-free in ext4_split_extent_at() ext4: propagate errors from ext4_find_extent() in ext4_insert_range() ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free ext4: aovid use-after-free in ext4_ext_insert_extent() ext4: fix double brelse() the buffer of the extents path ext4: update orig_path in ext4_find_extent() jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error cachefiles: fix dentry leak in cachefiles_open_file() Barnabás Czémán (1): iio: magnetometer: ak8975: Fix reading for ak099xx sensors Beleswar Padhi (1): remoteproc: k3-r5: Acquire mailbox handle during probe routine Ben Dooks (1): spi: s3c64xx: fix timeout counters in flush_fifo Benjamin Gaignard (1): media: usbtv: Remove useless locks in usbtv_video_free() Benjamin Lin (1): wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation Biju Das (1): spi: rpc-if: Add missing MODULE_DEVICE_TABLE Breno Leitao (1): netpoll: Ensure clean state on setup failures Bryan O'Donoghue (3): media: ov5675: Fix power on/off delay timings media: qcom: camss: Remove use_count guard in stop_streaming media: qcom: camss: Fix ordering of pm_runtime_enable Chen Yu (1): efi/unaccepted: touch soft lockup during memory accept Chih-Kang Chang (1): wifi: rtw89: avoid to add interface to list twice when SER Christoph Hellwig (2): loop: don't set QUEUE_FLAG_NOMERGES iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release Christophe JAILLET (4): ALSA: mixer_oss: Remove some incorrect kfree_const() usages ALSA: gus: Fix some error handling paths related to get_bpos() usage i2c: synquacer: Remove a clk reference from struct synquacer_i2c null_blk: Remove usage of the deprecated ida_simple_xx() API Christophe Leroy (4): selftests: vDSO: fix vDSO name for powerpc selftests: vDSO: fix vdso_config for powerpc selftests: vDSO: fix vDSO symbols lookup for powerpc64 powerpc/vdso: Fix VDSO data access when running in a non-root time namespace Chuck Lever (1): NFSD: Fix NFSv4's PUTPUBFH operation Chun-Yi Lee (1): aoe: fix the potential use-after-free problem in more places Ckath (1): platform/x86: touchscreen_dmi: add nanote-next quirk Colin Ian King (1): r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" Csókás, Bence (2): net: fec: Restart PPS after link state change net: fec: Reload PTP registers after link-state change Damien Le Moal (3): ata: pata_serverworks: Do not use the term blacklist ata: sata_sil: Rename sil_blacklist to sil_quirks null_blk: Fix return value of nullb_device_power_store() Daniel Borkmann (2): net: Add netif_get_gro_max_size helper for GRO net: Fix gso_features_check to check for both dev->gso_{ipv4_,}max_size Daniel Wagner (1): scsi: pm8001: Do not overwrite PCI queue mapping Danilo Krummrich (1): mm: krealloc: consider spare memory for __GFP_ZERO Darrick J. Wong (1): iomap: constrain the file range passed to iomap_file_unshare David Hildenbrand (1): selftests/mm: fix charge_reserved_hugetlb.sh test David Howells (1): rxrpc: Fix a race between socket set up and I/O thread creation David Sterba (2): btrfs: relocation: return bool from btrfs_should_ignore_reloc_root btrfs: relocation: constify parameters where possible David Virag (2): dt-bindings: clock: exynos7885: Fix duplicated binding clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix Denis Pauk (1): hwmon: (nct6775) add G15CF to ASUS WMI monitoring list Dmitry Antipov (1): net: sched: consistently use rcu_replace_pointer() in taprio_change() Dmitry Baryshkov (1): clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks Dmitry Kandybka (1): wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Easwar Hariharan (1): arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 Eder Zulian (1): rtla: Fix the help text in osnoise and timerlat top tools Edward Adam Davis (3): jfs: Fix uaf in dbFreeBits jfs: check if leafidx greater than num leaves per dmap tree ext4: no need to continue when the number of entries is 1 Elena Salomatkina (1): net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Emanuele Ghidoli (1): gpio: davinci: fix lazy disable Eric Dumazet (5): netfilter: nf_tables: prevent nf_skb_duplicated corruption net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: add more sanity checks to qdisc_pkt_len_init() net: test for not too small csum_start in virtio_net_hdr_to_skb() ppp: do not assume bh is held in ppp_channel_bridge_input() Fangrui Song (1): crypto: x86/sha256 - Add parentheses around macros' single arguments Felix Fietkau (2): wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker Filipe Manana (2): btrfs: send: fix invalid clone operation for file that got its size decreased btrfs: wait for fixup workers before stopping cleaner kthread during umount Finn Thain (1): scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers Gabe Teeger (1): drm/amd/display: Revert Avoid overflow assignment Gautham Ananthakrishna (1): ocfs2: reserve space for inline xattr before attaching reflink tree Geert Uytterhoeven (2): drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() of/irq: Refer to actual buffer size in of_irq_parse_one() Gerd Bayer (1): net/mlx5: Fix error path in multi-packet WQE transmit Gergo Koteles (1): platform/x86: lenovo-ymc: Ignore the 0x0 state Greg Kroah-Hartman (1): Linux 6.6.55 Gustavo A. R. Silva (1): wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Haiyang Zhang (2): net: mana: Enable MANA driver on ARM64 with 4K page size net: mana: Add support for page sizes other than 4KB on ARM64 Hans P. Moller (1): ALSA: line6: add hw monitor volume control to POD HD500X Hans Verkuil (1): media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Hans de Goede (7): ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 HID: Ignore battery for all ELAN I2C-HID devices power: supply: hwmon: Fix missing temp1_max_alarm attribute ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] platform/x86: x86-android-tablets: Create a platform_device from module_init() platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors Haoran Zhang (1): vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Haren Myneni (1): powerpc/pseries: Use correct data types from pseries_hp_errorlog struct Heiko Carstens (1): selftests: vDSO: fix vdso_config for s390 Heiner Kallweit (2): i2c: core: Lock address during client device instantiation r8169: add tally counter fields added with RTL8125 Helge Deller (4): parisc: Fix itlb miss handler for 64-bit programs parisc: Fix 64-bit userspace syscall path parisc: Allow mmap(MAP_STACK) memory to automatically expand upwards parisc: Fix stack start for ADDR_NO_RANDOMIZE personality Heming Zhao (1): ocfs2: fix the la space leak when unmounting an ocfs2 volume Herbert Xu (4): crypto: octeontx - Fix authenc setkey crypto: octeontx2 - Fix authenc setkey crypto: simd - Do not call crypto_alloc_tfm during registration crypto: octeontx* - Select CRYPTO_AUTHENC Hilda Wu (2): Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 Bluetooth: btrtl: Set msft ext address filter quirk for RTL8852B Huang Ying (1): resource: fix region_intersects() vs add_memory_driver_managed() Hui Wang (1): ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m Ian Rogers (1): perf callchain: Fix stitch LBR memory leaks Ido Schimmel (1): ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Ilan Peer (1): wifi: iwlwifi: mvm: Fix a race in scan abort flow Issam Hamdi (1): wifi: cfg80211: Set correct chandef when starting CAC James Clark (1): drivers/perf: arm_spe: Use perf_allow_kernel() for permissions Jan Kiszka (1): remoteproc: k3-r5: Fix error handling when power-up failed Jan Lalinsky (1): ALSA: usb-audio: Add native DSD support for Luxman D-08u Jani Nikula (1): drm/i915/gem: fix bitwise and logical AND mixup Jaroslav Kysela (1): ALSA: core: add isascii() check to card ID generator Jason Xing (1): tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process Javier Carrasco (1): drm/mediatek: ovl_adaptor: Add missing of_node_put() Jens Axboe (1): io_uring/net: harden multishot termination case for recv Jens Remus (1): selftests: vDSO: fix ELF hash table entry size for s390x Jeongjun Park (1): net/xen-netback: prevent UAF in xenvif_flush_hash() Jesse Zhang (1): drm/amdkfd: Fix resource leak in criu restore queue Jianbo Liu (1): net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice Jiawei Ye (1): mac802154: Fix potential RCU dereference issue in mac802154_scan_worker Jiawen Wu (1): net: pcs: xpcs: fix the wrong register that was written back Jinjie Ruan (12): ieee802154: Fix build error net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable() Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() nfp: Use IRQF_NO_AUTOEN flag in request_irq() spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled spi: spi-cadence: Fix pm_runtime_set_suspended() with runtime pm enabled spi: spi-cadence: Fix missing spi_controller_is_target() check i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled spi: bcm63xx: Fix module autoloading spi: bcm63xx: Fix missing pm_runtime_disable() Jisheng Zhang (1): riscv: define ILLEGAL_POINTER_VALUE for 64bit Johannes Berg (3): wifi: iwlwifi: mvm: drop wrong STA selection in TX wifi: iwlwifi: mvm: use correct key iteration wifi: mac80211: fix RCU list iterations Johannes Weiner (1): sched: psi: fix bogus pressure spikes from aggregation race Jonathan Gray (1): Revert "drm/amd/display: Skip Recompute DSC Params if no Stream on Link" Josef Bacik (1): btrfs: drop the backref cache during relocation if we commit Joseph Qi (2): ocfs2: fix uninit-value in ocfs2_get_block() ocfs2: cancel dqi_sync_work before freeing oinfo Joshua Pius (1): ALSA: usb-audio: Add logitech Audio profile quirk Julian Sun (1): ocfs2: fix null-ptr-deref when journal load failed. Juntong Deng (1): bpf: Make the pointer returned by iter next method valid Justin Tee (1): scsi: lpfc: Update PRLO handling in direct attached topology Kaixin Wang (2): fbdev: pxafb: Fix possible use after free in pxafb_task() i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition Karthikeyan Periyasamy (2): wifi: ath12k: fix array out-of-bound access in SoC stats wifi: ath11k: fix array out-of-bound access in SoC stats Katya Orlova (1): drm/stm: Avoid use-after-free issues with crtc and plane Kees Cook (2): x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() scsi: aacraid: Rearrange order of struct aac_srb_unit Kemeng Shi (1): jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit KhaiWenTan (1): net: stmmac: Fix zero-division error when disabling tc cbs Kieran Bingham (1): media: i2c: imx335: Enable regulator supplies Kimriver Liu (1): i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled Konrad Dybcio (1): drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs Konstantin Ovsepian (1): blk_iocost: fix more out of bound shifts Krzysztof Kozlowski (7): net: hisilicon: hip04: fix OF node leak in probe() net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() net: hisilicon: hns_mdio: fix OF node leak in probe() ASoC: codecs: wsa883x: Handle reading version failure firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() memory: tegra186-emc: drop unused to_tegra186_emc() rtc: at91sam9: fix OF node leak in probe() error path Kuan-Wei Chiu (2): bpftool: Fix undefined behavior caused by shifting into the sign bit bpftool: Fix undefined behavior in qsort(NULL, 0, ...) Kuniyuki Iwashima (1): ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). Laurent Pinchart (1): media: sun4i_csi: Implement link validate for sun4i_csi subdev Li Lingfeng (1): nfsd: map the EBADMSG to nfserr_io to avoid warning Li Zetao (1): spi: spi-cadence: Use helper function devm_clk_get_enabled() Lianqin Hu (1): ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET Liao Chen (1): mailbox: rockchip: fix a typo in module autoloading Lizhi Xu (2): ocfs2: remove unreasonable unlock in ocfs2_read_blocks ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Long Li (2): RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page RDMA/mana_ib: use the correct page table index based on hardware page size Lu Baolu (1): iommu/vt-d: Always reserve a domain ID for identity setup Luis Henriques (SUSE) (7): ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() ext4: fix fast commit inode enqueueing during a full journal commit ext4: use handle to mark fc as ineligible in __track_dentry_update() ext4: mark fc as ineligible using an handle in ext4_xattr_set() Luiz Augusto von Dentz (6): Bluetooth: MGMT: Fix possible crash on mgmt_index_removed Bluetooth: L2CAP: Fix uaf in l2cap_connect Bluetooth: hci_sock: Fix not validating setsockopt user input Bluetooth: ISO: Fix not validating setsockopt user input Bluetooth: L2CAP: Fix not validating setsockopt user input Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Luo Gengkun (1): perf/core: Fix small negative period being ignored Ma Ke (1): drm: omapdrm: Add missing check for alloc_ordered_workqueue Mads Bligaard Nielsen (1): drm/bridge: adv7511: fix crash on irq during probe Mahesh Rajashekhara (1): scsi: smartpqi: correct stream detection Manivannan Sadhasivam (3): clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable() dt-bindings: clock: qcom: Add missing UFS QREF clocks Marc Ferland (1): i2c: xiic: improve error message when transfer fails to start Marek Vasut (1): i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume Mario Limonciello (2): ACPI: CPPC: Add support for setting EPP register in FFH drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` Mark Pearson (1): platform/x86: think-lmi: Fix password opcode ordering for workstations Mark Rutland (3): arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS arm64: cputype: Add Neoverse-N3 definitions arm64: errata: Expand speculative SSBS workaround once more Masahiro Yamada (1): kconfig: qconf: fix buffer overflow in debug links Matt Fleming (1): perf hist: Update hist symbol when updating maps Matthew Brost (1): drm/printer: Allow NULL data in devcoredump printer Mike Baynton (1): ovl: fail if trusted xattrs are needed but caller lacks permission Mike Tipton (1): clk: qcom: clk-rpmh: Fix overflow in BCM vote Miquel Sabaté Solà (1): cpufreq: Avoid a bad reference count on CPU node Miri Korenblit (1): wifi: iwlwifi: mvm: avoid NULL pointer dereference Mohamed Khalfella (1): net/mlx5: Added cond_resched() to crdump collection Namhyung Kim (2): perf: Really fix event_function_call() locking perf report: Fix segfault when 'sym' sort key is not used Namjae Jeon (1): ksmbd: add refcnt to ksmbd_conn struct NeilBrown (1): nfsd: fix delegation_blocked() to block correctly for at least 30 seconds Nicolin Chen (1): iommufd: Fix protection fault in iommufd_test_syz_conv_iova Nuno Sa (2): Input: adp5589-keys - fix NULL pointer dereference Input: adp5589-keys - fix adp5589_gpio_get_value() Oder Chiou (1): ALSA: hda/realtek: Fix the push button function for the ALC257 Oleg Nesterov (1): uprobes: fix kernel info leak via "[uprobes]" vma Pablo Neira Ayuso (2): netfilter: nf_tables: fix memleak in map from abort path netfilter: nf_tables: restore set elements when delete set fails Pali Rohár (3): cifs: Remove intermediate object of failed create reparse call cifs: Fix buffer overflow when parsing NFS reparse points cifs: Do not convert delimiter when parsing NFS-style symlinks Patrick Donnelly (1): ceph: fix cap ref leak via netfs init_request Paul E. McKenney (1): rcuscale: Provide clear error when async specified without primitives Pei Xiao (1): ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() Peng Liu (2): drm/amdgpu: add raven1 gfxoff quirk drm/amdgpu: enable gfxoff quirk on HP 705G4 Peter Zijlstra (2): jump_label: Fix static_key_slow_dec() yet again perf: Fix event_function_call() locking Phil Sutter (2): netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED selftests: netfilter: Fix nft_audit.sh for newer nft binaries Philip Yang (1): drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pierre-Eric Pelloux-Prayer (1): drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit Ping-Ke Shih (1): wifi: rtw89: correct base HT rate mask for firmware Qu Wenruo (1): btrfs: fix a NULL pointer dereference when failed to start a new trasacntion Rafael J. Wysocki (1): ACPI: EC: Do not release locks during operation region accesses Rafael Rocha (1): scsi: st: Fix input/output error on empty drive reset Ravikanth Tuniki (1): dt-bindings: net: xlnx,axi-ethernet: Add missing reg minItems Remington Brasga (1): jfs: UBSAN: shift-out-of-bounds in dbFindBits Robert Hancock (2): i2c: xiic: Try re-initialization on bus busy timeout i2c: xiic: Wait for TX empty to avoid missed TX NAKs Sanjay K Kumar (1): iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count Satya Priya Kakitapalli (4): clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x clk: qcom: gcc-sc8180x: Add GPLL9 support Sebastian Reichel (1): clk: rockchip: fix error for unknown clocks Seiji Nishikawa (1): ACPI: PAD: fix crash in exit_round_robin() Shenwei Wang (1): net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check Simon Horman (4): tipc: guard against string buffer overrun net: mvpp2: Increase size of queue_name buffer bnxt_en: Extend maximum length of version string by 1 byte net: atlantic: Avoid warning about potential string truncation Srinivasan Shanmugam (6): drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation drm/amd/display: Fix index out of bounds in degamma hardware format translation drm/amd/display: Fix index out of bounds in DCN30 color transformation Stefan Mätje (1): can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode Stefan Wahren (1): mailbox: bcm2835: Fix timeout during suspend mode Steve French (1): smb3: fix incorrect mode displayed for read-only files Takashi Iwai (8): ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin ALSA: usb-audio: Add input value sanity checks for standard types ALSA: usb-audio: Define macros for quirk table entries ALSA: usb-audio: Replace complex quirk lines with macros ALSA: asihpi: Fix potential OOB array access ALSA: hdsp: Break infinite MIDI input flush loop Revert "ALSA: hda: Conditionally use snooping for AMD HDMI" Tao Liu (1): x86/kexec: Add EFI config table identity mapping for kexec kernel Tetsuo Handa (1): tomoyo: fallback to realpath if symlink's pathname does not exist Thadeu Lima de Souza Cascardo (1): ext4: ext4_search_dir should return a proper error Thomas Gleixner (4): static_call: Handle module init failure correctly in static_call_del_module() static_call: Replace pointless WARN_ON() in static_call_module_notify() jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() x86/ioapic: Handle allocation failures gracefully Thomas Weißschuh (4): tools/nolibc: powerpc: limit stack-protector workaround to GCC selftests/nolibc: avoid passing NULL to printf("%s") fbdev: efifb: Register sysfs groups through driver core of: address: Report error on resource bounds overflow Thomas Zimmermann (1): drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS Tim Huang (3): drm/amd/display: fix double free issue during amdgpu module unload drm/amdgpu: fix unchecked return value warning for amdgpu_gfx drm/amd/pm: ensure the fw_info is not null before using it Toke Høiland-Jørgensen (1): wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Tom Chung (1): drm/amd/display: Fix system hang while resume with TBT monitor Tvrtko Ursulin (1): drm/sched: Add locking to drm_sched_entity_modify_sched Udit Kumar (1): remoteproc: k3-r5: Delay notification of wakeup event Umang Jain (1): media: imx335: Fix reset-gpio handling Uwe Kleine-König (1): cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock Val Packett (2): drm/rockchip: vop: clear DMA stop bit on RK3066 drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 Vasileios Amoiridis (4): iio: pressure: bmp280: Improve indentation and line wrapping iio: pressure: bmp280: Use BME prefix for BME280 specifics iio: pressure: bmp280: Fix regmap for BMP280 device iio: pressure: bmp280: Fix waiting time for BMP3xx configuration Victor Skvortsov (1): drm/amdgpu: Block MMR_READ IOCTL in reset Vishnu Sankar (1): HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio Vitaly Lifshits (1): e1000e: avoid failing the system during pm_suspend Vladimir Oltean (1): net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Wei Li (4): tracing/hwlat: Fix a race during cpuhp processing tracing/timerlat: Drop interface_lock in stop_kthread() tracing/timerlat: Fix a race during cpuhp processing tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline Willem de Bruijn (2): vrf: revert "vrf: Remove unnecessary RCU-bh critical section" gso: fix udp gso fraglist segmentation after pull from frag_list Wolfram Sang (1): i2c: create debugfs entry per adapter Xiaolei Wang (1): net: stmmac: move the EST lock to struct stmmac_priv Xiaxi Shen (1): ext4: fix timer use-after-free on failed mount Xin Long (1): sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start Xiubo Li (1): ceph: remove the incorrect Fw reference check when dirtying pages Yannick Fertre (1): drm/stm: ltdc: reset plane transparency after plane disable Yifei Liu (1): selftests: breakpoints: use remaining time to check if suspend succeed Yosry Ahmed (1): mm: z3fold: deprecate CONFIG_Z3FOLD Yu Kuai (1): null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Yuezhang Mo (1): exfat: fix memory leak in exfat_load_bitmap() Yun Lu (1): selftest: hid: add missing run-hid-tools-tests.sh Zach Wade (1): platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Zhao Mengmeng (1): jfs: Fix uninit-value access of new_ea in ea_buffer Zheng Wang (1): media: venus: fix use after free bug in venus_remove due to race condition Zhihao Cheng (3): ext4: dax: fix overflowing extents beyond inode size when partially writing ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Revert "ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path" Zong-Zhe Yang (1): wifi: rtw88: select WANT_DEV_COREDUMP wangrong (1): smb: client: use actual path when queryfs yao.ly (1): ext4: correct encrypted dentry name hash when not casefolded

8 months, 2 weeks

1
1
0 0

Linux 6.11.3

by Greg Kroah-Hartman

I'm announcing the release of the 6.11.3 kernel. All users of the 6.11 kernel series must upgrade. The updated 6.11.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.11.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-fs-f2fs | 22 Documentation/admin-guide/kernel-parameters.txt | 10 Documentation/arch/arm64/silicon-errata.rst | 6 Documentation/devicetree/bindings/net/xlnx,axi-ethernet.yaml | 3 Documentation/networking/net_cachelines/net_device.rst | 2 Documentation/rust/general-information.rst | 4 Makefile | 2 arch/arm/crypto/aes-ce-glue.c | 2 arch/arm/crypto/aes-neonbs-glue.c | 2 arch/arm64/Kconfig | 7 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/kvm_host.h | 25 arch/arm64/kernel/cpu_errata.c | 3 arch/arm64/mm/trans_pgd.c | 6 arch/loongarch/configs/loongson3_defconfig | 1 arch/parisc/include/asm/mman.h | 14 arch/parisc/kernel/entry.S | 6 arch/parisc/kernel/syscall.S | 14 arch/powerpc/configs/ppc64_defconfig | 1 arch/powerpc/include/asm/vdso_datapage.h | 15 arch/powerpc/kernel/asm-offsets.c | 2 arch/powerpc/kernel/vdso/cacheflush.S | 2 arch/powerpc/kernel/vdso/datapage.S | 4 arch/powerpc/platforms/pseries/dlpar.c | 17 arch/powerpc/platforms/pseries/hotplug-cpu.c | 2 arch/powerpc/platforms/pseries/hotplug-memory.c | 16 arch/powerpc/platforms/pseries/pmem.c | 2 arch/riscv/Kconfig | 8 arch/riscv/include/asm/thread_info.h | 7 arch/x86/crypto/sha256-avx2-asm.S | 16 arch/x86/events/core.c | 63 arch/x86/include/asm/apic.h | 8 arch/x86/include/asm/fpu/signal.h | 2 arch/x86/include/asm/sev.h | 2 arch/x86/include/asm/syscall.h | 7 arch/x86/kernel/apic/apic_flat_64.c | 119 arch/x86/kernel/apic/io_apic.c | 46 arch/x86/kernel/cpu/bugs.c | 14 arch/x86/kernel/cpu/common.c | 4 arch/x86/kernel/fpu/signal.c | 6 arch/x86/kernel/machine_kexec_64.c | 27 arch/x86/kernel/signal.c | 3 arch/x86/kernel/signal_64.c | 6 arch/x86/mm/ident_map.c | 23 block/blk-iocost.c | 8 block/ioctl.c | 9 crypto/simd.c | 76 drivers/accel/ivpu/ivpu_fw.c | 4 drivers/acpi/acpi_pad.c | 6 drivers/acpi/acpica/dbconvert.c | 2 drivers/acpi/acpica/exprep.c | 3 drivers/acpi/acpica/psargs.c | 47 drivers/acpi/apei/einj-cxl.c | 2 drivers/acpi/battery.c | 28 drivers/acpi/cppc_acpi.c | 10 drivers/acpi/ec.c | 55 drivers/acpi/resource.c | 22 drivers/acpi/video_detect.c | 17 drivers/ata/pata_serverworks.c | 16 drivers/ata/sata_sil.c | 12 drivers/block/aoe/aoecmd.c | 13 drivers/bluetooth/btmrvl_sdio.c | 3 drivers/bluetooth/btrtl.c | 1 drivers/bluetooth/btusb.c | 2 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/clk-rpmh.c | 2 drivers/clk/qcom/dispcc-sm8250.c | 3 drivers/clk/qcom/gcc-sc8180x.c | 438 - drivers/clk/qcom/gcc-sm8250.c | 6 drivers/clk/qcom/gcc-sm8450.c | 4 drivers/clk/rockchip/clk.c | 3 drivers/clk/samsung/clk-exynos7885.c | 2 drivers/cpufreq/amd-pstate.c | 14 drivers/cpufreq/intel_pstate.c | 16 drivers/cpufreq/loongson3_cpufreq.c | 2 drivers/crypto/hisilicon/sgl.c | 14 drivers/crypto/marvell/Kconfig | 2 drivers/crypto/marvell/octeontx/otx_cptvf_algs.c | 261 - drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c | 254 - drivers/firmware/sysfb.c | 4 drivers/firmware/tegra/bpmp.c | 6 drivers/gpio/gpio-davinci.c | 8 drivers/gpio/gpiolib.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 35 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 43 drivers/gpu/drm/amd/amdgpu/amdgpu_xcp.h | 2 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 8 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 12 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 132 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 54 drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 50 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 18 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 5 drivers/gpu/drm/amd/amdkfd/soc15_int.h | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 86 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 20 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 3 drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 2 drivers/gpu/drm/amd/display/dc/core/dc.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c | 96 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 34 drivers/gpu/drm/amd/display/dc/core/dc_state.c | 10 drivers/gpu/drm/amd/display/dc/dc_types.h | 1 drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 3 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 2 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 7 drivers/gpu/drm/amd/display/dc/dml/dml1_display_rq_dlg_calc.c | 2 drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c | 6 drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 93 drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared.c | 4 drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_shared_types.h | 2 drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c | 1 drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 20 drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h | 1 drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.c | 23 drivers/gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 3 drivers/gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 3 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 26 drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 4 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 48 drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 7 drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c | 4 drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 11 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 8 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 111 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.h | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_init.c | 2 drivers/gpu/drm/amd/display/dc/inc/hw/dchubbub.h | 1 drivers/gpu/drm/amd/display/dc/inc/resource.h | 5 drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c | 5 drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_dio.c | 5 drivers/gpu/drm/amd/display/dc/link/link_factory.c | 2 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 2 drivers/gpu/drm/amd/display/dc/resource/dce112/dce112_resource.c | 5 drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c | 3 drivers/gpu/drm/amd/display/dc/resource/dcn201/dcn201_resource.c | 4 drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c | 3 drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c | 10 drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource_helpers.c | 14 drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c | 1 drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.c | 3 drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c | 2 drivers/gpu/drm/display/drm_hdmi_state_helper.c | 4 drivers/gpu/drm/drm_atomic_uapi.c | 2 drivers/gpu/drm/drm_debugfs.c | 4 drivers/gpu/drm/drm_print.c | 13 drivers/gpu/drm/i915/display/intel_ddi.c | 2 drivers/gpu/drm/i915/display/intel_dp.c | 22 drivers/gpu/drm/i915/display/intel_psr.c | 32 drivers/gpu/drm/i915/display/intel_psr.h | 2 drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 2 drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 4 drivers/gpu/drm/msm/adreno/adreno_gpu.c | 1 drivers/gpu/drm/msm/msm_gpu.c | 1 drivers/gpu/drm/omapdrm/omap_drv.c | 5 drivers/gpu/drm/panthor/panthor_mmu.c | 8 drivers/gpu/drm/panthor/panthor_sched.c | 36 drivers/gpu/drm/radeon/r100.c | 70 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 1 drivers/gpu/drm/rockchip/rockchip_vop_reg.c | 2 drivers/gpu/drm/scheduler/sched_entity.c | 14 drivers/gpu/drm/scheduler/sched_main.c | 7 drivers/gpu/drm/stm/drv.c | 3 drivers/gpu/drm/stm/ltdc.c | 76 drivers/gpu/drm/v3d/v3d_submit.c | 6 drivers/gpu/drm/xe/Makefile | 24 drivers/gpu/drm/xe/display/intel_fbdev_fb.c | 6 drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 8 drivers/gpu/drm/xe/display/xe_plane_initial.c | 6 drivers/gpu/drm/xe/xe_bo.c | 4 drivers/gpu/drm/xe/xe_device.c | 8 drivers/gpu/drm/xe/xe_device_types.h | 17 drivers/gpu/drm/xe/xe_drm_client.c | 9 drivers/gpu/drm/xe/xe_exec_queue.c | 2 drivers/gpu/drm/xe/xe_exec_queue_types.h | 6 drivers/gpu/drm/xe/xe_execlist.c | 3 drivers/gpu/drm/xe/xe_gpu_scheduler.c | 5 drivers/gpu/drm/xe/xe_gpu_scheduler.h | 2 drivers/gpu/drm/xe/xe_gt_pagefault.c | 55 drivers/gpu/drm/xe/xe_gt_types.h | 9 drivers/gpu/drm/xe/xe_guc_pc.c | 2 drivers/gpu/drm/xe/xe_guc_submit.c | 76 drivers/gpu/drm/xe/xe_guc_types.h | 2 drivers/gpu/drm/xe/xe_lrc.c | 35 drivers/gpu/drm/xe/xe_oa.c | 9 drivers/gpu/drm/xe/xe_pci.c | 2 drivers/gpu/drm/xe/xe_preempt_fence.c | 12 drivers/gpu/drm/xe/xe_vm.c | 32 drivers/gpu/drm/xe/xe_vram.c | 1 drivers/gpu/drm/xe/xe_wa_oob.rules | 3 drivers/hid/bpf/hid_bpf_struct_ops.c | 14 drivers/hid/hid-ids.h | 17 drivers/hid/hid-input.c | 37 drivers/hid/hid-multitouch.c | 6 drivers/hid/i2c-hid/i2c-hid-core.c | 42 drivers/hwmon/nct6775-platform.c | 1 drivers/i2c/busses/i2c-designware-common.c | 14 drivers/i2c/busses/i2c-designware-core.h | 1 drivers/i2c/busses/i2c-designware-master.c | 38 drivers/i2c/busses/i2c-qcom-geni.c | 4 drivers/i2c/busses/i2c-stm32f7.c | 6 drivers/i2c/busses/i2c-synquacer.c | 5 drivers/i2c/busses/i2c-xiic.c | 21 drivers/i2c/i2c-core-base.c | 28 drivers/i3c/master/svc-i3c-master.c | 1 drivers/idle/intel_idle.c | 14 drivers/iio/magnetometer/ak8975.c | 32 drivers/iio/pressure/bmp280-core.c | 9 drivers/iio/pressure/bmp280-regmap.c | 45 drivers/iio/pressure/bmp280.h | 1 drivers/infiniband/hw/mana/main.c | 8 drivers/input/keyboard/adp5589-keys.c | 22 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 37 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 drivers/iommu/intel/dmar.c | 16 drivers/iommu/intel/iommu.c | 6 drivers/iommu/intel/pasid.c | 12 drivers/leds/leds-pca9532.c | 5 drivers/mailbox/Kconfig | 1 drivers/mailbox/bcm2835-mailbox.c | 3 drivers/mailbox/rockchip-mailbox.c | 2 drivers/media/common/videobuf2/videobuf2-core.c | 7 drivers/media/i2c/ar0521.c | 5 drivers/media/i2c/imx335.c | 9 drivers/media/i2c/ov5675.c | 12 drivers/media/platform/qcom/camss/camss-video.c | 6 drivers/media/platform/qcom/camss/camss.c | 5 drivers/media/platform/qcom/venus/core.c | 1 drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 drivers/memory/tegra/tegra186-emc.c | 5 drivers/net/can/dev/netlink.c | 102 drivers/net/ethernet/aquantia/atlantic/aq_ethtool.c | 4 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 drivers/net/ethernet/freescale/fec.h | 9 drivers/net/ethernet/freescale/fec_main.c | 11 drivers/net/ethernet/freescale/fec_ptp.c | 50 drivers/net/ethernet/hisilicon/hip04_eth.c | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 1 drivers/net/ethernet/hisilicon/hns_mdio.c | 1 drivers/net/ethernet/intel/e1000e/netdev.c | 19 drivers/net/ethernet/intel/ice/ice_sched.c | 6 drivers/net/ethernet/lantiq_etop.c | 4 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 8 drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 1 drivers/net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 10 drivers/net/ethernet/microchip/sparx5/sparx5_packet.c | 6 drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 31 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 18 drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 1 drivers/net/ieee802154/Kconfig | 1 drivers/net/ieee802154/mcr20a.c | 5 drivers/net/pcs/pcs-xpcs-wx.c | 2 drivers/net/phy/phy.c | 17 drivers/net/phy/realtek.c | 3 drivers/net/ppp/ppp_generic.c | 4 drivers/net/vrf.c | 2 drivers/net/wireless/ath/ath11k/dp_rx.c | 2 drivers/net/wireless/ath/ath12k/dp_rx.c | 2 drivers/net/wireless/ath/ath9k/debug.c | 4 drivers/net/wireless/ath/ath9k/hif_usb.c | 6 drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 5 drivers/net/wireless/intel/iwlwifi/fw/api/scan.h | 13 drivers/net/wireless/intel/iwlwifi/fw/regulatory.h | 2 drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 2 drivers/net/wireless/intel/iwlwifi/fw/uefi.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 16 drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c | 12 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 42 drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 12 drivers/net/wireless/marvell/mwifiex/fw.h | 2 drivers/net/wireless/marvell/mwifiex/scan.c | 3 drivers/net/wireless/mediatek/mt76/mt7915/init.c | 1 drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 4 drivers/net/wireless/mediatek/mt76/mt7915/main.c | 7 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 10 drivers/net/wireless/microchip/wilc1000/sdio.c | 7 drivers/net/wireless/realtek/rtw88/Kconfig | 1 drivers/net/wireless/realtek/rtw89/core.h | 18 drivers/net/wireless/realtek/rtw89/mac.c | 2 drivers/net/wireless/realtek/rtw89/mac80211.c | 4 drivers/net/wireless/realtek/rtw89/phy.c | 4 drivers/net/wireless/realtek/rtw89/util.h | 18 drivers/net/wwan/qcom_bam_dmux.c | 11 drivers/net/xen-netback/hash.c | 5 drivers/nvme/common/keyring.c | 58 drivers/nvme/host/Kconfig | 3 drivers/nvme/host/core.c | 1 drivers/nvme/host/fabrics.c | 2 drivers/nvme/host/ioctl.c | 22 drivers/nvme/host/nvme.h | 2 drivers/nvme/host/sysfs.c | 4 drivers/nvme/host/tcp.c | 55 drivers/of/address.c | 5 drivers/of/irq.c | 38 drivers/perf/arm_spe_pmu.c | 9 drivers/perf/riscv_pmu_legacy.c | 4 drivers/perf/riscv_pmu_sbi.c | 4 drivers/platform/mellanox/mlxbf-pmc.c | 5 drivers/platform/x86/amd/pmf/pmf-quirks.c | 8 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 4 drivers/platform/x86/lenovo-ymc.c | 2 drivers/platform/x86/touchscreen_dmi.c | 26 drivers/platform/x86/x86-android-tablets/core.c | 6 drivers/platform/x86/x86-android-tablets/other.c | 10 drivers/pmdomain/core.c | 40 drivers/power/reset/brcmstb-reboot.c | 3 drivers/power/supply/power_supply_core.c | 6 drivers/power/supply/power_supply_hwmon.c | 3 drivers/remoteproc/ti_k3_r5_remoteproc.c | 86 drivers/rtc/rtc-at91sam9.c | 1 drivers/scsi/NCR5380.c | 4 drivers/scsi/aacraid/aacraid.h | 2 drivers/scsi/lpfc/lpfc.h | 12 drivers/scsi/lpfc/lpfc_els.c | 73 drivers/scsi/lpfc/lpfc_hbadisc.c | 14 drivers/scsi/lpfc/lpfc_nportdisc.c | 22 drivers/scsi/lpfc/lpfc_scsi.c | 13 drivers/scsi/lpfc/lpfc_sli.c | 11 drivers/scsi/pm8001/pm8001_init.c | 6 drivers/scsi/smartpqi/smartpqi_init.c | 130 drivers/scsi/st.c | 5 drivers/spi/spi-bcm63xx.c | 9 drivers/spi/spi-cadence.c | 8 drivers/spi/spi-imx.c | 2 drivers/spi/spi-rpc-if.c | 7 drivers/spi/spi-s3c64xx.c | 4 drivers/vhost/scsi.c | 27 drivers/video/fbdev/efifb.c | 11 drivers/video/fbdev/pxafb.c | 1 drivers/virt/coco/sev-guest/sev-guest.c | 2 fs/afs/file.c | 1 fs/afs/fs_operation.c | 2 fs/btrfs/backref.c | 12 fs/btrfs/disk-io.c | 11 fs/btrfs/relocation.c | 99 fs/btrfs/send.c | 31 fs/cachefiles/namei.c | 7 fs/ceph/addr.c | 6 fs/ceph/mds_client.c | 12 fs/dax.c | 6 fs/exec.c | 34 fs/exfat/balloc.c | 10 fs/ext4/dir.c | 14 fs/ext4/ext4.h | 1 fs/ext4/extents.c | 55 fs/ext4/fast_commit.c | 49 fs/ext4/file.c | 8 fs/ext4/inode.c | 11 fs/ext4/migrate.c | 2 fs/ext4/move_extent.c | 1 fs/ext4/namei.c | 14 fs/ext4/resize.c | 18 fs/ext4/super.c | 25 fs/ext4/xattr.c | 3 fs/f2fs/f2fs.h | 31 fs/f2fs/gc.c | 85 fs/f2fs/gc.h | 23 fs/f2fs/segment.c | 31 fs/f2fs/super.c | 8 fs/f2fs/sysfs.c | 18 fs/file.c | 95 fs/gfs2/glock.c | 1 fs/gfs2/ops_fstype.c | 3 fs/inode.c | 14 fs/iomap/buffered-io.c | 16 fs/jbd2/checkpoint.c | 21 fs/jbd2/journal.c | 4 fs/jfs/jfs_discard.c | 11 fs/jfs/jfs_dmap.c | 7 fs/jfs/xattr.c | 2 fs/netfs/write_issue.c | 48 fs/nfsd/netns.h | 1 fs/nfsd/nfs4proc.c | 34 fs/nfsd/nfs4state.c | 6 fs/nfsd/nfs4xdr.c | 10 fs/nfsd/nfsctl.c | 2 fs/nfsd/nfssvc.c | 2 fs/nfsd/vfs.c | 1 fs/nfsd/xdr4.h | 1 fs/ocfs2/aops.c | 5 fs/ocfs2/buffer_head_io.c | 4 fs/ocfs2/journal.c | 7 fs/ocfs2/localalloc.c | 19 fs/ocfs2/quota_local.c | 8 fs/ocfs2/refcounttree.c | 26 fs/ocfs2/xattr.c | 11 fs/overlayfs/copy_up.c | 43 fs/overlayfs/params.c | 38 fs/pidfs.c | 5 fs/proc/base.c | 61 fs/proc/proc_sysctl.c | 11 fs/smb/client/cifsfs.c | 13 fs/smb/client/cifsglob.h | 2 fs/smb/client/inode.c | 19 fs/smb/client/reparse.c | 16 fs/smb/client/smb1ops.c | 2 fs/smb/client/smb2inode.c | 24 fs/smb/client/smb2ops.c | 19 fs/smb/server/connection.c | 4 fs/smb/server/connection.h | 1 fs/smb/server/oplock.c | 55 fs/smb/server/smb2pdu.c | 5 fs/smb/server/vfs_cache.c | 3 fs/smb/server/vfs_cache.h | 4 include/crypto/internal/simd.h | 12 include/drm/drm_print.h | 54 include/drm/gpu_scheduler.h | 2 include/dt-bindings/clock/exynos7885.h | 2 include/dt-bindings/clock/qcom,gcc-sc8180x.h | 1 include/linux/cpufreq.h | 6 include/linux/fdtable.h | 8 include/linux/hdmi.h | 9 include/linux/hugetlb.h | 10 include/linux/i2c.h | 3 include/linux/netdevice.h | 22 include/linux/nvme-keyring.h | 6 include/linux/perf_event.h | 8 include/linux/sched.h | 2 include/linux/sunrpc/svc.h | 4 include/linux/uprobes.h | 2 include/linux/virtio_net.h | 4 include/trace/events/netfs.h | 1 include/uapi/linux/cec.h | 6 include/uapi/linux/netfilter/nf_tables.h | 2 io_uring/io_uring.c | 5 io_uring/net.c | 4 kernel/bpf/verifier.c | 119 kernel/events/core.c | 33 kernel/events/uprobes.c | 4 kernel/fork.c | 32 kernel/jump_label.c | 34 kernel/rcu/rcuscale.c | 4 kernel/rcu/tasks.h | 82 kernel/resource.c | 58 kernel/sched/core.c | 23 kernel/sched/psi.c | 26 kernel/static_call_inline.c | 13 kernel/trace/trace_hwlat.c | 2 kernel/trace/trace_osnoise.c | 22 lib/buildid.c | 76 mm/Kconfig | 25 mm/filemap.c | 4 mm/gup.c | 1 mm/hugetlb.c | 17 mm/memfd.c | 18 mm/slab_common.c | 7 mm/slub.c | 100 net/bluetooth/hci_core.c | 2 net/bluetooth/hci_event.c | 15 net/bluetooth/l2cap_core.c | 8 net/bluetooth/mgmt.c | 23 net/bridge/br_mdb.c | 2 net/core/dev.c | 14 net/core/gro.c | 9 net/core/net-sysfs.c | 6 net/core/netdev-genl.c | 8 net/core/netpoll.c | 15 net/core/skbuff.c | 15 net/dsa/dsa.c | 7 net/ipv4/devinet.c | 6 net/ipv4/fib_frontend.c | 2 net/ipv4/ip_gre.c | 6 net/ipv4/netfilter/nf_dup_ipv4.c | 7 net/ipv4/tcp_ipv4.c | 3 net/ipv4/tcp_offload.c | 10 net/ipv4/udp_offload.c | 22 net/ipv6/netfilter/nf_dup_ipv6.c | 7 net/ipv6/tcpv6_offload.c | 10 net/l2tp/l2tp_core.c | 40 net/l2tp/l2tp_core.h | 4 net/l2tp/l2tp_netlink.c | 4 net/l2tp/l2tp_ppp.c | 3 net/mac80211/chan.c | 4 net/mac80211/mlme.c | 2 net/mac80211/scan.c | 2 net/mac80211/util.c | 4 net/mac802154/scan.c | 4 net/ncsi/ncsi-manage.c | 2 net/netfilter/nf_tables_api.c | 5 net/rxrpc/ar-internal.h | 2 net/rxrpc/io_thread.c | 10 net/rxrpc/local_object.c | 2 net/sched/sch_taprio.c | 4 net/sctp/socket.c | 4 net/sunrpc/svc.c | 31 net/tipc/bearer.c | 8 net/wireless/nl80211.c | 15 rust/Makefile | 22 rust/exports.c | 1 rust/helpers.c | 239 rust/helpers/blk.c | 14 rust/helpers/bug.c | 8 rust/helpers/build_assert.c | 25 rust/helpers/build_bug.c | 9 rust/helpers/err.c | 19 rust/helpers/helpers.c | 25 rust/helpers/kunit.c | 9 rust/helpers/mutex.c | 15 rust/helpers/page.c | 19 rust/helpers/refcount.c | 19 rust/helpers/signal.c | 9 rust/helpers/slab.c | 9 rust/helpers/spinlock.c | 24 rust/helpers/task.c | 19 rust/helpers/uaccess.c | 15 rust/helpers/wait.c | 9 rust/helpers/workqueue.c | 15 rust/kernel/sync/locked_by.rs | 18 scripts/gdb/linux/proc.py | 4 scripts/gdb/linux/rbtree.py | 12 scripts/gdb/linux/timerlist.py | 31 scripts/kconfig/parser.y | 10 scripts/kconfig/qconf.cc | 6 security/Kconfig | 32 security/tomoyo/domain.c | 9 sound/core/control.c | 55 sound/core/control_compat.c | 45 sound/core/init.c | 14 sound/core/oss/mixer_oss.c | 4 sound/isa/gus/gus_pcm.c | 4 sound/pci/asihpi/hpimsgx.c | 2 sound/pci/hda/hda_controller.h | 2 sound/pci/hda/hda_generic.c | 4 sound/pci/hda/hda_intel.c | 10 sound/pci/hda/patch_conexant.c | 24 sound/pci/hda/patch_realtek.c | 156 sound/pci/hda/samsung_helper.c | 310 - sound/pci/rme9652/hdsp.c | 6 sound/pci/rme9652/hdspm.c | 6 sound/soc/atmel/mchp-pdmc.c | 3 sound/soc/codecs/wsa883x.c | 16 sound/soc/fsl/imx-card.c | 1 sound/soc/intel/boards/bytcht_cx2072x.c | 4 sound/soc/intel/boards/bytcht_da7213.c | 4 sound/soc/intel/boards/bytcht_es8316.c | 2 sound/soc/intel/boards/bytcr_rt5640.c | 2 sound/soc/intel/boards/bytcr_rt5651.c | 2 sound/soc/intel/boards/cht_bsw_rt5645.c | 4 sound/soc/intel/boards/cht_bsw_rt5672.c | 4 sound/soc/intel/boards/sof_es8336.c | 2 sound/soc/intel/boards/sof_wm8804.c | 4 sound/soc/intel/common/soc-acpi-intel-rpl-match.c | 1 sound/soc/soc-topology.c | 4 sound/usb/card.c | 6 sound/usb/line6/podhd.c | 2 sound/usb/mixer.c | 35 sound/usb/mixer.h | 1 sound/usb/mixer_quirks.c | 413 + sound/usb/quirks-table.h | 2457 +++------- sound/usb/quirks.c | 62 tools/arch/x86/kcpuid/kcpuid.c | 12 tools/bpf/bpftool/net.c | 11 tools/hv/hv_fcopy_uio_daemon.c | 7 tools/include/nolibc/arch-powerpc.h | 2 tools/perf/util/hist.c | 7 tools/perf/util/machine.c | 17 tools/perf/util/setup.py | 4 tools/perf/util/thread.c | 4 tools/perf/util/thread.h | 1 tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c | 1 tools/testing/selftests/breakpoints/step_after_suspend_test.c | 5 tools/testing/selftests/devices/probe/test_discoverable_devices.py | 4 tools/testing/selftests/hid/Makefile | 2 tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 2 tools/testing/selftests/mm/pagemap_ioctl.c | 2 tools/testing/selftests/mm/write_to_hugetlbfs.c | 21 tools/testing/selftests/net/netfilter/conntrack_dump_flush.c | 1 tools/testing/selftests/net/netfilter/nft_audit.sh | 57 tools/testing/selftests/nolibc/nolibc-test.c | 4 tools/testing/selftests/vDSO/parse_vdso.c | 17 tools/testing/selftests/vDSO/vdso_config.h | 10 tools/testing/selftests/vDSO/vdso_test_correctness.c | 6 tools/tracing/rtla/Makefile.rtla | 2 tools/tracing/rtla/src/osnoise_top.c | 2 tools/tracing/rtla/src/timerlat_top.c | 4 595 files changed, 7353 insertions(+), 5268 deletions(-) Aakash Menon (1): net: sparx5: Fix invalid timestamps Abhishek Tamboli (1): ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 Adrian Ratiu (1): proc: add config & param to block forcing mem writes Ahmed S. Darwish (1): tools/x86/kcpuid: Protect against faulty "max subleaf" values Ahmed, Muhammad (1): drm/amd/display: guard write a 0 post_divider value to HW Ai Chao (1): ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 Ajit Pandey (1): clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL Al Viro (1): close_range(): fix the logics in descriptor table trimming Aleksander Jan Bajkowski (1): net: ethernet: lantiq_etop: fix memory disclosure Aleksandr Mishin (1): ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() Aleksandrs Vinarskis (1): ACPICA: iasl: handle empty connection_node Alessandro Zanni (1): kselftest/devices/probe: Fix SyntaxWarning in regex strings for Python3 Alex Deucher (7): drm/amdgpu/gfx12: properly handle error ints on all pipes drm/amdgpu/gfx9: properly handle error ints on all pipes drm/amdgpu/gfx9: use rlc safe mode for soft recovery drm/amdgpu/gfx11: enter safe mode before touching CP_INT_CNTL drm/amdgpu/gfx12: use rlc safe mode for soft recovery drm/amdgpu/gfx11: use rlc safe mode for soft recovery drm/amdgpu/gfx10: use rlc safe mode for soft recovery Alex Hung (15): drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags drm/amd/display: Check null pointers before using them drm/amd/display: Check null pointers before used drm/amd/display: Check null pointers before multiple uses drm/amd/display: Check null pointers before using dc->clk_mgr drm/amd/display: Initialize denominators' default to 1 drm/amd/display: Check null-initialized variables drm/amd/display: Check phantom_stream before it is used drm/amd/display: Check stream before comparing them drm/amd/display: Increase array size of dummy_boolean drm/amd/display: Fix possible overflow in integer multiplication drm/amd/display: Check stream_status before it is used drm/amd/display: Avoid overflow assignment in link_dp_cts drm/amd/display: Initialize get_bytes_per_element's default to 1 drm/amd/display: Add HDR workaround for specific eDP Alexander F. Lent (1): accel/ivpu: Add missing MODULE_FIRMWARE metadata Alexander Shiyan (1): media: i2c: ar0521: Use cansleep version of gpiod_set_value() Alexandre Ghiti (1): riscv: Fix kernel stack size when KASAN is enabled Alexey Dobriyan (1): block: fix integer overflow in BLKSECDISCARD Alice Ryhl (1): rust: sync: require `T: Sync` for `LockedBy::access` Amir Goldstein (1): ovl: fsync after metadata copy-up Anastasia Belova (1): cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value Andreas Hindborg (1): rust: kbuild: split up helpers.c Andrei Simion (1): ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized Andrew Davis (1): power: reset: brcmstb: Do not go into infinite loop if reset fails Andrew Jones (1): of/irq: Support #msi-cells=<0> in of_msi_get_domain Andrii Nakryiko (2): perf,x86: avoid missing caller address in stack traces captured in uprobe lib/buildid: harden build ID parsing logic Anjaneyulu (1): wifi: iwlwifi: allow only CN mcc from WRDD Anton Danilov (1): ipv4: ip_gre: Fix drops of small packets in ipgre_xmit Ard Biesheuvel (1): i2c: synquacer: Deal with optional PCLK correctly Armin Wolf (4): ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails ACPICA: Fix memory leak if acpi_ps_get_next_field() fails ACPI: battery: Simplify battery hook locking ACPI: battery: Fix possible crash when unregistering a battery hook Arnaldo Carvalho de Melo (2): perf python: Disable -Wno-cast-function-type-mismatch if present on clang perf python: Allow checking for the existence of warning options in clang Arnd Bergmann (1): nvme-tcp: fix link failure for TCP auth Artem Sadovnikov (1): ext4: fix i_data_sem unlock order in ext4_ind_migrate() Arun R Murthy (1): drm/i915/display: BMG supports UHBR13.5 Aruna Ramakrishna (2): x86/pkeys: Add PKRU as a parameter in signal handling functions x86/pkeys: Restore altstack access in sigreturn() Asad Kamal (1): drm/amdgpu: Fix get each xcp macro Asahi Lina (1): ALSA: usb-audio: Add mixer quirk for RME Digiface USB Aurabindo Pillai (1): drm/amd/display: fix a UBSAN warning in DML2.1 Austin Zheng (1): drm/amd/display: Unlock Pipes Based On DET Allocation Baojun Xu (1): ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop Baokun Li (10): ext4: avoid use-after-free in ext4_ext_show_leaf() ext4: fix slab-use-after-free in ext4_split_extent_at() ext4: propagate errors from ext4_find_extent() in ext4_insert_range() ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free ext4: aovid use-after-free in ext4_ext_insert_extent() ext4: fix double brelse() the buffer of the extents path ext4: update orig_path in ext4_find_extent() ext4: fix off by one issue in alloc_flex_gd() jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error cachefiles: fix dentry leak in cachefiles_open_file() Bard Liao (1): ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item Barnabás Czémán (1): iio: magnetometer: ak8975: Fix reading for ak099xx sensors Bastien Curutchet (1): leds: pca9532: Remove irrelevant blink configuration error message Beleswar Padhi (1): remoteproc: k3-r5: Acquire mailbox handle during probe routine Ben Cheatham (1): EINJ, CXL: Fix CXL device SBDF calculation Ben Dooks (1): spi: s3c64xx: fix timeout counters in flush_fifo Ben Hutchings (1): tools/rtla: Fix installation from out-of-tree build Benjamin Lin (1): wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation Benjamin Tissoires (1): HID: bpf: fix cfi stubs for hid_bpf_ops Biju Das (1): spi: rpc-if: Add missing MODULE_DEVICE_TABLE Boris Brezillon (4): drm/panthor: Lock the VM resv before calling drm_gpuvm_bo_obtain_prealloc() drm/panthor: Don't add write fences to the shared BOs drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() drm/panthor: Don't declare a queue blocked if deferred operations are pending Breno Leitao (1): netpoll: Ensure clean state on setup failures Bryan O'Donoghue (3): media: ov5675: Fix power on/off delay timings media: qcom: camss: Remove use_count guard in stop_streaming media: qcom: camss: Fix ordering of pm_runtime_enable Chao Yu (1): f2fs: fix to don't panic system for no free segment fault injection Charlene Liu (1): drm/amd/display: avoid set dispclk to 0 Chih-Kang Chang (1): wifi: rtw89: avoid to add interface to list twice when SER Chris Park (1): drm/amd/display: Deallocate DML memory if allocation fails Christian Brauner (1): pidfs: check for valid pid namespace Christian König (1): drm/sched: revert "Always increment correct scheduler score" Christoph Hellwig (1): iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release Christophe JAILLET (2): ALSA: mixer_oss: Remove some incorrect kfree_const() usages ALSA: gus: Fix some error handling paths related to get_bpos() usage Christophe Leroy (4): selftests: vDSO: fix vDSO name for powerpc selftests: vDSO: fix vdso_config for powerpc selftests: vDSO: fix vDSO symbols lookup for powerpc64 powerpc/vdso: Fix VDSO data access when running in a non-root time namespace Chuck Lever (3): NFSD: Fix NFSv4's PUTPUBFH operation NFSD: Async COPY result needs to return a write verifier NFSD: Limit the number of concurrent async COPY operations Chun-Yi Lee (1): aoe: fix the potential use-after-free problem in more places Ckath (1): platform/x86: touchscreen_dmi: add nanote-next quirk Colin Ian King (1): r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" Csókás, Bence (2): net: fec: Restart PPS after link state change net: fec: Reload PTP registers after link-state change Cyan Nyan (1): ALSA: usb-audio: Add quirk for RME Digiface USB Daeho Jeong (5): f2fs: make BG GC more aggressive for zoned devices f2fs: introduce migration_window_granularity f2fs: increase BG GC migration window granularity when boosted for zoned devices f2fs: do FG_GC when GC boosting is required for zoned devices f2fs: forcibly migrate to secure space for zoned device file pinning Damien Le Moal (2): ata: pata_serverworks: Do not use the term blacklist ata: sata_sil: Rename sil_blacklist to sil_quirks Daniel Borkmann (2): net: Add netif_get_gro_max_size helper for GRO net: Fix gso_features_check to check for both dev->gso_{ipv4_,}max_size Daniel Bristot de Oliveira (1): sched/deadline: Comment sched_dl_entity::dl_server variable Daniel Sa (1): drm/amd/display: Underflow Seen on DCN401 eGPU Daniel Sneddon (1): x86/bugs: Add missing NO_SSB flag Daniel Wagner (1): scsi: pm8001: Do not overwrite PCI queue mapping Danilo Krummrich (1): mm: krealloc: consider spare memory for __GFP_ZERO Darrick J. Wong (1): iomap: constrain the file range passed to iomap_file_unshare David Hildenbrand (1): selftests/mm: fix charge_reserved_hugetlb.sh test David Howells (5): afs: Fix missing wire-up of afs_retry_request() afs: Fix the setting of the server responding flag netfs: Fix missing wakeup after issuing writes netfs: Cancel dirty folios that have no storage destination rxrpc: Fix a race between socket set up and I/O thread creation David Kaplan (1): x86/bugs: Fix handling when SRSO mitigation is disabled David Strahan (2): scsi: smartpqi: Add new controller PCI IDs scsi: smartpqi: add new controller PCI IDs David Virag (2): dt-bindings: clock: exynos7885: Fix duplicated binding clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix Denis Pauk (1): hwmon: (nct6775) add G15CF to ASUS WMI monitoring list Derek Foreman (1): drm/connector: hdmi: Fix writing Dynamic Range Mastering infoframes Dillon Varone (1): drm/amd/display: Force enable 3DLUT DMA check for dcn401 in DML Dirk Behme (1): rust: mutex: fix __mutex_init() usage in case of PREEMPT_RT Dmitry Antipov (1): net: sched: consistently use rcu_replace_pointer() in taprio_change() Dmitry Baryshkov (1): clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks Dmitry Kandybka (1): wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Dmitry Torokhov (1): HID: i2c-hid: ensure various commands do not interfere with each other Dragos Tatulea (1): net/mlx5e: SHAMPO, Fix overflow of hd_per_wq Easwar Hariharan (1): arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 Eddie James (1): net/ncsi: Disable the ncsi work before freeing the associated structure Eder Zulian (1): rtla: Fix the help text in osnoise and timerlat top tools Edward Adam Davis (3): jfs: Fix uaf in dbFreeBits jfs: check if leafidx greater than num leaves per dmap tree ext4: no need to continue when the number of entries is 1 Elena Salomatkina (1): net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Emanuele Ghidoli (1): gpio: davinci: fix lazy disable Eric Dumazet (5): netfilter: nf_tables: prevent nf_skb_duplicated corruption net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: add more sanity checks to qdisc_pkt_len_init() net: test for not too small csum_start in virtio_net_hdr_to_skb() ppp: do not assume bh is held in ppp_channel_bridge_input() Fangrui Song (1): crypto: x86/sha256 - Add parentheses around macros' single arguments Fangzhi Zuo (1): drm/amd/display: Restore Optimized pbn Value if Failed to Disable DSC Fares Mehanna (1): arm64: trans_pgd: mark PTEs entries as valid to avoid dead kexec() Felix Fietkau (3): wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker net: gso: fix tcp fraglist segmentation after pull from frag_list Filipe Manana (3): btrfs: send: fix buffer overflow detection when copying path to cache entry btrfs: send: fix invalid clone operation for file that got its size decreased btrfs: wait for fixup workers before stopping cleaner kthread during umount Finn Thain (1): scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers Gabe Teeger (1): drm/amd/display: Revert Avoid overflow assignment Gabriel Krisman Bertazi (1): ext4: fix error message when rejecting the default hash Gary Guo (1): rust: kbuild: auto generate helper exports Gautham Ananthakrishna (1): ocfs2: reserve space for inline xattr before attaching reflink tree Geert Uytterhoeven (4): mailbox: ARM_MHU_V3 should depend on ARM64 drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() of/irq: Refer to actual buffer size in of_irq_parse_one() pmdomain: core: Reduce debug summary table width Gerd Bayer (1): net/mlx5: Fix error path in multi-packet WQE transmit Gergo Koteles (1): platform/x86: lenovo-ymc: Ignore the 0x0 state Greg Kroah-Hartman (1): Linux 6.11.3 Guixin Liu (1): io_uring: fix memory leak when cache init fail Gustavo A. R. Silva (1): wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Hannes Reinecke (3): nvme-keyring: restrict match length for version '1' identifiers nvme-tcp: sanitize TLS key handling nvme-tcp: check for invalidated or revoked key Hans P. Moller (1): ALSA: line6: add hw monitor volume control to POD HD500X Hans Verkuil (1): media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Hans de Goede (11): ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 HID: Ignore battery for all ELAN I2C-HID devices platform/x86: x86-android-tablets: Adjust Xiaomi Pad 2 bottom bezel touch buttons LED platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors power: supply: hwmon: Fix missing temp1_max_alarm attribute power: supply: Drop use_cnt check from power_supply_property_is_writeable() ACPI: video: Add backlight=native quirk for Dell OptiPlex 5480 AIO ACPI: resource: Remove duplicate Asus E1504GAB IRQ override ACPI: resource: Loosen the Asus E1404GAB DMI match to also cover the E1404GA ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] Haoran Zhang (1): vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Haren Myneni (1): powerpc/pseries: Use correct data types from pseries_hp_errorlog struct Hawking Zhang (1): drm/amdkfd: Check int source id for utcl2 poison event Heiko Carstens (1): selftests: vDSO: fix vdso_config for s390 Heiner Kallweit (2): i2c: core: Lock address during client device instantiation r8169: add tally counter fields added with RTL8125 Helge Deller (4): parisc: Fix itlb miss handler for 64-bit programs parisc: Fix 64-bit userspace syscall path parisc: Allow mmap(MAP_STACK) memory to automatically expand upwards parisc: Fix stack start for ADDR_NO_RANDOMIZE personality Heming Zhao (1): ocfs2: fix the la space leak when unmounting an ocfs2 volume Herbert Xu (4): crypto: octeontx - Fix authenc setkey crypto: octeontx2 - Fix authenc setkey crypto: simd - Do not call crypto_alloc_tfm during registration crypto: octeontx* - Select CRYPTO_AUTHENC Hilda Wu (2): Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 Bluetooth: btrtl: Set msft ext address filter quirk for RTL8852B Huacai Chen (1): cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request() Huang Ying (1): resource: fix region_intersects() vs add_memory_driver_managed() Hui Wang (2): net: phy: realtek: Check the index value in led_hw_control_get ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m Ian Rogers (1): perf callchain: Fix stitch LBR memory leaks Ido Schimmel (2): bridge: mcast: Fail MDB get request on empty entry ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Ilan Peer (1): wifi: iwlwifi: mvm: Fix a race in scan abort flow Imre Deak (1): drm/i915/dp: Fix AUX IO power enabling for eDP PSR Issam Hamdi (1): wifi: cfg80211: Set correct chandef when starting CAC Jakub Kicinski (1): net: skbuff: sprinkle more __GFP_NOWARN on ingress allocs James Chapman (3): l2tp: prevent possible tunnel refcount underflow l2tp: free sessions using rcu l2tp: use rcu list add/del when updating lists James Clark (1): drivers/perf: arm_spe: Use perf_allow_kernel() for permissions Jan Kiszka (1): remoteproc: k3-r5: Fix error handling when power-up failed Jan Lalinsky (1): ALSA: usb-audio: Add native DSD support for Luxman D-08u Jani Nikula (1): drm/i915/gem: fix bitwise and logical AND mixup Jaroslav Kysela (1): ALSA: core: add isascii() check to card ID generator Jason Gunthorpe (1): iommu/arm-smmu-v3: Do not use devm for the cd table allocations Jason Xing (1): tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process Javier Carrasco (1): drm/mediatek: ovl_adaptor: Add missing of_node_put() Jens Axboe (1): io_uring/net: harden multishot termination case for recv Jens Remus (1): selftests: vDSO: fix ELF hash table entry size for s390x Jeongjun Park (1): net/xen-netback: prevent UAF in xenvif_flush_hash() Jesse Zhang (1): drm/amdkfd: Fix resource leak in criu restore queue Jianbo Liu (1): net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice Jiawei Ye (1): mac802154: Fix potential RCU dereference issue in mac802154_scan_worker Jiawen Wu (1): net: pcs: xpcs: fix the wrong register that was written back Jinjie Ruan (12): ieee802154: Fix build error net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable() Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() nfp: Use IRQF_NO_AUTOEN flag in request_irq() spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled spi: spi-cadence: Fix pm_runtime_set_suspended() with runtime pm enabled spi: spi-cadence: Fix missing spi_controller_is_target() check i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled spi: bcm63xx: Fix module autoloading spi: bcm63xx: Fix missing pm_runtime_disable() Jiri Olsa (1): selftests/bpf: fix uprobe.path leak in bpf_testmod Jisheng Zhang (1): riscv: define ILLEGAL_POINTER_VALUE for 64bit Joe Damato (2): netdev-genl: Set extack and fix error on napi-get net: napi: Prevent overflow of napi_defer_hard_irqs Joel Fernandes (Google) (1): sched/core: Add clearing of ->dl_server in put_prev_task_balance() Johannes Berg (3): wifi: iwlwifi: mvm: drop wrong STA selection in TX wifi: iwlwifi: mvm: use correct key iteration wifi: mac80211: fix RCU list iterations Johannes Thumshirn (1): btrfs: don't readahead the relocation inode on RST Johannes Weiner (1): sched: psi: fix bogus pressure spikes from aggregation race Jonathan Gray (1): Revert "drm/amd/display: Skip Recompute DSC Params if no Stream on Link" Josef Bacik (1): btrfs: drop the backref cache during relocation if we commit Joseph Qi (2): ocfs2: fix uninit-value in ocfs2_get_block() ocfs2: cancel dqi_sync_work before freeing oinfo Joshua Grisham (1): ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init Joshua Pius (1): ALSA: usb-audio: Add logitech Audio profile quirk José Roberto de Souza (1): drm/xe/oa: Don't reset OAC_CONTEXT_ENABLE on OA stream close Jouni Högander (1): drm/i915/psr: Do not wait for PSR being idle on on Panel Replay Julian Sun (2): ocfs2: fix null-ptr-deref when journal load failed. gfs2: fix double destroy_workqueue error Juntong Deng (1): bpf: Make the pointer returned by iter next method valid Justin Tee (3): scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology scsi: lpfc: Update PRLO handling in direct attached topology Kai-Heng Feng (1): intel_idle: Disable promotion to C1E on Jasper Lake and Elkhart Lake Kaixin Wang (2): fbdev: pxafb: Fix possible use after free in pxafb_task() i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition Karthikeyan Periyasamy (2): wifi: ath12k: fix array out-of-bound access in SoC stats wifi: ath11k: fix array out-of-bound access in SoC stats Katya Orlova (1): drm/stm: Avoid use-after-free issues with crtc and plane Kees Cook (2): x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() scsi: aacraid: Rearrange order of struct aac_srb_unit Kemeng Shi (1): jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit KhaiWenTan (1): net: stmmac: Fix zero-division error when disabling tc cbs Kimriver Liu (1): i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled Konrad Dybcio (1): drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs Konstantin Ovsepian (1): blk_iocost: fix more out of bound shifts Krzysztof Kozlowski (7): net: hisilicon: hip04: fix OF node leak in probe() net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() net: hisilicon: hns_mdio: fix OF node leak in probe() ASoC: codecs: wsa883x: Handle reading version failure firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() memory: tegra186-emc: drop unused to_tegra186_emc() rtc: at91sam9: fix OF node leak in probe() error path Kuan-Wei Chiu (2): bpftool: Fix undefined behavior caused by shifting into the sign bit bpftool: Fix undefined behavior in qsort(NULL, 0, ...) Kuan-Ying Lee (3): scripts/gdb: fix timerlist parsing issue scripts/gdb: add iteration function for rbtree scripts/gdb: fix lx-mounts command error Kuniyuki Iwashima (1): ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). Lad Prabhakar (1): gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() Laurent Pinchart (2): media: videobuf2: Drop minimum allocation requirement of 2 buffers media: sun4i_csi: Implement link validate for sun4i_csi subdev Leo Li (1): drm/amd/display: Enable idle workqueue for more IPS modes Li Lingfeng (1): nfsd: map the EBADMSG to nfserr_io to avoid warning Li Zhijian (1): fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name Lianqin Hu (1): ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET Liao Chen (1): mailbox: rockchip: fix a typo in module autoloading Liao Yuanhong (1): f2fs: add write priority option based on zone UFS Lizhi Xu (3): ext4: filesystems without casefold feature cannot be mounted with siphash ocfs2: remove unreasonable unlock in ocfs2_read_blocks ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Long Li (2): RDMA/mana_ib: use the correct page table index based on hardware page size RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page Lu Baolu (2): iommu/vt-d: Always reserve a domain ID for identity setup iommu/vt-d: Unconditionally flush device TLB for pasid table updates Lucas De Marchi (1): drm/xe: Generate oob before compiling anything Luis Henriques (SUSE) (9): ceph: fix a memory leak on cap_auths in MDS client ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() ext4: fix access to uninitialised lock in fc replay path ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() ext4: fix fast commit inode enqueueing during a full journal commit ext4: use handle to mark fc as ineligible in __track_dentry_update() ext4: mark fc as ineligible using an handle in ext4_xattr_set() Luiz Augusto von Dentz (3): Bluetooth: MGMT: Fix possible crash on mgmt_index_removed Bluetooth: L2CAP: Fix uaf in l2cap_connect Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Luiz Capitulino (1): platform/mellanox: mlxbf-pmc: fix lockdep warning Luo Gengkun (1): perf/core: Fix small negative period being ignored Ma Ke (1): drm: omapdrm: Add missing check for alloc_ordered_workqueue Mahesh Rajashekhara (1): scsi: smartpqi: correct stream detection Manivannan Sadhasivam (2): clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable() Marc Zyngier (1): KVM: arm64: Fix kvm_has_feat*() handling of negative features Marek Vasut (2): wifi: wilc1000: Do not operate uninitialized hardware during suspend/resume i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume Mario Limonciello (2): ACPI: CPPC: Add support for setting EPP register in FFH drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` Mark Rutland (3): arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS arm64: cputype: Add Neoverse-N3 definitions arm64: errata: Expand speculative SSBS workaround once more Masahiro Yamada (3): kconfig: fix infinite loop in sym_calc_choice() kconfig: qconf: move conf_read() before drawing tree pain kconfig: qconf: fix buffer overflow in debug links Mateusz Guzik (2): exec: don't WARN for racy path_noexec check vfs: use RCU in ilookup Matt Fleming (1): perf hist: Update hist symbol when updating maps Matt Roper (1): drm/xe: Name and document Wa_14019789679 Matthew Auld (5): drm/xe/guc_submit: add missing locking in wedged_fini drm/xe: fixup xe_alloc_pf_queue drm/xe: fix UAF around queue destruction drm/xe/vm: move xa_alloc to prevent UAF drm/xe/vram: fix ccs offset calculation Matthew Brost (5): drm/xe: Resume TDR after GT reset drm/xe: Add timeout to preempt fences drm/printer: Allow NULL data in devcoredump printer drm/xe: Drop warn on xe_guc_pc_gucrc_disable in guc pc fini drm/xe: Clean up VM / exec queue file lock usage. Mike Baynton (1): ovl: fail if trusted xattrs are needed but caller lacks permission Mike Tipton (1): clk: qcom: clk-rpmh: Fix overflow in BCM vote Miquel Sabaté Solà (1): cpufreq: Avoid a bad reference count on CPU node Miri Korenblit (1): wifi: iwlwifi: mvm: avoid NULL pointer dereference Mohamed Khalfella (1): net/mlx5: Added cond_resched() to crdump collection Mostafa Saleh (1): iommu/arm-smmu-v3: Match Stall behaviour for S2 Muhammad Usama Anjum (1): kselftests: mm: fix wrong __NR_userfaultfd value Namhyung Kim (2): perf: Really fix event_function_call() locking perf report: Fix segfault when 'sym' sort key is not used Namjae Jeon (2): ksmbd: fix warning: comparison of distinct pointer types lacks a cast ksmbd: add refcnt to ksmbd_conn struct NeilBrown (2): nfsd: fix delegation_blocked() to block correctly for at least 30 seconds sunrpc: change sp_nrthreads from atomic_t to unsigned int. Nicholas Kazlauskas (1): drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces Niklas Söderlund (1): net: phy: Check for read errors in SIOCGMIIREG Nikolai Afanasenkov (1): ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 Nikunj A Dadhania (1): virt: sev-guest: Ensure the SNP guest messages do not exceed a page Nirmoy Das (1): drm/xe: Fix memory leak on xe_alloc_pf_queue failure Nuno Sa (2): Input: adp5589-keys - fix NULL pointer dereference Input: adp5589-keys - fix adp5589_gpio_get_value() Oder Chiou (1): ALSA: hda/realtek: Fix the push button function for the ALC257 Oleg Nesterov (1): uprobes: fix kernel info leak via "[uprobes]" vma Pablo Neira Ayuso (1): netfilter: nf_tables: do not remove elements if set backend implements .abort Pali Rohár (3): cifs: Remove intermediate object of failed create reparse call cifs: Fix buffer overflow when parsing NFS reparse points cifs: Do not convert delimiter when parsing NFS-style symlinks Patrick Donnelly (1): ceph: fix cap ref leak via netfs init_request Paul E. McKenney (1): rcuscale: Provide clear error when async specified without primitives Pei Xiao (1): ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() Peng Fan (1): mm, slub: avoid zeroing kmalloc redzone Peng Liu (2): drm/amdgpu: add raven1 gfxoff quirk drm/amdgpu: enable gfxoff quirk on HP 705G4 Peter Zijlstra (2): jump_label: Fix static_key_slow_dec() yet again perf: Fix event_function_call() locking Phil Sutter (2): netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED selftests: netfilter: Fix nft_audit.sh for newer nft binaries Philip Yang (1): drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pierre-Eric Pelloux-Prayer (1): drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit Pierre-Louis Bossart (1): ASoC: Intel: boards: always check the result of acpi_dev_get_first_match_dev() Ping-Ke Shih (2): wifi: rtw89: 885xb: reset IDMEM mode to prevent download firmware failure wifi: rtw89: correct base HT rate mask for firmware Pu Lehui (1): drivers/perf: riscv: Align errno for unsupported perf event Puranjay Mohan (1): nvme: fix metadata handling in nvme-passthrough Qu Wenruo (1): btrfs: fix a NULL pointer dereference when failed to start a new trasacntion Rafael J. Wysocki (1): ACPI: EC: Do not release locks during operation region accesses Rafael Rocha (1): scsi: st: Fix input/output error on empty drive reset Ravikanth Tuniki (1): dt-bindings: net: xlnx,axi-ethernet: Add missing reg minItems Remington Brasga (1): jfs: UBSAN: shift-out-of-bounds in dbFindBits Rob Clark (1): drm/sched: Fix dynamic job-flow control race Robert Hancock (1): i2c: xiic: Wait for TX empty to avoid missed TX NAKs Rodrigo Siqueira (1): drm/amd/display: Check null pointer before try to access it Rodrigo Vivi (1): drm/xe: Restore pci state upon resume Sanjay K Kumar (1): iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count Satya Priya Kakitapalli (5): dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on sc8180x clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src clk: qcom: gcc-sc8180x: Add GPLL9 support clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table Sebastian Reichel (1): clk: rockchip: fix error for unknown clocks Seiji Nishikawa (1): ACPI: PAD: fix crash in exit_round_robin() Shenwei Wang (1): net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check Simon Horman (4): tipc: guard against string buffer overrun net: mvpp2: Increase size of queue_name buffer bnxt_en: Extend maximum length of version string by 1 byte net: atlantic: Avoid warning about potential string truncation Srinivasan Shanmugam (17): drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func drm/amd/display: Add NULL check for function pointer in dcn401_set_output_transfer_func drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2) drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation drm/amd/display: Fix index out of bounds in degamma hardware format translation drm/amd/display: Implement bounds check for stream encoder creation in DCN401 drm/amd/display: Fix index out of bounds in DCN30 color transformation Stefan Mätje (1): can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode Stefan Wahren (1): mailbox: bcm2835: Fix timeout during suspend mode Steve French (1): smb3: fix incorrect mode displayed for read-only files Steve Sistare (6): mm/filemap: fix filemap_get_folios_contig THP panic mm/hugetlb: fix memfd_pin_folios free_huge_pages leak mm/hugetlb: fix memfd_pin_folios resv_huge_pages leak mm/gup: fix memfd_pin_folios hugetlb page allocation mm/gup: fix memfd_pin_folios alloc race panic mm/hugetlb: simplify refs in memfd_alloc_folio Steve Wahl (1): x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Steven Price (1): drm/panthor: Fix race when converting group handle to group object Stuart Summers (1): drm/xe: Use topology to determine page fault queue size Sunil Khatri (3): drm/amdgpu: fix ptr check warning in gfx9 ip_dump drm/amdgpu: fix ptr check warning in gfx10 ip_dump drm/amdgpu: fix ptr check warning in gfx11 ip_dump Suraj Kandpal (1): drm/xe/hdcp: Check GSC structure validity Takashi Iwai (11): ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin ALSA: usb-audio: Add input value sanity checks for standard types ALSA: usb-audio: Define macros for quirk table entries ALSA: usb-audio: Replace complex quirk lines with macros ALSA: control: Take power_ref lock primarily ALSA: asihpi: Fix potential OOB array access ALSA: hdsp: Break infinite MIDI input flush loop ALSA: control: Fix power_ref lock order for compat code, too Revert "ALSA: hda: Conditionally use snooping for AMD HDMI" ALSA: control: Fix leftover snd_power_unref() Tamim Khan (1): ACPI: resource: Skip IRQ override on Asus Vivobook Go E1404GAB Tang Bin (1): ASoC: topology: Fix incorrect addressing assignments Tao Liu (1): x86/kexec: Add EFI config table identity mapping for kexec kernel Tetsuo Handa (1): tomoyo: fallback to realpath if symlink's pathname does not exist Thadeu Lima de Souza Cascardo (1): ext4: ext4_search_dir should return a proper error Thomas Gleixner (4): static_call: Handle module init failure correctly in static_call_del_module() static_call: Replace pointless WARN_ON() in static_call_module_notify() x86/ioapic: Handle allocation failures gracefully x86/apic: Remove logical destination mode for 64-bit Thomas Weißschuh (5): tools/nolibc: powerpc: limit stack-protector workaround to GCC selftests/nolibc: avoid passing NULL to printf("%s") fbdev: efifb: Register sysfs groups through driver core of: address: Report error on resource bounds overflow sysctl: avoid spurious permanent empty tables Thomas Zimmermann (2): drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS firmware/sysfb: Disable sysfb for firmware buffers with unknown parent Tim Huang (4): drm/amd/display: fix double free issue during amdgpu module unload drm/amdgpu: fix unchecked return value warning for amdgpu_gfx drm/amdgpu: fix unchecked return value warning for amdgpu_atombios drm/amd/pm: ensure the fw_info is not null before using it Tobias Jakobi (1): drm/amd/display: handle nulled pipe context in DCE110's set_drr() Toke Høiland-Jørgensen (1): wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Tom Chung (4): drm/amd/display: Disable replay if VRR capability is false drm/amd/display: Fix VRR cannot enable drm/amd/display: Re-enable panel replay feature drm/amd/display: Fix system hang while resume with TBT monitor Tvrtko Ursulin (4): drm/v3d: Prevent out of bounds access in performance query extensions drm/sched: Add locking to drm_sched_entity_modify_sched drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job drm/sched: Always increment correct scheduler score Udit Kumar (1): remoteproc: k3-r5: Delay notification of wakeup event Ulf Hansson (2): pmdomain: core: Don't hold the genpd-lock when calling dev_pm_domain_set() pmdomain: core: Use dev_name() instead of kobject_get_path() in debugfs Uma Shankar (1): drm/xe/fbdev: Limit the usage of stolen for LNL+ Umang Jain (1): media: imx335: Fix reset-gpio handling Uwe Kleine-König (1): cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock Val Packett (2): drm/rockchip: vop: clear DMA stop bit on RK3066 drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 Vasileios Amoiridis (2): iio: pressure: bmp280: Fix regmap for BMP280 device iio: pressure: bmp280: Fix waiting time for BMP3xx configuration Victor Skvortsov (1): drm/amdgpu: Block MMR_READ IOCTL in reset Ville Syrjälä (1): drm/i915/dp: Fix colorimetry detection Vishnu Sankar (1): HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio Vitaly Lifshits (1): e1000e: avoid failing the system during pm_suspend Vladimir Oltean (1): net: dsa: improve shutdown sequence Wei Li (4): tracing/hwlat: Fix a race during cpuhp processing tracing/timerlat: Drop interface_lock in stop_kthread() tracing/timerlat: Fix a race during cpuhp processing tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline Willem de Bruijn (2): vrf: revert "vrf: Remove unnecessary RCU-bh critical section" gso: fix udp gso fraglist segmentation after pull from frag_list Xiaxi Shen (1): ext4: fix timer use-after-free on failed mount Xin Long (1): sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start Xiubo Li (1): ceph: remove the incorrect Fw reference check when dirtying pages Yang Shen (1): crypto: hisilicon - fix missed error branch Yang Wang (1): drm/amdgpu: add list empty check to avoid null pointer issue Yannick Fertre (1): drm/stm: ltdc: reset plane transparency after plane disable Yifei Liu (1): selftests: breakpoints: use remaining time to check if suspend succeed Yihan Zhu (1): drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 Yonghong Song (1): bpf: Fix a sdiv overflow issue Yosry Ahmed (1): mm: z3fold: deprecate CONFIG_Z3FOLD Youssef Esmat (1): sched/core: Clear prev->dl_server in CFS pick fast path Yuezhang Mo (1): exfat: fix memory leak in exfat_load_bitmap() Yun Lu (1): selftest: hid: add missing run-hid-tools-tests.sh Zach Wade (1): platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Zhanjun Dong (1): drm/xe: Prevent null pointer access in xe_migrate_copy Zhao Mengmeng (1): jfs: Fix uninit-value access of new_ea in ea_buffer Zheng Wang (1): media: venus: fix use after free bug in venus_remove due to race condition Zhihao Cheng (1): ext4: dax: fix overflowing extents beyond inode size when partially writing Zhu Jun (1): tools/hv: Add memory allocation check in hv_fcopy_start Zong-Zhe Yang (2): wifi: rtw88: select WANT_DEV_COREDUMP wifi: rtw89: avoid reading out of bounds when loading TX power FW elements Zqiang (1): rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb() aln8 (1): platform/x86/amd: pmf: Add quirk for TUF Gaming A14 wangrong (1): smb: client: use actual path when queryfs yao.ly (1): ext4: correct encrypted dentry name hash when not casefolded zhang jiao (1): selftests: netfilter: Add missing return value

