- Linux-stable-mirror - lists.linaro.org

[PATCH 04/12] drm/v3d: Validate passed in drm syncobj handles in the timestamp extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfuly or otherwise fail the extension by jumping into the existing unwind. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 9ba0ff3e083f ("drm/v3d: Create a CPU job extension for the timestamp query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index ca1b1ad0a75c..3313423080e7 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -497,6 +497,10 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = timestamp.count; @@ -550,6 +554,10 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = reset.count; @@ -613,6 +621,10 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->timestamp_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->timestamp_query.count = copy.count; -- 2.44.0

9 months, 3 weeks

3
2
0 0

[PATCHv2 fs/bfs 0/2] bfs: fix null-ptr-deref and possible warning in bfs_move_block() func

by kovalev＠altlinux.org

https://syzkaller.appspot.com/bug?extid=d98fd19acd08b36ff422 [PATCHv2 fs/bfs 1/2] bfs: prevent null pointer dereference in bfs_move_block() --- v2: corrected the commit message and explicitly initialized the return variable with zero (Markus Elfring) --- [PATCHv2 fs/bfs 2/2] bfs: add buffer_uptodate check before mark_buffer_dirty --- v2: renamed the return variable err -> ret (Markus Elfring) ---

9 months, 3 weeks

2
4
0 0

[PATCH v2] btrfs: Fix slab-use-after-free Read in add_ra_bio_pages

by Pei Li

We are accessing the start and len field in em after it is free'd. This patch moves the line accessing the free'd values in em before they were free'd so we won't access free'd memory. Reported-by: syzbot+853d80cba98ce1157ae6(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=853d80cba98ce1157ae6 Signed-off-by: Pei Li <peili.dev(a)gmail.com> --- Syzbot reported the following error: BUG: KASAN: slab-use-after-free in add_ra_bio_pages.constprop.0.isra.0+0xf03/0xfb0 fs/btrfs/compression.c:529 This is because we are reading the values from em right after freeing it before through free_extent_map(em). This patch moves the line accessing the free'd values in em before they were free'd so we won't access free'd memory. Fixes: 6a4049102055 ("btrfs: subpage: make add_ra_bio_pages() compatible") --- Changes in v2: - Adapt Qu's suggestion to move the read-after-free line before freeing - Cc stable kernel - Link to v1: https://lore.kernel.org/r/20240710-bug11-v1-1-aa02297fbbc9@gmail.com --- fs/btrfs/compression.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c index 6441e47d8a5e..f271df10ef1c 100644 --- a/fs/btrfs/compression.c +++ b