8 months, 2 weeks

1
1
0 0

Linux 6.10.14

by Greg Kroah-Hartman

---------------------------- Note, this is the LAST 6.10.y kernel to be released. There will not be any more 6.10.y releases and this branch is now end-of-life and you should move to the 6.11.y branch at this point in time. ---------------------------- I'm announcing the release of the 6.10.14 kernel. All users of the 6.10 kernel series must upgrade. The updated 6.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-fs-f2fs | 22 Documentation/admin-guide/kernel-parameters.txt | 10 Documentation/arch/arm64/silicon-errata.rst | 6 Documentation/devicetree/bindings/net/xlnx,axi-ethernet.yaml | 3 Documentation/networking/net_cachelines/net_device.rst | 2 Makefile | 2 arch/arm/crypto/aes-ce-glue.c | 2 arch/arm/crypto/aes-neonbs-glue.c | 2 arch/arm64/Kconfig | 7 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/kvm_host.h | 25 arch/arm64/kernel/cpu_errata.c | 3 arch/arm64/mm/trans_pgd.c | 6 arch/loongarch/configs/loongson3_defconfig | 1 arch/parisc/include/asm/mman.h | 14 arch/parisc/kernel/entry.S | 6 arch/parisc/kernel/syscall.S | 14 arch/powerpc/configs/ppc64_defconfig | 1 arch/powerpc/include/asm/vdso_datapage.h | 15 arch/powerpc/kernel/asm-offsets.c | 2 arch/powerpc/kernel/vdso/cacheflush.S | 2 arch/powerpc/kernel/vdso/datapage.S | 4 arch/powerpc/platforms/pseries/dlpar.c | 17 arch/powerpc/platforms/pseries/hotplug-cpu.c | 2 arch/powerpc/platforms/pseries/hotplug-memory.c | 16 arch/powerpc/platforms/pseries/pmem.c | 2 arch/riscv/Kconfig | 8 arch/riscv/include/asm/thread_info.h | 7 arch/x86/crypto/sha256-avx2-asm.S | 16 arch/x86/events/core.c | 63 arch/x86/include/asm/apic.h | 8 arch/x86/include/asm/fpu/signal.h | 2 arch/x86/include/asm/syscall.h | 7 arch/x86/kernel/apic/apic_flat_64.c | 119 arch/x86/kernel/apic/io_apic.c | 46 arch/x86/kernel/cpu/bugs.c | 14 arch/x86/kernel/cpu/common.c | 4 arch/x86/kernel/fpu/signal.c | 6 arch/x86/kernel/machine_kexec_64.c | 27 arch/x86/kernel/signal.c | 3 arch/x86/kernel/signal_64.c | 6 arch/x86/mm/ident_map.c | 23 block/blk-iocost.c | 8 block/ioctl.c | 9 crypto/simd.c | 76 drivers/accel/ivpu/ivpu_fw.c | 4 drivers/acpi/acpi_pad.c | 6 drivers/acpi/acpica/dbconvert.c | 2 drivers/acpi/acpica/exprep.c | 3 drivers/acpi/acpica/psargs.c | 47 drivers/acpi/apei/einj-cxl.c | 2 drivers/acpi/battery.c | 28 drivers/acpi/cppc_acpi.c | 10 drivers/acpi/ec.c | 55 drivers/acpi/resource.c | 22 drivers/acpi/video_detect.c | 17 drivers/ata/pata_serverworks.c | 16 drivers/ata/sata_sil.c | 12 drivers/block/aoe/aoecmd.c | 13 drivers/block/loop.c | 15 drivers/bluetooth/btmrvl_sdio.c | 3 drivers/bluetooth/btrtl.c | 1 drivers/bluetooth/btusb.c | 2 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clk/qcom/clk-rpmh.c | 2 drivers/clk/qcom/dispcc-sm8250.c | 3 drivers/clk/qcom/gcc-sc8180x.c | 88 drivers/clk/qcom/gcc-sm8250.c | 6 drivers/clk/qcom/gcc-sm8450.c | 4 drivers/clk/rockchip/clk.c | 3 drivers/clk/samsung/clk-exynos7885.c | 2 drivers/cpufreq/intel_pstate.c | 16 drivers/crypto/hisilicon/sgl.c | 14 drivers/crypto/marvell/Kconfig | 2 drivers/crypto/marvell/octeontx/otx_cptvf_algs.c | 261 - drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c | 254 - drivers/firmware/sysfb.c | 4 drivers/firmware/tegra/bpmp.c | 6 drivers/gpio/gpio-davinci.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 35 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 43 drivers/gpu/drm/amd/amdgpu/amdgpu_xcp.h | 2 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 6 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 50 drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 50 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 18 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 5 drivers/gpu/drm/amd/amdkfd/soc15_int.h | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 31 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 3 drivers/gpu/drm/amd/display/dc/core/dc.c | 6 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 drivers/gpu/drm/amd/display/dc/dc_types.h | 1 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 2 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn20/display_rq_dlg_calc_20v2.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn21/display_rq_dlg_calc_21.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 7 drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c | 1 drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 20 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 21 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 7 drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 11 drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_dp.c | 12 drivers/gpu/drm/amd/display/dc/link/link_factory.c | 2 drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c | 3 drivers/gpu/drm/amd/display/dc/resource/dcn201/dcn201_resource.c | 4 drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c | 3 drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c | 7 drivers/gpu/drm/amd/pm/powerplay/hwmgr/processpptables.c | 2 drivers/gpu/drm/drm_atomic_uapi.c | 2 drivers/gpu/drm/drm_print.c | 13 drivers/gpu/drm/i915/display/intel_ddi.c | 2 drivers/gpu/drm/i915/display/intel_dp.c | 9 drivers/gpu/drm/i915/display/intel_psr.c | 19 drivers/gpu/drm/i915/display/intel_psr.h | 2 drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 2 drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 4 drivers/gpu/drm/msm/adreno/adreno_gpu.c | 1 drivers/gpu/drm/msm/msm_gpu.c | 1 drivers/gpu/drm/omapdrm/omap_drv.c | 5 drivers/gpu/drm/panthor/panthor_mmu.c | 8 drivers/gpu/drm/panthor/panthor_sched.c | 36 drivers/gpu/drm/radeon/r100.c | 70 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 1 drivers/gpu/drm/rockchip/rockchip_vop_reg.c | 2 drivers/gpu/drm/scheduler/sched_entity.c | 14 drivers/gpu/drm/scheduler/sched_main.c | 7 drivers/gpu/drm/stm/drv.c | 3 drivers/gpu/drm/stm/ltdc.c | 76 drivers/gpu/drm/v3d/v3d_submit.c | 6 drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 8 drivers/gpu/drm/xe/xe_bo.c | 4 drivers/gpu/drm/xe/xe_device.c | 6 drivers/gpu/drm/xe/xe_device_types.h | 3 drivers/gpu/drm/xe/xe_gpu_scheduler.c | 5 drivers/gpu/drm/xe/xe_gpu_scheduler.h | 2 drivers/gpu/drm/xe/xe_gt_pagefault.c | 55 drivers/gpu/drm/xe/xe_gt_types.h | 9 drivers/gpu/drm/xe/xe_guc_pc.c | 2 drivers/gpu/drm/xe/xe_guc_submit.c | 29 drivers/gpu/drm/xe/xe_guc_types.h | 11 drivers/gpu/drm/xe/xe_pci.c | 2 drivers/hid/hid-ids.h | 17 drivers/hid/hid-input.c | 37 drivers/hid/hid-multitouch.c | 6 drivers/hid/i2c-hid/i2c-hid-core.c | 42 drivers/hwmon/nct6775-platform.c | 1 drivers/i2c/busses/i2c-designware-common.c | 14 drivers/i2c/busses/i2c-designware-core.h | 1 drivers/i2c/busses/i2c-designware-master.c | 38 drivers/i2c/busses/i2c-qcom-geni.c | 4 drivers/i2c/busses/i2c-stm32f7.c | 6 drivers/i2c/busses/i2c-synquacer.c | 5 drivers/i2c/busses/i2c-xiic.c | 69 drivers/i2c/i2c-core-base.c | 28 drivers/i3c/master/svc-i3c-master.c | 1 drivers/iio/magnetometer/ak8975.c | 32 drivers/iio/pressure/bmp280-core.c | 150 drivers/iio/pressure/bmp280-regmap.c | 47 drivers/iio/pressure/bmp280-spi.c | 4 drivers/iio/pressure/bmp280.h | 46 drivers/infiniband/hw/mana/main.c | 8 drivers/input/keyboard/adp5589-keys.c | 22 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 37 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 drivers/iommu/intel/dmar.c | 16 drivers/iommu/intel/iommu.c | 6 drivers/iommu/intel/pasid.c | 12 drivers/mailbox/Kconfig | 1 drivers/mailbox/bcm2835-mailbox.c | 3 drivers/mailbox/rockchip-mailbox.c | 2 drivers/media/common/videobuf2/videobuf2-core.c | 7 drivers/media/i2c/ar0521.c | 5 drivers/media/i2c/imx335.c | 9 drivers/media/i2c/ov5675.c | 12 drivers/media/platform/qcom/camss/camss-video.c | 6 drivers/media/platform/qcom/camss/camss.c | 5 drivers/media/platform/qcom/venus/core.c | 1 drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 drivers/memory/tegra/tegra186-emc.c | 5 drivers/net/can/dev/netlink.c | 102 drivers/net/ethernet/aquantia/atlantic/aq_ethtool.c | 4 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 drivers/net/ethernet/freescale/fec.h | 9 drivers/net/ethernet/freescale/fec_main.c | 11 drivers/net/ethernet/freescale/fec_ptp.c | 50 drivers/net/ethernet/hisilicon/hip04_eth.c | 1 drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 1 drivers/net/ethernet/hisilicon/hns_mdio.c | 1 drivers/net/ethernet/intel/e1000e/netdev.c | 19 drivers/net/ethernet/intel/ice/ice_sched.c | 6 drivers/net/ethernet/lantiq_etop.c | 4 drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 8 drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 1 drivers/net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 10 drivers/net/ethernet/microchip/sparx5/sparx5_packet.c | 6 drivers/net/ethernet/microsoft/Kconfig | 2 drivers/net/ethernet/microsoft/mana/gdma_main.c | 10 drivers/net/ethernet/microsoft/mana/hw_channel.c | 14 drivers/net/ethernet/microsoft/mana/mana_en.c | 8 drivers/net/ethernet/microsoft/mana/shm_channel.c | 13 drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 5 drivers/net/ethernet/realtek/r8169_main.c | 31 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 18 drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 1 drivers/net/ieee802154/Kconfig | 1 drivers/net/ieee802154/mcr20a.c | 5 drivers/net/pcs/pcs-xpcs-wx.c | 2 drivers/net/phy/phy.c | 17 drivers/net/ppp/ppp_generic.c | 4 drivers/net/vrf.c | 2 drivers/net/wireless/ath/ath11k/dp_rx.c | 2 drivers/net/wireless/ath/ath12k/dp_rx.c | 2 drivers/net/wireless/ath/ath9k/debug.c | 4 drivers/net/wireless/ath/ath9k/hif_usb.c | 6 drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 5 drivers/net/wireless/intel/iwlwifi/fw/api/scan.h | 13 drivers/net/wireless/intel/iwlwifi/fw/regulatory.h | 2 drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 2 drivers/net/wireless/intel/iwlwifi/fw/uefi.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 16 drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c | 12 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 42 drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 12 drivers/net/wireless/marvell/mwifiex/fw.h | 2 drivers/net/wireless/marvell/mwifiex/scan.c | 3 drivers/net/wireless/mediatek/mt76/mt7915/init.c | 1 drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 4 drivers/net/wireless/mediatek/mt76/mt7915/main.c | 7 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 10 drivers/net/wireless/realtek/rtw88/Kconfig | 1 drivers/net/wireless/realtek/rtw89/core.h | 18 drivers/net/wireless/realtek/rtw89/mac80211.c | 4 drivers/net/wireless/realtek/rtw89/phy.c | 4 drivers/net/wireless/realtek/rtw89/util.h | 18 drivers/net/wwan/qcom_bam_dmux.c | 11 drivers/net/xen-netback/hash.c | 5 drivers/nvme/common/keyring.c | 58 drivers/nvme/host/Kconfig | 3 drivers/nvme/host/core.c | 1 drivers/nvme/host/fabrics.c | 2 drivers/nvme/host/nvme.h | 2 drivers/nvme/host/sysfs.c | 4 drivers/nvme/host/tcp.c | 55 drivers/of/address.c | 5 drivers/of/irq.c | 38 drivers/perf/arm_spe_pmu.c | 9 drivers/perf/riscv_pmu_legacy.c | 4 drivers/perf/riscv_pmu_sbi.c | 4 drivers/platform/mellanox/mlxbf-pmc.c | 5 drivers/platform/x86/amd/pmf/pmf-quirks.c | 8 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 4 drivers/platform/x86/lenovo-ymc.c | 2 drivers/platform/x86/touchscreen_dmi.c | 26 drivers/platform/x86/x86-android-tablets/core.c | 6 drivers/platform/x86/x86-android-tablets/other.c | 10 drivers/pmdomain/core.c | 5 drivers/power/reset/brcmstb-reboot.c | 3 drivers/power/supply/power_supply_hwmon.c | 3 drivers/remoteproc/ti_k3_r5_remoteproc.c | 86 drivers/rtc/rtc-at91sam9.c | 1 drivers/scsi/NCR5380.c | 4 drivers/scsi/aacraid/aacraid.h | 2 drivers/scsi/lpfc/lpfc.h | 12 drivers/scsi/lpfc/lpfc_els.c | 73 drivers/scsi/lpfc/lpfc_hbadisc.c | 14 drivers/scsi/lpfc/lpfc_nportdisc.c | 22 drivers/scsi/lpfc/lpfc_scsi.c | 13 drivers/scsi/lpfc/lpfc_sli.c | 11 drivers/scsi/pm8001/pm8001_init.c | 6 drivers/scsi/smartpqi/smartpqi_init.c | 130 drivers/scsi/st.c | 5 drivers/spi/spi-bcm63xx.c | 9 drivers/spi/spi-cadence.c | 8 drivers/spi/spi-imx.c | 2 drivers/spi/spi-rpc-if.c | 7 drivers/spi/spi-s3c64xx.c | 4 drivers/vhost/scsi.c | 27 drivers/video/fbdev/efifb.c | 11 drivers/video/fbdev/pxafb.c | 1 fs/afs/file.c | 1 fs/afs/fs_operation.c | 2 fs/btrfs/backref.c | 12 fs/btrfs/disk-io.c | 11 fs/btrfs/relocation.c | 77 fs/btrfs/send.c | 23 fs/cachefiles/namei.c | 7 fs/ceph/addr.c | 6 fs/ceph/mds_client.c | 12 fs/dax.c | 6 fs/exec.c | 3 fs/exfat/balloc.c | 10 fs/ext4/dir.c | 14 fs/ext4/extents.c | 55 fs/ext4/fast_commit.c | 49 fs/ext4/file.c | 8 fs/ext4/inode.c | 11 fs/ext4/migrate.c | 2 fs/ext4/move_extent.c | 1 fs/ext4/namei.c | 14 fs/ext4/resize.c | 18 fs/ext4/super.c | 5 fs/ext4/xattr.c | 3 fs/f2fs/f2fs.h | 31 fs/f2fs/gc.c | 85 fs/f2fs/gc.h | 23 fs/f2fs/segment.c | 31 fs/f2fs/super.c | 8 fs/f2fs/sysfs.c | 18 fs/file.c | 95 fs/inode.c | 10 fs/iomap/buffered-io.c | 16 fs/jbd2/checkpoint.c | 21 fs/jbd2/journal.c | 4 fs/jfs/jfs_discard.c | 11 fs/jfs/jfs_dmap.c | 7 fs/jfs/xattr.c | 2 fs/netfs/write_issue.c | 6 fs/nfsd/netns.h | 1 fs/nfsd/nfs4proc.c | 34 fs/nfsd/nfs4state.c | 6 fs/nfsd/nfs4xdr.c | 10 fs/nfsd/nfsctl.c | 2 fs/nfsd/nfssvc.c | 2 fs/nfsd/vfs.c | 1 fs/nfsd/xdr4.h | 1 fs/ocfs2/aops.c | 5 fs/ocfs2/buffer_head_io.c | 4 fs/ocfs2/journal.c | 7 fs/ocfs2/localalloc.c | 19 fs/ocfs2/quota_local.c | 8 fs/ocfs2/refcounttree.c | 26 fs/ocfs2/xattr.c | 11 fs/overlayfs/copy_up.c | 43 fs/overlayfs/params.c | 38 fs/proc/base.c | 61 fs/proc/proc_sysctl.c | 11 fs/smb/client/cifsfs.c | 13 fs/smb/client/cifsglob.h | 2 fs/smb/client/inode.c | 19 fs/smb/client/reparse.c | 16 fs/smb/client/smb1ops.c | 2 fs/smb/client/smb2inode.c | 24 fs/smb/client/smb2ops.c | 19 fs/smb/server/connection.c | 4 fs/smb/server/connection.h | 1 fs/smb/server/oplock.c | 55 fs/smb/server/vfs_cache.c | 3 include/crypto/internal/simd.h | 12 include/drm/drm_print.h | 54 include/drm/gpu_scheduler.h | 2 include/dt-bindings/clock/exynos7885.h | 2 include/dt-bindings/clock/qcom,gcc-sc8180x.h | 1 include/linux/cpufreq.h | 6 include/linux/fdtable.h | 8 include/linux/i2c.h | 3 include/linux/netdevice.h | 22 include/linux/nvme-keyring.h | 6 include/linux/perf_event.h | 8 include/linux/sched.h | 2 include/linux/sunrpc/svc.h | 4 include/linux/uprobes.h | 2 include/linux/virtio_net.h | 4 include/net/mana/gdma.h | 10 include/net/mana/mana.h | 3 include/trace/events/netfs.h | 1 include/uapi/linux/cec.h | 6 include/uapi/linux/netfilter/nf_tables.h | 2 io_uring/io_uring.c | 5 io_uring/net.c | 4 kernel/bpf/verifier.c | 119 kernel/events/core.c | 33 kernel/events/uprobes.c | 4 kernel/fork.c | 32 kernel/jump_label.c | 52 kernel/rcu/rcuscale.c | 4 kernel/rcu/tasks.h | 82 kernel/resource.c | 58 kernel/sched/core.c | 23 kernel/sched/psi.c | 26 kernel/static_call_inline.c | 13 kernel/trace/trace_hwlat.c | 2 kernel/trace/trace_osnoise.c | 22 lib/buildid.c | 90 mm/Kconfig | 25 mm/slab_common.c | 7 mm/slub.c | 100 net/bluetooth/hci_core.c | 2 net/bluetooth/hci_event.c | 15 net/bluetooth/l2cap_core.c | 8 net/bluetooth/mgmt.c | 23 net/bridge/br_mdb.c | 2 net/core/dev.c | 14 net/core/gro.c | 9 net/core/net-sysfs.c | 6 net/core/netdev-genl.c | 8 net/core/netpoll.c | 15 net/dsa/dsa.c | 7 net/ipv4/devinet.c | 6 net/ipv4/fib_frontend.c | 2 net/ipv4/ip_gre.c | 6 net/ipv4/netfilter/nf_dup_ipv4.c | 7 net/ipv4/tcp_ipv4.c | 3 net/ipv4/tcp_offload.c | 10 net/ipv4/udp_offload.c | 22 net/ipv6/netfilter/nf_dup_ipv6.c | 7 net/ipv6/tcpv6_offload.c | 10 net/mac80211/chan.c | 4 net/mac80211/mlme.c | 2 net/mac80211/scan.c | 2 net/mac80211/util.c | 4 net/mac802154/scan.c | 4 net/ncsi/ncsi-manage.c | 2 net/rxrpc/ar-internal.h | 2 net/rxrpc/io_thread.c | 10 net/rxrpc/local_object.c | 2 net/sched/sch_taprio.c | 4 net/sctp/socket.c | 4 net/sunrpc/svc.c | 31 net/tipc/bearer.c | 8 net/wireless/nl80211.c | 15 rust/kernel/sync/locked_by.rs | 18 scripts/gdb/linux/proc.py | 4 scripts/gdb/linux/rbtree.py | 12 scripts/gdb/linux/timerlist.py | 31 scripts/kconfig/qconf.cc | 2 security/Kconfig | 32 security/tomoyo/domain.c | 9 sound/core/control.c | 55 sound/core/control_compat.c | 45 sound/core/init.c | 14 sound/core/oss/mixer_oss.c | 4 sound/isa/gus/gus_pcm.c | 4 sound/pci/asihpi/hpimsgx.c | 2 sound/pci/hda/hda_controller.h | 2 sound/pci/hda/hda_generic.c | 4 sound/pci/hda/hda_intel.c | 10 sound/pci/hda/patch_conexant.c | 24 sound/pci/hda/patch_realtek.c | 5 sound/pci/rme9652/hdsp.c | 6 sound/pci/rme9652/hdspm.c | 6 sound/soc/atmel/mchp-pdmc.c | 3 sound/soc/codecs/wsa883x.c | 16 sound/soc/fsl/imx-card.c | 1 sound/soc/intel/boards/bytcht_cx2072x.c | 4 sound/soc/intel/boards/bytcht_da7213.c | 4 sound/soc/intel/boards/bytcht_es8316.c | 2 sound/soc/intel/boards/bytcr_rt5640.c | 2 sound/soc/intel/boards/bytcr_rt5651.c | 2 sound/soc/intel/boards/cht_bsw_rt5645.c | 4 sound/soc/intel/boards/cht_bsw_rt5672.c | 4 sound/soc/intel/boards/sof_es8336.c | 2 sound/soc/intel/boards/sof_wm8804.c | 4 sound/usb/card.c | 6 sound/usb/line6/podhd.c | 2 sound/usb/mixer.c | 35 sound/usb/mixer.h | 1 sound/usb/mixer_quirks.c | 413 + sound/usb/quirks-table.h | 2457 +++------- sound/usb/quirks.c | 62 tools/arch/x86/kcpuid/kcpuid.c | 12 tools/bpf/bpftool/net.c | 11 tools/hv/hv_fcopy_uio_daemon.c | 7 tools/include/nolibc/arch-powerpc.h | 2 tools/perf/util/hist.c | 7 tools/perf/util/machine.c | 17 tools/perf/util/setup.py | 4 tools/perf/util/thread.c | 4 tools/perf/util/thread.h | 1 tools/testing/selftests/breakpoints/step_after_suspend_test.c | 5 tools/testing/selftests/devices/test_discoverable_devices.py | 4 tools/testing/selftests/hid/Makefile | 2 tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 2 tools/testing/selftests/mm/mseal_test.c | 57 tools/testing/selftests/mm/write_to_hugetlbfs.c | 21 tools/testing/selftests/net/netfilter/conntrack_dump_flush.c | 1 tools/testing/selftests/net/netfilter/nft_audit.sh | 57 tools/testing/selftests/nolibc/nolibc-test.c | 4 tools/testing/selftests/vDSO/parse_vdso.c | 17 tools/testing/selftests/vDSO/vdso_config.h | 10 tools/testing/selftests/vDSO/vdso_test_correctness.c | 6 tools/tracing/rtla/Makefile.rtla | 2 tools/tracing/rtla/src/osnoise_top.c | 2 tools/tracing/rtla/src/timerlat_top.c | 4 502 files changed, 6008 insertions(+), 4297 deletions(-) Aakash Menon (1): net: sparx5: Fix invalid timestamps Abhishek Tamboli (1): ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 Adrian Ratiu (1): proc: add config & param to block forcing mem writes Ahmed S. Darwish (1): tools/x86/kcpuid: Protect against faulty "max subleaf" values Ai Chao (1): ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 Ajit Pandey (1): clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL Al Viro (1): close_range(): fix the logics in descriptor table trimming Aleksander Jan Bajkowski (1): net: ethernet: lantiq_etop: fix memory disclosure Aleksandr Mishin (1): ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() Aleksandrs Vinarskis (1): ACPICA: iasl: handle empty connection_node Alessandro Zanni (1): kselftest/devices/probe: Fix SyntaxWarning in regex strings for Python3 Alex Deucher (5): drm/amdgpu/gfx9: properly handle error ints on all pipes drm/amdgpu/gfx9: use rlc safe mode for soft recovery drm/amdgpu/gfx11: enter safe mode before touching CP_INT_CNTL drm/amdgpu/gfx11: use rlc safe mode for soft recovery drm/amdgpu/gfx10: use rlc safe mode for soft recovery Alex Hung (11): drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags drm/amd/display: Check null pointers before using them drm/amd/display: Check null pointers before using dc->clk_mgr drm/amd/display: Check null-initialized variables drm/amd/display: Check phantom_stream before it is used drm/amd/display: Check stream before comparing them drm/amd/display: Check link_res->hpo_dp_link_enc before using it drm/amd/display: Avoid overflow assignment in link_dp_cts drm/amd/display: Initialize get_bytes_per_element's default to 1 drm/amd/display: Add HDR workaround for specific eDP drm/amd/display: enable_hpo_dp_link_output: Check link_res->hpo_dp_link_enc before using it Alexander F. Lent (1): accel/ivpu: Add missing MODULE_FIRMWARE metadata Alexander Shiyan (1): media: i2c: ar0521: Use cansleep version of gpiod_set_value() Alexandre Ghiti (1): riscv: Fix kernel stack size when KASAN is enabled Alexey Dobriyan (2): block: fix integer overflow in BLKSECDISCARD build-id: require program headers to be right after ELF header Alice Ryhl (1): rust: sync: require `T: Sync` for `LockedBy::access` Amir Goldstein (1): ovl: fsync after metadata copy-up Andrei Simion (1): ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized Andrew Davis (1): power: reset: brcmstb: Do not go into infinite loop if reset fails Andrew Jones (1): of/irq: Support #msi-cells=<0> in of_msi_get_domain Andrii Nakryiko (2): perf,x86: avoid missing caller address in stack traces captured in uprobe lib/buildid: harden build ID parsing logic Anjaneyulu (1): wifi: iwlwifi: allow only CN mcc from WRDD Anton Danilov (1): ipv4: ip_gre: Fix drops of small packets in ipgre_xmit Ard Biesheuvel (1): i2c: synquacer: Deal with optional PCLK correctly Armin Wolf (4): ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails ACPICA: Fix memory leak if acpi_ps_get_next_field() fails ACPI: battery: Simplify battery hook locking ACPI: battery: Fix possible crash when unregistering a battery hook Arnaldo Carvalho de Melo (2): perf python: Disable -Wno-cast-function-type-mismatch if present on clang perf python: Allow checking for the existence of warning options in clang Arnd Bergmann (1): nvme-tcp: fix link failure for TCP auth Artem Sadovnikov (1): ext4: fix i_data_sem unlock order in ext4_ind_migrate() Aruna Ramakrishna (2): x86/pkeys: Add PKRU as a parameter in signal handling functions x86/pkeys: Restore altstack access in sigreturn() Asad Kamal (1): drm/amdgpu: Fix get each xcp macro Asahi Lina (1): ALSA: usb-audio: Add mixer quirk for RME Digiface USB Baojun Xu (1): ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop Baokun Li (10): ext4: avoid use-after-free in ext4_ext_show_leaf() ext4: fix slab-use-after-free in ext4_split_extent_at() ext4: propagate errors from ext4_find_extent() in ext4_insert_range() ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free ext4: aovid use-after-free in ext4_ext_insert_extent() ext4: fix double brelse() the buffer of the extents path ext4: update orig_path in ext4_find_extent() ext4: fix off by one issue in alloc_flex_gd() jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error cachefiles: fix dentry leak in cachefiles_open_file() Barnabás Czémán (1): iio: magnetometer: ak8975: Fix reading for ak099xx sensors Beleswar Padhi (1): remoteproc: k3-r5: Acquire mailbox handle during probe routine Ben Cheatham (1): EINJ, CXL: Fix CXL device SBDF calculation Ben Dooks (1): spi: s3c64xx: fix timeout counters in flush_fifo Ben Hutchings (1): tools/rtla: Fix installation from out-of-tree build Benjamin Lin (1): wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation Biju Das (1): spi: rpc-if: Add missing MODULE_DEVICE_TABLE Boris Brezillon (4): drm/panthor: Lock the VM resv before calling drm_gpuvm_bo_obtain_prealloc() drm/panthor: Don't add write fences to the shared BOs drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() drm/panthor: Don't declare a queue blocked if deferred operations are pending Breno Leitao (1): netpoll: Ensure clean state on setup failures Bryan O'Donoghue (3): media: ov5675: Fix power on/off delay timings media: qcom: camss: Remove use_count guard in stop_streaming media: qcom: camss: Fix ordering of pm_runtime_enable Chao Yu (1): f2fs: fix to don't panic system for no free segment fault injection Chih-Kang Chang (1): wifi: rtw89: avoid to add interface to list twice when SER Christian König (1): drm/sched: revert "Always increment correct scheduler score" Christoph Hellwig (2): loop: don't set QUEUE_FLAG_NOMERGES iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release Christophe JAILLET (2): ALSA: mixer_oss: Remove some incorrect kfree_const() usages ALSA: gus: Fix some error handling paths related to get_bpos() usage Christophe Leroy (4): selftests: vDSO: fix vDSO name for powerpc selftests: vDSO: fix vdso_config for powerpc selftests: vDSO: fix vDSO symbols lookup for powerpc64 powerpc/vdso: Fix VDSO data access when running in a non-root time namespace Chuck Lever (3): NFSD: Fix NFSv4's PUTPUBFH operation NFSD: Async COPY result needs to return a write verifier NFSD: Limit the number of concurrent async COPY operations Chun-Yi Lee (1): aoe: fix the potential use-after-free problem in more places Ckath (1): platform/x86: touchscreen_dmi: add nanote-next quirk Colin Ian King (1): r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" Csókás, Bence (2): net: fec: Restart PPS after link state change net: fec: Reload PTP registers after link-state change Cyan Nyan (1): ALSA: usb-audio: Add quirk for RME Digiface USB Daeho Jeong (5): f2fs: make BG GC more aggressive for zoned devices f2fs: introduce migration_window_granularity f2fs: increase BG GC migration window granularity when boosted for zoned devices f2fs: do FG_GC when GC boosting is required for zoned devices f2fs: forcibly migrate to secure space for zoned device file pinning Damien Le Moal (2): ata: pata_serverworks: Do not use the term blacklist ata: sata_sil: Rename sil_blacklist to sil_quirks Daniel Borkmann (2): net: Add netif_get_gro_max_size helper for GRO net: Fix gso_features_check to check for both dev->gso_{ipv4_,}max_size Daniel Bristot de Oliveira (1): sched/deadline: Comment sched_dl_entity::dl_server variable Daniel Sneddon (1): x86/bugs: Add missing NO_SSB flag Daniel Wagner (1): scsi: pm8001: Do not overwrite PCI queue mapping Danilo Krummrich (1): mm: krealloc: consider spare memory for __GFP_ZERO Darrick J. Wong (1): iomap: constrain the file range passed to iomap_file_unshare David Hildenbrand (1): selftests/mm: fix charge_reserved_hugetlb.sh test David Howells (4): afs: Fix missing wire-up of afs_retry_request() afs: Fix the setting of the server responding flag netfs: Cancel dirty folios that have no storage destination rxrpc: Fix a race between socket set up and I/O thread creation David Kaplan (1): x86/bugs: Fix handling when SRSO mitigation is disabled David Strahan (2): scsi: smartpqi: Add new controller PCI IDs scsi: smartpqi: add new controller PCI IDs David Virag (2): dt-bindings: clock: exynos7885: Fix duplicated binding clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix Denis Pauk (1): hwmon: (nct6775) add G15CF to ASUS WMI monitoring list Dmitry Antipov (1): net: sched: consistently use rcu_replace_pointer() in taprio_change() Dmitry Baryshkov (1): clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks Dmitry Kandybka (1): wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Dmitry Torokhov (1): HID: i2c-hid: ensure various commands do not interfere with each other Easwar Hariharan (1): arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 Eddie James (1): net/ncsi: Disable the ncsi work before freeing the associated structure Eder Zulian (1): rtla: Fix the help text in osnoise and timerlat top tools Edward Adam Davis (3): jfs: Fix uaf in dbFreeBits jfs: check if leafidx greater than num leaves per dmap tree ext4: no need to continue when the number of entries is 1 Elena Salomatkina (1): net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Emanuele Ghidoli (1): gpio: davinci: fix lazy disable Eric Dumazet (5): netfilter: nf_tables: prevent nf_skb_duplicated corruption net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: add more sanity checks to qdisc_pkt_len_init() net: test for not too small csum_start in virtio_net_hdr_to_skb() ppp: do not assume bh is held in ppp_channel_bridge_input() Fangrui Song (1): crypto: x86/sha256 - Add parentheses around macros' single arguments Fares Mehanna (1): arm64: trans_pgd: mark PTEs entries as valid to avoid dead kexec() Felix Fietkau (3): wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker net: gso: fix tcp fraglist segmentation after pull from frag_list Filipe Manana (2): btrfs: send: fix invalid clone operation for file that got its size decreased btrfs: wait for fixup workers before stopping cleaner kthread during umount Finn Thain (1): scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers Gabe Teeger (1): drm/amd/display: Revert Avoid overflow assignment Gautham Ananthakrishna (1): ocfs2: reserve space for inline xattr before attaching reflink tree Geert Uytterhoeven (3): mailbox: ARM_MHU_V3 should depend on ARM64 drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() of/irq: Refer to actual buffer size in of_irq_parse_one() Gerd Bayer (1): net/mlx5: Fix error path in multi-packet WQE transmit Gergo Koteles (1): platform/x86: lenovo-ymc: Ignore the 0x0 state Greg Kroah-Hartman (1): Linux 6.10.14 Guixin Liu (1): io_uring: fix memory leak when cache init fail Gustavo A. R. Silva (1): wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Haiyang Zhang (1): net: mana: Add support for page sizes other than 4KB on ARM64 Hannes Reinecke (3): nvme-keyring: restrict match length for version '1' identifiers nvme-tcp: sanitize TLS key handling nvme-tcp: check for invalidated or revoked key Hans P. Moller (1): ALSA: line6: add hw monitor volume control to POD HD500X Hans Verkuil (1): media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Hans de Goede (10): ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 HID: Ignore battery for all ELAN I2C-HID devices platform/x86: x86-android-tablets: Adjust Xiaomi Pad 2 bottom bezel touch buttons LED platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors power: supply: hwmon: Fix missing temp1_max_alarm attribute ACPI: video: Add backlight=native quirk for Dell OptiPlex 5480 AIO ACPI: resource: Remove duplicate Asus E1504GAB IRQ override ACPI: resource: Loosen the Asus E1404GAB DMI match to also cover the E1404GA ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] Haoran Zhang (1): vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Haren Myneni (1): powerpc/pseries: Use correct data types from pseries_hp_errorlog struct Hawking Zhang (1): drm/amdkfd: Check int source id for utcl2 poison event Heiko Carstens (1): selftests: vDSO: fix vdso_config for s390 Heiner Kallweit (2): i2c: core: Lock address during client device instantiation r8169: add tally counter fields added with RTL8125 Helge Deller (4): parisc: Fix itlb miss handler for 64-bit programs parisc: Fix 64-bit userspace syscall path parisc: Allow mmap(MAP_STACK) memory to automatically expand upwards parisc: Fix stack start for ADDR_NO_RANDOMIZE personality Heming Zhao (1): ocfs2: fix the la space leak when unmounting an ocfs2 volume Herbert Xu (4): crypto: octeontx - Fix authenc setkey crypto: octeontx2 - Fix authenc setkey crypto: simd - Do not call crypto_alloc_tfm during registration crypto: octeontx* - Select CRYPTO_AUTHENC Hilda Wu (2): Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 Bluetooth: btrtl: Set msft ext address filter quirk for RTL8852B Huang Ying (1): resource: fix region_intersects() vs add_memory_driver_managed() Hui Wang (1): ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m Ian Rogers (1): perf callchain: Fix stitch LBR memory leaks Ido Schimmel (2): bridge: mcast: Fail MDB get request on empty entry ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Ilan Peer (1): wifi: iwlwifi: mvm: Fix a race in scan abort flow Imre Deak (1): drm/i915/dp: Fix AUX IO power enabling for eDP PSR Issam Hamdi (1): wifi: cfg80211: Set correct chandef when starting CAC James Clark (1): drivers/perf: arm_spe: Use perf_allow_kernel() for permissions Jan Kiszka (1): remoteproc: k3-r5: Fix error handling when power-up failed Jan Lalinsky (1): ALSA: usb-audio: Add native DSD support for Luxman D-08u Jani Nikula (1): drm/i915/gem: fix bitwise and logical AND mixup Jaroslav Kysela (1): ALSA: core: add isascii() check to card ID generator Jason Gunthorpe (1): iommu/arm-smmu-v3: Do not use devm for the cd table allocations Jason Xing (1): tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process Javier Carrasco (1): drm/mediatek: ovl_adaptor: Add missing of_node_put() Jeff Xu (1): selftest mm/mseal: fix test_seal_mremap_move_dontunmap_anyaddr Jens Axboe (1): io_uring/net: harden multishot termination case for recv Jens Remus (1): selftests: vDSO: fix ELF hash table entry size for s390x Jeongjun Park (1): net/xen-netback: prevent UAF in xenvif_flush_hash() Jesse Zhang (1): drm/amdkfd: Fix resource leak in criu restore queue Jianbo Liu (1): net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice Jiawei Ye (1): mac802154: Fix potential RCU dereference issue in mac802154_scan_worker Jiawen Wu (1): net: pcs: xpcs: fix the wrong register that was written back Jinjie Ruan (12): ieee802154: Fix build error net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable() Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() nfp: Use IRQF_NO_AUTOEN flag in request_irq() spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled spi: spi-cadence: Fix pm_runtime_set_suspended() with runtime pm enabled spi: spi-cadence: Fix missing spi_controller_is_target() check i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled spi: bcm63xx: Fix module autoloading spi: bcm63xx: Fix missing pm_runtime_disable() Jisheng Zhang (1): riscv: define ILLEGAL_POINTER_VALUE for 64bit Joe Damato (2): netdev-genl: Set extack and fix error on napi-get net: napi: Prevent overflow of napi_defer_hard_irqs Joel Fernandes (Google) (1): sched/core: Add clearing of ->dl_server in put_prev_task_balance() Johannes Berg (3): wifi: iwlwifi: mvm: drop wrong STA selection in TX wifi: iwlwifi: mvm: use correct key iteration wifi: mac80211: fix RCU list iterations Johannes Weiner (1): sched: psi: fix bogus pressure spikes from aggregation race Jonathan Gray (1): Revert "drm/amd/display: Skip Recompute DSC Params if no Stream on Link" Josef Bacik (1): btrfs: drop the backref cache during relocation if we commit Joseph Qi (2): ocfs2: fix uninit-value in ocfs2_get_block() ocfs2: cancel dqi_sync_work before freeing oinfo Joshua Pius (1): ALSA: usb-audio: Add logitech Audio profile quirk Julian Sun (1): ocfs2: fix null-ptr-deref when journal load failed. Juntong Deng (1): bpf: Make the pointer returned by iter next method valid Justin Tee (3): scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology scsi: lpfc: Update PRLO handling in direct attached topology Kaixin Wang (2): fbdev: pxafb: Fix possible use after free in pxafb_task() i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition Karthikeyan Periyasamy (2): wifi: ath12k: fix array out-of-bound access in SoC stats wifi: ath11k: fix array out-of-bound access in SoC stats Katya Orlova (1): drm/stm: Avoid use-after-free issues with crtc and plane Kees Cook (2): x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() scsi: aacraid: Rearrange order of struct aac_srb_unit Kemeng Shi (1): jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit KhaiWenTan (1): net: stmmac: Fix zero-division error when disabling tc cbs Kimriver Liu (1): i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled Konrad Dybcio (1): drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs Konstantin Ovsepian (1): blk_iocost: fix more out of bound shifts Krzysztof Kozlowski (7): net: hisilicon: hip04: fix OF node leak in probe() net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() net: hisilicon: hns_mdio: fix OF node leak in probe() ASoC: codecs: wsa883x: Handle reading version failure firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() memory: tegra186-emc: drop unused to_tegra186_emc() rtc: at91sam9: fix OF node leak in probe() error path Kuan-Wei Chiu (2): bpftool: Fix undefined behavior caused by shifting into the sign bit bpftool: Fix undefined behavior in qsort(NULL, 0, ...) Kuan-Ying Lee (3): scripts/gdb: fix timerlist parsing issue scripts/gdb: add iteration function for rbtree scripts/gdb: fix lx-mounts command error Kuniyuki Iwashima (1): ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). Laurent Pinchart (2): media: videobuf2: Drop minimum allocation requirement of 2 buffers media: sun4i_csi: Implement link validate for sun4i_csi subdev Li Lingfeng (1): nfsd: map the EBADMSG to nfserr_io to avoid warning Li Zhijian (1): fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name Lianqin Hu (1): ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET Liao Chen (1): mailbox: rockchip: fix a typo in module autoloading Liao Yuanhong (1): f2fs: add write priority option based on zone UFS Lizhi Xu (2): ocfs2: remove unreasonable unlock in ocfs2_read_blocks ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Long Li (2): RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page RDMA/mana_ib: use the correct page table index based on hardware page size Lu Baolu (2): iommu/vt-d: Always reserve a domain ID for identity setup iommu/vt-d: Unconditionally flush device TLB for pasid table updates Luis Henriques (SUSE) (9): ceph: fix a memory leak on cap_auths in MDS client ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() ext4: fix access to uninitialised lock in fc replay path ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() ext4: fix fast commit inode enqueueing during a full journal commit ext4: use handle to mark fc as ineligible in __track_dentry_update() ext4: mark fc as ineligible using an handle in ext4_xattr_set() Luiz Augusto von Dentz (3): Bluetooth: MGMT: Fix possible crash on mgmt_index_removed Bluetooth: L2CAP: Fix uaf in l2cap_connect Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Luiz Capitulino (1): platform/mellanox: mlxbf-pmc: fix lockdep warning Luo Gengkun (1): perf/core: Fix small negative period being ignored Ma Ke (1): drm: omapdrm: Add missing check for alloc_ordered_workqueue Mahesh Rajashekhara (1): scsi: smartpqi: correct stream detection Manivannan Sadhasivam (2): clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable() Marc Ferland (1): i2c: xiic: improve error message when transfer fails to start Marc Zyngier (1): KVM: arm64: Fix kvm_has_feat*() handling of negative features Marek Vasut (1): i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume Mario Limonciello (2): ACPI: CPPC: Add support for setting EPP register in FFH drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` Mark Rutland (3): arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS arm64: cputype: Add Neoverse-N3 definitions arm64: errata: Expand speculative SSBS workaround once more Masahiro Yamada (1): kconfig: qconf: fix buffer overflow in debug links Matt Fleming (1): perf hist: Update hist symbol when updating maps Matthew Auld (2): drm/xe: fixup xe_alloc_pf_queue drm/xe: fix UAF around queue destruction Matthew Brost (4): drm/xe: Resume TDR after GT reset drm/printer: Allow NULL data in devcoredump printer drm/xe: Drop warn on xe_guc_pc_gucrc_disable in guc pc fini drm/xe: Delete unused GuC submission_state.suspend Mike Baynton (1): ovl: fail if trusted xattrs are needed but caller lacks permission Mike Tipton (1): clk: qcom: clk-rpmh: Fix overflow in BCM vote Miquel Sabaté Solà (1): cpufreq: Avoid a bad reference count on CPU node Miri Korenblit (1): wifi: iwlwifi: mvm: avoid NULL pointer dereference Mohamed Khalfella (1): net/mlx5: Added cond_resched() to crdump collection Mostafa Saleh (1): iommu/arm-smmu-v3: Match Stall behaviour for S2 Namhyung Kim (2): perf: Really fix event_function_call() locking perf report: Fix segfault when 'sym' sort key is not used Namjae Jeon (1): ksmbd: add refcnt to ksmbd_conn struct NeilBrown (2): nfsd: fix delegation_blocked() to block correctly for at least 30 seconds sunrpc: change sp_nrthreads from atomic_t to unsigned int. Nicholas Kazlauskas (1): drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces Niklas Söderlund (1): net: phy: Check for read errors in SIOCGMIIREG Nikolai Afanasenkov (1): ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 Nirmoy Das (1): drm/xe: Fix memory leak on xe_alloc_pf_queue failure Nuno Sa (2): Input: adp5589-keys - fix NULL pointer dereference Input: adp5589-keys - fix adp5589_gpio_get_value() Oder Chiou (1): ALSA: hda/realtek: Fix the push button function for the ALC257 Oleg Nesterov (1): uprobes: fix kernel info leak via "[uprobes]" vma Pali Rohár (3): cifs: Remove intermediate object of failed create reparse call cifs: Fix buffer overflow when parsing NFS reparse points cifs: Do not convert delimiter when parsing NFS-style symlinks Patrick Donnelly (1): ceph: fix cap ref leak via netfs init_request Paul E. McKenney (1): rcuscale: Provide clear error when async specified without primitives Pei Xiao (1): ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() Peng Fan (1): mm, slub: avoid zeroing kmalloc redzone Peng Liu (2): drm/amdgpu: add raven1 gfxoff quirk drm/amdgpu: enable gfxoff quirk on HP 705G4 Peter Zijlstra (2): jump_label: Fix static_key_slow_dec() yet again perf: Fix event_function_call() locking Phil Sutter (2): netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED selftests: netfilter: Fix nft_audit.sh for newer nft binaries Philip Yang (1): drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pierre-Eric Pelloux-Prayer (1): drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit Pierre-Louis Bossart (1): ASoC: Intel: boards: always check the result of acpi_dev_get_first_match_dev() Ping-Ke Shih (1): wifi: rtw89: correct base HT rate mask for firmware Pu Lehui (1): drivers/perf: riscv: Align errno for unsupported perf event Qu Wenruo (1): btrfs: fix a NULL pointer dereference when failed to start a new trasacntion Rafael J. Wysocki (1): ACPI: EC: Do not release locks during operation region accesses Rafael Rocha (1): scsi: st: Fix input/output error on empty drive reset Ravikanth Tuniki (1): dt-bindings: net: xlnx,axi-ethernet: Add missing reg minItems Remington Brasga (1): jfs: UBSAN: shift-out-of-bounds in dbFindBits Rob Clark (1): drm/sched: Fix dynamic job-flow control race Robert Hancock (2): i2c: xiic: Try re-initialization on bus busy timeout i2c: xiic: Wait for TX empty to avoid missed TX NAKs Rodrigo Vivi (1): drm/xe: Restore pci state upon resume Sanjay K Kumar (1): iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count Satya Priya Kakitapalli (4): dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src clk: qcom: gcc-sc8180x: Add GPLL9 support clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table Sebastian Reichel (1): clk: rockchip: fix error for unknown clocks Seiji Nishikawa (1): ACPI: PAD: fix crash in exit_round_robin() Shenwei Wang (1): net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check Simon Horman (4): tipc: guard against string buffer overrun net: mvpp2: Increase size of queue_name buffer bnxt_en: Extend maximum length of version string by 1 byte net: atlantic: Avoid warning about potential string truncation Srinivasan Shanmugam (12): drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation drm/amd/display: Fix index out of bounds in degamma hardware format translation drm/amd/display: Fix index out of bounds in DCN30 color transformation Stefan Mätje (1): can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode Stefan Wahren (1): mailbox: bcm2835: Fix timeout during suspend mode Steve French (1): smb3: fix incorrect mode displayed for read-only files Steve Wahl (1): x86/mm/ident_map: Use gbpages only where full GB page should be mapped. Steven Price (1): drm/panthor: Fix race when converting group handle to group object Stuart Summers (1): drm/xe: Use topology to determine page fault queue size Suraj Kandpal (1): drm/xe/hdcp: Check GSC structure validity Takashi Iwai (11): ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin ALSA: usb-audio: Add input value sanity checks for standard types ALSA: usb-audio: Define macros for quirk table entries ALSA: usb-audio: Replace complex quirk lines with macros ALSA: control: Take power_ref lock primarily ALSA: asihpi: Fix potential OOB array access ALSA: hdsp: Break infinite MIDI input flush loop ALSA: control: Fix power_ref lock order for compat code, too Revert "ALSA: hda: Conditionally use snooping for AMD HDMI" ALSA: control: Fix leftover snd_power_unref() Tamim Khan (1): ACPI: resource: Skip IRQ override on Asus Vivobook Go E1404GAB Tao Liu (1): x86/kexec: Add EFI config table identity mapping for kexec kernel Tetsuo Handa (1): tomoyo: fallback to realpath if symlink's pathname does not exist Thadeu Lima de Souza Cascardo (1): ext4: ext4_search_dir should return a proper error Thomas Gleixner (5): static_call: Handle module init failure correctly in static_call_del_module() static_call: Replace pointless WARN_ON() in static_call_module_notify() jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() x86/ioapic: Handle allocation failures gracefully x86/apic: Remove logical destination mode for 64-bit Thomas Weißschuh (5): tools/nolibc: powerpc: limit stack-protector workaround to GCC selftests/nolibc: avoid passing NULL to printf("%s") fbdev: efifb: Register sysfs groups through driver core of: address: Report error on resource bounds overflow sysctl: avoid spurious permanent empty tables Thomas Zimmermann (2): drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS firmware/sysfb: Disable sysfb for firmware buffers with unknown parent Tim Huang (4): drm/amd/display: fix double free issue during amdgpu module unload drm/amdgpu: fix unchecked return value warning for amdgpu_gfx drm/amdgpu: fix unchecked return value warning for amdgpu_atombios drm/amd/pm: ensure the fw_info is not null before using it Tobias Jakobi (1): drm/amd/display: handle nulled pipe context in DCE110's set_drr() Toke Høiland-Jørgensen (1): wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Tom Chung (1): drm/amd/display: Fix system hang while resume with TBT monitor Tvrtko Ursulin (4): drm/v3d: Prevent out of bounds access in performance query extensions drm/sched: Add locking to drm_sched_entity_modify_sched drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job drm/sched: Always increment correct scheduler score Udit Kumar (1): remoteproc: k3-r5: Delay notification of wakeup event Ulf Hansson (1): pmdomain: core: Don't hold the genpd-lock when calling dev_pm_domain_set() Umang Jain (1): media: imx335: Fix reset-gpio handling Uwe Kleine-König (1): cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock Val Packett (2): drm/rockchip: vop: clear DMA stop bit on RK3066 drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 Vasileios Amoiridis (4): iio: pressure: bmp280: Improve indentation and line wrapping iio: pressure: bmp280: Use BME prefix for BME280 specifics iio: pressure: bmp280: Fix regmap for BMP280 device iio: pressure: bmp280: Fix waiting time for BMP3xx configuration Victor Skvortsov (1): drm/amdgpu: Block MMR_READ IOCTL in reset Ville Syrjälä (1): drm/i915/dp: Fix colorimetry detection Vishnu Sankar (1): HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio Vitaly Lifshits (1): e1000e: avoid failing the system during pm_suspend Vladimir Oltean (1): net: dsa: improve shutdown sequence Wei Li (4): tracing/hwlat: Fix a race during cpuhp processing tracing/timerlat: Drop interface_lock in stop_kthread() tracing/timerlat: Fix a race during cpuhp processing tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline Willem de Bruijn (2): vrf: revert "vrf: Remove unnecessary RCU-bh critical section" gso: fix udp gso fraglist segmentation after pull from frag_list Xiaxi Shen (1): ext4: fix timer use-after-free on failed mount Xin Long (1): sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start Xiubo Li (1): ceph: remove the incorrect Fw reference check when dirtying pages Yang Shen (1): crypto: hisilicon - fix missed error branch Yang Wang (1): drm/amdgpu: add list empty check to avoid null pointer issue Yannick Fertre (1): drm/stm: ltdc: reset plane transparency after plane disable Yifei Liu (1): selftests: breakpoints: use remaining time to check if suspend succeed Yihan Zhu (1): drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 Yonghong Song (1): bpf: Fix a sdiv overflow issue Yosry Ahmed (1): mm: z3fold: deprecate CONFIG_Z3FOLD Youssef Esmat (1): sched/core: Clear prev->dl_server in CFS pick fast path Yuezhang Mo (1): exfat: fix memory leak in exfat_load_bitmap() Yun Lu (1): selftest: hid: add missing run-hid-tools-tests.sh Zach Wade (1): platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Zhanjun Dong (1): drm/xe: Prevent null pointer access in xe_migrate_copy Zhao Mengmeng (1): jfs: Fix uninit-value access of new_ea in ea_buffer Zheng Wang (1): media: venus: fix use after free bug in venus_remove due to race condition Zhihao Cheng (1): ext4: dax: fix overflowing extents beyond inode size when partially writing Zhu Jun (1): tools/hv: Add memory allocation check in hv_fcopy_start Zong-Zhe Yang (2): wifi: rtw88: select WANT_DEV_COREDUMP wifi: rtw89: avoid reading out of bounds when loading TX power FW elements Zqiang (1): rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb() aln8 (1): platform/x86/amd: pmf: Add quirk for TUF Gaming A14 wangrong (1): smb: client: use actual path when queryfs yao.ly (1): ext4: correct encrypted dentry name hash when not casefolded zhang jiao (1): selftests: netfilter: Add missing return value

8 months, 2 weeks

1
1
0 0

[PATCH] leds: lp55xx: Fix check for invalid channel number

by Michal Vokáč

Prior to commit 92a81562e695 ("leds: lp55xx: Add multicolor framework support to lp55xx") the reg property (chan_nr) was parsed and stored as it was. Then, in lp55xx_init_led() function, it was checked if it is within valid range. In case it was not, an error message was printed and the driver probe failed. With the mentioned commit the reg property is checked right after it is read from the device tree. Comparison to the upper range is not correct though. Valid reg values are 0 to (max_channel - 1). So in case the parsed value is out of this (wrong) range the probe just fails and no error message is shown. Fix it by using proper comparison and print a message in case of an error. The check that is done in lp55xx_init_led() function is now redundant and can be removed. Fixes: 92a81562e695 ("leds: lp55xx: Add multicolor framework support to lp55xx") Cc: <stable(a)vger.kernel.org> Signed-off-by: Michal Vokáč <michal.vokac(a)ysoft.com> --- drivers/leds/leds-lp55xx-common.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/leds/leds-lp55xx-common.c b/drivers/leds/leds-lp55xx-common.c index 5a2e259679cf..055ee77455f9 100644 --- a/drivers/leds/leds-lp55xx-common.c +++ b/drivers/leds/leds-lp55xx-common.c @@ -512,12 +512,6 @@ static int lp55xx_init_led(struct lp55xx_led *led, led->max_current = pdata->led_config[chan].max_current; led->chan_nr = pdata->led_config[chan].chan_nr; - if (led->chan_nr >= max_channel) { - dev_err(dev, "Use channel numbers between 0 and %d\n", - max_channel - 1); - return -EINVAL; - } - if (pdata->led_config[chan].num_colors > 1) ret = devm_led_classdev_multicolor_register(dev, &led->mc_cdev); else @@ -1132,8 +1126,11 @@ static int lp55xx_parse_common_child(struct device_node *np, if (ret) return ret; - if (*chan_nr < 0 || *chan_nr > cfg->max_channel) + if (*chan_nr < 0 || *chan_nr >= cfg->max_channel) { + dev_err(dev, "Use channel numbers between 0 and %d\n", + cfg->max_channel - 1); return -EINVAL; + } return 0; } -- 2.1.4

8 months, 2 weeks

2
3
0 0

[PATCH 6.1] net/mlx5: Always drain health in shutdown callback

by Xiangyu Chen

From: Shay Drory <shayd(a)nvidia.com> [ Upstream commit 1b75da22ed1e6171e261bc9265370162553d5393 ] There is no point in recovery during device shutdown. if health work started need to wait for it to avoid races and NULL pointer access. Hence, drain health WQ on shutdown callback. Fixes: 1958fc2f0712 ("net/mlx5: SF, Add auxiliary device driver") Fixes: d2aa060d40fa ("net/mlx5: Cancel health poll before sending panic teardown command") Signed-off-by: Shay Drory <shayd(a)nvidia.com> Reviewed-by: Moshe Shemesh <moshe(a)nvidia.com> Signed-off-by: Tariq Toukan <tariqt(a)nvidia.com> Reviewed-by: Wojciech Drewek <wojciech.drewek(a)intel.com> Link: https://patch.msgid.link/20240730061638.1831002-2-tariqt@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Xiangyu: Modified to apply on 6.1.y to fix CVE-2024-43866] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> --- drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c index 76af59cfdd0e..825ad7663fa4 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/main.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c @@ -1950,7 +1950,6 @@ static int mlx5_try_fast_unload(struct mlx5_core_dev *dev) /* Panic tear down fw command will stop the PCI bus communication * with the HCA, so the health poll is no longer needed. */ - mlx5_drain_health_wq(dev); mlx5_stop_health_poll(dev, false); ret = mlx5_cmd_fast_teardown_hca(dev); @@ -1985,6 +1984,7 @@ static void shutdown(struct pci_dev *pdev) mlx5_core_info(dev, "Shutdown was called\n"); set_bit(MLX5_BREAK_FW_WAIT, &dev->intf_state); + mlx5_drain_health_wq(dev); err = mlx5_try_fast_unload(dev); if (err) mlx5_unload_one(dev, false); diff --git a/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c b/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c index 2424cdf9cca9..d6850eb0ed7f 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c @@ -75,6 +75,7 @@ static void mlx5_sf_dev_shutdown(struct auxiliary_device *adev) { struct mlx5_sf_dev *sf_dev = container_of(adev, struct mlx5_sf_dev, adev); + mlx5_drain_health_wq(sf_dev->mdev); mlx5_unload_one(sf_dev->mdev, false); } -- 2.43.0

8 months, 2 weeks

1
0
0 0

[PATCH v3 6.1/6.6] wifi: mac80211: Avoid address calculations via out of bounds array indexing

by Xiangyu Chen

From: Kenton Groombridge <concord(a)gentoo.org> [ Upstream commit 2663d0462eb32ae7c9b035300ab6b1523886c718 ] req->n_channels must be set before req->channels[] can be used. This patch fixes one of the issues encountered in [1]. [ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4 [ 83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]' [...] [ 83.964264] Call Trace: [ 83.964267] <TASK> [ 83.964269] dump_stack_lvl+0x3f/0xc0 [ 83.964274] __ubsan_handle_out_of_bounds+0xec/0x110 [ 83.964278] ieee80211_prep_hw_scan+0x2db/0x4b0 [ 83.964281] __ieee80211_start_scan+0x601/0x990 [ 83.964291] nl80211_trigger_scan+0x874/0x980 [ 83.964295] genl_family_rcv_msg_doit+0xe8/0x160 [ 83.964298] genl_rcv_msg+0x240/0x270 [...] [1] https://bugzilla.kernel.org/show_bug.cgi?id=218810 Co-authored-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Kenton Groombridge <concord(a)gentoo.org> Link: https://msgid.link/20240605152218.236061-1-concord@gentoo.org Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> [Xiangyu: Modified to apply on 6.1.y and 6.6.y] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> --- V1 -> V2: add v6.6 support V2 -> V3: add commit id from Linus's code tree --- net/mac80211/scan.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 62c22ff329ad..d81b49fb6458 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -357,7 +357,8 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) struct cfg80211_scan_request *req; struct cfg80211_chan_def chandef; u8 bands_used = 0; - int i, ielen, n_chans; + int i, ielen; + u32 *n_chans; u32 flags = 0; req = rcu_dereference_protected(local->scan_req, @@ -367,34 +368,34 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) return false; if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { + local->hw_scan_req->req.n_channels = req->n_channels; + for (i = 0; i < req->n_channels; i++) { local->hw_scan_req->req.channels[i] = req->channels[i]; bands_used |= BIT(req->channels[i]->band); } - - n_chans = req->n_channels; } else { do { if (local->hw_scan_band == NUM_NL80211_BANDS) return false; - n_chans = 0; + n_chans = &local->hw_scan_req->req.n_channels; + *n_chans = 0; for (i = 0; i < req->n_channels; i++) { if (req->channels[i]->band != local->hw_scan_band) continue; - local->hw_scan_req->req.channels[n_chans] = + local->hw_scan_req->req.channels[(*n_chans)++] = req->channels[i]; - n_chans++; + bands_used |= BIT(req->channels[i]->band); } local->hw_scan_band++; - } while (!n_chans); + } while (!*n_chans); } - local->hw_scan_req->req.n_channels = n_chans; ieee80211_prepare_scan_chandef(&chandef, req->scan_width); if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) -- 2.43.0

8 months, 2 weeks

1
0
0 0

[PATCH v1 1/1] ufs: core: set SDEV_OFFLINE when ufs shutdown.

by Seunghwan Baek

There is a history of dead lock as reboot is performed at the beginning of booting. SDEV_QUIESCE was set for all lu's scsi_devices by ufs shutdown, and at that time the audio driver was waiting on blk_mq_submit_bio holding a mutex_lock while reading the fw binary. After that, a deadlock issue occurred while audio driver shutdown was waiting for mutex_unlock of blk_mq_submit_bio. To solve this, set SDEV_OFFLINE for all lus except wlun, so that any i/o that comes down after a ufs shutdown will return an error. [ 31.907781]I[0: swapper/0: 0] 1 130705007 1651079834 11289729804 0 D( 2) 3 ffffff882e208000 * init [device_shutdown] [ 31.907793]I[0: swapper/0: 0] Mutex: 0xffffff8849a2b8b0: owner[0xffffff882e28cb00 kworker/6:0 :49] [ 31.907806]I[0: swapper/0: 0] Call trace: [ 31.907810]I[0: swapper/0: 0] __switch_to+0x174/0x338 [ 31.907819]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc [ 31.907826]I[0: swapper/0: 0] schedule+0x7c/0xe8 [ 31.907834]I[0: swapper/0: 0] schedule_preempt_disabled+0x24/0x40 [ 31.907842]I[0: swapper/0: 0] __mutex_lock+0x408/0xdac [ 31.907849]I[0: swapper/0: 0] __mutex_lock_slowpath+0x14/0x24 [ 31.907858]I[0: swapper/0: 0] mutex_lock+0x40/0xec [ 31.907866]I[0: swapper/0: 0] device_shutdown+0x108/0x280 [ 31.907875]I[0: swapper/0: 0] kernel_restart+0x4c/0x11c [ 31.907883]I[0: swapper/0: 0] __arm64_sys_reboot+0x15c/0x280 [ 31.907890]I[0: swapper/0: 0] invoke_syscall+0x70/0x158 [ 31.907899]I[0: swapper/0: 0] el0_svc_common+0xb4/0xf4 [ 31.907909]I[0: swapper/0: 0] do_el0_svc+0x2c/0xb0 [ 31.907918]I[0: swapper/0: 0] el0_svc+0x34/0xe0 [ 31.907928]I[0: swapper/0: 0] el0t_64_sync_handler+0x68/0xb4 [ 31.907937]I[0: swapper/0: 0] el0t_64_sync+0x1a0/0x1a4 [ 31.908774]I[0: swapper/0: 0] 49 0 11960702 11236868007 0 D( 2) 6 ffffff882e28cb00 * kworker/6:0 [__bio_queue_enter] [ 31.908783]I[0: swapper/0: 0] Call trace: [ 31.908788]I[0: swapper/0: 0] __switch_to+0x174/0x338 [ 31.908796]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc [ 31.908803]I[0: swapper/0: 0] schedule+0x7c/0xe8 [ 31.908811]I[0: swapper/0: 0] __bio_queue_enter+0xb8/0x178 [ 31.908818]I[0: swapper/0: 0] blk_mq_submit_bio+0x194/0x67c [ 31.908827]I[0: swapper/0: 0] __submit_bio+0xb8/0x19c Fixes: b294ff3e3449 ("scsi: ufs: core: Enable power management for wlun") Cc: stable(a)vger.kernel.org Signed-off-by: Seunghwan Baek <sh8267.baek(a)samsung.com> --- drivers/ufs/core/ufshcd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index a6f818cdef0e..4ac1492787c2 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -10215,7 +10215,9 @@ static void ufshcd_wl_shutdown(struct device *dev) shost_for_each_device(sdev, hba->host) { if (sdev == hba->ufs_device_wlun) continue; - scsi_device_quiesce(sdev); + mutex_lock(&sdev->state_mutex); + scsi_device_set_state(sdev, SDEV_OFFLINE); + mutex_unlock(&sdev->state_mutex); } __ufshcd_wl_suspend(hba, UFS_SHUTDOWN_PM); -- 2.17.1

8 months, 2 weeks

3
9
0 0

FAILED: patch "[PATCH] resource: fix region_intersects() vs" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b4afe4183ec77f230851ea139d91e5cf2644c68b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100733-tiara-detective-885e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: b4afe4183ec7 ("resource: fix region_intersects() vs add_memory_driver_managed()") 14b80582c43e ("resource: Introduce alloc_free_mem_region()") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b4afe4183ec77f230851ea139d91e5cf2644c68b Mon Sep 17 00:00:00 2001 From: Huang Ying <ying.huang(a)intel.com> Date: Fri, 6 Sep 2024 11:07:11 +0800 Subject: [PATCH] resource: fix region_intersects() vs add_memory_driver_managed() On a system with CXL memory, the resource tree (/proc/iomem) related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff : region0 490000000-50fffffff : dax0.0 490000000-50fffffff : System RAM (kmem) Because drivers/dax/kmem.c calls add_memory_driver_managed() during onlining CXL memory, which makes "System RAM (kmem)" a descendant of "CXL Window X". This confuses region_intersects(), which expects all "System RAM" resources to be at the top level of iomem_resource. This can lead to bugs. For example, when the following command line is executed to write some memory in CXL memory range via /dev/mem, $ dd if=data of=/dev/mem bs=$((1 << 10)) seek=$((0x490000000 >> 10)) count=1 dd: error writing '/dev/mem': Bad address 1+0 records in 0+0 records out 0 bytes copied, 0.0283507 s, 0.0 kB/s the command fails as expected. However, the error code is wrong. It should be "Operation not permitted" instead of "Bad address". More seriously, the /dev/mem permission checking in devmem_is_allowed() passes incorrectly. Although the accessing is prevented later because ioremap() isn't allowed to map system RAM, it is a potential security issue. During command executing, the following warning is reported in the kernel log for calling ioremap() on system RAM. ioremap on RAM at 0x0000000490000000 - 0x0000000490000fff WARNING: CPU: 2 PID: 416 at arch/x86/mm/ioremap.c:216 __ioremap_caller.constprop.0+0x131/0x35d Call Trace: memremap+0xcb/0x184 xlate_dev_mem_ptr+0x25/0x2f write_mem+0x94/0xfb vfs_write+0x128/0x26d ksys_write+0xac/0xfe do_syscall_64+0x9a/0xfd entry_SYSCALL_64_after_hwframe+0x4b/0x53 The details of command execution process are as follows. In the above resource tree, "System RAM" is a descendant of "CXL Window 0" instead of a top level resource. So, region_intersects() will report no System RAM resources in the CXL memory region incorrectly, because it only checks the top level resources. Consequently, devmem_is_allowed() will return 1 (allow access via /dev/mem) for CXL memory region incorrectly. Fortunately, ioremap() doesn't allow to map System RAM and reject the access. So, region_intersects() needs to be fixed to work correctly with the resource tree with "System RAM" not at top level as above. To fix it, if we found a unmatched resource in the top level, we will continue to search matched resources in its descendant resources. So, we will not miss any matched resources in resource tree anymore. In the new implementation, an example resource tree |------------- "CXL Window 0" ------------| |-- "System RAM" --| will behave similar as the following fake resource tree for region_intersects(, IORESOURCE_SYSTEM_RAM, ), |-- "System RAM" --||-- "CXL Window 0a" --| Where "CXL Window 0a" is part of the original "CXL Window 0" that isn't covered by "System RAM". Link: https://lkml.kernel.org/r/20240906030713.204292-2-ying.huang@intel.com Fixes: c221c0b0308f ("device-dax: "Hotplug" persistent memory for use like normal RAM") Signed-off-by: "Huang, Ying" <ying.huang(a)intel.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jonathan Cameron <jonathan.cameron(a)huawei.com> Cc: Dave Jiang <dave.jiang(a)intel.com> Cc: Alison Schofield <alison.schofield(a)intel.com> Cc: Vishal Verma <vishal.l.verma(a)intel.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Bjorn Helgaas <bhelgaas(a)google.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/resource.c b/kernel/resource.c index 14777afb0a99..235dc77f8add 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -540,20 +540,62 @@ static int __region_intersects(struct resource *parent, resource_size_t start, size_t size, unsigned long flags, unsigned long desc) { - struct resource res; + resource_size_t ostart, oend; int type = 0; int other = 0; - struct resource *p; + struct resource *p, *dp; + bool is_type, covered; + struct resource res; res.start = start; res.end = start + size - 1; for (p = parent->child; p ; p = p->sibling) { - bool is_type = (((p->flags & flags) == flags) && - ((desc == IORES_DESC_NONE) || - (desc == p->desc))); - - if (resource_overlaps(p, &res)) - is_type ? type++ : other++; + if (!resource_overlaps(p, &res)) + continue; + is_type = (p->flags & flags) == flags && + (desc == IORES_DESC_NONE || desc == p->desc); + if (is_type) { + type++; + continue; + } + /* + * Continue to search in descendant resources as if the + * matched descendant resources cover some ranges of 'p'. + * + * |------------- "CXL Window 0" ------------| + * |-- "System RAM" --| + * + * will behave similar as the following fake resource + * tree when searching "System RAM". + * + * |-- "System RAM" --||-- "CXL Window 0a" --| + */ + covered = false; + ostart = max(res.start, p->start); + oend = min(res.end, p->end); + for_each_resource(p, dp, false) { + if (!resource_overlaps(dp, &res)) + continue; + is_type = (dp->flags & flags) == flags && + (desc == IORES_DESC_NONE || desc == dp->desc); + if (is_type) { + type++; + /* + * Range from 'ostart' to 'dp->start' + * isn't covered by matched resource. + */ + if (dp->start > ostart) + break; + if (dp->end >= oend) { + covered = true; + break; + } + /* Remove covered range */ + ostart = max(ostart, dp->end + 1); + } + } + if (!covered) + other++; } if (type == 0)

8 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] resource: fix region_intersects() vs" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b4afe4183ec77f230851ea139d91e5cf2644c68b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100732-disinfect-spied-83fc@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: b4afe4183ec7 ("resource: fix region_intersects() vs add_memory_driver_managed()") 14b80582c43e ("resource: Introduce alloc_free_mem_region()") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b4afe4183ec77f230851ea139d91e5cf2644c68b Mon Sep 17 00:00:00 2001 From: Huang Ying <ying.huang(a)intel.com> Date: Fri, 6 Sep 2024 11:07:11 +0800 Subject: [PATCH] resource: fix region_intersects() vs add_memory_driver_managed() On a system with CXL memory, the resource tree (/proc/iomem) related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff : region0 490000000-50fffffff : dax0.0 490000000-50fffffff : System RAM (kmem) Because drivers/dax/kmem.c calls add_memory_driver_managed() during onlining CXL memory, which makes "System RAM (kmem)" a descendant of "CXL Window X". This confuses region_intersects(), which expects all "System RAM" resources to be at the top level of iomem_resource. This can lead to bugs. For example, when the following command line is executed to write some memory in CXL memory range via /dev/mem, $ dd if=data of=/dev/mem bs=$((1 << 10)) seek=$((0x490000000 >> 10)) count=1 dd: error writing '/dev/mem': Bad address 1+0 records in 0+0 records out 0 bytes copied, 0.0283507 s, 0.0 kB/s the command fails as expected. However, the error code is wrong. It should be "Operation not permitted" instead of "Bad address". More seriously, the /dev/mem permission checking in devmem_is_allowed() passes incorrectly. Although the accessing is prevented later because ioremap() isn't allowed to map system RAM, it is a potential security issue. During command executing, the following warning is reported in the kernel log for calling ioremap() on system RAM. ioremap on RAM at 0x0000000490000000 - 0x0000000490000fff WARNING: CPU: 2 PID: 416 at arch/x86/mm/ioremap.c:216 __ioremap_caller.constprop.0+0x131/0x35d Call Trace: memremap+0xcb/0x184 xlate_dev_mem_ptr+0x25/0x2f write_mem+0x94/0xfb vfs_write+0x128/0x26d ksys_write+0xac/0xfe do_syscall_64+0x9a/0xfd entry_SYSCALL_64_after_hwframe+0x4b/0x53 The details of command execution process are as follows. In the above resource tree, "System RAM" is a descendant of "CXL Window 0" instead of a top level resource. So, region_intersects() will report no System RAM resources in the CXL memory region incorrectly, because it only checks the top level resources. Consequently, devmem_is_allowed() will return 1 (allow access via /dev/mem) for CXL memory region incorrectly. Fortunately, ioremap() doesn't allow to map System RAM and reject the access. So, region_intersects() needs to be fixed to work correctly with the resource tree with "System RAM" not at top level as above. To fix it, if we found a unmatched resource in the top level, we will continue to search matched resources in its descendant resources. So, we will not miss any matched resources in resource tree anymore. In the new implementation, an example resource tree |------------- "CXL Window 0" ------------| |-- "System RAM" --| will behave similar as the following fake resource tree for region_intersects(, IORESOURCE_SYSTEM_RAM, ), |-- "System RAM" --||-- "CXL Window 0a" --| Where "CXL Window 0a" is part of the original "CXL Window 0" that isn't covered by "System RAM". Link: https://lkml.kernel.org/r/20240906030713.204292-2-ying.huang@intel.com Fixes: c221c0b0308f ("device-dax: "Hotplug" persistent memory for use like normal RAM") Signed-off-by: "Huang, Ying" <ying.huang(a)intel.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jonathan Cameron <jonathan.cameron(a)huawei.com> Cc: Dave Jiang <dave.jiang(a)intel.com> Cc: Alison Schofield <alison.schofield(a)intel.com> Cc: Vishal Verma <vishal.l.verma(a)intel.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Bjorn Helgaas <bhelgaas(a)google.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/resource.c b/kernel/resource.c index 14777afb0a99..235dc77f8add 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -540,20 +540,62 @@ static int __region_intersects(struct resource *parent, resource_size_t start, size_t size, unsigned long flags, unsigned long desc) { - struct resource res; + resource_size_t ostart, oend; int type = 0; int other = 0; - struct resource *p; + struct resource *p, *dp; + bool is_type, covered; + struct resource res; res.start = start; res.end = start + size - 1; for (p = parent->child; p ; p = p->sibling) { - bool is_type = (((p->flags & flags) == flags) && - ((desc == IORES_DESC_NONE) || - (desc == p->desc))); - - if (resource_overlaps(p, &res)) - is_type ? type++ : other++; + if (!resource_overlaps(p, &res)) + continue; + is_type = (p->flags & flags) == flags && + (desc == IORES_DESC_NONE || desc == p->desc); + if (is_type) { + type++; + continue; + } + /* + * Continue to search in descendant resources as if the + * matched descendant resources cover some ranges of 'p'. + * + * |------------- "CXL Window 0" ------------| + * |-- "System RAM" --| + * + * will behave similar as the following fake resource + * tree when searching "System RAM". + * + * |-- "System RAM" --||-- "CXL Window 0a" --| + */ + covered = false; + ostart = max(res.start, p->start); + oend = min(res.end, p->end); + for_each_resource(p, dp, false) { + if (!resource_overlaps(dp, &res)) + continue; + is_type = (dp->flags & flags) == flags && + (desc == IORES_DESC_NONE || desc == dp->desc); + if (is_type) { + type++; + /* + * Range from 'ostart' to 'dp->start' + * isn't covered by matched resource. + */ + if (dp->start > ostart) + break; + if (dp->end >= oend) { + covered = true; + break; + } + /* Remove covered range */ + ostart = max(ostart, dp->end + 1); + } + } + if (!covered) + other++; } if (type == 0)

8 months, 2 weeks

4
4
0 0

FAILED: patch "[PATCH] resource: fix region_intersects() vs" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b4afe4183ec77f230851ea139d91e5cf2644c68b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100725-galore-pout-d68c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b4afe4183ec7 ("resource: fix region_intersects() vs add_memory_driver_managed()") 14b80582c43e ("resource: Introduce alloc_free_mem_region()") 27674ef6c73f ("mm: remove the extra ZONE_DEVICE struct page refcount") dc90f0846df4 ("mm: don't include <linux/memremap.h> in <linux/mm.h>") 895749455f60 ("mm: simplify freeing of devmap managed pages") 75e55d8a107e ("mm: move free_devmap_managed_page to memremap.c") 730ff52194cd ("mm: remove pointless includes from <linux/hmm.h>") f56caedaf94f ("Merge branch 'akpm' (patches from Andrew)") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b4afe4183ec77f230851ea139d91e5cf2644c68b Mon Sep 17 00:00:00 2001 From: Huang Ying <ying.huang(a)intel.com> Date: Fri, 6 Sep 2024 11:07:11 +0800 Subject: [PATCH] resource: fix region_intersects() vs add_memory_driver_managed() On a system with CXL memory, the resource tree (/proc/iomem) related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff : region0 490000000-50fffffff : dax0.0 490000000-50fffffff : System RAM (kmem) Because drivers/dax/kmem.c calls add_memory_driver_managed() during onlining CXL memory, which makes "System RAM (kmem)" a descendant of "CXL Window X". This confuses region_intersects(), which expects all "System RAM" resources to be at the top level of iomem_resource. This can lead to bugs. For example, when the following command line is executed to write some memory in CXL memory range via /dev/mem, $ dd if=data of=/dev/mem bs=$((1 << 10)) seek=$((0x490000000 >> 10)) count=1 dd: error writing '/dev/mem': Bad address 1+0 records in 0+0 records out 0 bytes copied, 0.0283507 s, 0.0 kB/s the command fails as expected. However, the error code is wrong. It should be "Operation not permitted" instead of "Bad address". More seriously, the /dev/mem permission checking in devmem_is_allowed() passes incorrectly. Although the accessing is prevented later because ioremap() isn't allowed to map system RAM, it is a potential security issue. During command executing, the following warning is reported in the kernel log for calling ioremap() on system RAM. ioremap on RAM at 0x0000000490000000 - 0x0000000490000fff WARNING: CPU: 2 PID: 416 at arch/x86/mm/ioremap.c:216 __ioremap_caller.constprop.0+0x131/0x35d Call Trace: memremap+0xcb/0x184 xlate_dev_mem_ptr+0x25/0x2f write_mem+0x94/0xfb vfs_write+0x128/0x26d ksys_write+0xac/0xfe do_syscall_64+0x9a/0xfd entry_SYSCALL_64_after_hwframe+0x4b/0x53 The details of command execution process are as follows. In the above resource tree, "System RAM" is a descendant of "CXL Window 0" instead of a top level resource. So, region_intersects() will report no System RAM resources in the CXL memory region incorrectly, because it only checks the top level resources. Consequently, devmem_is_allowed() will return 1 (allow access via /dev/mem) for CXL memory region incorrectly. Fortunately, ioremap() doesn't allow to map System RAM and reject the access. So, region_intersects() needs to be fixed to work correctly with the resource tree with "System RAM" not at top level as above. To fix it, if we found a unmatched resource in the top level, we will continue to search matched resources in its descendant resources. So, we will not miss any matched resources in resource tree anymore. In the new implementation, an example resource tree |------------- "CXL Window 0" ------------| |-- "System RAM" --| will behave similar as the following fake resource tree for region_intersects(, IORESOURCE_SYSTEM_RAM, ), |-- "System RAM" --||-- "CXL Window 0a" --| Where "CXL Window 0a" is part of the original "CXL Window 0" that isn't covered by "System RAM". Link: https://lkml.kernel.org/r/20240906030713.204292-2-ying.huang@intel.com Fixes: c221c0b0308f ("device-dax: "Hotplug" persistent memory for use like normal RAM") Signed-off-by: "Huang, Ying" <ying.huang(a)intel.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jonathan Cameron <jonathan.cameron(a)huawei.com> Cc: Dave Jiang <dave.jiang(a)intel.com> Cc: Alison Schofield <alison.schofield(a)intel.com> Cc: Vishal Verma <vishal.l.verma(a)intel.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Bjorn Helgaas <bhelgaas(a)google.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/kernel/resource.c b/kernel/resource.c index 14777afb0a99..235dc77f8add 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -540,20 +540,62 @@ static int __region_intersects(struct resource *parent, resource_size_t start, size_t size, unsigned long flags, unsigned long desc) { - struct resource res; + resource_size_t ostart, oend; int type = 0; int other = 0; - struct resource *p; + struct resource *p, *dp; + bool is_type, covered; + struct resource res; res.start = start; res.end = start + size - 1; for (p = parent->child; p ; p = p->sibling) { - bool is_type = (((p->flags & flags) == flags) && - ((desc == IORES_DESC_NONE) || - (desc == p->desc))); - - if (resource_overlaps(p, &res)) - is_type ? type++ : other++; + if (!resource_overlaps(p, &res)) + continue; + is_type = (p->flags & flags) == flags && + (desc == IORES_DESC_NONE || desc == p->desc); + if (is_type) { + type++; + continue; + } + /* + * Continue to search in descendant resources as if the + * matched descendant resources cover some ranges of 'p'. + * + * |------------- "CXL Window 0" ------------| + * |-- "System RAM" --| + * + * will behave similar as the following fake resource + * tree when searching "System RAM". + * + * |-- "System RAM" --||-- "CXL Window 0a" --| + */ + covered = false; + ostart = max(res.start, p->start); + oend = min(res.end, p->end); + for_each_resource(p, dp, false) { + if (!resource_overlaps(dp, &res)) + continue; + is_type = (dp->flags & flags) == flags && + (desc == IORES_DESC_NONE || desc == dp->desc); + if (is_type) { + type++; + /* + * Range from 'ostart' to 'dp->start' + * isn't covered by matched resource. + */ + if (dp->start > ostart) + break; + if (dp->end >= oend) { + covered = true; + break; + } + /* Remove covered range */ + ostart = max(ostart, dp->end + 1); + } + } + if (!covered) + other++; } if (type == 0)

8 months, 2 weeks

2
2
0 0

[PATCH 5.15.y] xfs: fix super block buf log item UAF during force shutdown

by Guo Xuenan

commit 575689fc0ffa6c4bb4e72fd18e31a6525a6124e0 upstream. xfs log io error will trigger xlog shut down, and end_io worker call xlog_state_shutdown_callbacks to unpin and release the buf log item. The race condition is that when there are some thread doing transaction commit and happened not to be intercepted by xlog_is_shutdown, then, these log item will be insert into CIL, when unpin and release these buf log item, UAF will occur. BTW, add delay before `xlog_cil_commit` can increase recurrence probability. The following call graph actually encountered this bad situation. fsstress io end worker kworker/0:1H-216 xlog_ioend_work ->xlog_force_shutdown ->xlog_state_shutdown_callbacks ->xlog_cil_process_committed ->xlog_cil_committed ->xfs_trans_committed_bulk ->xfs_trans_apply_sb_deltas ->li_ops->iop_unpin(lip, 1); ->xfs_trans_getsb ->_xfs_trans_bjoin ->xfs_buf_item_init ->if (bip) { return 0;} //relog ->xlog_cil_commit ->xlog_cil_insert_items //insert into CIL ->xfs_buf_ioend_fail(bp); ->xfs_buf_ioend ->xfs_buf_item_done ->xfs_buf_item_relse ->xfs_buf_item_free when cil push worker gather percpu cil and insert super block buf log item into ctx->log_items then uaf occurs. ================================================================== BUG: KASAN: use-after-free in xlog_cil_push_work+0x1c8f/0x22f0 Write of size 8 at addr ffff88801800f3f0 by task kworker/u4:4/105 CPU: 0 PID: 105 Comm: kworker/u4:4 Tainted: G W 6.1.0-rc1-00001-g274115149b42 #136 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: xfs-cil/sda xlog_cil_push_work Call Trace: <TASK> dump_stack_lvl+0x4d/0x66 print_report+0x171/0x4a6 kasan_report+0xb3/0x130 xlog_cil_push_work+0x1c8f/0x22f0 process_one_work+0x6f9/0xf70 worker_thread+0x578/0xf30 kthread+0x28c/0x330 ret_from_fork+0x1f/0x30 </TASK> Allocated by task 2145: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_slab_alloc+0x54/0x60 kmem_cache_alloc+0x14a/0x510 xfs_buf_item_init+0x160/0x6d0 _xfs_trans_bjoin+0x7f/0x2e0 xfs_trans_getsb+0xb6/0x3f0 xfs_trans_apply_sb_deltas+0x1f/0x8c0 __xfs_trans_commit+0xa25/0xe10 xfs_symlink+0xe23/0x1660 xfs_vn_symlink+0x157/0x280 vfs_symlink+0x491/0x790 do_symlinkat+0x128/0x220 __x64_sys_symlink+0x7a/0x90 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 216: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x2a/0x40 __kasan_slab_free+0x105/0x1a0 kmem_cache_free+0xb6/0x460 xfs_buf_ioend+0x1e9/0x11f0 xfs_buf_item_unpin+0x3d6/0x840 xfs_trans_committed_bulk+0x4c2/0x7c0 xlog_cil_committed+0xab6/0xfb0 xlog_cil_process_committed+0x117/0x1e0 xlog_state_shutdown_callbacks+0x208/0x440 xlog_force_shutdown+0x1b3/0x3a0 xlog_ioend_work+0xef/0x1d0 process_one_work+0x6f9/0xf70 worker_thread+0x578/0xf30 kthread+0x28c/0x330 ret_from_fork+0x1f/0x30 The buggy address belongs to the object at ffff88801800f388 which belongs to the cache xfs_buf_item of size 272 The buggy address is located 104 bytes inside of 272-byte region [ffff88801800f388, ffff88801800f498) The buggy address belongs to the physical page: page:ffffea0000600380 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801800f208 pfn:0x1800e head:ffffea0000600380 order:1 compound_mapcount:0 compound_pincount:0 flags: 0x1fffff80010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) raw: 001fffff80010200 ffffea0000699788 ffff88801319db50 ffff88800fb50640 raw: ffff88801800f208 000000000015000a 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88801800f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88801800f300: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88801800f380: fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88801800f400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88801800f480: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== Disabling lock debugging due to kernel taint Signed-off-by: Guo Xuenan <guoxuenan(a)huawei.com> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Chang Yu <marcus.yu.56(a)gmail.com> --- The fix 575689fc0ffa ("xfs: fix super block buf log item UAF during force shutdown") was first introduced in v6.2-rc1. Syzkaller reports that the UAF bug is still present in linux-5.15.y (https://syzkaller.appspot.com/bug?extid=4d9a694803b65e21655b). I think a backport should be beneficial here. --- fs/xfs/xfs_buf_item.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c index b1ab100c09e1..ffe318eb897f 100644 --- a/fs/xfs/xfs_buf_item.c +++ b/fs/xfs/xfs_buf_item.c @@ -1017,6 +1017,8 @@ xfs_buf_item_relse( trace_xfs_buf_item_relse(bp, _RET_IP_); ASSERT(!test_bit(XFS_LI_IN_AIL, &bip->bli_item.li_flags)); + if (atomic_read(&bip->bli_refcount)) + return; bp->b_log_item = NULL; xfs_buf_rele(bp); xfs_buf_item_free(bip); -- 2.46.2

8 months, 2 weeks

1
0
0 0

[PATCH 6.1] Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails

by Xiangyu Chen

From: Rick Edgecombe <rick.p.edgecombe(a)intel.com> In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. VMBus code could free decrypted pages if set_memory_encrypted()/decrypted() fails. Leak the pages if this happens. Signed-off-by: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Signed-off-by: Michael Kelley <mhklinux(a)outlook.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Link: https://lore.kernel.org/r/20240311161558.1310-2-mhklinux@outlook.com Signed-off-by: Wei Liu <wei.liu(a)kernel.org> Message-ID: <20240311161558.1310-2-mhklinux(a)outlook.com> [Xiangyu: Modified to apply on 6.1.y] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> --- drivers/hv/connection.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c index da51b50787df..c74088b69a5f 100644 --- a/drivers/hv/connection.c +++ b/drivers/hv/connection.c @@ -243,8 +243,17 @@ int vmbus_connect(void) ret |= set_memory_decrypted((unsigned long) vmbus_connection.monitor_pages[1], 1); - if (ret) + if (ret) { + /* + * If set_memory_decrypted() fails, the encryption state + * of the memory is unknown. So leak the memory instead + * of risking returning decrypted memory to the free list. + * For simplicity, always handle both pages the same. + */ + vmbus_connection.monitor_pages[0] = NULL; + vmbus_connection.monitor_pages[1] = NULL; goto cleanup; + } /* * Isolation VM with AMD SNP needs to access monitor page via -- 2.43.0

8 months, 2 weeks

3
4
0 0

[PATCH net 0/4] mptcp: misc. fixes involving fallback to TCP

by Matthieu Baerts (NGI0)

- Patch 1: better handle DSS corruptions from a bugged peer: reducing warnings, doing a fallback or a reset depending on the subflow state. For >= v5.7. - Patch 2: fix DSS corruption due to large pmtu xmit, where MPTCP was not taken into account. For >= v5.6. - Patch 3: fallback when MPTCP opts are dropped after the first data packet, instead of resetting the connection. For >= v5.6. - Patch 4: restrict the removal of a subflow to other closing states, a better fix, for a recent one. For >= v5.10. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (2): mptcp: fallback when MPTCP opts are dropped after 1st data mptcp: pm: do not remove closing subflows Paolo Abeni (2): mptcp: handle consistently DSS corruption tcp: fix mptcp DSS corruption due to large pmtu xmit net/ipv4/tcp_output.c | 5 +---- net/mptcp/mib.c | 2 ++ net/mptcp/mib.h | 2 ++ net/mptcp/pm_netlink.c | 3 ++- net/mptcp/protocol.c | 24 +++++++++++++++++++++--- net/mptcp/subflow.c | 6 ++++-- 6 files changed, 32 insertions(+), 10 deletions(-) --- base-commit: f15b8d6eb63874230e36a45dd24239050a6f6250 change-id: 20241008-net-mptcp-fallback-fixes-16a9afee238e Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

8 months, 2 weeks

2
5
0 0

[PATCH] spmi: pmic-arb: fix return path in for_each_available_child_of_node()

by Javier Carrasco

This loop requires explicit calls to of_node_put() upon early exits (break, goto, return) to decrement the child refcounter and avoid memory leaks if the child is not required out of the loop. A more robust solution is using the scoped variant of the macro, which automatically calls of_node_put() when the child goes out of scope. Cc: stable(a)vger.kernel.org Fixes: 979987371739 ("spmi: pmic-arb: Add multi bus support") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- drivers/spmi/spmi-pmic-arb.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/spmi/spmi-pmic-arb.c b/drivers/spmi/spmi-pmic-arb.c index 9ba9495fcc4b..ea843159b745 100644 --- a/drivers/spmi/spmi-pmic-arb.c +++ b/drivers/spmi/spmi-pmic-arb.c @@ -1763,14 +1763,13 @@ static int spmi_pmic_arb_register_buses(struct spmi_pmic_arb *pmic_arb, { struct device *dev = &pdev->dev; struct device_node *node = dev->of_node; - struct device_node *child; int ret; /* legacy mode doesn't provide child node for the bus */ if (of_device_is_compatible(node, "qcom,spmi-pmic-arb")) return spmi_pmic_arb_bus_init(pdev, node, pmic_arb); - for_each_available_child_of_node(node, child) { + for_each_available_child_of_node_scoped(node, child) { if (of_node_name_eq(child, "spmi")) { ret = spmi_pmic_arb_bus_init(pdev, child, pmic_arb); if (ret) --- base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc change-id: 20241001-spmi-pmic-arb-scoped-a4b90179edef Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

8 months, 2 weeks

3
2
0 0

[PATCH 1/1] selftests/rseq: Fix mm_cid test failure

by Mathieu Desnoyers

Adapt the rseq.c/rseq.h code to follow GNU C library changes introduced by: glibc commit 2e456ccf0c34 ("Linux: Make __rseq_size useful for feature detection (bug 31965)") Without this fix, rseq selftests for mm_cid fail: ./run_param_test.sh Default parameters Running test spinlock Running compare-twice test spinlock Running mm_cid test spinlock Error: cpu id getter unavailable [ This is based on the following branch: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git branch: fixes ] Fixes: 18c2355838e7 ("selftests/rseq: Implement rseq mm_cid field support") Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Peter Zijlstra <peterz(a)infradead.org> CC: Boqun Feng <boqun.feng(a)gmail.com> CC: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: Shuah Khan <skhan(a)linuxfoundation.org> CC: Carlos O'Donell <carlos(a)redhat.com> CC: Florian Weimer <fweimer(a)redhat.com> CC: linux-kselftest(a)vger.kernel.org CC: stable(a)vger.kernel.org --- tools/testing/selftests/rseq/rseq.c | 110 +++++++++++++++++++--------- tools/testing/selftests/rseq/rseq.h | 10 +-- 2 files changed, 77 insertions(+), 43 deletions(-) diff --git a/tools/testing/selftests/rseq/rseq.c b/tools/testing/selftests/rseq/rseq.c index 96e812bdf8a4..5b9772cdf265 100644 --- a/tools/testing/selftests/rseq/rseq.c +++ b/tools/testing/selftests/rseq/rseq.c @@ -60,12 +60,6 @@ unsigned int rseq_size = -1U; /* Flags used during rseq registration. */ unsigned int rseq_flags; -/* - * rseq feature size supported by the kernel. 0 if the registration was - * unsuccessful. - */ -unsigned int rseq_feature_size = -1U; - static int rseq_ownership; static int rseq_reg_success; /* At least one rseq registration has succeded. */ @@ -111,6 +105,43 @@ int rseq_available(void) } } +/* The rseq areas need to be at least 32 bytes. */ +static +unsigned int get_rseq_min_alloc_size(void) +{ + unsigned int alloc_size = rseq_size; + + if (alloc_size < ORIG_RSEQ_ALLOC_SIZE) + alloc_size = ORIG_RSEQ_ALLOC_SIZE; + return alloc_size; +} + +/* + * Return the feature size supported by the kernel. + * + * Depending on the value returned by getauxval(AT_RSEQ_FEATURE_SIZE): + * + * 0: Return ORIG_RSEQ_FEATURE_SIZE (20) + * > 0: Return the value from getauxval(AT_RSEQ_FEATURE_SIZE). + * + * It should never return a value below ORIG_RSEQ_FEATURE_SIZE. + */ +static +unsigned int get_rseq_kernel_feature_size(void) +{ + unsigned long auxv_rseq_feature_size, auxv_rseq_align; + + auxv_rseq_align = getauxval(AT_RSEQ_ALIGN); + assert(!auxv_rseq_align || auxv_rseq_align <= RSEQ_THREAD_AREA_ALLOC_SIZE); + + auxv_rseq_feature_size = getauxval(AT_RSEQ_FEATURE_SIZE); + assert(!auxv_rseq_feature_size || auxv_rseq_feature_size <= RSEQ_THREAD_AREA_ALLOC_SIZE); + if (auxv_rseq_feature_size) + return auxv_rseq_feature_size; + else + return ORIG_RSEQ_FEATURE_SIZE; +} + int rseq_register_current_thread(void) { int rc; @@ -119,7 +150,7 @@ int rseq_register_current_thread(void) /* Treat libc's ownership as a successful registration. */ return 0; } - rc = sys_rseq(&__rseq_abi, rseq_size, 0, RSEQ_SIG); + rc = sys_rseq(&__rseq_abi, get_rseq_min_alloc_size(), 0, RSEQ_SIG); if (rc) { if (RSEQ_READ_ONCE(rseq_reg_success)) { /* Incoherent success/failure within process. */ @@ -140,28 +171,12 @@ int rseq_unregister_current_thread(void) /* Treat libc's ownership as a successful unregistration. */ return 0; } - rc = sys_rseq(&__rseq_abi, rseq_size, RSEQ_ABI_FLAG_UNREGISTER, RSEQ_SIG); + rc = sys_rseq(&__rseq_abi, get_rseq_min_alloc_size(), RSEQ_ABI_FLAG_UNREGISTER, RSEQ_SIG); if (rc) return -1; return 0; } -static -unsigned int get_rseq_feature_size(void) -{ - unsigned long auxv_rseq_feature_size, auxv_rseq_align; - - auxv_rseq_align = getauxval(AT_RSEQ_ALIGN); - assert(!auxv_rseq_align || auxv_rseq_align <= RSEQ_THREAD_AREA_ALLOC_SIZE); - - auxv_rseq_feature_size = getauxval(AT_RSEQ_FEATURE_SIZE); - assert(!auxv_rseq_feature_size || auxv_rseq_feature_size <= RSEQ_THREAD_AREA_ALLOC_SIZE); - if (auxv_rseq_feature_size) - return auxv_rseq_feature_size; - else - return ORIG_RSEQ_FEATURE_SIZE; -} - static __attribute__((constructor)) void rseq_init(void) { @@ -178,28 +193,54 @@ void rseq_init(void) } if (libc_rseq_size_p && libc_rseq_offset_p && libc_rseq_flags_p && *libc_rseq_size_p != 0) { + unsigned int libc_rseq_size; + /* rseq registration owned by glibc */ rseq_offset = *libc_rseq_offset_p; - rseq_size = *libc_rseq_size_p; + libc_rseq_size = *libc_rseq_size_p; rseq_flags = *libc_rseq_flags_p; - rseq_feature_size = get_rseq_feature_size(); - if (rseq_feature_size > rseq_size) - rseq_feature_size = rseq_size; + + /* + * Previous versions of glibc expose the value + * 32 even though the kernel only supported 20 + * bytes initially. Therefore treat 32 as a + * special-case. glibc 2.40 exposes a 20 bytes + * __rseq_size without using getauxval(3) to + * query the supported size, while still allocating a 32 + * bytes area. Also treat 20 as a special-case. + * + * Special-cases are handled by using the following + * value as active feature set size: + * + * rseq_size = min(32, get_rseq_kernel_feature_size()) + */ + switch (libc_rseq_size) { + case ORIG_RSEQ_FEATURE_SIZE: + fallthrough; + case ORIG_RSEQ_ALLOC_SIZE: + { + unsigned int rseq_kernel_feature_size = get_rseq_kernel_feature_size(); + + if (rseq_kernel_feature_size < ORIG_RSEQ_ALLOC_SIZE) + rseq_size = rseq_kernel_feature_size; + else + rseq_size = ORIG_RSEQ_ALLOC_SIZE; + break; + } + default: + /* Otherwise just use the __rseq_size from libc as rseq_size. */ + rseq_size = libc_rseq_size; + break; + } return; } rseq_ownership = 1; if (!rseq_available()) { rseq_size = 0; - rseq_feature_size = 0; return; } rseq_offset = (void *)&__rseq_abi - rseq_thread_pointer(); rseq_flags = 0; - rseq_feature_size = get_rseq_feature_size(); - if (rseq_feature_size == ORIG_RSEQ_FEATURE_SIZE) - rseq_size = ORIG_RSEQ_ALLOC_SIZE; - else - rseq_size = RSEQ_THREAD_AREA_ALLOC_SIZE; } static __attribute__((destructor)) @@ -209,7 +250,6 @@ void rseq_exit(void) return; rseq_offset = 0; rseq_size = -1U; - rseq_feature_size = -1U; rseq_ownership = 0; } diff --git a/tools/testing/selftests/rseq/rseq.h b/tools/testing/selftests/rseq/rseq.h index d7364ea4d201..4e217b620e0c 100644 --- a/tools/testing/selftests/rseq/rseq.h +++ b/tools/testing/selftests/rseq/rseq.h @@ -68,12 +68,6 @@ extern unsigned int rseq_size; /* Flags used during rseq registration. */ extern unsigned int rseq_flags; -/* - * rseq feature size supported by the kernel. 0 if the registration was - * unsuccessful. - */ -extern unsigned int rseq_feature_size; - enum rseq_mo { RSEQ_MO_RELAXED = 0, RSEQ_MO_CONSUME = 1, /* Unused */ @@ -193,7 +187,7 @@ static inline uint32_t rseq_current_cpu(void) static inline bool rseq_node_id_available(void) { - return (int) rseq_feature_size >= rseq_offsetofend(struct rseq_abi, node_id); + return (int) rseq_size >= rseq_offsetofend(struct rseq_abi, node_id); } /* @@ -207,7 +201,7 @@ static inline uint32_t rseq_current_node_id(void) static inline bool rseq_mm_cid_available(void) { - return (int) rseq_feature_size >= rseq_offsetofend(struct rseq_abi, mm_cid); + return (int) rseq_size >= rseq_offsetofend(struct rseq_abi, mm_cid); } static inline uint32_t rseq_current_mm_cid(void) -- 2.39.2

8 months, 2 weeks

2
1
0 0

[PATCH 1/1] nfsd: fix possible badness in FREE_STATEID

by Olga Kornievskaia

When multiple FREE_STATEIDs are sent for the same delegation stateid, it can lead to a possible either use-after-tree or counter refcount underflow errors. In nfsd4_free_stateid() under the client lock we find a delegation stateid, however the code drops the lock before calling nfs4_put_stid(), that allows another FREE_STATE to find the stateid again. The first one will proceed to then free the stateid which leads to either use-after-free or decrementing already zerod counter. CC: stable(a)vger.kernel.org Signed-off-by: Olga Kornievskaia <okorniev(a)redhat.com> --- fs/nfsd/nfs4state.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index ac1859c7cc9d..56b261608af4 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -7154,6 +7154,7 @@ nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, switch (s->sc_type) { case SC_TYPE_DELEG: if (s->sc_status & SC_STATUS_REVOKED) { + s->sc_status |= SC_STATUS_CLOSED; spin_unlock(&s->sc_lock); dp = delegstateid(s); list_del_init(&dp->dl_recall_lru); -- 2.43.5

8 months, 2 weeks

8
10
0 0

[PATCH v10 2/2] ufs: core: requeue aborted request

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> After the SQ cleanup fix, the CQ will receive a response with the corresponding tag marked as OCS: ABORTED. To align with the behavior of Legacy SDB mode, the handling of OCS: ABORTED has been changed to match that of OCS_INVALID_COMMAND_STATUS (SDB), with both returning a SCSI result of DID_REQUEUE. Furthermore, the workaround implemented before the SQ cleanup fix can be removed. Fixes: ab248643d3d6 ("scsi: ufs: core: Add error handling for MCQ mode") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> --- drivers/ufs/core/ufshcd.c | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 24a32e2fd75e..8e2a7889a565 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -5417,10 +5417,12 @@ ufshcd_transfer_rsp_status(struct ufs_hba *hba, struct ufshcd_lrb *lrbp, } break; case OCS_ABORTED: - result |= DID_ABORT << 16; - break; case OCS_INVALID_COMMAND_STATUS: result |= DID_REQUEUE << 16; + dev_warn(hba->dev, + "OCS %s from controller for tag %d\n", + (ocs == OCS_ABORTED? "aborted" : "invalid"), + lrbp->task_tag); break; case OCS_INVALID_CMD_TABLE_ATTR: case OCS_INVALID_PRDT_ATTR: @@ -6466,26 +6468,12 @@ static bool ufshcd_abort_one(struct request *rq, void *priv) struct scsi_device *sdev = cmd->device; struct Scsi_Host *shost = sdev->host; struct ufs_hba *hba = shost_priv(shost); - struct ufshcd_lrb *lrbp = &hba->lrb[tag]; - struct ufs_hw_queue *hwq; - unsigned long flags; *ret = ufshcd_try_to_abort_task(hba, tag); dev_err(hba->dev, "Aborting tag %d / CDB %#02x %s\n", tag, hba->lrb[tag].cmd ? hba->lrb[tag].cmd->cmnd[0] : -1, *ret ? "failed" : "succeeded"); - /* Release cmd in MCQ mode if abort succeeds */ - if (hba->mcq_enabled && (*ret == 0)) { - hwq = ufshcd_mcq_req_to_hwq(hba, scsi_cmd_to_rq(lrbp->cmd)); - if (!hwq) - return 0; - spin_lock_irqsave(&hwq->cq_lock, flags); - if (ufshcd_cmd_inflight(lrbp->cmd)) - ufshcd_release_scsi_cmd(hba, lrbp); - spin_unlock_irqrestore(&hwq->cq_lock, flags); - } - return *ret == 0; } -- 2.45.2

8 months, 2 weeks

2
1
0 0

[PATCH] firmware/psci: fix missing '%u' format literal in kthread_create_on_cpu()

by Alexander Lobakin

kthread_create_on_cpu() always requires format string to contain one '%u' at the end, as it automatically adds the CPU ID when passing it to kthread_create_on_node(). The former isn't marked as __printf() as it's not printf-like itself, which effectively hides this from the compiler. If you convert this function to printf-like, you'll see the following: In file included from drivers/firmware/psci/psci_checker.c:15: drivers/firmware/psci/psci_checker.c: In function 'suspend_tests': drivers/firmware/psci/psci_checker.c:401:48: warning: too many arguments for format [-Wformat-extra-args] 401 | "psci_suspend_test"); | ^~~~~~~~~~~~~~~~~~~ drivers/firmware/psci/psci_checker.c:400:32: warning: data argument not used by format string [-Wformat-extra-args] 400 | (void *)(long)cpu, cpu, | ^ 401 | "psci_suspend_test"); | ~~~~~~~~~~~~~~~~~~~ Add the missing format literal to fix this. Now the corresponding kthread will be named as "psci_suspend_test-<cpuid>", as it's meant by kthread_create_on_cpu(). Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202408141012.KhvKaxoh-lkp@intel.com Closes: https://lore.kernel.org/oe-kbuild-all/202408141243.eQiEOQQe-lkp@intel.com Fixes: ea8b1c4a6019 ("drivers: psci: PSCI checker module") Cc: stable(a)vger.kernel.org # 4.10+ Signed-off-by: Alexander Lobakin <aleksander.lobakin(a)intel.com> --- drivers/firmware/psci/psci_checker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/psci/psci_checker.c b/drivers/firmware/psci/psci_checker.c index 116eb465cdb4..ecc511c745ce 100644 --- a/drivers/firmware/psci/psci_checker.c +++ b/drivers/firmware/psci/psci_checker.c @@ -398,7 +398,7 @@ static int suspend_tests(void) thread = kthread_create_on_cpu(suspend_test_thread, (void *)(long)cpu, cpu, - "psci_suspend_test"); + "psci_suspend_test-%u"); if (IS_ERR(thread)) pr_err("Failed to create kthread on CPU %d\n", cpu); else -- 2.46.2

8 months, 2 weeks

3
3
0 0

[tip: x86/urgent] x86/bugs: Use code segment selector for VERW operand

by tip-bot2 for Pawan Gupta

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 785bf1ab58aa1f89a5dfcb17b682b7089d69c34f Gitweb: https://git.kernel.org/tip/785bf1ab58aa1f89a5dfcb17b682b7089d69c34f Author: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> AuthorDate: Thu, 26 Sep 2024 09:10:31 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Tue, 08 Oct 2024 15:19:21 -07:00 x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was executing vm86() system call: general protection fault: 0000 [#1] PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1 Hardware name: Dell Inc. PowerEdge 1950/0H723K, BIOS 2.7.0 10/30/2010 EIP: restore_all_switch_stack+0xbe/0xcf EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000 ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: ff8affdc DS: 0000 ES: 0000 FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010046 CR0: 80050033 CR2: 00c2101c CR3: 04b6d000 CR4: 000406d0 Call Trace: show_regs+0x70/0x78 die_addr+0x29/0x70 exc_general_protection+0x13c/0x348 exc_bounds+0x98/0x98 handle_exception+0x14d/0x14d exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf This only happens in 32-bit mode when VERW based mitigations like MDS/RFDS are enabled. This is because segment registers with an arbitrary user value can result in #GP when executing VERW. Intel SDM vol. 2C documents the following behavior for VERW instruction: #GP(0) - If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. CLEAR_CPU_BUFFERS macro executes VERW instruction before returning to user space. Use %cs selector to reference VERW operand. This ensures VERW will not #GP for an arbitrary user %ds. Fixes: a0e2dab44d22 ("x86/entry_32: Add VERW just before userspace transition") Reported-by: Robert Gill <rtgill82(a)gmail.com> Reviewed-by: Andrew Cooper <andrew.cooper3(a)citrix.com Cc: stable(a)vger.kernel.org # 5.10+ Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218707 Closes: https://lore.kernel.org/all/8c77ccfd-d561-45a1-8ed5-6b75212c7a58@leemhuis.i… Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Suggested-by: Brian Gerst <brgerst(a)gmail.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> --- arch/x86/include/asm/nospec-branch.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index ff5f1ec..96b410b 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -323,7 +323,16 @@ * Note: Only the memory operand variant of VERW clears the CPU buffers. */ .macro CLEAR_CPU_BUFFERS - ALTERNATIVE "", __stringify(verw _ASM_RIP(mds_verw_sel)), X86_FEATURE_CLEAR_CPU_BUF +#ifdef CONFIG_X86_64 + ALTERNATIVE "", "verw mds_verw_sel(%rip)", X86_FEATURE_CLEAR_CPU_BUF +#else + /* + * In 32bit mode, the memory operand must be a %cs reference. The data + * segments may not be usable (vm86 mode), and the stack segment may not + * be flat (ESPFIX32). + */ + ALTERNATIVE "", "verw %cs:mds_verw_sel", X86_FEATURE_CLEAR_CPU_BUF +#endif .endm #ifdef CONFIG_X86_64

8 months, 2 weeks

5
6
0 0

[PATCH v3 4/9] serial: qcom-geni: fix dma rx cancellation

by Johan Hovold

Make sure to wait for the DMA transfer to complete when cancelling the rx command on stop_rx(). This specifically prevents the DMA completion interrupt from firing after rx has been restarted, something which can lead to an IOMMU fault and hosed rx when the interrupt handler unmaps the DMA buffer for the new command: qcom_geni_serial 988000.serial: serial engine reports 0 RX bytes in! arm-smmu 15000000.iommu: FSR = 00000402 [Format=2 TF], SID=0x563 arm-smmu 15000000.iommu: FSYNR0 = 00210013 [S1CBNDX=33 WNR PLVL=3] Bluetooth: hci0: command 0xfc00 tx timeout Bluetooth: hci0: Reading QCA version information failed (-110) Also add the missing state machine reset which is needed in case cancellation fails. Fixes: 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") Cc: stable(a)vger.kernel.org # 6.3 Cc: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 87cd974b76bf..aaf24bd037a7 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -805,17 +805,27 @@ static void qcom_geni_serial_start_rx_fifo(struct uart_port *uport) static void qcom_geni_serial_stop_rx_dma(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); + bool done; if (!qcom_geni_serial_secondary_active(uport)) return; geni_se_cancel_s_cmd(&port->se); - qcom_geni_serial_poll_bit(uport, SE_GENI_S_IRQ_STATUS, - S_CMD_CANCEL_EN, true); - - if (qcom_geni_serial_secondary_active(uport)) + done = qcom_geni_serial_poll_bit(uport, SE_DMA_RX_IRQ_STAT, + RX_EOT, true); + if (done) { + writel(RX_EOT | RX_DMA_DONE, + uport->membase + SE_DMA_RX_IRQ_CLR); + } else { qcom_geni_serial_abort_rx(uport); + writel(1, uport->membase + SE_DMA_RX_FSM_RST); + qcom_geni_serial_poll_bit(uport, SE_DMA_RX_IRQ_STAT, + RX_RESET_DONE, true); + writel(RX_RESET_DONE | RX_DMA_DONE, + uport->membase + SE_DMA_RX_IRQ_CLR); + } + if (port->rx_dma_addr) { geni_se_rx_dma_unprep(&port->se, port->rx_dma_addr, DMA_RX_BUF_SIZE); -- 2.45.2

8 months, 2 weeks

1
0
0 0

[PATCH v3 2/9] serial: qcom-geni: revert broken hibernation support

by Johan Hovold

This reverts commit 35781d8356a2eecaa6074ceeb80ee22e252fcdae. Hibernation is not supported on Qualcomm platforms with mainline kernels yet a broken vendor implementation for the GENI serial driver made it upstream. This is effectively dead code that cannot be tested and should just be removed, but if these paths were ever hit for an open non-console port they would crash the machine as the driver would fail to enable clocks during restore() (i.e. all ports would have to be closed by drivers and user space before hibernating the system to avoid this as a comment in the code hinted at). The broken implementation also added a random call to enable the receiver in the port setup code where it does not belong and which enables the receiver prematurely for console ports. Fixes: 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") Cc: stable(a)vger.kernel.org # 6.2 Cc: Aniket Randive <quic_arandive(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 41 ++------------------------- 1 file changed, 2 insertions(+), 39 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index c237c9d107cd..2e4a5361f137 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -1170,7 +1170,6 @@ static int qcom_geni_serial_port_setup(struct uart_port *uport) false, true, true); geni_se_init(&port->se, UART_RX_WM, port->rx_fifo_depth - 2); geni_se_select_mode(&port->se, port->dev_data->mode); - qcom_geni_serial_start_rx(uport); port->setup = true; return 0; @@ -1799,38 +1798,6 @@ static int qcom_geni_serial_sys_resume(struct device *dev) return ret; } -static int qcom_geni_serial_sys_hib_resume(struct device *dev) -{ - int ret = 0; - struct uart_port *uport; - struct qcom_geni_private_data *private_data; - struct qcom_geni_serial_port *port = dev_get_drvdata(dev); - - uport = &port->uport; - private_data = uport->private_data; - - if (uart_console(uport)) { - geni_icc_set_tag(&port->se, QCOM_ICC_TAG_ALWAYS); - geni_icc_set_bw(&port->se); - ret = uart_resume_port(private_data->drv, uport); - /* - * For hibernation usecase clients for - * console UART won't call port setup during restore, - * hence call port setup for console uart. - */ - qcom_geni_serial_port_setup(uport); - } else { - /* - * Peripheral register settings are lost during hibernation. - * Update setup flag such that port setup happens again - * during next session. Clients of HS-UART will close and - * open the port during hibernation. - */ - port->setup = false; - } - return ret; -} - static const struct qcom_geni_device_data qcom_geni_console_data = { .console = true, .mode = GENI_SE_FIFO, @@ -1842,12 +1809,8 @@ static const struct qcom_geni_device_data qcom_geni_uart_data = { }; static const struct dev_pm_ops qcom_geni_serial_pm_ops = { - .suspend = pm_sleep_ptr(qcom_geni_serial_sys_suspend), - .resume = pm_sleep_ptr(qcom_geni_serial_sys_resume), - .freeze = pm_sleep_ptr(qcom_geni_serial_sys_suspend), - .poweroff = pm_sleep_ptr(qcom_geni_serial_sys_suspend), - .restore = pm_sleep_ptr(qcom_geni_serial_sys_hib_resume), - .thaw = pm_sleep_ptr(qcom_geni_serial_sys_hib_resume), + SYSTEM_SLEEP_PM_OPS(qcom_geni_serial_sys_suspend, + qcom_geni_serial_sys_resume) }; static const struct of_device_id qcom_geni_serial_match_table[] = { -- 2.45.2

8 months, 2 weeks

1
0
0 0

[PATCH] mm/mremap: Fix move_normal_pmd/retract_page_tables race

by Jann Horn

In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. At that point, the mmap_lock is held in write mode, but no rmap locks are held yet. For PMD entries that point to page tables and are fully covered by the source address range, move_pgt_entry(NORMAL_PMD, ...) is called, which first takes rmap locks, then does move_normal_pmd(). move_normal_pmd() takes the necessary page table locks at source and destination, then moves an entire page table from the source to the destination. The problem is: The rmap locks, which protect against concurrent page table removal by retract_page_tables() in the THP code, are only taken after the PMD entry has been read and it has been decided how to move it. So we can race as follows (with two processes that have mappings of the same tmpfs file that is stored on a tmpfs mount with huge=advise); note that process A accesses page tables through the MM while process B does it through the file rmap: process A process B ========= ========= mremap mremap_to move_vma move_page_tables get_old_pmd alloc_new_pmd *** PREEMPT *** madvise(MADV_COLLAPSE) do_madvise madvise_walk_vmas madvise_vma_behavior madvise_collapse hpage_collapse_scan_file collapse_file retract_page_tables i_mmap_lock_read(mapping) pmdp_collapse_flush i_mmap_unlock_read(mapping) move_pgt_entry(NORMAL_PMD, ...) take_rmap_locks move_normal_pmd drop_rmap_locks When this happens, move_normal_pmd() can end up creating bogus PMD entries in the line `pmd_populate(mm, new_pmd, pmd_pgtable(pmd))`. The effect depends on arch-specific and machine-specific details; on x86, you can end up with physical page 0 mapped as a page table, which is likely exploitable for user->kernel privilege escalation. Fix the race by letting process B recheck that the PMD still points to a page table after the rmap locks have been taken. Otherwise, we bail and let the caller fall back to the PTE-level copying path, which will then bail immediately at the pmd_none() check. Bug reachability: Reaching this bug requires that you can create shmem/file THP mappings - anonymous THP uses different code that doesn't zap stuff under rmap locks. File THP is gated on an experimental config flag (CONFIG_READ_ONLY_THP_FOR_FS), so on normal distro kernels you need shmem THP to hit this bug. As far as I know, getting shmem THP normally requires that you can mount your own tmpfs with the right mount flags, which would require creating your own user+mount namespace; though I don't know if some distros maybe enable shmem THP by default or something like that. Bug impact: This issue can likely be used for user->kernel privilege escalation when it is reachable. Cc: stable(a)vger.kernel.org Fixes: 1d65b771bc08 ("mm/khugepaged: retract_page_tables() without mmap or vma lock") Closes: https://project-zero.issues.chromium.org/371047675 Co-developed-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Jann Horn <jannh(a)google.com> --- @David: please confirm we can add your Signed-off-by to this patch after the Co-developed-by. (Context: David basically wrote the entire patch except for the commit message.) @akpm: This replaces the previous "[PATCH] mm/mremap: Prevent racing change of old pmd type". --- mm/mremap.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/mm/mremap.c b/mm/mremap.c index 24712f8dbb6b..dda09e957a5d 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -238,6 +238,7 @@ static bool move_normal_pmd(struct vm_area_struct *vma, unsigned long old_addr, { spinlock_t *old_ptl, *new_ptl; struct mm_struct *mm = vma->vm_mm; + bool res = false; pmd_t pmd; if (!arch_supports_page_table_move()) @@ -277,19 +278,25 @@ static bool move_normal_pmd(struct vm_area_struct *vma, unsigned long old_addr, if (new_ptl != old_ptl) spin_lock_nested(new_ptl, SINGLE_DEPTH_NESTING); - /* Clear the pmd */ pmd = *old_pmd; + + /* Racing with collapse? */ + if (unlikely(!pmd_present(pmd) || pmd_leaf(pmd))) + goto out_unlock; + /* Clear the pmd */ pmd_clear(old_pmd); + res = true; VM_BUG_ON(!pmd_none(*new_pmd)); pmd_populate(mm, new_pmd, pmd_pgtable(pmd)); flush_tlb_range(vma, old_addr, old_addr + PMD_SIZE); +out_unlock: if (new_ptl != old_ptl) spin_unlock(new_ptl); spin_unlock(old_ptl); - return true; + return res; } #else static inline bool move_normal_pmd(struct vm_area_struct *vma, --- base-commit: 8cf0b93919e13d1e8d4466eb4080a4c4d9d66d7b change-id: 20241007-move_normal_pmd-vs-collapse-fix-2-387e9a68c7d6 -- Jann Horn <jannh(a)google.com>

8 months, 2 weeks

5
9
0 0

[PATCH v2] ata: libata: avoid superfluous disk spin down + spin up during hibernation

by Niklas Cassel

A user reported that commit aa3998dbeb3a ("ata: libata-scsi: Disable scsi device manage_system_start_stop") introduced a spin down + immediate spin up of the disk both when entering and when resuming from hibernation. This behavior was not there before, and causes an increased latency both when when entering and when resuming from hibernation. Hibernation is done by three consecutive PM events, in the following order: 1) PM_EVENT_FREEZE 2) PM_EVENT_THAW 3) PM_EVENT_HIBERNATE Commit aa3998dbeb3a ("ata: libata-scsi: Disable scsi device manage_system_start_stop") modified ata_eh_handle_port_suspend() to call ata_dev_power_set_standby() (which spins down the disk), for both event PM_EVENT_FREEZE and event PM_EVENT_HIBERNATE. Documentation/driver-api/pm/devices.rst, section "Entering Hibernation", explicitly mentions that PM_EVENT_FREEZE does not have to be put the device in a low-power state, and actually recommends not doing so. Thus, let's not spin down the disk on PM_EVENT_FREEZE. (The disk will instead be spun down during the subsequent PM_EVENT_HIBERNATE event.) This way, PM_EVENT_FREEZE will behave as it did before commit aa3998dbeb3a ("ata: libata-scsi: Disable scsi device manage_system_start_stop"), while PM_EVENT_HIBERNATE will continue to spin down the disk. This will avoid the superfluous spin down + spin up when entering and resuming from hibernation, while still making sure that the disk is spun down before actually entering hibernation. Cc: stable(a)vger.kernel.org # v6.6+ Fixes: aa3998dbeb3a ("ata: libata-scsi: Disable scsi device manage_system_start_stop") Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- Changes since v1: -Add stable to cc. drivers/ata/libata-eh.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c index 3f0144e7dc80..fa41ea57a978 100644 --- a/drivers/ata/libata-eh.c +++ b/drivers/ata/libata-eh.c @@ -4099,10 +4099,20 @@ static void ata_eh_handle_port_suspend(struct ata_port *ap) WARN_ON(ap->pflags & ATA_PFLAG_SUSPENDED); - /* Set all devices attached to the port in standby mode */ - ata_for_each_link(link, ap, HOST_FIRST) { - ata_for_each_dev(dev, link, ENABLED) - ata_dev_power_set_standby(dev); + /* + * We will reach this point for all of the PM events: + * PM_EVENT_SUSPEND (if runtime pm, PM_EVENT_AUTO will also be set) + * PM_EVENT_FREEZE, and PM_EVENT_HIBERNATE. + * + * We do not want to perform disk spin down for PM_EVENT_FREEZE. + * (Spin down will be performed by the subsequent PM_EVENT_HIBERNATE.) + */ + if (!(ap->pm_mesg.event & PM_EVENT_FREEZE)) { + /* Set all devices attached to the port in standby mode */ + ata_for_each_link(link, ap, HOST_FIRST) { + ata_for_each_dev(dev, link, ENABLED) + ata_dev_power_set_standby(dev); + } } /* -- 2.46.2

8 months, 2 weeks

2
3
0 0

[PATCH v2 4/7] serial: qcom-geni: fix receiver enable

by Johan Hovold

The receiver should be enabled in the startup() callback and there is no need to stop it on every termios update. Since commit 6f3c3cafb115 ("serial: qcom-geni: disable interrupts during console writes") the calls to manipulate the secondary interrupts, which were done without holding the port lock, can lead to the receiver being left disabled when set_termios() races with the console code (e.g. when init opens the tty during boot). The calls to stop and start rx in set_termios() can similarly race with DMA completion and, for example, cause the DMA buffer to be unmapped twice or the mapping to be leaked. Fixes: 6f3c3cafb115 ("serial: qcom-geni: disable interrupts during console writes") Fixes: 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 6.3 Cc: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index dea688db0d7c..5b6c5388efee 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -1179,6 +1179,11 @@ static int qcom_geni_serial_startup(struct uart_port *uport) if (ret) return ret; } + + uart_port_lock_irq(uport); + qcom_geni_serial_start_rx(uport); + uart_port_unlock_irq(uport); + enable_irq(uport->irq); return 0; @@ -1264,7 +1269,6 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, unsigned int avg_bw_core; unsigned long timeout; - qcom_geni_serial_stop_rx(uport); /* baud rate */ baud = uart_get_baud_rate(uport, termios, old, 300, 4000000); @@ -1280,7 +1284,7 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, dev_err(port->se.dev, "Couldn't find suitable clock rate for %u\n", baud * sampling_rate); - goto out_restart_rx; + return; } dev_dbg(port->se.dev, "desired_rate = %u, clk_rate = %lu, clk_div = %u\n", @@ -1371,8 +1375,6 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, writel(stop_bit_len, uport->membase + SE_UART_TX_STOP_BIT_LEN); writel(ser_clk_cfg, uport->membase + GENI_SER_M_CLK_CFG); writel(ser_clk_cfg, uport->membase + GENI_SER_S_CLK_CFG); -out_restart_rx: - qcom_geni_serial_start_rx(uport); } #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE -- 2.45.2

8 months, 2 weeks

3
2
0 0

[PATCH v2 1/7] serial: qcom-geni: fix premature receiver enable

by Johan Hovold

The receiver should not be enabled until the port is opened so drop the bogus call to start rx from the setup code which is shared with the console implementation. This was added for some confused implementation of hibernation support, but the receiver must not be started unconditionally as the port may not have been open when hibernating the system. Fixes: 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") Cc: stable(a)vger.kernel.org # 6.2 Cc: Aniket Randive <quic_arandive(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 6f0db310cf69..9ea6bd09e665 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -1152,7 +1152,6 @@ static int qcom_geni_serial_port_setup(struct uart_port *uport) false, true, true); geni_se_init(&port->se, UART_RX_WM, port->rx_fifo_depth - 2); geni_se_select_mode(&port->se, port->dev_data->mode); - qcom_geni_serial_start_rx(uport); port->setup = true; return 0; -- 2.45.2

8 months, 2 weeks

5
5
0 0

[PATCH v2] drm/amdgpu: prevent BO_HANDLES error from being overwritten

by Mohammed Anees

Before this patch, if multiple BO_HANDLES chunks were submitted, the error -EINVAL would be correctly set but could be overwritten by the return value from amdgpu_cs_p1_bo_handles(). This patch ensures that if there are multiple BO_HANDLES, we stop. Cc: stable(a)vger.kernel.org Fixes: fec5f8e8c6bc ("drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit") Signed-off-by: Mohammed Anees <pvmohammedanees2003(a)gmail.com> --- v2: - Switched to goto free_partial_kdata for error handling, following the existing pattern. --- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index 1e475eb01417..d891ab779ca7 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -265,7 +265,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser *p, /* Only a single BO list is allowed to simplify handling. */ if (p->bo_list) - ret = -EINVAL; + goto free_partial_kdata; ret = amdgpu_cs_p1_bo_handles(p, p->chunks[i].kdata); if (ret) -- 2.46.0

8 months, 2 weeks

3
2
0 0

[PATCH v5.10-v5.4] btrfs: get rid of warning on transaction commit when using flushoncommit

by hsimeliere.opensource＠witekio.com

From: Filipe Manana <fdmanana(a)suse.com> commit a0f0cf8341e34e5d2265bfd3a7ad68342da1e2aa upstream. When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from __writeback_inodes_sb_nr(): $ cat fs/fs-writeback.c: (...) static void __writeback_inodes_sb_nr(struct super_block *sb, ... { (...) WARN_ON(!rwsem_is_locked(&sb->s_umount)); (...) } (...) The trace produced in dmesg looks like the following: [947.473890] WARNING: CPU: 5 PID: 930 at fs/fs-writeback.c:2610 __writeback_inodes_sb_nr+0x7e/0xb3 [947.481623] Modules linked in: nfsd nls_cp437 cifs asn1_decoder cifs_arc4 fscache cifs_md4 ipmi_ssif [947.489571] CPU: 5 PID: 930 Comm: btrfs-transacti Not tainted 95.16.3-srb-asrock-00001-g36437ad63879 #186 [947.497969] RIP: 0010:__writeback_inodes_sb_nr+0x7e/0xb3 [947.502097] Code: 24 10 4c 89 44 24 18 c6 (...) [947.519760] RSP: 0018:ffffc90000777e10 EFLAGS: 00010246 [947.523818] RAX: 0000000000000000 RBX: 0000000000963300 RCX: 0000000000000000 [947.529765] RDX: 0000000000000000 RSI: 000000000000fa51 RDI: ffffc90000777e50 [947.535740] RBP: ffff888101628a90 R08: ffff888100955800 R09: ffff888100956000 [947.541701] R10: 0000000000000002 R11: 0000000000000001 R12: ffff888100963488 [947.547645] R13: ffff888100963000 R14: ffff888112fb7200 R15: ffff888100963460 [947.553621] FS: 0000000000000000(0000) GS:ffff88841fd40000(0000) knlGS:0000000000000000 [947.560537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [947.565122] CR2: 0000000008be50c4 CR3: 000000000220c000 CR4: 00000000001006e0 [947.571072] Call Trace: [947.572354] <TASK> [947.573266] btrfs_commit_transaction+0x1f1/0x998 [947.576785] ? start_transaction+0x3ab/0x44e [947.579867] ? schedule_timeout+0x8a/0xdd [947.582716] transaction_kthread+0xe9/0x156 [947.585721] ? btrfs_cleanup_transaction.isra.0+0x407/0x407 [947.590104] kthread+0x131/0x139 [947.592168] ? set_kthread_struct+0x32/0x32 [947.595174] ret_from_fork+0x22/0x30 [947.597561] </TASK> [947.598553] ---[ end trace 644721052755541c ]--- This is because we started using writeback_inodes_sb() to flush delalloc when committing a transaction (when using -o flushoncommit), in order to avoid deadlocks with filesystem freeze operations. This change was made by commit ce8ea7cc6eb313 ("btrfs: don't call btrfs_start_delalloc_roots in flushoncommit"). After that change we started producing that warning, and every now and then a user reports this since the warning happens too often, it spams dmesg/syslog, and a user is unsure if this reflects any problem that might compromise the filesystem's reliability. We can not just lock the sb->s_umount semaphore before calling writeback_inodes_sb(), because that would at least deadlock with filesystem freezing, since at fs/super.c:freeze_super() sync_filesystem() is called while we are holding that semaphore in write mode, and that can trigger a transaction commit, resulting in a deadlock. It would also trigger the same type of deadlock in the unmount path. Possibly, it could also introduce some other locking dependencies that lockdep would report. To fix this call try_to_writeback_inodes_sb() instead of writeback_inodes_sb(), because that will try to read lock sb->s_umount and then will only call writeback_inodes_sb() if it was able to lock it. This is fine because the cases where it can't read lock sb->s_umount are during a filesystem unmount or during a filesystem freeze - in those cases sb->s_umount is write locked and sync_filesystem() is called, which calls writeback_inodes_sb(). In other words, in all cases where we can't take a read lock on sb->s_umount, writeback is already being triggered elsewhere. An alternative would be to call btrfs_start_delalloc_roots() with a number of pages different from LONG_MAX, for example matching the number of delalloc bytes we currently have, in which case we would end up starting all delalloc with filemap_fdatawrite_wbc() and not with an async flush via filemap_flush() - that is only possible after the rather recent commit e076ab2a2ca70a ("btrfs: shrink delalloc pages instead of full inodes"). However that creates a whole new can of worms due to new lock dependencies, which lockdep complains, like for example: [ 8948.247280] ====================================================== [ 8948.247823] WARNING: possible circular locking dependency detected [ 8948.248353] 5.17.0-rc1-btrfs-next-111 #1 Not tainted [ 8948.248786] ------------------------------------------------------ [ 8948.249320] kworker/u16:18/933570 is trying to acquire lock: [ 8948.249812] ffff9b3de1591690 (sb_internal#2){.+.+}-{0:0}, at: find_free_extent+0x141e/0x1590 [btrfs] [ 8948.250638] but task is already holding lock: [ 8948.251140] ffff9b3e09c717d8 (&root->delalloc_mutex){+.+.}-{3:3}, at: start_delalloc_inodes+0x78/0x400 [btrfs] [ 8948.252018] which lock already depends on the new lock. [ 8948.252710] the existing dependency chain (in reverse order) is: [ 8948.253343] -> #2 (&root->delalloc_mutex){+.+.}-{3:3}: [ 8948.253950] __mutex_lock+0x90/0x900 [ 8948.254354] start_delalloc_inodes+0x78/0x400 [btrfs] [ 8948.254859] btrfs_start_delalloc_roots+0x194/0x2a0 [btrfs] [ 8948.255408] btrfs_commit_transaction+0x32f/0xc00 [btrfs] [ 8948.255942] btrfs_mksubvol+0x380/0x570 [btrfs] [ 8948.256406] btrfs_mksnapshot+0x81/0xb0 [btrfs] [ 8948.256870] __btrfs_ioctl_snap_create+0x17f/0x190 [btrfs] [ 8948.257413] btrfs_ioctl_snap_create_v2+0xbb/0x140 [btrfs] [ 8948.257961] btrfs_ioctl+0x1196/0x3630 [btrfs] [ 8948.258418] __x64_sys_ioctl+0x83/0xb0 [ 8948.258793] do_syscall_64+0x3b/0xc0 [ 8948.259146] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 8948.259709] -> #1 (&fs_info->delalloc_root_mutex){+.+.}-{3:3}: [ 8948.260330] __mutex_lock+0x90/0x900 [ 8948.260692] btrfs_start_delalloc_roots+0x97/0x2a0 [btrfs] [ 8948.261234] btrfs_commit_transaction+0x32f/0xc00 [btrfs] [ 8948.261766] btrfs_set_free_space_cache_v1_active+0x38/0x60 [btrfs] [ 8948.262379] btrfs_start_pre_rw_mount+0x119/0x180 [btrfs] [ 8948.262909] open_ctree+0x1511/0x171e [btrfs] [ 8948.263359] btrfs_mount_root.cold+0x12/0xde [btrfs] [ 8948.263863] legacy_get_tree+0x30/0x50 [ 8948.264242] vfs_get_tree+0x28/0xc0 [ 8948.264594] vfs_kern_mount.part.0+0x71/0xb0 [ 8948.265017] btrfs_mount+0x11d/0x3a0 [btrfs] [ 8948.265462] legacy_get_tree+0x30/0x50 [ 8948.265851] vfs_get_tree+0x28/0xc0 [ 8948.266203] path_mount+0x2d4/0xbe0 [ 8948.266554] __x64_sys_mount+0x103/0x140 [ 8948.266940] do_syscall_64+0x3b/0xc0 [ 8948.267300] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 8948.267790] -> #0 (sb_internal#2){.+.+}-{0:0}: [ 8948.268322] __lock_acquire+0x12e8/0x2260 [ 8948.268733] lock_acquire+0xd7/0x310 [ 8948.269092] start_transaction+0x44c/0x6e0 [btrfs] [ 8948.269591] find_free_extent+0x141e/0x1590 [btrfs] [ 8948.270087] btrfs_reserve_extent+0x14b/0x280 [btrfs] [ 8948.270588] cow_file_range+0x17e/0x490 [btrfs] [ 8948.271051] btrfs_run_delalloc_range+0x345/0x7a0 [btrfs] [ 8948.271586] writepage_delalloc+0xb5/0x170 [btrfs] [ 8948.272071] __extent_writepage+0x156/0x3c0 [btrfs] [ 8948.272579] extent_write_cache_pages+0x263/0x460 [btrfs] [ 8948.273113] extent_writepages+0x76/0x130 [btrfs] [ 8948.273573] do_writepages+0xd2/0x1c0 [ 8948.273942] filemap_fdatawrite_wbc+0x68/0x90 [ 8948.274371] start_delalloc_inodes+0x17f/0x400 [btrfs] [ 8948.274876] btrfs_start_delalloc_roots+0x194/0x2a0 [btrfs] [ 8948.275417] flush_space+0x1f2/0x630 [btrfs] [ 8948.275863] btrfs_async_reclaim_data_space+0x108/0x1b0 [btrfs] [ 8948.276438] process_one_work+0x252/0x5a0 [ 8948.276829] worker_thread+0x55/0x3b0 [ 8948.277189] kthread+0xf2/0x120 [ 8948.277506] ret_from_fork+0x22/0x30 [ 8948.277868] other info that might help us debug this: [ 8948.278548] Chain exists of: sb_internal#2 --> &fs_info->delalloc_root_mutex --> &root->delalloc_mutex [ 8948.279601] Possible unsafe locking scenario: [ 8948.280102] CPU0 CPU1 [ 8948.280508] ---- ---- [ 8948.280915] lock(&root->delalloc_mutex); [ 8948.281271] lock(&fs_info->delalloc_root_mutex); [ 8948.281915] lock(&root->delalloc_mutex); [ 8948.282487] lock(sb_internal#2); [ 8948.282800] *** DEADLOCK *** [ 8948.283333] 4 locks held by kworker/u16:18/933570: [ 8948.283750] #0: ffff9b3dc00a9d48 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1d2/0x5a0 [ 8948.284609] #1: ffffa90349dafe70 ((work_completion)(&fs_info->async_data_reclaim_work)){+.+.}-{0:0}, at: process_one_work+0x1d2/0x5a0 [ 8948.285637] #2: ffff9b3e14db5040 (&fs_info->delalloc_root_mutex){+.+.}-{3:3}, at: btrfs_start_delalloc_roots+0x97/0x2a0 [btrfs] [ 8948.286674] #3: ffff9b3e09c717d8 (&root->delalloc_mutex){+.+.}-{3:3}, at: start_delalloc_inodes+0x78/0x400 [btrfs] [ 8948.287596] stack backtrace: [ 8948.287975] CPU: 3 PID: 933570 Comm: kworker/u16:18 Not tainted 5.17.0-rc1-btrfs-next-111 #1 [ 8948.288677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 8948.289649] Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] [ 8948.290298] Call Trace: [ 8948.290517] <TASK> [ 8948.290700] dump_stack_lvl+0x59/0x73 [ 8948.291026] check_noncircular+0xf3/0x110 [ 8948.291375] ? start_transaction+0x228/0x6e0 [btrfs] [ 8948.291826] __lock_acquire+0x12e8/0x2260 [ 8948.292241] lock_acquire+0xd7/0x310 [ 8948.292714] ? find_free_extent+0x141e/0x1590 [btrfs] [ 8948.293241] ? lock_is_held_type+0xea/0x140 [ 8948.293601] start_transaction+0x44c/0x6e0 [btrfs] [ 8948.294055] ? find_free_extent+0x141e/0x1590 [btrfs] [ 8948.294518] find_free_extent+0x141e/0x1590 [btrfs] [ 8948.294957] ? _raw_spin_unlock+0x29/0x40 [ 8948.295312] ? btrfs_get_alloc_profile+0x124/0x290 [btrfs] [ 8948.295813] btrfs_reserve_extent+0x14b/0x280 [btrfs] [ 8948.296270] cow_file_range+0x17e/0x490 [btrfs] [ 8948.296691] btrfs_run_delalloc_range+0x345/0x7a0 [btrfs] [ 8948.297175] ? find_lock_delalloc_range+0x247/0x270 [btrfs] [ 8948.297678] writepage_delalloc+0xb5/0x170 [btrfs] [ 8948.298123] __extent_writepage+0x156/0x3c0 [btrfs] [ 8948.298570] extent_write_cache_pages+0x263/0x460 [btrfs] [ 8948.299061] extent_writepages+0x76/0x130 [btrfs] [ 8948.299495] do_writepages+0xd2/0x1c0 [ 8948.299817] ? sched_clock_cpu+0xd/0x110 [ 8948.300160] ? lock_release+0x155/0x4a0 [ 8948.300494] filemap_fdatawrite_wbc+0x68/0x90 [ 8948.300874] ? do_raw_spin_unlock+0x4b/0xa0 [ 8948.301243] start_delalloc_inodes+0x17f/0x400 [btrfs] [ 8948.301706] ? lock_release+0x155/0x4a0 [ 8948.302055] btrfs_start_delalloc_roots+0x194/0x2a0 [btrfs] [ 8948.302564] flush_space+0x1f2/0x630 [btrfs] [ 8948.302970] btrfs_async_reclaim_data_space+0x108/0x1b0 [btrfs] [ 8948.303510] process_one_work+0x252/0x5a0 [ 8948.303860] ? process_one_work+0x5a0/0x5a0 [ 8948.304221] worker_thread+0x55/0x3b0 [ 8948.304543] ? process_one_work+0x5a0/0x5a0 [ 8948.304904] kthread+0xf2/0x120 [ 8948.305184] ? kthread_complete_and_exit+0x20/0x20 [ 8948.305598] ret_from_fork+0x22/0x30 [ 8948.305921] </TASK> It all comes from the fact that btrfs_start_delalloc_roots() takes the delalloc_root_mutex, in the transaction commit path we are holding a read lock on one of the superblock's freeze semaphores (via sb_start_intwrite()), the async reclaim task can also do a call to btrfs_start_delalloc_roots(), which ends up triggering writeback with calls to filemap_fdatawrite_wbc(), resulting in extent allocation which in turn can call btrfs_start_transaction(), which will result in taking the freeze semaphore via sb_start_intwrite(), forming a nasty dependency on all those locks which can be taken in different orders by different code paths. So just adopt the simple approach of calling try_to_writeback_inodes_sb() at btrfs_start_delalloc_flush(). Link: https://lore.kernel.org/linux-btrfs/20220130005258.GA7465@cuci.nl/ Link: https://lore.kernel.org/linux-btrfs/43acc426-d683-d1b6-729d-c6bc4a2fff4d@gm… Link: https://lore.kernel.org/linux-btrfs/6833930a-08d7-6fbc-0141-eb9cdfd6bb4d@gm… Link: https://lore.kernel.org/linux-btrfs/20190322041731.GF16651@hungrycats.org/ Reviewed-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> [ add more link reports ] Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- fs/btrfs/transaction.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index 8878aa7cbdc5..c797563fa9cf 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -2021,16 +2021,24 @@ static inline int btrfs_start_delalloc_flush(struct btrfs_trans_handle *trans) struct btrfs_fs_info *fs_info = trans->fs_info; /* - * We use writeback_inodes_sb here because if we used + * We use try_to_writeback_inodes_sb() here because if we used * btrfs_start_delalloc_roots we would deadlock with fs freeze. * Currently are holding the fs freeze lock, if we do an async flush * we'll do btrfs_join_transaction() and deadlock because we need to * wait for the fs freeze lock. Using the direct flushing we benefit * from already being in a transaction and our join_transaction doesn't * have to re-take the fs freeze lock. + * + * Note that try_to_writeback_inodes_sb() will only trigger writeback + * if it can read lock sb->s_umount. It will always be able to lock it, + * except when the filesystem is being unmounted or being frozen, but in + * those cases sync_filesystem() is called, which results in calling + * writeback_inodes_sb() while holding a write lock on sb->s_umount. + * Note that we don't call writeback_inodes_sb() directly, because it + * will emit a warning if sb->s_umount is not locked. */ if (btrfs_test_opt(fs_info, FLUSHONCOMMIT)) { - writeback_inodes_sb(fs_info->sb, WB_REASON_SYNC); + try_to_writeback_inodes_sb(fs_info->sb, WB_REASON_SYNC); } else { struct btrfs_pending_snapshot *pending; struct list_head *head = &trans->transaction->pending_snapshots; -- 2.43.0

8 months, 2 weeks

3
3
0 0

[PATCH] Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails

by libo.chen.cn＠windriver.com

From: Rick Edgecombe <rick.p.edgecombe(a)intel.com> commit 03f5a999adba ("Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails") In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. VMBus code could free decrypted pages if set_memory_encrypted()/decrypted() fails. Leak the pages if this happens. Signed-off-by: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Signed-off-by: Michael Kelley <mhklinux(a)outlook.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Link: https://lore.kernel.org/r/20240311161558.1310-2-mhklinux@outlook.com Signed-off-by: Wei Liu <wei.liu(a)kernel.org> Message-ID: <20240311161558.1310-2-mhklinux(a)outlook.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> CVE-2024-36913 Signed-off-by: Libo Chen <libo.chen.cn(a)windriver.com> --- This commit is backporting 03f5a999adba to the branch linux-5.15.y to solve the CVE-2024-36913. Please merge this commit to linux-5.15.y. drivers/hv/connection.c | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c index 47fb412eafd3..8283e7ba156e 100644 --- a/drivers/hv/connection.c +++ b/drivers/hv/connection.c @@ -19,6 +19,7 @@ #include <linux/vmalloc.h> #include <linux/hyperv.h> #include <linux/export.h> +#include <linux/set_memory.h> #include <asm/mshyperv.h> #include "hyperv_vmbus.h" @@ -216,6 +217,29 @@ int vmbus_connect(void) goto cleanup; } + ret = set_memory_decrypted((unsigned long) + vmbus_connection.monitor_pages[0], 1); + ret |= set_memory_decrypted((unsigned long) + vmbus_connection.monitor_pages[1], 1); + if (ret) { + /* + * If set_memory_decrypted() fails, the encryption state + * of the memory is unknown. So leak the memory instead + * of risking returning decrypted memory to the free list. + * For simplicity, always handle both pages the same. + */ + vmbus_connection.monitor_pages[0] = NULL; + vmbus_connection.monitor_pages[1] = NULL; + goto cleanup; + } + + /* + * Set_memory_decrypted() will change the memory contents if + * decryption occurs, so zero monitor pages here. + */ + memset(vmbus_connection.monitor_pages[0], 0x00, HV_HYP_PAGE_SIZE); + memset(vmbus_connection.monitor_pages[1], 0x00, HV_HYP_PAGE_SIZE); + msginfo = kzalloc(sizeof(*msginfo) + sizeof(struct vmbus_channel_initiate_contact), GFP_KERNEL); @@ -303,10 +327,19 @@ void vmbus_disconnect(void) vmbus_connection.int_page = NULL; } - hv_free_hyperv_page((unsigned long)vmbus_connection.monitor_pages[0]); - hv_free_hyperv_page((unsigned long)vmbus_connection.monitor_pages[1]); - vmbus_connection.monitor_pages[0] = NULL; - vmbus_connection.monitor_pages[1] = NULL; + if (vmbus_connection.monitor_pages[0]) { + if (!set_memory_encrypted( + (unsigned long)vmbus_connection.monitor_pages[0], 1)) + hv_free_hyperv_page((unsigned long)vmbus_connection.monitor_pages[0]); + vmbus_connection.monitor_pages[0] = NULL; + } + + if (vmbus_connection.monitor_pages[1]) { + if (!set_memory_encrypted( + (unsigned long)vmbus_connection.monitor_pages[1], 1)) + hv_free_hyperv_page((unsigned long)vmbus_connection.monitor_pages[1]); + vmbus_connection.monitor_pages[1] = NULL; + } } /* -- 2.25.1

8 months, 2 weeks

2
1
0 0

[PATCH v3 net 0/3] net: enetc: fix some issues of XDP

by Wei Fang

We found some bugs when testing the XDP function of enetc driver, and these bugs are easy to reproduce. This is not only causes XDP to not work, but also the network cannot be restored after exiting the XDP program. So the patch set is mainly to fix these bugs. For details, please see the commit message of each patch. --- v1 link: https://lore.kernel.org/bpf/20240919084104.661180-1-wei.fang@nxp.com/T/ v2 link: https://lore.kernel.org/netdev/20241008224806.2onzkt3gbslw5jxb@skbuf/T/ --- Wei Fang (3): net: enetc: remove xdp_drops statistic from enetc_xdp_drop() net: enetc: fix the issues of XDP_REDIRECT feature net: enetc: disable IRQ after Rx and Tx BD rings are disabled drivers/net/ethernet/freescale/enetc/enetc.c | 56 +++++++++++++++----- drivers/net/ethernet/freescale/enetc/enetc.h | 1 + 2 files changed, 44 insertions(+), 13 deletions(-) -- 2.34.1

8 months, 2 weeks

2
8
0 0

[PATCH] x86/stackprotector: Work around strict Clang TLS symbol requirements

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> GCC and Clang both implement stack protector support based on Thread Local Storage (TLS) variables, and this is used in the kernel to implement per-task stack cookies, by copying a task's stack cookie into a per-CPU variable every time it is scheduled in. Both now also implement -mstack-protector-guard-symbol=, which permits the TLS variable to be specified directly. This is useful because it will allow us to move away from using a fixed offset of 40 bytes into the per-CPU area on x86_64, which requires a lot of special handling in the per-CPU code and the runtime relocation code. However, while GCC is rather lax in its implementation of this command line option, Clang actually requires that the provided symbol name refers to a TLS variable (i.e., one declared with __thread), although it also permits the variable to be undeclared entirely, in which case it will use an implicit declaration of the right type. The upshot of this is that Clang will emit the correct references to the stack cookie variable in most cases, e.g., 10d: 64 a1 00 00 00 00 mov %fs:0x0,%eax 10f: R_386_32 __stack_chk_guard However, if a non-TLS definition of the symbol in question is visible in the same compilation unit (which amounts to the whole of vmlinux if LTO is enabled), it will drop the per-CPU prefix and emit a load from a bogus address. Work around this by using a symbol name that never occurs in C code, and emit it as an alias in the linker script. Fixes: 3fb0fdb3bbe7 ("x86/stackprotector/32: Make the canary into a regular percpu variable") Cc: <stable(a)vger.kernel.org> Cc: Fangrui Song <i(a)maskray.me> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Uros Bizjak <ubizjak(a)gmail.com> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Andy Lutomirski <luto(a)kernel.org> Link: https://github.com/ClangBuiltLinux/linux/issues/1854 Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- arch/x86/Makefile | 5 +++-- arch/x86/entry/entry.S | 16 ++++++++++++++++ arch/x86/kernel/cpu/common.c | 2 ++ arch/x86/kernel/vmlinux.lds.S | 3 +++ 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/arch/x86/Makefile b/arch/x86/Makefile index cd75e78a06c1..5b773b34768d 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -142,9 +142,10 @@ ifeq ($(CONFIG_X86_32),y) ifeq ($(CONFIG_STACKPROTECTOR),y) ifeq ($(CONFIG_SMP),y) - KBUILD_CFLAGS += -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard + KBUILD_CFLAGS += -mstack-protector-guard-reg=fs \ + -mstack-protector-guard-symbol=__ref_stack_chk_guard else - KBUILD_CFLAGS += -mstack-protector-guard=global + KBUILD_CFLAGS += -mstack-protector-guard=global endif endif else diff --git a/arch/x86/entry/entry.S b/arch/x86/entry/entry.S index d9feadffa972..a503e6d535f8 100644 --- a/arch/x86/entry/entry.S +++ b/arch/x86/entry/entry.S @@ -46,3 +46,19 @@ EXPORT_SYMBOL_GPL(mds_verw_sel); .popsection THUNK warn_thunk_thunk, __warn_thunk + +#ifndef CONFIG_X86_64 +/* + * Clang's implementation of TLS stack cookies requires the variable in + * question to be a TLS variable. If the variable happens to be defined as an + * ordinary variable with external linkage in the same compilation unit (which + * amounts to the whole of vmlinux with LTO enabled), Clang will drop the + * segment register prefix from the references, resulting in broken code. Work + * around this by avoiding the symbol used in -mstack-protector-guard-symbol= + * entirely in the C code, and use an alias emitted by the linker script + * instead. + */ +#ifdef CONFIG_STACKPROTECTOR +EXPORT_SYMBOL(__ref_stack_chk_guard); +#endif +#endif diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 07a34d723505..ba83f54dfaa8 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -2085,8 +2085,10 @@ void syscall_init(void) #ifdef CONFIG_STACKPROTECTOR DEFINE_PER_CPU(unsigned long, __stack_chk_guard); +#ifndef CONFIG_SMP EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); #endif +#endif #endif /* CONFIG_X86_64 */ diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 2b7c8c14c6fd..a80ad2bf8da4 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -490,6 +490,9 @@ SECTIONS . = ASSERT((_end - LOAD_OFFSET <= KERNEL_IMAGE_SIZE), "kernel image bigger than KERNEL_IMAGE_SIZE"); +/* needed for Clang - see arch/x86/entry/entry.S */ +PROVIDE(__ref_stack_chk_guard = __stack_chk_guard); + #ifdef CONFIG_X86_64 /* * Per-cpu symbols which need to be offset from __per_cpu_load -- 2.46.1.824.gd892dcdcdd-goog

8 months, 2 weeks

4
5
0 0

[PATCH v2 0/6] sysctl: prepare sysctl core for const struct ctl_table

by Thomas Weißschuh

Adapt the internal and external APIs of the sysctl core to handle read-only instances of "struct ctl_table". Patch 1: Bugfix for the sysctl core, the bug can be reliably triggered with the series applied Patch 2: Trivial preparation commit for the sysctl BPF hook Patch 3: Adapts the internal sysctl APIs Patch 4: Adapts the external sysctl APIs Patch 5: Constifies the sysctl internal tables as proof that it works Patch 6: Updates scripts/const_structs.checkpatch for "struct ctl_table" Motivation ========== Moving structures containing function pointers into unmodifiable .rodata prevents attackers or bugs from corrupting and diverting those pointers. Also the "struct ctl_table" exposed by the sysctl core were never meant to be mutated by users. For this goal changes to both the sysctl core and "const" qualifiers for various sysctl APIs are necessary. Full Process ============ * Drop ctl_table modifications from the sysctl core ([0], in mainline) * Constify arguments to ctl_table_root::{set_ownership,permissions} ([1], in mainline) * Migrate users of "ctl_table_header::ctl_table_arg" to "const". (in mainline) * Afterwards convert "ctl_table_header::ctl_table_arg" itself to const. (in mainline) * Prepare helpers used to implement proc_handlers throughout the tree to use "const struct ctl_table *". ([2], in mainline) * Afterwards switch over all proc_handlers callbacks to use "const struct ctl_table *" in one commit. (in mainline) * Switch over the internals of the sysctl core to "const struct ctl_table *" (this series) * Switch include/linux/sysctl.h to "const struct ctl_table *" (this series) * Transition instances of "struct ctl_table" through the tree to const (to be done) This series is meant to be applied through the sysctl tree. Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Changes in v2: - Avoid spurious permanent empty tables (patch 1) - Link to v1: https://lore.kernel.org/r/20240729-sysctl-const-api-v1-0-ca628c7a942c@weiss… --- Thomas Weißschuh (6): sysctl: avoid spurious permanent empty tables bpf: Constify ctl_table argument of filter function sysctl: move internal interfaces to const struct ctl_table sysctl: allow registration of const struct ctl_table sysctl: make internal ctl_tables const const_structs.checkpatch: add ctl_table fs/proc/internal.h | 2 +- fs/proc/proc_sysctl.c | 100 +++++++++++++++++++++------------------ include/linux/bpf-cgroup.h | 2 +- include/linux/sysctl.h | 12 ++--- kernel/bpf/cgroup.c | 2 +- scripts/const_structs.checkpatch | 1 + 6 files changed, 63 insertions(+), 56 deletions(-) --- base-commit: 8400291e289ee6b2bf9779ff1c83a291501f017b change-id: 20240729-sysctl-const-api-73954f3d62c1 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

8 months, 2 weeks

3
4
0 0

[PATCH] usb: dwc3: core: Fix system suspend on TI AM62 platforms

by Roger Quadros

Since commit 6d735722063a ("usb: dwc3: core: Prevent phy suspend during init"), system suspend is broken on AM62 TI platforms. Before that commit, both DWC3_GUSB3PIPECTL_SUSPHY and DWC3_GUSB2PHYCFG_SUSPHY bits (hence forth called 2 SUSPHY bits) were being set during core initialization and even during core re-initialization after a system suspend/resume. These bits are required to be set for system suspend/resume to work correctly on AM62 platforms. Since that commit, the 2 SUSPHY bits are not set for DEVICE/OTG mode if gadget driver is not loaded and started. For Host mode, the 2 SUSPHY bits are set before the first system suspend but get cleared at system resume during core re-init and are never set again. This patch resovles these two issues by ensuring the 2 SUSPHY bits are set before system suspend and restored to the original state during system resume. Cc: stable(a)vger.kernel.org # v6.9+ Fixes: 6d735722063a ("usb: dwc3: core: Prevent phy suspend during init") Link: https://lore.kernel.org/all/1519dbe7-73b6-4afc-bfe3-23f4f75d772f@kernel.org/ Signed-off-by: Roger Quadros <rogerq(a)kernel.org> --- drivers/usb/dwc3/core.c | 16 ++++++++++++++++ drivers/usb/dwc3/core.h | 2 ++ 2 files changed, 18 insertions(+) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 9eb085f359ce..1233922d4d54 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2336,6 +2336,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) u32 reg; int i; + dwc->susphy_state = !!(dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & + DWC3_GUSB2PHYCFG_SUSPHY); + switch (dwc->current_dr_role) { case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) @@ -2387,6 +2390,11 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; } + if (!PMSG_IS_AUTO(msg)) { + if (!dwc->susphy_state) + dwc3_enable_susphy(dwc, true); + } + return 0; } @@ -2454,6 +2462,14 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) break; } + if (!PMSG_IS_AUTO(msg)) { + /* dwc3_core_init_for_resume() disables SUSPHY so just handle + * the enable case + */ + if (dwc->susphy_state) + dwc3_enable_susphy(dwc, true); + } + return 0; } diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index c71240e8f7c7..b2ed5aba4c72 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1150,6 +1150,7 @@ struct dwc3_scratchpad_array { * @sys_wakeup: set if the device may do system wakeup. * @wakeup_configured: set if the device is configured for remote wakeup. * @suspended: set to track suspend event due to U3/L2. + * @susphy_state: state of DWC3_GUSB2PHYCFG_SUSPHY before PM suspend. * @imod_interval: set the interrupt moderation interval in 250ns * increments or 0 to disable. * @max_cfg_eps: current max number of IN eps used across all USB configs. @@ -1382,6 +1383,7 @@ struct dwc3 { unsigned sys_wakeup:1; unsigned wakeup_configured:1; unsigned suspended:1; + unsigned susphy_state:1; u16 imod_interval; --- base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc change-id: 20240923-am62-lpm-usb-f420917bd707 Best regards, -- Roger Quadros <rogerq(a)kernel.org>

8 months, 2 weeks

2
7
0 0

[PATCH v5 5/7] clk: qcom: gcc-x1e80100: Fix halt_check for pipediv2 clocks

by Qiang Yu

The pipediv2_clk's source from the same mux as pipe clock. So they have same limitation, which is that the PHY sequence requires to enable these local CBCs before the PHY is actually outputting a clock to them. This means the clock won't actually turn on when we vote them. Hence, let's skip the halt bit check of the pipediv2_clk, otherwise pipediv2_clk may stuck at off state during bootup. Cc: stable(a)vger.kernel.org Fixes: 161b7c401f4b ("clk: qcom: Add Global Clock controller (GCC) driver for X1E80100") Suggested-by: Mike Tipton <quic_mdtipton(a)quicinc.com> Signed-off-by: Qiang Yu <quic_qianyu(a)quicinc.com> Reviewed-by: Konrad Dybcio <konradybcio(a)kernel.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/clk/qcom/gcc-x1e80100.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/clk/qcom/gcc-x1e80100.c b/drivers/clk/qcom/gcc-x1e80100.c index 0f578771071f..81ba5ceab342 100644 --- a/drivers/clk/qcom/gcc-x1e80100.c +++ b/drivers/clk/qcom/gcc-x1e80100.c @@ -3123,7 +3123,7 @@ static struct clk_branch gcc_pcie_3_pipe_clk = { static struct clk_branch gcc_pcie_3_pipediv2_clk = { .halt_reg = 0x58060, - .halt_check = BRANCH_HALT_VOTED, + .halt_check = BRANCH_HALT_SKIP, .clkr = { .enable_reg = 0x52020, .enable_mask = BIT(5), @@ -3248,7 +3248,7 @@ static struct clk_branch gcc_pcie_4_pipe_clk = { static struct clk_branch gcc_pcie_4_pipediv2_clk = { .halt_reg = 0x6b054, - .halt_check = BRANCH_HALT_VOTED, + .halt_check = BRANCH_HALT_SKIP, .clkr = { .enable_reg = 0x52010, .enable_mask = BIT(27), @@ -3373,7 +3373,7 @@ static struct clk_branch gcc_pcie_5_pipe_clk = { static struct clk_branch gcc_pcie_5_pipediv2_clk = { .halt_reg = 0x2f054, - .halt_check = BRANCH_HALT_VOTED, + .halt_check = BRANCH_HALT_SKIP, .clkr = { .enable_reg = 0x52018, .enable_mask = BIT(19), @@ -3511,7 +3511,7 @@ static struct clk_branch gcc_pcie_6a_pipe_clk = { static struct clk_branch gcc_pcie_6a_pipediv2_clk = { .halt_reg = 0x31060, - .halt_check = BRANCH_HALT_VOTED, + .halt_check = BRANCH_HALT_SKIP, .clkr = { .enable_reg = 0x52018, .enable_mask = BIT(28), @@ -3649,7 +3649,7 @@ static struct clk_branch gcc_pcie_6b_pipe_clk = { static struct clk_branch gcc_pcie_6b_pipediv2_clk = { .halt_reg = 0x8d060, - .halt_check = BRANCH_HALT_VOTED, + .halt_check = BRANCH_HALT_SKIP, .clkr = { .enable_reg = 0x52010, .enable_mask = BIT(28), -- 2.34.1

8 months, 2 weeks

1
0
0 0

[PATCH 5.15.y 0/1] Fix of CVE-2023-52904 for stable-5.15

by Harshvardhan Jha

Folowing is a backport of commit a474d4ad59cd ("ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()") to stable-5.15 branch which fixes broken commit bfd36b1d1869 ("ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format()"). This was a clean pick and shouldn't be break anything. Basic smoke tests were performed on this patch. Jaroslav Kysela (1): ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() sound/usb/pcm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.46.0

8 months, 2 weeks

1
1
0 0

[PATCH v7 0/3] Fix dosemu vm86() fault

by Pawan Gupta

Changes in v7: - Using %ss for verw fails kselftest ldt_gdt.c in 32-bit mode, use safer %cs instead (Dave). v6: https://lore.kernel.org/r/20240905-fix-dosemu-vm86-v6-0-7aff8e53cbbf@linux.… - Use %ss in 64-bit mode as well for all VERW calls. This avoids any having a separate macro for 32-bit (Dave). - Split 32-bit mode fixes into separate patches. v5: https://lore.kernel.org/r/20240711-fix-dosemu-vm86-v5-1-e87dcd7368aa@linux.… - Simplify the use of ALTERNATIVE construct (Uros/Jiri/Peter). v4: https://lore.kernel.org/r/20240710-fix-dosemu-vm86-v4-1-aa6464e1de6f@linux.… - Further simplify the patch by using %ss for all VERW calls in 32-bit mode (Brian). - In NMI exit path move VERW after RESTORE_ALL_NMI that touches GPRs (Dave). v3: https://lore.kernel.org/r/20240701-fix-dosemu-vm86-v3-1-b1969532c75a@linux.… - Simplify CLEAR_CPU_BUFFERS_SAFE by using %ss instead of %ds (Brian). - Do verw before popf in SYSEXIT path (Jari). v2: https://lore.kernel.org/r/20240627-fix-dosemu-vm86-v2-1-d5579f698e77@linux.… - Safe guard against any other system calls like vm86() that might change %ds (Dave). v1: https://lore.kernel.org/r/20240426-fix-dosemu-vm86-v1-1-88c826a3f378@linux.… Hi, This series fixes a #GP in 32-bit kernels when executing vm86() system call in dosemu software. In 32-bit mode, their are cases when user can set an arbitrary %ds that can cause a #GP when executing VERW instruction. The fix is to use %ss for referencing the VERW operand. Patch 1-2: Fixes the VERW callsites in 32-bit entry path. Patch 3: Uses %ss for VERW in 32-bit and 64-bit mode. The fix is tested with below kselftest on 32-bit kernel: ./tools/testing/selftests/x86/entry_from_vm86.c 64-bit kernel was boot tested. On a Rocket Lake, measuring the CPU cycles for VERW with and without the %ss shows no significant difference. This indicates that the scrubbing behavior of VERW is intact. Thanks, Pawan Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> --- Pawan Gupta (3): x86/entry_32: Do not clobber user EFLAGS.ZF x86/entry_32: Clear CPU buffers after register restore in NMI return x86/bugs: Use code segment selector for VERW operand arch/x86/entry/entry_32.S | 6 ++++-- arch/x86/include/asm/nospec-branch.h | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) --- base-commit: 431c1646e1f86b949fa3685efc50b660a364c2b6 change-id: 20240426-fix-dosemu-vm86-dd111a01737e Best regards, -- Thanks, Pawan

8 months, 2 weeks

6
16
0 0

[PATCH] drm: panel: jd9365da-h3: Remove unused num_init_cmds structure member

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Now that the driver has been converted to use wrapped MIPI DCS functions, the num_init_cmds structure member is no longer needed, so remove it. Fixes: 35583e129995 ("drm/panel: panel-jadard-jd9365da-h3: use wrapped MIPI DCS functions") Cc: <stable(a)vger.kernel.org> Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> --- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c b/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c index 44897e5218a6..45d09e6fa667 100644 --- a/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c +++ b/drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c @@ -26,7 +26,6 @@ struct jadard_panel_desc { unsigned int lanes; enum mipi_dsi_pixel_format format; int (*init)(struct jadard *jadard); - u32 num_init_cmds; bool lp11_before_reset; bool reset_before_power_off_vcioo; unsigned int vcioo_to_lp11_delay_ms; base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc -- 2.39.5

8 months, 2 weeks

3
3
0 0

[tip: x86/urgent] x86/bugs: Use code segment selector for VERW operand

by tip-bot2 for Pawan Gupta

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: e4d2102018542e3ae5e297bc6e229303abff8a0f Gitweb: https://git.kernel.org/tip/e4d2102018542e3ae5e297bc6e229303abff8a0f Author: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> AuthorDate: Thu, 26 Sep 2024 09:10:31 -07:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Wed, 09 Oct 2024 09:42:30 +02:00 x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was executing vm86() system call: general protection fault: 0000 [#1] PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1 Hardware name: Dell Inc. PowerEdge 1950/0H723K, BIOS 2.7.0 10/30/2010 EIP: restore_all_switch_stack+0xbe/0xcf EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000 ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: ff8affdc DS: 0000 ES: 0000 FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010046 CR0: 80050033 CR2: 00c2101c CR3: 04b6d000 CR4: 000406d0 Call Trace: show_regs+0x70/0x78 die_addr+0x29/0x70 exc_general_protection+0x13c/0x348 exc_bounds+0x98/0x98 handle_exception+0x14d/0x14d exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf This only happens in 32-bit mode when VERW based mitigations like MDS/RFDS are enabled. This is because segment registers with an arbitrary user value can result in #GP when executing VERW. Intel SDM vol. 2C documents the following behavior for VERW instruction: #GP(0) - If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. CLEAR_CPU_BUFFERS macro executes VERW instruction before returning to user space. Use %cs selector to reference VERW operand. This ensures VERW will not #GP for an arbitrary user %ds. [ mingo: Fixed the SOB chain. ] Fixes: a0e2dab44d22 ("x86/entry_32: Add VERW just before userspace transition") Reported-by: Robert Gill <rtgill82(a)gmail.com> Reviewed-by: Andrew Cooper <andrew.cooper3(a)citrix.com Cc: stable(a)vger.kernel.org # 5.10+ Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218707 Closes: https://lore.kernel.org/all/8c77ccfd-d561-45a1-8ed5-6b75212c7a58@leemhuis.i… Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Suggested-by: Brian Gerst <brgerst(a)gmail.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> --- arch/x86/include/asm/nospec-branch.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index ff5f1ec..96b410b 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -323,7 +323,16 @@ * Note: Only the memory operand variant of VERW clears the CPU buffers. */ .macro CLEAR_CPU_BUFFERS - ALTERNATIVE "", __stringify(verw _ASM_RIP(mds_verw_sel)), X86_FEATURE_CLEAR_CPU_BUF +#ifdef CONFIG_X86_64 + ALTERNATIVE "", "verw mds_verw_sel(%rip)", X86_FEATURE_CLEAR_CPU_BUF +#else + /* + * In 32bit mode, the memory operand must be a %cs reference. The data + * segments may not be usable (vm86 mode), and the stack segment may not + * be flat (ESPFIX32). + */ + ALTERNATIVE "", "verw %cs:mds_verw_sel", X86_FEATURE_CLEAR_CPU_BUF +#endif .endm #ifdef CONFIG_X86_64

8 months, 2 weeks

1
0
0 0

[PATCH] media: i2c: tc358743: Fix crash in the probe error path when using polling

by Alexander Shiyan

If an error occurs in the probe() function, we should remove the polling timer that was alarmed earlier, otherwise the timer is called with arguments that are already freed, which results in a crash. ------------[ cut here ]------------ WARNING: CPU: 3 PID: 0 at kernel/time/timer.c:1830 __run_timers+0x244/0x268 Modules linked in: CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.11.0 #226 Hardware name: Diasom DS-RK3568-SOM-EVB (DT) pstate: 804000c9 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __run_timers+0x244/0x268 lr : __run_timers+0x1d4/0x268 sp : ffffff80eff2baf0 x29: ffffff80eff2bb50 x28: 7fffffffffffffff x27: ffffff80eff2bb00 x26: ffffffc080f669c0 x25: ffffff80efef6bf0 x24: ffffff80eff2bb00 x23: 0000000000000000 x22: dead000000000122 x21: 0000000000000000 x20: ffffff80efef6b80 x19: ffffff80041c8bf8 x18: ffffffffffffffff x17: ffffffc06f146000 x16: ffffff80eff27dc0 x15: 000000000000003e x14: 0000000000000000 x13: 00000000000054da x12: 0000000000000000 x11: 00000000000639c0 x10: 000000000000000c x9 : 0000000000000009 x8 : ffffff80eff2cb40 x7 : ffffff80eff2cb40 x6 : ffffff8002bee480 x5 : ffffffc080cb2220 x4 : ffffffc080cb2150 x3 : 00000000000f4240 x2 : 0000000000000102 x1 : ffffff80eff2bb00 x0 : ffffff80041c8bf0 Call trace: __run_timers+0x244/0x268 timer_expire_remote+0x50/0x68 tmigr_handle_remote+0x388/0x39c run_timer_softirq+0x38/0x44 handle_softirqs+0x138/0x298 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x24/0x4c do_softirq_own_stack+0x1c/0x2c irq_exit_rcu+0x9c/0xcc el1_interrupt+0x48/0xc0 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x7c/0x80 default_idle_call+0x34/0x68 do_idle+0x23c/0x294 cpu_startup_entry+0x38/0x3c secondary_start_kernel+0x128/0x160 __secondary_switched+0xb8/0xbc ---[ end trace 0000000000000000 ]--- Fixes: 4e66a52a2e4c ("[media] tc358743: Add support for platforms without IRQ line") Signed-off-by: Alexander Shiyan <eagle.alexander923(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/media/i2c/tc358743.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/media/i2c/tc358743.c b/drivers/media/i2c/tc358743.c index 65d58ddf0287..344a670e732f 100644 --- a/drivers/media/i2c/tc358743.c +++ b/drivers/media/i2c/tc358743.c @@ -2168,8 +2168,10 @@ static int tc358743_probe(struct i2c_client *client) err_work_queues: cec_unregister_adapter(state->cec_adap); - if (!state->i2c_client->irq) + if (!state->i2c_client->irq) { + del_timer(&state->timer); flush_work(&state->work_i2c_poll); + } cancel_delayed_work(&state->delayed_work_enable_hotplug); mutex_destroy(&state->confctl_mutex); err_hdl: -- 2.39.1

8 months, 2 weeks

1
0
0 0

[PATCH 4.19.y] Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal

by Tzung-Bi Shih

From: Mathias Krause <minipli(a)grsecurity.net> commit fbf8d71742557abaf558d8efb96742d442720cc2 upstream. Calling irq_domain_remove() will lead to freeing the IRQ domain prematurely. The domain is still referenced and will be attempted to get used via rmi_free_function_list() -> rmi_unregister_function() -> irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer. With PaX's MEMORY_SANITIZE this will lead to an access fault when attempting to dereference embedded pointers, as in Torsten's report that was faulting on the 'domain->ops->unmap' test. Fix this by releasing the IRQ domain only after all related IRQs have been deactivated. Fixes: 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") Reported-by: Torsten Hilbrich <torsten.hilbrich(a)secunet.com> Signed-off-by: Mathias Krause <minipli(a)grsecurity.net> Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> --- Commit 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") was first seen in v4.18-rc3. While the fix fbf8d7174255 ("Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal") was first seen in v6.8. In the field test, we observed the UAF which was triggered via re-probing hid_rmi driver. linux-6.6.y, linux-6.1.y, linux-5.15.y, linux-5.10.y, linux-5.4.y, and linux-4.19.y haven't backported commit fbf8d7174255. Let's backport it. --- drivers/input/rmi4/rmi_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c index 0da814b41e72..75cd4c813cbb 100644 --- a/drivers/input/rmi4/rmi_driver.c +++ b/drivers/input/rmi4/rmi_driver.c @@ -981,12 +981,12 @@ static int rmi_driver_remove(struct device *dev) rmi_disable_irq(rmi_dev, false); - irq_domain_remove(data->irqdomain); - data->irqdomain = NULL; - rmi_f34_remove_sysfs(rmi_dev); rmi_free_function_list(rmi_dev); + irq_domain_remove(data->irqdomain); + data->irqdomain = NULL; + return 0; } -- 2.47.0.rc0.187.ge670bccf7e-goog

8 months, 2 weeks

1
0
0 0

[PATCH 5.4.y] Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal

by Tzung-Bi Shih

From: Mathias Krause <minipli(a)grsecurity.net> commit fbf8d71742557abaf558d8efb96742d442720cc2 upstream. Calling irq_domain_remove() will lead to freeing the IRQ domain prematurely. The domain is still referenced and will be attempted to get used via rmi_free_function_list() -> rmi_unregister_function() -> irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer. With PaX's MEMORY_SANITIZE this will lead to an access fault when attempting to dereference embedded pointers, as in Torsten's report that was faulting on the 'domain->ops->unmap' test. Fix this by releasing the IRQ domain only after all related IRQs have been deactivated. Fixes: 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") Reported-by: Torsten Hilbrich <torsten.hilbrich(a)secunet.com> Signed-off-by: Mathias Krause <minipli(a)grsecurity.net> Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> --- Commit 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") was first seen in v4.18-rc3. While the fix fbf8d7174255 ("Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal") was first seen in v6.8. In the field test, we observed the UAF which was triggered via re-probing hid_rmi driver. linux-6.6.y, linux-6.1.y, linux-5.15.y, linux-5.10.y, linux-5.4.y, and linux-4.19.y haven't backported commit fbf8d7174255. Let's backport it. --- drivers/input/rmi4/rmi_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c index aa32371f04af..ef9ea295f9e0 100644 --- a/drivers/input/rmi4/rmi_driver.c +++ b/drivers/input/rmi4/rmi_driver.c @@ -978,12 +978,12 @@ static int rmi_driver_remove(struct device *dev) rmi_disable_irq(rmi_dev, false); - irq_domain_remove(data->irqdomain); - data->irqdomain = NULL; - rmi_f34_remove_sysfs(rmi_dev); rmi_free_function_list(rmi_dev); + irq_domain_remove(data->irqdomain); + data->irqdomain = NULL; + return 0; } -- 2.47.0.rc0.187.ge670bccf7e-goog

8 months, 2 weeks

1
0
0 0

[PATCH 5.10.y] Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal

by Tzung-Bi Shih

From: Mathias Krause <minipli(a)grsecurity.net> commit fbf8d71742557abaf558d8efb96742d442720cc2 upstream. Calling irq_domain_remove() will lead to freeing the IRQ domain prematurely. The domain is still referenced and will be attempted to get used via rmi_free_function_list() -> rmi_unregister_function() -> irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer. With PaX's MEMORY_SANITIZE this will lead to an access fault when attempting to dereference embedded pointers, as in Torsten's report that was faulting on the 'domain->ops->unmap' test. Fix this by releasing the IRQ domain only after all related IRQs have been deactivated. Fixes: 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") Reported-by: Torsten Hilbrich <torsten.hilbrich(a)secunet.com> Signed-off-by: Mathias Krause <minipli(a)grsecurity.net> Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> --- Commit 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") was first seen in v4.18-rc3. While the fix fbf8d7174255 ("Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal") was first seen in v6.8. In the field test, we observed the UAF which was triggered via re-probing hid_rmi driver. linux-6.6.y, linux-6.1.y, linux-5.15.y, linux-5.10.y, linux-5.4.y, and linux-4.19.y haven't backported commit fbf8d7174255. Let's backport it. --- drivers/input/rmi4/rmi_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c index aa32371f04af..ef9ea295f9e0 100644 --- a/drivers/input/rmi4/rmi_driver.c +++ b/drivers/input/rmi4/rmi_driver.c @@ -978,12 +978,12 @@ static int rmi_driver_remove(struct device *dev) rmi_disable_irq(rmi_dev, false); - irq_domain_remove(data->irqdomain); - data->irqdomain = NULL; - rmi_f34_remove_sysfs(rmi_dev); rmi_free_function_list(rmi_dev); + irq_domain_remove(data->irqdomain); + data->irqdomain = NULL; + return 0; } -- 2.47.0.rc0.187.ge670bccf7e-goog

8 months, 2 weeks

1
0
0 0

[PATCH 5.15.y] Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal

by Tzung-Bi Shih

From: Mathias Krause <minipli(a)grsecurity.net> commit fbf8d71742557abaf558d8efb96742d442720cc2 upstream. Calling irq_domain_remove() will lead to freeing the IRQ domain prematurely. The domain is still referenced and will be attempted to get used via rmi_free_function_list() -> rmi_unregister_function() -> irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer. With PaX's MEMORY_SANITIZE this will lead to an access fault when attempting to dereference embedded pointers, as in Torsten's report that was faulting on the 'domain->ops->unmap' test. Fix this by releasing the IRQ domain only after all related IRQs have been deactivated. Fixes: 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") Reported-by: Torsten Hilbrich <torsten.hilbrich(a)secunet.com> Signed-off-by: Mathias Krause <minipli(a)grsecurity.net> Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> --- Commit 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") was first seen in v4.18-rc3. While the fix fbf8d7174255 ("Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal") was first seen in v6.8. In the field test, we observed the UAF which was triggered via re-probing hid_rmi driver. linux-6.6.y, linux-6.1.y, linux-5.15.y, linux-5.10.y, linux-5.4.y, and linux-4.19.y haven't backported commit fbf8d7174255. Let's backport it. --- drivers/input/rmi4/rmi_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c index aa32371f04af..ef9ea295f9e0 100644 --- a/drivers/input/rmi4/rmi_driver.c +++ b/drivers/input/rmi4/rmi_driver.c @@ -978,12 +978,12 @@ static int rmi_driver_remove(struct device *dev) rmi_disable_irq(rmi_dev, false); - irq_domain_remove(data->irqdomain); - data->irqdomain = NULL; - rmi_f34_remove_sysfs(rmi_dev); rmi_free_function_list(rmi_dev); + irq_domain_remove(data->irqdomain); + data->irqdomain = NULL; + return 0; } -- 2.47.0.rc0.187.ge670bccf7e-goog

8 months, 2 weeks

1
0
0 0

[PATCH 6.1.y] Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal

by Tzung-Bi Shih

From: Mathias Krause <minipli(a)grsecurity.net> commit fbf8d71742557abaf558d8efb96742d442720cc2 upstream. Calling irq_domain_remove() will lead to freeing the IRQ domain prematurely. The domain is still referenced and will be attempted to get used via rmi_free_function_list() -> rmi_unregister_function() -> irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer. With PaX's MEMORY_SANITIZE this will lead to an access fault when attempting to dereference embedded pointers, as in Torsten's report that was faulting on the 'domain->ops->unmap' test. Fix this by releasing the IRQ domain only after all related IRQs have been deactivated. Fixes: 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") Reported-by: Torsten Hilbrich <torsten.hilbrich(a)secunet.com> Signed-off-by: Mathias Krause <minipli(a)grsecurity.net> Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> --- Commit 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") was first seen in v4.18-rc3. While the fix fbf8d7174255 ("Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal") was first seen in v6.8. In the field test, we observed the UAF which was triggered via re-probing hid_rmi driver. linux-6.6.y, linux-6.1.y, linux-5.15.y, linux-5.10.y, linux-5.4.y, and linux-4.19.y haven't backported commit fbf8d7174255. Let's backport it. --- drivers/input/rmi4/rmi_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c index aa32371f04af..ef9ea295f9e0 100644 --- a/drivers/input/rmi4/rmi_driver.c +++ b/drivers/input/rmi4/rmi_driver.c @@ -978,12 +978,12 @@ static int rmi_driver_remove(struct device *dev) rmi_disable_irq(rmi_dev, false); - irq_domain_remove(data->irqdomain); - data->irqdomain = NULL; - rmi_f34_remove_sysfs(rmi_dev); rmi_free_function_list(rmi_dev); + irq_domain_remove(data->irqdomain); + data->irqdomain = NULL; + return 0; } -- 2.47.0.rc0.187.ge670bccf7e-goog

8 months, 2 weeks

1
0
0 0

[PATCH] USB: chaoskey: fail open after removal

by Oliver Neukum

chaoskey_open() takes the lock only to increase the counter of openings. That means that the mutual exclusion with chaoskey_disconnect() cannot prevent an increase of the counter and chaoskey_open() returning a success. If that race is hit, chaoskey_disconnect() will happily free all resources associated with the device after it has dropped the lock, as it has read the counter as zero. To prevent this race chaoskey_open() has to check the presence of the device under the lock. However, the current per device lock cannot be used, because it is a part of the data structure to be freed. Hence an additional global mutex is needed. The issue is as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Reported-by: syzbot+422188bce66e76020e55(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=422188bce66e76020e55 Fixes: 66e3e591891da ("usb: Add driver for Altus Metrum ChaosKey device (v2)") --- drivers/usb/misc/chaoskey.c | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/drivers/usb/misc/chaoskey.c b/drivers/usb/misc/chaoskey.c index 6fb5140e29b9..e8b63df5f975 100644 --- a/drivers/usb/misc/chaoskey.c +++ b/drivers/usb/misc/chaoskey.c @@ -27,6 +27,8 @@ static struct usb_class_driver chaoskey_class; static int chaoskey_rng_read(struct hwrng *rng, void *data, size_t max, bool wait); +static DEFINE_MUTEX(chaoskey_list_lock); + #define usb_dbg(usb_if, format, arg...) \ dev_dbg(&(usb_if)->dev, format, ## arg) @@ -230,6 +232,7 @@ static void chaoskey_disconnect(struct usb_interface *interface) if (dev->hwrng_registered) hwrng_unregister(&dev->hwrng); + mutex_lock(&chaoskey_list_lock); usb_deregister_dev(interface, &chaoskey_class); usb_set_intfdata(interface, NULL); @@ -244,6 +247,7 @@ static void chaoskey_disconnect(struct usb_interface *interface) } else mutex_unlock(&dev->lock); + mutex_unlock(&chaoskey_list_lock); usb_dbg(interface, "disconnect done"); } @@ -251,6 +255,7 @@ static int chaoskey_open(struct inode *inode, struct file *file) { struct chaoskey *dev; struct usb_interface *interface; + int rv = 0; /* get the interface from minor number and driver information */ interface = usb_find_interface(&chaoskey_driver, iminor(inode)); @@ -266,18 +271,23 @@ static int chaoskey_open(struct inode *inode, struct file *file) } file->private_data = dev; + mutex_lock(&chaoskey_list_lock); mutex_lock(&dev->lock); - ++dev->open; + if (dev->present) + ++dev->open; + else + rv = -ENODEV; mutex_unlock(&dev->lock); + mutex_unlock(&chaoskey_list_lock); - usb_dbg(interface, "open success"); - return 0; + return rv; } static int chaoskey_release(struct inode *inode, struct file *file) { struct chaoskey *dev = file->private_data; struct usb_interface *interface; + int rv = 0; if (dev == NULL) return -ENODEV; @@ -286,14 +296,15 @@ static int chaoskey_release(struct inode *inode, struct file *file) usb_dbg(interface, "release"); + mutex_lock(&chaoskey_list_lock); mutex_lock(&dev->lock); usb_dbg(interface, "open count at release is %d", dev->open); if (dev->open <= 0) { usb_dbg(interface, "invalid open count (%d)", dev->open); - mutex_unlock(&dev->lock); - return -ENODEV; + rv = -ENODEV; + goto bail; } --dev->open; @@ -302,13 +313,15 @@ static int chaoskey_release(struct inode *inode, struct file *file) if (dev->open == 0) { mutex_unlock(&dev->lock); chaoskey_free(dev); - } else - mutex_unlock(&dev->lock); - } else - mutex_unlock(&dev->lock); - + goto destruction; + } + } +bail: + mutex_unlock(&dev->lock); +destruction: + mutex_lock(&chaoskey_list_lock); usb_dbg(interface, "release success"); - return 0; + return rv; } static void chaos_read_callback(struct urb *urb) -- 2.46.1

8 months, 2 weeks

4
4
0 0

[PATCH 6.6.y] Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal

by Tzung-Bi Shih

From: Mathias Krause <minipli(a)grsecurity.net> commit fbf8d71742557abaf558d8efb96742d442720cc2 upstream. Calling irq_domain_remove() will lead to freeing the IRQ domain prematurely. The domain is still referenced and will be attempted to get used via rmi_free_function_list() -> rmi_unregister_function() -> irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer. With PaX's MEMORY_SANITIZE this will lead to an access fault when attempting to dereference embedded pointers, as in Torsten's report that was faulting on the 'domain->ops->unmap' test. Fix this by releasing the IRQ domain only after all related IRQs have been deactivated. Fixes: 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") Reported-by: Torsten Hilbrich <torsten.hilbrich(a)secunet.com> Signed-off-by: Mathias Krause <minipli(a)grsecurity.net> Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> --- Commit 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") was first seen in v4.18-rc3. While the fix fbf8d7174255 ("Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal") was first seen in v6.8. In the field test, we observed the UAF which was triggered via re-probing hid_rmi driver. linux-6.6.y, linux-6.1.y, linux-5.15.y, linux-5.10.y, linux-5.4.y, and linux-4.19.y haven't backported commit fbf8d7174255. Let's backport it. --- drivers/input/rmi4/rmi_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c index aa32371f04af..ef9ea295f9e0 100644 --- a/drivers/input/rmi4/rmi_driver.c +++ b/drivers/input/rmi4/rmi_driver.c @@ -978,12 +978,12 @@ static int rmi_driver_remove(struct device *dev) rmi_disable_irq(rmi_dev, false); - irq_domain_remove(data->irqdomain); - data->irqdomain = NULL; - rmi_f34_remove_sysfs(rmi_dev); rmi_free_function_list(rmi_dev); + irq_domain_remove(data->irqdomain); + data->irqdomain = NULL; + return 0; } -- 2.47.0.rc0.187.ge670bccf7e-goog

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] zram: free secondary algorithms names" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 684826f8271ad97580b138b9ffd462005e470b99 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100724-used-ventricle-7559@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 684826f8271a ("zram: free secondary algorithms names") f2bac7ad187d ("zram: introduce zcomp_params structure") 1d3100cf148d ("zram: add 842 compression backend support") 84112e314f69 ("zram: add zlib compression backend support") dbf2763cec21 ("zram: pass estimated src size hint to zstd") 73e7d81abbc8 ("zram: add zstd compression backend support") c60a4ef54446 ("zram: add lz4hc compression backend support") 22d651c3b339 ("zram: add lz4 compression backend support") 2152247c55b6 ("zram: add lzo and lzorle compression backends support") 917a59e81c34 ("zram: introduce custom comp backends API") 04cb7502a5d7 ("zsmalloc: use all available 24 bits of page_type") 43d746dc49bb ("mm/zsmalloc: use a proper page type") 8db00ad56461 ("mm: allow reuse of the lower 16 bit of the page type with an actual type") 6d21dde7adc0 ("mm: update _mapcount and page_type documentation") ff202303c398 ("mm: convert page type macros to enum") 46df8e73a4a3 ("mm: free up PG_slab") d99e3140a4d3 ("mm: turn folio_test_hugetlb into a PageType") fd1a745ce03e ("mm: support page_mapcount() on page_has_type() pages") 29cfe7556bfd ("mm: constify more page/folio tests") 443cbaf9e2fd ("crash: split vmcoreinfo exporting code out from crash_core.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 684826f8271ad97580b138b9ffd462005e470b99 Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Date: Wed, 11 Sep 2024 11:54:56 +0900 Subject: [PATCH] zram: free secondary algorithms names We need to kfree() secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [senozhatsky(a)chromium.org: kfree(NULL) is legal] Link: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org Link: https://lkml.kernel.org/r/20240911025600.3681789-1-senozhatsky@chromium.org Fixes: 001d92735701 ("zram: add recompression algorithm sysfs knob") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: Minchan Kim <minchan(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 1f1bf175a6c3..0207a7fc0a97 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -2112,6 +2112,11 @@ static void zram_destroy_comps(struct zram *zram) zram->num_active_comps--; } + for (prio = ZRAM_SECONDARY_COMP; prio < ZRAM_MAX_COMPS; prio++) { + kfree(zram->comp_algs[prio]); + zram->comp_algs[prio] = NULL; + } + zram_comp_params_reset(zram); }

8 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] zram: free secondary algorithms names" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 684826f8271ad97580b138b9ffd462005e470b99 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100723-covenant-chef-b766@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 684826f8271a ("zram: free secondary algorithms names") f2bac7ad187d ("zram: introduce zcomp_params structure") 1d3100cf148d ("zram: add 842 compression backend support") 84112e314f69 ("zram: add zlib compression backend support") dbf2763cec21 ("zram: pass estimated src size hint to zstd") 73e7d81abbc8 ("zram: add zstd compression backend support") c60a4ef54446 ("zram: add lz4hc compression backend support") 22d651c3b339 ("zram: add lz4 compression backend support") 2152247c55b6 ("zram: add lzo and lzorle compression backends support") 917a59e81c34 ("zram: introduce custom comp backends API") 04cb7502a5d7 ("zsmalloc: use all available 24 bits of page_type") 43d746dc49bb ("mm/zsmalloc: use a proper page type") 8db00ad56461 ("mm: allow reuse of the lower 16 bit of the page type with an actual type") 6d21dde7adc0 ("mm: update _mapcount and page_type documentation") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 684826f8271ad97580b138b9ffd462005e470b99 Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Date: Wed, 11 Sep 2024 11:54:56 +0900 Subject: [PATCH] zram: free secondary algorithms names We need to kfree() secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [senozhatsky(a)chromium.org: kfree(NULL) is legal] Link: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org Link: https://lkml.kernel.org/r/20240911025600.3681789-1-senozhatsky@chromium.org Fixes: 001d92735701 ("zram: add recompression algorithm sysfs knob") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: Minchan Kim <minchan(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 1f1bf175a6c3..0207a7fc0a97 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -2112,6 +2112,11 @@ static void zram_destroy_comps(struct zram *zram) zram->num_active_comps--; } + for (prio = ZRAM_SECONDARY_COMP; prio < ZRAM_MAX_COMPS; prio++) { + kfree(zram->comp_algs[prio]); + zram->comp_algs[prio] = NULL; + } + zram_comp_params_reset(zram); }

8 months, 2 weeks

2
2
0 0

[PATCH] sched: psi: fix bogus pressure spikes from aggregation race

by Yo-Jung (Leo) Lin

From: Johannes Weiner <hannes(a)cmpxchg.org> Brandon reports sporadic, non-sensical spikes in cumulative pressure time (total=) when reading cpu.pressure at a high rate. This is due to a race condition between reader aggregation and tasks changing states. While it affects all states and all resources captured by PSI, in practice it most likely triggers with CPU pressure, since scheduling events are so frequent compared to other resource events. The race context is the live snooping of ongoing stalls during a pressure read. The read aggregates per-cpu records for stalls that have concluded, but will also incorporate ad-hoc the duration of any active state that hasn't been recorded yet. This is important to get timely measurements of ongoing stalls. Those ad-hoc samples are calculated on-the-fly up to the current time on that CPU; since the stall hasn't concluded, it's expected that this is the minimum amount of stall time that will enter the per-cpu records once it does. The problem is that the path that concludes the state uses a CPU clock read that is not synchronized against aggregators; the clock is read outside of the seqlock protection. This allows aggregators to race and snoop a stall with a longer duration than will actually be recorded. With the recorded stall time being less than the last snapshot remembered by the aggregator, a subsequent sample will underflow and observe a bogus delta value, resulting in an erratic jump in pressure. Fix this by moving the clock read of the state change into the seqlock protection. This ensures no aggregation can snoop live stalls past the time that's recorded when the state concludes. Reported-by: Brandon Duffany <brandon(a)buildbuddy.io> Link: https://bugzilla.kernel.org/show_bug.cgi?id=219194 Link: https://lore.kernel.org/lkml/20240827121851.GB438928@cmpxchg.org/ Fixes: df77430639c9 ("psi: Reduce calls to sched_clock() in psi") Cc: stable(a)vger.kernel.org Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> --- kernel/sched/psi.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c index 020d58967d4e..84dad1511d1e 100644 --- a/kernel/sched/psi.c +++ b/kernel/sched/psi.c @@ -769,12 +769,13 @@ static void record_times(struct psi_group_cpu *groupc, u64 now) } static void psi_group_change(struct psi_group *group, int cpu, - unsigned int clear, unsigned int set, u64 now, + unsigned int clear, unsigned int set, bool wake_clock) { struct psi_group_cpu *groupc; unsigned int t, m; u32 state_mask; + u64 now; lockdep_assert_rq_held(cpu_rq(cpu)); groupc = per_cpu_ptr(group->pcpu, cpu); @@ -789,6 +790,7 @@ static void psi_group_change(struct psi_group *group, int cpu, * SOME and FULL time these may have resulted in. */ write_seqcount_begin(&groupc->seq); + now = cpu_clock(cpu); /* * Start with TSK_ONCPU, which doesn't have a corresponding @@ -899,18 +901,15 @@ void psi_task_change(struct task_struct *task, int clear, int set) { int cpu = task_cpu(task); struct psi_group *group; - u64 now; if (!task->pid) return; psi_flags_change(task, clear, set); - now = cpu_clock(cpu); - group = task_psi_group(task); do { - psi_group_change(group, cpu, clear, set, now, true); + psi_group_change(group, cpu, clear, set, true); } while ((group = group->parent)); } @@ -919,7 +918,6 @@ void psi_task_switch(struct task_struct *prev, struct task_struct *next, { struct psi_group *group, *common = NULL; int cpu = task_cpu(prev); - u64 now = cpu_clock(cpu); if (next->pid) { psi_flags_change(next, 0, TSK_ONCPU); @@ -936,7 +934,7 @@ void psi_task_switch(struct task_struct *prev, struct task_struct *next, break; } - psi_group_change(group, cpu, 0, TSK_ONCPU, now, true); + psi_group_change(group, cpu, 0, TSK_ONCPU, true); } while ((group = group->parent)); } @@ -974,7 +972,7 @@ void psi_task_switch(struct task_struct *prev, struct task_struct *next, do { if (group == common) break; - psi_group_change(group, cpu, clear, set, now, wake_clock); + psi_group_change(group, cpu, clear, set, wake_clock); } while ((group = group->parent)); /* @@ -986,7 +984,7 @@ void psi_task_switch(struct task_struct *prev, struct task_struct *next, if ((prev->psi_flags ^ next->psi_flags) & ~TSK_ONCPU) { clear &= ~TSK_ONCPU; for (; group; group = group->parent) - psi_group_change(group, cpu, clear, set, now, wake_clock); + psi_group_change(group, cpu, clear, set, wake_clock); } } } @@ -997,8 +995,8 @@ void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_st int cpu = task_cpu(curr); struct psi_group *group; struct psi_group_cpu *groupc; - u64 now, irq; s64 delta; + u64 irq; if (static_branch_likely(&psi_disabled)) return; @@ -1011,7 +1009,6 @@ void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_st if (prev && task_psi_group(prev) == group) return; - now = cpu_clock(cpu); irq = irq_time_read(cpu); delta = (s64)(irq - rq->psi_irq_time); if (delta < 0) @@ -1019,12 +1016,15 @@ void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_st rq->psi_irq_time = irq; do { + u64 now; + if (!group->enabled) continue; groupc = per_cpu_ptr(group->pcpu, cpu); write_seqcount_begin(&groupc->seq); + now = cpu_clock(cpu); record_times(groupc, now); groupc->times[PSI_IRQ_FULL] += delta; @@ -1223,11 +1223,9 @@ void psi_cgroup_restart(struct psi_group *group) for_each_possible_cpu(cpu) { struct rq *rq = cpu_rq(cpu); struct rq_flags rf; - u64 now; rq_lock_irq(rq, &rf); - now = cpu_clock(cpu); - psi_group_change(group, cpu, 0, 0, now, true); + psi_group_change(group, cpu, 0, 0, true); rq_unlock_irq(rq, &rf); } } -- 2.43.0

8 months, 2 weeks

1
1
0 0

[PATCH v2 net 0/3] net: enetc: fix some issues of XDP

by Wei Fang

We found some bugs when testing the XDP function of enetc driver, and these bugs are easy to reproduce. This is not only causes XDP to not work, but also the network cannot be restored after exiting the XDP program. So the patch set is mainly to fix these bugs. For details, please see the commit message of each patch. --- v1 link: https://lore.kernel.org/bpf/20240919084104.661180-1-wei.fang@nxp.com/T/ --- Wei Fang (3): net: enetc: remove xdp_drops statistic from enetc_xdp_drop() net: enetc: fix the issues of XDP_REDIRECT feature net: enetc: disable IRQ after Rx and Tx BD rings are disabled drivers/net/ethernet/freescale/enetc/enetc.c | 50 +++++++++++++++----- drivers/net/ethernet/freescale/enetc/enetc.h | 1 + 2 files changed, 38 insertions(+), 13 deletions(-) -- 2.34.1

8 months, 2 weeks

2
8
0 0

[PATCH 6.1 00/63] 6.1.111-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.111 release. There are 63 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 18 Sep 2024 11:42:05 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.111-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.111-rc1 Arseniy Krasnov <avkrasnov(a)salutedevices.com> ASoC: meson: axg-card: fix 'use-after-free' Mika Westerberg <mika.westerberg(a)linux.intel.com> pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/i915/guc: prevent a possible int overflow in wq offsets Jinjie Ruan <ruanjinjie(a)huawei.com> spi: geni-qcom: Fix incorrect free_irq() sequence Jinjie Ruan <ruanjinjie(a)huawei.com> spi: geni-qcom: Undo runtime PM changes at driver exit time Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: geni-qcom: Convert to platform remove callback returning void Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: Silence UBSAN warning T.J. Mercier <tjmercier(a)google.com> dma-buf: heaps: Fix off-by-one in CMA heap fault handler Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" Han Xu <han.xu(a)nxp.com> spi: nxp-fspi: fix the KASAN report out-of-bounds bug Sean Anderson <sean.anderson(a)linux.dev> net: dpaa: Pad packets to ETH_ZLEN Florian Westphal <fw(a)strlen.de> netfilter: nft_socket: make cgroupsv2 matching work with namespaces Florian Westphal <fw(a)strlen.de> netfilter: nft_socket: fix sk refcount leaks Jacky Chou <jacky_chou(a)aspeedtech.com> net: ftgmac100: Enable TX interrupt to avoid TX timeout Naveen Mamindlapalli <naveenm(a)marvell.com> octeontx2-af: Modify SMQ flush sequence to drop packets Naveen Mamindlapalli <naveenm(a)marvell.com> octeontx2-af: Set XOFF on other child transmit schedulers during SMQ flush Muhammad Usama Anjum <usama.anjum(a)collabora.com> fou: fix initialization of grc Benjamin Poirier <bpoirier(a)nvidia.com> net/mlx5: Fix bridge mode operations when there are no VFs Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Verify support for scheduling element and TSAR type Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Correct TASR typo into TSAR Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Add missing masks and QoS bit masks for scheduling elements Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Explicitly set scheduling element and TSAR type Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5e: Add missing link modes to ptys2ethtool_map Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Update the list of the PCI supported devices Sriram Yagnaraman <sriram.yagnaraman(a)est.tech> igb: Always call igb_xdp_ring_update_tail() under Tx lock Jacob Keller <jacob.e.keller(a)intel.com> ice: fix accounting for filters shared by multiple VSIs Patryk Biel <pbiel7(a)gmail.com> hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 Michal Luczaj <mhal(a)rbox.co> selftests/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected() peng guo <engguopeng(a)buaa.edu.cn> cxl/core: Fix incorrect vendor debug UUID define Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> eeprom: digsy_mtc: Fix 93xx46 driver probe failure FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use kvfree to free memory allocated by kvmalloc Kunwu Chan <chentao(a)kylinos.cn> pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix race in axienet_stop Linus Torvalds <torvalds(a)linux-foundation.org> mm: avoid leaving partial pfn mappings around in error case Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: fix a race condition when accessing recalc_sector Willem de Bruijn <willemb(a)google.com> net: tighten bad gso csum offset check in virtio_net_hdr Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> minmax: reduce min/max macro expansion in atomisp driver Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma Edward Adam Davis <eadavis(a)qq.com> mptcp: pm: Fix uaf in __timer_delete_sync Hans de Goede <hdegoede(a)redhat.com> platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array Hans de Goede <hdegoede(a)redhat.com> platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Avoid unnecessary rescanning of the per-server delegation list Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix clearing of layout segments in layoutreturn ChenXiaoSong <chenxiaosong(a)kylinos.cn> smb/server: fix return value of smb2_open() Takashi Iwai <tiwai(a)suse.de> Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table Rob Clark <robdclark(a)chromium.org> drm/msm/adreno: Fix error return if missing firmware-name Maximilian Luz <luzmaximilian(a)gmail.com> platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 Maximilian Luz <luzmaximilian(a)gmail.com> platform/surface: aggregator_registry: Add Support for Surface Pro 10 Anders Roxell <anders.roxell(a)linaro.org> scripts: kconfig: merge_config: config files: add a trailing newline Dmitry Savin <envelsavinds(a)gmail.com> HID: multitouch: Add support for GT7868Q Jonathan Denose <jdenose(a)google.com> Input: synaptics - enable SMBus for HP Elitebook 840 G2 Marek Vasut <marex(a)denx.de> Input: ads7846 - ratelimit the spi_sync error message Jeff Layton <jlayton(a)kernel.org> btrfs: update target inode's ctime on unlink Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL Pawel Dembicki <paweldembicki(a)gmail.com> net: phy: vitesse: repair vsc73xx autonegotiation Bouke Sybren Haarsma <boukehaarsma23(a)gmail.com> drm: panel-orientation-quirks: Add quirk for Ayn Loki Max Bouke Sybren Haarsma <boukehaarsma23(a)gmail.com> drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero Moon Yeounsu <yyyynoom(a)gmail.com> net: ethernet: use ip_hdrlen() instead of bit shift Foster Snowhill <forst(a)pen.gy> usbnet: ipheth: fix carrier detection in modes 1 and 4 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: override fsids for smb2_query_info() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: override fsids for share path check ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3328-rock-pi-e.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 36 ++++- arch/powerpc/kernel/setup-common.c | 1 + arch/powerpc/mm/mem.c | 2 - drivers/cxl/cxlmem.h | 2 +- drivers/dma-buf/heaps/cma_heap.c | 2 +- drivers/gpu/drm/amd/include/atomfirmware.h | 4 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 ++ drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 4 +- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 2 +- drivers/hid/hid-ids.h | 2 + drivers/hid/hid-multitouch.c | 33 ++++ drivers/hwmon/pmbus/pmbus.h | 6 + drivers/hwmon/pmbus/pmbus_core.c | 17 +- drivers/input/mouse/synaptics.c | 1 + drivers/input/serio/i8042-acpipnpio.h | 9 ++ drivers/input/touchscreen/ads7846.c | 2 +- drivers/md/dm-integrity.c | 4 +- drivers/misc/eeprom/digsy_mtc_eeprom.c | 2 +- drivers/net/ethernet/faraday/ftgmac100.h | 2 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 9 +- drivers/net/ethernet/intel/ice/ice_switch.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 17 +- drivers/net/ethernet/jme.c | 10 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 15 ++ .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 177 ++++++++++++++++++++- .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 4 + .../net/ethernet/mellanox/mlx5/core/esw/legacy.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 51 +++--- drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/qos.c | 7 + drivers/net/ethernet/xilinx/xilinx_axienet.h | 3 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8 + drivers/net/phy/vitesse.c | 14 -- drivers/net/usb/ipheth.c | 5 +- drivers/pinctrl/intel/pinctrl-meteorlake.c | 1 + .../platform/surface/surface_aggregator_registry.c | 8 +- drivers/platform/x86/panasonic-laptop.c | 58 +++++-- drivers/soc/ti/omap_prm.c | 2 + drivers/soundwire/stream.c | 8 +- drivers/spi/spi-geni-qcom.c | 22 ++- drivers/spi/spi-nxp-fspi.c | 5 +- drivers/staging/media/atomisp/pci/sh_css_frac.h | 26 ++- fs/btrfs/inode.c | 1 + fs/nfs/delegation.c | 15 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/pnfs.c | 5 +- fs/ntfs3/attrlist.c | 4 +- fs/ntfs3/bitmap.c | 4 +- fs/ntfs3/frecord.c | 4 +- fs/ntfs3/super.c | 2 +- fs/smb/server/mgmt/share_config.c | 15 +- fs/smb/server/mgmt/share_config.h | 4 +- fs/smb/server/mgmt/tree_connect.c | 9 +- fs/smb/server/mgmt/tree_connect.h | 4 +- fs/smb/server/smb2pdu.c | 11 +- fs/smb/server/smb_common.c | 9 +- fs/smb/server/smb_common.h | 2 + include/linux/mlx5/mlx5_ifc.h | 12 +- include/linux/virtio_net.h | 3 +- mm/memory.c | 27 +++- net/ipv4/fou.c | 4 +- net/mptcp/pm_netlink.c | 13 +- net/netfilter/nft_socket.c | 48 +++++- scripts/kconfig/merge_config.sh | 2 + sound/soc/meson/axg-card.c | 3 +- .../selftests/bpf/prog_tests/sockmap_listen.c | 3 +- 68 files changed, 642 insertions(+), 177 deletions(-)

8 months, 2 weeks

11
77
0 0

[tip: x86/urgent] x86/entry_32: Do not clobber user EFLAGS.ZF

by tip-bot2 for Pawan Gupta

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 2e2e5143d4868163d6756c8c6a4d28cbfa5245e5 Gitweb: https://git.kernel.org/tip/2e2e5143d4868163d6756c8c6a4d28cbfa5245e5 Author: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> AuthorDate: Wed, 25 Sep 2024 15:25:38 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Tue, 08 Oct 2024 15:16:28 -07:00 x86/entry_32: Do not clobber user EFLAGS.ZF Opportunistic SYSEXIT executes VERW to clear CPU buffers after user EFLAGS are restored. This can clobber user EFLAGS.ZF. Move CLEAR_CPU_BUFFERS before the user EFLAGS are restored. This ensures that the user EFLAGS.ZF is not clobbered. Closes: https://lore.kernel.org/lkml/yVXwe8gvgmPADpRB6lXlicS2fcHoV5OHHxyuFbB_MEleRP… Fixes: a0e2dab44d22 ("x86/entry_32: Add VERW just before userspace transition") Reported-by: Jari Ruusu <jariruusu(a)protonmail.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20240925-fix-dosemu-vm86-v7-1-1de0daca2d42%40li… --- arch/x86/entry/entry_32.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S index d3a814e..9ad6cd8 100644 --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -871,6 +871,8 @@ SYM_FUNC_START(entry_SYSENTER_32) /* Now ready to switch the cr3 */ SWITCH_TO_USER_CR3 scratch_reg=%eax + /* Clobbers ZF */ + CLEAR_CPU_BUFFERS /* * Restore all flags except IF. (We restore IF separately because @@ -881,7 +883,6 @@ SYM_FUNC_START(entry_SYSENTER_32) BUG_IF_WRONG_CR3 no_user_check=1 popfl popl %eax - CLEAR_CPU_BUFFERS /* * Return back to the vDSO, which will pop ecx and edx.

8 months, 2 weeks

1
0
0 0

[tip: x86/urgent] x86/entry_32: Clear CPU buffers after register restore in NMI return

by tip-bot2 for Pawan Gupta

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 48a2440d0f20c826b884e04377ccc1e4696c84e9 Gitweb: https://git.kernel.org/tip/48a2440d0f20c826b884e04377ccc1e4696c84e9 Author: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> AuthorDate: Wed, 25 Sep 2024 15:25:44 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Tue, 08 Oct 2024 15:16:28 -07:00 x86/entry_32: Clear CPU buffers after register restore in NMI return CPU buffers are currently cleared after call to exc_nmi, but before register state is restored. This may be okay for MDS mitigation but not for RDFS. Because RDFS mitigation requires CPU buffers to be cleared when registers don't have any sensitive data. Move CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI. Fixes: a0e2dab44d22 ("x86/entry_32: Add VERW just before userspace transition") Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20240925-fix-dosemu-vm86-v7-2-1de0daca2d42%40li… --- arch/x86/entry/entry_32.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S index 9ad6cd8..20be575 100644 --- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -1145,7 +1145,6 @@ SYM_CODE_START(asm_exc_nmi) /* Not on SYSENTER stack. */ call exc_nmi - CLEAR_CPU_BUFFERS jmp .Lnmi_return .Lnmi_from_sysenter_stack: @@ -1166,6 +1165,7 @@ SYM_CODE_START(asm_exc_nmi) CHECK_AND_APPLY_ESPFIX RESTORE_ALL_NMI cr3_reg=%edi pop=4 + CLEAR_CPU_BUFFERS jmp .Lirq_return #ifdef CONFIG_X86_ESPFIX32 @@ -1207,6 +1207,7 @@ SYM_CODE_START(asm_exc_nmi) * 1 - orig_ax */ lss (1+5+6)*4(%esp), %esp # back to espfix stack + CLEAR_CPU_BUFFERS jmp .Lirq_return #endif SYM_CODE_END(asm_exc_nmi)

8 months, 2 weeks

1
0
0 0

[PATCH] usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG

by Prashanth K

DWC3 programming guide mentions that when operating in USB2.0 speeds, if GUSB2PHYCFG[6] or GUSB2PHYCFG[8] is set, it must be cleared prior to issuing commands and may be set again after the command completes. But currently while issuing EndXfer command without CmdIOC set, we wait for 1ms after GUSB2PHYCFG is restored. This results in cases where EndXfer command doesn't get completed and causes SMMU faults since requests are unmapped afterwards. Hence restore GUSB2PHYCFG after waiting for EndXfer command completion. Cc: stable(a)vger.kernel.org Fixes: 1d26ba0944d3 ("usb: dwc3: Wait unconditionally after issuing EndXfer command") Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> --- drivers/usb/dwc3/gadget.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 291bc549935b..50772d611582 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -438,6 +438,10 @@ int dwc3_send_gadget_ep_cmd(struct dwc3_ep *dep, unsigned int cmd, dwc3_gadget_ep_get_transfer_index(dep); } + if (DWC3_DEPCMD_CMD(cmd) == DWC3_DEPCMD_ENDTRANSFER && + !(cmd & DWC3_DEPCMD_CMDIOC)) + mdelay(1); + if (saved_config) { reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)); reg |= saved_config; @@ -1715,12 +1719,10 @@ static int __dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force, bool int WARN_ON_ONCE(ret); dep->resource_index = 0; - if (!interrupt) { - mdelay(1); + if (!interrupt) dep->flags &= ~DWC3_EP_TRANSFER_STARTED; - } else if (!ret) { + else if (!ret) dep->flags |= DWC3_EP_END_TRANSFER_PENDING; - } dep->flags &= ~DWC3_EP_DELAY_STOP; return ret; -- 2.25.1

8 months, 2 weeks

2
3
0 0

[PATCH v3 03/12] drm/fbdev-dma: Select FB_DEFERRED_IO

by Thomas Zimmermann

Commit 808a40b69468 ("drm/fbdev-dma: Implement damage handling and deferred I/O") added deferred I/O for fbdev-dma. Also select the Kconfig symbol FB_DEFERRED_IO (via FB_DMAMEM_HELPERS_DEFERRED). Fixes build errors about missing fbdefio, such as drivers/gpu/drm/drm_fbdev_dma.c:218:26: error: 'struct drm_fb_helper' has no member named 'fbdefio' 218 | fb_helper->fbdefio.delay = HZ / 20; | ^~ drivers/gpu/drm/drm_fbdev_dma.c:219:26: error: 'struct drm_fb_helper' has no member named 'fbdefio' 219 | fb_helper->fbdefio.deferred_io = drm_fb_helper_deferred_io; | ^~ drivers/gpu/drm/drm_fbdev_dma.c:221:21: error: 'struct fb_info' has no member named 'fbdefio' 221 | info->fbdefio = &fb_helper->fbdefio; | ^~ drivers/gpu/drm/drm_fbdev_dma.c:221:43: error: 'struct drm_fb_helper' has no member named 'fbdefio' 221 | info->fbdefio = &fb_helper->fbdefio; | ^~ Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202410050241.Mox9QRjP-lkp@intel.com/ Fixes: 808a40b69468 ("drm/fbdev-dma: Implement damage handling and deferred I/O") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: <stable(a)vger.kernel.org> # v6.11+ --- drivers/gpu/drm/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig index 1df4e627e3d3..db2e206a117c 100644 --- a/drivers/gpu/drm/Kconfig +++ b/drivers/gpu/drm/Kconfig @@ -338,7 +338,7 @@ config DRM_TTM_HELPER config DRM_GEM_DMA_HELPER tristate depends on DRM - select FB_DMAMEM_HELPERS if DRM_FBDEV_EMULATION + select FB_DMAMEM_HELPERS_DEFERRED if DRM_FBDEV_EMULATION help Choose this if you need the GEM DMA helper functions -- 2.46.0

8 months, 2 weeks

2
1
0 0

[PATCH] iwlegacy: Clear stale interrupts before enabling interrupts

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> iwl4965 fails upon resume from hibernation on my laptop. The reason seems to be a stale interrupt which isn't being cleared out before interrupts are enabled. We end up with a race beween the resume trying to bring things back up, and the restart work (queued form the interrupt handler) trying to bring things down. Eventually the whole thing blows up. Fix the problem by clearing out any stale interrupts before interrupts get enabled. Here's a debug log of the indicent: [ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000 [ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000 [ 12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio. [ 12.042653] iwl4965 0000:10:00.0: On demand firmware reload [ 12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282 [ 12.052207] ieee80211 phy0: il4965_mac_start enter [ 12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff [ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware ready [ 12.052324] ieee80211 phy0: il_apm_init Init card's basic functions [ 12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S [ 12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm [ 12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm [ 12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK [ 12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations [ 12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up [ 12.058737] ieee80211 phy0: il4965_mac_start Start UP work done. [ 12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down [ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout [ 12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort [ 12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver [ 12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared [ 12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state [ 12.058827] ieee80211 phy0: _il_apm_stop_master stop master [ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear. [ 12.058869] ieee80211 phy0: Hardware restart was requested [ 16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms. [ 16.132303] ------------[ cut here ]------------ [ 16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue. [ 16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211] [ 16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev [ 16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143 [ 16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010 [ 16.132463] Workqueue: async async_run_entry_fn [ 16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211] [ 16.132501] Code: da 02 00 00 c6 83 ad 05 00 00 00 48 89 df e8 98 1b fc ff 85 c0 41 89 c7 0f 84 e9 02 00 00 48 c7 c7 a0 e6 48 a0 e8 d1 77 c4 e0 <0f> 0b eb 2d 84 c0 0f 85 8b 01 00 00 c6 87 ad 05 00 00 00 e8 69 1b [ 16.132504] RSP: 0018:ffffc9000029fcf0 EFLAGS: 00010282 [ 16.132507] RAX: 0000000000000000 RBX: ffff8880072008e0 RCX: 0000000000000001 [ 16.132509] RDX: ffffffff81f21a18 RSI: 0000000000000086 RDI: 0000000000000001 [ 16.132510] RBP: ffff8880072003c0 R08: 0000000000000000 R09: 0000000000000003 [ 16.132512] R10: 0000000000000000 R11: ffff88807e5b0000 R12: 0000000000000001 [ 16.132514] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000ffffff92 [ 16.132515] FS: 0000000000000000(0000) GS:ffff88807c200000(0000) knlGS:0000000000000000 [ 16.132517] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 16.132519] CR2: 000055dd43786c08 CR3: 000000000978f000 CR4: 00000000000006f0 [ 16.132521] Call Trace: [ 16.132525] <TASK> [ 16.132526] ? __warn+0x77/0x120 [ 16.132532] ? ieee80211_reconfig+0x8f/0x14b0 [mac80211] [ 16.132564] ? report_bug+0x15c/0x190 [ 16.132568] ? handle_bug+0x36/0x70 [ 16.132571] ? exc_invalid_op+0x13/0x60 [ 16.132573] ? asm_exc_invalid_op+0x16/0x20 [ 16.132579] ? ieee80211_reconfig+0x8f/0x14b0 [mac80211] [ 16.132611] ? snd_hdac_bus_init_cmd_io+0x24/0x200 [snd_hda_core] [ 16.132617] ? pick_eevdf+0x133/0x1c0 [ 16.132622] ? check_preempt_wakeup_fair+0x70/0x90 [ 16.132626] ? wakeup_preempt+0x4a/0x60 [ 16.132628] ? ttwu_do_activate.isra.0+0x5a/0x190 [ 16.132632] wiphy_resume+0x79/0x1a0 [cfg80211] [ 16.132675] ? wiphy_suspend+0x2a0/0x2a0 [cfg80211] [ 16.132697] dpm_run_callback+0x75/0x1b0 [ 16.132703] device_resume+0x97/0x200 [ 16.132707] async_resume+0x14/0x20 [ 16.132711] async_run_entry_fn+0x1b/0xa0 [ 16.132714] process_one_work+0x13d/0x350 [ 16.132718] worker_thread+0x2be/0x3d0 [ 16.132722] ? cancel_delayed_work_sync+0x70/0x70 [ 16.132725] kthread+0xc0/0xf0 [ 16.132729] ? kthread_park+0x80/0x80 [ 16.132732] ret_from_fork+0x28/0x40 [ 16.132735] ? kthread_park+0x80/0x80 [ 16.132738] ret_from_fork_asm+0x11/0x20 [ 16.132741] </TASK> [ 16.132742] ---[ end trace 0000000000000000 ]--- [ 16.132930] ------------[ cut here ]------------ [ 16.132932] WARNING: CPU: 0 PID: 181 at net/mac80211/driver-ops.c:41 drv_stop+0xe7/0xf0 [mac80211] [ 16.132957] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev [ 16.133014] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Tainted: G W 6.11.0-cl+ #143 [ 16.133018] Tainted: [W]=WARN [ 16.133019] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010 [ 16.133021] Workqueue: async async_run_entry_fn [ 16.133025] RIP: 0010:drv_stop+0xe7/0xf0 [mac80211] [ 16.133048] Code: 48 85 c0 74 0e 48 8b 78 08 89 ea 48 89 de e8 e0 87 04 00 65 ff 0d d1 de c4 5f 0f 85 42 ff ff ff e8 be 52 c2 e0 e9 38 ff ff ff <0f> 0b 5b 5d c3 0f 1f 40 00 41 54 49 89 fc 55 53 48 89 f3 2e 2e 2e [ 16.133050] RSP: 0018:ffffc9000029fc50 EFLAGS: 00010246 [ 16.133053] RAX: 0000000000000000 RBX: ffff8880072008e0 RCX: ffff88800377f6c0 [ 16.133054] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff8880072008e0 [ 16.133056] RBP: 0000000000000000 R08: ffffffff81f238d8 R09: 0000000000000000 [ 16.133058] R10: ffff8880080520f0 R11: 0000000000000000 R12: ffff888008051c60 [ 16.133060] R13: ffff8880072008e0 R14: 0000000000000000 R15: ffff8880072011d8 [ 16.133061] FS: 0000000000000000(0000) GS:ffff88807c200000(0000) knlGS:0000000000000000 [ 16.133063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 16.133065] CR2: 000055dd43786c08 CR3: 000000000978f000 CR4: 00000000000006f0 [ 16.133067] Call Trace: [ 16.133069] <TASK> [ 16.133070] ? __warn+0x77/0x120 [ 16.133075] ? drv_stop+0xe7/0xf0 [mac80211] [ 16.133098] ? report_bug+0x15c/0x190 [ 16.133100] ? handle_bug+0x36/0x70 [ 16.133103] ? exc_invalid_op+0x13/0x60 [ 16.133105] ? asm_exc_invalid_op+0x16/0x20 [ 16.133109] ? drv_stop+0xe7/0xf0 [mac80211] [ 16.133132] ieee80211_do_stop+0x55a/0x810 [mac80211] [ 16.133161] ? fq_codel_reset+0xa5/0xc0 [sch_fq_codel] [ 16.133164] ieee80211_stop+0x4f/0x180 [mac80211] [ 16.133192] __dev_close_many+0xa2/0x120 [ 16.133195] dev_close_many+0x90/0x150 [ 16.133198] dev_close+0x5d/0x80 [ 16.133200] cfg80211_shutdown_all_interfaces+0x40/0xe0 [cfg80211] [ 16.133223] wiphy_resume+0xb2/0x1a0 [cfg80211] [ 16.133247] ? wiphy_suspend+0x2a0/0x2a0 [cfg80211] [ 16.133269] dpm_run_callback+0x75/0x1b0 [ 16.133273] device_resume+0x97/0x200 [ 16.133277] async_resume+0x14/0x20 [ 16.133280] async_run_entry_fn+0x1b/0xa0 [ 16.133283] process_one_work+0x13d/0x350 [ 16.133287] worker_thread+0x2be/0x3d0 [ 16.133290] ? cancel_delayed_work_sync+0x70/0x70 [ 16.133294] kthread+0xc0/0xf0 [ 16.133296] ? kthread_park+0x80/0x80 [ 16.133299] ret_from_fork+0x28/0x40 [ 16.133302] ? kthread_park+0x80/0x80 [ 16.133304] ret_from_fork_asm+0x11/0x20 [ 16.133307] </TASK> [ 16.133308] ---[ end trace 0000000000000000 ]--- [ 16.133335] ieee80211 phy0: PM: dpm_run_callback(): wiphy_resume [cfg80211] returns -110 [ 16.133360] ieee80211 phy0: PM: failed to restore async: error -110 Cc: stable(a)vger.kernel.org Cc: Stanislaw Gruszka <stf_xl(a)wp.pl> Cc: Kalle Valo <kvalo(a)kernel.org> Cc: linux-wireless(a)vger.kernel.org Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/net/wireless/intel/iwlegacy/common.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wireless/intel/iwlegacy/common.h b/drivers/net/wireless/intel/iwlegacy/common.h index 2147781b5fff..758984d527bf 100644 --- a/drivers/net/wireless/intel/iwlegacy/common.h +++ b/drivers/net/wireless/intel/iwlegacy/common.h @@ -2342,6 +2342,8 @@ static inline void il_enable_interrupts(struct il_priv *il) { set_bit(S_INT_ENABLED, &il->status); + _il_wr(il, CSR_INT, 0xffffffff); + _il_wr(il, CSR_FH_INT_STATUS, 0xffffffff); _il_wr(il, CSR_INT_MASK, il->inta_mask); } -- 2.45.2

8 months, 2 weeks

3
4
0 0

FAILED: patch "[PATCH] clk: qcom: clk-rpmh: Fix overflow in BCM vote" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a4e5af27e6f6a8b0d14bc0d7eb04f4a6c7291586 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100719-exploring-umbrella-b6ca@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: a4e5af27e6f6 ("clk: qcom: clk-rpmh: Fix overflow in BCM vote") 2cf7a4cbcb4e ("clk: qcom: rpmh: Simplify clk_rpmh_bcm_send_cmd()") dad4e7fda4bd ("clk: qcom: clk-rpmh: Wait for completion when enabling clocks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a4e5af27e6f6a8b0d14bc0d7eb04f4a6c7291586 Mon Sep 17 00:00:00 2001 From: Mike Tipton <quic_mdtipton(a)quicinc.com> Date: Fri, 9 Aug 2024 10:51:29 +0530 Subject: [PATCH] clk: qcom: clk-rpmh: Fix overflow in BCM vote Valid frequencies may result in BCM votes that exceed the max HW value. Set vote ceiling to BCM_TCS_CMD_VOTE_MASK to ensure the votes aren't truncated, which can result in lower frequencies than desired. Fixes: 04053f4d23a4 ("clk: qcom: clk-rpmh: Add IPA clock support") Cc: stable(a)vger.kernel.org Signed-off-by: Mike Tipton <quic_mdtipton(a)quicinc.com> Reviewed-by: Taniya Das <quic_tdas(a)quicinc.com> Signed-off-by: Imran Shaik <quic_imrashai(a)quicinc.com> Link: https://lore.kernel.org/r/20240809-clk-rpmh-bcm-vote-fix-v2-1-240c584b7ef9@… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/clk/qcom/clk-rpmh.c b/drivers/clk/qcom/clk-rpmh.c index bb82abeed88f..4acde937114a 100644 --- a/drivers/clk/qcom/clk-rpmh.c +++ b/drivers/clk/qcom/clk-rpmh.c @@ -263,6 +263,8 @@ static int clk_rpmh_bcm_send_cmd(struct clk_rpmh *c, bool enable) cmd_state = 0; } + cmd_state = min(cmd_state, BCM_TCS_CMD_VOTE_MASK); + if (c->last_sent_aggr_state != cmd_state) { cmd.addr = c->res_addr; cmd.data = BCM_TCS_CMD(1, enable, 0, cmd_state);

8 months, 2 weeks

2
1
0 0

[PATCH v2 0/8] binder: several fixes for frozen notification

by Carlos Llamas

These are all fixes for the frozen notification patch [1], which as of today hasn't landed in mainline yet. As such, this patchset is rebased on top of the char-misc-next branch. [1] https://lore.kernel.org/all/20240709070047.4055369-2-yutingtseng@google.com/ Cc: stable(a)vger.kernel.org Cc: Yu-Ting Tseng <yutingtseng(a)google.com> Cc: Alice Ryhl <aliceryhl(a)google.com> Cc: Todd Kjos <tkjos(a)google.com> Cc: Martijn Coenen <maco(a)google.com> Cc: Arve Hjønnevåg <arve(a)android.com> Cc: Viktor Martensson <vmartensson(a)google.com> v1: https://lore.kernel.org/all/20240924184401.76043-1-cmllamas@google.com/ v2: * debug output for BINDER_WORK_CLEAR_FREEZE_NOTIFICATION (Alice) * allow notifications for dead nodes instead of EINVAL (Alice) * add fix for memleak of proc->delivered_freeze * add proc->delivered_freeze to debug output * collect tags Carlos Llamas (8): binder: fix node UAF in binder_add_freeze_work() binder: fix OOB in binder_add_freeze_work() binder: fix freeze UAF in binder_release_work() binder: fix BINDER_WORK_FROZEN_BINDER debug logs binder: fix BINDER_WORK_CLEAR_FREEZE_NOTIFICATION debug logs binder: allow freeze notification for dead nodes binder: fix memleak of proc->delivered_freeze binder: add delivered_freeze to debugfs output drivers/android/binder.c | 64 ++++++++++++++++++++++++++++++---------- 1 file changed, 49 insertions(+), 15 deletions(-) -- 2.46.1.824.gd892dcdcdd-goog

8 months, 2 weeks

4
23
0 0

Dell WD19TB Thunderbolt Dock not working with kernel > 6.6.28-1

by Fabian Stäber

Hi, I got a Dell WD19TBS Thunderbolt Dock, and it has been working with Linux for years without issues. However, updating to linux-lts-6.6.29-1 or newer breaks the USB ports on my Dock. Using the latest non-LTS kernel doesn't help, it also breaks the USB ports. Downgrading the kernel to linux-lts-6.6.28-1 works. This is the last working version. I opened a thread on the Arch Linux forum https://bbs.archlinux.org/viewtopic.php?id=299604 with some dmesg output. However, it sounds like this is a regression in the Linux kernel, so I'm posting this here as well. Let me know if you need any more info. Thanks a lot Fabian

8 months, 2 weeks

6
7
0 0

[PATCH 5.15 0/3] Fix block integrity violation of kobject rules

by Thadeu Lima de Souza Cascardo

integrity_kobj did not have a release function and with CONFIG_DEBUG_KOBJECT_RELEASE, a use-after-free would be triggered as its holding struct gendisk would be freed without relying on its refcount. Thomas Weißschuh (3): blk-integrity: use sysfs_emit blk-integrity: convert to struct device_attribute blk-integrity: register sysfs attributes on struct device block/blk-integrity.c | 175 ++++++++++++++--------------------------- block/blk.h | 10 +-- block/genhd.c | 12 +-- include/linux/blkdev.h | 3 - 4 files changed, 66 insertions(+), 134 deletions(-) -- 2.34.1

8 months, 2 weeks

1
3
0 0

Re: [PATCH 6.11 000/558] 6.11.3-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

8 months, 2 weeks

1
0
0 0

[tip: irq/urgent] irqchip/gic-v4: Don't allow a VMOVP on a dying VPE

by tip-bot2 for Marc Zyngier

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 1442ee0011983f0c5c4b92380e6853afb513841a Gitweb: https://git.kernel.org/tip/1442ee0011983f0c5c4b92380e6853afb513841a Author: Marc Zyngier <maz(a)kernel.org> AuthorDate: Wed, 02 Oct 2024 21:49:59 +01:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Tue, 08 Oct 2024 17:44:27 +02:00 irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity for userspace to force a change of affinity for a VPE while the VPE has already been unmapped, but the corresponding doorbell interrupt still visible in /proc/irq/. Plug the race by checking the value of vmapp_count, which tracks whether the VPE is mapped ot not, and returning an error in this case. This involves making vmapp_count common to both GICv4.1 and its v4.0 ancestor. Fixes: 64edfaa9a234 ("irqchip/gic-v4.1: Implement the v4.1 flavour of VMAPP") Reported-by: Kunkun Jiang <jiangkunkun(a)huawei.com> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/c182ece6-2ba0-ce4f-3404-dba7a3ab6c52@huawei.com Link: https://lore.kernel.org/all/20241002204959.2051709-1-maz@kernel.org --- drivers/irqchip/irq-gic-v3-its.c | 18 ++++++++++++------ include/linux/irqchip/arm-gic-v4.h | 4 +++- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c index fdec478..ab597e7 100644 --- a/drivers/irqchip/irq-gic-v3-its.c +++ b/drivers/irqchip/irq-gic-v3-its.c @@ -797,8 +797,8 @@ static struct its_vpe *its_build_vmapp_cmd(struct its_node *its, its_encode_valid(cmd, desc->its_vmapp_cmd.valid); if (!desc->its_vmapp_cmd.valid) { + alloc = !atomic_dec_return(&desc->its_vmapp_cmd.vpe->vmapp_count); if (is_v4_1(its)) { - alloc = !atomic_dec_return(&desc->its_vmapp_cmd.vpe->vmapp_count); its_encode_alloc(cmd, alloc); /* * Unmapping a VPE is self-synchronizing on GICv4.1, @@ -817,13 +817,13 @@ static struct its_vpe *its_build_vmapp_cmd(struct its_node *its, its_encode_vpt_addr(cmd, vpt_addr); its_encode_vpt_size(cmd, LPI_NRBITS - 1); + alloc = !atomic_fetch_inc(&desc->its_vmapp_cmd.vpe->vmapp_count); + if (!is_v4_1(its)) goto out; vconf_addr = virt_to_phys(page_address(desc->its_vmapp_cmd.vpe->its_vm->vprop_page)); - alloc = !atomic_fetch_inc(&desc->its_vmapp_cmd.vpe->vmapp_count); - its_encode_alloc(cmd, alloc); /* @@ -3807,6 +3807,13 @@ static int its_vpe_set_affinity(struct irq_data *d, unsigned long flags; /* + * Check if we're racing against a VPE being destroyed, for + * which we don't want to allow a VMOVP. + */ + if (!atomic_read(&vpe->vmapp_count)) + return -EINVAL; + + /* * Changing affinity is mega expensive, so let's be as lazy as * we can and only do it if we really have to. Also, if mapped * into the proxy device, we need to move the doorbell @@ -4463,9 +4470,8 @@ static int its_vpe_init(struct its_vpe *vpe) raw_spin_lock_init(&vpe->vpe_lock); vpe->vpe_id = vpe_id; vpe->vpt_page = vpt_page; - if (gic_rdists->has_rvpeid) - atomic_set(&vpe->vmapp_count, 0); - else + atomic_set(&vpe->vmapp_count, 0); + if (!gic_rdists->has_rvpeid) vpe->vpe_proxy_event = -1; return 0; diff --git a/include/linux/irqchip/arm-gic-v4.h b/include/linux/irqchip/arm-gic-v4.h index ecabed6..7f1f11a 100644 --- a/include/linux/irqchip/arm-gic-v4.h +++ b/include/linux/irqchip/arm-gic-v4.h @@ -66,10 +66,12 @@ struct its_vpe { bool enabled; bool group; } sgi_config[16]; - atomic_t vmapp_count; }; }; + /* Track the VPE being mapped */ + atomic_t vmapp_count; + /* * Ensures mutual exclusion between affinity setting of the * vPE and vLPI operations using vpe->col_idx.

8 months, 2 weeks

1
0
0 0

[PATCH v2] irqchip/sifive-plic: Unmask interrupt in plic_irq_enable()

by Nam Cao

It is possible that an interrupt is disabled and masked at the same time. When the interrupt is enabled again by enable_irq(), only plic_irq_enable() is called, not plic_irq_unmask(). The interrupt remains masked and never raises. An example where interrupt is both disabled and masked is when handle_fasteoi_irq() is the handler, and IRQS_ONESHOT is set. The interrupt handler: 1. Mask the interrupt 2. Handle the interrupt 3. Check if interrupt is still enabled, and unmask it (see cond_unmask_eoi_irq()) If another task disables the interrupt in the middle of the above steps, the interrupt will not get unmasked, and will remain masked when it is enabled in the future. The problem is occasionally observed when PREEMPT_RT is enabled, because PREEMPT_RT add the IRQS_ONESHOT flag. But PREEMPT_RT only makes the problem more likely to appear, the bug has been around since commit a1706a1c5062 ("irqchip/sifive-plic: Separate the enable and mask operations"). Fix it by unmasking interrupt in plic_irq_enable(). Fixes: a1706a1c5062 ("irqchip/sifive-plic: Separate the enable and mask operations") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- v2: re-use plic_irq_unmask() instead of duplicating its code drivers/irqchip/irq-sifive-plic.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/drivers/irqchip/irq-sifive-plic.c b/drivers/irqchip/irq-sifive-plic.c index 2f6ef5c495bd..503d36d5a869 100644 --- a/drivers/irqchip/irq-sifive-plic.c +++ b/drivers/irqchip/irq-sifive-plic.c @@ -126,16 +126,6 @@ static inline void plic_irq_toggle(const struct cpumask *mask, } } -static void plic_irq_enable(struct irq_data *d) -{ - plic_irq_toggle(irq_data_get_effective_affinity_mask(d), d, 1); -} - -static void plic_irq_disable(struct irq_data *d) -{ - plic_irq_toggle(irq_data_get_effective_affinity_mask(d), d, 0); -} - static void plic_irq_unmask(struct irq_data *d) { struct plic_priv *priv = irq_data_get_irq_chip_data(d); @@ -150,6 +140,17 @@ static void plic_irq_mask(struct irq_data *d) writel(0, priv->regs + PRIORITY_BASE + d->hwirq * PRIORITY_PER_ID); } +static void plic_irq_enable(struct irq_data *d) +{ + plic_irq_toggle(irq_data_get_effective_affinity_mask(d), d, 1); + plic_irq_unmask(d); +} + +static void plic_irq_disable(struct irq_data *d) +{ + plic_irq_toggle(irq_data_get_effective_affinity_mask(d), d, 0); +} + static void plic_irq_eoi(struct irq_data *d) { struct plic_handler *handler = this_cpu_ptr(&plic_handlers); -- 2.39.5

8 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] drm/xe/vm: move xa_alloc to prevent UAF" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 74231870cf4976f69e83aa24f48edb16619f652f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100727-compacted-armored-bbce@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 74231870cf49 ("drm/xe/vm: move xa_alloc to prevent UAF") 9e3c85ddea7a ("drm/xe: Clean up VM / exec queue file lock usage.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 74231870cf4976f69e83aa24f48edb16619f652f Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Wed, 25 Sep 2024 08:14:27 +0100 Subject: [PATCH] drm/xe/vm: move xa_alloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc all the way to the end to prevent this. v2: - Rebase Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240925071426.144015-3-matth… (cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 31fe31db3fdc..ce9dca4d4e87 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1765,10 +1765,6 @@ int xe_vm_create_ioctl(struct drm_device *dev, void *data, if (IS_ERR(vm)) return PTR_ERR(vm); - err = xa_alloc(&xef->vm.xa, &id, vm, xa_limit_32b, GFP_KERNEL); - if (err) - goto err_close_and_put; - if (xe->info.has_asid) { down_write(&xe->usm.lock); err = xa_alloc_cyclic(&xe->usm.asid_to_vm, &asid, vm, @@ -1776,12 +1772,11 @@ int xe_vm_create_ioctl(struct drm_device *dev, void *data, &xe->usm.next_asid, GFP_KERNEL); up_write(&xe->usm.lock); if (err < 0) - goto err_free_id; + goto err_close_and_put; vm->usm.asid = asid; } - args->vm_id = id; vm->xef = xe_file_get(xef); /* Record BO memory for VM pagetable created against client */ @@ -1794,10 +1789,15 @@ int xe_vm_create_ioctl(struct drm_device *dev, void *data, args->reserved[0] = xe_bo_main_addr(vm->pt_root[0]->bo, XE_PAGE_SIZE); #endif + /* user id alloc must always be last in ioctl to prevent UAF */ + err = xa_alloc(&xef->vm.xa, &id, vm, xa_limit_32b, GFP_KERNEL); + if (err) + goto err_close_and_put; + + args->vm_id = id; + return 0; -err_free_id: - xa_erase(&xef->vm.xa, id); err_close_and_put: xe_vm_close_and_put(vm);

8 months, 2 weeks

3
2
0 0

+ mm-mremap-prevent-racing-change-of-old-pmd-type.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/mremap: prevent racing change of old pmd type has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-mremap-prevent-racing-change-of-old-pmd-type.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/mremap: prevent racing change of old pmd type Date: Wed, 02 Oct 2024 23:07:06 +0200 Prevent move_normal_pmd() in mremap() from racing with retract_page_tables() in MADVISE_COLLAPSE such that pmd_populate(mm, new_pmd, pmd_pgtable(pmd)) operates on an empty source pmd, causing creation of a new pmd which maps physical address 0 as a page table. This bug is only reachable if either CONFIG_READ_ONLY_THP_FOR_FS is set or THP shmem is usable. (Unprivileged namespaces can be used to set up a tmpfs that can contain THP shmem pages with "huge=advise".) If userspace triggers this bug *in multiple processes*, this could likely be used to create stale TLB entries pointing to freed pages or cause kernel UAF by breaking an invariant the rmap code relies on. Fix it by moving the rmap locking up so that it covers the span from reading the PMD entry to moving the page table. Link: https://lkml.kernel.org/r/20241002-move_normal_pmd-vs-collapse-fix-v1-1-782… Fixes: 1d65b771bc08 ("mm/khugepaged: retract_page_tables() without mmap or vma lock") Signed-off-by: Jann Horn <jannh(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mremap.c | 68 +++++++++++++++++++++++++++----------------------- 1 file changed, 38 insertions(+), 30 deletions(-) --- a/mm/mremap.c~mm-mremap-prevent-racing-change-of-old-pmd-type +++ a/mm/mremap.c @@ -136,17 +136,17 @@ static pte_t move_soft_dirty_pte(pte_t p static int move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, unsigned long old_addr, unsigned long old_end, struct vm_area_struct *new_vma, pmd_t *new_pmd, - unsigned long new_addr, bool need_rmap_locks) + unsigned long new_addr) { struct mm_struct *mm = vma->vm_mm; pte_t *old_pte, *new_pte, pte; spinlock_t *old_ptl, *new_ptl; bool force_flush = false; unsigned long len = old_end - old_addr; - int err = 0; /* - * When need_rmap_locks is true, we take the i_mmap_rwsem and anon_vma + * When need_rmap_locks is true in the caller, we are holding the + * i_mmap_rwsem and anon_vma * locks to ensure that rmap will always observe either the old or the * new ptes. This is the easiest way to avoid races with * truncate_pagecache(), page migration, etc... @@ -163,23 +163,18 @@ static int move_ptes(struct vm_area_stru * serialize access to individual ptes, but only rmap traversal * order guarantees that we won't miss both the old and new ptes). */ - if (need_rmap_locks) - take_rmap_locks(vma); /* * We don't have to worry about the ordering of src and dst * pte locks because exclusive mmap_lock prevents deadlock. */ old_pte = pte_offset_map_lock(mm, old_pmd, old_addr, &old_ptl); - if (!old_pte) { - err = -EAGAIN; - goto out; - } + if (!old_pte) + return -EAGAIN; new_pte = pte_offset_map_nolock(mm, new_pmd, new_addr, &new_ptl); if (!new_pte) { pte_unmap_unlock(old_pte, old_ptl); - err = -EAGAIN; - goto out; + return -EAGAIN; } if (new_ptl != old_ptl) spin_lock_nested(new_ptl, SINGLE_DEPTH_NESTING); @@ -217,10 +212,7 @@ static int move_ptes(struct vm_area_stru spin_unlock(new_ptl); pte_unmap(new_pte - 1); pte_unmap_unlock(old_pte - 1, old_ptl); -out: - if (need_rmap_locks) - drop_rmap_locks(vma); - return err; + return 0; } #ifndef arch_supports_page_table_move @@ -447,17 +439,14 @@ static __always_inline unsigned long get /* * Attempts to speedup the move by moving entry at the level corresponding to * pgt_entry. Returns true if the move was successful, else false. + * rmap locks are held by the caller. */ static bool move_pgt_entry(enum pgt_entry entry, struct vm_area_struct *vma, unsigned long old_addr, unsigned long new_addr, - void *old_entry, void *new_entry, bool need_rmap_locks) + void *old_entry, void *new_entry) { bool moved = false; - /* See comment in move_ptes() */ - if (need_rmap_locks) - take_rmap_locks(vma); - switch (entry) { case NORMAL_PMD: moved = move_normal_pmd(vma, old_addr, new_addr, old_entry, @@ -483,9 +472,6 @@ static bool move_pgt_entry(enum pgt_entr break; } - if (need_rmap_locks) - drop_rmap_locks(vma); - return moved; } @@ -550,6 +536,7 @@ unsigned long move_page_tables(struct vm struct mmu_notifier_range range; pmd_t *old_pmd, *new_pmd; pud_t *old_pud, *new_pud; + int move_res; if (!len) return 0; @@ -573,6 +560,12 @@ unsigned long move_page_tables(struct vm old_addr, old_end); mmu_notifier_invalidate_range_start(&range); + /* + * Hold rmap locks to ensure the type of the old PUD/PMD entry doesn't + * change under us due to khugepaged or folio splitting. + */ + take_rmap_locks(vma); + for (; old_addr < old_end; old_addr += extent, new_addr += extent) { cond_resched(); /* @@ -590,14 +583,14 @@ unsigned long move_page_tables(struct vm if (pud_trans_huge(*old_pud) || pud_devmap(*old_pud)) { if (extent == HPAGE_PUD_SIZE) { move_pgt_entry(HPAGE_PUD, vma, old_addr, new_addr, - old_pud, new_pud, need_rmap_locks); + old_pud, new_pud); /* We ignore and continue on error? */ continue; } } else if (IS_ENABLED(CONFIG_HAVE_MOVE_PUD) && extent == PUD_SIZE) { if (move_pgt_entry(NORMAL_PUD, vma, old_addr, new_addr, - old_pud, new_pud, true)) + old_pud, new_pud)) continue; } @@ -613,7 +606,7 @@ again: pmd_devmap(*old_pmd)) { if (extent == HPAGE_PMD_SIZE && move_pgt_entry(HPAGE_PMD, vma, old_addr, new_addr, - old_pmd, new_pmd, need_rmap_locks)) + old_pmd, new_pmd)) continue; split_huge_pmd(vma, old_pmd, old_addr); } else if (IS_ENABLED(CONFIG_HAVE_MOVE_PMD) && @@ -623,17 +616,32 @@ again: * moving at the PMD level if possible. */ if (move_pgt_entry(NORMAL_PMD, vma, old_addr, new_addr, - old_pmd, new_pmd, true)) + old_pmd, new_pmd)) continue; } if (pmd_none(*old_pmd)) continue; - if (pte_alloc(new_vma->vm_mm, new_pmd)) + + /* + * Temporarily drop the rmap locks while we do a potentially + * slow move_ptes() operation, unless move_ptes() wants them + * held (see comment inside there). + */ + if (!need_rmap_locks) + drop_rmap_locks(vma); + if (pte_alloc(new_vma->vm_mm, new_pmd)) { + if (!need_rmap_locks) + take_rmap_locks(vma); break; - if (move_ptes(vma, old_pmd, old_addr, old_addr + extent, - new_vma, new_pmd, new_addr, need_rmap_locks) < 0) + } + move_res = move_ptes(vma, old_pmd, old_addr, old_addr + extent, + new_vma, new_pmd, new_addr); + if (!need_rmap_locks) + take_rmap_locks(vma); + if (move_res < 0) goto again; } + drop_rmap_locks(vma); mmu_notifier_invalidate_range_end(&range); _ Patches currently in -mm which might be from jannh(a)google.com are mm-mremap-prevent-racing-change-of-old-pmd-type.patch

8 months, 2 weeks

3
2
0 0

[PATCH 00/15] media: stm32: introduction of CSI / DCMIPP for STM32MP25

by Alain Volmat

This series introduces the camera pipeline support for the STM32MP25 SOC. The STM32MP25 has 3 pipelines, fed from a single camera input which can be either parallel or csi. This series adds the basic support for the 1st pipe (dump) which, in term of features is same as the one featured on the STM32MP13 SOC. It focuses on introduction of the CSI input stage for the DCMIPP, and the CSI specific new control code for the DCMIPP. One of the subdev of the DCMIPP, dcmipp_parallel is now renamed as dcmipp_input since it allows to not only control the parallel but also the csi interface. Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> --- Alain Volmat (15): media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value dt-bindings: media: addition of stm32 csi driver description media: stm32: csi: addition of the STM32 CSI driver media: stm32: dcmipp: use v4l2_subdev_is_streaming media: stm32: dcmipp: replace s_stream with enable/disable_streams media: stm32: dcmipp: rename dcmipp_parallel into dcmipp_input media: stm32: dcmipp: add support for csi input into dcmipp-input media: stm32: dcmipp: add bayer 10~14 bits formats media: stm32: dcmipp: add 1X16 RGB / YUV formats support media: stm32: dcmipp: avoid duplicated format on enum in bytecap media: stm32: dcmipp: fill media ctl hw_revision field dt-bindings: media: addition of stm32mp25 compatible of DCMIPP media: stm32: dcmipp: add core support for the stm32mp25 arm64: dts: st: add csi & dcmipp node in stm32mp25 arm64: dts: st: enable imx335/csi/dcmipp pipeline on stm32mp257f-ev1 .../devicetree/bindings/media/st,stm32-csi.yaml | 129 +++ .../devicetree/bindings/media/st,stm32-dcmipp.yaml | 53 +- MAINTAINERS | 8 + arch/arm64/boot/dts/st/stm32mp251.dtsi | 23 + arch/arm64/boot/dts/st/stm32mp257f-ev1.dts | 87 ++ drivers/media/platform/st/stm32/Kconfig | 14 + drivers/media/platform/st/stm32/Makefile | 1 + drivers/media/platform/st/stm32/stm32-csi.c | 1150 ++++++++++++++++++++ .../media/platform/st/stm32/stm32-dcmipp/Makefile | 2 +- .../st/stm32/stm32-dcmipp/dcmipp-bytecap.c | 128 ++- .../st/stm32/stm32-dcmipp/dcmipp-byteproc.c | 119 +- .../platform/st/stm32/stm32-dcmipp/dcmipp-common.h | 4 +- .../platform/st/stm32/stm32-dcmipp/dcmipp-core.c | 116 +- .../platform/st/stm32/stm32-dcmipp/dcmipp-input.c | 540 +++++++++ .../st/stm32/stm32-dcmipp/dcmipp-parallel.c | 440 -------- 15 files changed, 2238 insertions(+), 576 deletions(-) --- base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc change-id: 20241007-csi_dcmipp_mp25-7779601f57da Best regards, -- Alain Volmat <alain.volmat(a)foss.st.com>

8 months, 2 weeks

2
2
0 0

[PATCH] vdpa: solidrun: Fix UB bug with devres

by Philipp Stanner

In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() nor the functions it calls copy that string. Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared. Fix the bug by allocating the strings on the heap through devm_kasprintf(). Cc: stable(a)vger.kernel.org # v6.3 Fixes: 51a8f9d7f587 ("virtio: vdpa: new SolidNET DPU driver.") Reported-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Closes: https://lore.kernel.org/all/74e9109a-ac59-49e2-9b1d-d825c9c9f891@wanadoo.fr/ Suggested-by: Andy Shevchenko <andy(a)kernel.org> Signed-off-by: Philipp Stanner <pstanner(a)redhat.com> --- drivers/vdpa/solidrun/snet_main.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/vdpa/solidrun/snet_main.c b/drivers/vdpa/solidrun/snet_main.c index 99428a04068d..c8b74980dbd1 100644 --- a/drivers/vdpa/solidrun/snet_main.c +++ b/drivers/vdpa/solidrun/snet_main.c @@ -555,7 +555,7 @@ static const struct vdpa_config_ops snet_config_ops = { static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) { - char name[50]; + char *name; int ret, i, mask = 0; /* We don't know which BAR will be used to communicate.. * We will map every bar with len > 0. @@ -573,7 +573,10 @@ static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) return -ENODEV; } - snprintf(name, sizeof(name), "psnet[%s]-bars", pci_name(pdev)); + name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "psnet[%s]-bars", pci_name(pdev)); + if (!name) + return -ENOMEM; + ret = pcim_iomap_regions(pdev, mask, name); if (ret) { SNET_ERR(pdev, "Failed to request and map PCI BARs\n"); @@ -590,10 +593,13 @@ static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) static int snet_open_vf_bar(struct pci_dev *pdev, struct snet *snet) { - char name[50]; + char *name; int ret; - snprintf(name, sizeof(name), "snet[%s]-bar", pci_name(pdev)); + name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "snet[%s]-bars", pci_name(pdev)); + if (!name) + return -ENOMEM; + /* Request and map BAR */ ret = pcim_iomap_regions(pdev, BIT(snet->psnet->cfg.vf_bar), name); if (ret) { -- 2.46.1

8 months, 2 weeks

1
0
0 0

[PATCH] [PATCH v3] perf/x86/amd: check event before enable to avoid GPF

by George Kennedy

On AMD machines cpuc->events[idx] can become NULL in a subtle race condition with NMI->throttle->x86_pmu_stop(). Check event for NULL in amd_pmu_enable_all() before enable to avoid a GPF. This appears to be an AMD only issue. Syzkaller reported a GPF in amd_pmu_enable_all. INFO: NMI handler (perf_event_nmi_handler) took too long to run: 13.143 msecs Oops: general protection fault, probably for non-canonical address 0xdffffc0000000034: 0000 PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000001a0-0x00000000000001a7] CPU: 0 UID: 0 PID: 328415 Comm: repro_36674776 Not tainted 6.12.0-rc1-syzk RIP: 0010:x86_pmu_enable_event (arch/x86/events/perf_event.h:1195 arch/x86/events/core.c:1430) RSP: 0018:ffff888118009d60 EFLAGS: 00010012 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000034 RSI: 0000000000000000 RDI: 00000000000001a0 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002 R13: ffff88811802a440 R14: ffff88811802a240 R15: ffff8881132d8601 FS: 00007f097dfaa700(0000) GS:ffff888118000000(0000) GS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200001c0 CR3: 0000000103d56000 CR4: 00000000000006f0 Call Trace: <IRQ> amd_pmu_enable_all (arch/x86/events/amd/core.c:760 (discriminator 2)) x86_pmu_enable (arch/x86/events/core.c:1360) event_sched_out (kernel/events/core.c:1191 kernel/events/core.c:1186 kernel/events/core.c:2346) __perf_remove_from_context (kernel/events/core.c:2435) event_function (kernel/events/core.c:259) remote_function (kernel/events/core.c:92 (discriminator 1) kernel/events/core.c:72 (discriminator 1)) __flush_smp_call_function_queue (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/csd.h:64 kernel/smp.c:135 kernel/smp.c:540) __sysvec_call_function_single (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./arch/x86/include/asm/trace/irq_vectors.h:99 arch/x86/kernel/smp.c:272) sysvec_call_function_single (arch/x86/kernel/smp.c:266 (discriminator 47) arch/x86/kernel/smp.c:266 (discriminator 47)) </IRQ> Reported-by: syzkaller <syzkaller(a)googlegroups.com> Signed-off-by: George Kennedy <george.kennedy(a)oracle.com> --- Suggested comment now with the code. arch/x86/events/amd/core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c index 920e3a640cad..6615ace15f5d 100644 --- a/arch/x86/events/amd/core.c +++ b/arch/x86/events/amd/core.c @@ -762,7 +762,12 @@ static void amd_pmu_enable_all(int added) if (!test_bit(idx, cpuc->active_mask)) continue; - amd_pmu_enable_event(cpuc->events[idx]); + /* + * FIXME: cpuc->events[idx] can become NULL in a subtle race + * condition with NMI->throttle->x86_pmu_stop(). + */ + if (cpuc->events[idx]) + amd_pmu_enable_event(cpuc->events[idx]); } } -- 2.39.3

8 months, 2 weeks

2
1
0 0

[PATCH RFC 6.6.y 00/15] Some missing CVE fixes

by Vegard Nossum

Hi, We noticed some cases where a mainline commit that fixes a CVE has a Fixes: tag pointing to a commit that has been backported to 6.6 but where the fix is not present. Harshit and I have backported some of these patches. We are not subsystem experts and that's why we have marked this series as RFC -- any review or feedback is welcome. We've tried to document the conflicts and their causes in the changelogs. We haven't done targeted testing beyond our usual stable tests, but this includes for example the netfilter test suite, which did not show any new failures. Greg: feel free to take these patches or leave it as you want. Conflict resolution always comes with the risk of missing something and we want to be up-front about that. On the other hand, these were identified as CVE fixes so presumably we're not the only ones who want them. [Note: we added some other people to Cc that we think would be interested, let me know privately if you don't want to receive emails like these in the future.] Thanks, Vegard --- Benjamin Gaignard (1): media: usbtv: Remove useless locks in usbtv_video_free() Chen Yu (1): efi/unaccepted: touch soft lockup during memory accept Christophe JAILLET (1): null_blk: Remove usage of the deprecated ida_simple_xx() API Luiz Augusto von Dentz (3): Bluetooth: hci_sock: Fix not validating setsockopt user input Bluetooth: ISO: Fix not validating setsockopt user input Bluetooth: L2CAP: Fix not validating setsockopt user input Mads Bligaard Nielsen (1): drm/bridge: adv7511: fix crash on irq during probe Mark Pearson (1): platform/x86: think-lmi: Fix password opcode ordering for workstations Nicolin Chen (1): iommufd: Fix protection fault in iommufd_test_syz_conv_iova Pablo Neira Ayuso (2): netfilter: nf_tables: fix memleak in map from abort path netfilter: nf_tables: restore set elements when delete set fails Vladimir Oltean (1): net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Xiaolei Wang (1): net: stmmac: move the EST lock to struct stmmac_priv Yu Kuai (1): null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Zhihao Cheng (1): ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path drivers/block/null_blk/main.c | 44 ++++++++------ drivers/firmware/efi/unaccepted_memory.c | 4 ++ drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 22 +++---- drivers/iommu/iommufd/selftest.c | 27 +++++++-- drivers/media/usb/usbtv/usbtv-video.c | 7 --- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 + .../net/ethernet/stmicro/stmmac/stmmac_ptp.c | 8 +-- .../net/ethernet/stmicro/stmmac/stmmac_tc.c | 18 +++--- drivers/platform/x86/think-lmi.c | 16 +++--- fs/ubifs/dir.c | 2 + include/linux/stmmac.h | 1 - net/bluetooth/hci_sock.c | 21 +++---- net/bluetooth/iso.c | 36 ++++-------- net/bluetooth/l2cap_sock.c | 52 +++++++---------- net/dsa/slave.c | 7 ++- net/netfilter/nf_tables_api.c | 57 +++++++++++++++++-- net/netfilter/nft_set_bitmap.c | 4 +- net/netfilter/nft_set_hash.c | 8 +-- net/netfilter/nft_set_pipapo.c | 5 +- net/netfilter/nft_set_rbtree.c | 4 +- 20 files changed, 192 insertions(+), 153 deletions(-) -- 2.34.1

8 months, 2 weeks

10
38
0 0

[PATCH for 6.12] ASoC: SOF: Intel: hda-loader: do not wait for HDaudio IOC

by Peter Ujfalusi

From: Kai Vehmanen <kai.vehmanen(a)linux.intel.com> Commit 9ee3f0d8c999 ("ASOC: SOF: Intel: hda-loader: only wait for HDaudio IOC for IPC4 devices") removed DMA wait for IPC3 case. Proceed and remove the wait for IPC4 devices as well. There is no dependency to IPC version in the load logic and checking the firmware status is a sufficient check in case of errors. The removed code also had a bug in that -ETIMEDOUT is returned without stopping the DMA transfer. Cc: stable(a)vger.kernel.org Link: https://github.com/thesofproject/linux/issues/5135 Fixes: 9ee3f0d8c999 ("ASOC: SOF: Intel: hda-loader: only wait for HDaudio IOC for IPC4 devices") Suggested-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Signed-off-by: Kai Vehmanen <kai.vehmanen(a)linux.intel.com> Reviewed-by: Péter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> --- sound/soc/sof/intel/hda-loader.c | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/sound/soc/sof/intel/hda-loader.c b/sound/soc/sof/intel/hda-loader.c index 75f6240cf3e1..9d8ebb7c6a10 100644 --- a/sound/soc/sof/intel/hda-loader.c +++ b/sound/soc/sof/intel/hda-loader.c @@ -294,14 +294,9 @@ int hda_cl_copy_fw(struct snd_sof_dev *sdev, struct hdac_ext_stream *hext_stream { struct sof_intel_hda_dev *hda = sdev->pdata->hw_pdata; const struct sof_intel_dsp_desc *chip = hda->desc; - struct sof_intel_hda_stream *hda_stream; - unsigned long time_left; unsigned int reg; int ret, status; - hda_stream = container_of(hext_stream, struct sof_intel_hda_stream, - hext_stream); - dev_dbg(sdev->dev, "Code loader DMA starting\n"); ret = hda_cl_trigger(sdev->dev, hext_stream, SNDRV_PCM_TRIGGER_START); @@ -310,18 +305,6 @@ int hda_cl_copy_fw(struct snd_sof_dev *sdev, struct hdac_ext_stream *hext_stream return ret; } - if (sdev->pdata->ipc_type == SOF_IPC_TYPE_4) { - /* Wait for completion of transfer */ - time_left = wait_for_completion_timeout(&hda_stream->ioc, - msecs_to_jiffies(HDA_CL_DMA_IOC_TIMEOUT_MS)); - - if (!time_left) { - dev_err(sdev->dev, "Code loader DMA did not complete\n"); - return -ETIMEDOUT; - } - dev_dbg(sdev->dev, "Code loader DMA done\n"); - } - dev_dbg(sdev->dev, "waiting for FW_ENTERED status\n"); status = snd_sof_dsp_read_poll_timeout(sdev, HDA_DSP_BAR, -- 2.46.2

8 months, 2 weeks

2
1
0 0

[PATCH v4 0/2] drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration

by Yonatan Maman

From: Yonatan Maman <Ymaman(a)Nvidia.com> This patch series addresses two critical issues in the Nouveau driver related to device channels, error handling, and sensitive data leaks. - Vulnerability in migrate_to_ram: The migrate_to_ram function might return a dirty HIGH_USER page when a copy push command (FW channel) fails, potentially exposing sensitive data and posing a security risk. To mitigate this, the patch ensures the allocation of a non-dirty (zero) page for the destination, preventing the return of a dirty page and enhancing driver security in case of failure. - Privileged Error in Copy Engine Channel: An error was observed when the nouveau_dmem_copy_one function is executed, leading to a Host Copy Engine Privileged error on channel 1. The patch resolves this by adjusting the Copy Engine channel configuration to permit privileged push commands, resolving the error. Changes since V3: - Fixed version according to Danilo Krummrich's comments. Yonatan Maman (2): nouveau/dmem: Fix privileged error in copy engine channel nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- 2.34.1

8 months, 2 weeks

3
4
0 0

[PATCH] fcntl: make F_DUPFD_QUERY associative

by Christian Brauner

Currently when passing a closed file descriptor to fcntl(fd, F_DUPFD_QUERY, fd_dup) the order matters: fd = open("/dev/null"); fd_dup = dup(fd); When we now close one of the file descriptors we get: (1) fcntl(fd, fd_dup) // -EBADF (2) fcntl(fd_dup, fd) // 0 aka not equal depending on which file descriptor is passed first. That's not a huge deal but it gives the api I slightly weird feel. Make it so that the order doesn't matter by requiring that both file descriptors are valid: (1') fcntl(fd, fd_dup) // -EBADF (2') fcntl(fd_dup, fd) // -EBADF Fixes: c62b758bae6a ("fcntl: add F_DUPFD_QUERY fcntl()") Cc: <stable(a)vger.kernel.org> Reported-by: Lennart Poettering <lennart(a)poettering.net> Signed-off-by: Christian Brauner <brauner(a)kernel.org> --- fs/fcntl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/fcntl.c b/fs/fcntl.c index 22dd9dcce7ec..3d89de31066a 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -397,6 +397,9 @@ static long f_dupfd_query(int fd, struct file *filp) { CLASS(fd_raw, f)(fd); + if (fd_empty(f)) + return -EBADF; + /* * We can do the 'fdput()' immediately, as the only thing that * matters is the pointer value which isn't changed by the fdput. -- 2.45.2

8 months, 2 weeks

3
3
0 0

[PATCH 0/3] media: uvcvideo: Support partial control reads and minor changes

by Ricardo Ribalda

Some cameras do not return all the bytes requested from a control if it can fit in less bytes. Eg: returning 0xab instead of 0x00ab. Support these devices. Also, now that we are at it, improve uvc_query_ctrl(). Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Ricardo Ribalda (3): media: uvcvideo: Support partial control reads media: uvcvideo: Refactor uvc_query_ctrl media: uvcvideo: Add more logging to uvc_query_ctrl_error() drivers/media/usb/uvc/uvc_video.c | 44 +++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 16 deletions(-) --- base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc change-id: 20241008-uvc-readless-23f9b8cad0b3 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

8 months, 2 weeks

2
2
0 0

[PATCH v3 0/2] drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration

by Yonatan Maman

From: Yonatan Maman <Ymaman(a)Nvidia.com> This patch series addresses two critical issues in the Nouveau driver related to device channels, error handling, and sensitive data leaks. - Vulnerability in migrate_to_ram: The migrate_to_ram function might return a dirty HIGH_USER page when a copy push command (FW channel) fails, potentially exposing sensitive data and posing a security risk. To mitigate this, the patch ensures the allocation of a non-dirty (zero) page for the destination, preventing the return of a dirty page and enhancing driver security in case of failure. - Privileged Error in Copy Engine Channel: An error was observed when the nouveau_dmem_copy_one function is executed, leading to a Host Copy Engine Privileged error on channel 1. The patch resolves this by adjusting the Copy Engine channel configuration to permit privileged push commands, resolving the error. Changes since V2: - Fixed version according to Danilo Krummrich's comments. Yonatan Maman (2): nouveau/dmem: Fix privileged error in copy engine channel nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- 2.34.1

8 months, 2 weeks

3
4
0 0

[PATCH 6.1.y 1/5] erofs: get rid of erofs_inode_datablocks()

by Gao Xiang

commit 4efdec36dc9907628e590a68193d6d8e5e74d032 upstream. erofs_inode_datablocks() has the only one caller, let's just get rid of it entirely. No logic changes. Reviewed-by: Yue Hu <huyue2(a)coolpad.com> Reviewed-by: Jingbo Xu <jefflexu(a)linux.alibaba.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Stable-dep-of: 9ed50b8231e3 ("erofs: fix incorrect symlink detection in fast symlink") Link: https://lore.kernel.org/r/20230204093040.97967-1-hsiangkao@linux.alibaba.com [ Gao Xiang: apply this to 6.6.y to avoid further backport twists due to obsoleted EROFS_BLKSIZ. ] Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- Obsoleted EROFS_BLKSIZ impedes efforts to backport 9ed50b8231e3 ("erofs: fix incorrect symlink detection in fast symlink") 9e2f9d34dd12 ("erofs: handle overlapped pclusters out of crafted images properly") To avoid further bugfix conflicts due to random EROFS_BLKSIZs around the whole codebase, just backport the dependencies for 6.1.y. fs/erofs/internal.h | 6 ------ fs/erofs/namei.c | 18 +++++------------- 2 files changed, 5 insertions(+), 19 deletions(-) diff --git a/fs/erofs/internal.h b/fs/erofs/internal.h index 79a7a5815ea6..30d464230ae0 100644 --- a/fs/erofs/internal.h +++ b/fs/erofs/internal.h @@ -347,12 +347,6 @@ static inline erofs_off_t erofs_iloc(struct inode *inode) (EROFS_I(inode)->nid << sbi->islotbits); } -static inline unsigned long erofs_inode_datablocks(struct inode *inode) -{ - /* since i_size cannot be changed */ - return DIV_ROUND_UP(inode->i_size, EROFS_BLKSIZ); -} - static inline unsigned int erofs_bitrange(unsigned int value, unsigned int bit, unsigned int bits) { diff --git a/fs/erofs/namei.c b/fs/erofs/namei.c index e8ccaa761bd6..642431350bea 100644 --- a/fs/erofs/namei.c +++ b/fs/erofs/namei.c @@ -5,7 +5,6 @@ * Copyright (C) 2022, Alibaba Cloud */ #include "xattr.h" - #include <trace/events/erofs.h> struct erofs_qstr { @@ -87,19 +86,13 @@ static struct erofs_dirent *find_target_dirent(struct erofs_qstr *name, return ERR_PTR(-ENOENT); } -static void *find_target_block_classic(struct erofs_buf *target, - struct inode *dir, - struct erofs_qstr *name, - int *_ndirents) +static void *erofs_find_target_block(struct erofs_buf *target, + struct inode *dir, struct erofs_qstr *name, int *_ndirents) { - unsigned int startprfx, endprfx; - int head, back; + int head = 0, back = DIV_ROUND_UP(dir->i_size, EROFS_BLKSIZ) - 1; + unsigned int startprfx = 0, endprfx = 0; void *candidate = ERR_PTR(-ENOENT); - startprfx = endprfx = 0; - head = 0; - back = erofs_inode_datablocks(dir) - 1; - while (head <= back) { const int mid = head + (back - head) / 2; struct erofs_buf buf = __EROFS_BUF_INITIALIZER; @@ -180,8 +173,7 @@ int erofs_namei(struct inode *dir, const struct qstr *name, erofs_nid_t *nid, qn.end = name->name + name->len; ndirents = 0; - - de = find_target_block_classic(&buf, dir, &qn, &ndirents); + de = erofs_find_target_block(&buf, dir, &qn, &ndirents); if (IS_ERR(de)) return PTR_ERR(de); -- 2.43.5

8 months, 2 weeks

2
6
0 0

[PATCH 4.19] btrfs: get rid of warning on transaction commit when using flushoncommit

by hsimeliere.opensource＠witekio.com

From: Filipe Manana <fdmanana(a)suse.com> commit a0f0cf8341e34e5d2265bfd3a7ad68342da1e2aa upstream. When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from __writeback_inodes_sb_nr(): $ cat fs/fs-writeback.c: (...) static void __writeback_inodes_sb_nr(struct super_block *sb, ... { (...) WARN_ON(!rwsem_is_locked(&sb->s_umount)); (...) } (...) The trace produced in dmesg looks like the following: [947.473890] WARNING: CPU: 5 PID: 930 at fs/fs-writeback.c:2610 __writeback_inodes_sb_nr+0x7e/0xb3 [947.481623] Modules linked in: nfsd nls_cp437 cifs asn1_decoder cifs_arc4 fscache cifs_md4 ipmi_ssif [947.489571] CPU: 5 PID: 930 Comm: btrfs-transacti Not tainted 95.16.3-srb-asrock-00001-g36437ad63879 #186 [947.497969] RIP: 0010:__writeback_inodes_sb_nr+0x7e/0xb3 [947.502097] Code: 24 10 4c 89 44 24 18 c6 (...) [947.519760] RSP: 0018:ffffc90000777e10 EFLAGS: 00010246 [947.523818] RAX: 0000000000000000 RBX: 0000000000963300 RCX: 0000000000000000 [947.529765] RDX: 0000000000000000 RSI: 000000000000fa51 RDI: ffffc90000777e50 [947.535740] RBP: ffff888101628a90 R08: ffff888100955800 R09: ffff888100956000 [947.541701] R10: 0000000000000002 R11: 0000000000000001 R12: ffff888100963488 [947.547645] R13: ffff888100963000 R14: ffff888112fb7200 R15: ffff888100963460 [947.553621] FS: 0000000000000000(0000) GS:ffff88841fd40000(0000) knlGS:0000000000000000 [947.560537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [947.565122] CR2: 0000000008be50c4 CR3: 000000000220c000 CR4: 00000000001006e0 [947.571072] Call Trace: [947.572354] <TASK> [947.573266] btrfs_commit_transaction+0x1f1/0x998 [947.576785] ? start_transaction+0x3ab/0x44e [947.579867] ? schedule_timeout+0x8a/0xdd [947.582716] transaction_kthread+0xe9/0x156 [947.585721] ? btrfs_cleanup_transaction.isra.0+0x407/0x407 [947.590104] kthread+0x131/0x139 [947.592168] ? set_kthread_struct+0x32/0x32 [947.595174] ret_from_fork+0x22/0x30 [947.597561] </TASK> [947.598553] ---[ end trace 644721052755541c ]--- This is because we started using writeback_inodes_sb() to flush delalloc when committing a transaction (when using -o flushoncommit), in order to avoid deadlocks with filesystem freeze operations. This change was made by commit ce8ea7cc6eb313 ("btrfs: don't call btrfs_start_delalloc_roots in flushoncommit"). After that change we started producing that warning, and every now and then a user reports this since the warning happens too often, it spams dmesg/syslog, and a user is unsure if this reflects any problem that might compromise the filesystem's reliability. We can not just lock the sb->s_umount semaphore before calling writeback_inodes_sb(), because that would at least deadlock with filesystem freezing, since at fs/super.c:freeze_super() sync_filesystem() is called while we are holding that semaphore in write mode, and that can trigger a transaction commit, resulting in a deadlock. It would also trigger the same type of deadlock in the unmount path. Possibly, it could also introduce some other locking dependencies that lockdep would report. To fix this call try_to_writeback_inodes_sb() instead of writeback_inodes_sb(), because that will try to read lock sb->s_umount and then will only call writeback_inodes_sb() if it was able to lock it. This is fine because the cases where it can't read lock sb->s_umount are during a filesystem unmount or during a filesystem freeze - in those cases sb->s_umount is write locked and sync_filesystem() is called, which calls writeback_inodes_sb(). In other words, in all cases where we can't take a read lock on sb->s_umount, writeback is already being triggered elsewhere. An alternative would be to call btrfs_start_delalloc_roots() with a number of pages different from LONG_MAX, for example matching the number of delalloc bytes we currently have, in which case we would end up starting all delalloc with filemap_fdatawrite_wbc() and not with an async flush via filemap_flush() - that is only possible after the rather recent commit e076ab2a2ca70a ("btrfs: shrink delalloc pages instead of full inodes"). However that creates a whole new can of worms due to new lock dependencies, which lockdep complains, like for example: [ 8948.247280] ====================================================== [ 8948.247823] WARNING: possible circular locking dependency detected [ 8948.248353] 5.17.0-rc1-btrfs-next-111 #1 Not tainted [ 8948.248786] ------------------------------------------------------ [ 8948.249320] kworker/u16:18/933570 is trying to acquire lock: [ 8948.249812] ffff9b3de1591690 (sb_internal#2){.+.+}-{0:0}, at: find_free_extent+0x141e/0x1590 [btrfs] [ 8948.250638] but task is already holding lock: [ 8948.251140] ffff9b3e09c717d8 (&root->delalloc_mutex){+.+.}-{3:3}, at: start_delalloc_inodes+0x78/0x400 [btrfs] [ 8948.252018] which lock already depends on the new lock. [ 8948.252710] the existing dependency chain (in reverse order) is: [ 8948.253343] -> #2 (&root->delalloc_mutex){+.+.}-{3:3}: [ 8948.253950] __mutex_lock+0x90/0x900 [ 8948.254354] start_delalloc_inodes+0x78/0x400 [btrfs] [ 8948.254859] btrfs_start_delalloc_roots+0x194/0x2a0 [btrfs] [ 8948.255408] btrfs_commit_transaction+0x32f/0xc00 [btrfs] [ 8948.255942] btrfs_mksubvol+0x380/0x570 [btrfs] [ 8948.256406] btrfs_mksnapshot+0x81/0xb0 [btrfs] [ 8948.256870] __btrfs_ioctl_snap_create+0x17f/0x190 [btrfs] [ 8948.257413] btrfs_ioctl_snap_create_v2+0xbb/0x140 [btrfs] [ 8948.257961] btrfs_ioctl+0x1196/0x3630 [btrfs] [ 8948.258418] __x64_sys_ioctl+0x83/0xb0 [ 8948.258793] do_syscall_64+0x3b/0xc0 [ 8948.259146] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 8948.259709] -> #1 (&fs_info->delalloc_root_mutex){+.+.}-{3:3}: [ 8948.260330] __mutex_lock+0x90/0x900 [ 8948.260692] btrfs_start_delalloc_roots+0x97/0x2a0 [btrfs] [ 8948.261234] btrfs_commit_transaction+0x32f/0xc00 [btrfs] [ 8948.261766] btrfs_set_free_space_cache_v1_active+0x38/0x60 [btrfs] [ 8948.262379] btrfs_start_pre_rw_mount+0x119/0x180 [btrfs] [ 8948.262909] open_ctree+0x1511/0x171e [btrfs] [ 8948.263359] btrfs_mount_root.cold+0x12/0xde [btrfs] [ 8948.263863] legacy_get_tree+0x30/0x50 [ 8948.264242] vfs_get_tree+0x28/0xc0 [ 8948.264594] vfs_kern_mount.part.0+0x71/0xb0 [ 8948.265017] btrfs_mount+0x11d/0x3a0 [btrfs] [ 8948.265462] legacy_get_tree+0x30/0x50 [ 8948.265851] vfs_get_tree+0x28/0xc0 [ 8948.266203] path_mount+0x2d4/0xbe0 [ 8948.266554] __x64_sys_mount+0x103/0x140 [ 8948.266940] do_syscall_64+0x3b/0xc0 [ 8948.267300] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 8948.267790] -> #0 (sb_internal#2){.+.+}-{0:0}: [ 8948.268322] __lock_acquire+0x12e8/0x2260 [ 8948.268733] lock_acquire+0xd7/0x310 [ 8948.269092] start_transaction+0x44c/0x6e0 [btrfs] [ 8948.269591] find_free_extent+0x141e/0x1590 [btrfs] [ 8948.270087] btrfs_reserve_extent+0x14b/0x280 [btrfs] [ 8948.270588] cow_file_range+0x17e/0x490 [btrfs] [ 8948.271051] btrfs_run_delalloc_range+0x345/0x7a0 [btrfs] [ 8948.271586] writepage_delalloc+0xb5/0x170 [btrfs] [ 8948.272071] __extent_writepage+0x156/0x3c0 [btrfs] [ 8948.272579] extent_write_cache_pages+0x263/0x460 [btrfs] [ 8948.273113] extent_writepages+0x76/0x130 [btrfs] [ 8948.273573] do_writepages+0xd2/0x1c0 [ 8948.273942] filemap_fdatawrite_wbc+0x68/0x90 [ 8948.274371] start_delalloc_inodes+0x17f/0x400 [btrfs] [ 8948.274876] btrfs_start_delalloc_roots+0x194/0x2a0 [btrfs] [ 8948.275417] flush_space+0x1f2/0x630 [btrfs] [ 8948.275863] btrfs_async_reclaim_data_space+0x108/0x1b0 [btrfs] [ 8948.276438] process_one_work+0x252/0x5a0 [ 8948.276829] worker_thread+0x55/0x3b0 [ 8948.277189] kthread+0xf2/0x120 [ 8948.277506] ret_from_fork+0x22/0x30 [ 8948.277868] other info that might help us debug this: [ 8948.278548] Chain exists of: sb_internal#2 --> &fs_info->delalloc_root_mutex --> &root->delalloc_mutex [ 8948.279601] Possible unsafe locking scenario: [ 8948.280102] CPU0 CPU1 [ 8948.280508] ---- ---- [ 8948.280915] lock(&root->delalloc_mutex); [ 8948.281271] lock(&fs_info->delalloc_root_mutex); [ 8948.281915] lock(&root->delalloc_mutex); [ 8948.282487] lock(sb_internal#2); [ 8948.282800] *** DEADLOCK *** [ 8948.283333] 4 locks held by kworker/u16:18/933570: [ 8948.283750] #0: ffff9b3dc00a9d48 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1d2/0x5a0 [ 8948.284609] #1: ffffa90349dafe70 ((work_completion)(&fs_info->async_data_reclaim_work)){+.+.}-{0:0}, at: process_one_work+0x1d2/0x5a0 [ 8948.285637] #2: ffff9b3e14db5040 (&fs_info->delalloc_root_mutex){+.+.}-{3:3}, at: btrfs_start_delalloc_roots+0x97/0x2a0 [btrfs] [ 8948.286674] #3: ffff9b3e09c717d8 (&root->delalloc_mutex){+.+.}-{3:3}, at: start_delalloc_inodes+0x78/0x400 [btrfs] [ 8948.287596] stack backtrace: [ 8948.287975] CPU: 3 PID: 933570 Comm: kworker/u16:18 Not tainted 5.17.0-rc1-btrfs-next-111 #1 [ 8948.288677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 8948.289649] Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] [ 8948.290298] Call Trace: [ 8948.290517] <TASK> [ 8948.290700] dump_stack_lvl+0x59/0x73 [ 8948.291026] check_noncircular+0xf3/0x110 [ 8948.291375] ? start_transaction+0x228/0x6e0 [btrfs] [ 8948.291826] __lock_acquire+0x12e8/0x2260 [ 8948.292241] lock_acquire+0xd7/0x310 [ 8948.292714] ? find_free_extent+0x141e/0x1590 [btrfs] [ 8948.293241] ? lock_is_held_type+0xea/0x140 [ 8948.293601] start_transaction+0x44c/0x6e0 [btrfs] [ 8948.294055] ? find_free_extent+0x141e/0x1590 [btrfs] [ 8948.294518] find_free_extent+0x141e/0x1590 [btrfs] [ 8948.294957] ? _raw_spin_unlock+0x29/0x40 [ 8948.295312] ? btrfs_get_alloc_profile+0x124/0x290 [btrfs] [ 8948.295813] btrfs_reserve_extent+0x14b/0x280 [btrfs] [ 8948.296270] cow_file_range+0x17e/0x490 [btrfs] [ 8948.296691] btrfs_run_delalloc_range+0x345/0x7a0 [btrfs] [ 8948.297175] ? find_lock_delalloc_range+0x247/0x270 [btrfs] [ 8948.297678] writepage_delalloc+0xb5/0x170 [btrfs] [ 8948.298123] __extent_writepage+0x156/0x3c0 [btrfs] [ 8948.298570] extent_write_cache_pages+0x263/0x460 [btrfs] [ 8948.299061] extent_writepages+0x76/0x130 [btrfs] [ 8948.299495] do_writepages+0xd2/0x1c0 [ 8948.299817] ? sched_clock_cpu+0xd/0x110 [ 8948.300160] ? lock_release+0x155/0x4a0 [ 8948.300494] filemap_fdatawrite_wbc+0x68/0x90 [ 8948.300874] ? do_raw_spin_unlock+0x4b/0xa0 [ 8948.301243] start_delalloc_inodes+0x17f/0x400 [btrfs] [ 8948.301706] ? lock_release+0x155/0x4a0 [ 8948.302055] btrfs_start_delalloc_roots+0x194/0x2a0 [btrfs] [ 8948.302564] flush_space+0x1f2/0x630 [btrfs] [ 8948.302970] btrfs_async_reclaim_data_space+0x108/0x1b0 [btrfs] [ 8948.303510] process_one_work+0x252/0x5a0 [ 8948.303860] ? process_one_work+0x5a0/0x5a0 [ 8948.304221] worker_thread+0x55/0x3b0 [ 8948.304543] ? process_one_work+0x5a0/0x5a0 [ 8948.304904] kthread+0xf2/0x120 [ 8948.305184] ? kthread_complete_and_exit+0x20/0x20 [ 8948.305598] ret_from_fork+0x22/0x30 [ 8948.305921] </TASK> It all comes from the fact that btrfs_start_delalloc_roots() takes the delalloc_root_mutex, in the transaction commit path we are holding a read lock on one of the superblock's freeze semaphores (via sb_start_intwrite()), the async reclaim task can also do a call to btrfs_start_delalloc_roots(), which ends up triggering writeback with calls to filemap_fdatawrite_wbc(), resulting in extent allocation which in turn can call btrfs_start_transaction(), which will result in taking the freeze semaphore via sb_start_intwrite(), forming a nasty dependency on all those locks which can be taken in different orders by different code paths. So just adopt the simple approach of calling try_to_writeback_inodes_sb() at btrfs_start_delalloc_flush(). Link: https://lore.kernel.org/linux-btrfs/20220130005258.GA7465@cuci.nl/ Link: https://lore.kernel.org/linux-btrfs/43acc426-d683-d1b6-729d-c6bc4a2fff4d@gm… Link: https://lore.kernel.org/linux-btrfs/6833930a-08d7-6fbc-0141-eb9cdfd6bb4d@gm… Link: https://lore.kernel.org/linux-btrfs/20190322041731.GF16651@hungrycats.org/ Reviewed-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> [ add more link reports ] Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- fs/btrfs/transaction.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index df9b209bf1b2..a844e3b2bc2e 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -1921,16 +1921,24 @@ static void cleanup_transaction(struct btrfs_trans_handle *trans, int err) static inline int btrfs_start_delalloc_flush(struct btrfs_fs_info *fs_info) { /* - * We use writeback_inodes_sb here because if we used + * We use try_to_writeback_inodes_sb() here because if we used * btrfs_start_delalloc_roots we would deadlock with fs freeze. * Currently are holding the fs freeze lock, if we do an async flush * we'll do btrfs_join_transaction() and deadlock because we need to * wait for the fs freeze lock. Using the direct flushing we benefit * from already being in a transaction and our join_transaction doesn't * have to re-take the fs freeze lock. + * + * Note that try_to_writeback_inodes_sb() will only trigger writeback + * if it can read lock sb->s_umount. It will always be able to lock it, + * except when the filesystem is being unmounted or being frozen, but in + * those cases sync_filesystem() is called, which results in calling + * writeback_inodes_sb() while holding a write lock on sb->s_umount. + * Note that we don't call writeback_inodes_sb() directly, because it + * will emit a warning if sb->s_umount is not locked. */ if (btrfs_test_opt(fs_info, FLUSHONCOMMIT)) - writeback_inodes_sb(fs_info->sb, WB_REASON_SYNC); + try_to_writeback_inodes_sb(fs_info->sb, WB_REASON_SYNC); return 0; } -- 2.43.0

8 months, 2 weeks

1
0
0 0

[PATCH] arm64: dts: mediatek: mt8186-corsola-voltorb: Merge speaker codec nodes

by Chen-Yu Tsai

The Voltorb device uses a speaker codec different from the original Corsola device. When the Voltorb device tree was first added, the new codec was added as a separate node when it should have just replaced the existing one. Merge the two nodes. The only differences are the compatible string and the GPIO line property name. This keeps the device node path for the speaker codec the same across the MT8186 Chromebook line. Fixes: 321ad586e607 ("arm64: dts: mediatek: Add MT8186 Voltorb Chromebooks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> --- .../dts/mediatek/mt8186-corsola-voltorb.dtsi | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/arch/arm64/boot/dts/mediatek/mt8186-corsola-voltorb.dtsi b/arch/arm64/boot/dts/mediatek/mt8186-corsola-voltorb.dtsi index 52ec58128d56..fbcd97069df9 100644 --- a/arch/arm64/boot/dts/mediatek/mt8186-corsola-voltorb.dtsi +++ b/arch/arm64/boot/dts/mediatek/mt8186-corsola-voltorb.dtsi @@ -10,12 +10,6 @@ / { chassis-type = "laptop"; - - max98360a: max98360a { - compatible = "maxim,max98360a"; - sdmode-gpios = <&pio 150 GPIO_ACTIVE_HIGH>; - #sound-dai-cells = <0>; - }; }; &cpu6 { @@ -59,19 +53,14 @@ &cluster1_opp_15 { opp-hz = /bits/ 64 <2200000000>; }; -&rt1019p{ - status = "disabled"; +&rt1019p { + compatible = "maxim,max98360a"; + sdmode-gpios = <&pio 150 GPIO_ACTIVE_HIGH>; + /delete-property/ sdb-gpios; }; &sound { compatible = "mediatek,mt8186-mt6366-rt5682s-max98360-sound"; - status = "okay"; - - spk-hdmi-playback-dai-link { - codec { - sound-dai = <&it6505dptx>, <&max98360a>; - }; - }; }; &spmi { -- 2.47.0.rc0.187.ge670bccf7e-goog

8 months, 2 weeks

2
3
0 0

[PATCH 5.15,6.1 0/3] Fix block integrity violation of kobject rules

by Thadeu Lima de Souza Cascardo

integrity_kobj did not have a release function and with CONFIG_DEBUG_KOBJECT_RELEASE, a use-after-free would be triggered as its holding struct gendisk would be freed without relying on its refcount. Thomas Weißschuh (3): blk-integrity: use sysfs_emit blk-integrity: convert to struct device_attribute blk-integrity: register sysfs attributes on struct device block/blk-integrity.c | 175 ++++++++++++++--------------------------- block/blk.h | 10 +-- block/genhd.c | 12 +-- include/linux/blkdev.h | 3 - 4 files changed, 66 insertions(+), 134 deletions(-) -- 2.34.1

8 months, 2 weeks

3
6
0 0

[PATCH] KVM: arm64: Unregister redistributor for failed vCPU creation

by Oliver Upton

Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: slab-use-after-free in kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c:5769 Read of size 8 at addr ffffff801c6890d0 by task syz.3.2219/10758 CPU: 3 UID: 0 PID: 10758 Comm: syz.3.2219 Not tainted 6.11.0-rc6-dirty #64 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x17c/0x1a8 arch/arm64/kernel/stacktrace.c:317 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:324 __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x94/0xc0 lib/dump_stack.c:119 print_report+0x144/0x7a4 mm/kasan/report.c:377 kasan_report+0xcc/0x128 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c:5769 kvm_vm_release+0x4c/0x60 virt/kvm/kvm_main.c:1409 __fput+0x198/0x71c fs/file_table.c:422 ____fput+0x20/0x30 fs/file_table.c:450 task_work_run+0x1cc/0x23c kernel/task_work.c:228 do_notify_resume+0x144/0x1a0 include/linux/resume_user_mode.h:50 el0_svc+0x64/0x68 arch/arm64/kernel/entry-common.c:169 el0t_64_sync_handler+0x90/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Upon closer inspection, it appears that we do not properly tear down the MMIO registration for a vCPU that fails creation late in the game, e.g. a vCPU w/ the same ID already exists in the VM. It is important to consider the context of commit that introduced this bug by moving the unregistration out of __kvm_vgic_vcpu_destroy(). That change correctly sought to avoid an srcu v. config_lock inversion by breaking up the vCPU teardown into two parts, one guarded by the config_lock. Fix the use-after-free while avoiding lock inversion by adding a special-cased unregistration to __kvm_vgic_vcpu_destroy(). This is safe because failed vCPUs are torn down outside of the config_lock. Cc: stable(a)vger.kernel.org Fixes: f616506754d3 ("KVM: arm64: vgic: Don't hold config_lock while unregistering redistributors") Reported-by: Alexander Potapenko <glider(a)google.com> Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- arch/arm64/kvm/vgic/vgic-init.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/vgic/vgic-init.c b/arch/arm64/kvm/vgic/vgic-init.c index e7c53e8af3d1..57aedf7b2b76 100644 --- a/arch/arm64/kvm/vgic/vgic-init.c +++ b/arch/arm64/kvm/vgic/vgic-init.c @@ -417,8 +417,28 @@ static void __kvm_vgic_vcpu_destroy(struct kvm_vcpu *vcpu) kfree(vgic_cpu->private_irqs); vgic_cpu->private_irqs = NULL; - if (vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3) + if (vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3) { + /* + * If this vCPU is being destroyed because of a failed creation + * then unregister the redistributor to avoid leaving behind a + * dangling pointer to the vCPU struct. + * + * vCPUs that have been successfully created (i.e. added to + * kvm->vcpu_array) get unregistered in kvm_vgic_destroy(), as + * this function gets called while holding kvm->arch.config_lock + * in the VM teardown path and would otherwise introduce a lock + * inversion w.r.t. kvm->srcu. + * + * vCPUs that failed creation are torn down outside of the + * kvm->arch.config_lock and do not get unregistered in + * kvm_vgic_destroy(), meaning it is both safe and necessary to + * do so here. + */ + if (kvm_get_vcpu_by_id(vcpu->kvm, vcpu->vcpu_id) != vcpu) + vgic_unregister_redist_iodev(vcpu); + vgic_cpu->rd_iodev.base_addr = VGIC_ADDR_UNDEF; + } } void kvm_vgic_vcpu_destroy(struct kvm_vcpu *vcpu) -- 2.47.0.rc0.187.ge670bccf7e-goog

8 months, 2 weeks

2
1
0 0

[PATCH 6.6.y] Revert "drm/amd/display: Skip Recompute DSC Params if no Stream on Link"

by Jonathan Gray

This reverts commit a53841b074cc196c3caaa37e1f15d6bc90943b97. duplicated a change made in 6.6.46 718d83f66fb07b2cab89a1fc984613a00e3db18f Cc: stable(a)vger.kernel.org # 6.6 Signed-off-by: Jonathan Gray <jsg(a)jsg.id.au> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 7fb11445a28f..d390e3d62e56 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -1266,9 +1266,6 @@ static bool is_dsc_need_re_compute( } } - if (new_stream_on_link_num == 0) - return false; - if (new_stream_on_link_num == 0) return false; -- 2.46.1

8 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] drm/xe/vram: fix ccs offset calculation" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x ee06c09ded3c2f722be4e240ed06287e23596bda # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100809-goes-diagnosis-d07c@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: ee06c09ded3c ("drm/xe/vram: fix ccs offset calculation") 638d1c79cbf1 ("drm/xe: Promote VRAM initialization function to own file") 8c52ca22b15b ("drm/xe: Drop xe_ prefix from static functions in xe_mmio.c") 2d8865b27724 ("drm/xe: Move BAR definitions to dedicated file") 2adfc4e022f3 ("drm/xe: Move XEHP_MTCFG_ADDR register definition to xe_regs.h") c7117419784f ("drm/xe: reset mmio mappings with devm") a0b834c8957a ("drm/xe/mmio: move mmio_fini over to devm") f7e20cfb59c9 ("drm/xe: Cleanup xe_mmio.h") 93dd6ad89c7d ("drm/xe: Don't rely on xe_force_wake.h to be included elsewhere") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee06c09ded3c2f722be4e240ed06287e23596bda Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Mon, 16 Sep 2024 09:49:12 +0100 Subject: [PATCH] drm/xe/vram: fix ccs offset calculation Spec says SW is expected to round up to the nearest 128K, if not already aligned for the CC unit view of CCS. We are seeing the assert sometimes pop on BMG to tell us that there is a hole between GSM and CCS, as well as popping other asserts with having a vram size with strange alignment, which is likely caused by misaligned offset here. v2 (Shuicheng): - Do the round_up() on final SW address. BSpec: 68023 Fixes: b5c2ca0372dc ("drm/xe/xe2hpg: Determine flat ccs offset for vram") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: Akshata Jahagirdar <akshata.jahagirdar(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: Shuicheng Lin <shuicheng.lin(a)intel.com> Cc: Matt Roper <matthew.d.roper(a)intel.com> Cc: stable(a)vger.kernel.org # v6.10+ Reviewed-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Tested-by: Shuicheng Lin <shuicheng.lin(a)intel.com> Reviewed-by: Lucas De Marchi <lucas.demarchi(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240916084911.13119-2-matthe… Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> (cherry picked from commit 37173392741c425191b959acb3adf70c9a4610c0) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_vram.c b/drivers/gpu/drm/xe/xe_vram.c index 5bcd59190353..80ba2fc78837 100644 --- a/drivers/gpu/drm/xe/xe_vram.c +++ b/drivers/gpu/drm/xe/xe_vram.c @@ -182,6 +182,7 @@ static inline u64 get_flat_ccs_offset(struct xe_gt *gt, u64 tile_size) offset = offset_hi << 32; /* HW view bits 39:32 */ offset |= offset_lo << 6; /* HW view bits 31:6 */ offset *= num_enabled; /* convert to SW view */ + offset = round_up(offset, SZ_128K); /* SW must round up to nearest 128K */ /* We don't expect any holes */ xe_assert_msg(xe, offset == (xe_mmio_read64_2x32(gt, GSMBASE) - ccs_size),

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915/bios: fix printk format width" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0289507609dcb7690e45e79fbcc3680d9298ec77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100818-doorstop-clone-45d6@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0289507609dc ("drm/i915/bios: fix printk format width") 9aec6f76a28c ("drm/i915/bios: convert to struct intel_display") 769b081c18b9 ("drm/i915/opregion: convert to struct intel_display") b7f317e62968 ("drm/i915/opregion: unify intel_encoder/intel_connector naming") f7303ab29d08 ("drm/i915/acpi: convert to struct intel_display") 4c288f56030f ("drm/i915/bios: remove stale and useless comments") 6f4e43a2f771 ("drm/xe: Fix opregion leak") bc3ca4d94369 ("drm/i915: Make I2C terminology more inclusive") fd5a9b950ea8 ("drm/i915/fbc: Convert to intel_display, mostly") bc34d310b578 ("drm/i915/fbc: Extract intel_fbc_has_fences()") d754ed2821fd ("Merge drm/drm-next into drm-intel-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0289507609dcb7690e45e79fbcc3680d9298ec77 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Thu, 5 Sep 2024 14:25:19 +0300 Subject: [PATCH] drm/i915/bios: fix printk format width s/0x04%x/0x%04x/ to use 0 prefixed width 4 instead of printing 04 verbatim. Fixes: 51f5748179d4 ("drm/i915/bios: create fake child devices on missing VBT") Cc: stable(a)vger.kernel.org # v5.13+ Reviewed-by: Vandita Kulkarni <vandita.kulkarni(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240905112519.4186408-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 54df34c5a2439b481f066476e67bfa21a0a640e5) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index d49435af62c7..bed485374ab0 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -2948,7 +2948,7 @@ init_vbt_missing_defaults(struct intel_display *display) list_add_tail(&devdata->node, &display->vbt.display_devices); drm_dbg_kms(display->drm, - "Generating default VBT child device with type 0x04%x on port %c\n", + "Generating default VBT child device with type 0x%04x on port %c\n", child->device_type, port_name(port)); }

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915/bios: fix printk format width" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0289507609dcb7690e45e79fbcc3680d9298ec77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100816-deserving-sneeze-b1ce@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 0289507609dc ("drm/i915/bios: fix printk format width") 9aec6f76a28c ("drm/i915/bios: convert to struct intel_display") 769b081c18b9 ("drm/i915/opregion: convert to struct intel_display") b7f317e62968 ("drm/i915/opregion: unify intel_encoder/intel_connector naming") f7303ab29d08 ("drm/i915/acpi: convert to struct intel_display") 4c288f56030f ("drm/i915/bios: remove stale and useless comments") 6f4e43a2f771 ("drm/xe: Fix opregion leak") bc3ca4d94369 ("drm/i915: Make I2C terminology more inclusive") fd5a9b950ea8 ("drm/i915/fbc: Convert to intel_display, mostly") bc34d310b578 ("drm/i915/fbc: Extract intel_fbc_has_fences()") d754ed2821fd ("Merge drm/drm-next into drm-intel-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0289507609dcb7690e45e79fbcc3680d9298ec77 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Thu, 5 Sep 2024 14:25:19 +0300 Subject: [PATCH] drm/i915/bios: fix printk format width s/0x04%x/0x%04x/ to use 0 prefixed width 4 instead of printing 04 verbatim. Fixes: 51f5748179d4 ("drm/i915/bios: create fake child devices on missing VBT") Cc: stable(a)vger.kernel.org # v5.13+ Reviewed-by: Vandita Kulkarni <vandita.kulkarni(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240905112519.4186408-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 54df34c5a2439b481f066476e67bfa21a0a640e5) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index d49435af62c7..bed485374ab0 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -2948,7 +2948,7 @@ init_vbt_missing_defaults(struct intel_display *display) list_add_tail(&devdata->node, &display->vbt.display_devices); drm_dbg_kms(display->drm, - "Generating default VBT child device with type 0x04%x on port %c\n", + "Generating default VBT child device with type 0x%04x on port %c\n", child->device_type, port_name(port)); }

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915/bios: fix printk format width" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0289507609dcb7690e45e79fbcc3680d9298ec77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100817-erupt-tutor-d82f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0289507609dc ("drm/i915/bios: fix printk format width") 9aec6f76a28c ("drm/i915/bios: convert to struct intel_display") 769b081c18b9 ("drm/i915/opregion: convert to struct intel_display") b7f317e62968 ("drm/i915/opregion: unify intel_encoder/intel_connector naming") f7303ab29d08 ("drm/i915/acpi: convert to struct intel_display") 4c288f56030f ("drm/i915/bios: remove stale and useless comments") 6f4e43a2f771 ("drm/xe: Fix opregion leak") bc3ca4d94369 ("drm/i915: Make I2C terminology more inclusive") fd5a9b950ea8 ("drm/i915/fbc: Convert to intel_display, mostly") bc34d310b578 ("drm/i915/fbc: Extract intel_fbc_has_fences()") d754ed2821fd ("Merge drm/drm-next into drm-intel-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0289507609dcb7690e45e79fbcc3680d9298ec77 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Thu, 5 Sep 2024 14:25:19 +0300 Subject: [PATCH] drm/i915/bios: fix printk format width s/0x04%x/0x%04x/ to use 0 prefixed width 4 instead of printing 04 verbatim. Fixes: 51f5748179d4 ("drm/i915/bios: create fake child devices on missing VBT") Cc: stable(a)vger.kernel.org # v5.13+ Reviewed-by: Vandita Kulkarni <vandita.kulkarni(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240905112519.4186408-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 54df34c5a2439b481f066476e67bfa21a0a640e5) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index d49435af62c7..bed485374ab0 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -2948,7 +2948,7 @@ init_vbt_missing_defaults(struct intel_display *display) list_add_tail(&devdata->node, &display->vbt.display_devices); drm_dbg_kms(display->drm, - "Generating default VBT child device with type 0x04%x on port %c\n", + "Generating default VBT child device with type 0x%04x on port %c\n", child->device_type, port_name(port)); }

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915/bios: fix printk format width" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 0289507609dcb7690e45e79fbcc3680d9298ec77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100816-recliner-obnoxious-a8b7@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 0289507609dc ("drm/i915/bios: fix printk format width") 9aec6f76a28c ("drm/i915/bios: convert to struct intel_display") 769b081c18b9 ("drm/i915/opregion: convert to struct intel_display") b7f317e62968 ("drm/i915/opregion: unify intel_encoder/intel_connector naming") f7303ab29d08 ("drm/i915/acpi: convert to struct intel_display") 4c288f56030f ("drm/i915/bios: remove stale and useless comments") 6f4e43a2f771 ("drm/xe: Fix opregion leak") bc3ca4d94369 ("drm/i915: Make I2C terminology more inclusive") fd5a9b950ea8 ("drm/i915/fbc: Convert to intel_display, mostly") bc34d310b578 ("drm/i915/fbc: Extract intel_fbc_has_fences()") d754ed2821fd ("Merge drm/drm-next into drm-intel-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0289507609dcb7690e45e79fbcc3680d9298ec77 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Thu, 5 Sep 2024 14:25:19 +0300 Subject: [PATCH] drm/i915/bios: fix printk format width s/0x04%x/0x%04x/ to use 0 prefixed width 4 instead of printing 04 verbatim. Fixes: 51f5748179d4 ("drm/i915/bios: create fake child devices on missing VBT") Cc: stable(a)vger.kernel.org # v5.13+ Reviewed-by: Vandita Kulkarni <vandita.kulkarni(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240905112519.4186408-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 54df34c5a2439b481f066476e67bfa21a0a640e5) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index d49435af62c7..bed485374ab0 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -2948,7 +2948,7 @@ init_vbt_missing_defaults(struct intel_display *display) list_add_tail(&devdata->node, &display->vbt.display_devices); drm_dbg_kms(display->drm, - "Generating default VBT child device with type 0x04%x on port %c\n", + "Generating default VBT child device with type 0x%04x on port %c\n", child->device_type, port_name(port)); }

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915/bios: fix printk format width" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 0289507609dcb7690e45e79fbcc3680d9298ec77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100815-transpose-startling-abe8@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 0289507609dc ("drm/i915/bios: fix printk format width") 9aec6f76a28c ("drm/i915/bios: convert to struct intel_display") 769b081c18b9 ("drm/i915/opregion: convert to struct intel_display") b7f317e62968 ("drm/i915/opregion: unify intel_encoder/intel_connector naming") f7303ab29d08 ("drm/i915/acpi: convert to struct intel_display") 4c288f56030f ("drm/i915/bios: remove stale and useless comments") 6f4e43a2f771 ("drm/xe: Fix opregion leak") bc3ca4d94369 ("drm/i915: Make I2C terminology more inclusive") fd5a9b950ea8 ("drm/i915/fbc: Convert to intel_display, mostly") bc34d310b578 ("drm/i915/fbc: Extract intel_fbc_has_fences()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0289507609dcb7690e45e79fbcc3680d9298ec77 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Thu, 5 Sep 2024 14:25:19 +0300 Subject: [PATCH] drm/i915/bios: fix printk format width s/0x04%x/0x%04x/ to use 0 prefixed width 4 instead of printing 04 verbatim. Fixes: 51f5748179d4 ("drm/i915/bios: create fake child devices on missing VBT") Cc: stable(a)vger.kernel.org # v5.13+ Reviewed-by: Vandita Kulkarni <vandita.kulkarni(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240905112519.4186408-1-jani… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> (cherry picked from commit 54df34c5a2439b481f066476e67bfa21a0a640e5) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index d49435af62c7..bed485374ab0 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -2948,7 +2948,7 @@ init_vbt_missing_defaults(struct intel_display *display) list_add_tail(&devdata->node, &display->vbt.display_devices); drm_dbg_kms(display->drm, - "Generating default VBT child device with type 0x04%x on port %c\n", + "Generating default VBT child device with type 0x%04x on port %c\n", child->device_type, port_name(port)); }

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Fix readout degamma_lut mismatch on ilk/snb" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 33eca84db6e31091cef63584158ab64704f78462 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100801-yelp-fasting-b762@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 33eca84db6e3 ("drm/i915: Fix readout degamma_lut mismatch on ilk/snb") da8c3cdb016c ("drm/i915: Rename bigjoiner master/slave to bigjoiner primary/secondary") fb4943574f92 ("drm/i915: Rename all bigjoiner to joiner") 578ff98403ce ("drm/i915: Allow bigjoiner for MST") 3607b30836ae ("drm/i915: Handle joined pipes inside hsw_crtc_enable()") e16bcbb01186 ("drm/i915: Handle joined pipes inside hsw_crtc_disable()") 2b8ad19d3ed6 ("drm/i915: Introduce intel_crtc_joined_pipe_mask()") e43b4f7980f8 ("drm/i915: Pass connector to intel_dp_need_bigjoiner()") 5a1527ed8b43 ("drm/i915/mst: Check intel_dp_joiner_needs_dsc()") aa099402f98b ("drm/i915: Extract intel_dp_joiner_needs_dsc()") c0b8afc3a777 ("drm/i915: s/intel_dp_can_bigjoiner()/intel_dp_has_bigjoiner()/") e02ef5553d9b ("drm/i915: Update pipes in reverse order for bigjoiner") 3a5e09d82f97 ("drm/i915: Fix intel_modeset_pipe_config_late() for bigjoiner") f9d5e51db656 ("drm/i915/vrr: Disable VRR when using bigjoiner") ef79820db723 ("drm/i915: Disable live M/N updates when using bigjoiner") b37e1347b991 ("drm/i915: Disable port sync when bigjoiner is used") 372fa0c79d3f ("drm/i915/psr: Disable PSR when bigjoiner is used") 7a3f171c8f6a ("drm/i915: Extract glk_need_scaler_clock_gating_wa()") c922a47913f9 ("drm/i915: Clean up glk_pipe_scaler_clock_gating_wa()") e9fa99dd47a4 ("drm/i915: Shuffle DP .mode_valid() checks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 33eca84db6e31091cef63584158ab64704f78462 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Wed, 10 Jul 2024 15:41:37 +0300 Subject: [PATCH] drm/i915: Fix readout degamma_lut mismatch on ilk/snb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On ilk/snb the pipe may be configured to place the LUT before or after the CSC depending on various factors, but as there is only one LUT (no split mode like on IVB+) we only advertise a gamma_lut and no degamma_lut in the uapi to avoid confusing userspace. This can cause a problem during readout if the VBIOS/GOP enabled the LUT in the pre CSC configuration. The current code blindly assigns the results of the readout to the degamma_lut, which will cause a failure during the next atomic_check() as we aren't expecting anything to be in degamma_lut since it's not visible to userspace. Fix the problem by assigning whatever LUT we read out from the hardware into gamma_lut. Cc: stable(a)vger.kernel.org Fixes: d2559299d339 ("drm/i915: Make ilk_read_luts() capable of degamma readout") Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/11608 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240710124137.16773-1-ville.… Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_modeset_setup.c b/drivers/gpu/drm/i915/display/intel_modeset_setup.c index 6f85f5352455..72694dde3c22 100644 --- a/drivers/gpu/drm/i915/display/intel_modeset_setup.c +++ b/drivers/gpu/drm/i915/display/intel_modeset_setup.c @@ -326,6 +326,8 @@ static void intel_modeset_update_connector_atomic_state(struct drm_i915_private static void intel_crtc_copy_hw_to_uapi_state(struct intel_crtc_state *crtc_state) { + struct drm_i915_private *i915 = to_i915(crtc_state->uapi.crtc->dev); + if (intel_crtc_is_joiner_secondary(crtc_state)) return; @@ -337,11 +339,30 @@ static void intel_crtc_copy_hw_to_uapi_state(struct intel_crtc_state *crtc_state crtc_state->uapi.adjusted_mode = crtc_state->hw.adjusted_mode; crtc_state->uapi.scaling_filter = crtc_state->hw.scaling_filter; - /* assume 1:1 mapping */ - drm_property_replace_blob(&crtc_state->hw.degamma_lut, - crtc_state->pre_csc_lut); - drm_property_replace_blob(&crtc_state->hw.gamma_lut, - crtc_state->post_csc_lut); + if (DISPLAY_INFO(i915)->color.degamma_lut_size) { + /* assume 1:1 mapping */ + drm_property_replace_blob(&crtc_state->hw.degamma_lut, + crtc_state->pre_csc_lut); + drm_property_replace_blob(&crtc_state->hw.gamma_lut, + crtc_state->post_csc_lut); + } else { + /* + * ilk/snb hw may be configured for either pre_csc_lut + * or post_csc_lut, but we don't advertise degamma_lut as + * being available in the uapi since there is only one + * hardware LUT. Always assign the result of the readout + * to gamma_lut as that is the only valid source of LUTs + * in the uapi. + */ + drm_WARN_ON(&i915->drm, crtc_state->post_csc_lut && + crtc_state->pre_csc_lut); + + drm_property_replace_blob(&crtc_state->hw.degamma_lut, + NULL); + drm_property_replace_blob(&crtc_state->hw.gamma_lut, + crtc_state->post_csc_lut ?: + crtc_state->pre_csc_lut); + } drm_property_replace_blob(&crtc_state->uapi.degamma_lut, crtc_state->hw.degamma_lut);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Fix readout degamma_lut mismatch on ilk/snb" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 33eca84db6e31091cef63584158ab64704f78462 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100800-retiring-unopened-df59@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 33eca84db6e3 ("drm/i915: Fix readout degamma_lut mismatch on ilk/snb") da8c3cdb016c ("drm/i915: Rename bigjoiner master/slave to bigjoiner primary/secondary") fb4943574f92 ("drm/i915: Rename all bigjoiner to joiner") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 33eca84db6e31091cef63584158ab64704f78462 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Wed, 10 Jul 2024 15:41:37 +0300 Subject: [PATCH] drm/i915: Fix readout degamma_lut mismatch on ilk/snb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On ilk/snb the pipe may be configured to place the LUT before or after the CSC depending on various factors, but as there is only one LUT (no split mode like on IVB+) we only advertise a gamma_lut and no degamma_lut in the uapi to avoid confusing userspace. This can cause a problem during readout if the VBIOS/GOP enabled the LUT in the pre CSC configuration. The current code blindly assigns the results of the readout to the degamma_lut, which will cause a failure during the next atomic_check() as we aren't expecting anything to be in degamma_lut since it's not visible to userspace. Fix the problem by assigning whatever LUT we read out from the hardware into gamma_lut. Cc: stable(a)vger.kernel.org Fixes: d2559299d339 ("drm/i915: Make ilk_read_luts() capable of degamma readout") Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/11608 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240710124137.16773-1-ville.… Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_modeset_setup.c b/drivers/gpu/drm/i915/display/intel_modeset_setup.c index 6f85f5352455..72694dde3c22 100644 --- a/drivers/gpu/drm/i915/display/intel_modeset_setup.c +++ b/drivers/gpu/drm/i915/display/intel_modeset_setup.c @@ -326,6 +326,8 @@ static void intel_modeset_update_connector_atomic_state(struct drm_i915_private static void intel_crtc_copy_hw_to_uapi_state(struct intel_crtc_state *crtc_state) { + struct drm_i915_private *i915 = to_i915(crtc_state->uapi.crtc->dev); + if (intel_crtc_is_joiner_secondary(crtc_state)) return; @@ -337,11 +339,30 @@ static void intel_crtc_copy_hw_to_uapi_state(struct intel_crtc_state *crtc_state crtc_state->uapi.adjusted_mode = crtc_state->hw.adjusted_mode; crtc_state->uapi.scaling_filter = crtc_state->hw.scaling_filter; - /* assume 1:1 mapping */ - drm_property_replace_blob(&crtc_state->hw.degamma_lut, - crtc_state->pre_csc_lut); - drm_property_replace_blob(&crtc_state->hw.gamma_lut, - crtc_state->post_csc_lut); + if (DISPLAY_INFO(i915)->color.degamma_lut_size) { + /* assume 1:1 mapping */ + drm_property_replace_blob(&crtc_state->hw.degamma_lut, + crtc_state->pre_csc_lut); + drm_property_replace_blob(&crtc_state->hw.gamma_lut, + crtc_state->post_csc_lut); + } else { + /* + * ilk/snb hw may be configured for either pre_csc_lut + * or post_csc_lut, but we don't advertise degamma_lut as + * being available in the uapi since there is only one + * hardware LUT. Always assign the result of the readout + * to gamma_lut as that is the only valid source of LUTs + * in the uapi. + */ + drm_WARN_ON(&i915->drm, crtc_state->post_csc_lut && + crtc_state->pre_csc_lut); + + drm_property_replace_blob(&crtc_state->hw.degamma_lut, + NULL); + drm_property_replace_blob(&crtc_state->hw.gamma_lut, + crtc_state->post_csc_lut ?: + crtc_state->pre_csc_lut); + } drm_property_replace_blob(&crtc_state->uapi.degamma_lut, crtc_state->hw.degamma_lut);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Fix readout degamma_lut mismatch on ilk/snb" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 33eca84db6e31091cef63584158ab64704f78462 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100859-bogus-pursuable-6b33@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 33eca84db6e3 ("drm/i915: Fix readout degamma_lut mismatch on ilk/snb") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 33eca84db6e31091cef63584158ab64704f78462 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Wed, 10 Jul 2024 15:41:37 +0300 Subject: [PATCH] drm/i915: Fix readout degamma_lut mismatch on ilk/snb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On ilk/snb the pipe may be configured to place the LUT before or after the CSC depending on various factors, but as there is only one LUT (no split mode like on IVB+) we only advertise a gamma_lut and no degamma_lut in the uapi to avoid confusing userspace. This can cause a problem during readout if the VBIOS/GOP enabled the LUT in the pre CSC configuration. The current code blindly assigns the results of the readout to the degamma_lut, which will cause a failure during the next atomic_check() as we aren't expecting anything to be in degamma_lut since it's not visible to userspace. Fix the problem by assigning whatever LUT we read out from the hardware into gamma_lut. Cc: stable(a)vger.kernel.org Fixes: d2559299d339 ("drm/i915: Make ilk_read_luts() capable of degamma readout") Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/11608 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240710124137.16773-1-ville.… Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_modeset_setup.c b/drivers/gpu/drm/i915/display/intel_modeset_setup.c index 6f85f5352455..72694dde3c22 100644 --- a/drivers/gpu/drm/i915/display/intel_modeset_setup.c +++ b/drivers/gpu/drm/i915/display/intel_modeset_setup.c @@ -326,6 +326,8 @@ static void intel_modeset_update_connector_atomic_state(struct drm_i915_private static void intel_crtc_copy_hw_to_uapi_state(struct intel_crtc_state *crtc_state) { + struct drm_i915_private *i915 = to_i915(crtc_state->uapi.crtc->dev); + if (intel_crtc_is_joiner_secondary(crtc_state)) return; @@ -337,11 +339,30 @@ static void intel_crtc_copy_hw_to_uapi_state(struct intel_crtc_state *crtc_state crtc_state->uapi.adjusted_mode = crtc_state->hw.adjusted_mode; crtc_state->uapi.scaling_filter = crtc_state->hw.scaling_filter; - /* assume 1:1 mapping */ - drm_property_replace_blob(&crtc_state->hw.degamma_lut, - crtc_state->pre_csc_lut); - drm_property_replace_blob(&crtc_state->hw.gamma_lut, - crtc_state->post_csc_lut); + if (DISPLAY_INFO(i915)->color.degamma_lut_size) { + /* assume 1:1 mapping */ + drm_property_replace_blob(&crtc_state->hw.degamma_lut, + crtc_state->pre_csc_lut); + drm_property_replace_blob(&crtc_state->hw.gamma_lut, + crtc_state->post_csc_lut); + } else { + /* + * ilk/snb hw may be configured for either pre_csc_lut + * or post_csc_lut, but we don't advertise degamma_lut as + * being available in the uapi since there is only one + * hardware LUT. Always assign the result of the readout + * to gamma_lut as that is the only valid source of LUTs + * in the uapi. + */ + drm_WARN_ON(&i915->drm, crtc_state->post_csc_lut && + crtc_state->pre_csc_lut); + + drm_property_replace_blob(&crtc_state->hw.degamma_lut, + NULL); + drm_property_replace_blob(&crtc_state->hw.gamma_lut, + crtc_state->post_csc_lut ?: + crtc_state->pre_csc_lut); + } drm_property_replace_blob(&crtc_state->uapi.degamma_lut, crtc_state->hw.degamma_lut);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6ed51ba95e27221ce87979bd2ad5926033b9e1b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100845-extradite-silencer-e137@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6ed51ba95e27 ("drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066") 8e140cb60270 ("drm/rockchip: vop: limit maximum resolution to hardware capabilities") 3ba000d6ae99 ("drm/rockchip: define gamma registers for RK3399") 604be85547ce ("drm/rockchip: Add VOP2 driver") b382406a2cf4 ("drm/rockchip: Make VOP driver optional") 540b8f271e53 ("drm/rockchip: Embed drm_encoder into rockchip_decoder") 1e0f66420b13 ("drm/display: Introduce a DRM display-helper module") da68386d9edb ("drm: Rename dp/ to display/") c5060b09f460 ("drm/bridge: Fix it6505 Kconfig DRM_DP_AUX_BUS dependency") 9cbbd694a58b ("Merge drm/drm-next into drm-misc-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ed51ba95e27221ce87979bd2ad5926033b9e1b9 Mon Sep 17 00:00:00 2001 From: Val Packett <val(a)packett.cool> Date: Mon, 24 Jun 2024 17:40:49 -0300 Subject: [PATCH] drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 The RK3066 does have RGB display output, so it should be marked as such. Fixes: f4a6de855eae ("drm: rockchip: vop: add rk3066 vop definitions") Cc: stable(a)vger.kernel.org Signed-off-by: Val Packett <val(a)packett.cool> Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> Link: https://patchwork.freedesktop.org/patch/msgid/20240624204054.5524-3-val@pac… diff --git a/drivers/gpu/drm/rockchip/rockchip_vop_reg.c b/drivers/gpu/drm/rockchip/rockchip_vop_reg.c index 9bcb40a640af..e2c6ba26f437 100644 --- a/drivers/gpu/drm/rockchip/rockchip_vop_reg.c +++ b/drivers/gpu/drm/rockchip/rockchip_vop_reg.c @@ -515,6 +515,7 @@ static const struct vop_data rk3066_vop = { .output = &rk3066_output, .win = rk3066_vop_win_data, .win_size = ARRAY_SIZE(rk3066_vop_win_data), + .feature = VOP_FEATURE_INTERNAL_RGB, .max_output = { 1920, 1080 }, };

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6ed51ba95e27221ce87979bd2ad5926033b9e1b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100844-wireless-suction-3d40@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 6ed51ba95e27 ("drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066") 8e140cb60270 ("drm/rockchip: vop: limit maximum resolution to hardware capabilities") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ed51ba95e27221ce87979bd2ad5926033b9e1b9 Mon Sep 17 00:00:00 2001 From: Val Packett <val(a)packett.cool> Date: Mon, 24 Jun 2024 17:40:49 -0300 Subject: [PATCH] drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 The RK3066 does have RGB display output, so it should be marked as such. Fixes: f4a6de855eae ("drm: rockchip: vop: add rk3066 vop definitions") Cc: stable(a)vger.kernel.org Signed-off-by: Val Packett <val(a)packett.cool> Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> Link: https://patchwork.freedesktop.org/patch/msgid/20240624204054.5524-3-val@pac… diff --git a/drivers/gpu/drm/rockchip/rockchip_vop_reg.c b/drivers/gpu/drm/rockchip/rockchip_vop_reg.c index 9bcb40a640af..e2c6ba26f437 100644 --- a/drivers/gpu/drm/rockchip/rockchip_vop_reg.c +++ b/drivers/gpu/drm/rockchip/rockchip_vop_reg.c @@ -515,6 +515,7 @@ static const struct vop_data rk3066_vop = { .output = &rk3066_output, .win = rk3066_vop_win_data, .win_size = ARRAY_SIZE(rk3066_vop_win_data), + .feature = VOP_FEATURE_INTERNAL_RGB, .max_output = { 1920, 1080 }, };

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ext4: fix slab-use-after-free in ext4_split_extent_at()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x c26ab35702f8cd0cdc78f96aa5856bfb77be798f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100717-untrue-mockup-9fb4@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: c26ab35702f8 ("ext4: fix slab-use-after-free in ext4_split_extent_at()") 082cd4ec240b ("ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c26ab35702f8cd0cdc78f96aa5856bfb77be798f Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Thu, 22 Aug 2024 10:35:23 +0800 Subject: [PATCH] ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0 Read of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40 CPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724 Call Trace: <TASK> kasan_report+0x93/0xc0 ext4_split_extent_at+0xba8/0xcc0 ext4_split_extent.isra.0+0x18f/0x500 ext4_split_convert_extents+0x275/0x750 ext4_ext_handle_unwritten_extents+0x73e/0x1580 ext4_ext_map_blocks+0xe20/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] Allocated by task 40: __kmalloc_noprof+0x1ac/0x480 ext4_find_extent+0xf3b/0x1e70 ext4_ext_map_blocks+0x188/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] Freed by task 40: kfree+0xf1/0x2b0 ext4_find_extent+0xa71/0x1e70 ext4_ext_insert_extent+0xa22/0x3260 ext4_split_extent_at+0x3ef/0xcc0 ext4_split_extent.isra.0+0x18f/0x500 ext4_split_convert_extents+0x275/0x750 ext4_ext_handle_unwritten_extents+0x73e/0x1580 ext4_ext_map_blocks+0xe20/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] ================================================================== The flow of issue triggering is as follows: ext4_split_extent_at path = *ppath ext4_ext_insert_extent(ppath) ext4_ext_create_new_leaf(ppath) ext4_find_extent(orig_path) path = *orig_path read_extent_tree_block // return -ENOMEM or -EIO ext4_free_ext_path(path) kfree(path) *orig_path = NULL a. If err is -ENOMEM: ext4_ext_dirty(path + path->p_depth) // path use-after-free !!! b. If err is -EIO and we have EXT_DEBUG defined: ext4_ext_show_leaf(path) eh = path[depth].p_hdr // path also use-after-free !!! So when trying to zeroout or fix the extent length, call ext4_find_extent() to update the path. In addition we use *ppath directly as an ext4_ext_show_leaf() input to avoid possible use-after-free when EXT_DEBUG is defined, and to avoid unnecessary path updates. Fixes: dfe5080939ea ("ext4: drop EXT4_EX_NOFREE_ON_ERR from rest of extents handling code") Cc: stable(a)kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Ojaswin Mujoo <ojaswin(a)linux.ibm.com> Tested-by: Ojaswin Mujoo <ojaswin(a)linux.ibm.com> Link: https://patch.msgid.link/20240822023545.1994557-4-libaokun@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 4395e2b668ec..fe6bca63f9d6 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -3251,6 +3251,25 @@ static int ext4_split_extent_at(handle_t *handle, if (err != -ENOSPC && err != -EDQUOT && err != -ENOMEM) goto out; + /* + * Update path is required because previous ext4_ext_insert_extent() + * may have freed or reallocated the path. Using EXT4_EX_NOFAIL + * guarantees that ext4_find_extent() will not return -ENOMEM, + * otherwise -ENOMEM will cause a retry in do_writepages(), and a + * WARN_ON may be triggered in ext4_da_update_reserve_space() due to + * an incorrect ee_len causing the i_reserved_data_blocks exception. + */ + path = ext4_find_extent(inode, ee_block, ppath, + flags | EXT4_EX_NOFAIL); + if (IS_ERR(path)) { + EXT4_ERROR_INODE(inode, "Failed split extent on %u, err %ld", + split, PTR_ERR(path)); + return PTR_ERR(path); + } + depth = ext_depth(inode); + ex = path[depth].p_ext; + *ppath = path; + if (EXT4_EXT_MAY_ZEROOUT & split_flag) { if (split_flag & (EXT4_EXT_DATA_VALID1|EXT4_EXT_DATA_VALID2)) { if (split_flag & EXT4_EXT_DATA_VALID1) { @@ -3303,7 +3322,7 @@ static int ext4_split_extent_at(handle_t *handle, ext4_ext_dirty(handle, inode, path + path->p_depth); return err; out: - ext4_ext_show_leaf(inode, path); + ext4_ext_show_leaf(inode, *ppath); return err; }

8 months, 2 weeks

2
1
0 0

[PATCH 5.10] ntfs: do not dereference a null ctx on error

by George Rurikov

From: George Ryurikov <g.ryurikov(a)securitycode.ru> Danila Chernetsov <listdansp(a)mail.ru> commit aa4b92c5234878d55da96d387ea4d3695ca5e4ab upstream. In ntfs_mft_data_extend_allocation_nolock(), if an error condition occurs prior to 'ctx' being set to a non-NULL value, avoid dereferencing the NULL 'ctx' pointer in error handling. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Danila Chernetsov <listdansp(a)mail.ru> Reviewed-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: George Ryurikov <g.ryurikov(a)securitycode.ru> --- fs/ntfs/mft.c | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/fs/ntfs/mft.c b/fs/ntfs/mft.c index 0d62cd5bb7f8..3feb218174fa 100644 --- a/fs/ntfs/mft.c +++ b/fs/ntfs/mft.c @@ -1955,36 +1955,38 @@ static int ntfs_mft_data_extend_allocation_nolock(ntfs_volume *vol) "attribute.%s", es); NVolSetErrors(vol); } - a = ctx->attr; + if (ntfs_rl_truncate_nolock(vol, &mft_ni->runlist, old_last_vcn)) { ntfs_error(vol->sb, "Failed to truncate mft data attribute " "runlist.%s", es); NVolSetErrors(vol); } - if (mp_rebuilt && !IS_ERR(ctx->mrec)) { - if (ntfs_mapping_pairs_build(vol, (u8*)a + le16_to_cpu( + if (ctx) { + a = ctx->attr; + if (mp_rebuilt && !IS_ERR(ctx->mrec)) { + if (ntfs_mapping_pairs_build(vol, (u8 *)a + le16_to_cpu( a->data.non_resident.mapping_pairs_offset), old_alen - le16_to_cpu( - a->data.non_resident.mapping_pairs_offset), + a->data.non_resident.mapping_pairs_offset), rl2, ll, -1, NULL)) { - ntfs_error(vol->sb, "Failed to restore mapping pairs " + ntfs_error(vol->sb, "Failed to restore mapping pairs " "array.%s", es); - NVolSetErrors(vol); - } - if (ntfs_attr_record_resize(ctx->mrec, a, old_alen)) { - ntfs_error(vol->sb, "Failed to restore attribute " + NVolSetErrors(vol); + } + if (ntfs_attr_record_resize(ctx->mrec, a, old_alen)) { + ntfs_error(vol->sb, "Failed to restore attribute " "record.%s", es); + NVolSetErrors(vol); + } + flush_dcache_mft_record_page(ctx->ntfs_ino); + mark_mft_record_dirty(ctx->ntfs_ino); + } else if (IS_ERR(ctx->mrec)) { + ntfs_error(vol->sb, "Failed to restore attribute search " + "context.%s", es); NVolSetErrors(vol); } - flush_dcache_mft_record_page(ctx->ntfs_ino); - mark_mft_record_dirty(ctx->ntfs_ino); - } else if (IS_ERR(ctx->mrec)) { - ntfs_error(vol->sb, "Failed to restore attribute search " - "context.%s", es); - NVolSetErrors(vol); - } - if (ctx) ntfs_attr_put_search_ctx(ctx); + } if (!IS_ERR(mrec)) unmap_mft_record(mft_ni); up_write(&mft_ni->runlist.lock); -- 2.34.1 Заявление о конфиденциальности Данное электронное письмо и любые приложения к нему являются конфиденциальными и предназначены исключительно для адресата. Если Вы не являетесь адресатом данного письма, пожалуйста, уведомите немедленно отправителя, не раскрывайте содержание другим лицам, не используйте его в каких-либо целях, не храните и не копируйте информацию любым способом.

8 months, 2 weeks

1
0
0 0

[PATCH] HID: plantronics: Workaround for an unexcepted opposite volume key

by Wade Wang

Some Plantronics headset as the below send an unexcept opposite volume key's HID report for each volume key press after 200ms, like unecepted Volume Up Key following Volume Down key pressed by user. This patch adds a quirk to hid-plantronics for these devices, which will ignore the second unexcepted opposite volume key if it happens within 220ms from the last one that was handled. Plantronics EncorePro 500 Series (047f:431e) Plantronics Blackwire_3325 Series (047f:430c) The patch was tested on the mentioned model, it shouldn't affect other models, however, this quirk might be needed for them too. Auto-repeat (when a key is held pressed) is not affected per test result. Cc: stable(a)vger.kernel.org Signed-off-by: Wade Wang <wade.wang(a)hp.com> --- drivers/hid/hid-ids.h | 2 ++ drivers/hid/hid-plantronics.c | 23 +++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h index 781c5aa29859..b72d70bc5628 100644 --- a/drivers/hid/hid-ids.h +++ b/drivers/hid/hid-ids.h @@ -1050,6 +1050,8 @@ #define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3220_SERIES 0xc056 #define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3215_SERIES 0xc057 #define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3225_SERIES 0xc058 +#define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3325_SERIES 0x430c +#define USB_DEVICE_ID_PLANTRONICS_ENCOREPRO_500_SERIES 0x431e #define USB_VENDOR_ID_PANASONIC 0x04da #define USB_DEVICE_ID_PANABOARD_UBT780 0x1044 diff --git a/drivers/hid/hid-plantronics.c b/drivers/hid/hid-plantronics.c index 3d414ae194ac..25cfd964dc25 100644 --- a/drivers/hid/hid-plantronics.c +++ b/drivers/hid/hid-plantronics.c @@ -38,8 +38,10 @@ (usage->hid & HID_USAGE_PAGE) == HID_UP_CONSUMER) #define PLT_QUIRK_DOUBLE_VOLUME_KEYS BIT(0) +#define PLT_QUIRK_FOLLOWED_OPPOSITE_VOLUME_KEYS BIT(1) #define PLT_DOUBLE_KEY_TIMEOUT 5 /* ms */ +#define PLT_FOLLOWED_OPPOSITE_KEY_TIMEOUT 220 /* ms */ struct plt_drv_data { unsigned long device_type; @@ -137,6 +139,21 @@ static int plantronics_event(struct hid_device *hdev, struct hid_field *field, drv_data->last_volume_key_ts = cur_ts; } + if (drv_data->quirks & PLT_QUIRK_FOLLOWED_OPPOSITE_VOLUME_KEYS) { + unsigned long prev_ts, cur_ts; + + /* Usages are filtered in plantronics_usages. */ + + if (!value) /* Handle key presses only. */ + return 0; + + prev_ts = drv_data->last_volume_key_ts; + cur_ts = jiffies; + if (jiffies_to_msecs(cur_ts - prev_ts) <= PLT_FOLLOWED_OPPOSITE_KEY_TIMEOUT) + return 1; /* Ignore the followed opposite volume key. */ + + drv_data->last_volume_key_ts = cur_ts; + } return 0; } @@ -210,6 +227,12 @@ static const struct hid_device_id plantronics_devices[] = { { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3225_SERIES), .driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS }, + { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, + USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3325_SERIES), + .driver_data = PLT_QUIRK_FOLLOWED_OPPOSITE_VOLUME_KEYS }, + { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, + USB_DEVICE_ID_PLANTRONICS_ENCOREPRO_500_SERIES), + .driver_data = PLT_QUIRK_FOLLOWED_OPPOSITE_VOLUME_KEYS }, { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, HID_ANY_ID) }, { } }; -- Change log: 1. 2nd patch submission: Add one Cc mail aoount in patch comment, per kernel test robot required 2. 3rd patch submission: Code and comment change to Separate this patch with previous patch 'commit f567d6ef8606 ("HID: plantronics: Workaround for double volume key presses")' 2.34.1

8 months, 2 weeks

2
1
0 0

[PATCH] r8169: add tally counter fields added with RTL8125

by Heiner Kallweit

RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated memory area is big enough to hold all of the tally counter values, even if we use only parts of it. Fixes: f1bce4ad2f1c ("r8169: add support for RTL8125") Cc: stable(a)vger.kernel.org # up to 6.11 Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> --- Original commit: ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a --- drivers/net/ethernet/realtek/r8169_main.c | 27 +++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 31e8634a6..d0a188cb3 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -579,6 +579,33 @@ struct rtl8169_counters { __le32 rx_multicast; __le16 tx_aborted; __le16 tx_underun; + /* new since RTL8125 */ + __le64 tx_octets; + __le64 rx_octets; + __le64 rx_multicast64; + __le64 tx_unicast64; + __le64 tx_broadcast64; + __le64 tx_multicast64; + __le32 tx_pause_on; + __le32 tx_pause_off; + __le32 tx_pause_all; + __le32 tx_deferred; + __le32 tx_late_collision; + __le32 tx_all_collision; + __le32 tx_aborted32; + __le32 align_errors32; + __le32 rx_frame_too_long; + __le32 rx_runt; + __le32 rx_pause_on; + __le32 rx_pause_off; + __le32 rx_pause_all; + __le32 rx_unknown_opcode; + __le32 rx_mac_error; + __le32 tx_underrun32; + __le32 rx_mac_missed; + __le32 rx_tcam_dropped; + __le32 tdu; + __le32 rdu; }; struct rtl8169_tc_offsets { -- 2.46.1

8 months, 2 weeks

2
1
0 0

Regression in 6.11.2

by Mario Limonciello

Hi, commit 872b8f14d772 ("drm/amd/display: Validate backlight caps are sane") was added to stable trees to fix a brightness problem on one laptop on a buggy firmware but with how aggressive it was it caused a problem on another. Fortunately the problem on the other was already fixed in 6.12 though! commit 87d749a6aab7 ("drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT`") Can that commit please be brought everywhere that 872b8f14d772 went? Thanks!

8 months, 2 weeks

4
3
0 0

FAILED: patch "[PATCH] mm: z3fold: deprecate CONFIG_Z3FOLD" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 7a2369b74abf76cd3e54c45b30f6addb497f831b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100707-delta-trance-5682@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 7a2369b74abf ("mm: z3fold: deprecate CONFIG_Z3FOLD") 04cb7502a5d7 ("zsmalloc: use all available 24 bits of page_type") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a2369b74abf76cd3e54c45b30f6addb497f831b Mon Sep 17 00:00:00 2001 From: Yosry Ahmed <yosryahmed(a)google.com> Date: Wed, 4 Sep 2024 23:33:43 +0000 Subject: [PATCH] mm: z3fold: deprecate CONFIG_Z3FOLD The z3fold compressed pages allocator is rarely used, most users use zsmalloc. The only disadvantage of zsmalloc in comparison is the dependency on MMU, and zbud is a more common option for !MMU as it was the default zswap allocator for a long time. Historically, zsmalloc had worse latency than zbud and z3fold but offered better memory savings. This is no longer the case as shown by a simple recent analysis [1]. That analysis showed that z3fold does not have any advantage over zsmalloc or zbud considering both performance and memory usage. In a kernel build test on tmpfs in a limited cgroup, z3fold took 3% more time and used 1.8% more memory. The latency of zswap_load() was 7% higher, and that of zswap_store() was 10% higher. Zsmalloc is better in all metrics. Moreover, z3fold apparently has latent bugs, which was made noticeable by a recent soft lockup bug report with z3fold [2]. Switching to zsmalloc not only fixed the problem, but also reduced the swap usage from 6~8G to 1~2G. Other users have also reported being bitten by mistakenly enabling z3fold. Other than hurting users, z3fold is repeatedly causing wasted engineering effort. Apart from investigating the above bug, it came up in multiple development discussions (e.g. [3]) as something we need to handle, when there aren't any legit users (at least not intentionally). The natural course of action is to deprecate z3fold, and remove in a few cycles if no objections are raised from active users. Next on the list should be zbud, as it offers marginal latency gains at the cost of huge memory waste when compared to zsmalloc. That one will need to wait until zsmalloc does not depend on MMU. Rename the user-visible config option from CONFIG_Z3FOLD to CONFIG_Z3FOLD_DEPRECATED so that users with CONFIG_Z3FOLD=y get a new prompt with explanation during make oldconfig. Also, remove CONFIG_Z3FOLD=y from defconfigs. [1]https://lore.kernel.org/lkml/CAJD7tkbRF6od-2x_L8-A1QL3=2Ww13sCj4S3i4bNndq… [2]https://lore.kernel.org/lkml/EF0ABD3E-A239-4111-A8AB-5C442E759CF3@gmail.c… [3]https://lore.kernel.org/lkml/CAJD7tkbnmeVugfunffSovJf9FAgy9rhBVt_tx=nxUve… [arnd(a)arndb.de: deprecate ZSWAP_ZPOOL_DEFAULT_Z3FOLD as well] Link: https://lkml.kernel.org/r/20240909202625.1054880-1-arnd@kernel.org Link: https://lkml.kernel.org/r/20240904233343.933462-1-yosryahmed@google.com Signed-off-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Acked-by: Chris Down <chris(a)chrisdown.name> Acked-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Vitaly Wool <vitaly.wool(a)konsulko.com> Acked-by: Christoph Hellwig <hch(a)lst.de> Cc: Aneesh Kumar K.V <aneesh.kumar(a)kernel.org> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Huacai Chen <chenhuacai(a)kernel.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Naveen N. Rao <naveen.n.rao(a)linux.ibm.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: WANG Xuerui <kernel(a)xen0n.name> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/loongarch/configs/loongson3_defconfig b/arch/loongarch/configs/loongson3_defconfig index b4252c357c8e..75b366407a60 100644 --- a/arch/loongarch/configs/loongson3_defconfig +++ b/arch/loongarch/configs/loongson3_defconfig @@ -96,7 +96,6 @@ CONFIG_ZPOOL=y CONFIG_ZSWAP=y CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD=y CONFIG_ZBUD=y -CONFIG_Z3FOLD=y CONFIG_ZSMALLOC=m # CONFIG_COMPAT_BRK is not set CONFIG_MEMORY_HOTPLUG=y diff --git a/arch/powerpc/configs/ppc64_defconfig b/arch/powerpc/configs/ppc64_defconfig index 544a65fda77b..d39284489aa2 100644 --- a/arch/powerpc/configs/ppc64_defconfig +++ b/arch/powerpc/configs/ppc64_defconfig @@ -81,7 +81,6 @@ CONFIG_MODULE_SIG_SHA512=y CONFIG_PARTITION_ADVANCED=y CONFIG_BINFMT_MISC=m CONFIG_ZSWAP=y -CONFIG_Z3FOLD=y CONFIG_ZSMALLOC=y # CONFIG_SLAB_MERGE_DEFAULT is not set CONFIG_SLAB_FREELIST_RANDOM=y diff --git a/mm/Kconfig b/mm/Kconfig index 1aa282e35dc7..09aebca1cae3 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -146,12 +146,15 @@ config ZSWAP_ZPOOL_DEFAULT_ZBUD help Use the zbud allocator as the default allocator. -config ZSWAP_ZPOOL_DEFAULT_Z3FOLD - bool "z3fold" - select Z3FOLD +config ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED + bool "z3foldi (DEPRECATED)" + select Z3FOLD_DEPRECATED help Use the z3fold allocator as the default allocator. + Deprecated and scheduled for removal in a few cycles, + see CONFIG_Z3FOLD_DEPRECATED. + config ZSWAP_ZPOOL_DEFAULT_ZSMALLOC bool "zsmalloc" select ZSMALLOC @@ -163,7 +166,7 @@ config ZSWAP_ZPOOL_DEFAULT string depends on ZSWAP default "zbud" if ZSWAP_ZPOOL_DEFAULT_ZBUD - default "z3fold" if ZSWAP_ZPOOL_DEFAULT_Z3FOLD + default "z3fold" if ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED default "zsmalloc" if ZSWAP_ZPOOL_DEFAULT_ZSMALLOC default "" @@ -177,15 +180,25 @@ config ZBUD deterministic reclaim properties that make it preferable to a higher density approach when reclaim will be used. -config Z3FOLD - tristate "3:1 compression allocator (z3fold)" +config Z3FOLD_DEPRECATED + tristate "3:1 compression allocator (z3fold) (DEPRECATED)" depends on ZSWAP help + Deprecated and scheduled for removal in a few cycles. If you have + a good reason for using Z3FOLD over ZSMALLOC, please contact + linux-mm(a)kvack.org and the zswap maintainers. + A special purpose allocator for storing compressed pages. It is designed to store up to three compressed pages per physical page. It is a ZBUD derivative so the simplicity and determinism are still there. +config Z3FOLD + tristate + default y if Z3FOLD_DEPRECATED=y + default m if Z3FOLD_DEPRECATED=m + depends on Z3FOLD_DEPRECATED + config ZSMALLOC tristate prompt "N:1 compression allocator (zsmalloc)" if (ZSWAP || ZRAM)

8 months, 2 weeks

3
4
0 0

FAILED: patch "[PATCH] uprobes: fix kernel info leak via "[uprobes]" vma" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 34820304cc2cd1804ee1f8f3504ec77813d29c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100757-gambling-blurry-b71e@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 34820304cc2c ("uprobes: fix kernel info leak via "[uprobes]" vma") 2abbcc099ec6 ("uprobes: turn xol_area->pages[2] into xol_area->page") 6d27a31ef195 ("uprobes: introduce the global struct vm_special_mapping xol_mapping") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 34820304cc2cd1804ee1f8f3504ec77813d29c8e Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Sun, 29 Sep 2024 18:20:47 +0200 Subject: [PATCH] uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really matter, debugger can read this memory anyway. Link: https://lore.kernel.org/all/20240929162047.GA12611@redhat.com/ Reported-by: Will Deacon <will(a)kernel.org> Fixes: d4b3b6384f98 ("uprobes/core: Allocate XOL slots for uprobes use") Cc: stable(a)vger.kernel.org Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ec796e2f055..4b52cb2ae6d6 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1545,7 +1545,7 @@ static struct xol_area *__create_xol_area(unsigned long vaddr) if (!area->bitmap) goto free_area; - area->page = alloc_page(GFP_HIGHUSER); + area->page = alloc_page(GFP_HIGHUSER | __GFP_ZERO); if (!area->page) goto free_bitmap;

8 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] io_uring/net: harden multishot termination case for recv" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c314094cb4cfa6fc5a17f4881ead2dfebfa717a7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100732-pessimist-ambiguous-58e3@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: c314094cb4cf ("io_uring/net: harden multishot termination case for recv") 4a3223f7bfda ("io_uring/net: switch io_recv() to using io_async_msghdr") fb6328bc2ab5 ("io_uring/net: simplify msghd->msg_inq checking") 186daf238529 ("io_uring/kbuf: rename REQ_F_PARTIAL_IO to REQ_F_BL_NO_RECYCLE") eb18c29dd2a3 ("io_uring/net: move recv/recvmsg flags out of retry loop") c3f9109dbc9e ("io_uring/kbuf: flag request if buffer pool is empty after buffer pick") 95041b93e90a ("io_uring: add io_file_can_poll() helper") 521223d7c229 ("io_uring/cancel: don't default to setting req->work.cancel_seq") 4bcb982cce74 ("io_uring: expand main struct io_kiocb flags to 64-bits") 72bd80252fee ("io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers") 76b367a2d831 ("io_uring/net: limit inline multishot retries") 91e5d765a82f ("io_uring/net: un-indent mshot retry path in io_recv_finish()") 595e52284d24 ("io_uring/poll: don't enable lazy wake for POLLEXCLUSIVE") 89d528ba2f82 ("io_uring: indicate if io_kbuf_recycle did recycle anything") 4de520f1fcef ("Merge tag 'io_uring-futex-2023-10-30' of git://git.kernel.dk/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c314094cb4cfa6fc5a17f4881ead2dfebfa717a7 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Thu, 26 Sep 2024 07:08:10 -0600 Subject: [PATCH] io_uring/net: harden multishot termination case for recv If the recv returns zero, or an error, then it doesn't matter if more data has already been received for this buffer. A condition like that should terminate the multishot receive. Rather than pass in the collected return value, pass in whether to terminate or keep the recv going separately. Note that this isn't a bug right now, as the only way to get there is via setting MSG_WAITALL with multishot receive. And if an application does that, then -EINVAL is returned anyway. But it seems like an easy bug to introduce, so let's make it a bit more explicit. Link: https://github.com/axboe/liburing/issues/1246 Cc: stable(a)vger.kernel.org Fixes: b3fdea6ecb55 ("io_uring: multishot recv") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/net.c b/io_uring/net.c index f10f5a22d66a..18507658a921 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -1133,6 +1133,7 @@ int io_recv(struct io_kiocb *req, unsigned int issue_flags) int ret, min_ret = 0; bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; size_t len = sr->len; + bool mshot_finished; if (!(req->flags & REQ_F_POLLED) && (sr->flags & IORING_RECVSEND_POLL_FIRST)) @@ -1187,6 +1188,7 @@ int io_recv(struct io_kiocb *req, unsigned int issue_flags) req_set_fail(req); } + mshot_finished = ret <= 0; if (ret > 0) ret += sr->done_io; else if (sr->done_io) @@ -1194,7 +1196,7 @@ int io_recv(struct io_kiocb *req, unsigned int issue_flags) else io_kbuf_recycle(req, issue_flags); - if (!io_recv_finish(req, &ret, kmsg, ret <= 0, issue_flags)) + if (!io_recv_finish(req, &ret, kmsg, mshot_finished, issue_flags)) goto retry_multishot; return ret;

8 months, 2 weeks

3
2
0 0

[PATCH] ceph: fix cap ref leak via netfs init_request

by Patrick Donnelly

From: Patrick Donnelly <pdonnell(a)redhat.com> Log recovered from a user's cluster: <7>[ 5413.970692] ceph: get_cap_refs 00000000958c114b ret 1 got Fr <7>[ 5413.970695] ceph: start_read 00000000958c114b, no cache cap ... <7>[ 5473.934609] ceph: my wanted = Fr, used = Fr, dirty - <7>[ 5473.934616] ceph: revocation: pAsLsXsFr -> pAsLsXs (revoking Fr) <7>[ 5473.934632] ceph: __ceph_caps_issued 00000000958c114b cap 00000000f7784259 issued pAsLsXs <7>[ 5473.934638] ceph: check_caps 10000000e68.fffffffffffffffe file_want - used Fr dirty - flushing - issued pAsLsXs revoking Fr retain pAsLsXsFsr AUTHONLY NOINVAL FLUSH_FORCE The MDS subsequently complains that the kernel client is late releasing caps. Approximately, a series of changes to this code by the three commits cited below resulted in subtle resource cleanup to be missed. The main culprit is the change in error handling in 2d31604 which meant that a failure in init_request would no longer cause cleanup to be called. That would prevent the ceph_put_cap_refs which would cleanup the leaked cap ref. Closes: https://tracker.ceph.com/issues/67008 Fixes: 49870056005ca9387e5ee31451991491f99cc45f ("ceph: convert ceph_readpages to ceph_readahead") Fixes: 2de160417315b8d64455fe03e9bb7d3308ac3281 ("netfs: Change ->init_request() to return an error code") Fixes: a5c9dc4451394b2854493944dcc0ff71af9705a3 ("ceph: Make ceph_init_request() check caps on readahead") Signed-off-by: Patrick Donnelly <pdonnell(a)redhat.com> Cc: stable(a)vger.kernel.org --- fs/ceph/addr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 53fef258c2bc..702c6a730b70 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -489,8 +489,11 @@ static int ceph_init_request(struct netfs_io_request *rreq, struct file *file) rreq->io_streams[0].sreq_max_len = fsc->mount_options->rsize; out: - if (ret < 0) + if (ret < 0) { + if (got) + ceph_put_cap_refs(ceph_inode(inode), got); kfree(priv); + } return ret; } base-commit: e32cde8d2bd7d251a8f9b434143977ddf13dcec6 -- Patrick Donnelly, Ph.D. He / Him / His Red Hat Partner Engineer IBM, Inc. GPG: 19F28A586F808C2402351B93C3301A3E258DD79D

8 months, 2 weeks

4
5
0 0

[PATCH 5.10] block, bfq: remove useless checking in bfq_put_queue()

by George Rurikov

From: George Ryurikov <g.ryurikov(a)securitycode.ru> From: Yu Kuai <yukuai3(a)huawei.com> commit 1e3cc2125d7cc7d492b2e6e52d09c1e17ba573c3 'bfqq->bfqd' is ensured to set in bfq_init_queue(), and it will never change afterwards. Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20220816015631.1323948-3-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: George Ryurikov <g.ryurikov(a)securitycode.ru> --- block/bfq-iosched.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index 6687b805bab3..0031c5751d89 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -4864,9 +4864,7 @@ void bfq_put_queue(struct bfq_queue *bfqq) struct hlist_node *n; struct bfq_group *bfqg = bfqq_group(bfqq); - if (bfqq->bfqd) - bfq_log_bfqq(bfqq->bfqd, bfqq, "put_queue: %p %d", - bfqq, bfqq->ref); + bfq_log_bfqq(bfqq->bfqd, bfqq, "put_queue: %p %d", bfqq, bfqq->ref); bfqq->ref--; if (bfqq->ref) @@ -4931,7 +4929,7 @@ void bfq_put_queue(struct bfq_queue *bfqq) hlist_del_init(&item->woken_list_node); } - if (bfqq->bfqd && bfqq->bfqd->last_completed_rq_bfqq == bfqq) + if (bfqq->bfqd->last_completed_rq_bfqq == bfqq) bfqq->bfqd->last_completed_rq_bfqq = NULL; kmem_cache_free(bfq_pool, bfqq); -- 2.34.1 Заявление о конфиденциальности Данное электронное письмо и любые приложения к нему являются конфиденциальными и предназначены исключительно для адресата. Если Вы не являетесь адресатом данного письма, пожалуйста, уведомите немедленно отправителя, не раскрывайте содержание другим лицам, не используйте его в каких-либо целях, не храните и не копируйте информацию любым способом.

8 months, 2 weeks

4
3
0 0

[PATCH] mm: remove the newlines, which are added for unknown reasons and interfere with bug analysis

by Jeongjun Park

Looking at the source code links for mm/memory.c in the sample reports in the syzbot report links [1]. it looks like the line numbers are designated as lines that have been increased by 1. This may seem like a problem with syzkaller or the addr2line program that assigns the line numbers, but there is no problem with either of them. In the previous commit d61ea1cb0095 ("userfaultfd: UFFD_FEATURE_WP_ASYNC"), when modifying mm/memory.c, an unknown line break is added to the very first line of the file. However, the git.kernel.org site displays the source code with the added line break removed, so even though addr2line has assigned the correct line number, it looks like the line number has increased by 1. This may seem like a trivial thing, but I think it would be appropriate to remove all the newline characters added to the upstream and stable versions, as they are not only incorrect in terms of code style but also hinder bug analysis. [1] https://syzkaller.appspot.com/bug?extid=4145b11cdf925264bff4 https://syzkaller.appspot.com/bug?extid=fa43f1b63e3aa6f66329 https://syzkaller.appspot.com/bug?extid=890a1df7294175947697 Fixes: d61ea1cb0095 ("userfaultfd: UFFD_FEATURE_WP_ASYNC") Cc: stable(a)vger.kernel.org Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- mm/memory.c | 1 - 1 file changed, 1 deletion(-) diff --git a/mm/memory.c b/mm/memory.c index 2366578015ad..7dffe8749014 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1,4 +1,3 @@ - // SPDX-License-Identifier: GPL-2.0-only /* * linux/mm/memory.c --

8 months, 2 weeks

4
6
0 0

+ lib-alloc_tag_module_unload-must-wait-for-pending-kfree_rcu-calls.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls has been added to the -mm mm-hotfixes-unstable branch. Its filename is lib-alloc_tag_module_unload-must-wait-for-pending-kfree_rcu-calls.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Florian Westphal <fw(a)strlen.de> Subject: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls Date: Mon, 7 Oct 2024 22:52:24 +0200 Ben Greear reports following splat: ------------[ cut here ]------------ net/netfilter/nf_nat_core.c:1114 module nf_nat func:nf_nat_register_fn has 256 allocated at module unload WARNING: CPU: 1 PID: 10421 at lib/alloc_tag.c:168 alloc_tag_module_unload+0x22b/0x3f0 Modules linked in: nf_nat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat ... Hardware name: Default string Default string/SKYBAY, BIOS 5.12 08/04/2020 RIP: 0010:alloc_tag_module_unload+0x22b/0x3f0 codetag_unload_module+0x19b/0x2a0 ? codetag_load_module+0x80/0x80 nf_nat module exit calls kfree_rcu on those addresses, but the free operation is likely still pending by the time alloc_tag checks for leaks. Wait for outstanding kfree_rcu operations to complete before checking resolves this warning. Reproducer: unshare -n iptables-nft -t nat -A PREROUTING -p tcp grep nf_nat /proc/allocinfo # will list 4 allocations rmmod nft_chain_nat rmmod nf_nat # will WARN. Link: https://lkml.kernel.org/r/20241007205236.11847-1-fw@strlen.de Fixes: a473573964e5 ("lib: code tagging module support") Signed-off-by: Florian Westphal <fw(a)strlen.de> Reported-by: Ben Greear <greearb(a)candelatech.com> Closes: https://lore.kernel.org/netdev/bdaaef9d-4364-4171-b82b-bcfc12e207eb@candela… Cc: Uladzislau Rezki <urezki(a)gmail.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/codetag.c | 2 ++ 1 file changed, 2 insertions(+) --- a/lib/codetag.c~lib-alloc_tag_module_unload-must-wait-for-pending-kfree_rcu-calls +++ a/lib/codetag.c @@ -228,6 +228,8 @@ bool codetag_unload_module(struct module if (!mod) return true; + kvfree_rcu_barrier(); + mutex_lock(&codetag_lock); list_for_each_entry(cttype, &codetag_types, link) { struct codetag_module *found = NULL; _ Patches currently in -mm which might be from fw(a)strlen.de are lib-alloc_tag_module_unload-must-wait-for-pending-kfree_rcu-calls.patch

8 months, 2 weeks

1
0
0 0

+ mm-mremap-fix-move_normal_pmd-retract_page_tables-race.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/mremap: fix move_normal_pmd/retract_page_tables race has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-mremap-fix-move_normal_pmd-retract_page_tables-race.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/mremap: fix move_normal_pmd/retract_page_tables race Date: Mon, 07 Oct 2024 23:42:04 +0200 In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. At that point, the mmap_lock is held in write mode, but no rmap locks are held yet. For PMD entries that point to page tables and are fully covered by the source address range, move_pgt_entry(NORMAL_PMD, ...) is called, which first takes rmap locks, then does move_normal_pmd(). move_normal_pmd() takes the necessary page table locks at source and destination, then moves an entire page table from the source to the destination. The problem is: The rmap locks, which protect against concurrent page table removal by retract_page_tables() in the THP code, are only taken after the PMD entry has been read and it has been decided how to move it. So we can race as follows (with two processes that have mappings of the same tmpfs file that is stored on a tmpfs mount with huge=advise); note that process A accesses page tables through the MM while process B does it through the file rmap: process A process B ========= ========= mremap mremap_to move_vma move_page_tables get_old_pmd alloc_new_pmd *** PREEMPT *** madvise(MADV_COLLAPSE) do_madvise madvise_walk_vmas madvise_vma_behavior madvise_collapse hpage_collapse_scan_file collapse_file retract_page_tables i_mmap_lock_read(mapping) pmdp_collapse_flush i_mmap_unlock_read(mapping) move_pgt_entry(NORMAL_PMD, ...) take_rmap_locks move_normal_pmd drop_rmap_locks When this happens, move_normal_pmd() can end up creating bogus PMD entries in the line `pmd_populate(mm, new_pmd, pmd_pgtable(pmd))`. The effect depends on arch-specific and machine-specific details; on x86, you can end up with physical page 0 mapped as a page table, which is likely exploitable for user->kernel privilege escalation. Fix the race by letting process B recheck that the PMD still points to a page table after the rmap locks have been taken. Otherwise, we bail and let the caller fall back to the PTE-level copying path, which will then bail immediately at the pmd_none() check. Bug reachability: Reaching this bug requires that you can create shmem/file THP mappings - anonymous THP uses different code that doesn't zap stuff under rmap locks. File THP is gated on an experimental config flag (CONFIG_READ_ONLY_THP_FOR_FS), so on normal distro kernels you need shmem THP to hit this bug. As far as I know, getting shmem THP normally requires that you can mount your own tmpfs with the right mount flags, which would require creating your own user+mount namespace; though I don't know if some distros maybe enable shmem THP by default or something like that. Bug impact: This issue can likely be used for user->kernel privilege escalation when it is reachable. Link: https://lkml.kernel.org/r/20241007-move_normal_pmd-vs-collapse-fix-2-v1-1-5… Fixes: 1d65b771bc08 ("mm/khugepaged: retract_page_tables() without mmap or vma lock") Closes: https://project-zero.issues.chromium.org/371047675 Co-developed-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Jann Horn <jannh(a)google.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Joel Fernandes <joel(a)joelfernandes.org> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mremap.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) --- a/mm/mremap.c~mm-mremap-fix-move_normal_pmd-retract_page_tables-race +++ a/mm/mremap.c @@ -238,6 +238,7 @@ static bool move_normal_pmd(struct vm_ar { spinlock_t *old_ptl, *new_ptl; struct mm_struct *mm = vma->vm_mm; + bool res = false; pmd_t pmd; if (!arch_supports_page_table_move()) @@ -277,19 +278,25 @@ static bool move_normal_pmd(struct vm_ar if (new_ptl != old_ptl) spin_lock_nested(new_ptl, SINGLE_DEPTH_NESTING); - /* Clear the pmd */ pmd = *old_pmd; + + /* Racing with collapse? */ + if (unlikely(!pmd_present(pmd) || pmd_leaf(pmd))) + goto out_unlock; + /* Clear the pmd */ pmd_clear(old_pmd); + res = true; VM_BUG_ON(!pmd_none(*new_pmd)); pmd_populate(mm, new_pmd, pmd_pgtable(pmd)); flush_tlb_range(vma, old_addr, old_addr + PMD_SIZE); +out_unlock: if (new_ptl != old_ptl) spin_unlock(new_ptl); spin_unlock(old_ptl); - return true; + return res; } #else static inline bool move_normal_pmd(struct vm_area_struct *vma, _ Patches currently in -mm which might be from jannh(a)google.com are mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas.patch mm-mremap-fix-move_normal_pmd-retract_page_tables-race.patch

8 months, 2 weeks

1
0
0 0

[to-be-updated] mm-mremap-prevent-racing-change-of-old-pmd-type.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/mremap: prevent racing change of old pmd type has been removed from the -mm tree. Its filename was mm-mremap-prevent-racing-change-of-old-pmd-type.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm/mremap: prevent racing change of old pmd type Date: Wed, 02 Oct 2024 23:07:06 +0200 Prevent move_normal_pmd() in mremap() from racing with retract_page_tables() in MADVISE_COLLAPSE such that pmd_populate(mm, new_pmd, pmd_pgtable(pmd)) operates on an empty source pmd, causing creation of a new pmd which maps physical address 0 as a page table. This bug is only reachable if either CONFIG_READ_ONLY_THP_FOR_FS is set or THP shmem is usable. (Unprivileged namespaces can be used to set up a tmpfs that can contain THP shmem pages with "huge=advise".) If userspace triggers this bug *in multiple processes*, this could likely be used to create stale TLB entries pointing to freed pages or cause kernel UAF by breaking an invariant the rmap code relies on. Fix it by moving the rmap locking up so that it covers the span from reading the PMD entry to moving the page table. Link: https://lkml.kernel.org/r/20241002-move_normal_pmd-vs-collapse-fix-v1-1-782… Fixes: 1d65b771bc08 ("mm/khugepaged: retract_page_tables() without mmap or vma lock") Signed-off-by: Jann Horn <jannh(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mremap.c | 68 +++++++++++++++++++++++++++----------------------- 1 file changed, 38 insertions(+), 30 deletions(-) --- a/mm/mremap.c~mm-mremap-prevent-racing-change-of-old-pmd-type +++ a/mm/mremap.c @@ -136,17 +136,17 @@ static pte_t move_soft_dirty_pte(pte_t p static int move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, unsigned long old_addr, unsigned long old_end, struct vm_area_struct *new_vma, pmd_t *new_pmd, - unsigned long new_addr, bool need_rmap_locks) + unsigned long new_addr) { struct mm_struct *mm = vma->vm_mm; pte_t *old_pte, *new_pte, pte; spinlock_t *old_ptl, *new_ptl; bool force_flush = false; unsigned long len = old_end - old_addr; - int err = 0; /* - * When need_rmap_locks is true, we take the i_mmap_rwsem and anon_vma + * When need_rmap_locks is true in the caller, we are holding the + * i_mmap_rwsem and anon_vma * locks to ensure that rmap will always observe either the old or the * new ptes. This is the easiest way to avoid races with * truncate_pagecache(), page migration, etc... @@ -163,23 +163,18 @@ static int move_ptes(struct vm_area_stru * serialize access to individual ptes, but only rmap traversal * order guarantees that we won't miss both the old and new ptes). */ - if (need_rmap_locks) - take_rmap_locks(vma); /* * We don't have to worry about the ordering of src and dst * pte locks because exclusive mmap_lock prevents deadlock. */ old_pte = pte_offset_map_lock(mm, old_pmd, old_addr, &old_ptl); - if (!old_pte) { - err = -EAGAIN; - goto out; - } + if (!old_pte) + return -EAGAIN; new_pte = pte_offset_map_nolock(mm, new_pmd, new_addr, &new_ptl); if (!new_pte) { pte_unmap_unlock(old_pte, old_ptl); - err = -EAGAIN; - goto out; + return -EAGAIN; } if (new_ptl != old_ptl) spin_lock_nested(new_ptl, SINGLE_DEPTH_NESTING); @@ -217,10 +212,7 @@ static int move_ptes(struct vm_area_stru spin_unlock(new_ptl); pte_unmap(new_pte - 1); pte_unmap_unlock(old_pte - 1, old_ptl); -out: - if (need_rmap_locks) - drop_rmap_locks(vma); - return err; + return 0; } #ifndef arch_supports_page_table_move @@ -447,17 +439,14 @@ static __always_inline unsigned long get /* * Attempts to speedup the move by moving entry at the level corresponding to * pgt_entry. Returns true if the move was successful, else false. + * rmap locks are held by the caller. */ static bool move_pgt_entry(enum pgt_entry entry, struct vm_area_struct *vma, unsigned long old_addr, unsigned long new_addr, - void *old_entry, void *new_entry, bool need_rmap_locks) + void *old_entry, void *new_entry) { bool moved = false; - /* See comment in move_ptes() */ - if (need_rmap_locks) - take_rmap_locks(vma); - switch (entry) { case NORMAL_PMD: moved = move_normal_pmd(vma, old_addr, new_addr, old_entry, @@ -483,9 +472,6 @@ static bool move_pgt_entry(enum pgt_entr break; } - if (need_rmap_locks) - drop_rmap_locks(vma); - return moved; } @@ -550,6 +536,7 @@ unsigned long move_page_tables(struct vm struct mmu_notifier_range range; pmd_t *old_pmd, *new_pmd; pud_t *old_pud, *new_pud; + int move_res; if (!len) return 0; @@ -573,6 +560,12 @@ unsigned long move_page_tables(struct vm old_addr, old_end); mmu_notifier_invalidate_range_start(&range); + /* + * Hold rmap locks to ensure the type of the old PUD/PMD entry doesn't + * change under us due to khugepaged or folio splitting. + */ + take_rmap_locks(vma); + for (; old_addr < old_end; old_addr += extent, new_addr += extent) { cond_resched(); /* @@ -590,14 +583,14 @@ unsigned long move_page_tables(struct vm if (pud_trans_huge(*old_pud) || pud_devmap(*old_pud)) { if (extent == HPAGE_PUD_SIZE) { move_pgt_entry(HPAGE_PUD, vma, old_addr, new_addr, - old_pud, new_pud, need_rmap_locks); + old_pud, new_pud); /* We ignore and continue on error? */ continue; } } else if (IS_ENABLED(CONFIG_HAVE_MOVE_PUD) && extent == PUD_SIZE) { if (move_pgt_entry(NORMAL_PUD, vma, old_addr, new_addr, - old_pud, new_pud, true)) + old_pud, new_pud)) continue; } @@ -613,7 +606,7 @@ again: pmd_devmap(*old_pmd)) { if (extent == HPAGE_PMD_SIZE && move_pgt_entry(HPAGE_PMD, vma, old_addr, new_addr, - old_pmd, new_pmd, need_rmap_locks)) + old_pmd, new_pmd)) continue; split_huge_pmd(vma, old_pmd, old_addr); } else if (IS_ENABLED(CONFIG_HAVE_MOVE_PMD) && @@ -623,17 +616,32 @@ again: * moving at the PMD level if possible. */ if (move_pgt_entry(NORMAL_PMD, vma, old_addr, new_addr, - old_pmd, new_pmd, true)) + old_pmd, new_pmd)) continue; } if (pmd_none(*old_pmd)) continue; - if (pte_alloc(new_vma->vm_mm, new_pmd)) + + /* + * Temporarily drop the rmap locks while we do a potentially + * slow move_ptes() operation, unless move_ptes() wants them + * held (see comment inside there). + */ + if (!need_rmap_locks) + drop_rmap_locks(vma); + if (pte_alloc(new_vma->vm_mm, new_pmd)) { + if (!need_rmap_locks) + take_rmap_locks(vma); break; - if (move_ptes(vma, old_pmd, old_addr, old_addr + extent, - new_vma, new_pmd, new_addr, need_rmap_locks) < 0) + } + move_res = move_ptes(vma, old_pmd, old_addr, old_addr + extent, + new_vma, new_pmd, new_addr); + if (!need_rmap_locks) + take_rmap_locks(vma); + if (move_res < 0) goto again; } + drop_rmap_locks(vma); mmu_notifier_invalidate_range_end(&range); _ Patches currently in -mm which might be from jannh(a)google.com are mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas.patch mm-mremap-fix-move_normal_pmd-retract_page_tables-race.patch

8 months, 2 weeks

1
0
0 0

[net PATCH v2] net: phy: Remove LED entry from LEDs list on unregister

by Christian Marangi

Commit c938ab4da0eb ("net: phy: Manual remove LEDs to ensure correct ordering") correctly fixed a problem with using devm_ but missed removing the LED entry from the LEDs list. This cause kernel panic on specific scenario where the port for the PHY is torn down and up and the kmod for the PHY is removed. On setting the port down the first time, the assosiacted LEDs are correctly unregistered. The associated kmod for the PHY is now removed. The kmod is now added again and the port is now put up, the associated LED are registered again. On putting the port down again for the second time after these step, the LED list now have 4 elements. With the first 2 already unregistered previously and the 2 new one registered again. This cause a kernel panic as the first 2 element should have been removed. Fix this by correctly removing the element when LED is unregistered. Reported-by: Daniel Golle <daniel(a)makrotopia.org> Tested-by: Daniel Golle <daniel(a)makrotopia.org> Cc: stable(a)vger.kernel.org Fixes: c938ab4da0eb ("net: phy: Manual remove LEDs to ensure correct ordering") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> --- Changes v2: - Drop second patch - Add Reviewed-by tag drivers/net/phy/phy_device.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c index 560e338b307a..499797646580 100644 --- a/drivers/net/phy/phy_device.c +++ b/drivers/net/phy/phy_device.c @@ -3326,10 +3326,11 @@ static __maybe_unused int phy_led_hw_is_supported(struct led_classdev *led_cdev, static void phy_leds_unregister(struct phy_device *phydev) { - struct phy_led *phyled; + struct phy_led *phyled, *tmp; - list_for_each_entry(phyled, &phydev->leds, list) { + list_for_each_entry_safe(phyled, tmp, &phydev->leds, list) { led_classdev_unregister(&phyled->led_cdev); + list_del(&phyled->list); } } -- 2.45.2

8 months, 2 weeks

2
1
0 0

+ mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: enforce a minimal stack gap even against inaccessible VMAs has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm: enforce a minimal stack gap even against inaccessible VMAs Date: Tue, 08 Oct 2024 00:55:39 +0200 As explained in the comment block this change adds, we can't tell what userspace's intent is when the stack grows towards an inaccessible VMA. I have a (highly contrived) C testcase for 32-bit x86 userspace with glibc that mixes malloc(), pthread creation, and recursion in just the right way such that the main stack overflows into malloc() arena memory. I don't know of any specific scenario where this is actually exploitable, but it seems like it could be a security problem for sufficiently unlucky userspace. I believe we should ensure that, as long as code is compiled with something like -fstack-check, a stack overflow in it can never cause the main stack to overflow into adjacent heap memory. My fix effectively reverts the behavior for !vma_is_accessible() VMAs to the behavior before commit 1be7107fbe18 ("mm: larger stack guard gap, between vmas"), so I think it should be a fairly safe change even in case A. Link: https://lkml.kernel.org/r/20241008-stack-gap-inaccessible-v1-1-848d4d891f21… Fixes: 561b5e0709e4 ("mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack") Signed-off-by: Jann Horn <jannh(a)google.com> Cc: Ben Hutchings <ben(a)decadent.org.uk> Cc: Helge Deller <deller(a)gmx.de> Cc: Hugh Dickins <hughd(a)google.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Willy Tarreau <w(a)1wt.eu> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 53 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 7 deletions(-) --- a/mm/mmap.c~mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas +++ a/mm/mmap.c @@ -1064,10 +1064,12 @@ static int expand_upwards(struct vm_area gap_addr = TASK_SIZE; next = find_vma_intersection(mm, vma->vm_end, gap_addr); - if (next && vma_is_accessible(next)) { - if (!(next->vm_flags & VM_GROWSUP)) + if (next && !(next->vm_flags & VM_GROWSUP)) { + /* see comments in expand_downwards() */ + if (vma_is_accessible(prev)) + return -ENOMEM; + if (address == next->vm_start) return -ENOMEM; - /* Check that both stack segments have the same anon_vma? */ } if (next) @@ -1155,10 +1157,47 @@ int expand_downwards(struct vm_area_stru /* Enforce stack_guard_gap */ prev = vma_prev(&vmi); /* Check that both stack segments have the same anon_vma? */ - if (prev) { - if (!(prev->vm_flags & VM_GROWSDOWN) && - vma_is_accessible(prev) && - (address - prev->vm_end < stack_guard_gap)) + if (prev && !(prev->vm_flags & VM_GROWSDOWN) && + (address - prev->vm_end < stack_guard_gap)) { + /* + * If the previous VMA is accessible, this is the normal case + * where the main stack is growing down towards some unrelated + * VMA. Enforce the full stack guard gap. + */ + if (vma_is_accessible(prev)) + return -ENOMEM; + + /* + * If the previous VMA is not accessible, we have a problem: + * We can't tell what userspace's intent is. + * + * Case A: + * Maybe userspace wants to use the previous VMA as a + * "guard region" at the bottom of the main stack, in which case + * userspace wants us to grow the stack until it is adjacent to + * the guard region. Apparently some Java runtime environments + * and Rust do that? + * That is kind of ugly, and in that case userspace really ought + * to ensure that the stack is fully expanded immediately, but + * we have to handle this case. + * + * Case B: + * But maybe the previous VMA is entirely unrelated to the stack + * and is only *temporarily* PROT_NONE. For example, glibc + * malloc arenas create a big PROT_NONE region and then + * progressively mark parts of it as writable. + * In that case, we must not let the stack become adjacent to + * the previous VMA. Otherwise, after the region later becomes + * writable, a stack overflow will cause the stack to grow into + * the previous VMA, and we won't have any stack gap to protect + * against this. + * + * As an ugly tradeoff, enforce a single-page gap. + * A single page will hopefully be small enough to not be + * noticed in case A, while providing the same level of + * protection in case B that normal userspace threads get. + */ + if (address == prev->vm_end) return -ENOMEM; } _ Patches currently in -mm which might be from jannh(a)google.com are mm-mremap-prevent-racing-change-of-old-pmd-type.patch mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas.patch

8 months, 2 weeks

1
0
0 0

[PATCH v2 1/8] net: explicitly clear the sk pointer, when pf->create fails

by Ignat Korchagin

We have recently noticed the exact same KASAN splat as in commit 6cd4a78d962b ("net: do not leave a dangling sk pointer, when socket creation fails"). The problem is that commit did not fully address the problem, as some pf->create implementations do not use sk_common_release in their error paths. For example, we can use the same reproducer as in the above commit, but changing ping to arping. arping uses AF_PACKET socket and if packet_create fails, it will just sk_free the allocated sk object. While we could chase all the pf->create implementations and make sure they NULL the freed sk object on error from the socket, we can't guarantee future protocols will not make the same mistake. So it is easier to just explicitly NULL the sk pointer upon return from pf->create in __sock_create. We do know that pf->create always releases the allocated sk object on error, so if the pointer is not NULL, it is definitely dangling. Fixes: 6cd4a78d962b ("net: do not leave a dangling sk pointer, when socket creation fails") Signed-off-by: Ignat Korchagin <ignat(a)cloudflare.com> Cc: stable(a)vger.kernel.org --- net/core/sock.c | 3 --- net/socket.c | 7 ++++++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/net/core/sock.c b/net/core/sock.c index 039be95c40cf..e6e04081949c 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -3819,9 +3819,6 @@ void sk_common_release(struct sock *sk) sk->sk_prot->unhash(sk); - if (sk->sk_socket) - sk->sk_socket->sk = NULL; - /* * In this point socket cannot receive new packets, but it is possible * that some packets are in flight because some CPU runs receiver and diff --git a/net/socket.c b/net/socket.c index 601ad74930ef..042451f01c65 100644 --- a/net/socket.c +++ b/net/socket.c @@ -1574,8 +1574,13 @@ int __sock_create(struct net *net, int family, int type, int protocol, rcu_read_unlock(); err = pf->create(net, sock, protocol, kern); - if (err < 0) + if (err < 0) { + /* ->create should release the allocated sock->sk object on error + * but it may leave the dangling pointer + */ + sock->sk = NULL; goto out_module_put; + } /* * Now to bump the refcnt of the [loadable] module that owns this -- 2.39.5

8 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] nfsd: fix delegation_blocked() to block correctly for at" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 45bb63ed20e02ae146336412889fe5450316a84f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100728-graves-septic-4380@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 45bb63ed20e0 ("nfsd: fix delegation_blocked() to block correctly for at least 30 seconds") b3f255ef6bff ("nfsd: use ktime_get_seconds() for timestamps") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 45bb63ed20e02ae146336412889fe5450316a84f Mon Sep 17 00:00:00 2001 From: NeilBrown <neilb(a)suse.de> Date: Mon, 9 Sep 2024 15:06:36 +1000 Subject: [PATCH] nfsd: fix delegation_blocked() to block correctly for at least 30 seconds The pair of bloom filtered used by delegation_blocked() was intended to block delegations on given filehandles for between 30 and 60 seconds. A new filehandle would be recorded in the "new" bit set. That would then be switch to the "old" bit set between 0 and 30 seconds later, and it would remain as the "old" bit set for 30 seconds. Unfortunately the code intended to clear the old bit set once it reached 30 seconds old, preparing it to be the next new bit set, instead cleared the *new* bit set before switching it to be the old bit set. This means that the "old" bit set is always empty and delegations are blocked between 0 and 30 seconds. This patch updates bd->new before clearing the set with that index, instead of afterwards. Reported-by: Olga Kornievskaia <okorniev(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: 6282cd565553 ("NFSD: Don't hand out delegations for 30 seconds after recalling them.") Signed-off-by: NeilBrown <neilb(a)suse.de> Reviewed-by: Benjamin Coddington <bcodding(a)redhat.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index cb5a9ab451c5..ac1859c7cc9d 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -1078,7 +1078,8 @@ static void nfs4_free_deleg(struct nfs4_stid *stid) * When a delegation is recalled, the filehandle is stored in the "new" * filter. * Every 30 seconds we swap the filters and clear the "new" one, - * unless both are empty of course. + * unless both are empty of course. This results in delegations for a + * given filehandle being blocked for between 30 and 60 seconds. * * Each filter is 256 bits. We hash the filehandle to 32bit and use the * low 3 bytes as hash-table indices. @@ -1107,9 +1108,9 @@ static int delegation_blocked(struct knfsd_fh *fh) if (ktime_get_seconds() - bd->swap_time > 30) { bd->entries -= bd->old_entries; bd->old_entries = bd->entries; + bd->new = 1-bd->new; memset(bd->set[bd->new], 0, sizeof(bd->set[0])); - bd->new = 1-bd->new; bd->swap_time = ktime_get_seconds(); } spin_unlock(&blocked_delegations_lock);

8 months, 2 weeks

2
1
0 0

[PATCH stable 4.12] nfsd: fix delegation_blocked() to block correctly for at least 30 seconds

by NeilBrown

commit 45bb63ed20e02ae146336412889fe5450316a84f The pair of bloom filtered used by delegation_blocked() was intended to block delegations on given filehandles for between 30 and 60 seconds. A new filehandle would be recorded in the "new" bit set. That would then be switch to the "old" bit set between 0 and 30 seconds later, and it would remain as the "old" bit set for 30 seconds. Unfortunately the code intended to clear the old bit set once it reached 30 seconds old, preparing it to be the next new bit set, instead cleared the *new* bit set before switching it to be the old bit set. This means that the "old" bit set is always empty and delegations are blocked between 0 and 30 seconds. This patch updates bd->new before clearing the set with that index, instead of afterwards. Reported-by: Olga Kornievskaia <okorniev(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: 6282cd565553 ("NFSD: Don't hand out delegations for 30 seconds after recalling them.") Signed-off-by: NeilBrown <neilb(a)suse.de> Reviewed-by: Benjamin Coddington <bcodding(a)redhat.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- fs/nfsd/nfs4state.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 7ac644d64ab1..d45487d82d44 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -743,7 +743,8 @@ static void nfs4_free_deleg(struct nfs4_stid *stid) * When a delegation is recalled, the filehandle is stored in the "new" * filter. * Every 30 seconds we swap the filters and clear the "new" one, - * unless both are empty of course. + * unless both are empty of course. This results in delegations for a + * given filehandle being blocked for between 30 and 60 seconds. * * Each filter is 256 bits. We hash the filehandle to 32bit and use the * low 3 bytes as hash-table indices. @@ -772,9 +773,9 @@ static int delegation_blocked(struct knfsd_fh *fh) if (seconds_since_boot() - bd->swap_time > 30) { bd->entries -= bd->old_entries; bd->old_entries = bd->entries; + bd->new = 1-bd->new; memset(bd->set[bd->new], 0, sizeof(bd->set[0])); - bd->new = 1-bd->new; bd->swap_time = seconds_since_boot(); } spin_unlock(&blocked_delegations_lock); base-commit: de2cffe297563c815c840cfa14b77a0868b61e53 -- 2.46.0

8 months, 2 weeks

1
0
0 0

[PATCH v5 1/5] tpm: Return on tpm2_create_null_primary() failure

by Jarkko Sakkinen

tpm2_sessions_init() does not ignores the result of tpm2_create_null_primary(). Address this by returning -ENODEV to the caller. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v5: - Do not print klog messages on error, as tpm2_save_context() already takes care of this. v4: - Fixed up stable version. v3: - Handle TPM and POSIX error separately and return -ENODEV always back to the caller. v2: - Refined the commit message. --- drivers/char/tpm/tpm2-sessions.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index d3521aadd43e..0f09ac33ae99 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -1338,7 +1338,8 @@ static int tpm2_create_null_primary(struct tpm_chip *chip) tpm2_flush_context(chip, null_key); } - return rc; + /* Map all errors to -ENODEV: */ + return rc ? -ENODEV : rc; } /** @@ -1354,7 +1355,7 @@ int tpm2_sessions_init(struct tpm_chip *chip) rc = tpm2_create_null_primary(chip); if (rc) - dev_err(&chip->dev, "TPM: security failed (NULL seed derivation): %d\n", rc); + return rc; chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL); if (!chip->auth) -- 2.46.1

8 months, 2 weeks

2
2
0 0

[PATCH] net: explicitly clear the sk pointer, when pf->create fails

by Ignat Korchagin

We have recently noticed the exact same KASAN splat as in commit 6cd4a78d962b ("net: do not leave a dangling sk pointer, when socket creation fails"). The problem is that commit did not fully address the problem, as some pf->create implementations do not use sk_common_release in their error paths. For example, we can use the same reproducer as in the above commit, but changing ping to arping. arping uses AF_PACKET socket and if packet_create fails, it will just sk_free the allocated sk object. While we could chase all the pf->create implementations and make sure they NULL the freed sk object on error from the socket, we can't guarantee future protocols will not make the same mistake. So it is easier to just explicitly NULL the sk pointer upon return from pf->create in __sock_create. We do know that pf->create always releases the allocated sk object on error, so if the pointer is not NULL, it is definitely dangling. Fixes: 6cd4a78d962b ("net: do not leave a dangling sk pointer, when socket creation fails") Signed-off-by: Ignat Korchagin <ignat(a)cloudflare.com> Cc: stable(a)vger.kernel.org --- net/socket.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/socket.c b/net/socket.c index 7b046dd3e9a7..19afac3c2de9 100644 --- a/net/socket.c +++ b/net/socket.c @@ -1575,8 +1575,13 @@ int __sock_create(struct net *net, int family, int type, int protocol, rcu_read_unlock(); err = pf->create(net, sock, protocol, kern); - if (err < 0) + if (err < 0) { + /* ->create should release the allocated sock->sk object on error + * but it may leave the dangling pointer + */ + sock->sk = NULL; goto out_module_put; + } /* * Now to bump the refcnt of the [loadable] module that owns this -- 2.39.5

8 months, 2 weeks

4
6
0 0

queue-5.10 panic on shutdown

by Chuck Lever III

Hi- I've seen the following panic on shutdown for about a week. I've been fighting a stomach bug, so I haven't been able to drill into it until now. I'm bisecting, but thought I should report the issue now. [52704.952919] BUG: unable to handle page fault for address: ffffffffffffffe8 [52704.954545] #PF: supervisor read access in kernel mode [52704.955755] #PF: error_code(0x0000) - not-present page [52704.956952] PGD 1c4415067 P4D 1c4415067 PUD 1c4417067 PMD 0 [52704.958291] Oops: 0000 [#1] SMP PTI [52704.959136] CPU: 3 PID: 1 Comm: systemd-shutdow Not tainted 5.10.226-g9ee79287d0d8 #1 [52704.960950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 [52704.962902] RIP: 0010:platform_shutdown+0x9/0x50 [52704.964010] Code: 02 00 00 ff 75 dd 31 c0 48 83 05 19 c9 b6 02 01 5d c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 47 68 <48> 8b 40 e8 48 85 c0 74 23 55 48 83 ef 10 48 83 05 01 ca b6 02 01 [52704.968215] RSP: 0018:ffffaaf780013d88 EFLAGS: 00010246 [52704.969426] RAX: 0000000000000000 RBX: ffff8f91478b6018 RCX: 0000000000000000 [52704.971095] RDX: 0000000000000001 RSI: ffff8f91478b6018 RDI: ffff8f91478b6010 [52704.972758] RBP: ffffaaf780013db8 R08: ffff8f91478b4408 R09: 0000000000000000 [52704.974433] R10: 000000000000000f R11: ffffffffa654d2e0 R12: ffffffffa6ba0440 [52704.976083] R13: ffff8f91478b6010 R14: ffff8f91478b6090 R15: 0000000000000000 [52704.977765] FS: 00007f0f126e6b80(0000) GS:ffff8f92b7d80000(0000) knlGS:0000000000000000 [52704.979653] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [52704.981008] CR2: ffffffffffffffe8 CR3: 00000001501be006 CR4: 0000000000170ee0 [52704.982697] Call Trace: [52704.983309] ? show_regs.cold+0x22/0x2f [52704.984223] ? __die_body+0x28/0xb0 [52704.985076] ? __die+0x39/0x4c [52704.985827] ? no_context.constprop.0+0x190/0x480 [52704.986940] ? __bad_area_nosemaphore+0x51/0x290 [52704.988050] ? bad_area_nosemaphore+0x1e/0x30 [52704.989082] ? do_kern_addr_fault+0x9a/0xf0 [52704.990098] ? exc_page_fault+0x1d3/0x350 [52704.991047] ? asm_exc_page_fault+0x1e/0x30 [52704.992041] ? platform_shutdown+0x9/0x50 [52704.992997] ? platform_dev_attrs_visible+0x50/0x50 [52704.994152] ? device_shutdown+0x260/0x3d0 [52704.995132] kernel_restart_prepare+0x4e/0x60 [52704.996180] kernel_restart+0x1b/0x50 [52704.997070] __do_sys_reboot+0x24d/0x330 [52704.998026] ? finish_task_switch+0xf6/0x620 [52704.999049] ? __schedule+0x486/0xf50 [52704.999926] ? exit_to_user_mode_prepare+0xc3/0x390 [52705.000840] __x64_sys_reboot+0x26/0x40 [52705.001542] do_syscall_64+0x50/0x90 [52705.002218] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [52705.003356] RIP: 0033:0x7f0f1369def7 [52705.004216] Code: 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 89 fa be 69 19 12 28 bf ad de e1 fe b8 a9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 51 af 0c 00 f7 d8 64 89 02 b8 [52705.008496] RSP: 002b:00007fffcbc9eb48 EFLAGS: 00000206 ORIG_RAX: 00000000000000a9 [52705.010235] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0f1369def7 [52705.011915] RDX: 0000000001234567 RSI: 0000000028121969 RDI: 00000000fee1dead [52705.013593] RBP: 00007fffcbc9eda0 R08: 0000000000000000 R09: 00007fffcbc9df40 [52705.015272] R10: 00007fffcbc9e100 R11: 0000000000000206 R12: 00007fffcbc9ebd8 [52705.016928] R13: 0000000000000000 R14: 0000000000000000 R15: 000055a7848b1968 [52705.018585] Modules linked in: sunrpc nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill nf_tables nfnetlink iTCO_wdt intel_rapl_msr intel_rapl_common intel_pmc_bxt kvm_intel iTCO_vendor_support kvm virtio_net irqbypass rapl joydev net_failover i2c_i801 lpc_ich failover i2c_smbus virtio_balloon fuse zram xfs crct10dif_pclmul crc32_pclmul crc32c_intel serio_raw ghash_clmulni_intel virtio_blk virtio_console qemu_fw_cfg [last unloaded: nft_fib] [52705.029015] CR2: ffffffffffffffe8 [52705.029832] ---[ end trace 40dfe466fd371faa ]--- [52705.030908] RIP: 0010:platform_shutdown+0x9/0x50 [52705.031972] Code: 02 00 00 ff 75 dd 31 c0 48 83 05 19 c9 b6 02 01 5d c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 47 68 <48> 8b 40 e8 48 85 c0 74 23 55 48 83 ef 10 48 83 05 01 ca b6 02 01 [52705.036245] RSP: 0018:ffffaaf780013d88 EFLAGS: 00010246 [52705.037474] RAX: 0000000000000000 RBX: ffff8f91478b6018 RCX: 0000000000000000 [52705.039143] RDX: 0000000000000001 RSI: ffff8f91478b6018 RDI: ffff8f91478b6010 [52705.040827] RBP: ffffaaf780013db8 R08: ffff8f91478b4408 R09: 0000000000000000 [52705.042463] R10: 000000000000000f R11: ffffffffa654d2e0 R12: ffffffffa6ba0440 [52705.044135] R13: ffff8f91478b6010 R14: ffff8f91478b6090 R15: 0000000000000000 [52705.045784] FS: 00007f0f126e6b80(0000) GS:ffff8f92b7d80000(0000) knlGS:0000000000000000 [52705.047637] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [52705.048992] CR2: ffffffffffffffe8 CR3: 00000001501be006 CR4: 0000000000170ee0 [52705.050655] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 [52705.053432] Kernel Offset: 0x23000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [52705.055871] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 ]--- -- Chuck Lever

8 months, 2 weeks

3
2
0 0

Previous Message

by Cheng Allen

Hello, I hope this email finds you well. I reached out to you a few hours ago, but I have not received a response yet. I just wanted to check in to see if you had the chance to review my previous message or if there were any issues that may have prevented you from getting back to me. Could you please confirm receipt of my earlier correspondence and provide a response at your earliest convenience? Your prompt attention to this matter is greatly appreciated. Thank you for your cooperation. Warm regards, Dr. Allen Cheng Human Resource Manager | Product Research Assistant FC Industrial Laboratories Ltd This electronic mail and its attachment(s) is intended only for the recipient(s) to whom it is addressed. It may contain information which may be confidential and/or protected by legal privilege. If you are not the intended recipient(s), reading, disclosing, printing, copying, forwarding this electronic mail and its attachment(s) and/or taking any action in reliance on the information in this electronic mail and its attachment(s) are prohibited. Koperasi Telkomsel/Koperasi Telekomunikasi Selular/Kisel shall not be liable in respect of communication made by its employee which is contrary to the company policy and/or outside the scope of the employment of the individual concerned. The employee will be personally liable for any damages or other liability arising Surat elektronik ini beserta lampirannya dimaksudkan hanya untuk penerima kepada siapa surat tersebut ditujukan. Informasi yang terdapat di dalamnya dapat bersifat rahasia dan/atau dilindungi oleh hukum. Jika Anda bukan penerima yang dituju, Anda dilarang untuk membaca, mengungkapkan, mencetak, menduplikasi/menyalin, meneruskan surat elektronik ini beserta lampirannya dan/atau mengambil tindakan apapun berdasarkan informasi yang terdapat dalam surat elektronik ini beserta lampirannya. Koperasi Telkomsel/Koperasi Telekomunikasi Selular/Kisel tidak bertanggung jawab atas setiap komunikasi karyawan yang bertentangan dengan kebijakan perusahaan dan/atau berada di luar lingkup pekerjaannya. Segala resiko dan akibat yang ditimbulkan merupakan tanggung jawab personal masing-masing.

8 months, 2 weeks

1
0
0 0

[PATCH] Bluetooth: Fix type of len in rfcomm_sock_{bind,getsockopt_old}()

by Andrej Shadura

Commit 9bf4e919ccad worked around an issue introduced after an innocuous optimisation change in LLVM main: > len is defined as an 'int' because it is assigned from > '__user int *optlen'. However, it is clamped against the result of > sizeof(), which has a type of 'size_t' ('unsigned long' for 64-bit > platforms). This is done with min_t() because min() requires compatible > types, which results in both len and the result of sizeof() being casted > to 'unsigned int', meaning len changes signs and the result of sizeof() > is truncated. From there, len is passed to copy_to_user(), which has a > third parameter type of 'unsigned long', so it is widened and changes > signs again. This excessive casting in combination with the KCSAN > instrumentation causes LLVM to fail to eliminate the __bad_copy_from() > call, failing the build. The same issue occurs in rfcomm in functions rfcomm_sock_bind and rfcomm_sock_getsockopt_old. Change the type of len to size_t in both rfcomm_sock_bind and rfcomm_sock_getsockopt_old and replace min_t() with min(). Cc: stable(a)vger.kernel.org Fixes: 9bf4e919ccad ("Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()") Link: https://github.com/ClangBuiltLinux/linux/issues/2007 Link: https://github.com/llvm/llvm-project/issues/85647 Signed-off-by: Andrej Shadura <andrew.shadura(a)collabora.co.uk> --- net/bluetooth/rfcomm/sock.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index 37d63d768afb..c0fe96673b3c 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c @@ -328,14 +328,15 @@ static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr { struct sockaddr_rc sa; struct sock *sk = sock->sk; - int len, err = 0; + int err = 0; + size_t len; if (!addr || addr_len < offsetofend(struct sockaddr, sa_family) || addr->sa_family != AF_BLUETOOTH) return -EINVAL; memset(&sa, 0, sizeof(sa)); - len = min_t(unsigned int, sizeof(sa), addr_len); + len = min(sizeof(sa), addr_len); memcpy(&sa, addr, len); BT_DBG("sk %p %pMR", sk, &sa.rc_bdaddr); @@ -729,7 +730,8 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u struct sock *l2cap_sk; struct l2cap_conn *conn; struct rfcomm_conninfo cinfo; - int len, err = 0; + int err = 0; + size_t len; u32 opt; BT_DBG("sk %p", sk); @@ -783,7 +785,7 @@ static int rfcomm_sock_getsockopt_old(struct socket *sock, int optname, char __u cinfo.hci_handle = conn->hcon->handle; memcpy(cinfo.dev_class, conn->hcon->dev_class, 3); - len = min_t(unsigned int, len, sizeof(cinfo)); + len = min(len, sizeof(cinfo)); if (copy_to_user(optval, (char *) &cinfo, len)) err = -EFAULT; -- 2.43.0

8 months, 2 weeks

4
6
0 0

FAILED: patch "[PATCH] mm: z3fold: deprecate CONFIG_Z3FOLD" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7a2369b74abf76cd3e54c45b30f6addb497f831b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100711-ebook-refund-46f3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7a2369b74abf ("mm: z3fold: deprecate CONFIG_Z3FOLD") 04cb7502a5d7 ("zsmalloc: use all available 24 bits of page_type") 43d746dc49bb ("mm/zsmalloc: use a proper page type") 8db00ad56461 ("mm: allow reuse of the lower 16 bit of the page type with an actual type") 6d21dde7adc0 ("mm: update _mapcount and page_type documentation") ff202303c398 ("mm: convert page type macros to enum") 46df8e73a4a3 ("mm: free up PG_slab") d99e3140a4d3 ("mm: turn folio_test_hugetlb into a PageType") fd1a745ce03e ("mm: support page_mapcount() on page_has_type() pages") 29cfe7556bfd ("mm: constify more page/folio tests") 443cbaf9e2fd ("crash: split vmcoreinfo exporting code out from crash_core.c") 85fcde402db1 ("kexec: split crashkernel reservation code out from crash_core.c") 55c49fee57af ("mm/vmalloc: remove vmap_area_list") d093602919ad ("mm: vmalloc: remove global vmap_area_root rb-tree") 7fa8cee00316 ("mm: vmalloc: move vmap_init_free_space() down in vmalloc.c") 4a693ce65b18 ("kdump: defer the insertion of crashkernel resources") 9f2a63523582 ("Merge tag 'mm-nonmm-stable-2024-01-09-10-33' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a2369b74abf76cd3e54c45b30f6addb497f831b Mon Sep 17 00:00:00 2001 From: Yosry Ahmed <yosryahmed(a)google.com> Date: Wed, 4 Sep 2024 23:33:43 +0000 Subject: [PATCH] mm: z3fold: deprecate CONFIG_Z3FOLD The z3fold compressed pages allocator is rarely used, most users use zsmalloc. The only disadvantage of zsmalloc in comparison is the dependency on MMU, and zbud is a more common option for !MMU as it was the default zswap allocator for a long time. Historically, zsmalloc had worse latency than zbud and z3fold but offered better memory savings. This is no longer the case as shown by a simple recent analysis [1]. That analysis showed that z3fold does not have any advantage over zsmalloc or zbud considering both performance and memory usage. In a kernel build test on tmpfs in a limited cgroup, z3fold took 3% more time and used 1.8% more memory. The latency of zswap_load() was 7% higher, and that of zswap_store() was 10% higher. Zsmalloc is better in all metrics. Moreover, z3fold apparently has latent bugs, which was made noticeable by a recent soft lockup bug report with z3fold [2]. Switching to zsmalloc not only fixed the problem, but also reduced the swap usage from 6~8G to 1~2G. Other users have also reported being bitten by mistakenly enabling z3fold. Other than hurting users, z3fold is repeatedly causing wasted engineering effort. Apart from investigating the above bug, it came up in multiple development discussions (e.g. [3]) as something we need to handle, when there aren't any legit users (at least not intentionally). The natural course of action is to deprecate z3fold, and remove in a few cycles if no objections are raised from active users. Next on the list should be zbud, as it offers marginal latency gains at the cost of huge memory waste when compared to zsmalloc. That one will need to wait until zsmalloc does not depend on MMU. Rename the user-visible config option from CONFIG_Z3FOLD to CONFIG_Z3FOLD_DEPRECATED so that users with CONFIG_Z3FOLD=y get a new prompt with explanation during make oldconfig. Also, remove CONFIG_Z3FOLD=y from defconfigs. [1]https://lore.kernel.org/lkml/CAJD7tkbRF6od-2x_L8-A1QL3=2Ww13sCj4S3i4bNndq… [2]https://lore.kernel.org/lkml/EF0ABD3E-A239-4111-A8AB-5C442E759CF3@gmail.c… [3]https://lore.kernel.org/lkml/CAJD7tkbnmeVugfunffSovJf9FAgy9rhBVt_tx=nxUve… [arnd(a)arndb.de: deprecate ZSWAP_ZPOOL_DEFAULT_Z3FOLD as well] Link: https://lkml.kernel.org/r/20240909202625.1054880-1-arnd@kernel.org Link: https://lkml.kernel.org/r/20240904233343.933462-1-yosryahmed@google.com Signed-off-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Acked-by: Chris Down <chris(a)chrisdown.name> Acked-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Vitaly Wool <vitaly.wool(a)konsulko.com> Acked-by: Christoph Hellwig <hch(a)lst.de> Cc: Aneesh Kumar K.V <aneesh.kumar(a)kernel.org> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Huacai Chen <chenhuacai(a)kernel.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Naveen N. Rao <naveen.n.rao(a)linux.ibm.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: WANG Xuerui <kernel(a)xen0n.name> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/loongarch/configs/loongson3_defconfig b/arch/loongarch/configs/loongson3_defconfig index b4252c357c8e..75b366407a60 100644 --- a/arch/loongarch/configs/loongson3_defconfig +++ b/arch/loongarch/configs/loongson3_defconfig @@ -96,7 +96,6 @@ CONFIG_ZPOOL=y CONFIG_ZSWAP=y CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD=y CONFIG_ZBUD=y -CONFIG_Z3FOLD=y CONFIG_ZSMALLOC=m # CONFIG_COMPAT_BRK is not set CONFIG_MEMORY_HOTPLUG=y diff --git a/arch/powerpc/configs/ppc64_defconfig b/arch/powerpc/configs/ppc64_defconfig index 544a65fda77b..d39284489aa2 100644 --- a/arch/powerpc/configs/ppc64_defconfig +++ b/arch/powerpc/configs/ppc64_defconfig @@ -81,7 +81,6 @@ CONFIG_MODULE_SIG_SHA512=y CONFIG_PARTITION_ADVANCED=y CONFIG_BINFMT_MISC=m CONFIG_ZSWAP=y -CONFIG_Z3FOLD=y CONFIG_ZSMALLOC=y # CONFIG_SLAB_MERGE_DEFAULT is not set CONFIG_SLAB_FREELIST_RANDOM=y diff --git a/mm/Kconfig b/mm/Kconfig index 1aa282e35dc7..09aebca1cae3 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -146,12 +146,15 @@ config ZSWAP_ZPOOL_DEFAULT_ZBUD help Use the zbud allocator as the default allocator. -config ZSWAP_ZPOOL_DEFAULT_Z3FOLD - bool "z3fold" - select Z3FOLD +config ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED + bool "z3foldi (DEPRECATED)" + select Z3FOLD_DEPRECATED help Use the z3fold allocator as the default allocator. + Deprecated and scheduled for removal in a few cycles, + see CONFIG_Z3FOLD_DEPRECATED. + config ZSWAP_ZPOOL_DEFAULT_ZSMALLOC bool "zsmalloc" select ZSMALLOC @@ -163,7 +166,7 @@ config ZSWAP_ZPOOL_DEFAULT string depends on ZSWAP default "zbud" if ZSWAP_ZPOOL_DEFAULT_ZBUD - default "z3fold" if ZSWAP_ZPOOL_DEFAULT_Z3FOLD + default "z3fold" if ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED default "zsmalloc" if ZSWAP_ZPOOL_DEFAULT_ZSMALLOC default "" @@ -177,15 +180,25 @@ config ZBUD deterministic reclaim properties that make it preferable to a higher density approach when reclaim will be used. -config Z3FOLD - tristate "3:1 compression allocator (z3fold)" +config Z3FOLD_DEPRECATED + tristate "3:1 compression allocator (z3fold) (DEPRECATED)" depends on ZSWAP help + Deprecated and scheduled for removal in a few cycles. If you have + a good reason for using Z3FOLD over ZSMALLOC, please contact + linux-mm(a)kvack.org and the zswap maintainers. + A special purpose allocator for storing compressed pages. It is designed to store up to three compressed pages per physical page. It is a ZBUD derivative so the simplicity and determinism are still there. +config Z3FOLD + tristate + default y if Z3FOLD_DEPRECATED=y + default m if Z3FOLD_DEPRECATED=m + depends on Z3FOLD_DEPRECATED + config ZSMALLOC tristate prompt "N:1 compression allocator (zsmalloc)" if (ZSWAP || ZRAM)

8 months, 2 weeks

2
1
0 0

Re: Patch "coredump: Standartize and fix logging" has been added to the 6.10-stable tree

by Roman Kisel

Sasha, Thank you very much for taking this to the stable kernel! With the 6.12-rc1, folks saw unkillable processes, and the suspicion was that get_task_comm() takes a lock on the task_struct. Kees was kind enough to look into that and sent out https://lore.kernel.org/all/20240928210830.work.307-kees@kernel.org/. As much as I'd love to see these logs produced by the kernel to help with core dump diagnostics, I am really worried that lock might cause more harm than the patches bring value, let alone this is a stable kernel, and as I understand, folks might run very important workloads trusting the stable kernel. If you see why these patches are good for the stable kernel (e.g. there is no lock as in 6.12), I trust your judgement. Added Kees and Eric in hopes they have time to help if this is a good change for the stable kernel. Thank you all for your help! On 10/6/2024 8:27 AM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > coredump: Standartize and fix logging > > to the 6.10-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > coredump-standartize-and-fix-logging.patch > and it can be found in the queue-6.10 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit f0a5649db30d6ff2509281ace680db9cc08ce258 > Author: Roman Kisel <romank(a)linux.microsoft.com> > Date: Thu Jul 18 11:27:24 2024 -0700 > > coredump: Standartize and fix logging > > [ Upstream commit c114e9948c2b6a0b400266e59cc656b59e795bca ] > > The coredump code does not log the process ID and the comm > consistently, logs unescaped comm when it does log it, and > does not always use the ratelimited logging. That makes it > harder to analyze logs and puts the system at the risk of > spamming the system log incase something crashes many times > over and over again. > > Fix that by logging TGID and comm (escaped) consistently and > using the ratelimited logging always. > > Signed-off-by: Roman Kisel <romank(a)linux.microsoft.com> > Tested-by: Allen Pais <apais(a)linux.microsoft.com> > Link: https://lore.kernel.org/r/20240718182743.1959160-2-romank@linux.microsoft.c… > Signed-off-by: Kees Cook <kees(a)kernel.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/coredump.c b/fs/coredump.c > index a57a06b80f571..19d3343b93c6b 100644 > --- a/fs/coredump.c > +++ b/fs/coredump.c > @@ -586,8 +586,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) > struct subprocess_info *sub_info; > > if (ispipe < 0) { > - printk(KERN_WARNING "format_corename failed\n"); > - printk(KERN_WARNING "Aborting core\n"); > + coredump_report_failure("format_corename failed, aborting core"); > goto fail_unlock; > } > > @@ -607,27 +606,21 @@ void do_coredump(const kernel_siginfo_t *siginfo) > * right pid if a thread in a multi-threaded > * core_pattern process dies. > */ > - printk(KERN_WARNING > - "Process %d(%s) has RLIMIT_CORE set to 1\n", > - task_tgid_vnr(current), current->comm); > - printk(KERN_WARNING "Aborting core\n"); > + coredump_report_failure("RLIMIT_CORE is set to 1, aborting core"); > goto fail_unlock; > } > cprm.limit = RLIM_INFINITY; > > dump_count = atomic_inc_return(&core_dump_count); > if (core_pipe_limit && (core_pipe_limit < dump_count)) { > - printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", > - task_tgid_vnr(current), current->comm); > - printk(KERN_WARNING "Skipping core dump\n"); > + coredump_report_failure("over core_pipe_limit, skipping core dump"); > goto fail_dropcount; > } > > helper_argv = kmalloc_array(argc + 1, sizeof(*helper_argv), > GFP_KERNEL); > if (!helper_argv) { > - printk(KERN_WARNING "%s failed to allocate memory\n", > - __func__); > + coredump_report_failure("%s failed to allocate memory", __func__); > goto fail_dropcount; > } > for (argi = 0; argi < argc; argi++) > @@ -644,8 +637,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) > > kfree(helper_argv); > if (retval) { > - printk(KERN_INFO "Core dump to |%s pipe failed\n", > - cn.corename); > + coredump_report_failure("|%s pipe failed", cn.corename); > goto close_fail; > } > } else { > @@ -658,10 +650,8 @@ void do_coredump(const kernel_siginfo_t *siginfo) > goto fail_unlock; > > if (need_suid_safe && cn.corename[0] != '/') { > - printk(KERN_WARNING "Pid %d(%s) can only dump core "\ > - "to fully qualified path!\n", > - task_tgid_vnr(current), current->comm); > - printk(KERN_WARNING "Skipping core dump\n"); > + coredump_report_failure( > + "this process can only dump core to a fully qualified path, skipping core dump"); > goto fail_unlock; > } > > @@ -730,13 +720,13 @@ void do_coredump(const kernel_siginfo_t *siginfo) > idmap = file_mnt_idmap(cprm.file); > if (!vfsuid_eq_kuid(i_uid_into_vfsuid(idmap, inode), > current_fsuid())) { > - pr_info_ratelimited("Core dump to %s aborted: cannot preserve file owner\n", > - cn.corename); > + coredump_report_failure("Core dump to %s aborted: " > + "cannot preserve file owner", cn.corename); > goto close_fail; > } > if ((inode->i_mode & 0677) != 0600) { > - pr_info_ratelimited("Core dump to %s aborted: cannot preserve file permissions\n", > - cn.corename); > + coredump_report_failure("Core dump to %s aborted: " > + "cannot preserve file permissions", cn.corename); > goto close_fail; > } > if (!(cprm.file->f_mode & FMODE_CAN_WRITE)) > @@ -757,7 +747,7 @@ void do_coredump(const kernel_siginfo_t *siginfo) > * have this set to NULL. > */ > if (!cprm.file) { > - pr_info("Core dump to |%s disabled\n", cn.corename); > + coredump_report_failure("Core dump to |%s disabled", cn.corename); > goto close_fail; > } > if (!dump_vma_snapshot(&cprm)) > @@ -983,11 +973,10 @@ void validate_coredump_safety(void) > { > if (suid_dumpable == SUID_DUMP_ROOT && > core_pattern[0] != '/' && core_pattern[0] != '|') { > - pr_warn( > -"Unsafe core_pattern used with fs.suid_dumpable=2.\n" > -"Pipe handler or fully qualified core dump path required.\n" > -"Set kernel.core_pattern before fs.suid_dumpable.\n" > - ); > + > + coredump_report_failure("Unsafe core_pattern used with fs.suid_dumpable=2: " > + "pipe handler or fully qualified core dump path required. " > + "Set kernel.core_pattern before fs.suid_dumpable."); > } > } > > diff --git a/include/linux/coredump.h b/include/linux/coredump.h > index 0904ba010341a..45e598fe34766 100644 > --- a/include/linux/coredump.h > +++ b/include/linux/coredump.h > @@ -43,8 +43,30 @@ extern int dump_align(struct coredump_params *cprm, int align); > int dump_user_range(struct coredump_params *cprm, unsigned long start, > unsigned long len); > extern void do_coredump(const kernel_siginfo_t *siginfo); > + > +/* > + * Logging for the coredump code, ratelimited. > + * The TGID and comm fields are added to the message. > + */ > + > +#define __COREDUMP_PRINTK(Level, Format, ...) \ > + do { \ > + char comm[TASK_COMM_LEN]; \ > + \ > + get_task_comm(comm, current); \ > + printk_ratelimited(Level "coredump: %d(%*pE): " Format "\n", \ > + task_tgid_vnr(current), (int)strlen(comm), comm, ##__VA_ARGS__); \ > + } while (0) \ > + > +#define coredump_report(fmt, ...) __COREDUMP_PRINTK(KERN_INFO, fmt, ##__VA_ARGS__) > +#define coredump_report_failure(fmt, ...) __COREDUMP_PRINTK(KERN_WARNING, fmt, ##__VA_ARGS__) > + > #else > static inline void do_coredump(const kernel_siginfo_t *siginfo) {} > + > +#define coredump_report(...) > +#define coredump_report_failure(...) > + > #endif > > #if defined(CONFIG_COREDUMP) && defined(CONFIG_SYSCTL) -- Thank you, Roman

8 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] drm/sched: Always increment correct scheduler score" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 087913e0ba2b3b9d7ccbafb2acf5dab9e35ae1d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100755-preacher-reformist-f489@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 087913e0ba2b ("drm/sched: Always increment correct scheduler score") cbc8764e29c2 ("drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job") 440d52b370b0 ("drm/sched: Fix dynamic job-flow control race") f92a39ae4707 ("drm/sched: Partial revert of "Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()"") a78422e9dff3 ("drm/sched: implement dynamic job-flow control") f3123c259000 ("drm/sched: Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()") bc8d6a9df990 ("drm/sched: Don't disturb the entity when in RR-mode scheduling") f12af4c461fb ("drm/sched: Drop suffix from drm_sched_wakeup_if_can_queue") 35a4279d42db ("drm/sched: Rename drm_sched_run_job_queue_if_ready and clarify kerneldoc") 67dd1d8c9f65 ("drm/sched: Rename drm_sched_free_job_queue to be more descriptive") e608d9f7ac1a ("drm/sched: Move free worker re-queuing out of the if block") 7abbbe2694b3 ("drm/sched: Rename drm_sched_get_cleanup_job to be more descriptive") f7fe64ad0f22 ("drm/sched: Split free_job into own work item") a6149f039369 ("drm/sched: Convert drm scheduler to use a work queue rather than kthread") 35963cf2cd25 ("drm/sched: Add drm_sched_wqueue_* helpers") 0da611a87021 ("dma-buf: add dma_fence_timestamp helper") 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues") b88baab82871 ("drm/nouveau: implement new VM_BIND uAPI") 7b05a7c0c9ca ("drm/nouveau: get vmm via nouveau_cli_vmm()") e02238990b1a ("drm/nouveau: new VM_BIND uAPI interfaces") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 087913e0ba2b3b9d7ccbafb2acf5dab9e35ae1d5 Mon Sep 17 00:00:00 2001 From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Date: Tue, 24 Sep 2024 11:19:09 +0100 Subject: [PATCH] drm/sched: Always increment correct scheduler score MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Entities run queue can change during drm_sched_entity_push_job() so make sure to update the score consistently. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: d41a39dda140 ("drm/scheduler: improve job distribution with multiple queues") Cc: Nirmoy Das <nirmoy.das(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.9+ Reviewed-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924101914.2713-4-tursuli… Signed-off-by: Christian König <christian.koenig(a)amd.com> diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index a75eede8bf8d..b2cf3e0c1838 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -586,7 +586,6 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) ktime_t submit_ts; trace_drm_sched_job(sched_job, entity); - atomic_inc(entity->rq->sched->score); WRITE_ONCE(entity->last_user, current->group_leader); /* @@ -614,6 +613,7 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) rq = entity->rq; sched = rq->sched; + atomic_inc(sched->score); drm_sched_rq_add_entity(rq, entity); spin_unlock(&entity->rq_lock);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sched: Always increment correct scheduler score" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 087913e0ba2b3b9d7ccbafb2acf5dab9e35ae1d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100755-unedited-smuggler-ece7@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 087913e0ba2b ("drm/sched: Always increment correct scheduler score") cbc8764e29c2 ("drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job") 440d52b370b0 ("drm/sched: Fix dynamic job-flow control race") f92a39ae4707 ("drm/sched: Partial revert of "Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()"") a78422e9dff3 ("drm/sched: implement dynamic job-flow control") f3123c259000 ("drm/sched: Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()") bc8d6a9df990 ("drm/sched: Don't disturb the entity when in RR-mode scheduling") f12af4c461fb ("drm/sched: Drop suffix from drm_sched_wakeup_if_can_queue") 35a4279d42db ("drm/sched: Rename drm_sched_run_job_queue_if_ready and clarify kerneldoc") 67dd1d8c9f65 ("drm/sched: Rename drm_sched_free_job_queue to be more descriptive") e608d9f7ac1a ("drm/sched: Move free worker re-queuing out of the if block") 7abbbe2694b3 ("drm/sched: Rename drm_sched_get_cleanup_job to be more descriptive") f7fe64ad0f22 ("drm/sched: Split free_job into own work item") a6149f039369 ("drm/sched: Convert drm scheduler to use a work queue rather than kthread") 35963cf2cd25 ("drm/sched: Add drm_sched_wqueue_* helpers") 0da611a87021 ("dma-buf: add dma_fence_timestamp helper") 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues") b88baab82871 ("drm/nouveau: implement new VM_BIND uAPI") 7b05a7c0c9ca ("drm/nouveau: get vmm via nouveau_cli_vmm()") e02238990b1a ("drm/nouveau: new VM_BIND uAPI interfaces") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 087913e0ba2b3b9d7ccbafb2acf5dab9e35ae1d5 Mon Sep 17 00:00:00 2001 From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Date: Tue, 24 Sep 2024 11:19:09 +0100 Subject: [PATCH] drm/sched: Always increment correct scheduler score MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Entities run queue can change during drm_sched_entity_push_job() so make sure to update the score consistently. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: d41a39dda140 ("drm/scheduler: improve job distribution with multiple queues") Cc: Nirmoy Das <nirmoy.das(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.9+ Reviewed-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924101914.2713-4-tursuli… Signed-off-by: Christian König <christian.koenig(a)amd.com> diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index a75eede8bf8d..b2cf3e0c1838 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -586,7 +586,6 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) ktime_t submit_ts; trace_drm_sched_job(sched_job, entity); - atomic_inc(entity->rq->sched->score); WRITE_ONCE(entity->last_user, current->group_leader); /* @@ -614,6 +613,7 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) rq = entity->rq; sched = rq->sched; + atomic_inc(sched->score); drm_sched_rq_add_entity(rq, entity); spin_unlock(&entity->rq_lock);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sched: Always increment correct scheduler score" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 087913e0ba2b3b9d7ccbafb2acf5dab9e35ae1d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100754-headlock-unbridle-a6ed@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 087913e0ba2b ("drm/sched: Always increment correct scheduler score") cbc8764e29c2 ("drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job") 440d52b370b0 ("drm/sched: Fix dynamic job-flow control race") f92a39ae4707 ("drm/sched: Partial revert of "Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()"") a78422e9dff3 ("drm/sched: implement dynamic job-flow control") f3123c259000 ("drm/sched: Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()") bc8d6a9df990 ("drm/sched: Don't disturb the entity when in RR-mode scheduling") f12af4c461fb ("drm/sched: Drop suffix from drm_sched_wakeup_if_can_queue") 35a4279d42db ("drm/sched: Rename drm_sched_run_job_queue_if_ready and clarify kerneldoc") 67dd1d8c9f65 ("drm/sched: Rename drm_sched_free_job_queue to be more descriptive") e608d9f7ac1a ("drm/sched: Move free worker re-queuing out of the if block") 7abbbe2694b3 ("drm/sched: Rename drm_sched_get_cleanup_job to be more descriptive") f7fe64ad0f22 ("drm/sched: Split free_job into own work item") a6149f039369 ("drm/sched: Convert drm scheduler to use a work queue rather than kthread") 35963cf2cd25 ("drm/sched: Add drm_sched_wqueue_* helpers") 0da611a87021 ("dma-buf: add dma_fence_timestamp helper") 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues") b88baab82871 ("drm/nouveau: implement new VM_BIND uAPI") 7b05a7c0c9ca ("drm/nouveau: get vmm via nouveau_cli_vmm()") e02238990b1a ("drm/nouveau: new VM_BIND uAPI interfaces") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 087913e0ba2b3b9d7ccbafb2acf5dab9e35ae1d5 Mon Sep 17 00:00:00 2001 From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Date: Tue, 24 Sep 2024 11:19:09 +0100 Subject: [PATCH] drm/sched: Always increment correct scheduler score MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Entities run queue can change during drm_sched_entity_push_job() so make sure to update the score consistently. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: d41a39dda140 ("drm/scheduler: improve job distribution with multiple queues") Cc: Nirmoy Das <nirmoy.das(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.9+ Reviewed-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924101914.2713-4-tursuli… Signed-off-by: Christian König <christian.koenig(a)amd.com> diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index a75eede8bf8d..b2cf3e0c1838 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -586,7 +586,6 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) ktime_t submit_ts; trace_drm_sched_job(sched_job, entity); - atomic_inc(entity->rq->sched->score); WRITE_ONCE(entity->last_user, current->group_leader); /* @@ -614,6 +613,7 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) rq = entity->rq; sched = rq->sched; + atomic_inc(sched->score); drm_sched_rq_add_entity(rq, entity); spin_unlock(&entity->rq_lock);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sched: Always increment correct scheduler score" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 087913e0ba2b3b9d7ccbafb2acf5dab9e35ae1d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100753-refusing-absolve-0e53@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 087913e0ba2b ("drm/sched: Always increment correct scheduler score") cbc8764e29c2 ("drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job") 440d52b370b0 ("drm/sched: Fix dynamic job-flow control race") f92a39ae4707 ("drm/sched: Partial revert of "Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()"") a78422e9dff3 ("drm/sched: implement dynamic job-flow control") f3123c259000 ("drm/sched: Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()") bc8d6a9df990 ("drm/sched: Don't disturb the entity when in RR-mode scheduling") f12af4c461fb ("drm/sched: Drop suffix from drm_sched_wakeup_if_can_queue") 35a4279d42db ("drm/sched: Rename drm_sched_run_job_queue_if_ready and clarify kerneldoc") 67dd1d8c9f65 ("drm/sched: Rename drm_sched_free_job_queue to be more descriptive") e608d9f7ac1a ("drm/sched: Move free worker re-queuing out of the if block") 7abbbe2694b3 ("drm/sched: Rename drm_sched_get_cleanup_job to be more descriptive") f7fe64ad0f22 ("drm/sched: Split free_job into own work item") a6149f039369 ("drm/sched: Convert drm scheduler to use a work queue rather than kthread") 35963cf2cd25 ("drm/sched: Add drm_sched_wqueue_* helpers") 0da611a87021 ("dma-buf: add dma_fence_timestamp helper") 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 087913e0ba2b3b9d7ccbafb2acf5dab9e35ae1d5 Mon Sep 17 00:00:00 2001 From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Date: Tue, 24 Sep 2024 11:19:09 +0100 Subject: [PATCH] drm/sched: Always increment correct scheduler score MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Entities run queue can change during drm_sched_entity_push_job() so make sure to update the score consistently. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: d41a39dda140 ("drm/scheduler: improve job distribution with multiple queues") Cc: Nirmoy Das <nirmoy.das(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.9+ Reviewed-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924101914.2713-4-tursuli… Signed-off-by: Christian König <christian.koenig(a)amd.com> diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index a75eede8bf8d..b2cf3e0c1838 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -586,7 +586,6 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) ktime_t submit_ts; trace_drm_sched_job(sched_job, entity); - atomic_inc(entity->rq->sched->score); WRITE_ONCE(entity->last_user, current->group_leader); /* @@ -614,6 +613,7 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) rq = entity->rq; sched = rq->sched; + atomic_inc(sched->score); drm_sched_rq_add_entity(rq, entity); spin_unlock(&entity->rq_lock);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sched: Always wake up correct scheduler in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x cbc8764e29c2318229261a679b2aafd0f9072885 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100741-crying-undrilled-a32f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: cbc8764e29c2 ("drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job") 440d52b370b0 ("drm/sched: Fix dynamic job-flow control race") f92a39ae4707 ("drm/sched: Partial revert of "Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()"") a78422e9dff3 ("drm/sched: implement dynamic job-flow control") f3123c259000 ("drm/sched: Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()") bc8d6a9df990 ("drm/sched: Don't disturb the entity when in RR-mode scheduling") f12af4c461fb ("drm/sched: Drop suffix from drm_sched_wakeup_if_can_queue") 35a4279d42db ("drm/sched: Rename drm_sched_run_job_queue_if_ready and clarify kerneldoc") 67dd1d8c9f65 ("drm/sched: Rename drm_sched_free_job_queue to be more descriptive") e608d9f7ac1a ("drm/sched: Move free worker re-queuing out of the if block") 7abbbe2694b3 ("drm/sched: Rename drm_sched_get_cleanup_job to be more descriptive") f7fe64ad0f22 ("drm/sched: Split free_job into own work item") a6149f039369 ("drm/sched: Convert drm scheduler to use a work queue rather than kthread") 35963cf2cd25 ("drm/sched: Add drm_sched_wqueue_* helpers") 0da611a87021 ("dma-buf: add dma_fence_timestamp helper") 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues") b88baab82871 ("drm/nouveau: implement new VM_BIND uAPI") 7b05a7c0c9ca ("drm/nouveau: get vmm via nouveau_cli_vmm()") e02238990b1a ("drm/nouveau: new VM_BIND uAPI interfaces") 7a5d5f9c0587 ("drm/nouveau: fixup the uapi header file.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cbc8764e29c2318229261a679b2aafd0f9072885 Mon Sep 17 00:00:00 2001 From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Date: Tue, 24 Sep 2024 11:19:08 +0100 Subject: [PATCH] drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since drm_sched_entity_modify_sched() can modify the entities run queue, lets make sure to only dereference the pointer once so both adding and waking up are guaranteed to be consistent. Alternative of moving the spin_unlock to after the wake up would for now be more problematic since the same lock is taken inside drm_sched_rq_update_fifo(). v2: * Improve commit message. (Philipp) * Cache the scheduler pointer directly. (Christian) Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: b37aced31eb0 ("drm/scheduler: implement a function to modify sched list") Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Philipp Stanner <pstanner(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.7+ Reviewed-by: Christian König <christian.koenig(a)amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924101914.2713-3-tursuli… Signed-off-by: Christian König <christian.koenig(a)amd.com> diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 0e002c17fcb6..a75eede8bf8d 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -599,6 +599,9 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) /* first job wakes up scheduler */ if (first) { + struct drm_gpu_scheduler *sched; + struct drm_sched_rq *rq; + /* Add the entity to the run queue */ spin_lock(&entity->rq_lock); if (entity->stopped) { @@ -608,13 +611,16 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) return; } - drm_sched_rq_add_entity(entity->rq, entity); + rq = entity->rq; + sched = rq->sched; + + drm_sched_rq_add_entity(rq, entity); spin_unlock(&entity->rq_lock); if (drm_sched_policy == DRM_SCHED_POLICY_FIFO) drm_sched_rq_update_fifo(entity, submit_ts); - drm_sched_wakeup(entity->rq->sched); + drm_sched_wakeup(sched); } } EXPORT_SYMBOL(drm_sched_entity_push_job);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sched: Always wake up correct scheduler in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cbc8764e29c2318229261a679b2aafd0f9072885 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100740-hardhat-tastiness-be43@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: cbc8764e29c2 ("drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job") 440d52b370b0 ("drm/sched: Fix dynamic job-flow control race") f92a39ae4707 ("drm/sched: Partial revert of "Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()"") a78422e9dff3 ("drm/sched: implement dynamic job-flow control") f3123c259000 ("drm/sched: Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()") bc8d6a9df990 ("drm/sched: Don't disturb the entity when in RR-mode scheduling") f12af4c461fb ("drm/sched: Drop suffix from drm_sched_wakeup_if_can_queue") 35a4279d42db ("drm/sched: Rename drm_sched_run_job_queue_if_ready and clarify kerneldoc") 67dd1d8c9f65 ("drm/sched: Rename drm_sched_free_job_queue to be more descriptive") e608d9f7ac1a ("drm/sched: Move free worker re-queuing out of the if block") 7abbbe2694b3 ("drm/sched: Rename drm_sched_get_cleanup_job to be more descriptive") f7fe64ad0f22 ("drm/sched: Split free_job into own work item") a6149f039369 ("drm/sched: Convert drm scheduler to use a work queue rather than kthread") 35963cf2cd25 ("drm/sched: Add drm_sched_wqueue_* helpers") 0da611a87021 ("dma-buf: add dma_fence_timestamp helper") 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues") b88baab82871 ("drm/nouveau: implement new VM_BIND uAPI") 7b05a7c0c9ca ("drm/nouveau: get vmm via nouveau_cli_vmm()") e02238990b1a ("drm/nouveau: new VM_BIND uAPI interfaces") 7a5d5f9c0587 ("drm/nouveau: fixup the uapi header file.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cbc8764e29c2318229261a679b2aafd0f9072885 Mon Sep 17 00:00:00 2001 From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Date: Tue, 24 Sep 2024 11:19:08 +0100 Subject: [PATCH] drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since drm_sched_entity_modify_sched() can modify the entities run queue, lets make sure to only dereference the pointer once so both adding and waking up are guaranteed to be consistent. Alternative of moving the spin_unlock to after the wake up would for now be more problematic since the same lock is taken inside drm_sched_rq_update_fifo(). v2: * Improve commit message. (Philipp) * Cache the scheduler pointer directly. (Christian) Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: b37aced31eb0 ("drm/scheduler: implement a function to modify sched list") Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Philipp Stanner <pstanner(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.7+ Reviewed-by: Christian König <christian.koenig(a)amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924101914.2713-3-tursuli… Signed-off-by: Christian König <christian.koenig(a)amd.com> diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 0e002c17fcb6..a75eede8bf8d 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -599,6 +599,9 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) /* first job wakes up scheduler */ if (first) { + struct drm_gpu_scheduler *sched; + struct drm_sched_rq *rq; + /* Add the entity to the run queue */ spin_lock(&entity->rq_lock); if (entity->stopped) { @@ -608,13 +611,16 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) return; } - drm_sched_rq_add_entity(entity->rq, entity); + rq = entity->rq; + sched = rq->sched; + + drm_sched_rq_add_entity(rq, entity); spin_unlock(&entity->rq_lock); if (drm_sched_policy == DRM_SCHED_POLICY_FIFO) drm_sched_rq_update_fifo(entity, submit_ts); - drm_sched_wakeup(entity->rq->sched); + drm_sched_wakeup(sched); } } EXPORT_SYMBOL(drm_sched_entity_push_job);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sched: Always wake up correct scheduler in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cbc8764e29c2318229261a679b2aafd0f9072885 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100739-habitant-profane-90df@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: cbc8764e29c2 ("drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job") 440d52b370b0 ("drm/sched: Fix dynamic job-flow control race") f92a39ae4707 ("drm/sched: Partial revert of "Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()"") a78422e9dff3 ("drm/sched: implement dynamic job-flow control") f3123c259000 ("drm/sched: Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()") bc8d6a9df990 ("drm/sched: Don't disturb the entity when in RR-mode scheduling") f12af4c461fb ("drm/sched: Drop suffix from drm_sched_wakeup_if_can_queue") 35a4279d42db ("drm/sched: Rename drm_sched_run_job_queue_if_ready and clarify kerneldoc") 67dd1d8c9f65 ("drm/sched: Rename drm_sched_free_job_queue to be more descriptive") e608d9f7ac1a ("drm/sched: Move free worker re-queuing out of the if block") 7abbbe2694b3 ("drm/sched: Rename drm_sched_get_cleanup_job to be more descriptive") f7fe64ad0f22 ("drm/sched: Split free_job into own work item") a6149f039369 ("drm/sched: Convert drm scheduler to use a work queue rather than kthread") 35963cf2cd25 ("drm/sched: Add drm_sched_wqueue_* helpers") 0da611a87021 ("dma-buf: add dma_fence_timestamp helper") 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues") b88baab82871 ("drm/nouveau: implement new VM_BIND uAPI") 7b05a7c0c9ca ("drm/nouveau: get vmm via nouveau_cli_vmm()") e02238990b1a ("drm/nouveau: new VM_BIND uAPI interfaces") 7a5d5f9c0587 ("drm/nouveau: fixup the uapi header file.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cbc8764e29c2318229261a679b2aafd0f9072885 Mon Sep 17 00:00:00 2001 From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Date: Tue, 24 Sep 2024 11:19:08 +0100 Subject: [PATCH] drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since drm_sched_entity_modify_sched() can modify the entities run queue, lets make sure to only dereference the pointer once so both adding and waking up are guaranteed to be consistent. Alternative of moving the spin_unlock to after the wake up would for now be more problematic since the same lock is taken inside drm_sched_rq_update_fifo(). v2: * Improve commit message. (Philipp) * Cache the scheduler pointer directly. (Christian) Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: b37aced31eb0 ("drm/scheduler: implement a function to modify sched list") Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Philipp Stanner <pstanner(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.7+ Reviewed-by: Christian König <christian.koenig(a)amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924101914.2713-3-tursuli… Signed-off-by: Christian König <christian.koenig(a)amd.com> diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 0e002c17fcb6..a75eede8bf8d 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -599,6 +599,9 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) /* first job wakes up scheduler */ if (first) { + struct drm_gpu_scheduler *sched; + struct drm_sched_rq *rq; + /* Add the entity to the run queue */ spin_lock(&entity->rq_lock); if (entity->stopped) { @@ -608,13 +611,16 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) return; } - drm_sched_rq_add_entity(entity->rq, entity); + rq = entity->rq; + sched = rq->sched; + + drm_sched_rq_add_entity(rq, entity); spin_unlock(&entity->rq_lock); if (drm_sched_policy == DRM_SCHED_POLICY_FIFO) drm_sched_rq_update_fifo(entity, submit_ts); - drm_sched_wakeup(entity->rq->sched); + drm_sched_wakeup(sched); } } EXPORT_SYMBOL(drm_sched_entity_push_job);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sched: Always wake up correct scheduler in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cbc8764e29c2318229261a679b2aafd0f9072885 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100738-clammy-reply-9e28@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cbc8764e29c2 ("drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job") 440d52b370b0 ("drm/sched: Fix dynamic job-flow control race") f92a39ae4707 ("drm/sched: Partial revert of "Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()"") a78422e9dff3 ("drm/sched: implement dynamic job-flow control") f3123c259000 ("drm/sched: Qualify drm_sched_wakeup() by drm_sched_entity_is_ready()") bc8d6a9df990 ("drm/sched: Don't disturb the entity when in RR-mode scheduling") f12af4c461fb ("drm/sched: Drop suffix from drm_sched_wakeup_if_can_queue") 35a4279d42db ("drm/sched: Rename drm_sched_run_job_queue_if_ready and clarify kerneldoc") 67dd1d8c9f65 ("drm/sched: Rename drm_sched_free_job_queue to be more descriptive") e608d9f7ac1a ("drm/sched: Move free worker re-queuing out of the if block") 7abbbe2694b3 ("drm/sched: Rename drm_sched_get_cleanup_job to be more descriptive") f7fe64ad0f22 ("drm/sched: Split free_job into own work item") a6149f039369 ("drm/sched: Convert drm scheduler to use a work queue rather than kthread") 35963cf2cd25 ("drm/sched: Add drm_sched_wqueue_* helpers") 0da611a87021 ("dma-buf: add dma_fence_timestamp helper") 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cbc8764e29c2318229261a679b2aafd0f9072885 Mon Sep 17 00:00:00 2001 From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Date: Tue, 24 Sep 2024 11:19:08 +0100 Subject: [PATCH] drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since drm_sched_entity_modify_sched() can modify the entities run queue, lets make sure to only dereference the pointer once so both adding and waking up are guaranteed to be consistent. Alternative of moving the spin_unlock to after the wake up would for now be more problematic since the same lock is taken inside drm_sched_rq_update_fifo(). v2: * Improve commit message. (Philipp) * Cache the scheduler pointer directly. (Christian) Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: b37aced31eb0 ("drm/scheduler: implement a function to modify sched list") Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Philipp Stanner <pstanner(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.7+ Reviewed-by: Christian König <christian.koenig(a)amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924101914.2713-3-tursuli… Signed-off-by: Christian König <christian.koenig(a)amd.com> diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 0e002c17fcb6..a75eede8bf8d 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -599,6 +599,9 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) /* first job wakes up scheduler */ if (first) { + struct drm_gpu_scheduler *sched; + struct drm_sched_rq *rq; + /* Add the entity to the run queue */ spin_lock(&entity->rq_lock); if (entity->stopped) { @@ -608,13 +611,16 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) return; } - drm_sched_rq_add_entity(entity->rq, entity); + rq = entity->rq; + sched = rq->sched; + + drm_sched_rq_add_entity(rq, entity); spin_unlock(&entity->rq_lock); if (drm_sched_policy == DRM_SCHED_POLICY_FIFO) drm_sched_rq_update_fifo(entity, submit_ts); - drm_sched_wakeup(entity->rq->sched); + drm_sched_wakeup(sched); } } EXPORT_SYMBOL(drm_sched_entity_push_job);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe/vm: move xa_alloc to prevent UAF" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 74231870cf4976f69e83aa24f48edb16619f652f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100728-sectional-bakeshop-2c8c@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 74231870cf49 ("drm/xe/vm: move xa_alloc to prevent UAF") 9e3c85ddea7a ("drm/xe: Clean up VM / exec queue file lock usage.") 2149ded63079 ("drm/xe: Fix use after free when client stats are captured") a2387e69493d ("drm/xe: Take a ref to xe file when user creates a VM") 3d0c4a62cc55 ("drm/xe: Move part of xe_file cleanup to a helper") 0568a4086a6c ("drm/xe: Remove unwanted mutex locking") 45bb564de0a6 ("drm/xe: Use run_ticks instead of runtime for client stats") 188ced1e0ff8 ("drm/xe/client: Print runtime to fdinfo") 6109f24f87d7 ("drm/xe: Add helper to accumulate exec queue runtime") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 74231870cf4976f69e83aa24f48edb16619f652f Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Wed, 25 Sep 2024 08:14:27 +0100 Subject: [PATCH] drm/xe/vm: move xa_alloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc all the way to the end to prevent this. v2: - Rebase Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240925071426.144015-3-matth… (cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 31fe31db3fdc..ce9dca4d4e87 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1765,10 +1765,6 @@ int xe_vm_create_ioctl(struct drm_device *dev, void *data, if (IS_ERR(vm)) return PTR_ERR(vm); - err = xa_alloc(&xef->vm.xa, &id, vm, xa_limit_32b, GFP_KERNEL); - if (err) - goto err_close_and_put; - if (xe->info.has_asid) { down_write(&xe->usm.lock); err = xa_alloc_cyclic(&xe->usm.asid_to_vm, &asid, vm, @@ -1776,12 +1772,11 @@ int xe_vm_create_ioctl(struct drm_device *dev, void *data, &xe->usm.next_asid, GFP_KERNEL); up_write(&xe->usm.lock); if (err < 0) - goto err_free_id; + goto err_close_and_put; vm->usm.asid = asid; } - args->vm_id = id; vm->xef = xe_file_get(xef); /* Record BO memory for VM pagetable created against client */ @@ -1794,10 +1789,15 @@ int xe_vm_create_ioctl(struct drm_device *dev, void *data, args->reserved[0] = xe_bo_main_addr(vm->pt_root[0]->bo, XE_PAGE_SIZE); #endif + /* user id alloc must always be last in ioctl to prevent UAF */ + err = xa_alloc(&xef->vm.xa, &id, vm, xa_limit_32b, GFP_KERNEL); + if (err) + goto err_close_and_put; + + args->vm_id = id; + return 0; -err_free_id: - xa_erase(&xef->vm.xa, id); err_close_and_put: xe_vm_close_and_put(vm);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] io_uring/net: harden multishot termination case for recv" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c314094cb4cfa6fc5a17f4881ead2dfebfa717a7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100733-porridge-situated-e017@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c314094cb4cf ("io_uring/net: harden multishot termination case for recv") 4a3223f7bfda ("io_uring/net: switch io_recv() to using io_async_msghdr") fb6328bc2ab5 ("io_uring/net: simplify msghd->msg_inq checking") 186daf238529 ("io_uring/kbuf: rename REQ_F_PARTIAL_IO to REQ_F_BL_NO_RECYCLE") eb18c29dd2a3 ("io_uring/net: move recv/recvmsg flags out of retry loop") c3f9109dbc9e ("io_uring/kbuf: flag request if buffer pool is empty after buffer pick") 95041b93e90a ("io_uring: add io_file_can_poll() helper") 521223d7c229 ("io_uring/cancel: don't default to setting req->work.cancel_seq") 4bcb982cce74 ("io_uring: expand main struct io_kiocb flags to 64-bits") 72bd80252fee ("io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers") 76b367a2d831 ("io_uring/net: limit inline multishot retries") 91e5d765a82f ("io_uring/net: un-indent mshot retry path in io_recv_finish()") 595e52284d24 ("io_uring/poll: don't enable lazy wake for POLLEXCLUSIVE") 89d528ba2f82 ("io_uring: indicate if io_kbuf_recycle did recycle anything") 4de520f1fcef ("Merge tag 'io_uring-futex-2023-10-30' of git://git.kernel.dk/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c314094cb4cfa6fc5a17f4881ead2dfebfa717a7 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Thu, 26 Sep 2024 07:08:10 -0600 Subject: [PATCH] io_uring/net: harden multishot termination case for recv If the recv returns zero, or an error, then it doesn't matter if more data has already been received for this buffer. A condition like that should terminate the multishot receive. Rather than pass in the collected return value, pass in whether to terminate or keep the recv going separately. Note that this isn't a bug right now, as the only way to get there is via setting MSG_WAITALL with multishot receive. And if an application does that, then -EINVAL is returned anyway. But it seems like an easy bug to introduce, so let's make it a bit more explicit. Link: https://github.com/axboe/liburing/issues/1246 Cc: stable(a)vger.kernel.org Fixes: b3fdea6ecb55 ("io_uring: multishot recv") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/net.c b/io_uring/net.c index f10f5a22d66a..18507658a921 100644 --- a/io_uring/net.c +++ b/io_uring/net.c @@ -1133,6 +1133,7 @@ int io_recv(struct io_kiocb *req, unsigned int issue_flags) int ret, min_ret = 0; bool force_nonblock = issue_flags & IO_URING_F_NONBLOCK; size_t len = sr->len; + bool mshot_finished; if (!(req->flags & REQ_F_POLLED) && (sr->flags & IORING_RECVSEND_POLL_FIRST)) @@ -1187,6 +1188,7 @@ int io_recv(struct io_kiocb *req, unsigned int issue_flags) req_set_fail(req); } + mshot_finished = ret <= 0; if (ret > 0) ret += sr->done_io; else if (sr->done_io) @@ -1194,7 +1196,7 @@ int io_recv(struct io_kiocb *req, unsigned int issue_flags) else io_kbuf_recycle(req, issue_flags); - if (!io_recv_finish(req, &ret, kmsg, ret <= 0, issue_flags)) + if (!io_recv_finish(req, &ret, kmsg, mshot_finished, issue_flags)) goto retry_multishot; return ret;

8 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] close_range(): fix the logics in descriptor table trimming" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 678379e1d4f7443b170939525d3312cfc37bf86b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100705-pursuable-relenting-ba02@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 678379e1d4f7 ("close_range(): fix the logics in descriptor table trimming") c4aab26253cd ("fd_is_open(): move to fs/file.c") f60d374d2cc8 ("close_on_exec(): pass files_struct instead of fdtable") a88c955fcfb4 ("file: s/close_fd_get_file()/file_close_fd()/g") 021a160abf62 ("fs: use __fput_sync in close(2)") 11f3f500ec8a ("fork: add kernel_clone_args flag to not dup/clone files") 54e6842d0775 ("fork/vm: Move common PF_IO_WORKER behavior to new flag") c81cc5819faf ("kernel: Make io_thread and kthread bit fields") fb04563d1cae ("sched: Show PF_flag holes") f5d39b020809 ("freezer,sched: Rewrite core freezer logic") 9963e444f71e ("sched: Widen TAKS_state literals") f9fc8cad9728 ("sched: Add TASK_ANY for wait_task_inactive()") 9204a97f7ae8 ("sched: Change wait_task_inactive()s match_state") 1fbcaa923ce2 ("freezer,umh: Clean up freezer/initrd interaction") 5950e5d574c6 ("freezer: Have {,un}lock_system_sleep() save/restore flags") 0b9d46fc5ef7 ("sched: Rename task_running() to task_on_cpu()") 8386c414e27c ("PM: hibernate: defer device probing when resuming from hibernation") 6684cf42906f ("Merge tag 'pull-work.fd-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 678379e1d4f7443b170939525d3312cfc37bf86b Mon Sep 17 00:00:00 2001 From: Al Viro <viro(a)zeniv.linux.org.uk> Date: Fri, 16 Aug 2024 15:17:00 -0400 Subject: [PATCH] close_range(): fix the logics in descriptor table trimming Cloning a descriptor table picks the size that would cover all currently opened files. That's fine for clone() and unshare(), but for close_range() there's an additional twist - we clone before we close, and it would be a shame to have close_range(3, ~0U, CLOSE_RANGE_UNSHARE) leave us with a huge descriptor table when we are not going to keep anything past stderr, just because some large file descriptor used to be open before our call has taken it out. Unfortunately, it had been dealt with in an inherently racy way - sane_fdtable_size() gets a "don't copy anything past that" argument (passed via unshare_fd() and dup_fd()), close_range() decides how much should be trimmed and passes that to unshare_fd(). The problem is, a range that used to extend to the end of descriptor table back when close_range() had looked at it might very well have stuff grown after it by the time dup_fd() has allocated a new files_struct and started to figure out the capacity of fdtable to be attached to that. That leads to interesting pathological cases; at the very least it's a QoI issue, since unshare(CLONE_FILES) is atomic in a sense that it takes a snapshot of descriptor table one might have observed at some point. Since CLOSE_RANGE_UNSHARE close_range() is supposed to be a combination of unshare(CLONE_FILES) with plain close_range(), ending up with a weird state that would never occur with unshare(2) is confusing, to put it mildly. It's not hard to get rid of - all it takes is passing both ends of the range down to sane_fdtable_size(). There we are under ->files_lock, so the race is trivially avoided. So we do the following: * switch close_files() from calling unshare_fd() to calling dup_fd(). * undo the calling convention change done to unshare_fd() in 60997c3d45d9 "close_range: add CLOSE_RANGE_UNSHARE" * introduce struct fd_range, pass a pointer to that to dup_fd() and sane_fdtable_size() instead of "trim everything past that point" they are currently getting. NULL means "we are not going to be punching any holes"; NR_OPEN_MAX is gone. * make sane_fdtable_size() use find_last_bit() instead of open-coding it; it's easier to follow that way. * while we are at it, have dup_fd() report errors by returning ERR_PTR(), no need to use a separate int *errorp argument. Fixes: 60997c3d45d9 "close_range: add CLOSE_RANGE_UNSHARE" Cc: stable(a)vger.kernel.org Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> diff --git a/fs/file.c b/fs/file.c index 5125607d040a..eb093e736972 100644 --- a/fs/file.c +++ b/fs/file.c @@ -272,59 +272,45 @@ static inline bool fd_is_open(unsigned int fd, const struct fdtable *fdt) return test_bit(fd, fdt->open_fds); } -static unsigned int count_open_files(struct fdtable *fdt) -{ - unsigned int size = fdt->max_fds; - unsigned int i; - - /* Find the last open fd */ - for (i = size / BITS_PER_LONG; i > 0; ) { - if (fdt->open_fds[--i]) - break; - } - i = (i + 1) * BITS_PER_LONG; - return i; -} - /* * Note that a sane fdtable size always has to be a multiple of * BITS_PER_LONG, since we have bitmaps that are sized by this. * - * 'max_fds' will normally already be properly aligned, but it - * turns out that in the close_range() -> __close_range() -> - * unshare_fd() -> dup_fd() -> sane_fdtable_size() we can end - * up having a 'max_fds' value that isn't already aligned. - * - * Rather than make close_range() have to worry about this, - * just make that BITS_PER_LONG alignment be part of a sane - * fdtable size. Becuase that's really what it is. + * punch_hole is optional - when close_range() is asked to unshare + * and close, we don't need to copy descriptors in that range, so + * a smaller cloned descriptor table might suffice if the last + * currently opened descriptor falls into that range. */ -static unsigned int sane_fdtable_size(struct fdtable *fdt, unsigned int max_fds) +static unsigned int sane_fdtable_size(struct fdtable *fdt, struct fd_range *punch_hole) { - unsigned int count; + unsigned int last = find_last_bit(fdt->open_fds, fdt->max_fds); - count = count_open_files(fdt); - if (max_fds < NR_OPEN_DEFAULT) - max_fds = NR_OPEN_DEFAULT; - return ALIGN(min(count, max_fds), BITS_PER_LONG); + if (last == fdt->max_fds) + return NR_OPEN_DEFAULT; + if (punch_hole && punch_hole->to >= last && punch_hole->from <= last) { + last = find_last_bit(fdt->open_fds, punch_hole->from); + if (last == punch_hole->from) + return NR_OPEN_DEFAULT; + } + return ALIGN(last + 1, BITS_PER_LONG); } /* - * Allocate a new files structure and copy contents from the - * passed in files structure. - * errorp will be valid only when the returned files_struct is NULL. + * Allocate a new descriptor table and copy contents from the passed in + * instance. Returns a pointer to cloned table on success, ERR_PTR() + * on failure. For 'punch_hole' see sane_fdtable_size(). */ -struct files_struct *dup_fd(struct files_struct *oldf, unsigned int max_fds, int *errorp) +struct files_struct *dup_fd(struct files_struct *oldf, struct fd_range *punch_hole) { struct files_struct *newf; struct file **old_fds, **new_fds; unsigned int open_files, i; struct fdtable *old_fdt, *new_fdt; + int error; - *errorp = -ENOMEM; newf = kmem_cache_alloc(files_cachep, GFP_KERNEL); if (!newf) - goto out; + return ERR_PTR(-ENOMEM); atomic_set(&newf->count, 1); @@ -341,7 +327,7 @@ struct files_struct *dup_fd(struct files_struct *oldf, unsigned int max_fds, int spin_lock(&oldf->file_lock); old_fdt = files_fdtable(oldf); - open_files = sane_fdtable_size(old_fdt, max_fds); + open_files = sane_fdtable_size(old_fdt, punch_hole); /* * Check whether we need to allocate a larger fd array and fd set. @@ -354,14 +340,14 @@ struct files_struct *dup_fd(struct files_struct *oldf, unsigned int max_fds, int new_fdt = alloc_fdtable(open_files - 1); if (!new_fdt) { - *errorp = -ENOMEM; + error = -ENOMEM; goto out_release; } /* beyond sysctl_nr_open; nothing to do */ if (unlikely(new_fdt->max_fds < open_files)) { __free_fdtable(new_fdt); - *errorp = -EMFILE; + error = -EMFILE; goto out_release; } @@ -372,7 +358,7 @@ struct files_struct *dup_fd(struct files_struct *oldf, unsigned int max_fds, int */ spin_lock(&oldf->file_lock); old_fdt = files_fdtable(oldf); - open_files = sane_fdtable_size(old_fdt, max_fds); + open_files = sane_fdtable_size(old_fdt, punch_hole); } copy_fd_bitmaps(new_fdt, old_fdt, open_files / BITS_PER_LONG); @@ -406,8 +392,7 @@ struct files_struct *dup_fd(struct files_struct *oldf, unsigned int max_fds, int out_release: kmem_cache_free(files_cachep, newf); -out: - return NULL; + return ERR_PTR(error); } static struct fdtable *close_files(struct files_struct * files) @@ -748,37 +733,25 @@ int __close_range(unsigned fd, unsigned max_fd, unsigned int flags) if (fd > max_fd) return -EINVAL; - if (flags & CLOSE_RANGE_UNSHARE) { - int ret; - unsigned int max_unshare_fds = NR_OPEN_MAX; + if ((flags & CLOSE_RANGE_UNSHARE) && atomic_read(&cur_fds->count) > 1) { + struct fd_range range = {fd, max_fd}, *punch_hole = &range; /* * If the caller requested all fds to be made cloexec we always * copy all of the file descriptors since they still want to * use them. */ - if (!(flags & CLOSE_RANGE_CLOEXEC)) { - /* - * If the requested range is greater than the current - * maximum, we're closing everything so only copy all - * file descriptors beneath the lowest file descriptor. - */ - rcu_read_lock(); - if (max_fd >= last_fd(files_fdtable(cur_fds))) - max_unshare_fds = fd; - rcu_read_unlock(); - } - - ret = unshare_fd(CLONE_FILES, max_unshare_fds, &fds); - if (ret) - return ret; + if (flags & CLOSE_RANGE_CLOEXEC) + punch_hole = NULL; + fds = dup_fd(cur_fds, punch_hole); + if (IS_ERR(fds)) + return PTR_ERR(fds); /* * We used to share our file descriptor table, and have now * created a private one, make sure we're using it below. */ - if (fds) - swap(cur_fds, fds); + swap(cur_fds, fds); } if (flags & CLOSE_RANGE_CLOEXEC) diff --git a/include/linux/fdtable.h b/include/linux/fdtable.h index 2944d4aa413b..b1c5722f2b3c 100644 --- a/include/linux/fdtable.h +++ b/include/linux/fdtable.h @@ -22,7 +22,6 @@ * as this is the granularity returned by copy_fdset(). */ #define NR_OPEN_DEFAULT BITS_PER_LONG -#define NR_OPEN_MAX ~0U struct fdtable { unsigned int max_fds; @@ -106,7 +105,10 @@ struct task_struct; void put_files_struct(struct files_struct *fs); int unshare_files(void); -struct files_struct *dup_fd(struct files_struct *, unsigned, int *) __latent_entropy; +struct fd_range { + unsigned int from, to; +}; +struct files_struct *dup_fd(struct files_struct *, struct fd_range *) __latent_entropy; void do_close_on_exec(struct files_struct *); int iterate_fd(struct files_struct *, unsigned, int (*)(const void *, struct file *, unsigned), @@ -115,8 +117,6 @@ int iterate_fd(struct files_struct *, unsigned, extern int close_fd(unsigned int fd); extern int __close_range(unsigned int fd, unsigned int max_fd, unsigned int flags); extern struct file *file_close_fd(unsigned int fd); -extern int unshare_fd(unsigned long unshare_flags, unsigned int max_fds, - struct files_struct **new_fdp); extern struct kmem_cache *files_cachep; diff --git a/kernel/fork.c b/kernel/fork.c index 60c0b4868fd4..89ceb4a68af2 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1756,33 +1756,30 @@ static int copy_files(unsigned long clone_flags, struct task_struct *tsk, int no_files) { struct files_struct *oldf, *newf; - int error = 0; /* * A background process may not have any files ... */ oldf = current->files; if (!oldf) - goto out; + return 0; if (no_files) { tsk->files = NULL; - goto out; + return 0; } if (clone_flags & CLONE_FILES) { atomic_inc(&oldf->count); - goto out; + return 0; } - newf = dup_fd(oldf, NR_OPEN_MAX, &error); - if (!newf) - goto out; + newf = dup_fd(oldf, NULL); + if (IS_ERR(newf)) + return PTR_ERR(newf); tsk->files = newf; - error = 0; -out: - return error; + return 0; } static int copy_sighand(unsigned long clone_flags, struct task_struct *tsk) @@ -3238,17 +3235,16 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) /* * Unshare file descriptor table if it is being shared */ -int unshare_fd(unsigned long unshare_flags, unsigned int max_fds, - struct files_struct **new_fdp) +static int unshare_fd(unsigned long unshare_flags, struct files_struct **new_fdp) { struct files_struct *fd = current->files; - int error = 0; if ((unshare_flags & CLONE_FILES) && (fd && atomic_read(&fd->count) > 1)) { - *new_fdp = dup_fd(fd, max_fds, &error); - if (!*new_fdp) - return error; + fd = dup_fd(fd, NULL); + if (IS_ERR(fd)) + return PTR_ERR(fd); + *new_fdp = fd; } return 0; @@ -3306,7 +3302,7 @@ int ksys_unshare(unsigned long unshare_flags) err = unshare_fs(unshare_flags, &new_fs); if (err) goto bad_unshare_out; - err = unshare_fd(unshare_flags, NR_OPEN_MAX, &new_fd); + err = unshare_fd(unshare_flags, &new_fd); if (err) goto bad_unshare_cleanup_fs; err = unshare_userns(unshare_flags, &new_cred); @@ -3398,7 +3394,7 @@ int unshare_files(void) struct files_struct *old, *copy = NULL; int error; - error = unshare_fd(CLONE_FILES, NR_OPEN_MAX, &copy); + error = unshare_fd(CLONE_FILES, &copy); if (error || !copy) return error;

8 months, 2 weeks

1
0
0 0

[PATCH] ARM/mm: Fix stack recursion caused by KASAN

by Melon Liu

When accessing the KASAN shadow area corresponding to the task stack which is in vmalloc space, the stack recursion would occur if the area`s page tables are unpopulated. Calltrace: ... __dabt_svc+0x4c/0x80 __asan_load4+0x30/0x88 do_translation_fault+0x2c/0x110 do_DataAbort+0x4c/0xec __dabt_svc+0x4c/0x80 __asan_load4+0x30/0x88 do_translation_fault+0x2c/0x110 do_DataAbort+0x4c/0xec __dabt_svc+0x4c/0x80 sched_setscheduler_nocheck+0x60/0x158 kthread+0xec/0x198 ret_from_fork+0x14/0x28 Fixes: 565cbaad83d ("ARM: 9202/1: kasan: support CONFIG_KASAN_VMALLOC") Cc: <stable(a)vger.kernel.org> Signed-off-by: Melon Liu <melon1335(a)163.org> --- arch/arm/mm/ioremap.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c index 794cfea9f..f952b0b0f 100644 --- a/arch/arm/mm/ioremap.c +++ b/arch/arm/mm/ioremap.c @@ -115,16 +115,31 @@ int ioremap_page(unsigned long virt, unsigned long phys, } EXPORT_SYMBOL(ioremap_page); +static inline void sync_pgds(struct mm_struct *mm, unsigned long start, + unsigned long end) +{ + end = ALIGN(end, PGDIR_SIZE); + memcpy(pgd_offset(mm, start), pgd_offset_k(start), + sizeof(pgd_t) * (pgd_index(end) - pgd_index(start))); +} + +static inline void sync_vmalloc_pgds(struct mm_struct *mm) +{ + sync_pgds(mm, VMALLOC_START, VMALLOC_END); + if (IS_ENABLED(CONFIG_KASAN_VMALLOC)) + sync_pgds(mm, (unsigned long)kasan_mem_to_shadow( + (void *)VMALLOC_START), + (unsigned long)kasan_mem_to_shadow( + (void *)VMALLOC_END)); +} + void __check_vmalloc_seq(struct mm_struct *mm) { int seq; do { seq = atomic_read(&init_mm.context.vmalloc_seq); - memcpy(pgd_offset(mm, VMALLOC_START), - pgd_offset_k(VMALLOC_START), - sizeof(pgd_t) * (pgd_index(VMALLOC_END) - - pgd_index(VMALLOC_START))); + sync_vmalloc_pgds(mm); /* * Use a store-release so that other CPUs that observe the * counter's new value are guaranteed to see the results of the -- 2.43.0

8 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] rtla: Fix the help text in osnoise and timerlat top tools" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3d7b8ea7a8a20a45d019382c4dc6ed79e8bb95cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100702-paradox-neurology-6048@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 3d7b8ea7a8a2 ("rtla: Fix the help text in osnoise and timerlat top tools") a957cbc02531 ("rtla: Add -C cgroup support") 9fa48a2477de ("rtla/timerlat: Add auto-analysis only option") 1f428356c38d ("rtla: Add hwnoise tool") ce6cc6f70cad ("Documentation/rtla: Add timerlat-top auto-analysis options") 5def33df84d2 ("rtla/timerlat: Add auto-analysis support to timerlat top") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d7b8ea7a8a20a45d019382c4dc6ed79e8bb95cf Mon Sep 17 00:00:00 2001 From: Eder Zulian <ezulian(a)redhat.com> Date: Tue, 13 Aug 2024 17:58:31 +0200 Subject: [PATCH] rtla: Fix the help text in osnoise and timerlat top tools The help text in osnoise top and timerlat top had some minor errors and omissions. The -d option was missing the 's' (second) abbreviation and the error message for '-d' used '-D'. Cc: stable(a)vger.kernel.org Fixes: 1eceb2fc2ca54 ("rtla/osnoise: Add osnoise top mode") Fixes: a828cd18bc4ad ("rtla: Add timerlat tool and timelart top mode") Link: https://lore.kernel.org/20240813155831.384446-1-ezulian@redhat.com Suggested-by: Tomas Glozar <tglozar(a)redhat.com> Reviewed-by: Tomas Glozar <tglozar(a)redhat.com> Signed-off-by: Eder Zulian <ezulian(a)redhat.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/tools/tracing/rtla/src/osnoise_top.c b/tools/tracing/rtla/src/osnoise_top.c index 2f756628613d..30e3853076a0 100644 --- a/tools/tracing/rtla/src/osnoise_top.c +++ b/tools/tracing/rtla/src/osnoise_top.c @@ -442,7 +442,7 @@ struct osnoise_top_params *osnoise_top_parse_args(int argc, char **argv) case 'd': params->duration = parse_seconds_duration(optarg); if (!params->duration) - osnoise_top_usage(params, "Invalid -D duration\n"); + osnoise_top_usage(params, "Invalid -d duration\n"); break; case 'e': tevent = trace_event_alloc(optarg); diff --git a/tools/tracing/rtla/src/timerlat_top.c b/tools/tracing/rtla/src/timerlat_top.c index 8c16419fe22a..210b0f533534 100644 --- a/tools/tracing/rtla/src/timerlat_top.c +++ b/tools/tracing/rtla/src/timerlat_top.c @@ -459,7 +459,7 @@ static void timerlat_top_usage(char *usage) " -c/--cpus cpus: run the tracer only on the given cpus", " -H/--house-keeping cpus: run rtla control threads only on the given cpus", " -C/--cgroup[=cgroup_name]: set cgroup, if no cgroup_name is passed, the rtla's cgroup will be inherited", - " -d/--duration time[m|h|d]: duration of the session in seconds", + " -d/--duration time[s|m|h|d]: duration of the session", " -D/--debug: print debug info", " --dump-tasks: prints the task running on all CPUs if stop conditions are met (depends on !--no-aa)", " -t/--trace[file]: save the stopped trace to [file|timerlat_trace.txt]", @@ -613,7 +613,7 @@ static struct timerlat_top_params case 'd': params->duration = parse_seconds_duration(optarg); if (!params->duration) - timerlat_top_usage("Invalid -D duration\n"); + timerlat_top_usage("Invalid -d duration\n"); break; case 'e': tevent = trace_event_alloc(optarg);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] tracing/timerlat: Fix duplicated kthread creation due to CPU" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0bb0a5c12ecf36ad561542bbb95f96355e036a02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100741-amplify-possum-3dcb@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0bb0a5c12ecf ("tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline") 177e1cc2f412 ("tracing/osnoise: Use a cpumask to know what threads are kthreads") e88ed227f639 ("tracing/timerlat: Add user-space interface") 4998e7fda149 ("tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable") 30838fcd8107 ("tracing/osnoise: Add OSNOISE_WORKLOAD option") b179d48b6aab ("tracing/osnoise: Add osnoise/options file") dd990352f01e ("tracing/osnoise: Make osnoise_main to sleep for microseconds") 11e4e3523da9 ("trace/osnoise: make use of the helper function kthread_run_on_cpu()") b14f4568d391 ("tracing/osnoise: Remove STACKTRACE ifdefs from inside functions") ccb6754495ef ("tracing/osnoise: Remove TIMERLAT ifdefs from inside functions") dae181349f1e ("tracing/osnoise: Support a list of trace_array *tr") 15ca4bdb0327 ("tracing/osnoise: Split workload start from the tracer start") 21ccc9cd7211 ("tracing: Disable "other" permission bits in the tracefs files") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0bb0a5c12ecf36ad561542bbb95f96355e036a02 Mon Sep 17 00:00:00 2001 From: Wei Li <liwei391(a)huawei.com> Date: Tue, 24 Sep 2024 17:45:11 +0800 Subject: [PATCH] tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline osnoise_hotplug_workfn() is the asynchronous online callback for "trace/osnoise:online". It may be congested when a CPU goes online and offline repeatedly and is invoked for multiple times after a certain online. This will lead to kthread leak and timer corruption. Add a check in start_kthread() to prevent this situation. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20240924094515.3561410-2-liwei391@huawei.com Fixes: c8895e271f79 ("trace/osnoise: Support hotplug operations") Signed-off-by: Wei Li <liwei391(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c index 1439064f65d6..d1a539913a5f 100644 --- a/kernel/trace/trace_osnoise.c +++ b/kernel/trace/trace_osnoise.c @@ -2007,6 +2007,10 @@ static int start_kthread(unsigned int cpu) void *main = osnoise_main; char comm[24]; + /* Do not start a new thread if it is already running */ + if (per_cpu(per_cpu_osnoise_var, cpu).kthread) + return 0; + if (timerlat_enabled()) { snprintf(comm, 24, "timerlat/%d", cpu); main = timerlat_main; @@ -2061,11 +2065,10 @@ static int start_per_cpu_kthreads(void) if (cpumask_test_and_clear_cpu(cpu, &kthread_cpumask)) { struct task_struct *kthread; - kthread = per_cpu(per_cpu_osnoise_var, cpu).kthread; + kthread = xchg_relaxed(&(per_cpu(per_cpu_osnoise_var, cpu).kthread), NULL); if (!WARN_ON(!kthread)) kthread_stop(kthread); } - per_cpu(per_cpu_osnoise_var, cpu).kthread = NULL; } for_each_cpu(cpu, current_mask) {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] tracing/timerlat: Fix duplicated kthread creation due to CPU" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0bb0a5c12ecf36ad561542bbb95f96355e036a02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100741-afoot-canal-db89@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0bb0a5c12ecf ("tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline") 177e1cc2f412 ("tracing/osnoise: Use a cpumask to know what threads are kthreads") e88ed227f639 ("tracing/timerlat: Add user-space interface") 4998e7fda149 ("tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable") 30838fcd8107 ("tracing/osnoise: Add OSNOISE_WORKLOAD option") b179d48b6aab ("tracing/osnoise: Add osnoise/options file") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0bb0a5c12ecf36ad561542bbb95f96355e036a02 Mon Sep 17 00:00:00 2001 From: Wei Li <liwei391(a)huawei.com> Date: Tue, 24 Sep 2024 17:45:11 +0800 Subject: [PATCH] tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline osnoise_hotplug_workfn() is the asynchronous online callback for "trace/osnoise:online". It may be congested when a CPU goes online and offline repeatedly and is invoked for multiple times after a certain online. This will lead to kthread leak and timer corruption. Add a check in start_kthread() to prevent this situation. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20240924094515.3561410-2-liwei391@huawei.com Fixes: c8895e271f79 ("trace/osnoise: Support hotplug operations") Signed-off-by: Wei Li <liwei391(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c index 1439064f65d6..d1a539913a5f 100644 --- a/kernel/trace/trace_osnoise.c +++ b/kernel/trace/trace_osnoise.c @@ -2007,6 +2007,10 @@ static int start_kthread(unsigned int cpu) void *main = osnoise_main; char comm[24]; + /* Do not start a new thread if it is already running */ + if (per_cpu(per_cpu_osnoise_var, cpu).kthread) + return 0; + if (timerlat_enabled()) { snprintf(comm, 24, "timerlat/%d", cpu); main = timerlat_main; @@ -2061,11 +2065,10 @@ static int start_per_cpu_kthreads(void) if (cpumask_test_and_clear_cpu(cpu, &kthread_cpumask)) { struct task_struct *kthread; - kthread = per_cpu(per_cpu_osnoise_var, cpu).kthread; + kthread = xchg_relaxed(&(per_cpu(per_cpu_osnoise_var, cpu).kthread), NULL); if (!WARN_ON(!kthread)) kthread_stop(kthread); } - per_cpu(per_cpu_osnoise_var, cpu).kthread = NULL; } for_each_cpu(cpu, current_mask) {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x b25e11f978b63cb7857890edb3a698599cddb10e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100729-covenant-overtly-0189@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: b25e11f978b6 ("Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE") 3e54c5890c87 ("Bluetooth: hci_event: Use of a function table to handle HCI events") 12cfe4176ad6 ("Bluetooth: HCI: Use skb_pull_data to parse LE Metaevents") 70a6b8de6af5 ("Bluetooth: HCI: Use skb_pull_data to parse Extended Inquiry Result event") 8d08d324fdcb ("Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result with RSSI event") 27d9eb4bcac1 ("Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result event") aadc3d2f42a5 ("Bluetooth: HCI: Use skb_pull_data to parse Number of Complete Packets event") e3f3a1aea871 ("Bluetooth: HCI: Use skb_pull_data to parse Command Complete event") ae61a10d9d46 ("Bluetooth: HCI: Use skb_pull_data to parse BR/EDR events") 3244845c6307 ("Bluetooth: hci_sync: Convert MGMT_OP_SSP") 6f6ff38a1e14 ("Bluetooth: hci_sync: Convert MGMT_OP_SET_LOCAL_NAME") cf75ad8b41d2 ("Bluetooth: hci_sync: Convert MGMT_SET_POWERED") ad383c2c65a5 ("Bluetooth: hci_sync: Enable advertising when LL privacy is enabled") e8907f76544f ("Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 3") cba6b758711c ("Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 2") 161510ccf91c ("Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 1") 6a98e3836fa2 ("Bluetooth: Add helper for serialized HCI command execution") 4139ff008330 ("Bluetooth: Fix wrong opcode when LL privacy enabled") 01ce70b0a274 ("Bluetooth: eir: Move EIR/Adv Data functions to its own file") 5031ffcc79b8 ("Bluetooth: Keep MSFT ext info throughout a hci_dev's life cycle") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b25e11f978b63cb7857890edb3a698599cddb10e Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Date: Thu, 12 Sep 2024 12:17:00 -0400 Subject: [PATCH] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805 Cc: stable(a)vger.kernel.org Fixes: ba15a58b179e ("Bluetooth: Fix SSP acceptor just-works confirmation without MITM") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Tested-by: Kiran K <kiran.k(a)intel.com> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index b87c0f1dab9e..561c8cb87473 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -5324,19 +5324,16 @@ static void hci_user_confirm_request_evt(struct hci_dev *hdev, void *data, goto unlock; } - /* If no side requires MITM protection; auto-accept */ + /* If no side requires MITM protection; use JUST_CFM method */ if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) && (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) { - /* If we're not the initiators request authorization to - * proceed from user space (mgmt_user_confirm with - * confirm_hint set to 1). The exception is if neither - * side had MITM or if the local IO capability is - * NoInputNoOutput, in which case we do auto-accept + /* If we're not the initiator of request authorization and the + * local IO capability is not NoInputNoOutput, use JUST_WORKS + * method (mgmt_user_confirm with confirm_hint set to 1). */ if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && - conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && - (loc_mitm || rem_mitm)) { + conn->io_capability != HCI_IO_NO_INPUT_OUTPUT) { bt_dev_dbg(hdev, "Confirming auto-accept as acceptor"); confirm_hint = 1; goto confirm;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b25e11f978b63cb7857890edb3a698599cddb10e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100728-gentleman-exodus-8ae2@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: b25e11f978b6 ("Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE") 3e54c5890c87 ("Bluetooth: hci_event: Use of a function table to handle HCI events") 12cfe4176ad6 ("Bluetooth: HCI: Use skb_pull_data to parse LE Metaevents") 70a6b8de6af5 ("Bluetooth: HCI: Use skb_pull_data to parse Extended Inquiry Result event") 8d08d324fdcb ("Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result with RSSI event") 27d9eb4bcac1 ("Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result event") aadc3d2f42a5 ("Bluetooth: HCI: Use skb_pull_data to parse Number of Complete Packets event") e3f3a1aea871 ("Bluetooth: HCI: Use skb_pull_data to parse Command Complete event") ae61a10d9d46 ("Bluetooth: HCI: Use skb_pull_data to parse BR/EDR events") 3244845c6307 ("Bluetooth: hci_sync: Convert MGMT_OP_SSP") 6f6ff38a1e14 ("Bluetooth: hci_sync: Convert MGMT_OP_SET_LOCAL_NAME") cf75ad8b41d2 ("Bluetooth: hci_sync: Convert MGMT_SET_POWERED") ad383c2c65a5 ("Bluetooth: hci_sync: Enable advertising when LL privacy is enabled") e8907f76544f ("Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 3") cba6b758711c ("Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 2") 161510ccf91c ("Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 1") 6a98e3836fa2 ("Bluetooth: Add helper for serialized HCI command execution") 4139ff008330 ("Bluetooth: Fix wrong opcode when LL privacy enabled") 01ce70b0a274 ("Bluetooth: eir: Move EIR/Adv Data functions to its own file") 5031ffcc79b8 ("Bluetooth: Keep MSFT ext info throughout a hci_dev's life cycle") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b25e11f978b63cb7857890edb3a698599cddb10e Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Date: Thu, 12 Sep 2024 12:17:00 -0400 Subject: [PATCH] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805 Cc: stable(a)vger.kernel.org Fixes: ba15a58b179e ("Bluetooth: Fix SSP acceptor just-works confirmation without MITM") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Tested-by: Kiran K <kiran.k(a)intel.com> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index b87c0f1dab9e..561c8cb87473 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -5324,19 +5324,16 @@ static void hci_user_confirm_request_evt(struct hci_dev *hdev, void *data, goto unlock; } - /* If no side requires MITM protection; auto-accept */ + /* If no side requires MITM protection; use JUST_CFM method */ if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) && (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) { - /* If we're not the initiators request authorization to - * proceed from user space (mgmt_user_confirm with - * confirm_hint set to 1). The exception is if neither - * side had MITM or if the local IO capability is - * NoInputNoOutput, in which case we do auto-accept + /* If we're not the initiator of request authorization and the + * local IO capability is not NoInputNoOutput, use JUST_WORKS + * method (mgmt_user_confirm with confirm_hint set to 1). */ if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && - conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && - (loc_mitm || rem_mitm)) { + conn->io_capability != HCI_IO_NO_INPUT_OUTPUT) { bt_dev_dbg(hdev, "Confirming auto-accept as acceptor"); confirm_hint = 1; goto confirm;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b25e11f978b63cb7857890edb3a698599cddb10e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100727-emission-slot-94cc@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: b25e11f978b6 ("Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE") 3e54c5890c87 ("Bluetooth: hci_event: Use of a function table to handle HCI events") 12cfe4176ad6 ("Bluetooth: HCI: Use skb_pull_data to parse LE Metaevents") 70a6b8de6af5 ("Bluetooth: HCI: Use skb_pull_data to parse Extended Inquiry Result event") 8d08d324fdcb ("Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result with RSSI event") 27d9eb4bcac1 ("Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result event") aadc3d2f42a5 ("Bluetooth: HCI: Use skb_pull_data to parse Number of Complete Packets event") e3f3a1aea871 ("Bluetooth: HCI: Use skb_pull_data to parse Command Complete event") ae61a10d9d46 ("Bluetooth: HCI: Use skb_pull_data to parse BR/EDR events") 3244845c6307 ("Bluetooth: hci_sync: Convert MGMT_OP_SSP") 6f6ff38a1e14 ("Bluetooth: hci_sync: Convert MGMT_OP_SET_LOCAL_NAME") cf75ad8b41d2 ("Bluetooth: hci_sync: Convert MGMT_SET_POWERED") ad383c2c65a5 ("Bluetooth: hci_sync: Enable advertising when LL privacy is enabled") e8907f76544f ("Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 3") cba6b758711c ("Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 2") 161510ccf91c ("Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 1") 6a98e3836fa2 ("Bluetooth: Add helper for serialized HCI command execution") 4139ff008330 ("Bluetooth: Fix wrong opcode when LL privacy enabled") 01ce70b0a274 ("Bluetooth: eir: Move EIR/Adv Data functions to its own file") 5031ffcc79b8 ("Bluetooth: Keep MSFT ext info throughout a hci_dev's life cycle") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b25e11f978b63cb7857890edb3a698599cddb10e Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Date: Thu, 12 Sep 2024 12:17:00 -0400 Subject: [PATCH] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805 Cc: stable(a)vger.kernel.org Fixes: ba15a58b179e ("Bluetooth: Fix SSP acceptor just-works confirmation without MITM") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Tested-by: Kiran K <kiran.k(a)intel.com> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index b87c0f1dab9e..561c8cb87473 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -5324,19 +5324,16 @@ static void hci_user_confirm_request_evt(struct hci_dev *hdev, void *data, goto unlock; } - /* If no side requires MITM protection; auto-accept */ + /* If no side requires MITM protection; use JUST_CFM method */ if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) && (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) { - /* If we're not the initiators request authorization to - * proceed from user space (mgmt_user_confirm with - * confirm_hint set to 1). The exception is if neither - * side had MITM or if the local IO capability is - * NoInputNoOutput, in which case we do auto-accept + /* If we're not the initiator of request authorization and the + * local IO capability is not NoInputNoOutput, use JUST_WORKS + * method (mgmt_user_confirm with confirm_hint set to 1). */ if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && - conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && - (loc_mitm || rem_mitm)) { + conn->io_capability != HCI_IO_NO_INPUT_OUTPUT) { bt_dev_dbg(hdev, "Confirming auto-accept as acceptor"); confirm_hint = 1; goto confirm;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b25e11f978b63cb7857890edb3a698599cddb10e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100727-switch-reaffirm-2dec@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b25e11f978b6 ("Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE") 3e54c5890c87 ("Bluetooth: hci_event: Use of a function table to handle HCI events") 12cfe4176ad6 ("Bluetooth: HCI: Use skb_pull_data to parse LE Metaevents") 70a6b8de6af5 ("Bluetooth: HCI: Use skb_pull_data to parse Extended Inquiry Result event") 8d08d324fdcb ("Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result with RSSI event") 27d9eb4bcac1 ("Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result event") aadc3d2f42a5 ("Bluetooth: HCI: Use skb_pull_data to parse Number of Complete Packets event") e3f3a1aea871 ("Bluetooth: HCI: Use skb_pull_data to parse Command Complete event") ae61a10d9d46 ("Bluetooth: HCI: Use skb_pull_data to parse BR/EDR events") 3244845c6307 ("Bluetooth: hci_sync: Convert MGMT_OP_SSP") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b25e11f978b63cb7857890edb3a698599cddb10e Mon Sep 17 00:00:00 2001 From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Date: Thu, 12 Sep 2024 12:17:00 -0400 Subject: [PATCH] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805 Cc: stable(a)vger.kernel.org Fixes: ba15a58b179e ("Bluetooth: Fix SSP acceptor just-works confirmation without MITM") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Tested-by: Kiran K <kiran.k(a)intel.com> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index b87c0f1dab9e..561c8cb87473 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -5324,19 +5324,16 @@ static void hci_user_confirm_request_evt(struct hci_dev *hdev, void *data, goto unlock; } - /* If no side requires MITM protection; auto-accept */ + /* If no side requires MITM protection; use JUST_CFM method */ if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) && (!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) { - /* If we're not the initiators request authorization to - * proceed from user space (mgmt_user_confirm with - * confirm_hint set to 1). The exception is if neither - * side had MITM or if the local IO capability is - * NoInputNoOutput, in which case we do auto-accept + /* If we're not the initiator of request authorization and the + * local IO capability is not NoInputNoOutput, use JUST_WORKS + * method (mgmt_user_confirm with confirm_hint set to 1). */ if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && - conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && - (loc_mitm || rem_mitm)) { + conn->io_capability != HCI_IO_NO_INPUT_OUTPUT) { bt_dev_dbg(hdev, "Confirming auto-accept as acceptor"); confirm_hint = 1; goto confirm;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] uprobes: fix kernel info leak via "[uprobes]" vma" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 34820304cc2cd1804ee1f8f3504ec77813d29c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100702-doze-flashy-bbe9@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 34820304cc2c ("uprobes: fix kernel info leak via "[uprobes]" vma") 2abbcc099ec6 ("uprobes: turn xol_area->pages[2] into xol_area->page") 6d27a31ef195 ("uprobes: introduce the global struct vm_special_mapping xol_mapping") ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe") 1713b63a07a2 ("x86/shstk: Make return uprobe work with shadow stack") 05e36022c054 ("x86/shstk: Handle signals for shadow stack") 928054769dbd ("x86/shstk: Introduce routines modifying shstk") b2926a36b97a ("x86/shstk: Handle thread shadow stack") 2d39a6add422 ("x86/shstk: Add user-mode shadow stack support") 98cfa4630912 ("x86: Introduce userspace API for shadow stack") 2da5b91fe409 ("x86/traps: Move control protection handler to separate file") 2f8794bd087e ("x86/mm: Provide arch_prctl() interface for LAM") 74c228d20a51 ("x86/uaccess: Provide untagged_addr() and remove tags before address check") 82721d8b25d7 ("x86/mm: Handle LAM on context switch") 5ef495e55f07 ("x86: Allow atomic MM_CONTEXT flags setting") 94a855111ed9 ("Merge tag 'x86_core_for_v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 34820304cc2cd1804ee1f8f3504ec77813d29c8e Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Sun, 29 Sep 2024 18:20:47 +0200 Subject: [PATCH] uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really matter, debugger can read this memory anyway. Link: https://lore.kernel.org/all/20240929162047.GA12611@redhat.com/ Reported-by: Will Deacon <will(a)kernel.org> Fixes: d4b3b6384f98 ("uprobes/core: Allocate XOL slots for uprobes use") Cc: stable(a)vger.kernel.org Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ec796e2f055..4b52cb2ae6d6 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1545,7 +1545,7 @@ static struct xol_area *__create_xol_area(unsigned long vaddr) if (!area->bitmap) goto free_area; - area->page = alloc_page(GFP_HIGHUSER); + area->page = alloc_page(GFP_HIGHUSER | __GFP_ZERO); if (!area->page) goto free_bitmap;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] uprobes: fix kernel info leak via "[uprobes]" vma" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 34820304cc2cd1804ee1f8f3504ec77813d29c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100701-rage-cape-ea74@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 34820304cc2c ("uprobes: fix kernel info leak via "[uprobes]" vma") 2abbcc099ec6 ("uprobes: turn xol_area->pages[2] into xol_area->page") 6d27a31ef195 ("uprobes: introduce the global struct vm_special_mapping xol_mapping") ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe") 1713b63a07a2 ("x86/shstk: Make return uprobe work with shadow stack") 05e36022c054 ("x86/shstk: Handle signals for shadow stack") 928054769dbd ("x86/shstk: Introduce routines modifying shstk") b2926a36b97a ("x86/shstk: Handle thread shadow stack") 2d39a6add422 ("x86/shstk: Add user-mode shadow stack support") 98cfa4630912 ("x86: Introduce userspace API for shadow stack") 2da5b91fe409 ("x86/traps: Move control protection handler to separate file") 2f8794bd087e ("x86/mm: Provide arch_prctl() interface for LAM") 74c228d20a51 ("x86/uaccess: Provide untagged_addr() and remove tags before address check") 82721d8b25d7 ("x86/mm: Handle LAM on context switch") 5ef495e55f07 ("x86: Allow atomic MM_CONTEXT flags setting") 94a855111ed9 ("Merge tag 'x86_core_for_v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 34820304cc2cd1804ee1f8f3504ec77813d29c8e Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Sun, 29 Sep 2024 18:20:47 +0200 Subject: [PATCH] uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really matter, debugger can read this memory anyway. Link: https://lore.kernel.org/all/20240929162047.GA12611@redhat.com/ Reported-by: Will Deacon <will(a)kernel.org> Fixes: d4b3b6384f98 ("uprobes/core: Allocate XOL slots for uprobes use") Cc: stable(a)vger.kernel.org Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ec796e2f055..4b52cb2ae6d6 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1545,7 +1545,7 @@ static struct xol_area *__create_xol_area(unsigned long vaddr) if (!area->bitmap) goto free_area; - area->page = alloc_page(GFP_HIGHUSER); + area->page = alloc_page(GFP_HIGHUSER | __GFP_ZERO); if (!area->page) goto free_bitmap;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] uprobes: fix kernel info leak via "[uprobes]" vma" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 34820304cc2cd1804ee1f8f3504ec77813d29c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100701-subtotal-scurvy-8511@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 34820304cc2c ("uprobes: fix kernel info leak via "[uprobes]" vma") 2abbcc099ec6 ("uprobes: turn xol_area->pages[2] into xol_area->page") 6d27a31ef195 ("uprobes: introduce the global struct vm_special_mapping xol_mapping") ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe") 1713b63a07a2 ("x86/shstk: Make return uprobe work with shadow stack") 05e36022c054 ("x86/shstk: Handle signals for shadow stack") 928054769dbd ("x86/shstk: Introduce routines modifying shstk") b2926a36b97a ("x86/shstk: Handle thread shadow stack") 2d39a6add422 ("x86/shstk: Add user-mode shadow stack support") 98cfa4630912 ("x86: Introduce userspace API for shadow stack") 2da5b91fe409 ("x86/traps: Move control protection handler to separate file") 2f8794bd087e ("x86/mm: Provide arch_prctl() interface for LAM") 74c228d20a51 ("x86/uaccess: Provide untagged_addr() and remove tags before address check") 82721d8b25d7 ("x86/mm: Handle LAM on context switch") 5ef495e55f07 ("x86: Allow atomic MM_CONTEXT flags setting") 94a855111ed9 ("Merge tag 'x86_core_for_v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 34820304cc2cd1804ee1f8f3504ec77813d29c8e Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Sun, 29 Sep 2024 18:20:47 +0200 Subject: [PATCH] uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really matter, debugger can read this memory anyway. Link: https://lore.kernel.org/all/20240929162047.GA12611@redhat.com/ Reported-by: Will Deacon <will(a)kernel.org> Fixes: d4b3b6384f98 ("uprobes/core: Allocate XOL slots for uprobes use") Cc: stable(a)vger.kernel.org Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ec796e2f055..4b52cb2ae6d6 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1545,7 +1545,7 @@ static struct xol_area *__create_xol_area(unsigned long vaddr) if (!area->bitmap) goto free_area; - area->page = alloc_page(GFP_HIGHUSER); + area->page = alloc_page(GFP_HIGHUSER | __GFP_ZERO); if (!area->page) goto free_bitmap;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] uprobes: fix kernel info leak via "[uprobes]" vma" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 34820304cc2cd1804ee1f8f3504ec77813d29c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100700-debatable-kerchief-a632@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 34820304cc2c ("uprobes: fix kernel info leak via "[uprobes]" vma") 2abbcc099ec6 ("uprobes: turn xol_area->pages[2] into xol_area->page") 6d27a31ef195 ("uprobes: introduce the global struct vm_special_mapping xol_mapping") ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe") 1713b63a07a2 ("x86/shstk: Make return uprobe work with shadow stack") 05e36022c054 ("x86/shstk: Handle signals for shadow stack") 928054769dbd ("x86/shstk: Introduce routines modifying shstk") b2926a36b97a ("x86/shstk: Handle thread shadow stack") 2d39a6add422 ("x86/shstk: Add user-mode shadow stack support") 98cfa4630912 ("x86: Introduce userspace API for shadow stack") 2da5b91fe409 ("x86/traps: Move control protection handler to separate file") 2f8794bd087e ("x86/mm: Provide arch_prctl() interface for LAM") 74c228d20a51 ("x86/uaccess: Provide untagged_addr() and remove tags before address check") 82721d8b25d7 ("x86/mm: Handle LAM on context switch") 5ef495e55f07 ("x86: Allow atomic MM_CONTEXT flags setting") 94a855111ed9 ("Merge tag 'x86_core_for_v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 34820304cc2cd1804ee1f8f3504ec77813d29c8e Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Sun, 29 Sep 2024 18:20:47 +0200 Subject: [PATCH] uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really matter, debugger can read this memory anyway. Link: https://lore.kernel.org/all/20240929162047.GA12611@redhat.com/ Reported-by: Will Deacon <will(a)kernel.org> Fixes: d4b3b6384f98 ("uprobes/core: Allocate XOL slots for uprobes use") Cc: stable(a)vger.kernel.org Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ec796e2f055..4b52cb2ae6d6 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1545,7 +1545,7 @@ static struct xol_area *__create_xol_area(unsigned long vaddr) if (!area->bitmap) goto free_area; - area->page = alloc_page(GFP_HIGHUSER); + area->page = alloc_page(GFP_HIGHUSER | __GFP_ZERO); if (!area->page) goto free_bitmap;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] uprobes: fix kernel info leak via "[uprobes]" vma" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 34820304cc2cd1804ee1f8f3504ec77813d29c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100758-mossy-data-89d8@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 34820304cc2c ("uprobes: fix kernel info leak via "[uprobes]" vma") 2abbcc099ec6 ("uprobes: turn xol_area->pages[2] into xol_area->page") 6d27a31ef195 ("uprobes: introduce the global struct vm_special_mapping xol_mapping") ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe") 1713b63a07a2 ("x86/shstk: Make return uprobe work with shadow stack") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 34820304cc2cd1804ee1f8f3504ec77813d29c8e Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Sun, 29 Sep 2024 18:20:47 +0200 Subject: [PATCH] uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really matter, debugger can read this memory anyway. Link: https://lore.kernel.org/all/20240929162047.GA12611@redhat.com/ Reported-by: Will Deacon <will(a)kernel.org> Fixes: d4b3b6384f98 ("uprobes/core: Allocate XOL slots for uprobes use") Cc: stable(a)vger.kernel.org Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ec796e2f055..4b52cb2ae6d6 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1545,7 +1545,7 @@ static struct xol_area *__create_xol_area(unsigned long vaddr) if (!area->bitmap) goto free_area; - area->page = alloc_page(GFP_HIGHUSER); + area->page = alloc_page(GFP_HIGHUSER | __GFP_ZERO); if (!area->page) goto free_bitmap;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] uprobes: fix kernel info leak via "[uprobes]" vma" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 34820304cc2cd1804ee1f8f3504ec77813d29c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100759-ritalin-riveter-4791@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 34820304cc2c ("uprobes: fix kernel info leak via "[uprobes]" vma") 2abbcc099ec6 ("uprobes: turn xol_area->pages[2] into xol_area->page") 6d27a31ef195 ("uprobes: introduce the global struct vm_special_mapping xol_mapping") ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe") 1713b63a07a2 ("x86/shstk: Make return uprobe work with shadow stack") 05e36022c054 ("x86/shstk: Handle signals for shadow stack") 928054769dbd ("x86/shstk: Introduce routines modifying shstk") b2926a36b97a ("x86/shstk: Handle thread shadow stack") 2d39a6add422 ("x86/shstk: Add user-mode shadow stack support") 98cfa4630912 ("x86: Introduce userspace API for shadow stack") 2da5b91fe409 ("x86/traps: Move control protection handler to separate file") 2f8794bd087e ("x86/mm: Provide arch_prctl() interface for LAM") 74c228d20a51 ("x86/uaccess: Provide untagged_addr() and remove tags before address check") 82721d8b25d7 ("x86/mm: Handle LAM on context switch") 5ef495e55f07 ("x86: Allow atomic MM_CONTEXT flags setting") 94a855111ed9 ("Merge tag 'x86_core_for_v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 34820304cc2cd1804ee1f8f3504ec77813d29c8e Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Sun, 29 Sep 2024 18:20:47 +0200 Subject: [PATCH] uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really matter, debugger can read this memory anyway. Link: https://lore.kernel.org/all/20240929162047.GA12611@redhat.com/ Reported-by: Will Deacon <will(a)kernel.org> Fixes: d4b3b6384f98 ("uprobes/core: Allocate XOL slots for uprobes use") Cc: stable(a)vger.kernel.org Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ec796e2f055..4b52cb2ae6d6 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1545,7 +1545,7 @@ static struct xol_area *__create_xol_area(unsigned long vaddr) if (!area->bitmap) goto free_area; - area->page = alloc_page(GFP_HIGHUSER); + area->page = alloc_page(GFP_HIGHUSER | __GFP_ZERO); if (!area->page) goto free_bitmap;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] uprobes: fix kernel info leak via "[uprobes]" vma" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 34820304cc2cd1804ee1f8f3504ec77813d29c8e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100758-cupbearer-bobtail-6583@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 34820304cc2c ("uprobes: fix kernel info leak via "[uprobes]" vma") 2abbcc099ec6 ("uprobes: turn xol_area->pages[2] into xol_area->page") 6d27a31ef195 ("uprobes: introduce the global struct vm_special_mapping xol_mapping") ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe") 1713b63a07a2 ("x86/shstk: Make return uprobe work with shadow stack") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 34820304cc2cd1804ee1f8f3504ec77813d29c8e Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Sun, 29 Sep 2024 18:20:47 +0200 Subject: [PATCH] uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really matter, debugger can read this memory anyway. Link: https://lore.kernel.org/all/20240929162047.GA12611@redhat.com/ Reported-by: Will Deacon <will(a)kernel.org> Fixes: d4b3b6384f98 ("uprobes/core: Allocate XOL slots for uprobes use") Cc: stable(a)vger.kernel.org Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ec796e2f055..4b52cb2ae6d6 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1545,7 +1545,7 @@ static struct xol_area *__create_xol_area(unsigned long vaddr) if (!area->bitmap) goto free_area; - area->page = alloc_page(GFP_HIGHUSER); + area->page = alloc_page(GFP_HIGHUSER | __GFP_ZERO); if (!area->page) goto free_bitmap;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: drop the backref cache during relocation if we commit" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x db7e68b522c01eb666cfe1f31637775f18997811 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100724-relieving-avert-aeda@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: db7e68b522c0 ("btrfs: drop the backref cache during relocation if we commit") ab7c8bbf3a08 ("btrfs: relocation: constify parameters where possible") 32f2abca380f ("btrfs: relocation: return bool from btrfs_should_ignore_reloc_root") b9a9a85059cd ("btrfs: output affected files when relocation fails") aa5d3003ddee ("btrfs: move orphan prototypes into orphan.h") 7f0add250f82 ("btrfs: move super_block specific helpers into super.h") c03b22076bd2 ("btrfs: move super prototypes into super.h") 5c11adcc383a ("btrfs: move verity prototypes into verity.h") 77407dc032e2 ("btrfs: move dev-replace prototypes into dev-replace.h") 2fc6822c99d7 ("btrfs: move scrub prototypes into scrub.h") 677074792a1d ("btrfs: move relocation prototypes into relocation.h") 33cf97a7b658 ("btrfs: move acl prototypes into acl.h") b538a271ae9b ("btrfs: move the 32bit warn defines into messages.h") af142b6f44d3 ("btrfs: move file prototypes to file.h") 7572dec8f522 ("btrfs: move ioctl prototypes into ioctl.h") c7a03b524d30 ("btrfs: move uuid tree prototypes to uuid-tree.h") 7c8ede162805 ("btrfs: move file-item prototypes into their own header") f2b39277b87d ("btrfs: move dir-item prototypes into dir-item.h") 59b818e064ab ("btrfs: move defrag related prototypes to their own header") a6a01ca61f49 ("btrfs: move the file defrag code into defrag.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From db7e68b522c01eb666cfe1f31637775f18997811 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Tue, 24 Sep 2024 16:50:22 -0400 Subject: [PATCH] btrfs: drop the backref cache during relocation if we commit Since the inception of relocation we have maintained the backref cache across transaction commits, updating the backref cache with the new bytenr whenever we COWed blocks that were in the cache, and then updating their bytenr once we detected a transaction id change. This works as long as we're only ever modifying blocks, not changing the structure of the tree. However relocation does in fact change the structure of the tree. For example, if we are relocating a data extent, we will look up all the leaves that point to this data extent. We will then call do_relocation() on each of these leaves, which will COW down to the leaf and then update the file extent location. But, a key feature of do_relocation() is the pending list. This is all the pending nodes that we modified when we updated the file extent item. We will then process all of these blocks via finish_pending_nodes, which calls do_relocation() on all of the nodes that led up to that leaf. The purpose of this is to make sure we don't break sharing unless we absolutely have to. Consider the case that we have 3 snapshots that all point to this leaf through the same nodes, the initial COW would have created a whole new path. If we did this for all 3 snapshots we would end up with 3x the number of nodes we had originally. To avoid this we will cycle through each of the snapshots that point to each of these nodes and update their pointers to point at the new nodes. Once we update the pointer to the new node we will drop the node we removed the link for and all of its children via btrfs_drop_subtree(). This is essentially just btrfs_drop_snapshot(), but for an arbitrary point in the snapshot. The problem with this is that we will never reflect this in the backref cache. If we do this btrfs_drop_snapshot() for a node that is in the backref tree, we will leave the node in the backref tree. This becomes a problem when we change the transid, as now the backref cache has entire subtrees that no longer exist, but exist as if they still are pointed to by the same roots. In the best case scenario you end up with "adding refs to an existing tree ref" errors from insert_inline_extent_backref(), where we attempt to link in nodes on roots that are no longer valid. Worst case you will double free some random block and re-use it when there's still references to the block. This is extremely subtle, and the consequences are quite bad. There isn't a way to make sure our backref cache is consistent between transid's. In order to fix this we need to simply evict the entire backref cache anytime we cross transid's. This reduces performance in that we have to rebuild this backref cache every time we change transid's, but fixes the bug. This has existed since relocation was added, and is a pretty critical bug. There's a lot more cleanup that can be done now that this functionality is going away, but this patch is as small as possible in order to fix the problem and make it easy for us to backport it to all the kernels it needs to be backported to. Followup series will dismantle more of this code and simplify relocation drastically to remove this functionality. We have a reproducer that reproduced the corruption within a few minutes of running. With this patch it survives several iterations/hours of running the reproducer. Fixes: 3fd0a5585eb9 ("Btrfs: Metadata ENOSPC handling for balance") CC: stable(a)vger.kernel.org Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index e2f478ecd7fd..f8e1d5b2c512 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -3179,10 +3179,14 @@ void btrfs_backref_release_cache(struct btrfs_backref_cache *cache) btrfs_backref_cleanup_node(cache, node); } - cache->last_trans = 0; - - for (i = 0; i < BTRFS_MAX_LEVEL; i++) - ASSERT(list_empty(&cache->pending[i])); + for (i = 0; i < BTRFS_MAX_LEVEL; i++) { + while (!list_empty(&cache->pending[i])) { + node = list_first_entry(&cache->pending[i], + struct btrfs_backref_node, + list); + btrfs_backref_cleanup_node(cache, node); + } + } ASSERT(list_empty(&cache->pending_edge)); ASSERT(list_empty(&cache->useless_node)); ASSERT(list_empty(&cache->changed)); diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index ea4ed85919ec..cf1dfeaaf2d8 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -232,70 +232,6 @@ static struct btrfs_backref_node *walk_down_backref( return NULL; } -static void update_backref_node(struct btrfs_backref_cache *cache, - struct btrfs_backref_node *node, u64 bytenr) -{ - struct rb_node *rb_node; - rb_erase(&node->rb_node, &cache->rb_root); - node->bytenr = bytenr; - rb_node = rb_simple_insert(&cache->rb_root, node->bytenr, &node->rb_node); - if (rb_node) - btrfs_backref_panic(cache->fs_info, bytenr, -EEXIST); -} - -/* - * update backref cache after a transaction commit - */ -static int update_backref_cache(struct btrfs_trans_handle *trans, - struct btrfs_backref_cache *cache) -{ - struct btrfs_backref_node *node; - int level = 0; - - if (cache->last_trans == 0) { - cache->last_trans = trans->transid; - return 0; - } - - if (cache->last_trans == trans->transid) - return 0; - - /* - * detached nodes are used to avoid unnecessary backref - * lookup. transaction commit changes the extent tree. - * so the detached nodes are no longer useful. - */ - while (!list_empty(&cache->detached)) { - node = list_entry(cache->detached.next, - struct btrfs_backref_node, list); - btrfs_backref_cleanup_node(cache, node); - } - - while (!list_empty(&cache->changed)) { - node = list_entry(cache->changed.next, - struct btrfs_backref_node, list); - list_del_init(&node->list); - BUG_ON(node->pending); - update_backref_node(cache, node, node->new_bytenr); - } - - /* - * some nodes can be left in the pending list if there were - * errors during processing the pending nodes. - */ - for (level = 0; level < BTRFS_MAX_LEVEL; level++) { - list_for_each_entry(node, &cache->pending[level], list) { - BUG_ON(!node->pending); - if (node->bytenr == node->new_bytenr) - continue; - update_backref_node(cache, node, node->new_bytenr); - } - } - - cache->last_trans = 0; - return 1; -} - static bool reloc_root_is_dead(const struct btrfs_root *root) { /* @@ -551,9 +487,6 @@ static int clone_backref_node(struct btrfs_trans_handle *trans, struct btrfs_backref_edge *new_edge; struct rb_node *rb_node; - if (cache->last_trans > 0) - update_backref_cache(trans, cache); - rb_node = rb_simple_search(&cache->rb_root, src->commit_root->start); if (rb_node) { node = rb_entry(rb_node, struct btrfs_backref_node, rb_node); @@ -3698,11 +3631,9 @@ static noinline_for_stack int relocate_block_group(struct reloc_control *rc) break; } restart: - if (update_backref_cache(trans, &rc->backref_cache)) { - btrfs_end_transaction(trans); - trans = NULL; - continue; - } + if (rc->backref_cache.last_trans != trans->transid) + btrfs_backref_release_cache(&rc->backref_cache); + rc->backref_cache.last_trans = trans->transid; ret = find_next_extent(rc, path, &key); if (ret < 0)

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: drop the backref cache during relocation if we commit" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x db7e68b522c01eb666cfe1f31637775f18997811 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100722-wreckage-customs-5310@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: db7e68b522c0 ("btrfs: drop the backref cache during relocation if we commit") ab7c8bbf3a08 ("btrfs: relocation: constify parameters where possible") 32f2abca380f ("btrfs: relocation: return bool from btrfs_should_ignore_reloc_root") b9a9a85059cd ("btrfs: output affected files when relocation fails") aa5d3003ddee ("btrfs: move orphan prototypes into orphan.h") 7f0add250f82 ("btrfs: move super_block specific helpers into super.h") c03b22076bd2 ("btrfs: move super prototypes into super.h") 5c11adcc383a ("btrfs: move verity prototypes into verity.h") 77407dc032e2 ("btrfs: move dev-replace prototypes into dev-replace.h") 2fc6822c99d7 ("btrfs: move scrub prototypes into scrub.h") 677074792a1d ("btrfs: move relocation prototypes into relocation.h") 33cf97a7b658 ("btrfs: move acl prototypes into acl.h") b538a271ae9b ("btrfs: move the 32bit warn defines into messages.h") af142b6f44d3 ("btrfs: move file prototypes to file.h") 7572dec8f522 ("btrfs: move ioctl prototypes into ioctl.h") c7a03b524d30 ("btrfs: move uuid tree prototypes to uuid-tree.h") 7c8ede162805 ("btrfs: move file-item prototypes into their own header") f2b39277b87d ("btrfs: move dir-item prototypes into dir-item.h") 59b818e064ab ("btrfs: move defrag related prototypes to their own header") a6a01ca61f49 ("btrfs: move the file defrag code into defrag.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From db7e68b522c01eb666cfe1f31637775f18997811 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Tue, 24 Sep 2024 16:50:22 -0400 Subject: [PATCH] btrfs: drop the backref cache during relocation if we commit Since the inception of relocation we have maintained the backref cache across transaction commits, updating the backref cache with the new bytenr whenever we COWed blocks that were in the cache, and then updating their bytenr once we detected a transaction id change. This works as long as we're only ever modifying blocks, not changing the structure of the tree. However relocation does in fact change the structure of the tree. For example, if we are relocating a data extent, we will look up all the leaves that point to this data extent. We will then call do_relocation() on each of these leaves, which will COW down to the leaf and then update the file extent location. But, a key feature of do_relocation() is the pending list. This is all the pending nodes that we modified when we updated the file extent item. We will then process all of these blocks via finish_pending_nodes, which calls do_relocation() on all of the nodes that led up to that leaf. The purpose of this is to make sure we don't break sharing unless we absolutely have to. Consider the case that we have 3 snapshots that all point to this leaf through the same nodes, the initial COW would have created a whole new path. If we did this for all 3 snapshots we would end up with 3x the number of nodes we had originally. To avoid this we will cycle through each of the snapshots that point to each of these nodes and update their pointers to point at the new nodes. Once we update the pointer to the new node we will drop the node we removed the link for and all of its children via btrfs_drop_subtree(). This is essentially just btrfs_drop_snapshot(), but for an arbitrary point in the snapshot. The problem with this is that we will never reflect this in the backref cache. If we do this btrfs_drop_snapshot() for a node that is in the backref tree, we will leave the node in the backref tree. This becomes a problem when we change the transid, as now the backref cache has entire subtrees that no longer exist, but exist as if they still are pointed to by the same roots. In the best case scenario you end up with "adding refs to an existing tree ref" errors from insert_inline_extent_backref(), where we attempt to link in nodes on roots that are no longer valid. Worst case you will double free some random block and re-use it when there's still references to the block. This is extremely subtle, and the consequences are quite bad. There isn't a way to make sure our backref cache is consistent between transid's. In order to fix this we need to simply evict the entire backref cache anytime we cross transid's. This reduces performance in that we have to rebuild this backref cache every time we change transid's, but fixes the bug. This has existed since relocation was added, and is a pretty critical bug. There's a lot more cleanup that can be done now that this functionality is going away, but this patch is as small as possible in order to fix the problem and make it easy for us to backport it to all the kernels it needs to be backported to. Followup series will dismantle more of this code and simplify relocation drastically to remove this functionality. We have a reproducer that reproduced the corruption within a few minutes of running. With this patch it survives several iterations/hours of running the reproducer. Fixes: 3fd0a5585eb9 ("Btrfs: Metadata ENOSPC handling for balance") CC: stable(a)vger.kernel.org Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index e2f478ecd7fd..f8e1d5b2c512 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -3179,10 +3179,14 @@ void btrfs_backref_release_cache(struct btrfs_backref_cache *cache) btrfs_backref_cleanup_node(cache, node); } - cache->last_trans = 0; - - for (i = 0; i < BTRFS_MAX_LEVEL; i++) - ASSERT(list_empty(&cache->pending[i])); + for (i = 0; i < BTRFS_MAX_LEVEL; i++) { + while (!list_empty(&cache->pending[i])) { + node = list_first_entry(&cache->pending[i], + struct btrfs_backref_node, + list); + btrfs_backref_cleanup_node(cache, node); + } + } ASSERT(list_empty(&cache->pending_edge)); ASSERT(list_empty(&cache->useless_node)); ASSERT(list_empty(&cache->changed)); diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index ea4ed85919ec..cf1dfeaaf2d8 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -232,70 +232,6 @@ static struct btrfs_backref_node *walk_down_backref( return NULL; } -static void update_backref_node(struct btrfs_backref_cache *cache, - struct btrfs_backref_node *node, u64 bytenr) -{ - struct rb_node *rb_node; - rb_erase(&node->rb_node, &cache->rb_root); - node->bytenr = bytenr; - rb_node = rb_simple_insert(&cache->rb_root, node->bytenr, &node->rb_node); - if (rb_node) - btrfs_backref_panic(cache->fs_info, bytenr, -EEXIST); -} - -/* - * update backref cache after a transaction commit - */ -static int update_backref_cache(struct btrfs_trans_handle *trans, - struct btrfs_backref_cache *cache) -{ - struct btrfs_backref_node *node; - int level = 0; - - if (cache->last_trans == 0) { - cache->last_trans = trans->transid; - return 0; - } - - if (cache->last_trans == trans->transid) - return 0; - - /* - * detached nodes are used to avoid unnecessary backref - * lookup. transaction commit changes the extent tree. - * so the detached nodes are no longer useful. - */ - while (!list_empty(&cache->detached)) { - node = list_entry(cache->detached.next, - struct btrfs_backref_node, list); - btrfs_backref_cleanup_node(cache, node); - } - - while (!list_empty(&cache->changed)) { - node = list_entry(cache->changed.next, - struct btrfs_backref_node, list); - list_del_init(&node->list); - BUG_ON(node->pending); - update_backref_node(cache, node, node->new_bytenr); - } - - /* - * some nodes can be left in the pending list if there were - * errors during processing the pending nodes. - */ - for (level = 0; level < BTRFS_MAX_LEVEL; level++) { - list_for_each_entry(node, &cache->pending[level], list) { - BUG_ON(!node->pending); - if (node->bytenr == node->new_bytenr) - continue; - update_backref_node(cache, node, node->new_bytenr); - } - } - - cache->last_trans = 0; - return 1; -} - static bool reloc_root_is_dead(const struct btrfs_root *root) { /* @@ -551,9 +487,6 @@ static int clone_backref_node(struct btrfs_trans_handle *trans, struct btrfs_backref_edge *new_edge; struct rb_node *rb_node; - if (cache->last_trans > 0) - update_backref_cache(trans, cache); - rb_node = rb_simple_search(&cache->rb_root, src->commit_root->start); if (rb_node) { node = rb_entry(rb_node, struct btrfs_backref_node, rb_node); @@ -3698,11 +3631,9 @@ static noinline_for_stack int relocate_block_group(struct reloc_control *rc) break; } restart: - if (update_backref_cache(trans, &rc->backref_cache)) { - btrfs_end_transaction(trans); - trans = NULL; - continue; - } + if (rc->backref_cache.last_trans != trans->transid) + btrfs_backref_release_cache(&rc->backref_cache); + rc->backref_cache.last_trans = trans->transid; ret = find_next_extent(rc, path, &key); if (ret < 0)

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: drop the backref cache during relocation if we commit" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x db7e68b522c01eb666cfe1f31637775f18997811 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100720-ample-snout-89da@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: db7e68b522c0 ("btrfs: drop the backref cache during relocation if we commit") ab7c8bbf3a08 ("btrfs: relocation: constify parameters where possible") 32f2abca380f ("btrfs: relocation: return bool from btrfs_should_ignore_reloc_root") b9a9a85059cd ("btrfs: output affected files when relocation fails") aa5d3003ddee ("btrfs: move orphan prototypes into orphan.h") 7f0add250f82 ("btrfs: move super_block specific helpers into super.h") c03b22076bd2 ("btrfs: move super prototypes into super.h") 5c11adcc383a ("btrfs: move verity prototypes into verity.h") 77407dc032e2 ("btrfs: move dev-replace prototypes into dev-replace.h") 2fc6822c99d7 ("btrfs: move scrub prototypes into scrub.h") 677074792a1d ("btrfs: move relocation prototypes into relocation.h") 33cf97a7b658 ("btrfs: move acl prototypes into acl.h") b538a271ae9b ("btrfs: move the 32bit warn defines into messages.h") af142b6f44d3 ("btrfs: move file prototypes to file.h") 7572dec8f522 ("btrfs: move ioctl prototypes into ioctl.h") c7a03b524d30 ("btrfs: move uuid tree prototypes to uuid-tree.h") 7c8ede162805 ("btrfs: move file-item prototypes into their own header") f2b39277b87d ("btrfs: move dir-item prototypes into dir-item.h") 59b818e064ab ("btrfs: move defrag related prototypes to their own header") a6a01ca61f49 ("btrfs: move the file defrag code into defrag.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From db7e68b522c01eb666cfe1f31637775f18997811 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Tue, 24 Sep 2024 16:50:22 -0400 Subject: [PATCH] btrfs: drop the backref cache during relocation if we commit Since the inception of relocation we have maintained the backref cache across transaction commits, updating the backref cache with the new bytenr whenever we COWed blocks that were in the cache, and then updating their bytenr once we detected a transaction id change. This works as long as we're only ever modifying blocks, not changing the structure of the tree. However relocation does in fact change the structure of the tree. For example, if we are relocating a data extent, we will look up all the leaves that point to this data extent. We will then call do_relocation() on each of these leaves, which will COW down to the leaf and then update the file extent location. But, a key feature of do_relocation() is the pending list. This is all the pending nodes that we modified when we updated the file extent item. We will then process all of these blocks via finish_pending_nodes, which calls do_relocation() on all of the nodes that led up to that leaf. The purpose of this is to make sure we don't break sharing unless we absolutely have to. Consider the case that we have 3 snapshots that all point to this leaf through the same nodes, the initial COW would have created a whole new path. If we did this for all 3 snapshots we would end up with 3x the number of nodes we had originally. To avoid this we will cycle through each of the snapshots that point to each of these nodes and update their pointers to point at the new nodes. Once we update the pointer to the new node we will drop the node we removed the link for and all of its children via btrfs_drop_subtree(). This is essentially just btrfs_drop_snapshot(), but for an arbitrary point in the snapshot. The problem with this is that we will never reflect this in the backref cache. If we do this btrfs_drop_snapshot() for a node that is in the backref tree, we will leave the node in the backref tree. This becomes a problem when we change the transid, as now the backref cache has entire subtrees that no longer exist, but exist as if they still are pointed to by the same roots. In the best case scenario you end up with "adding refs to an existing tree ref" errors from insert_inline_extent_backref(), where we attempt to link in nodes on roots that are no longer valid. Worst case you will double free some random block and re-use it when there's still references to the block. This is extremely subtle, and the consequences are quite bad. There isn't a way to make sure our backref cache is consistent between transid's. In order to fix this we need to simply evict the entire backref cache anytime we cross transid's. This reduces performance in that we have to rebuild this backref cache every time we change transid's, but fixes the bug. This has existed since relocation was added, and is a pretty critical bug. There's a lot more cleanup that can be done now that this functionality is going away, but this patch is as small as possible in order to fix the problem and make it easy for us to backport it to all the kernels it needs to be backported to. Followup series will dismantle more of this code and simplify relocation drastically to remove this functionality. We have a reproducer that reproduced the corruption within a few minutes of running. With this patch it survives several iterations/hours of running the reproducer. Fixes: 3fd0a5585eb9 ("Btrfs: Metadata ENOSPC handling for balance") CC: stable(a)vger.kernel.org Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index e2f478ecd7fd..f8e1d5b2c512 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -3179,10 +3179,14 @@ void btrfs_backref_release_cache(struct btrfs_backref_cache *cache) btrfs_backref_cleanup_node(cache, node); } - cache->last_trans = 0; - - for (i = 0; i < BTRFS_MAX_LEVEL; i++) - ASSERT(list_empty(&cache->pending[i])); + for (i = 0; i < BTRFS_MAX_LEVEL; i++) { + while (!list_empty(&cache->pending[i])) { + node = list_first_entry(&cache->pending[i], + struct btrfs_backref_node, + list); + btrfs_backref_cleanup_node(cache, node); + } + } ASSERT(list_empty(&cache->pending_edge)); ASSERT(list_empty(&cache->useless_node)); ASSERT(list_empty(&cache->changed)); diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index ea4ed85919ec..cf1dfeaaf2d8 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -232,70 +232,6 @@ static struct btrfs_backref_node *walk_down_backref( return NULL; } -static void update_backref_node(struct btrfs_backref_cache *cache, - struct btrfs_backref_node *node, u64 bytenr) -{ - struct rb_node *rb_node; - rb_erase(&node->rb_node, &cache->rb_root); - node->bytenr = bytenr; - rb_node = rb_simple_insert(&cache->rb_root, node->bytenr, &node->rb_node); - if (rb_node) - btrfs_backref_panic(cache->fs_info, bytenr, -EEXIST); -} - -/* - * update backref cache after a transaction commit - */ -static int update_backref_cache(struct btrfs_trans_handle *trans, - struct btrfs_backref_cache *cache) -{ - struct btrfs_backref_node *node; - int level = 0; - - if (cache->last_trans == 0) { - cache->last_trans = trans->transid; - return 0; - } - - if (cache->last_trans == trans->transid) - return 0; - - /* - * detached nodes are used to avoid unnecessary backref - * lookup. transaction commit changes the extent tree. - * so the detached nodes are no longer useful. - */ - while (!list_empty(&cache->detached)) { - node = list_entry(cache->detached.next, - struct btrfs_backref_node, list); - btrfs_backref_cleanup_node(cache, node); - } - - while (!list_empty(&cache->changed)) { - node = list_entry(cache->changed.next, - struct btrfs_backref_node, list); - list_del_init(&node->list); - BUG_ON(node->pending); - update_backref_node(cache, node, node->new_bytenr); - } - - /* - * some nodes can be left in the pending list if there were - * errors during processing the pending nodes. - */ - for (level = 0; level < BTRFS_MAX_LEVEL; level++) { - list_for_each_entry(node, &cache->pending[level], list) { - BUG_ON(!node->pending); - if (node->bytenr == node->new_bytenr) - continue; - update_backref_node(cache, node, node->new_bytenr); - } - } - - cache->last_trans = 0; - return 1; -} - static bool reloc_root_is_dead(const struct btrfs_root *root) { /* @@ -551,9 +487,6 @@ static int clone_backref_node(struct btrfs_trans_handle *trans, struct btrfs_backref_edge *new_edge; struct rb_node *rb_node; - if (cache->last_trans > 0) - update_backref_cache(trans, cache); - rb_node = rb_simple_search(&cache->rb_root, src->commit_root->start); if (rb_node) { node = rb_entry(rb_node, struct btrfs_backref_node, rb_node); @@ -3698,11 +3631,9 @@ static noinline_for_stack int relocate_block_group(struct reloc_control *rc) break; } restart: - if (update_backref_cache(trans, &rc->backref_cache)) { - btrfs_end_transaction(trans); - trans = NULL; - continue; - } + if (rc->backref_cache.last_trans != trans->transid) + btrfs_backref_release_cache(&rc->backref_cache); + rc->backref_cache.last_trans = trans->transid; ret = find_next_extent(rc, path, &key); if (ret < 0)

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: drop the backref cache during relocation if we commit" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x db7e68b522c01eb666cfe1f31637775f18997811 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100718-overpass-stammer-380f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: db7e68b522c0 ("btrfs: drop the backref cache during relocation if we commit") ab7c8bbf3a08 ("btrfs: relocation: constify parameters where possible") 32f2abca380f ("btrfs: relocation: return bool from btrfs_should_ignore_reloc_root") b9a9a85059cd ("btrfs: output affected files when relocation fails") aa5d3003ddee ("btrfs: move orphan prototypes into orphan.h") 7f0add250f82 ("btrfs: move super_block specific helpers into super.h") c03b22076bd2 ("btrfs: move super prototypes into super.h") 5c11adcc383a ("btrfs: move verity prototypes into verity.h") 77407dc032e2 ("btrfs: move dev-replace prototypes into dev-replace.h") 2fc6822c99d7 ("btrfs: move scrub prototypes into scrub.h") 677074792a1d ("btrfs: move relocation prototypes into relocation.h") 33cf97a7b658 ("btrfs: move acl prototypes into acl.h") b538a271ae9b ("btrfs: move the 32bit warn defines into messages.h") af142b6f44d3 ("btrfs: move file prototypes to file.h") 7572dec8f522 ("btrfs: move ioctl prototypes into ioctl.h") c7a03b524d30 ("btrfs: move uuid tree prototypes to uuid-tree.h") 7c8ede162805 ("btrfs: move file-item prototypes into their own header") f2b39277b87d ("btrfs: move dir-item prototypes into dir-item.h") 59b818e064ab ("btrfs: move defrag related prototypes to their own header") a6a01ca61f49 ("btrfs: move the file defrag code into defrag.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From db7e68b522c01eb666cfe1f31637775f18997811 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Tue, 24 Sep 2024 16:50:22 -0400 Subject: [PATCH] btrfs: drop the backref cache during relocation if we commit Since the inception of relocation we have maintained the backref cache across transaction commits, updating the backref cache with the new bytenr whenever we COWed blocks that were in the cache, and then updating their bytenr once we detected a transaction id change. This works as long as we're only ever modifying blocks, not changing the structure of the tree. However relocation does in fact change the structure of the tree. For example, if we are relocating a data extent, we will look up all the leaves that point to this data extent. We will then call do_relocation() on each of these leaves, which will COW down to the leaf and then update the file extent location. But, a key feature of do_relocation() is the pending list. This is all the pending nodes that we modified when we updated the file extent item. We will then process all of these blocks via finish_pending_nodes, which calls do_relocation() on all of the nodes that led up to that leaf. The purpose of this is to make sure we don't break sharing unless we absolutely have to. Consider the case that we have 3 snapshots that all point to this leaf through the same nodes, the initial COW would have created a whole new path. If we did this for all 3 snapshots we would end up with 3x the number of nodes we had originally. To avoid this we will cycle through each of the snapshots that point to each of these nodes and update their pointers to point at the new nodes. Once we update the pointer to the new node we will drop the node we removed the link for and all of its children via btrfs_drop_subtree(). This is essentially just btrfs_drop_snapshot(), but for an arbitrary point in the snapshot. The problem with this is that we will never reflect this in the backref cache. If we do this btrfs_drop_snapshot() for a node that is in the backref tree, we will leave the node in the backref tree. This becomes a problem when we change the transid, as now the backref cache has entire subtrees that no longer exist, but exist as if they still are pointed to by the same roots. In the best case scenario you end up with "adding refs to an existing tree ref" errors from insert_inline_extent_backref(), where we attempt to link in nodes on roots that are no longer valid. Worst case you will double free some random block and re-use it when there's still references to the block. This is extremely subtle, and the consequences are quite bad. There isn't a way to make sure our backref cache is consistent between transid's. In order to fix this we need to simply evict the entire backref cache anytime we cross transid's. This reduces performance in that we have to rebuild this backref cache every time we change transid's, but fixes the bug. This has existed since relocation was added, and is a pretty critical bug. There's a lot more cleanup that can be done now that this functionality is going away, but this patch is as small as possible in order to fix the problem and make it easy for us to backport it to all the kernels it needs to be backported to. Followup series will dismantle more of this code and simplify relocation drastically to remove this functionality. We have a reproducer that reproduced the corruption within a few minutes of running. With this patch it survives several iterations/hours of running the reproducer. Fixes: 3fd0a5585eb9 ("Btrfs: Metadata ENOSPC handling for balance") CC: stable(a)vger.kernel.org Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index e2f478ecd7fd..f8e1d5b2c512 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -3179,10 +3179,14 @@ void btrfs_backref_release_cache(struct btrfs_backref_cache *cache) btrfs_backref_cleanup_node(cache, node); } - cache->last_trans = 0; - - for (i = 0; i < BTRFS_MAX_LEVEL; i++) - ASSERT(list_empty(&cache->pending[i])); + for (i = 0; i < BTRFS_MAX_LEVEL; i++) { + while (!list_empty(&cache->pending[i])) { + node = list_first_entry(&cache->pending[i], + struct btrfs_backref_node, + list); + btrfs_backref_cleanup_node(cache, node); + } + } ASSERT(list_empty(&cache->pending_edge)); ASSERT(list_empty(&cache->useless_node)); ASSERT(list_empty(&cache->changed)); diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index ea4ed85919ec..cf1dfeaaf2d8 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -232,70 +232,6 @@ static struct btrfs_backref_node *walk_down_backref( return NULL; } -static void update_backref_node(struct btrfs_backref_cache *cache, - struct btrfs_backref_node *node, u64 bytenr) -{ - struct rb_node *rb_node; - rb_erase(&node->rb_node, &cache->rb_root); - node->bytenr = bytenr; - rb_node = rb_simple_insert(&cache->rb_root, node->bytenr, &node->rb_node); - if (rb_node) - btrfs_backref_panic(cache->fs_info, bytenr, -EEXIST); -} - -/* - * update backref cache after a transaction commit - */ -static int update_backref_cache(struct btrfs_trans_handle *trans, - struct btrfs_backref_cache *cache) -{ - struct btrfs_backref_node *node; - int level = 0; - - if (cache->last_trans == 0) { - cache->last_trans = trans->transid; - return 0; - } - - if (cache->last_trans == trans->transid) - return 0; - - /* - * detached nodes are used to avoid unnecessary backref - * lookup. transaction commit changes the extent tree. - * so the detached nodes are no longer useful. - */ - while (!list_empty(&cache->detached)) { - node = list_entry(cache->detached.next, - struct btrfs_backref_node, list); - btrfs_backref_cleanup_node(cache, node); - } - - while (!list_empty(&cache->changed)) { - node = list_entry(cache->changed.next, - struct btrfs_backref_node, list); - list_del_init(&node->list); - BUG_ON(node->pending); - update_backref_node(cache, node, node->new_bytenr); - } - - /* - * some nodes can be left in the pending list if there were - * errors during processing the pending nodes. - */ - for (level = 0; level < BTRFS_MAX_LEVEL; level++) { - list_for_each_entry(node, &cache->pending[level], list) { - BUG_ON(!node->pending); - if (node->bytenr == node->new_bytenr) - continue; - update_backref_node(cache, node, node->new_bytenr); - } - } - - cache->last_trans = 0; - return 1; -} - static bool reloc_root_is_dead(const struct btrfs_root *root) { /* @@ -551,9 +487,6 @@ static int clone_backref_node(struct btrfs_trans_handle *trans, struct btrfs_backref_edge *new_edge; struct rb_node *rb_node; - if (cache->last_trans > 0) - update_backref_cache(trans, cache); - rb_node = rb_simple_search(&cache->rb_root, src->commit_root->start); if (rb_node) { node = rb_entry(rb_node, struct btrfs_backref_node, rb_node); @@ -3698,11 +3631,9 @@ static noinline_for_stack int relocate_block_group(struct reloc_control *rc) break; } restart: - if (update_backref_cache(trans, &rc->backref_cache)) { - btrfs_end_transaction(trans); - trans = NULL; - continue; - } + if (rc->backref_cache.last_trans != trans->transid) + btrfs_backref_release_cache(&rc->backref_cache); + rc->backref_cache.last_trans = trans->transid; ret = find_next_extent(rc, path, &key); if (ret < 0)

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: drop the backref cache during relocation if we commit" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x db7e68b522c01eb666cfe1f31637775f18997811 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100716-cryptic-harness-bdfa@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: db7e68b522c0 ("btrfs: drop the backref cache during relocation if we commit") ab7c8bbf3a08 ("btrfs: relocation: constify parameters where possible") 32f2abca380f ("btrfs: relocation: return bool from btrfs_should_ignore_reloc_root") b9a9a85059cd ("btrfs: output affected files when relocation fails") aa5d3003ddee ("btrfs: move orphan prototypes into orphan.h") 7f0add250f82 ("btrfs: move super_block specific helpers into super.h") c03b22076bd2 ("btrfs: move super prototypes into super.h") 5c11adcc383a ("btrfs: move verity prototypes into verity.h") 77407dc032e2 ("btrfs: move dev-replace prototypes into dev-replace.h") 2fc6822c99d7 ("btrfs: move scrub prototypes into scrub.h") 677074792a1d ("btrfs: move relocation prototypes into relocation.h") 33cf97a7b658 ("btrfs: move acl prototypes into acl.h") b538a271ae9b ("btrfs: move the 32bit warn defines into messages.h") af142b6f44d3 ("btrfs: move file prototypes to file.h") 7572dec8f522 ("btrfs: move ioctl prototypes into ioctl.h") c7a03b524d30 ("btrfs: move uuid tree prototypes to uuid-tree.h") 7c8ede162805 ("btrfs: move file-item prototypes into their own header") f2b39277b87d ("btrfs: move dir-item prototypes into dir-item.h") 59b818e064ab ("btrfs: move defrag related prototypes to their own header") a6a01ca61f49 ("btrfs: move the file defrag code into defrag.c") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From db7e68b522c01eb666cfe1f31637775f18997811 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Tue, 24 Sep 2024 16:50:22 -0400 Subject: [PATCH] btrfs: drop the backref cache during relocation if we commit Since the inception of relocation we have maintained the backref cache across transaction commits, updating the backref cache with the new bytenr whenever we COWed blocks that were in the cache, and then updating their bytenr once we detected a transaction id change. This works as long as we're only ever modifying blocks, not changing the structure of the tree. However relocation does in fact change the structure of the tree. For example, if we are relocating a data extent, we will look up all the leaves that point to this data extent. We will then call do_relocation() on each of these leaves, which will COW down to the leaf and then update the file extent location. But, a key feature of do_relocation() is the pending list. This is all the pending nodes that we modified when we updated the file extent item. We will then process all of these blocks via finish_pending_nodes, which calls do_relocation() on all of the nodes that led up to that leaf. The purpose of this is to make sure we don't break sharing unless we absolutely have to. Consider the case that we have 3 snapshots that all point to this leaf through the same nodes, the initial COW would have created a whole new path. If we did this for all 3 snapshots we would end up with 3x the number of nodes we had originally. To avoid this we will cycle through each of the snapshots that point to each of these nodes and update their pointers to point at the new nodes. Once we update the pointer to the new node we will drop the node we removed the link for and all of its children via btrfs_drop_subtree(). This is essentially just btrfs_drop_snapshot(), but for an arbitrary point in the snapshot. The problem with this is that we will never reflect this in the backref cache. If we do this btrfs_drop_snapshot() for a node that is in the backref tree, we will leave the node in the backref tree. This becomes a problem when we change the transid, as now the backref cache has entire subtrees that no longer exist, but exist as if they still are pointed to by the same roots. In the best case scenario you end up with "adding refs to an existing tree ref" errors from insert_inline_extent_backref(), where we attempt to link in nodes on roots that are no longer valid. Worst case you will double free some random block and re-use it when there's still references to the block. This is extremely subtle, and the consequences are quite bad. There isn't a way to make sure our backref cache is consistent between transid's. In order to fix this we need to simply evict the entire backref cache anytime we cross transid's. This reduces performance in that we have to rebuild this backref cache every time we change transid's, but fixes the bug. This has existed since relocation was added, and is a pretty critical bug. There's a lot more cleanup that can be done now that this functionality is going away, but this patch is as small as possible in order to fix the problem and make it easy for us to backport it to all the kernels it needs to be backported to. Followup series will dismantle more of this code and simplify relocation drastically to remove this functionality. We have a reproducer that reproduced the corruption within a few minutes of running. With this patch it survives several iterations/hours of running the reproducer. Fixes: 3fd0a5585eb9 ("Btrfs: Metadata ENOSPC handling for balance") CC: stable(a)vger.kernel.org Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index e2f478ecd7fd..f8e1d5b2c512 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -3179,10 +3179,14 @@ void btrfs_backref_release_cache(struct btrfs_backref_cache *cache) btrfs_backref_cleanup_node(cache, node); } - cache->last_trans = 0; - - for (i = 0; i < BTRFS_MAX_LEVEL; i++) - ASSERT(list_empty(&cache->pending[i])); + for (i = 0; i < BTRFS_MAX_LEVEL; i++) { + while (!list_empty(&cache->pending[i])) { + node = list_first_entry(&cache->pending[i], + struct btrfs_backref_node, + list); + btrfs_backref_cleanup_node(cache, node); + } + } ASSERT(list_empty(&cache->pending_edge)); ASSERT(list_empty(&cache->useless_node)); ASSERT(list_empty(&cache->changed)); diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index ea4ed85919ec..cf1dfeaaf2d8 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -232,70 +232,6 @@ static struct btrfs_backref_node *walk_down_backref( return NULL; } -static void update_backref_node(struct btrfs_backref_cache *cache, - struct btrfs_backref_node *node, u64 bytenr) -{ - struct rb_node *rb_node; - rb_erase(&node->rb_node, &cache->rb_root); - node->bytenr = bytenr; - rb_node = rb_simple_insert(&cache->rb_root, node->bytenr, &node->rb_node); - if (rb_node) - btrfs_backref_panic(cache->fs_info, bytenr, -EEXIST); -} - -/* - * update backref cache after a transaction commit - */ -static int update_backref_cache(struct btrfs_trans_handle *trans, - struct btrfs_backref_cache *cache) -{ - struct btrfs_backref_node *node; - int level = 0; - - if (cache->last_trans == 0) { - cache->last_trans = trans->transid; - return 0; - } - - if (cache->last_trans == trans->transid) - return 0; - - /* - * detached nodes are used to avoid unnecessary backref - * lookup. transaction commit changes the extent tree. - * so the detached nodes are no longer useful. - */ - while (!list_empty(&cache->detached)) { - node = list_entry(cache->detached.next, - struct btrfs_backref_node, list); - btrfs_backref_cleanup_node(cache, node); - } - - while (!list_empty(&cache->changed)) { - node = list_entry(cache->changed.next, - struct btrfs_backref_node, list); - list_del_init(&node->list); - BUG_ON(node->pending); - update_backref_node(cache, node, node->new_bytenr); - } - - /* - * some nodes can be left in the pending list if there were - * errors during processing the pending nodes. - */ - for (level = 0; level < BTRFS_MAX_LEVEL; level++) { - list_for_each_entry(node, &cache->pending[level], list) { - BUG_ON(!node->pending); - if (node->bytenr == node->new_bytenr) - continue; - update_backref_node(cache, node, node->new_bytenr); - } - } - - cache->last_trans = 0; - return 1; -} - static bool reloc_root_is_dead(const struct btrfs_root *root) { /* @@ -551,9 +487,6 @@ static int clone_backref_node(struct btrfs_trans_handle *trans, struct btrfs_backref_edge *new_edge; struct rb_node *rb_node; - if (cache->last_trans > 0) - update_backref_cache(trans, cache); - rb_node = rb_simple_search(&cache->rb_root, src->commit_root->start); if (rb_node) { node = rb_entry(rb_node, struct btrfs_backref_node, rb_node); @@ -3698,11 +3631,9 @@ static noinline_for_stack int relocate_block_group(struct reloc_control *rc) break; } restart: - if (update_backref_cache(trans, &rc->backref_cache)) { - btrfs_end_transaction(trans); - trans = NULL; - continue; - } + if (rc->backref_cache.last_trans != trans->transid) + btrfs_backref_release_cache(&rc->backref_cache); + rc->backref_cache.last_trans = trans->transid; ret = find_next_extent(rc, path, &key); if (ret < 0)

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: drop the backref cache during relocation if we commit" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x db7e68b522c01eb666cfe1f31637775f18997811 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100714-clustered-sizing-bcce@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: db7e68b522c0 ("btrfs: drop the backref cache during relocation if we commit") ab7c8bbf3a08 ("btrfs: relocation: constify parameters where possible") 32f2abca380f ("btrfs: relocation: return bool from btrfs_should_ignore_reloc_root") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From db7e68b522c01eb666cfe1f31637775f18997811 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Tue, 24 Sep 2024 16:50:22 -0400 Subject: [PATCH] btrfs: drop the backref cache during relocation if we commit Since the inception of relocation we have maintained the backref cache across transaction commits, updating the backref cache with the new bytenr whenever we COWed blocks that were in the cache, and then updating their bytenr once we detected a transaction id change. This works as long as we're only ever modifying blocks, not changing the structure of the tree. However relocation does in fact change the structure of the tree. For example, if we are relocating a data extent, we will look up all the leaves that point to this data extent. We will then call do_relocation() on each of these leaves, which will COW down to the leaf and then update the file extent location. But, a key feature of do_relocation() is the pending list. This is all the pending nodes that we modified when we updated the file extent item. We will then process all of these blocks via finish_pending_nodes, which calls do_relocation() on all of the nodes that led up to that leaf. The purpose of this is to make sure we don't break sharing unless we absolutely have to. Consider the case that we have 3 snapshots that all point to this leaf through the same nodes, the initial COW would have created a whole new path. If we did this for all 3 snapshots we would end up with 3x the number of nodes we had originally. To avoid this we will cycle through each of the snapshots that point to each of these nodes and update their pointers to point at the new nodes. Once we update the pointer to the new node we will drop the node we removed the link for and all of its children via btrfs_drop_subtree(). This is essentially just btrfs_drop_snapshot(), but for an arbitrary point in the snapshot. The problem with this is that we will never reflect this in the backref cache. If we do this btrfs_drop_snapshot() for a node that is in the backref tree, we will leave the node in the backref tree. This becomes a problem when we change the transid, as now the backref cache has entire subtrees that no longer exist, but exist as if they still are pointed to by the same roots. In the best case scenario you end up with "adding refs to an existing tree ref" errors from insert_inline_extent_backref(), where we attempt to link in nodes on roots that are no longer valid. Worst case you will double free some random block and re-use it when there's still references to the block. This is extremely subtle, and the consequences are quite bad. There isn't a way to make sure our backref cache is consistent between transid's. In order to fix this we need to simply evict the entire backref cache anytime we cross transid's. This reduces performance in that we have to rebuild this backref cache every time we change transid's, but fixes the bug. This has existed since relocation was added, and is a pretty critical bug. There's a lot more cleanup that can be done now that this functionality is going away, but this patch is as small as possible in order to fix the problem and make it easy for us to backport it to all the kernels it needs to be backported to. Followup series will dismantle more of this code and simplify relocation drastically to remove this functionality. We have a reproducer that reproduced the corruption within a few minutes of running. With this patch it survives several iterations/hours of running the reproducer. Fixes: 3fd0a5585eb9 ("Btrfs: Metadata ENOSPC handling for balance") CC: stable(a)vger.kernel.org Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index e2f478ecd7fd..f8e1d5b2c512 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -3179,10 +3179,14 @@ void btrfs_backref_release_cache(struct btrfs_backref_cache *cache) btrfs_backref_cleanup_node(cache, node); } - cache->last_trans = 0; - - for (i = 0; i < BTRFS_MAX_LEVEL; i++) - ASSERT(list_empty(&cache->pending[i])); + for (i = 0; i < BTRFS_MAX_LEVEL; i++) { + while (!list_empty(&cache->pending[i])) { + node = list_first_entry(&cache->pending[i], + struct btrfs_backref_node, + list); + btrfs_backref_cleanup_node(cache, node); + } + } ASSERT(list_empty(&cache->pending_edge)); ASSERT(list_empty(&cache->useless_node)); ASSERT(list_empty(&cache->changed)); diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index ea4ed85919ec..cf1dfeaaf2d8 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -232,70 +232,6 @@ static struct btrfs_backref_node *walk_down_backref( return NULL; } -static void update_backref_node(struct btrfs_backref_cache *cache, - struct btrfs_backref_node *node, u64 bytenr) -{ - struct rb_node *rb_node; - rb_erase(&node->rb_node, &cache->rb_root); - node->bytenr = bytenr; - rb_node = rb_simple_insert(&cache->rb_root, node->bytenr, &node->rb_node); - if (rb_node) - btrfs_backref_panic(cache->fs_info, bytenr, -EEXIST); -} - -/* - * update backref cache after a transaction commit - */ -static int update_backref_cache(struct btrfs_trans_handle *trans, - struct btrfs_backref_cache *cache) -{ - struct btrfs_backref_node *node; - int level = 0; - - if (cache->last_trans == 0) { - cache->last_trans = trans->transid; - return 0; - } - - if (cache->last_trans == trans->transid) - return 0; - - /* - * detached nodes are used to avoid unnecessary backref - * lookup. transaction commit changes the extent tree. - * so the detached nodes are no longer useful. - */ - while (!list_empty(&cache->detached)) { - node = list_entry(cache->detached.next, - struct btrfs_backref_node, list); - btrfs_backref_cleanup_node(cache, node); - } - - while (!list_empty(&cache->changed)) { - node = list_entry(cache->changed.next, - struct btrfs_backref_node, list); - list_del_init(&node->list); - BUG_ON(node->pending); - update_backref_node(cache, node, node->new_bytenr); - } - - /* - * some nodes can be left in the pending list if there were - * errors during processing the pending nodes. - */ - for (level = 0; level < BTRFS_MAX_LEVEL; level++) { - list_for_each_entry(node, &cache->pending[level], list) { - BUG_ON(!node->pending); - if (node->bytenr == node->new_bytenr) - continue; - update_backref_node(cache, node, node->new_bytenr); - } - } - - cache->last_trans = 0; - return 1; -} - static bool reloc_root_is_dead(const struct btrfs_root *root) { /* @@ -551,9 +487,6 @@ static int clone_backref_node(struct btrfs_trans_handle *trans, struct btrfs_backref_edge *new_edge; struct rb_node *rb_node; - if (cache->last_trans > 0) - update_backref_cache(trans, cache); - rb_node = rb_simple_search(&cache->rb_root, src->commit_root->start); if (rb_node) { node = rb_entry(rb_node, struct btrfs_backref_node, rb_node); @@ -3698,11 +3631,9 @@ static noinline_for_stack int relocate_block_group(struct reloc_control *rc) break; } restart: - if (update_backref_cache(trans, &rc->backref_cache)) { - btrfs_end_transaction(trans); - trans = NULL; - continue; - } + if (rc->backref_cache.last_trans != trans->transid) + btrfs_backref_release_cache(&rc->backref_cache); + rc->backref_cache.last_trans = trans->transid; ret = find_next_extent(rc, path, &key); if (ret < 0)

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix a NULL pointer dereference when failed to start a" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x c3b47f49e83197e8dffd023ec568403bcdbb774b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100756-parasail-agreement-0453@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: c3b47f49e831 ("btrfs: fix a NULL pointer dereference when failed to start a new trasacntion") d2311e698578 ("btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots") 83354f0772cd ("btrfs: catch cow on deleting snapshots") 61fa90c16b0b ("btrfs: switch BTRFS_ROOT_* to enums") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c3b47f49e83197e8dffd023ec568403bcdbb774b Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Sat, 28 Sep 2024 08:05:58 +0930 Subject: [PATCH] btrfs: fix a NULL pointer dereference when failed to start a new trasacntion [BUG] Syzbot reported a NULL pointer dereference with the following crash: FAULT_INJECTION: forcing a failure. start_transaction+0x830/0x1670 fs/btrfs/transaction.c:676 prepare_to_relocate+0x31f/0x4c0 fs/btrfs/relocation.c:3642 relocate_block_group+0x169/0xd20 fs/btrfs/relocation.c:3678 ... BTRFS info (device loop0): balance: ended with status: -12 Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cc: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000660-0x0000000000000667] RIP: 0010:btrfs_update_reloc_root+0x362/0xa80 fs/btrfs/relocation.c:926 Call Trace: <TASK> commit_fs_roots+0x2ee/0x720 fs/btrfs/transaction.c:1496 btrfs_commit_transaction+0xfaf/0x3740 fs/btrfs/transaction.c:2430 del_balance_item fs/btrfs/volumes.c:3678 [inline] reset_balance_state+0x25e/0x3c0 fs/btrfs/volumes.c:3742 btrfs_balance+0xead/0x10c0 fs/btrfs/volumes.c:4574 btrfs_ioctl_balance+0x493/0x7c0 fs/btrfs/ioctl.c:3673 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [CAUSE] The allocation failure happens at the start_transaction() inside prepare_to_relocate(), and during the error handling we call unset_reloc_control(), which makes fs_info->balance_ctl to be NULL. Then we continue the error path cleanup in btrfs_balance() by calling reset_balance_state() which will call del_balance_item() to fully delete the balance item in the root tree. However during the small window between set_reloc_contrl() and unset_reloc_control(), we can have a subvolume tree update and created a reloc_root for that subvolume. Then we go into the final btrfs_commit_transaction() of del_balance_item(), and into btrfs_update_reloc_root() inside commit_fs_roots(). That function checks if fs_info->reloc_ctl is in the merge_reloc_tree stage, but since fs_info->reloc_ctl is NULL, it results a NULL pointer dereference. [FIX] Just add extra check on fs_info->reloc_ctl inside btrfs_update_reloc_root(), before checking fs_info->reloc_ctl->merge_reloc_tree. That DEAD_RELOC_TREE handling is to prevent further modification to the reloc tree during merge stage, but since there is no reloc_ctl at all, we do not need to bother that. Reported-by: syzbot+283673dbc38527ef9f3d(a)syzkaller.appspotmail.com Link: https://lore.kernel.org/linux-btrfs/66f6bfa7.050a0220.38ace9.0019.GAE@googl… CC: stable(a)vger.kernel.org # 4.19+ Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index cf1dfeaaf2d8..f3834f8d26b4 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -856,7 +856,7 @@ int btrfs_update_reloc_root(struct btrfs_trans_handle *trans, btrfs_grab_root(reloc_root); /* root->reloc_root will stay until current relocation finished */ - if (fs_info->reloc_ctl->merge_reloc_tree && + if (fs_info->reloc_ctl && fs_info->reloc_ctl->merge_reloc_tree && btrfs_root_refs(root_item) == 0) { set_bit(BTRFS_ROOT_DEAD_RELOC_TREE, &root->state); /*

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ACPI: battery: Fix possible crash when unregistering a" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 76959aff14a0012ad6b984ec7686d163deccdc16 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100730-uneatable-grill-4244@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 76959aff14a0 ("ACPI: battery: Fix possible crash when unregistering a battery hook") 86309cbed261 ("ACPI: battery: Simplify battery hook locking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76959aff14a0012ad6b984ec7686d163deccdc16 Mon Sep 17 00:00:00 2001 From: Armin Wolf <W_Armin(a)gmx.de> Date: Tue, 1 Oct 2024 23:28:34 +0200 Subject: [PATCH] ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash. Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister(). Fixes: fa93854f7a7e ("battery: Add the battery hooking API") Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> Link: https://patch.msgid.link/20241001212835.341788-3-W_Armin@gmx.de Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index dda59ee5a11e..1c45ff6dbb83 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -715,7 +715,7 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) if (!hook->remove_battery(battery->bat, hook)) power_supply_changed(battery->bat); } - list_del(&hook->list); + list_del_init(&hook->list); pr_info("extension unregistered: %s\n", hook->name); } @@ -723,7 +723,14 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) void battery_hook_unregister(struct acpi_battery_hook *hook) { mutex_lock(&hook_mutex); - battery_hook_unregister_unlocked(hook); + /* + * Ignore already unregistered battery hooks. This might happen + * if a battery hook was previously unloaded due to an error when + * adding a new battery. + */ + if (!list_empty(&hook->list)) + battery_hook_unregister_unlocked(hook); + mutex_unlock(&hook_mutex); } EXPORT_SYMBOL_GPL(battery_hook_unregister); @@ -733,7 +740,6 @@ void battery_hook_register(struct acpi_battery_hook *hook) struct acpi_battery *battery; mutex_lock(&hook_mutex); - INIT_LIST_HEAD(&hook->list); list_add(&hook->list, &battery_hook_list); /* * Now that the driver is registered, we need

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ACPI: battery: Fix possible crash when unregistering a" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 76959aff14a0012ad6b984ec7686d163deccdc16 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100729-scanning-delegator-9af9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 76959aff14a0 ("ACPI: battery: Fix possible crash when unregistering a battery hook") 86309cbed261 ("ACPI: battery: Simplify battery hook locking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76959aff14a0012ad6b984ec7686d163deccdc16 Mon Sep 17 00:00:00 2001 From: Armin Wolf <W_Armin(a)gmx.de> Date: Tue, 1 Oct 2024 23:28:34 +0200 Subject: [PATCH] ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash. Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister(). Fixes: fa93854f7a7e ("battery: Add the battery hooking API") Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> Link: https://patch.msgid.link/20241001212835.341788-3-W_Armin@gmx.de Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index dda59ee5a11e..1c45ff6dbb83 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -715,7 +715,7 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) if (!hook->remove_battery(battery->bat, hook)) power_supply_changed(battery->bat); } - list_del(&hook->list); + list_del_init(&hook->list); pr_info("extension unregistered: %s\n", hook->name); } @@ -723,7 +723,14 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) void battery_hook_unregister(struct acpi_battery_hook *hook) { mutex_lock(&hook_mutex); - battery_hook_unregister_unlocked(hook); + /* + * Ignore already unregistered battery hooks. This might happen + * if a battery hook was previously unloaded due to an error when + * adding a new battery. + */ + if (!list_empty(&hook->list)) + battery_hook_unregister_unlocked(hook); + mutex_unlock(&hook_mutex); } EXPORT_SYMBOL_GPL(battery_hook_unregister); @@ -733,7 +740,6 @@ void battery_hook_register(struct acpi_battery_hook *hook) struct acpi_battery *battery; mutex_lock(&hook_mutex); - INIT_LIST_HEAD(&hook->list); list_add(&hook->list, &battery_hook_list); /* * Now that the driver is registered, we need

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ACPI: battery: Fix possible crash when unregistering a" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 76959aff14a0012ad6b984ec7686d163deccdc16 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100729-grimacing-creamlike-16ee@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 76959aff14a0 ("ACPI: battery: Fix possible crash when unregistering a battery hook") 86309cbed261 ("ACPI: battery: Simplify battery hook locking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76959aff14a0012ad6b984ec7686d163deccdc16 Mon Sep 17 00:00:00 2001 From: Armin Wolf <W_Armin(a)gmx.de> Date: Tue, 1 Oct 2024 23:28:34 +0200 Subject: [PATCH] ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash. Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister(). Fixes: fa93854f7a7e ("battery: Add the battery hooking API") Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> Link: https://patch.msgid.link/20241001212835.341788-3-W_Armin@gmx.de Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index dda59ee5a11e..1c45ff6dbb83 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -715,7 +715,7 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) if (!hook->remove_battery(battery->bat, hook)) power_supply_changed(battery->bat); } - list_del(&hook->list); + list_del_init(&hook->list); pr_info("extension unregistered: %s\n", hook->name); } @@ -723,7 +723,14 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) void battery_hook_unregister(struct acpi_battery_hook *hook) { mutex_lock(&hook_mutex); - battery_hook_unregister_unlocked(hook); + /* + * Ignore already unregistered battery hooks. This might happen + * if a battery hook was previously unloaded due to an error when + * adding a new battery. + */ + if (!list_empty(&hook->list)) + battery_hook_unregister_unlocked(hook); + mutex_unlock(&hook_mutex); } EXPORT_SYMBOL_GPL(battery_hook_unregister); @@ -733,7 +740,6 @@ void battery_hook_register(struct acpi_battery_hook *hook) struct acpi_battery *battery; mutex_lock(&hook_mutex); - INIT_LIST_HEAD(&hook->list); list_add(&hook->list, &battery_hook_list); /* * Now that the driver is registered, we need

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ACPI: battery: Fix possible crash when unregistering a" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 76959aff14a0012ad6b984ec7686d163deccdc16 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100728-corsage-tinsmith-1569@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 76959aff14a0 ("ACPI: battery: Fix possible crash when unregistering a battery hook") 86309cbed261 ("ACPI: battery: Simplify battery hook locking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76959aff14a0012ad6b984ec7686d163deccdc16 Mon Sep 17 00:00:00 2001 From: Armin Wolf <W_Armin(a)gmx.de> Date: Tue, 1 Oct 2024 23:28:34 +0200 Subject: [PATCH] ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash. Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister(). Fixes: fa93854f7a7e ("battery: Add the battery hooking API") Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> Link: https://patch.msgid.link/20241001212835.341788-3-W_Armin@gmx.de Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index dda59ee5a11e..1c45ff6dbb83 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -715,7 +715,7 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) if (!hook->remove_battery(battery->bat, hook)) power_supply_changed(battery->bat); } - list_del(&hook->list); + list_del_init(&hook->list); pr_info("extension unregistered: %s\n", hook->name); } @@ -723,7 +723,14 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) void battery_hook_unregister(struct acpi_battery_hook *hook) { mutex_lock(&hook_mutex); - battery_hook_unregister_unlocked(hook); + /* + * Ignore already unregistered battery hooks. This might happen + * if a battery hook was previously unloaded due to an error when + * adding a new battery. + */ + if (!list_empty(&hook->list)) + battery_hook_unregister_unlocked(hook); + mutex_unlock(&hook_mutex); } EXPORT_SYMBOL_GPL(battery_hook_unregister); @@ -733,7 +740,6 @@ void battery_hook_register(struct acpi_battery_hook *hook) struct acpi_battery *battery; mutex_lock(&hook_mutex); - INIT_LIST_HEAD(&hook->list); list_add(&hook->list, &battery_hook_list); /* * Now that the driver is registered, we need

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ACPI: battery: Fix possible crash when unregistering a" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 76959aff14a0012ad6b984ec7686d163deccdc16 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100726-skeleton-decal-096d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 76959aff14a0 ("ACPI: battery: Fix possible crash when unregistering a battery hook") 86309cbed261 ("ACPI: battery: Simplify battery hook locking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76959aff14a0012ad6b984ec7686d163deccdc16 Mon Sep 17 00:00:00 2001 From: Armin Wolf <W_Armin(a)gmx.de> Date: Tue, 1 Oct 2024 23:28:34 +0200 Subject: [PATCH] ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash. Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister(). Fixes: fa93854f7a7e ("battery: Add the battery hooking API") Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> Link: https://patch.msgid.link/20241001212835.341788-3-W_Armin@gmx.de Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index dda59ee5a11e..1c45ff6dbb83 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -715,7 +715,7 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) if (!hook->remove_battery(battery->bat, hook)) power_supply_changed(battery->bat); } - list_del(&hook->list); + list_del_init(&hook->list); pr_info("extension unregistered: %s\n", hook->name); } @@ -723,7 +723,14 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) void battery_hook_unregister(struct acpi_battery_hook *hook) { mutex_lock(&hook_mutex); - battery_hook_unregister_unlocked(hook); + /* + * Ignore already unregistered battery hooks. This might happen + * if a battery hook was previously unloaded due to an error when + * adding a new battery. + */ + if (!list_empty(&hook->list)) + battery_hook_unregister_unlocked(hook); + mutex_unlock(&hook_mutex); } EXPORT_SYMBOL_GPL(battery_hook_unregister); @@ -733,7 +740,6 @@ void battery_hook_register(struct acpi_battery_hook *hook) struct acpi_battery *battery; mutex_lock(&hook_mutex); - INIT_LIST_HEAD(&hook->list); list_add(&hook->list, &battery_hook_list); /* * Now that the driver is registered, we need

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ACPI: battery: Fix possible crash when unregistering a" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 76959aff14a0012ad6b984ec7686d163deccdc16 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100727-little-twitter-555a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 76959aff14a0 ("ACPI: battery: Fix possible crash when unregistering a battery hook") 86309cbed261 ("ACPI: battery: Simplify battery hook locking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76959aff14a0012ad6b984ec7686d163deccdc16 Mon Sep 17 00:00:00 2001 From: Armin Wolf <W_Armin(a)gmx.de> Date: Tue, 1 Oct 2024 23:28:34 +0200 Subject: [PATCH] ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash. Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister(). Fixes: fa93854f7a7e ("battery: Add the battery hooking API") Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> Link: https://patch.msgid.link/20241001212835.341788-3-W_Armin@gmx.de Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index dda59ee5a11e..1c45ff6dbb83 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -715,7 +715,7 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) if (!hook->remove_battery(battery->bat, hook)) power_supply_changed(battery->bat); } - list_del(&hook->list); + list_del_init(&hook->list); pr_info("extension unregistered: %s\n", hook->name); } @@ -723,7 +723,14 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) void battery_hook_unregister(struct acpi_battery_hook *hook) { mutex_lock(&hook_mutex); - battery_hook_unregister_unlocked(hook); + /* + * Ignore already unregistered battery hooks. This might happen + * if a battery hook was previously unloaded due to an error when + * adding a new battery. + */ + if (!list_empty(&hook->list)) + battery_hook_unregister_unlocked(hook); + mutex_unlock(&hook_mutex); } EXPORT_SYMBOL_GPL(battery_hook_unregister); @@ -733,7 +740,6 @@ void battery_hook_register(struct acpi_battery_hook *hook) struct acpi_battery *battery; mutex_lock(&hook_mutex); - INIT_LIST_HEAD(&hook->list); list_add(&hook->list, &battery_hook_list); /* * Now that the driver is registered, we need

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ACPI: battery: Fix possible crash when unregistering a" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 76959aff14a0012ad6b984ec7686d163deccdc16 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100726-disabled-stallion-fa4c@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 76959aff14a0 ("ACPI: battery: Fix possible crash when unregistering a battery hook") 86309cbed261 ("ACPI: battery: Simplify battery hook locking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76959aff14a0012ad6b984ec7686d163deccdc16 Mon Sep 17 00:00:00 2001 From: Armin Wolf <W_Armin(a)gmx.de> Date: Tue, 1 Oct 2024 23:28:34 +0200 Subject: [PATCH] ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash. Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister(). Fixes: fa93854f7a7e ("battery: Add the battery hooking API") Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> Link: https://patch.msgid.link/20241001212835.341788-3-W_Armin@gmx.de Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index dda59ee5a11e..1c45ff6dbb83 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -715,7 +715,7 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) if (!hook->remove_battery(battery->bat, hook)) power_supply_changed(battery->bat); } - list_del(&hook->list); + list_del_init(&hook->list); pr_info("extension unregistered: %s\n", hook->name); } @@ -723,7 +723,14 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) void battery_hook_unregister(struct acpi_battery_hook *hook) { mutex_lock(&hook_mutex); - battery_hook_unregister_unlocked(hook); + /* + * Ignore already unregistered battery hooks. This might happen + * if a battery hook was previously unloaded due to an error when + * adding a new battery. + */ + if (!list_empty(&hook->list)) + battery_hook_unregister_unlocked(hook); + mutex_unlock(&hook_mutex); } EXPORT_SYMBOL_GPL(battery_hook_unregister); @@ -733,7 +740,6 @@ void battery_hook_register(struct acpi_battery_hook *hook) struct acpi_battery *battery; mutex_lock(&hook_mutex); - INIT_LIST_HEAD(&hook->list); list_add(&hook->list, &battery_hook_list); /* * Now that the driver is registered, we need

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ACPI: battery: Fix possible crash when unregistering a" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 76959aff14a0012ad6b984ec7686d163deccdc16 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100725-equity-eloquent-38d6@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 76959aff14a0 ("ACPI: battery: Fix possible crash when unregistering a battery hook") 86309cbed261 ("ACPI: battery: Simplify battery hook locking") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76959aff14a0012ad6b984ec7686d163deccdc16 Mon Sep 17 00:00:00 2001 From: Armin Wolf <W_Armin(a)gmx.de> Date: Tue, 1 Oct 2024 23:28:34 +0200 Subject: [PATCH] ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash. Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister(). Fixes: fa93854f7a7e ("battery: Add the battery hooking API") Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> Link: https://patch.msgid.link/20241001212835.341788-3-W_Armin@gmx.de Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index dda59ee5a11e..1c45ff6dbb83 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -715,7 +715,7 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) if (!hook->remove_battery(battery->bat, hook)) power_supply_changed(battery->bat); } - list_del(&hook->list); + list_del_init(&hook->list); pr_info("extension unregistered: %s\n", hook->name); } @@ -723,7 +723,14 @@ static void battery_hook_unregister_unlocked(struct acpi_battery_hook *hook) void battery_hook_unregister(struct acpi_battery_hook *hook) { mutex_lock(&hook_mutex); - battery_hook_unregister_unlocked(hook); + /* + * Ignore already unregistered battery hooks. This might happen + * if a battery hook was previously unloaded due to an error when + * adding a new battery. + */ + if (!list_empty(&hook->list)) + battery_hook_unregister_unlocked(hook); + mutex_unlock(&hook_mutex); } EXPORT_SYMBOL_GPL(battery_hook_unregister); @@ -733,7 +740,6 @@ void battery_hook_register(struct acpi_battery_hook *hook) struct acpi_battery *battery; mutex_lock(&hook_mutex); - INIT_LIST_HEAD(&hook->list); list_add(&hook->list, &battery_hook_list); /* * Now that the driver is registered, we need

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] clk: qcom: gcc-sc8180x: Add GPLL9 support" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 818a2f8d5e4ad2c1e39a4290158fe8e39a744c70 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100727-shock-morality-cfc4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 818a2f8d5e4a ("clk: qcom: gcc-sc8180x: Add GPLL9 support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 818a2f8d5e4ad2c1e39a4290158fe8e39a744c70 Mon Sep 17 00:00:00 2001 From: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Date: Mon, 12 Aug 2024 10:43:03 +0530 Subject: [PATCH] clk: qcom: gcc-sc8180x: Add GPLL9 support Add the missing GPLL9 pll and fix the gcc_parents_7 data to use the correct pll hw. Fixes: 4433594bbe5d ("clk: qcom: gcc: Add global clock controller driver for SC8180x") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Link: https://lore.kernel.org/r/20240812-gcc-sc8180x-fixes-v2-3-8b3eaa5fb856@quic… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/clk/qcom/gcc-sc8180x.c b/drivers/clk/qcom/gcc-sc8180x.c index d25c5dc37f91..0596427f8922 100644 --- a/drivers/clk/qcom/gcc-sc8180x.c +++ b/drivers/clk/qcom/gcc-sc8180x.c @@ -142,6 +142,23 @@ static struct clk_alpha_pll gpll7 = { }, }; +static struct clk_alpha_pll gpll9 = { + .offset = 0x1c000, + .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_TRION], + .clkr = { + .enable_reg = 0x52000, + .enable_mask = BIT(9), + .hw.init = &(const struct clk_init_data) { + .name = "gpll9", + .parent_data = &(const struct clk_parent_data) { + .fw_name = "bi_tcxo", + }, + .num_parents = 1, + .ops = &clk_alpha_pll_fixed_trion_ops, + }, + }, +}; + static const struct parent_map gcc_parent_map_0[] = { { P_BI_TCXO, 0 }, { P_GPLL0_OUT_MAIN, 1 }, @@ -241,7 +258,7 @@ static const struct parent_map gcc_parent_map_7[] = { static const struct clk_parent_data gcc_parents_7[] = { { .fw_name = "bi_tcxo", }, { .hw = &gpll0.clkr.hw }, - { .name = "gppl9" }, + { .hw = &gpll9.clkr.hw }, { .hw = &gpll4.clkr.hw }, { .hw = &gpll0_out_even.clkr.hw }, }; @@ -4552,6 +4569,7 @@ static struct clk_regmap *gcc_sc8180x_clocks[] = { [GPLL1] = &gpll1.clkr, [GPLL4] = &gpll4.clkr, [GPLL7] = &gpll7.clkr, + [GPLL9] = &gpll9.clkr, }; static const struct qcom_reset_map gcc_sc8180x_resets[] = {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] clk: qcom: gcc-sc8180x: Add GPLL9 support" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 818a2f8d5e4ad2c1e39a4290158fe8e39a744c70 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100728-catatonic-catacomb-dc01@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 818a2f8d5e4a ("clk: qcom: gcc-sc8180x: Add GPLL9 support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 818a2f8d5e4ad2c1e39a4290158fe8e39a744c70 Mon Sep 17 00:00:00 2001 From: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Date: Mon, 12 Aug 2024 10:43:03 +0530 Subject: [PATCH] clk: qcom: gcc-sc8180x: Add GPLL9 support Add the missing GPLL9 pll and fix the gcc_parents_7 data to use the correct pll hw. Fixes: 4433594bbe5d ("clk: qcom: gcc: Add global clock controller driver for SC8180x") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Link: https://lore.kernel.org/r/20240812-gcc-sc8180x-fixes-v2-3-8b3eaa5fb856@quic… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/clk/qcom/gcc-sc8180x.c b/drivers/clk/qcom/gcc-sc8180x.c index d25c5dc37f91..0596427f8922 100644 --- a/drivers/clk/qcom/gcc-sc8180x.c +++ b/drivers/clk/qcom/gcc-sc8180x.c @@ -142,6 +142,23 @@ static struct clk_alpha_pll gpll7 = { }, }; +static struct clk_alpha_pll gpll9 = { + .offset = 0x1c000, + .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_TRION], + .clkr = { + .enable_reg = 0x52000, + .enable_mask = BIT(9), + .hw.init = &(const struct clk_init_data) { + .name = "gpll9", + .parent_data = &(const struct clk_parent_data) { + .fw_name = "bi_tcxo", + }, + .num_parents = 1, + .ops = &clk_alpha_pll_fixed_trion_ops, + }, + }, +}; + static const struct parent_map gcc_parent_map_0[] = { { P_BI_TCXO, 0 }, { P_GPLL0_OUT_MAIN, 1 }, @@ -241,7 +258,7 @@ static const struct parent_map gcc_parent_map_7[] = { static const struct clk_parent_data gcc_parents_7[] = { { .fw_name = "bi_tcxo", }, { .hw = &gpll0.clkr.hw }, - { .name = "gppl9" }, + { .hw = &gpll9.clkr.hw }, { .hw = &gpll4.clkr.hw }, { .hw = &gpll0_out_even.clkr.hw }, }; @@ -4552,6 +4569,7 @@ static struct clk_regmap *gcc_sc8180x_clocks[] = { [GPLL1] = &gpll1.clkr, [GPLL4] = &gpll4.clkr, [GPLL7] = &gpll7.clkr, + [GPLL9] = &gpll9.clkr, }; static const struct qcom_reset_map gcc_sc8180x_resets[] = {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] clk: qcom: gcc-sc8180x: Add GPLL9 support" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 818a2f8d5e4ad2c1e39a4290158fe8e39a744c70 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100727-starved-makeover-291c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 818a2f8d5e4a ("clk: qcom: gcc-sc8180x: Add GPLL9 support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 818a2f8d5e4ad2c1e39a4290158fe8e39a744c70 Mon Sep 17 00:00:00 2001 From: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Date: Mon, 12 Aug 2024 10:43:03 +0530 Subject: [PATCH] clk: qcom: gcc-sc8180x: Add GPLL9 support Add the missing GPLL9 pll and fix the gcc_parents_7 data to use the correct pll hw. Fixes: 4433594bbe5d ("clk: qcom: gcc: Add global clock controller driver for SC8180x") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Link: https://lore.kernel.org/r/20240812-gcc-sc8180x-fixes-v2-3-8b3eaa5fb856@quic… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/clk/qcom/gcc-sc8180x.c b/drivers/clk/qcom/gcc-sc8180x.c index d25c5dc37f91..0596427f8922 100644 --- a/drivers/clk/qcom/gcc-sc8180x.c +++ b/drivers/clk/qcom/gcc-sc8180x.c @@ -142,6 +142,23 @@ static struct clk_alpha_pll gpll7 = { }, }; +static struct clk_alpha_pll gpll9 = { + .offset = 0x1c000, + .regs = clk_alpha_pll_regs[CLK_ALPHA_PLL_TYPE_TRION], + .clkr = { + .enable_reg = 0x52000, + .enable_mask = BIT(9), + .hw.init = &(const struct clk_init_data) { + .name = "gpll9", + .parent_data = &(const struct clk_parent_data) { + .fw_name = "bi_tcxo", + }, + .num_parents = 1, + .ops = &clk_alpha_pll_fixed_trion_ops, + }, + }, +}; + static const struct parent_map gcc_parent_map_0[] = { { P_BI_TCXO, 0 }, { P_GPLL0_OUT_MAIN, 1 }, @@ -241,7 +258,7 @@ static const struct parent_map gcc_parent_map_7[] = { static const struct clk_parent_data gcc_parents_7[] = { { .fw_name = "bi_tcxo", }, { .hw = &gpll0.clkr.hw }, - { .name = "gppl9" }, + { .hw = &gpll9.clkr.hw }, { .hw = &gpll4.clkr.hw }, { .hw = &gpll0_out_even.clkr.hw }, }; @@ -4552,6 +4569,7 @@ static struct clk_regmap *gcc_sc8180x_clocks[] = { [GPLL1] = &gpll1.clkr, [GPLL4] = &gpll4.clkr, [GPLL7] = &gpll7.clkr, + [GPLL9] = &gpll9.clkr, }; static const struct qcom_reset_map gcc_sc8180x_resets[] = {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] gso: fix udp gso fraglist segmentation after pull from" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100729-mountain-blizzard-35b6@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: a1e40ac5b5e9 ("gso: fix udp gso fraglist segmentation after pull from frag_list") 9840036786d9 ("gso: fix dodgy bit handling for GSO_UDP_L4") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab Mon Sep 17 00:00:00 2001 From: Willem de Bruijn <willemb(a)google.com> Date: Tue, 1 Oct 2024 13:17:46 -0400 Subject: [PATCH] gso: fix udp gso fraglist segmentation after pull from frag_list Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For UDP, this causes a NULL ptr deref in __udpv4_gso_segment_list_csum at udp_hdr(seg->next)->dest. Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment. Link: https://lore.kernel.org/netdev/20240428142913.18666-1-shiming.cheng@mediate… Fixes: 9fd1ff5d2ac7 ("udp: Support UDP fraglist GRO/GSO.") Signed-off-by: Willem de Bruijn <willemb(a)google.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20241001171752.107580-1-willemdebruijn.kernel@gmai… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c index d842303587af..a5be6e4ed326 100644 --- a/net/ipv4/udp_offload.c +++ b/net/ipv4/udp_offload.c @@ -296,8 +296,26 @@ struct sk_buff *__udp_gso_segment(struct sk_buff *gso_skb, return NULL; } - if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) - return __udp_gso_segment_list(gso_skb, features, is_ipv6); + if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) { + /* Detect modified geometry and pass those to skb_segment. */ + if (skb_pagelen(gso_skb) - sizeof(*uh) == skb_shinfo(gso_skb)->gso_size) + return __udp_gso_segment_list(gso_skb, features, is_ipv6); + + /* Setup csum, as fraglist skips this in udp4_gro_receive. */ + gso_skb->csum_start = skb_transport_header(gso_skb) - gso_skb->head; + gso_skb->csum_offset = offsetof(struct udphdr, check); + gso_skb->ip_summed = CHECKSUM_PARTIAL; + + uh = udp_hdr(gso_skb); + if (is_ipv6) + uh->check = ~udp_v6_check(gso_skb->len, + &ipv6_hdr(gso_skb)->saddr, + &ipv6_hdr(gso_skb)->daddr, 0); + else + uh->check = ~udp_v4_check(gso_skb->len, + ip_hdr(gso_skb)->saddr, + ip_hdr(gso_skb)->daddr, 0); + } skb_pull(gso_skb, sizeof(*uh));

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] gso: fix udp gso fraglist segmentation after pull from" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100726-unlocking-handled-41bb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: a1e40ac5b5e9 ("gso: fix udp gso fraglist segmentation after pull from frag_list") 9840036786d9 ("gso: fix dodgy bit handling for GSO_UDP_L4") c3df39ac9b0e ("udp: ipv4: manipulate network header of NATed UDP GRO fraglist") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab Mon Sep 17 00:00:00 2001 From: Willem de Bruijn <willemb(a)google.com> Date: Tue, 1 Oct 2024 13:17:46 -0400 Subject: [PATCH] gso: fix udp gso fraglist segmentation after pull from frag_list Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For UDP, this causes a NULL ptr deref in __udpv4_gso_segment_list_csum at udp_hdr(seg->next)->dest. Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment. Link: https://lore.kernel.org/netdev/20240428142913.18666-1-shiming.cheng@mediate… Fixes: 9fd1ff5d2ac7 ("udp: Support UDP fraglist GRO/GSO.") Signed-off-by: Willem de Bruijn <willemb(a)google.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20241001171752.107580-1-willemdebruijn.kernel@gmai… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c index d842303587af..a5be6e4ed326 100644 --- a/net/ipv4/udp_offload.c +++ b/net/ipv4/udp_offload.c @@ -296,8 +296,26 @@ struct sk_buff *__udp_gso_segment(struct sk_buff *gso_skb, return NULL; } - if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) - return __udp_gso_segment_list(gso_skb, features, is_ipv6); + if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) { + /* Detect modified geometry and pass those to skb_segment. */ + if (skb_pagelen(gso_skb) - sizeof(*uh) == skb_shinfo(gso_skb)->gso_size) + return __udp_gso_segment_list(gso_skb, features, is_ipv6); + + /* Setup csum, as fraglist skips this in udp4_gro_receive. */ + gso_skb->csum_start = skb_transport_header(gso_skb) - gso_skb->head; + gso_skb->csum_offset = offsetof(struct udphdr, check); + gso_skb->ip_summed = CHECKSUM_PARTIAL; + + uh = udp_hdr(gso_skb); + if (is_ipv6) + uh->check = ~udp_v6_check(gso_skb->len, + &ipv6_hdr(gso_skb)->saddr, + &ipv6_hdr(gso_skb)->daddr, 0); + else + uh->check = ~udp_v4_check(gso_skb->len, + ip_hdr(gso_skb)->saddr, + ip_hdr(gso_skb)->daddr, 0); + } skb_pull(gso_skb, sizeof(*uh));

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] gso: fix udp gso fraglist segmentation after pull from" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100727-trunks-disabled-4c43@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: a1e40ac5b5e9 ("gso: fix udp gso fraglist segmentation after pull from frag_list") 9840036786d9 ("gso: fix dodgy bit handling for GSO_UDP_L4") c3df39ac9b0e ("udp: ipv4: manipulate network header of NATed UDP GRO fraglist") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab Mon Sep 17 00:00:00 2001 From: Willem de Bruijn <willemb(a)google.com> Date: Tue, 1 Oct 2024 13:17:46 -0400 Subject: [PATCH] gso: fix udp gso fraglist segmentation after pull from frag_list Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For UDP, this causes a NULL ptr deref in __udpv4_gso_segment_list_csum at udp_hdr(seg->next)->dest. Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment. Link: https://lore.kernel.org/netdev/20240428142913.18666-1-shiming.cheng@mediate… Fixes: 9fd1ff5d2ac7 ("udp: Support UDP fraglist GRO/GSO.") Signed-off-by: Willem de Bruijn <willemb(a)google.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20241001171752.107580-1-willemdebruijn.kernel@gmai… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c index d842303587af..a5be6e4ed326 100644 --- a/net/ipv4/udp_offload.c +++ b/net/ipv4/udp_offload.c @@ -296,8 +296,26 @@ struct sk_buff *__udp_gso_segment(struct sk_buff *gso_skb, return NULL; } - if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) - return __udp_gso_segment_list(gso_skb, features, is_ipv6); + if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) { + /* Detect modified geometry and pass those to skb_segment. */ + if (skb_pagelen(gso_skb) - sizeof(*uh) == skb_shinfo(gso_skb)->gso_size) + return __udp_gso_segment_list(gso_skb, features, is_ipv6); + + /* Setup csum, as fraglist skips this in udp4_gro_receive. */ + gso_skb->csum_start = skb_transport_header(gso_skb) - gso_skb->head; + gso_skb->csum_offset = offsetof(struct udphdr, check); + gso_skb->ip_summed = CHECKSUM_PARTIAL; + + uh = udp_hdr(gso_skb); + if (is_ipv6) + uh->check = ~udp_v6_check(gso_skb->len, + &ipv6_hdr(gso_skb)->saddr, + &ipv6_hdr(gso_skb)->daddr, 0); + else + uh->check = ~udp_v4_check(gso_skb->len, + ip_hdr(gso_skb)->saddr, + ip_hdr(gso_skb)->daddr, 0); + } skb_pull(gso_skb, sizeof(*uh));

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] rtc: at91sam9: fix OF node leak in probe() error path" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 73580e2ee6adfb40276bd420da3bb1abae204e10 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100711-womanhood-immerse-83a6@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 73580e2ee6ad ("rtc: at91sam9: fix OF node leak in probe() error path") 1a76a77c8800 ("rtc: at91sam9: drop platform_data support") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73580e2ee6adfb40276bd420da3bb1abae204e10 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sun, 25 Aug 2024 20:31:03 +0200 Subject: [PATCH] rtc: at91sam9: fix OF node leak in probe() error path Driver is leaking an OF node reference obtained from of_parse_phandle_with_fixed_args(). Fixes: 43e112bb3dea ("rtc: at91sam9: make use of syscon/regmap to access GPBR registers") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20240825183103.102904-1-krzysztof.kozlowski@linar… Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/rtc/rtc-at91sam9.c b/drivers/rtc/rtc-at91sam9.c index f93bee96e362..993c0878fb66 100644 --- a/drivers/rtc/rtc-at91sam9.c +++ b/drivers/rtc/rtc-at91sam9.c @@ -368,6 +368,7 @@ static int at91_rtc_probe(struct platform_device *pdev) return ret; rtc->gpbr = syscon_node_to_regmap(args.np); + of_node_put(args.np); rtc->gpbr_offset = args.args[0]; if (IS_ERR(rtc->gpbr)) { dev_err(&pdev->dev, "failed to retrieve gpbr regmap, aborting.\n");

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] r8169: add tally counter fields added with RTL8125" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100736-poise-woozy-3dc7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ced8e8b8f40a ("r8169: add tally counter fields added with RTL8125") 8df9439389a4 ("r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Tue, 17 Sep 2024 23:04:46 +0200 Subject: [PATCH] r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated memory area is big enough to hold all of the tally counter values, even if we use only parts of it. Fixes: f1bce4ad2f1c ("r8169: add support for RTL8125") Cc: stable(a)vger.kernel.org Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/741d26a9-2b2b-485d-91d9-ecb302e345b5@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 45ac8befba29..3ddba7aa4914 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -579,6 +579,33 @@ struct rtl8169_counters { __le32 rx_multicast; __le16 tx_aborted; __le16 tx_underrun; + /* new since RTL8125 */ + __le64 tx_octets; + __le64 rx_octets; + __le64 rx_multicast64; + __le64 tx_unicast64; + __le64 tx_broadcast64; + __le64 tx_multicast64; + __le32 tx_pause_on; + __le32 tx_pause_off; + __le32 tx_pause_all; + __le32 tx_deferred; + __le32 tx_late_collision; + __le32 tx_all_collision; + __le32 tx_aborted32; + __le32 align_errors32; + __le32 rx_frame_too_long; + __le32 rx_runt; + __le32 rx_pause_on; + __le32 rx_pause_off; + __le32 rx_pause_all; + __le32 rx_unknown_opcode; + __le32 rx_mac_error; + __le32 tx_underrun32; + __le32 rx_mac_missed; + __le32 rx_tcam_dropped; + __le32 tdu; + __le32 rdu; }; struct rtl8169_tc_offsets {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] r8169: add tally counter fields added with RTL8125" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100736-chlorine-elusive-e80f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ced8e8b8f40a ("r8169: add tally counter fields added with RTL8125") 8df9439389a4 ("r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Tue, 17 Sep 2024 23:04:46 +0200 Subject: [PATCH] r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated memory area is big enough to hold all of the tally counter values, even if we use only parts of it. Fixes: f1bce4ad2f1c ("r8169: add support for RTL8125") Cc: stable(a)vger.kernel.org Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/741d26a9-2b2b-485d-91d9-ecb302e345b5@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 45ac8befba29..3ddba7aa4914 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -579,6 +579,33 @@ struct rtl8169_counters { __le32 rx_multicast; __le16 tx_aborted; __le16 tx_underrun; + /* new since RTL8125 */ + __le64 tx_octets; + __le64 rx_octets; + __le64 rx_multicast64; + __le64 tx_unicast64; + __le64 tx_broadcast64; + __le64 tx_multicast64; + __le32 tx_pause_on; + __le32 tx_pause_off; + __le32 tx_pause_all; + __le32 tx_deferred; + __le32 tx_late_collision; + __le32 tx_all_collision; + __le32 tx_aborted32; + __le32 align_errors32; + __le32 rx_frame_too_long; + __le32 rx_runt; + __le32 rx_pause_on; + __le32 rx_pause_off; + __le32 rx_pause_all; + __le32 rx_unknown_opcode; + __le32 rx_mac_error; + __le32 tx_underrun32; + __le32 rx_mac_missed; + __le32 rx_tcam_dropped; + __le32 tdu; + __le32 rdu; }; struct rtl8169_tc_offsets {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] r8169: add tally counter fields added with RTL8125" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100735-ahead-zippy-5ef7@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: ced8e8b8f40a ("r8169: add tally counter fields added with RTL8125") 8df9439389a4 ("r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Tue, 17 Sep 2024 23:04:46 +0200 Subject: [PATCH] r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated memory area is big enough to hold all of the tally counter values, even if we use only parts of it. Fixes: f1bce4ad2f1c ("r8169: add support for RTL8125") Cc: stable(a)vger.kernel.org Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/741d26a9-2b2b-485d-91d9-ecb302e345b5@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 45ac8befba29..3ddba7aa4914 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -579,6 +579,33 @@ struct rtl8169_counters { __le32 rx_multicast; __le16 tx_aborted; __le16 tx_underrun; + /* new since RTL8125 */ + __le64 tx_octets; + __le64 rx_octets; + __le64 rx_multicast64; + __le64 tx_unicast64; + __le64 tx_broadcast64; + __le64 tx_multicast64; + __le32 tx_pause_on; + __le32 tx_pause_off; + __le32 tx_pause_all; + __le32 tx_deferred; + __le32 tx_late_collision; + __le32 tx_all_collision; + __le32 tx_aborted32; + __le32 align_errors32; + __le32 rx_frame_too_long; + __le32 rx_runt; + __le32 rx_pause_on; + __le32 rx_pause_off; + __le32 rx_pause_all; + __le32 rx_unknown_opcode; + __le32 rx_mac_error; + __le32 tx_underrun32; + __le32 rx_mac_missed; + __le32 rx_tcam_dropped; + __le32 tdu; + __le32 rdu; }; struct rtl8169_tc_offsets {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] r8169: add tally counter fields added with RTL8125" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100734-agile-cringing-005e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: ced8e8b8f40a ("r8169: add tally counter fields added with RTL8125") 8df9439389a4 ("r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Tue, 17 Sep 2024 23:04:46 +0200 Subject: [PATCH] r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated memory area is big enough to hold all of the tally counter values, even if we use only parts of it. Fixes: f1bce4ad2f1c ("r8169: add support for RTL8125") Cc: stable(a)vger.kernel.org Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/741d26a9-2b2b-485d-91d9-ecb302e345b5@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 45ac8befba29..3ddba7aa4914 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -579,6 +579,33 @@ struct rtl8169_counters { __le32 rx_multicast; __le16 tx_aborted; __le16 tx_underrun; + /* new since RTL8125 */ + __le64 tx_octets; + __le64 rx_octets; + __le64 rx_multicast64; + __le64 tx_unicast64; + __le64 tx_broadcast64; + __le64 tx_multicast64; + __le32 tx_pause_on; + __le32 tx_pause_off; + __le32 tx_pause_all; + __le32 tx_deferred; + __le32 tx_late_collision; + __le32 tx_all_collision; + __le32 tx_aborted32; + __le32 align_errors32; + __le32 rx_frame_too_long; + __le32 rx_runt; + __le32 rx_pause_on; + __le32 rx_pause_off; + __le32 rx_pause_all; + __le32 rx_unknown_opcode; + __le32 rx_mac_error; + __le32 tx_underrun32; + __le32 rx_mac_missed; + __le32 rx_tcam_dropped; + __le32 tdu; + __le32 rdu; }; struct rtl8169_tc_offsets {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] r8169: add tally counter fields added with RTL8125" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100734-mounting-unfiled-7a89@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: ced8e8b8f40a ("r8169: add tally counter fields added with RTL8125") 8df9439389a4 ("r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Tue, 17 Sep 2024 23:04:46 +0200 Subject: [PATCH] r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated memory area is big enough to hold all of the tally counter values, even if we use only parts of it. Fixes: f1bce4ad2f1c ("r8169: add support for RTL8125") Cc: stable(a)vger.kernel.org Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/741d26a9-2b2b-485d-91d9-ecb302e345b5@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 45ac8befba29..3ddba7aa4914 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -579,6 +579,33 @@ struct rtl8169_counters { __le32 rx_multicast; __le16 tx_aborted; __le16 tx_underrun; + /* new since RTL8125 */ + __le64 tx_octets; + __le64 rx_octets; + __le64 rx_multicast64; + __le64 tx_unicast64; + __le64 tx_broadcast64; + __le64 tx_multicast64; + __le32 tx_pause_on; + __le32 tx_pause_off; + __le32 tx_pause_all; + __le32 tx_deferred; + __le32 tx_late_collision; + __le32 tx_all_collision; + __le32 tx_aborted32; + __le32 align_errors32; + __le32 rx_frame_too_long; + __le32 rx_runt; + __le32 rx_pause_on; + __le32 rx_pause_off; + __le32 rx_pause_all; + __le32 rx_unknown_opcode; + __le32 rx_mac_error; + __le32 tx_underrun32; + __le32 rx_mac_missed; + __le32 rx_tcam_dropped; + __le32 tdu; + __le32 rdu; }; struct rtl8169_tc_offsets {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] r8169: add tally counter fields added with RTL8125" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100733-glorifier-splurge-c8fc@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: ced8e8b8f40a ("r8169: add tally counter fields added with RTL8125") 8df9439389a4 ("r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Tue, 17 Sep 2024 23:04:46 +0200 Subject: [PATCH] r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated memory area is big enough to hold all of the tally counter values, even if we use only parts of it. Fixes: f1bce4ad2f1c ("r8169: add support for RTL8125") Cc: stable(a)vger.kernel.org Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/741d26a9-2b2b-485d-91d9-ecb302e345b5@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 45ac8befba29..3ddba7aa4914 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -579,6 +579,33 @@ struct rtl8169_counters { __le32 rx_multicast; __le16 tx_aborted; __le16 tx_underrun; + /* new since RTL8125 */ + __le64 tx_octets; + __le64 rx_octets; + __le64 rx_multicast64; + __le64 tx_unicast64; + __le64 tx_broadcast64; + __le64 tx_multicast64; + __le32 tx_pause_on; + __le32 tx_pause_off; + __le32 tx_pause_all; + __le32 tx_deferred; + __le32 tx_late_collision; + __le32 tx_all_collision; + __le32 tx_aborted32; + __le32 align_errors32; + __le32 rx_frame_too_long; + __le32 rx_runt; + __le32 rx_pause_on; + __le32 rx_pause_off; + __le32 rx_pause_all; + __le32 rx_unknown_opcode; + __le32 rx_mac_error; + __le32 tx_underrun32; + __le32 rx_mac_missed; + __le32 rx_tcam_dropped; + __le32 tdu; + __le32 rdu; }; struct rtl8169_tc_offsets {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] r8169: add tally counter fields added with RTL8125" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100732-unearned-amusing-2d26@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: ced8e8b8f40a ("r8169: add tally counter fields added with RTL8125") 8df9439389a4 ("r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a Mon Sep 17 00:00:00 2001 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Tue, 17 Sep 2024 23:04:46 +0200 Subject: [PATCH] r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated memory area is big enough to hold all of the tally counter values, even if we use only parts of it. Fixes: f1bce4ad2f1c ("r8169: add support for RTL8125") Cc: stable(a)vger.kernel.org Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Link: https://patch.msgid.link/741d26a9-2b2b-485d-91d9-ecb302e345b5@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 45ac8befba29..3ddba7aa4914 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -579,6 +579,33 @@ struct rtl8169_counters { __le32 rx_multicast; __le16 tx_aborted; __le16 tx_underrun; + /* new since RTL8125 */ + __le64 tx_octets; + __le64 rx_octets; + __le64 rx_multicast64; + __le64 tx_unicast64; + __le64 tx_broadcast64; + __le64 tx_multicast64; + __le32 tx_pause_on; + __le32 tx_pause_off; + __le32 tx_pause_all; + __le32 tx_deferred; + __le32 tx_late_collision; + __le32 tx_all_collision; + __le32 tx_aborted32; + __le32 align_errors32; + __le32 rx_frame_too_long; + __le32 rx_runt; + __le32 rx_pause_on; + __le32 rx_pause_off; + __le32 rx_pause_all; + __le32 rx_unknown_opcode; + __le32 rx_mac_error; + __le32 tx_underrun32; + __le32 rx_mac_missed; + __le32 rx_tcam_dropped; + __le32 tdu; + __le32 rdu; }; struct rtl8169_tc_offsets {

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Fix waiting time for BMP3xx" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 262a6634bcc4f0c1c53d13aa89882909f281a6aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100740-engaging-splendor-8e75@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 262a6634bcc4 ("iio: pressure: bmp280: Fix waiting time for BMP3xx configuration") 439ce8961bdd ("iio: pressure: bmp280: Improve indentation and line wrapping") a2d43f44628f ("iio: pressure: fix some word spelling errors") accb9d05df39 ("iio: pressure: bmp280: Add nvmem operations for BMP580") 597dfb2af052 ("iio: pressure: bmp280: Add support for new sensor BMP580") 42cde8808573 ("iio: pressure: Kconfig: Delete misleading I2C reference on bmp280 title") 0b0b772637cd ("iio: pressure: bmp280: Use chip_info pointers for each chip as driver data") 12491d35551d ("iio: pressure: bmp280: convert to i2c's .probe_new()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 262a6634bcc4f0c1c53d13aa89882909f281a6aa Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:50 +0200 Subject: [PATCH] iio: pressure: bmp280: Fix waiting time for BMP3xx configuration According to the datasheet, both pressure and temperature can go up to oversampling x32. With this option, the maximum measurement time is not 80ms (this is for press x32 and temp x2), but it is 130ms nominal (calculated from table 3.9.2) and since most of the maximum values are around +15%, it is configured to 150ms. Fixes: 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-3-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index cc8553177977..3deaa57bb3f5 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1581,10 +1581,11 @@ static int bmp380_chip_config(struct bmp280_data *data) } /* * Waits for measurement before checking configuration error - * flag. Selected longest measure time indicated in - * section 3.9.1 in the datasheet. + * flag. Selected longest measurement time, calculated from + * formula in datasheet section 3.9.2 with an offset of ~+15% + * as it seen as well in table 3.9.1. */ - msleep(80); + msleep(150); /* Check config error flag */ ret = regmap_read(data->regmap, BMP380_REG_ERROR, &tmp);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Fix waiting time for BMP3xx" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 262a6634bcc4f0c1c53d13aa89882909f281a6aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100740-hundredth-lunchtime-a9da@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 262a6634bcc4 ("iio: pressure: bmp280: Fix waiting time for BMP3xx configuration") 439ce8961bdd ("iio: pressure: bmp280: Improve indentation and line wrapping") a2d43f44628f ("iio: pressure: fix some word spelling errors") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 262a6634bcc4f0c1c53d13aa89882909f281a6aa Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:50 +0200 Subject: [PATCH] iio: pressure: bmp280: Fix waiting time for BMP3xx configuration According to the datasheet, both pressure and temperature can go up to oversampling x32. With this option, the maximum measurement time is not 80ms (this is for press x32 and temp x2), but it is 130ms nominal (calculated from table 3.9.2) and since most of the maximum values are around +15%, it is configured to 150ms. Fixes: 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-3-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index cc8553177977..3deaa57bb3f5 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1581,10 +1581,11 @@ static int bmp380_chip_config(struct bmp280_data *data) } /* * Waits for measurement before checking configuration error - * flag. Selected longest measure time indicated in - * section 3.9.1 in the datasheet. + * flag. Selected longest measurement time, calculated from + * formula in datasheet section 3.9.2 with an offset of ~+15% + * as it seen as well in table 3.9.1. */ - msleep(80); + msleep(150); /* Check config error flag */ ret = regmap_read(data->regmap, BMP380_REG_ERROR, &tmp);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Fix waiting time for BMP3xx" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 262a6634bcc4f0c1c53d13aa89882909f281a6aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100739-enunciate-catnap-78cf@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 262a6634bcc4 ("iio: pressure: bmp280: Fix waiting time for BMP3xx configuration") 439ce8961bdd ("iio: pressure: bmp280: Improve indentation and line wrapping") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 262a6634bcc4f0c1c53d13aa89882909f281a6aa Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:50 +0200 Subject: [PATCH] iio: pressure: bmp280: Fix waiting time for BMP3xx configuration According to the datasheet, both pressure and temperature can go up to oversampling x32. With this option, the maximum measurement time is not 80ms (this is for press x32 and temp x2), but it is 130ms nominal (calculated from table 3.9.2) and since most of the maximum values are around +15%, it is configured to 150ms. Fixes: 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-3-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index cc8553177977..3deaa57bb3f5 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1581,10 +1581,11 @@ static int bmp380_chip_config(struct bmp280_data *data) } /* * Waits for measurement before checking configuration error - * flag. Selected longest measure time indicated in - * section 3.9.1 in the datasheet. + * flag. Selected longest measurement time, calculated from + * formula in datasheet section 3.9.2 with an offset of ~+15% + * as it seen as well in table 3.9.1. */ - msleep(80); + msleep(150); /* Check config error flag */ ret = regmap_read(data->regmap, BMP380_REG_ERROR, &tmp);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x b9065b0250e1705935445ede0a18c1850afe7b75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100731-obedient-valium-8f42@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: b9065b0250e1 ("iio: pressure: bmp280: Fix regmap for BMP280 device") b23be4cd99a6 ("iio: pressure: bmp280: Use BME prefix for BME280 specifics") 439ce8961bdd ("iio: pressure: bmp280: Improve indentation and line wrapping") 33564435c808 ("iio: pressure: bmp280: Allow multiple chips id per family of devices") a2d43f44628f ("iio: pressure: fix some word spelling errors") accb9d05df39 ("iio: pressure: bmp280: Add nvmem operations for BMP580") 597dfb2af052 ("iio: pressure: bmp280: Add support for new sensor BMP580") 42cde8808573 ("iio: pressure: Kconfig: Delete misleading I2C reference on bmp280 title") c25ea00fefa4 ("iio: pressure: bmp280: Add preinit callback") 0b0b772637cd ("iio: pressure: bmp280: Use chip_info pointers for each chip as driver data") 12491d35551d ("iio: pressure: bmp280: convert to i2c's .probe_new()") 10b40ffba2f9 ("iio: pressure: bmp280: Add more tunable config parameters for BMP380") 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") 18d1bb377023 ("iio: pressure: bmp280: reorder i2c device tables declarations") 327b5c0512c1 ("iio: pressure: bmp280: Fix alignment for DMA safety") b00e805a47a8 ("iio: pressure: bmp280: simplify driver initialization logic") 83cb40beaefa ("iio: pressure: bmp280: Simplify bmp280 calibration data reading") 2405f8cc8485 ("iio: pressure: bmp280: use FIELD_GET, FIELD_PREP and GENMASK") 5f0c359defea ("iio: pressure: bmp280: reorder local variables following reverse xmas tree") 5d5129b17f83 ("iio: pressure: bmp280: fix datasheet links") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b9065b0250e1705935445ede0a18c1850afe7b75 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:49 +0200 Subject: [PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device Up to now, the BMP280 device is using the regmap of the BME280 which has registers that exist only in the BME280 device. Fixes: 14e8015f8569 ("iio: pressure: bmp280: split driver in logical parts") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-2-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index 2fc5724196e3..cc8553177977 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1186,7 +1186,7 @@ const struct bmp280_chip_info bme280_chip_info = { .id_reg = BMP280_REG_ID, .chip_id = bme280_chip_ids, .num_chip_id = ARRAY_SIZE(bme280_chip_ids), - .regmap_config = &bmp280_regmap_config, + .regmap_config = &bme280_regmap_config, .start_up_time = 2000, .channels = bme280_channels, .num_channels = ARRAY_SIZE(bme280_channels), diff --git a/drivers/iio/pressure/bmp280-regmap.c b/drivers/iio/pressure/bmp280-regmap.c index fa52839474b1..d27d68edd906 100644 --- a/drivers/iio/pressure/bmp280-regmap.c +++ b/drivers/iio/pressure/bmp280-regmap.c @@ -41,7 +41,7 @@ const struct regmap_config bmp180_regmap_config = { }; EXPORT_SYMBOL_NS(bmp180_regmap_config, IIO_BMP280); -static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +static bool bme280_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { case BMP280_REG_CONFIG: @@ -54,7 +54,35 @@ static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) } } +static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_CONFIG: + case BMP280_REG_CTRL_MEAS: + case BMP280_REG_RESET: + return true; + default: + return false; + } +} + static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_TEMP_XLSB: + case BMP280_REG_TEMP_LSB: + case BMP280_REG_TEMP_MSB: + case BMP280_REG_PRESS_XLSB: + case BMP280_REG_PRESS_LSB: + case BMP280_REG_PRESS_MSB: + case BMP280_REG_STATUS: + return true; + default: + return false; + } +} + +static bool bme280_is_volatile_reg(struct device *dev, unsigned int reg) { switch (reg) { case BME280_REG_HUMIDITY_LSB: @@ -71,7 +99,6 @@ static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) return false; } } - static bool bmp380_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { @@ -167,7 +194,7 @@ const struct regmap_config bmp280_regmap_config = { .reg_bits = 8, .val_bits = 8, - .max_register = BME280_REG_HUMIDITY_LSB, + .max_register = BMP280_REG_TEMP_XLSB, .cache_type = REGCACHE_RBTREE, .writeable_reg = bmp280_is_writeable_reg, @@ -175,6 +202,18 @@ const struct regmap_config bmp280_regmap_config = { }; EXPORT_SYMBOL_NS(bmp280_regmap_config, IIO_BMP280); +const struct regmap_config bme280_regmap_config = { + .reg_bits = 8, + .val_bits = 8, + + .max_register = BME280_REG_HUMIDITY_LSB, + .cache_type = REGCACHE_RBTREE, + + .writeable_reg = bme280_is_writeable_reg, + .volatile_reg = bme280_is_volatile_reg, +}; +EXPORT_SYMBOL_NS(bme280_regmap_config, IIO_BMP280); + const struct regmap_config bmp380_regmap_config = { .reg_bits = 8, .val_bits = 8, diff --git a/drivers/iio/pressure/bmp280.h b/drivers/iio/pressure/bmp280.h index 0933e411ae2c..4b0ebce001df 100644 --- a/drivers/iio/pressure/bmp280.h +++ b/drivers/iio/pressure/bmp280.h @@ -490,6 +490,7 @@ extern const struct bmp280_chip_info bmp580_chip_info; /* Regmap configurations */ extern const struct regmap_config bmp180_regmap_config; extern const struct regmap_config bmp280_regmap_config; +extern const struct regmap_config bme280_regmap_config; extern const struct regmap_config bmp380_regmap_config; extern const struct regmap_config bmp580_regmap_config;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b9065b0250e1705935445ede0a18c1850afe7b75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100731-tavern-outgoing-d8ae@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: b9065b0250e1 ("iio: pressure: bmp280: Fix regmap for BMP280 device") b23be4cd99a6 ("iio: pressure: bmp280: Use BME prefix for BME280 specifics") 439ce8961bdd ("iio: pressure: bmp280: Improve indentation and line wrapping") 33564435c808 ("iio: pressure: bmp280: Allow multiple chips id per family of devices") a2d43f44628f ("iio: pressure: fix some word spelling errors") accb9d05df39 ("iio: pressure: bmp280: Add nvmem operations for BMP580") 597dfb2af052 ("iio: pressure: bmp280: Add support for new sensor BMP580") 42cde8808573 ("iio: pressure: Kconfig: Delete misleading I2C reference on bmp280 title") c25ea00fefa4 ("iio: pressure: bmp280: Add preinit callback") 0b0b772637cd ("iio: pressure: bmp280: Use chip_info pointers for each chip as driver data") 12491d35551d ("iio: pressure: bmp280: convert to i2c's .probe_new()") 10b40ffba2f9 ("iio: pressure: bmp280: Add more tunable config parameters for BMP380") 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") 18d1bb377023 ("iio: pressure: bmp280: reorder i2c device tables declarations") 327b5c0512c1 ("iio: pressure: bmp280: Fix alignment for DMA safety") b00e805a47a8 ("iio: pressure: bmp280: simplify driver initialization logic") 83cb40beaefa ("iio: pressure: bmp280: Simplify bmp280 calibration data reading") 2405f8cc8485 ("iio: pressure: bmp280: use FIELD_GET, FIELD_PREP and GENMASK") 5f0c359defea ("iio: pressure: bmp280: reorder local variables following reverse xmas tree") 5d5129b17f83 ("iio: pressure: bmp280: fix datasheet links") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b9065b0250e1705935445ede0a18c1850afe7b75 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:49 +0200 Subject: [PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device Up to now, the BMP280 device is using the regmap of the BME280 which has registers that exist only in the BME280 device. Fixes: 14e8015f8569 ("iio: pressure: bmp280: split driver in logical parts") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-2-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index 2fc5724196e3..cc8553177977 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1186,7 +1186,7 @@ const struct bmp280_chip_info bme280_chip_info = { .id_reg = BMP280_REG_ID, .chip_id = bme280_chip_ids, .num_chip_id = ARRAY_SIZE(bme280_chip_ids), - .regmap_config = &bmp280_regmap_config, + .regmap_config = &bme280_regmap_config, .start_up_time = 2000, .channels = bme280_channels, .num_channels = ARRAY_SIZE(bme280_channels), diff --git a/drivers/iio/pressure/bmp280-regmap.c b/drivers/iio/pressure/bmp280-regmap.c index fa52839474b1..d27d68edd906 100644 --- a/drivers/iio/pressure/bmp280-regmap.c +++ b/drivers/iio/pressure/bmp280-regmap.c @@ -41,7 +41,7 @@ const struct regmap_config bmp180_regmap_config = { }; EXPORT_SYMBOL_NS(bmp180_regmap_config, IIO_BMP280); -static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +static bool bme280_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { case BMP280_REG_CONFIG: @@ -54,7 +54,35 @@ static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) } } +static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_CONFIG: + case BMP280_REG_CTRL_MEAS: + case BMP280_REG_RESET: + return true; + default: + return false; + } +} + static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_TEMP_XLSB: + case BMP280_REG_TEMP_LSB: + case BMP280_REG_TEMP_MSB: + case BMP280_REG_PRESS_XLSB: + case BMP280_REG_PRESS_LSB: + case BMP280_REG_PRESS_MSB: + case BMP280_REG_STATUS: + return true; + default: + return false; + } +} + +static bool bme280_is_volatile_reg(struct device *dev, unsigned int reg) { switch (reg) { case BME280_REG_HUMIDITY_LSB: @@ -71,7 +99,6 @@ static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) return false; } } - static bool bmp380_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { @@ -167,7 +194,7 @@ const struct regmap_config bmp280_regmap_config = { .reg_bits = 8, .val_bits = 8, - .max_register = BME280_REG_HUMIDITY_LSB, + .max_register = BMP280_REG_TEMP_XLSB, .cache_type = REGCACHE_RBTREE, .writeable_reg = bmp280_is_writeable_reg, @@ -175,6 +202,18 @@ const struct regmap_config bmp280_regmap_config = { }; EXPORT_SYMBOL_NS(bmp280_regmap_config, IIO_BMP280); +const struct regmap_config bme280_regmap_config = { + .reg_bits = 8, + .val_bits = 8, + + .max_register = BME280_REG_HUMIDITY_LSB, + .cache_type = REGCACHE_RBTREE, + + .writeable_reg = bme280_is_writeable_reg, + .volatile_reg = bme280_is_volatile_reg, +}; +EXPORT_SYMBOL_NS(bme280_regmap_config, IIO_BMP280); + const struct regmap_config bmp380_regmap_config = { .reg_bits = 8, .val_bits = 8, diff --git a/drivers/iio/pressure/bmp280.h b/drivers/iio/pressure/bmp280.h index 0933e411ae2c..4b0ebce001df 100644 --- a/drivers/iio/pressure/bmp280.h +++ b/drivers/iio/pressure/bmp280.h @@ -490,6 +490,7 @@ extern const struct bmp280_chip_info bmp580_chip_info; /* Regmap configurations */ extern const struct regmap_config bmp180_regmap_config; extern const struct regmap_config bmp280_regmap_config; +extern const struct regmap_config bme280_regmap_config; extern const struct regmap_config bmp380_regmap_config; extern const struct regmap_config bmp580_regmap_config;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b9065b0250e1705935445ede0a18c1850afe7b75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100729-pampers-dreamy-f2a1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b9065b0250e1 ("iio: pressure: bmp280: Fix regmap for BMP280 device") b23be4cd99a6 ("iio: pressure: bmp280: Use BME prefix for BME280 specifics") 439ce8961bdd ("iio: pressure: bmp280: Improve indentation and line wrapping") 33564435c808 ("iio: pressure: bmp280: Allow multiple chips id per family of devices") a2d43f44628f ("iio: pressure: fix some word spelling errors") accb9d05df39 ("iio: pressure: bmp280: Add nvmem operations for BMP580") 597dfb2af052 ("iio: pressure: bmp280: Add support for new sensor BMP580") 42cde8808573 ("iio: pressure: Kconfig: Delete misleading I2C reference on bmp280 title") c25ea00fefa4 ("iio: pressure: bmp280: Add preinit callback") 0b0b772637cd ("iio: pressure: bmp280: Use chip_info pointers for each chip as driver data") 12491d35551d ("iio: pressure: bmp280: convert to i2c's .probe_new()") 10b40ffba2f9 ("iio: pressure: bmp280: Add more tunable config parameters for BMP380") 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") 18d1bb377023 ("iio: pressure: bmp280: reorder i2c device tables declarations") 327b5c0512c1 ("iio: pressure: bmp280: Fix alignment for DMA safety") b00e805a47a8 ("iio: pressure: bmp280: simplify driver initialization logic") 83cb40beaefa ("iio: pressure: bmp280: Simplify bmp280 calibration data reading") 2405f8cc8485 ("iio: pressure: bmp280: use FIELD_GET, FIELD_PREP and GENMASK") 5f0c359defea ("iio: pressure: bmp280: reorder local variables following reverse xmas tree") 5d5129b17f83 ("iio: pressure: bmp280: fix datasheet links") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b9065b0250e1705935445ede0a18c1850afe7b75 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:49 +0200 Subject: [PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device Up to now, the BMP280 device is using the regmap of the BME280 which has registers that exist only in the BME280 device. Fixes: 14e8015f8569 ("iio: pressure: bmp280: split driver in logical parts") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-2-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index 2fc5724196e3..cc8553177977 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1186,7 +1186,7 @@ const struct bmp280_chip_info bme280_chip_info = { .id_reg = BMP280_REG_ID, .chip_id = bme280_chip_ids, .num_chip_id = ARRAY_SIZE(bme280_chip_ids), - .regmap_config = &bmp280_regmap_config, + .regmap_config = &bme280_regmap_config, .start_up_time = 2000, .channels = bme280_channels, .num_channels = ARRAY_SIZE(bme280_channels), diff --git a/drivers/iio/pressure/bmp280-regmap.c b/drivers/iio/pressure/bmp280-regmap.c index fa52839474b1..d27d68edd906 100644 --- a/drivers/iio/pressure/bmp280-regmap.c +++ b/drivers/iio/pressure/bmp280-regmap.c @@ -41,7 +41,7 @@ const struct regmap_config bmp180_regmap_config = { }; EXPORT_SYMBOL_NS(bmp180_regmap_config, IIO_BMP280); -static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +static bool bme280_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { case BMP280_REG_CONFIG: @@ -54,7 +54,35 @@ static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) } } +static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_CONFIG: + case BMP280_REG_CTRL_MEAS: + case BMP280_REG_RESET: + return true; + default: + return false; + } +} + static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_TEMP_XLSB: + case BMP280_REG_TEMP_LSB: + case BMP280_REG_TEMP_MSB: + case BMP280_REG_PRESS_XLSB: + case BMP280_REG_PRESS_LSB: + case BMP280_REG_PRESS_MSB: + case BMP280_REG_STATUS: + return true; + default: + return false; + } +} + +static bool bme280_is_volatile_reg(struct device *dev, unsigned int reg) { switch (reg) { case BME280_REG_HUMIDITY_LSB: @@ -71,7 +99,6 @@ static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) return false; } } - static bool bmp380_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { @@ -167,7 +194,7 @@ const struct regmap_config bmp280_regmap_config = { .reg_bits = 8, .val_bits = 8, - .max_register = BME280_REG_HUMIDITY_LSB, + .max_register = BMP280_REG_TEMP_XLSB, .cache_type = REGCACHE_RBTREE, .writeable_reg = bmp280_is_writeable_reg, @@ -175,6 +202,18 @@ const struct regmap_config bmp280_regmap_config = { }; EXPORT_SYMBOL_NS(bmp280_regmap_config, IIO_BMP280); +const struct regmap_config bme280_regmap_config = { + .reg_bits = 8, + .val_bits = 8, + + .max_register = BME280_REG_HUMIDITY_LSB, + .cache_type = REGCACHE_RBTREE, + + .writeable_reg = bme280_is_writeable_reg, + .volatile_reg = bme280_is_volatile_reg, +}; +EXPORT_SYMBOL_NS(bme280_regmap_config, IIO_BMP280); + const struct regmap_config bmp380_regmap_config = { .reg_bits = 8, .val_bits = 8, diff --git a/drivers/iio/pressure/bmp280.h b/drivers/iio/pressure/bmp280.h index 0933e411ae2c..4b0ebce001df 100644 --- a/drivers/iio/pressure/bmp280.h +++ b/drivers/iio/pressure/bmp280.h @@ -490,6 +490,7 @@ extern const struct bmp280_chip_info bmp580_chip_info; /* Regmap configurations */ extern const struct regmap_config bmp180_regmap_config; extern const struct regmap_config bmp280_regmap_config; +extern const struct regmap_config bme280_regmap_config; extern const struct regmap_config bmp380_regmap_config; extern const struct regmap_config bmp580_regmap_config;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b9065b0250e1705935445ede0a18c1850afe7b75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100730-headway-thinness-1068@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: b9065b0250e1 ("iio: pressure: bmp280: Fix regmap for BMP280 device") b23be4cd99a6 ("iio: pressure: bmp280: Use BME prefix for BME280 specifics") 439ce8961bdd ("iio: pressure: bmp280: Improve indentation and line wrapping") 33564435c808 ("iio: pressure: bmp280: Allow multiple chips id per family of devices") a2d43f44628f ("iio: pressure: fix some word spelling errors") accb9d05df39 ("iio: pressure: bmp280: Add nvmem operations for BMP580") 597dfb2af052 ("iio: pressure: bmp280: Add support for new sensor BMP580") 42cde8808573 ("iio: pressure: Kconfig: Delete misleading I2C reference on bmp280 title") c25ea00fefa4 ("iio: pressure: bmp280: Add preinit callback") 0b0b772637cd ("iio: pressure: bmp280: Use chip_info pointers for each chip as driver data") 12491d35551d ("iio: pressure: bmp280: convert to i2c's .probe_new()") 10b40ffba2f9 ("iio: pressure: bmp280: Add more tunable config parameters for BMP380") 8d329309184d ("iio: pressure: bmp280: Add support for BMP380 sensor family") 18d1bb377023 ("iio: pressure: bmp280: reorder i2c device tables declarations") 327b5c0512c1 ("iio: pressure: bmp280: Fix alignment for DMA safety") b00e805a47a8 ("iio: pressure: bmp280: simplify driver initialization logic") 83cb40beaefa ("iio: pressure: bmp280: Simplify bmp280 calibration data reading") 2405f8cc8485 ("iio: pressure: bmp280: use FIELD_GET, FIELD_PREP and GENMASK") 5f0c359defea ("iio: pressure: bmp280: reorder local variables following reverse xmas tree") 5d5129b17f83 ("iio: pressure: bmp280: fix datasheet links") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b9065b0250e1705935445ede0a18c1850afe7b75 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:49 +0200 Subject: [PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device Up to now, the BMP280 device is using the regmap of the BME280 which has registers that exist only in the BME280 device. Fixes: 14e8015f8569 ("iio: pressure: bmp280: split driver in logical parts") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-2-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index 2fc5724196e3..cc8553177977 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1186,7 +1186,7 @@ const struct bmp280_chip_info bme280_chip_info = { .id_reg = BMP280_REG_ID, .chip_id = bme280_chip_ids, .num_chip_id = ARRAY_SIZE(bme280_chip_ids), - .regmap_config = &bmp280_regmap_config, + .regmap_config = &bme280_regmap_config, .start_up_time = 2000, .channels = bme280_channels, .num_channels = ARRAY_SIZE(bme280_channels), diff --git a/drivers/iio/pressure/bmp280-regmap.c b/drivers/iio/pressure/bmp280-regmap.c index fa52839474b1..d27d68edd906 100644 --- a/drivers/iio/pressure/bmp280-regmap.c +++ b/drivers/iio/pressure/bmp280-regmap.c @@ -41,7 +41,7 @@ const struct regmap_config bmp180_regmap_config = { }; EXPORT_SYMBOL_NS(bmp180_regmap_config, IIO_BMP280); -static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +static bool bme280_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { case BMP280_REG_CONFIG: @@ -54,7 +54,35 @@ static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) } } +static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_CONFIG: + case BMP280_REG_CTRL_MEAS: + case BMP280_REG_RESET: + return true; + default: + return false; + } +} + static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_TEMP_XLSB: + case BMP280_REG_TEMP_LSB: + case BMP280_REG_TEMP_MSB: + case BMP280_REG_PRESS_XLSB: + case BMP280_REG_PRESS_LSB: + case BMP280_REG_PRESS_MSB: + case BMP280_REG_STATUS: + return true; + default: + return false; + } +} + +static bool bme280_is_volatile_reg(struct device *dev, unsigned int reg) { switch (reg) { case BME280_REG_HUMIDITY_LSB: @@ -71,7 +99,6 @@ static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) return false; } } - static bool bmp380_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { @@ -167,7 +194,7 @@ const struct regmap_config bmp280_regmap_config = { .reg_bits = 8, .val_bits = 8, - .max_register = BME280_REG_HUMIDITY_LSB, + .max_register = BMP280_REG_TEMP_XLSB, .cache_type = REGCACHE_RBTREE, .writeable_reg = bmp280_is_writeable_reg, @@ -175,6 +202,18 @@ const struct regmap_config bmp280_regmap_config = { }; EXPORT_SYMBOL_NS(bmp280_regmap_config, IIO_BMP280); +const struct regmap_config bme280_regmap_config = { + .reg_bits = 8, + .val_bits = 8, + + .max_register = BME280_REG_HUMIDITY_LSB, + .cache_type = REGCACHE_RBTREE, + + .writeable_reg = bme280_is_writeable_reg, + .volatile_reg = bme280_is_volatile_reg, +}; +EXPORT_SYMBOL_NS(bme280_regmap_config, IIO_BMP280); + const struct regmap_config bmp380_regmap_config = { .reg_bits = 8, .val_bits = 8, diff --git a/drivers/iio/pressure/bmp280.h b/drivers/iio/pressure/bmp280.h index 0933e411ae2c..4b0ebce001df 100644 --- a/drivers/iio/pressure/bmp280.h +++ b/drivers/iio/pressure/bmp280.h @@ -490,6 +490,7 @@ extern const struct bmp280_chip_info bmp580_chip_info; /* Regmap configurations */ extern const struct regmap_config bmp180_regmap_config; extern const struct regmap_config bmp280_regmap_config; +extern const struct regmap_config bme280_regmap_config; extern const struct regmap_config bmp380_regmap_config; extern const struct regmap_config bmp580_regmap_config;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b9065b0250e1705935445ede0a18c1850afe7b75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100729-showbiz-slinging-fa22@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: b9065b0250e1 ("iio: pressure: bmp280: Fix regmap for BMP280 device") b23be4cd99a6 ("iio: pressure: bmp280: Use BME prefix for BME280 specifics") 439ce8961bdd ("iio: pressure: bmp280: Improve indentation and line wrapping") 33564435c808 ("iio: pressure: bmp280: Allow multiple chips id per family of devices") a2d43f44628f ("iio: pressure: fix some word spelling errors") accb9d05df39 ("iio: pressure: bmp280: Add nvmem operations for BMP580") 597dfb2af052 ("iio: pressure: bmp280: Add support for new sensor BMP580") 42cde8808573 ("iio: pressure: Kconfig: Delete misleading I2C reference on bmp280 title") c25ea00fefa4 ("iio: pressure: bmp280: Add preinit callback") 0b0b772637cd ("iio: pressure: bmp280: Use chip_info pointers for each chip as driver data") 12491d35551d ("iio: pressure: bmp280: convert to i2c's .probe_new()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b9065b0250e1705935445ede0a18c1850afe7b75 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:49 +0200 Subject: [PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device Up to now, the BMP280 device is using the regmap of the BME280 which has registers that exist only in the BME280 device. Fixes: 14e8015f8569 ("iio: pressure: bmp280: split driver in logical parts") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-2-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index 2fc5724196e3..cc8553177977 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1186,7 +1186,7 @@ const struct bmp280_chip_info bme280_chip_info = { .id_reg = BMP280_REG_ID, .chip_id = bme280_chip_ids, .num_chip_id = ARRAY_SIZE(bme280_chip_ids), - .regmap_config = &bmp280_regmap_config, + .regmap_config = &bme280_regmap_config, .start_up_time = 2000, .channels = bme280_channels, .num_channels = ARRAY_SIZE(bme280_channels), diff --git a/drivers/iio/pressure/bmp280-regmap.c b/drivers/iio/pressure/bmp280-regmap.c index fa52839474b1..d27d68edd906 100644 --- a/drivers/iio/pressure/bmp280-regmap.c +++ b/drivers/iio/pressure/bmp280-regmap.c @@ -41,7 +41,7 @@ const struct regmap_config bmp180_regmap_config = { }; EXPORT_SYMBOL_NS(bmp180_regmap_config, IIO_BMP280); -static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +static bool bme280_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { case BMP280_REG_CONFIG: @@ -54,7 +54,35 @@ static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) } } +static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_CONFIG: + case BMP280_REG_CTRL_MEAS: + case BMP280_REG_RESET: + return true; + default: + return false; + } +} + static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_TEMP_XLSB: + case BMP280_REG_TEMP_LSB: + case BMP280_REG_TEMP_MSB: + case BMP280_REG_PRESS_XLSB: + case BMP280_REG_PRESS_LSB: + case BMP280_REG_PRESS_MSB: + case BMP280_REG_STATUS: + return true; + default: + return false; + } +} + +static bool bme280_is_volatile_reg(struct device *dev, unsigned int reg) { switch (reg) { case BME280_REG_HUMIDITY_LSB: @@ -71,7 +99,6 @@ static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) return false; } } - static bool bmp380_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { @@ -167,7 +194,7 @@ const struct regmap_config bmp280_regmap_config = { .reg_bits = 8, .val_bits = 8, - .max_register = BME280_REG_HUMIDITY_LSB, + .max_register = BMP280_REG_TEMP_XLSB, .cache_type = REGCACHE_RBTREE, .writeable_reg = bmp280_is_writeable_reg, @@ -175,6 +202,18 @@ const struct regmap_config bmp280_regmap_config = { }; EXPORT_SYMBOL_NS(bmp280_regmap_config, IIO_BMP280); +const struct regmap_config bme280_regmap_config = { + .reg_bits = 8, + .val_bits = 8, + + .max_register = BME280_REG_HUMIDITY_LSB, + .cache_type = REGCACHE_RBTREE, + + .writeable_reg = bme280_is_writeable_reg, + .volatile_reg = bme280_is_volatile_reg, +}; +EXPORT_SYMBOL_NS(bme280_regmap_config, IIO_BMP280); + const struct regmap_config bmp380_regmap_config = { .reg_bits = 8, .val_bits = 8, diff --git a/drivers/iio/pressure/bmp280.h b/drivers/iio/pressure/bmp280.h index 0933e411ae2c..4b0ebce001df 100644 --- a/drivers/iio/pressure/bmp280.h +++ b/drivers/iio/pressure/bmp280.h @@ -490,6 +490,7 @@ extern const struct bmp280_chip_info bmp580_chip_info; /* Regmap configurations */ extern const struct regmap_config bmp180_regmap_config; extern const struct regmap_config bmp280_regmap_config; +extern const struct regmap_config bme280_regmap_config; extern const struct regmap_config bmp380_regmap_config; extern const struct regmap_config bmp580_regmap_config;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b9065b0250e1705935445ede0a18c1850afe7b75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100728-festivity-collide-66b2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: b9065b0250e1 ("iio: pressure: bmp280: Fix regmap for BMP280 device") b23be4cd99a6 ("iio: pressure: bmp280: Use BME prefix for BME280 specifics") 439ce8961bdd ("iio: pressure: bmp280: Improve indentation and line wrapping") 33564435c808 ("iio: pressure: bmp280: Allow multiple chips id per family of devices") a2d43f44628f ("iio: pressure: fix some word spelling errors") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b9065b0250e1705935445ede0a18c1850afe7b75 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:49 +0200 Subject: [PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device Up to now, the BMP280 device is using the regmap of the BME280 which has registers that exist only in the BME280 device. Fixes: 14e8015f8569 ("iio: pressure: bmp280: split driver in logical parts") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-2-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index 2fc5724196e3..cc8553177977 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1186,7 +1186,7 @@ const struct bmp280_chip_info bme280_chip_info = { .id_reg = BMP280_REG_ID, .chip_id = bme280_chip_ids, .num_chip_id = ARRAY_SIZE(bme280_chip_ids), - .regmap_config = &bmp280_regmap_config, + .regmap_config = &bme280_regmap_config, .start_up_time = 2000, .channels = bme280_channels, .num_channels = ARRAY_SIZE(bme280_channels), diff --git a/drivers/iio/pressure/bmp280-regmap.c b/drivers/iio/pressure/bmp280-regmap.c index fa52839474b1..d27d68edd906 100644 --- a/drivers/iio/pressure/bmp280-regmap.c +++ b/drivers/iio/pressure/bmp280-regmap.c @@ -41,7 +41,7 @@ const struct regmap_config bmp180_regmap_config = { }; EXPORT_SYMBOL_NS(bmp180_regmap_config, IIO_BMP280); -static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +static bool bme280_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { case BMP280_REG_CONFIG: @@ -54,7 +54,35 @@ static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) } } +static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_CONFIG: + case BMP280_REG_CTRL_MEAS: + case BMP280_REG_RESET: + return true; + default: + return false; + } +} + static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_TEMP_XLSB: + case BMP280_REG_TEMP_LSB: + case BMP280_REG_TEMP_MSB: + case BMP280_REG_PRESS_XLSB: + case BMP280_REG_PRESS_LSB: + case BMP280_REG_PRESS_MSB: + case BMP280_REG_STATUS: + return true; + default: + return false; + } +} + +static bool bme280_is_volatile_reg(struct device *dev, unsigned int reg) { switch (reg) { case BME280_REG_HUMIDITY_LSB: @@ -71,7 +99,6 @@ static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) return false; } } - static bool bmp380_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { @@ -167,7 +194,7 @@ const struct regmap_config bmp280_regmap_config = { .reg_bits = 8, .val_bits = 8, - .max_register = BME280_REG_HUMIDITY_LSB, + .max_register = BMP280_REG_TEMP_XLSB, .cache_type = REGCACHE_RBTREE, .writeable_reg = bmp280_is_writeable_reg, @@ -175,6 +202,18 @@ const struct regmap_config bmp280_regmap_config = { }; EXPORT_SYMBOL_NS(bmp280_regmap_config, IIO_BMP280); +const struct regmap_config bme280_regmap_config = { + .reg_bits = 8, + .val_bits = 8, + + .max_register = BME280_REG_HUMIDITY_LSB, + .cache_type = REGCACHE_RBTREE, + + .writeable_reg = bme280_is_writeable_reg, + .volatile_reg = bme280_is_volatile_reg, +}; +EXPORT_SYMBOL_NS(bme280_regmap_config, IIO_BMP280); + const struct regmap_config bmp380_regmap_config = { .reg_bits = 8, .val_bits = 8, diff --git a/drivers/iio/pressure/bmp280.h b/drivers/iio/pressure/bmp280.h index 0933e411ae2c..4b0ebce001df 100644 --- a/drivers/iio/pressure/bmp280.h +++ b/drivers/iio/pressure/bmp280.h @@ -490,6 +490,7 @@ extern const struct bmp280_chip_info bmp580_chip_info; /* Regmap configurations */ extern const struct regmap_config bmp180_regmap_config; extern const struct regmap_config bmp280_regmap_config; +extern const struct regmap_config bme280_regmap_config; extern const struct regmap_config bmp380_regmap_config; extern const struct regmap_config bmp580_regmap_config;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x b9065b0250e1705935445ede0a18c1850afe7b75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100728-unaltered-antitrust-9f98@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: b9065b0250e1 ("iio: pressure: bmp280: Fix regmap for BMP280 device") b23be4cd99a6 ("iio: pressure: bmp280: Use BME prefix for BME280 specifics") 439ce8961bdd ("iio: pressure: bmp280: Improve indentation and line wrapping") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b9065b0250e1705935445ede0a18c1850afe7b75 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 11 Jul 2024 23:15:49 +0200 Subject: [PATCH] iio: pressure: bmp280: Fix regmap for BMP280 device Up to now, the BMP280 device is using the regmap of the BME280 which has registers that exist only in the BME280 device. Fixes: 14e8015f8569 ("iio: pressure: bmp280: split driver in logical parts") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://patch.msgid.link/20240711211558.106327-2-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/pressure/bmp280-core.c b/drivers/iio/pressure/bmp280-core.c index 2fc5724196e3..cc8553177977 100644 --- a/drivers/iio/pressure/bmp280-core.c +++ b/drivers/iio/pressure/bmp280-core.c @@ -1186,7 +1186,7 @@ const struct bmp280_chip_info bme280_chip_info = { .id_reg = BMP280_REG_ID, .chip_id = bme280_chip_ids, .num_chip_id = ARRAY_SIZE(bme280_chip_ids), - .regmap_config = &bmp280_regmap_config, + .regmap_config = &bme280_regmap_config, .start_up_time = 2000, .channels = bme280_channels, .num_channels = ARRAY_SIZE(bme280_channels), diff --git a/drivers/iio/pressure/bmp280-regmap.c b/drivers/iio/pressure/bmp280-regmap.c index fa52839474b1..d27d68edd906 100644 --- a/drivers/iio/pressure/bmp280-regmap.c +++ b/drivers/iio/pressure/bmp280-regmap.c @@ -41,7 +41,7 @@ const struct regmap_config bmp180_regmap_config = { }; EXPORT_SYMBOL_NS(bmp180_regmap_config, IIO_BMP280); -static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +static bool bme280_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { case BMP280_REG_CONFIG: @@ -54,7 +54,35 @@ static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) } } +static bool bmp280_is_writeable_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_CONFIG: + case BMP280_REG_CTRL_MEAS: + case BMP280_REG_RESET: + return true; + default: + return false; + } +} + static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) +{ + switch (reg) { + case BMP280_REG_TEMP_XLSB: + case BMP280_REG_TEMP_LSB: + case BMP280_REG_TEMP_MSB: + case BMP280_REG_PRESS_XLSB: + case BMP280_REG_PRESS_LSB: + case BMP280_REG_PRESS_MSB: + case BMP280_REG_STATUS: + return true; + default: + return false; + } +} + +static bool bme280_is_volatile_reg(struct device *dev, unsigned int reg) { switch (reg) { case BME280_REG_HUMIDITY_LSB: @@ -71,7 +99,6 @@ static bool bmp280_is_volatile_reg(struct device *dev, unsigned int reg) return false; } } - static bool bmp380_is_writeable_reg(struct device *dev, unsigned int reg) { switch (reg) { @@ -167,7 +194,7 @@ const struct regmap_config bmp280_regmap_config = { .reg_bits = 8, .val_bits = 8, - .max_register = BME280_REG_HUMIDITY_LSB, + .max_register = BMP280_REG_TEMP_XLSB, .cache_type = REGCACHE_RBTREE, .writeable_reg = bmp280_is_writeable_reg, @@ -175,6 +202,18 @@ const struct regmap_config bmp280_regmap_config = { }; EXPORT_SYMBOL_NS(bmp280_regmap_config, IIO_BMP280); +const struct regmap_config bme280_regmap_config = { + .reg_bits = 8, + .val_bits = 8, + + .max_register = BME280_REG_HUMIDITY_LSB, + .cache_type = REGCACHE_RBTREE, + + .writeable_reg = bme280_is_writeable_reg, + .volatile_reg = bme280_is_volatile_reg, +}; +EXPORT_SYMBOL_NS(bme280_regmap_config, IIO_BMP280); + const struct regmap_config bmp380_regmap_config = { .reg_bits = 8, .val_bits = 8, diff --git a/drivers/iio/pressure/bmp280.h b/drivers/iio/pressure/bmp280.h index 0933e411ae2c..4b0ebce001df 100644 --- a/drivers/iio/pressure/bmp280.h +++ b/drivers/iio/pressure/bmp280.h @@ -490,6 +490,7 @@ extern const struct bmp280_chip_info bmp580_chip_info; /* Regmap configurations */ extern const struct regmap_config bmp180_regmap_config; extern const struct regmap_config bmp280_regmap_config; +extern const struct regmap_config bme280_regmap_config; extern const struct regmap_config bmp380_regmap_config; extern const struct regmap_config bmp580_regmap_config;

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: qcom: camss: Fix ordering of pm_runtime_enable" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a151766bd3688f6803e706c6433a7c8d3c6a6a94 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100751-esquire-carol-bffe@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: a151766bd368 ("media: qcom: camss: Fix ordering of pm_runtime_enable") f69791c39745 ("media: qcom: camss: Fix genpd cleanup") b278080a89f4 ("media: qcom: camss: Fix V4L2 async notifier error path") 7405116519ad ("media: qcom: camss: Fix pm_domain_on sequence in probe") 5651bab6890a ("media: qcom: Initialise V4L2 async notifier later") 428bbf4be401 ("media: camss: Convert to platform remove callback returning void") 46cc03175498 ("media: camss: Split power domain management") 3d658980e6da ("media: camss: Do not attach an already attached power domain on MSM8916 platform") cf295629e3d6 ("media: camss: Allocate camss struct as a managed device resource") 6b1814e26989 ("media: camss: Allocate power domain resources dynamically") 5ba38efb2622 ("media: camss: Add SM8250 bandwdith configuration support") b4436a18eedb ("media: camss: add support for SM8250 camss") 4edc8eae715c ("media: camss: Add initial support for VFE hardware version Titan 480") 3c8c15391481 ("media: v4l: async: Rename async nf functions, clean up long lines") 2070893aed11 ("media: rcar-vin: Move group async notifier") 161b56a82dba ("media: rcar-vin: Rename array storing subdevice information") 6df305779291 ("media: rcar-vin: Improve async notifier cleanup paths") b2dc5680aeb4 ("media: rcar-vin: Refactor controls creation for video device") f33fd8d77dd0 ("media: imx: add a driver for i.MX8MQ mipi csi rx phy and controller") 6f8f9fdec8e4 ("media: Documentation: media: Fix v4l2-async kerneldoc syntax") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a151766bd3688f6803e706c6433a7c8d3c6a6a94 Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Date: Mon, 29 Jul 2024 13:42:03 +0100 Subject: [PATCH] media: qcom: camss: Fix ordering of pm_runtime_enable pm_runtime_enable() should happen prior to vfe_get() since vfe_get() calls pm_runtime_resume_and_get(). This is a basic race condition that doesn't show up for most users so is not widely reported. If you blacklist qcom-camss in modules.d and then subsequently modprobe the module post-boot it is possible to reliably show this error up. The kernel log for this error looks like this: qcom-camss ac5a000.camss: Failed to power up pipeline: -13 Fixes: 02afa816dbbf ("media: camss: Add basic runtime PM support") Reported-by: Johan Hovold <johan+linaro(a)kernel.org> Closes: https://lore.kernel.org/lkml/ZoVNHOTI0PKMNt4_@hovoldconsulting.com/ Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Konrad Dybcio <konradybcio(a)kernel.org> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c index 51b1d3550421..d64985ca6e88 100644 --- a/drivers/media/platform/qcom/camss/camss.c +++ b/drivers/media/platform/qcom/camss/camss.c @@ -2283,6 +2283,8 @@ static int camss_probe(struct platform_device *pdev) v4l2_async_nf_init(&camss->notifier, &camss->v4l2_dev); + pm_runtime_enable(dev); + num_subdevs = camss_of_parse_ports(camss); if (num_subdevs < 0) { ret = num_subdevs; @@ -2323,8 +2325,6 @@ static int camss_probe(struct platform_device *pdev) } } - pm_runtime_enable(dev); - return 0; err_register_subdevs: @@ -2332,6 +2332,7 @@ static int camss_probe(struct platform_device *pdev) err_v4l2_device_unregister: v4l2_device_unregister(&camss->v4l2_dev); v4l2_async_nf_cleanup(&camss->notifier); + pm_runtime_disable(dev); err_genpd_cleanup: camss_genpd_cleanup(camss);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: qcom: camss: Fix ordering of pm_runtime_enable" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x a151766bd3688f6803e706c6433a7c8d3c6a6a94 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100752-transport-oversleep-2bf8@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: a151766bd368 ("media: qcom: camss: Fix ordering of pm_runtime_enable") f69791c39745 ("media: qcom: camss: Fix genpd cleanup") b278080a89f4 ("media: qcom: camss: Fix V4L2 async notifier error path") 7405116519ad ("media: qcom: camss: Fix pm_domain_on sequence in probe") 5651bab6890a ("media: qcom: Initialise V4L2 async notifier later") 428bbf4be401 ("media: camss: Convert to platform remove callback returning void") 46cc03175498 ("media: camss: Split power domain management") 3d658980e6da ("media: camss: Do not attach an already attached power domain on MSM8916 platform") cf295629e3d6 ("media: camss: Allocate camss struct as a managed device resource") 6b1814e26989 ("media: camss: Allocate power domain resources dynamically") 5ba38efb2622 ("media: camss: Add SM8250 bandwdith configuration support") b4436a18eedb ("media: camss: add support for SM8250 camss") 4edc8eae715c ("media: camss: Add initial support for VFE hardware version Titan 480") 3c8c15391481 ("media: v4l: async: Rename async nf functions, clean up long lines") 2070893aed11 ("media: rcar-vin: Move group async notifier") 161b56a82dba ("media: rcar-vin: Rename array storing subdevice information") 6df305779291 ("media: rcar-vin: Improve async notifier cleanup paths") b2dc5680aeb4 ("media: rcar-vin: Refactor controls creation for video device") f33fd8d77dd0 ("media: imx: add a driver for i.MX8MQ mipi csi rx phy and controller") 6f8f9fdec8e4 ("media: Documentation: media: Fix v4l2-async kerneldoc syntax") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a151766bd3688f6803e706c6433a7c8d3c6a6a94 Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Date: Mon, 29 Jul 2024 13:42:03 +0100 Subject: [PATCH] media: qcom: camss: Fix ordering of pm_runtime_enable pm_runtime_enable() should happen prior to vfe_get() since vfe_get() calls pm_runtime_resume_and_get(). This is a basic race condition that doesn't show up for most users so is not widely reported. If you blacklist qcom-camss in modules.d and then subsequently modprobe the module post-boot it is possible to reliably show this error up. The kernel log for this error looks like this: qcom-camss ac5a000.camss: Failed to power up pipeline: -13 Fixes: 02afa816dbbf ("media: camss: Add basic runtime PM support") Reported-by: Johan Hovold <johan+linaro(a)kernel.org> Closes: https://lore.kernel.org/lkml/ZoVNHOTI0PKMNt4_@hovoldconsulting.com/ Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Konrad Dybcio <konradybcio(a)kernel.org> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c index 51b1d3550421..d64985ca6e88 100644 --- a/drivers/media/platform/qcom/camss/camss.c +++ b/drivers/media/platform/qcom/camss/camss.c @@ -2283,6 +2283,8 @@ static int camss_probe(struct platform_device *pdev) v4l2_async_nf_init(&camss->notifier, &camss->v4l2_dev); + pm_runtime_enable(dev); + num_subdevs = camss_of_parse_ports(camss); if (num_subdevs < 0) { ret = num_subdevs; @@ -2323,8 +2325,6 @@ static int camss_probe(struct platform_device *pdev) } } - pm_runtime_enable(dev); - return 0; err_register_subdevs: @@ -2332,6 +2332,7 @@ static int camss_probe(struct platform_device *pdev) err_v4l2_device_unregister: v4l2_device_unregister(&camss->v4l2_dev); v4l2_async_nf_cleanup(&camss->notifier); + pm_runtime_disable(dev); err_genpd_cleanup: camss_genpd_cleanup(camss);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: qcom: camss: Fix ordering of pm_runtime_enable" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a151766bd3688f6803e706c6433a7c8d3c6a6a94 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100750-precook-fidgeting-acf8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: a151766bd368 ("media: qcom: camss: Fix ordering of pm_runtime_enable") f69791c39745 ("media: qcom: camss: Fix genpd cleanup") b278080a89f4 ("media: qcom: camss: Fix V4L2 async notifier error path") 7405116519ad ("media: qcom: camss: Fix pm_domain_on sequence in probe") 5651bab6890a ("media: qcom: Initialise V4L2 async notifier later") 428bbf4be401 ("media: camss: Convert to platform remove callback returning void") 46cc03175498 ("media: camss: Split power domain management") 3d658980e6da ("media: camss: Do not attach an already attached power domain on MSM8916 platform") cf295629e3d6 ("media: camss: Allocate camss struct as a managed device resource") 6b1814e26989 ("media: camss: Allocate power domain resources dynamically") 5ba38efb2622 ("media: camss: Add SM8250 bandwdith configuration support") b4436a18eedb ("media: camss: add support for SM8250 camss") 4edc8eae715c ("media: camss: Add initial support for VFE hardware version Titan 480") 3c8c15391481 ("media: v4l: async: Rename async nf functions, clean up long lines") 2070893aed11 ("media: rcar-vin: Move group async notifier") 161b56a82dba ("media: rcar-vin: Rename array storing subdevice information") 6df305779291 ("media: rcar-vin: Improve async notifier cleanup paths") b2dc5680aeb4 ("media: rcar-vin: Refactor controls creation for video device") f33fd8d77dd0 ("media: imx: add a driver for i.MX8MQ mipi csi rx phy and controller") 6f8f9fdec8e4 ("media: Documentation: media: Fix v4l2-async kerneldoc syntax") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a151766bd3688f6803e706c6433a7c8d3c6a6a94 Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Date: Mon, 29 Jul 2024 13:42:03 +0100 Subject: [PATCH] media: qcom: camss: Fix ordering of pm_runtime_enable pm_runtime_enable() should happen prior to vfe_get() since vfe_get() calls pm_runtime_resume_and_get(). This is a basic race condition that doesn't show up for most users so is not widely reported. If you blacklist qcom-camss in modules.d and then subsequently modprobe the module post-boot it is possible to reliably show this error up. The kernel log for this error looks like this: qcom-camss ac5a000.camss: Failed to power up pipeline: -13 Fixes: 02afa816dbbf ("media: camss: Add basic runtime PM support") Reported-by: Johan Hovold <johan+linaro(a)kernel.org> Closes: https://lore.kernel.org/lkml/ZoVNHOTI0PKMNt4_@hovoldconsulting.com/ Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Konrad Dybcio <konradybcio(a)kernel.org> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c index 51b1d3550421..d64985ca6e88 100644 --- a/drivers/media/platform/qcom/camss/camss.c +++ b/drivers/media/platform/qcom/camss/camss.c @@ -2283,6 +2283,8 @@ static int camss_probe(struct platform_device *pdev) v4l2_async_nf_init(&camss->notifier, &camss->v4l2_dev); + pm_runtime_enable(dev); + num_subdevs = camss_of_parse_ports(camss); if (num_subdevs < 0) { ret = num_subdevs; @@ -2323,8 +2325,6 @@ static int camss_probe(struct platform_device *pdev) } } - pm_runtime_enable(dev); - return 0; err_register_subdevs: @@ -2332,6 +2332,7 @@ static int camss_probe(struct platform_device *pdev) err_v4l2_device_unregister: v4l2_device_unregister(&camss->v4l2_dev); v4l2_async_nf_cleanup(&camss->notifier); + pm_runtime_disable(dev); err_genpd_cleanup: camss_genpd_cleanup(camss);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: qcom: camss: Fix ordering of pm_runtime_enable" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a151766bd3688f6803e706c6433a7c8d3c6a6a94 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100750-catalyst-lankiness-bd40@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: a151766bd368 ("media: qcom: camss: Fix ordering of pm_runtime_enable") f69791c39745 ("media: qcom: camss: Fix genpd cleanup") b278080a89f4 ("media: qcom: camss: Fix V4L2 async notifier error path") 7405116519ad ("media: qcom: camss: Fix pm_domain_on sequence in probe") 5651bab6890a ("media: qcom: Initialise V4L2 async notifier later") 428bbf4be401 ("media: camss: Convert to platform remove callback returning void") 46cc03175498 ("media: camss: Split power domain management") 3d658980e6da ("media: camss: Do not attach an already attached power domain on MSM8916 platform") cf295629e3d6 ("media: camss: Allocate camss struct as a managed device resource") 6b1814e26989 ("media: camss: Allocate power domain resources dynamically") 5ba38efb2622 ("media: camss: Add SM8250 bandwdith configuration support") b4436a18eedb ("media: camss: add support for SM8250 camss") 4edc8eae715c ("media: camss: Add initial support for VFE hardware version Titan 480") 3c8c15391481 ("media: v4l: async: Rename async nf functions, clean up long lines") 2070893aed11 ("media: rcar-vin: Move group async notifier") 161b56a82dba ("media: rcar-vin: Rename array storing subdevice information") 6df305779291 ("media: rcar-vin: Improve async notifier cleanup paths") b2dc5680aeb4 ("media: rcar-vin: Refactor controls creation for video device") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a151766bd3688f6803e706c6433a7c8d3c6a6a94 Mon Sep 17 00:00:00 2001 From: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Date: Mon, 29 Jul 2024 13:42:03 +0100 Subject: [PATCH] media: qcom: camss: Fix ordering of pm_runtime_enable pm_runtime_enable() should happen prior to vfe_get() since vfe_get() calls pm_runtime_resume_and_get(). This is a basic race condition that doesn't show up for most users so is not widely reported. If you blacklist qcom-camss in modules.d and then subsequently modprobe the module post-boot it is possible to reliably show this error up. The kernel log for this error looks like this: qcom-camss ac5a000.camss: Failed to power up pipeline: -13 Fixes: 02afa816dbbf ("media: camss: Add basic runtime PM support") Reported-by: Johan Hovold <johan+linaro(a)kernel.org> Closes: https://lore.kernel.org/lkml/ZoVNHOTI0PKMNt4_@hovoldconsulting.com/ Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Konrad Dybcio <konradybcio(a)kernel.org> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c index 51b1d3550421..d64985ca6e88 100644 --- a/drivers/media/platform/qcom/camss/camss.c +++ b/drivers/media/platform/qcom/camss/camss.c @@ -2283,6 +2283,8 @@ static int camss_probe(struct platform_device *pdev) v4l2_async_nf_init(&camss->notifier, &camss->v4l2_dev); + pm_runtime_enable(dev); + num_subdevs = camss_of_parse_ports(camss); if (num_subdevs < 0) { ret = num_subdevs; @@ -2323,8 +2325,6 @@ static int camss_probe(struct platform_device *pdev) } } - pm_runtime_enable(dev); - return 0; err_register_subdevs: @@ -2332,6 +2332,7 @@ static int camss_probe(struct platform_device *pdev) err_v4l2_device_unregister: v4l2_device_unregister(&camss->v4l2_dev); v4l2_async_nf_cleanup(&camss->notifier); + pm_runtime_disable(dev); err_genpd_cleanup: camss_genpd_cleanup(camss);

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 217a5f23c290c349ceaa37a6f2c014ad4c2d5759 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100733-baggie-dirtiness-7e34@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 217a5f23c290 ("clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix") ef4923c8e052 ("clk: samsung: exynos7885: do not define number of clocks in bindings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 217a5f23c290c349ceaa37a6f2c014ad4c2d5759 Mon Sep 17 00:00:00 2001 From: David Virag <virag.david003(a)gmail.com> Date: Tue, 6 Aug 2024 14:11:47 +0200 Subject: [PATCH] clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix Update CLKS_NR_FSYS to the proper value after a fix in DT bindings. This should always be the last clock in a CMU + 1. Fixes: cd268e309c29 ("dt-bindings: clock: Add bindings for Exynos7885 CMU_FSYS") Cc: stable(a)vger.kernel.org Signed-off-by: David Virag <virag.david003(a)gmail.com> Link: https://lore.kernel.org/r/20240806121157.479212-5-virag.david003@gmail.com Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> diff --git a/drivers/clk/samsung/clk-exynos7885.c b/drivers/clk/samsung/clk-exynos7885.c index f7d7427a558b..87387d4cbf48 100644 --- a/drivers/clk/samsung/clk-exynos7885.c +++ b/drivers/clk/samsung/clk-exynos7885.c @@ -20,7 +20,7 @@ #define CLKS_NR_TOP (CLK_GOUT_FSYS_USB30DRD + 1) #define CLKS_NR_CORE (CLK_GOUT_TREX_P_CORE_PCLK_P_CORE + 1) #define CLKS_NR_PERI (CLK_GOUT_WDT1_PCLK + 1) -#define CLKS_NR_FSYS (CLK_GOUT_MMC_SDIO_SDCLKIN + 1) +#define CLKS_NR_FSYS (CLK_MOUT_FSYS_USB30DRD_USER + 1) /* ---- CMU_TOP ------------------------------------------------------------- */

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 217a5f23c290c349ceaa37a6f2c014ad4c2d5759 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100731-affidavit-legibly-02fb@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 217a5f23c290c349ceaa37a6f2c014ad4c2d5759 Mon Sep 17 00:00:00 2001 From: David Virag <virag.david003(a)gmail.com> Date: Tue, 6 Aug 2024 14:11:47 +0200 Subject: [PATCH] clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix Update CLKS_NR_FSYS to the proper value after a fix in DT bindings. This should always be the last clock in a CMU + 1. Fixes: cd268e309c29 ("dt-bindings: clock: Add bindings for Exynos7885 CMU_FSYS") Cc: stable(a)vger.kernel.org Signed-off-by: David Virag <virag.david003(a)gmail.com> Link: https://lore.kernel.org/r/20240806121157.479212-5-virag.david003@gmail.com Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> diff --git a/drivers/clk/samsung/clk-exynos7885.c b/drivers/clk/samsung/clk-exynos7885.c index f7d7427a558b..87387d4cbf48 100644 --- a/drivers/clk/samsung/clk-exynos7885.c +++ b/drivers/clk/samsung/clk-exynos7885.c @@ -20,7 +20,7 @@ #define CLKS_NR_TOP (CLK_GOUT_FSYS_USB30DRD + 1) #define CLKS_NR_CORE (CLK_GOUT_TREX_P_CORE_PCLK_P_CORE + 1) #define CLKS_NR_PERI (CLK_GOUT_WDT1_PCLK + 1) -#define CLKS_NR_FSYS (CLK_GOUT_MMC_SDIO_SDCLKIN + 1) +#define CLKS_NR_FSYS (CLK_MOUT_FSYS_USB30DRD_USER + 1) /* ---- CMU_TOP ------------------------------------------------------------- */

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1fc8c02e1d80463ce1b361d82b83fc43bb92d964 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100703-shredding-trifle-c981@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 1fc8c02e1d80 ("clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on sc8180x") 9f93a0a42860 ("clk: qcom: common: commonize qcom_cc_really_probe") aa9fc5c90814 ("clk: qcom: Add Video Clock Controller driver for SM7150") 9f0532da4226 ("clk: qcom: Add Camera Clock Controller driver for SM7150") 3829c412197e ("clk: qcom: Add Display Clock Controller driver for SM7150") 76126a5129b5 ("clk: qcom: Add camcc clock driver for x1e80100") acddef6e1744 ("clk: qcom: Add GPU clock driver for x1e80100") ee3f0739035f ("clk: qcom: Add dispcc clock driver for x1e80100") 2ff787e34174 ("clk: qcom: gcc-sm8150: Register QUPv3 RCGs for DFS on SM8150") f6bda45310ff ("clk: qcom: videocc-sm8150: Add runtime PM support") 161b7c401f4b ("clk: qcom: Add Global Clock controller (GCC) driver for X1E80100") e146252ac160 ("clk: qcom: Add ECPRICC driver support for QDU1000 and QRU1000") 8676fd4f3874 ("clk: qcom: add the SM8650 GPU Clock Controller driver") 9e939f008338 ("clk: qcom: add the SM8650 Display Clock Controller driver") e3388328e47c ("clk: qcom: add the SM8650 TCSR Clock Controller driver") aa381a2bdf1d ("clk: qcom: add the SM8650 Global Clock Controller driver, part 2") c58225b7e3d7 ("clk: qcom: add the SM8650 Global Clock Controller driver, part 1") ff93872a9c61 ("clk: qcom: camcc-sc8280xp: Add sc8280xp CAMCC") 0a6d7f8275f2 ("Merge branch 'clk-cleanup' into clk-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1fc8c02e1d80463ce1b361d82b83fc43bb92d964 Mon Sep 17 00:00:00 2001 From: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Date: Mon, 12 Aug 2024 10:43:01 +0530 Subject: [PATCH] clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on sc8180x QUPv3 clocks support DFS on sc8180x platform but currently the code changes for it are missing from the driver, this results in not populating all the DFS supported frequencies and returns incorrect frequency when the clients request for them. Hence add the DFS registration for QUPv3 RCGs. Fixes: 4433594bbe5d ("clk: qcom: gcc: Add global clock controller driver for SC8180x") Cc: stable(a)vger.kernel.org Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Link: https://lore.kernel.org/r/20240812-gcc-sc8180x-fixes-v2-1-8b3eaa5fb856@quic… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/clk/qcom/gcc-sc8180x.c b/drivers/clk/qcom/gcc-sc8180x.c index 113f9513b2df..d25c5dc37f91 100644 --- a/drivers/clk/qcom/gcc-sc8180x.c +++ b/drivers/clk/qcom/gcc-sc8180x.c @@ -609,19 +609,29 @@ static const struct freq_tbl ftbl_gcc_qupv3_wrap0_s0_clk_src[] = { { } }; +static struct clk_init_data gcc_qupv3_wrap0_s0_clk_src_init = { + .name = "gcc_qupv3_wrap0_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, +}; + static struct clk_rcg2 gcc_qupv3_wrap0_s0_clk_src = { .cmd_rcgr = 0x17148, .mnd_width = 16, .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s1_clk_src_init = { + .name = "gcc_qupv3_wrap0_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s1_clk_src = { @@ -630,13 +640,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s1_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s2_clk_src_init = { + .name = "gcc_qupv3_wrap0_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s2_clk_src = { @@ -645,13 +657,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s2_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s3_clk_src_init = { + .name = "gcc_qupv3_wrap0_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s3_clk_src = { @@ -660,13 +674,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s4_clk_src_init = { + .name = "gcc_qupv3_wrap0_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s4_clk_src = { @@ -675,13 +691,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s5_clk_src_init = { + .name = "gcc_qupv3_wrap0_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s5_clk_src = { @@ -690,13 +708,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s5_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s6_clk_src_init = { + .name = "gcc_qupv3_wrap0_s6_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s6_clk_src = { @@ -705,13 +725,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s6_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s6_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s6_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s7_clk_src_init = { + .name = "gcc_qupv3_wrap0_s7_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s7_clk_src = { @@ -720,13 +742,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s7_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s7_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s7_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s0_clk_src_init = { + .name = "gcc_qupv3_wrap1_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s0_clk_src = { @@ -735,13 +759,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s0_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s1_clk_src_init = { + .name = "gcc_qupv3_wrap1_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s1_clk_src = { @@ -750,13 +776,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s1_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s2_clk_src_init = { + .name = "gcc_qupv3_wrap1_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s2_clk_src = { @@ -765,13 +793,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s2_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s3_clk_src_init = { + .name = "gcc_qupv3_wrap1_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s3_clk_src = { @@ -780,13 +810,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s4_clk_src_init = { + .name = "gcc_qupv3_wrap1_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s4_clk_src = { @@ -795,13 +827,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s5_clk_src_init = { + .name = "gcc_qupv3_wrap1_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s5_clk_src = { @@ -810,13 +844,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s5_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s0_clk_src_init = { + .name = "gcc_qupv3_wrap2_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s0_clk_src = { @@ -825,13 +861,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s0_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s1_clk_src_init = { + .name = "gcc_qupv3_wrap2_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s1_clk_src = { @@ -840,28 +878,33 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s1_clk_src_init, }; +static struct clk_init_data gcc_qupv3_wrap2_s2_clk_src_init = { + .name = "gcc_qupv3_wrap2_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, +}; + + static struct clk_rcg2 gcc_qupv3_wrap2_s2_clk_src = { .cmd_rcgr = 0x1e3a8, .mnd_width = 16, .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s3_clk_src_init = { + .name = "gcc_qupv3_wrap2_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s3_clk_src = { @@ -870,13 +913,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s4_clk_src_init = { + .name = "gcc_qupv3_wrap2_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s4_clk_src = { @@ -885,13 +930,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s5_clk_src_init = { + .name = "gcc_qupv3_wrap2_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s5_clk_src = { @@ -900,13 +947,7 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s5_clk_src_init, }; static const struct freq_tbl ftbl_gcc_sdcc2_apps_clk_src[] = { @@ -4565,6 +4606,29 @@ static const struct qcom_reset_map gcc_sc8180x_resets[] = { [GCC_VIDEO_AXI1_CLK_BCR] = { .reg = 0xb028, .bit = 2, .udelay = 150 }, }; +static const struct clk_rcg_dfs_data gcc_dfs_clocks[] = { + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s5_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s6_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s7_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s5_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s5_clk_src), +}; + static struct gdsc *gcc_sc8180x_gdscs[] = { [EMAC_GDSC] = &emac_gdsc, [PCIE_0_GDSC] = &pcie_0_gdsc, @@ -4606,6 +4670,7 @@ MODULE_DEVICE_TABLE(of, gcc_sc8180x_match_table); static int gcc_sc8180x_probe(struct platform_device *pdev) { struct regmap *regmap; + int ret; regmap = qcom_cc_map(pdev, &gcc_sc8180x_desc); if (IS_ERR(regmap)) @@ -4627,6 +4692,11 @@ static int gcc_sc8180x_probe(struct platform_device *pdev) regmap_update_bits(regmap, 0x4d110, 0x3, 0x3); regmap_update_bits(regmap, 0x71028, 0x3, 0x3); + ret = qcom_cc_register_rcg_dfs(regmap, gcc_dfs_clocks, + ARRAY_SIZE(gcc_dfs_clocks)); + if (ret) + return ret; + return qcom_cc_really_probe(&pdev->dev, &gcc_sc8180x_desc, regmap); }

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1fc8c02e1d80463ce1b361d82b83fc43bb92d964 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100701-hazily-excusable-eb9b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 1fc8c02e1d80 ("clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on sc8180x") 9f93a0a42860 ("clk: qcom: common: commonize qcom_cc_really_probe") aa9fc5c90814 ("clk: qcom: Add Video Clock Controller driver for SM7150") 9f0532da4226 ("clk: qcom: Add Camera Clock Controller driver for SM7150") 3829c412197e ("clk: qcom: Add Display Clock Controller driver for SM7150") 76126a5129b5 ("clk: qcom: Add camcc clock driver for x1e80100") acddef6e1744 ("clk: qcom: Add GPU clock driver for x1e80100") ee3f0739035f ("clk: qcom: Add dispcc clock driver for x1e80100") 2ff787e34174 ("clk: qcom: gcc-sm8150: Register QUPv3 RCGs for DFS on SM8150") f6bda45310ff ("clk: qcom: videocc-sm8150: Add runtime PM support") 161b7c401f4b ("clk: qcom: Add Global Clock controller (GCC) driver for X1E80100") e146252ac160 ("clk: qcom: Add ECPRICC driver support for QDU1000 and QRU1000") 8676fd4f3874 ("clk: qcom: add the SM8650 GPU Clock Controller driver") 9e939f008338 ("clk: qcom: add the SM8650 Display Clock Controller driver") e3388328e47c ("clk: qcom: add the SM8650 TCSR Clock Controller driver") aa381a2bdf1d ("clk: qcom: add the SM8650 Global Clock Controller driver, part 2") c58225b7e3d7 ("clk: qcom: add the SM8650 Global Clock Controller driver, part 1") ff93872a9c61 ("clk: qcom: camcc-sc8280xp: Add sc8280xp CAMCC") 0a6d7f8275f2 ("Merge branch 'clk-cleanup' into clk-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1fc8c02e1d80463ce1b361d82b83fc43bb92d964 Mon Sep 17 00:00:00 2001 From: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Date: Mon, 12 Aug 2024 10:43:01 +0530 Subject: [PATCH] clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on sc8180x QUPv3 clocks support DFS on sc8180x platform but currently the code changes for it are missing from the driver, this results in not populating all the DFS supported frequencies and returns incorrect frequency when the clients request for them. Hence add the DFS registration for QUPv3 RCGs. Fixes: 4433594bbe5d ("clk: qcom: gcc: Add global clock controller driver for SC8180x") Cc: stable(a)vger.kernel.org Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Link: https://lore.kernel.org/r/20240812-gcc-sc8180x-fixes-v2-1-8b3eaa5fb856@quic… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/clk/qcom/gcc-sc8180x.c b/drivers/clk/qcom/gcc-sc8180x.c index 113f9513b2df..d25c5dc37f91 100644 --- a/drivers/clk/qcom/gcc-sc8180x.c +++ b/drivers/clk/qcom/gcc-sc8180x.c @@ -609,19 +609,29 @@ static const struct freq_tbl ftbl_gcc_qupv3_wrap0_s0_clk_src[] = { { } }; +static struct clk_init_data gcc_qupv3_wrap0_s0_clk_src_init = { + .name = "gcc_qupv3_wrap0_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, +}; + static struct clk_rcg2 gcc_qupv3_wrap0_s0_clk_src = { .cmd_rcgr = 0x17148, .mnd_width = 16, .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s1_clk_src_init = { + .name = "gcc_qupv3_wrap0_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s1_clk_src = { @@ -630,13 +640,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s1_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s2_clk_src_init = { + .name = "gcc_qupv3_wrap0_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s2_clk_src = { @@ -645,13 +657,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s2_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s3_clk_src_init = { + .name = "gcc_qupv3_wrap0_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s3_clk_src = { @@ -660,13 +674,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s4_clk_src_init = { + .name = "gcc_qupv3_wrap0_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s4_clk_src = { @@ -675,13 +691,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s5_clk_src_init = { + .name = "gcc_qupv3_wrap0_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s5_clk_src = { @@ -690,13 +708,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s5_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s6_clk_src_init = { + .name = "gcc_qupv3_wrap0_s6_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s6_clk_src = { @@ -705,13 +725,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s6_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s6_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s6_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s7_clk_src_init = { + .name = "gcc_qupv3_wrap0_s7_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s7_clk_src = { @@ -720,13 +742,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s7_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s7_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s7_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s0_clk_src_init = { + .name = "gcc_qupv3_wrap1_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s0_clk_src = { @@ -735,13 +759,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s0_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s1_clk_src_init = { + .name = "gcc_qupv3_wrap1_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s1_clk_src = { @@ -750,13 +776,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s1_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s2_clk_src_init = { + .name = "gcc_qupv3_wrap1_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s2_clk_src = { @@ -765,13 +793,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s2_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s3_clk_src_init = { + .name = "gcc_qupv3_wrap1_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s3_clk_src = { @@ -780,13 +810,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s4_clk_src_init = { + .name = "gcc_qupv3_wrap1_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s4_clk_src = { @@ -795,13 +827,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s5_clk_src_init = { + .name = "gcc_qupv3_wrap1_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s5_clk_src = { @@ -810,13 +844,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s5_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s0_clk_src_init = { + .name = "gcc_qupv3_wrap2_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s0_clk_src = { @@ -825,13 +861,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s0_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s1_clk_src_init = { + .name = "gcc_qupv3_wrap2_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s1_clk_src = { @@ -840,28 +878,33 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s1_clk_src_init, }; +static struct clk_init_data gcc_qupv3_wrap2_s2_clk_src_init = { + .name = "gcc_qupv3_wrap2_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, +}; + + static struct clk_rcg2 gcc_qupv3_wrap2_s2_clk_src = { .cmd_rcgr = 0x1e3a8, .mnd_width = 16, .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s3_clk_src_init = { + .name = "gcc_qupv3_wrap2_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s3_clk_src = { @@ -870,13 +913,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s4_clk_src_init = { + .name = "gcc_qupv3_wrap2_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s4_clk_src = { @@ -885,13 +930,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s5_clk_src_init = { + .name = "gcc_qupv3_wrap2_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s5_clk_src = { @@ -900,13 +947,7 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s5_clk_src_init, }; static const struct freq_tbl ftbl_gcc_sdcc2_apps_clk_src[] = { @@ -4565,6 +4606,29 @@ static const struct qcom_reset_map gcc_sc8180x_resets[] = { [GCC_VIDEO_AXI1_CLK_BCR] = { .reg = 0xb028, .bit = 2, .udelay = 150 }, }; +static const struct clk_rcg_dfs_data gcc_dfs_clocks[] = { + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s5_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s6_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s7_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s5_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s5_clk_src), +}; + static struct gdsc *gcc_sc8180x_gdscs[] = { [EMAC_GDSC] = &emac_gdsc, [PCIE_0_GDSC] = &pcie_0_gdsc, @@ -4606,6 +4670,7 @@ MODULE_DEVICE_TABLE(of, gcc_sc8180x_match_table); static int gcc_sc8180x_probe(struct platform_device *pdev) { struct regmap *regmap; + int ret; regmap = qcom_cc_map(pdev, &gcc_sc8180x_desc); if (IS_ERR(regmap)) @@ -4627,6 +4692,11 @@ static int gcc_sc8180x_probe(struct platform_device *pdev) regmap_update_bits(regmap, 0x4d110, 0x3, 0x3); regmap_update_bits(regmap, 0x71028, 0x3, 0x3); + ret = qcom_cc_register_rcg_dfs(regmap, gcc_dfs_clocks, + ARRAY_SIZE(gcc_dfs_clocks)); + if (ret) + return ret; + return qcom_cc_really_probe(&pdev->dev, &gcc_sc8180x_desc, regmap); }

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1fc8c02e1d80463ce1b361d82b83fc43bb92d964 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100702-nanometer-kilobyte-3a23@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 1fc8c02e1d80 ("clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on sc8180x") 9f93a0a42860 ("clk: qcom: common: commonize qcom_cc_really_probe") aa9fc5c90814 ("clk: qcom: Add Video Clock Controller driver for SM7150") 9f0532da4226 ("clk: qcom: Add Camera Clock Controller driver for SM7150") 3829c412197e ("clk: qcom: Add Display Clock Controller driver for SM7150") 76126a5129b5 ("clk: qcom: Add camcc clock driver for x1e80100") acddef6e1744 ("clk: qcom: Add GPU clock driver for x1e80100") ee3f0739035f ("clk: qcom: Add dispcc clock driver for x1e80100") 2ff787e34174 ("clk: qcom: gcc-sm8150: Register QUPv3 RCGs for DFS on SM8150") f6bda45310ff ("clk: qcom: videocc-sm8150: Add runtime PM support") 161b7c401f4b ("clk: qcom: Add Global Clock controller (GCC) driver for X1E80100") e146252ac160 ("clk: qcom: Add ECPRICC driver support for QDU1000 and QRU1000") 8676fd4f3874 ("clk: qcom: add the SM8650 GPU Clock Controller driver") 9e939f008338 ("clk: qcom: add the SM8650 Display Clock Controller driver") e3388328e47c ("clk: qcom: add the SM8650 TCSR Clock Controller driver") aa381a2bdf1d ("clk: qcom: add the SM8650 Global Clock Controller driver, part 2") c58225b7e3d7 ("clk: qcom: add the SM8650 Global Clock Controller driver, part 1") ff93872a9c61 ("clk: qcom: camcc-sc8280xp: Add sc8280xp CAMCC") 0a6d7f8275f2 ("Merge branch 'clk-cleanup' into clk-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1fc8c02e1d80463ce1b361d82b83fc43bb92d964 Mon Sep 17 00:00:00 2001 From: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Date: Mon, 12 Aug 2024 10:43:01 +0530 Subject: [PATCH] clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on sc8180x QUPv3 clocks support DFS on sc8180x platform but currently the code changes for it are missing from the driver, this results in not populating all the DFS supported frequencies and returns incorrect frequency when the clients request for them. Hence add the DFS registration for QUPv3 RCGs. Fixes: 4433594bbe5d ("clk: qcom: gcc: Add global clock controller driver for SC8180x") Cc: stable(a)vger.kernel.org Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Link: https://lore.kernel.org/r/20240812-gcc-sc8180x-fixes-v2-1-8b3eaa5fb856@quic… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/clk/qcom/gcc-sc8180x.c b/drivers/clk/qcom/gcc-sc8180x.c index 113f9513b2df..d25c5dc37f91 100644 --- a/drivers/clk/qcom/gcc-sc8180x.c +++ b/drivers/clk/qcom/gcc-sc8180x.c @@ -609,19 +609,29 @@ static const struct freq_tbl ftbl_gcc_qupv3_wrap0_s0_clk_src[] = { { } }; +static struct clk_init_data gcc_qupv3_wrap0_s0_clk_src_init = { + .name = "gcc_qupv3_wrap0_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, +}; + static struct clk_rcg2 gcc_qupv3_wrap0_s0_clk_src = { .cmd_rcgr = 0x17148, .mnd_width = 16, .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s1_clk_src_init = { + .name = "gcc_qupv3_wrap0_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s1_clk_src = { @@ -630,13 +640,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s1_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s2_clk_src_init = { + .name = "gcc_qupv3_wrap0_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s2_clk_src = { @@ -645,13 +657,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s2_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s3_clk_src_init = { + .name = "gcc_qupv3_wrap0_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s3_clk_src = { @@ -660,13 +674,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s4_clk_src_init = { + .name = "gcc_qupv3_wrap0_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s4_clk_src = { @@ -675,13 +691,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s5_clk_src_init = { + .name = "gcc_qupv3_wrap0_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s5_clk_src = { @@ -690,13 +708,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s5_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s6_clk_src_init = { + .name = "gcc_qupv3_wrap0_s6_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s6_clk_src = { @@ -705,13 +725,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s6_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s6_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s6_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s7_clk_src_init = { + .name = "gcc_qupv3_wrap0_s7_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s7_clk_src = { @@ -720,13 +742,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s7_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s7_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s7_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s0_clk_src_init = { + .name = "gcc_qupv3_wrap1_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s0_clk_src = { @@ -735,13 +759,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s0_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s1_clk_src_init = { + .name = "gcc_qupv3_wrap1_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s1_clk_src = { @@ -750,13 +776,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s1_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s2_clk_src_init = { + .name = "gcc_qupv3_wrap1_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s2_clk_src = { @@ -765,13 +793,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s2_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s3_clk_src_init = { + .name = "gcc_qupv3_wrap1_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s3_clk_src = { @@ -780,13 +810,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s4_clk_src_init = { + .name = "gcc_qupv3_wrap1_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s4_clk_src = { @@ -795,13 +827,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s5_clk_src_init = { + .name = "gcc_qupv3_wrap1_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s5_clk_src = { @@ -810,13 +844,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s5_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s0_clk_src_init = { + .name = "gcc_qupv3_wrap2_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s0_clk_src = { @@ -825,13 +861,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s0_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s1_clk_src_init = { + .name = "gcc_qupv3_wrap2_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s1_clk_src = { @@ -840,28 +878,33 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s1_clk_src_init, }; +static struct clk_init_data gcc_qupv3_wrap2_s2_clk_src_init = { + .name = "gcc_qupv3_wrap2_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, +}; + + static struct clk_rcg2 gcc_qupv3_wrap2_s2_clk_src = { .cmd_rcgr = 0x1e3a8, .mnd_width = 16, .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s3_clk_src_init = { + .name = "gcc_qupv3_wrap2_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s3_clk_src = { @@ -870,13 +913,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s4_clk_src_init = { + .name = "gcc_qupv3_wrap2_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s4_clk_src = { @@ -885,13 +930,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s5_clk_src_init = { + .name = "gcc_qupv3_wrap2_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s5_clk_src = { @@ -900,13 +947,7 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s5_clk_src_init, }; static const struct freq_tbl ftbl_gcc_sdcc2_apps_clk_src[] = { @@ -4565,6 +4606,29 @@ static const struct qcom_reset_map gcc_sc8180x_resets[] = { [GCC_VIDEO_AXI1_CLK_BCR] = { .reg = 0xb028, .bit = 2, .udelay = 150 }, }; +static const struct clk_rcg_dfs_data gcc_dfs_clocks[] = { + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s5_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s6_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s7_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s5_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s5_clk_src), +}; + static struct gdsc *gcc_sc8180x_gdscs[] = { [EMAC_GDSC] = &emac_gdsc, [PCIE_0_GDSC] = &pcie_0_gdsc, @@ -4606,6 +4670,7 @@ MODULE_DEVICE_TABLE(of, gcc_sc8180x_match_table); static int gcc_sc8180x_probe(struct platform_device *pdev) { struct regmap *regmap; + int ret; regmap = qcom_cc_map(pdev, &gcc_sc8180x_desc); if (IS_ERR(regmap)) @@ -4627,6 +4692,11 @@ static int gcc_sc8180x_probe(struct platform_device *pdev) regmap_update_bits(regmap, 0x4d110, 0x3, 0x3); regmap_update_bits(regmap, 0x71028, 0x3, 0x3); + ret = qcom_cc_register_rcg_dfs(regmap, gcc_dfs_clocks, + ARRAY_SIZE(gcc_dfs_clocks)); + if (ret) + return ret; + return qcom_cc_really_probe(&pdev->dev, &gcc_sc8180x_desc, regmap); }

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 1fc8c02e1d80463ce1b361d82b83fc43bb92d964 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100701-excursion-granite-98c3@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 1fc8c02e1d80 ("clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on sc8180x") 9f93a0a42860 ("clk: qcom: common: commonize qcom_cc_really_probe") aa9fc5c90814 ("clk: qcom: Add Video Clock Controller driver for SM7150") 9f0532da4226 ("clk: qcom: Add Camera Clock Controller driver for SM7150") 3829c412197e ("clk: qcom: Add Display Clock Controller driver for SM7150") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1fc8c02e1d80463ce1b361d82b83fc43bb92d964 Mon Sep 17 00:00:00 2001 From: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Date: Mon, 12 Aug 2024 10:43:01 +0530 Subject: [PATCH] clk: qcom: gcc-sc8180x: Register QUPv3 RCGs for DFS on sc8180x QUPv3 clocks support DFS on sc8180x platform but currently the code changes for it are missing from the driver, this results in not populating all the DFS supported frequencies and returns incorrect frequency when the clients request for them. Hence add the DFS registration for QUPv3 RCGs. Fixes: 4433594bbe5d ("clk: qcom: gcc: Add global clock controller driver for SC8180x") Cc: stable(a)vger.kernel.org Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Link: https://lore.kernel.org/r/20240812-gcc-sc8180x-fixes-v2-1-8b3eaa5fb856@quic… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/clk/qcom/gcc-sc8180x.c b/drivers/clk/qcom/gcc-sc8180x.c index 113f9513b2df..d25c5dc37f91 100644 --- a/drivers/clk/qcom/gcc-sc8180x.c +++ b/drivers/clk/qcom/gcc-sc8180x.c @@ -609,19 +609,29 @@ static const struct freq_tbl ftbl_gcc_qupv3_wrap0_s0_clk_src[] = { { } }; +static struct clk_init_data gcc_qupv3_wrap0_s0_clk_src_init = { + .name = "gcc_qupv3_wrap0_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, +}; + static struct clk_rcg2 gcc_qupv3_wrap0_s0_clk_src = { .cmd_rcgr = 0x17148, .mnd_width = 16, .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s1_clk_src_init = { + .name = "gcc_qupv3_wrap0_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s1_clk_src = { @@ -630,13 +640,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s1_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s2_clk_src_init = { + .name = "gcc_qupv3_wrap0_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s2_clk_src = { @@ -645,13 +657,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s2_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s3_clk_src_init = { + .name = "gcc_qupv3_wrap0_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s3_clk_src = { @@ -660,13 +674,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s4_clk_src_init = { + .name = "gcc_qupv3_wrap0_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s4_clk_src = { @@ -675,13 +691,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s5_clk_src_init = { + .name = "gcc_qupv3_wrap0_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s5_clk_src = { @@ -690,13 +708,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s5_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s6_clk_src_init = { + .name = "gcc_qupv3_wrap0_s6_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s6_clk_src = { @@ -705,13 +725,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s6_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s6_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s6_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap0_s7_clk_src_init = { + .name = "gcc_qupv3_wrap0_s7_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap0_s7_clk_src = { @@ -720,13 +742,15 @@ static struct clk_rcg2 gcc_qupv3_wrap0_s7_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap0_s7_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap0_s7_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s0_clk_src_init = { + .name = "gcc_qupv3_wrap1_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s0_clk_src = { @@ -735,13 +759,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s0_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s1_clk_src_init = { + .name = "gcc_qupv3_wrap1_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s1_clk_src = { @@ -750,13 +776,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s1_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s2_clk_src_init = { + .name = "gcc_qupv3_wrap1_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s2_clk_src = { @@ -765,13 +793,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s2_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s3_clk_src_init = { + .name = "gcc_qupv3_wrap1_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s3_clk_src = { @@ -780,13 +810,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s4_clk_src_init = { + .name = "gcc_qupv3_wrap1_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s4_clk_src = { @@ -795,13 +827,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap1_s5_clk_src_init = { + .name = "gcc_qupv3_wrap1_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap1_s5_clk_src = { @@ -810,13 +844,15 @@ static struct clk_rcg2 gcc_qupv3_wrap1_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap1_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap1_s5_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s0_clk_src_init = { + .name = "gcc_qupv3_wrap2_s0_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s0_clk_src = { @@ -825,13 +861,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s0_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s0_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s0_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s1_clk_src_init = { + .name = "gcc_qupv3_wrap2_s1_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s1_clk_src = { @@ -840,28 +878,33 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s1_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s1_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s1_clk_src_init, }; +static struct clk_init_data gcc_qupv3_wrap2_s2_clk_src_init = { + .name = "gcc_qupv3_wrap2_s2_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, +}; + + static struct clk_rcg2 gcc_qupv3_wrap2_s2_clk_src = { .cmd_rcgr = 0x1e3a8, .mnd_width = 16, .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s2_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s2_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s3_clk_src_init = { + .name = "gcc_qupv3_wrap2_s3_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s3_clk_src = { @@ -870,13 +913,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s3_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s3_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s3_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s4_clk_src_init = { + .name = "gcc_qupv3_wrap2_s4_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s4_clk_src = { @@ -885,13 +930,15 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s4_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s4_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s4_clk_src_init, +}; + +static struct clk_init_data gcc_qupv3_wrap2_s5_clk_src_init = { + .name = "gcc_qupv3_wrap2_s5_clk_src", + .parent_data = gcc_parents_0, + .num_parents = ARRAY_SIZE(gcc_parents_0), + .flags = CLK_SET_RATE_PARENT, + .ops = &clk_rcg2_ops, }; static struct clk_rcg2 gcc_qupv3_wrap2_s5_clk_src = { @@ -900,13 +947,7 @@ static struct clk_rcg2 gcc_qupv3_wrap2_s5_clk_src = { .hid_width = 5, .parent_map = gcc_parent_map_0, .freq_tbl = ftbl_gcc_qupv3_wrap0_s0_clk_src, - .clkr.hw.init = &(struct clk_init_data){ - .name = "gcc_qupv3_wrap2_s5_clk_src", - .parent_data = gcc_parents_0, - .num_parents = ARRAY_SIZE(gcc_parents_0), - .flags = CLK_SET_RATE_PARENT, - .ops = &clk_rcg2_ops, - }, + .clkr.hw.init = &gcc_qupv3_wrap2_s5_clk_src_init, }; static const struct freq_tbl ftbl_gcc_sdcc2_apps_clk_src[] = { @@ -4565,6 +4606,29 @@ static const struct qcom_reset_map gcc_sc8180x_resets[] = { [GCC_VIDEO_AXI1_CLK_BCR] = { .reg = 0xb028, .bit = 2, .udelay = 150 }, }; +static const struct clk_rcg_dfs_data gcc_dfs_clocks[] = { + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s5_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s6_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap0_s7_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap1_s5_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s0_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s1_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s2_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s3_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s4_clk_src), + DEFINE_RCG_DFS(gcc_qupv3_wrap2_s5_clk_src), +}; + static struct gdsc *gcc_sc8180x_gdscs[] = { [EMAC_GDSC] = &emac_gdsc, [PCIE_0_GDSC] = &pcie_0_gdsc, @@ -4606,6 +4670,7 @@ MODULE_DEVICE_TABLE(of, gcc_sc8180x_match_table); static int gcc_sc8180x_probe(struct platform_device *pdev) { struct regmap *regmap; + int ret; regmap = qcom_cc_map(pdev, &gcc_sc8180x_desc); if (IS_ERR(regmap)) @@ -4627,6 +4692,11 @@ static int gcc_sc8180x_probe(struct platform_device *pdev) regmap_update_bits(regmap, 0x4d110, 0x3, 0x3); regmap_update_bits(regmap, 0x71028, 0x3, 0x3); + ret = qcom_cc_register_rcg_dfs(regmap, gcc_dfs_clocks, + ARRAY_SIZE(gcc_dfs_clocks)); + if (ret) + return ret; + return qcom_cc_really_probe(&pdev->dev, &gcc_sc8180x_desc, regmap); }

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 648b4bde0aca2980ebc0b90cdfbb80d222370c3d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100742-lemon-patio-47d1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 648b4bde0aca ("dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x") 26447dad8119 ("dt-bindings: clock: qcom: Add missing UFS QREF clocks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 648b4bde0aca2980ebc0b90cdfbb80d222370c3d Mon Sep 17 00:00:00 2001 From: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Date: Mon, 12 Aug 2024 10:43:02 +0530 Subject: [PATCH] dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x Add the missing GPLL9 which is required for the gcc sdcc2 clock. Fixes: 0fadcdfdcf57 ("dt-bindings: clock: Add SC8180x GCC binding") Cc: stable(a)vger.kernel.org Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Link: https://lore.kernel.org/r/20240812-gcc-sc8180x-fixes-v2-2-8b3eaa5fb856@quic… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/include/dt-bindings/clock/qcom,gcc-sc8180x.h b/include/dt-bindings/clock/qcom,gcc-sc8180x.h index 487b12c19db5..e364006aa6ea 100644 --- a/include/dt-bindings/clock/qcom,gcc-sc8180x.h +++ b/include/dt-bindings/clock/qcom,gcc-sc8180x.h @@ -248,6 +248,7 @@ #define GCC_USB3_SEC_CLKREF_CLK 238 #define GCC_UFS_MEM_CLKREF_EN 239 #define GCC_UFS_CARD_CLKREF_EN 240 +#define GPLL9 241 #define GCC_EMAC_BCR 0 #define GCC_GPU_BCR 1

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 648b4bde0aca2980ebc0b90cdfbb80d222370c3d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100741-latter-squabble-1692@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 648b4bde0aca ("dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x") 26447dad8119 ("dt-bindings: clock: qcom: Add missing UFS QREF clocks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 648b4bde0aca2980ebc0b90cdfbb80d222370c3d Mon Sep 17 00:00:00 2001 From: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Date: Mon, 12 Aug 2024 10:43:02 +0530 Subject: [PATCH] dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x Add the missing GPLL9 which is required for the gcc sdcc2 clock. Fixes: 0fadcdfdcf57 ("dt-bindings: clock: Add SC8180x GCC binding") Cc: stable(a)vger.kernel.org Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Link: https://lore.kernel.org/r/20240812-gcc-sc8180x-fixes-v2-2-8b3eaa5fb856@quic… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/include/dt-bindings/clock/qcom,gcc-sc8180x.h b/include/dt-bindings/clock/qcom,gcc-sc8180x.h index 487b12c19db5..e364006aa6ea 100644 --- a/include/dt-bindings/clock/qcom,gcc-sc8180x.h +++ b/include/dt-bindings/clock/qcom,gcc-sc8180x.h @@ -248,6 +248,7 @@ #define GCC_USB3_SEC_CLKREF_CLK 238 #define GCC_UFS_MEM_CLKREF_EN 239 #define GCC_UFS_CARD_CLKREF_EN 240 +#define GPLL9 241 #define GCC_EMAC_BCR 0 #define GCC_GPU_BCR 1

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 648b4bde0aca2980ebc0b90cdfbb80d222370c3d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100741-garlic-spectacle-6ff4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 648b4bde0aca ("dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x") 26447dad8119 ("dt-bindings: clock: qcom: Add missing UFS QREF clocks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 648b4bde0aca2980ebc0b90cdfbb80d222370c3d Mon Sep 17 00:00:00 2001 From: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Date: Mon, 12 Aug 2024 10:43:02 +0530 Subject: [PATCH] dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x Add the missing GPLL9 which is required for the gcc sdcc2 clock. Fixes: 0fadcdfdcf57 ("dt-bindings: clock: Add SC8180x GCC binding") Cc: stable(a)vger.kernel.org Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> Link: https://lore.kernel.org/r/20240812-gcc-sc8180x-fixes-v2-2-8b3eaa5fb856@quic… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/include/dt-bindings/clock/qcom,gcc-sc8180x.h b/include/dt-bindings/clock/qcom,gcc-sc8180x.h index 487b12c19db5..e364006aa6ea 100644 --- a/include/dt-bindings/clock/qcom,gcc-sc8180x.h +++ b/include/dt-bindings/clock/qcom,gcc-sc8180x.h @@ -248,6 +248,7 @@ #define GCC_USB3_SEC_CLKREF_CLK 238 #define GCC_UFS_MEM_CLKREF_EN 239 #define GCC_UFS_CARD_CLKREF_EN 240 +#define GPLL9 241 #define GCC_EMAC_BCR 0 #define GCC_GPU_BCR 1

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0e93c6320ecde0583de09f3fe801ce8822886fec # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100755-requisite-gratuity-37ef@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0e93c6320ecd ("clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e93c6320ecde0583de09f3fe801ce8822886fec Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Date: Sun, 4 Aug 2024 08:40:05 +0300 Subject: [PATCH] clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks Add CLK_SET_RATE_PARENT for several branch clocks. Such clocks don't have a way to change the rate, so set the parent rate instead. Fixes: 80a18f4a8567 ("clk: qcom: Add display clock controller driver for SM8150 and SM8250") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240804-sm8350-fixes-v1-1-1149dd8399fe@linaro.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/drivers/clk/qcom/dispcc-sm8250.c b/drivers/clk/qcom/dispcc-sm8250.c index 5a09009b7289..eb78cd5439d0 100644 --- a/drivers/clk/qcom/dispcc-sm8250.c +++ b/drivers/clk/qcom/dispcc-sm8250.c @@ -849,6 +849,7 @@ static struct clk_branch disp_cc_mdss_dp_link1_intf_clk = { &disp_cc_mdss_dp_link1_div_clk_src.clkr.hw, }, .num_parents = 1, + .flags = CLK_SET_RATE_PARENT, .ops = &clk_branch2_ops, }, }, @@ -884,6 +885,7 @@ static struct clk_branch disp_cc_mdss_dp_link_intf_clk = { &disp_cc_mdss_dp_link_div_clk_src.clkr.hw, }, .num_parents = 1, + .flags = CLK_SET_RATE_PARENT, .ops = &clk_branch2_ops, }, }, @@ -1009,6 +1011,7 @@ static struct clk_branch disp_cc_mdss_mdp_lut_clk = { &disp_cc_mdss_mdp_clk_src.clkr.hw, }, .num_parents = 1, + .flags = CLK_SET_RATE_PARENT, .ops = &clk_branch2_ops, }, },

8 months, 2 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror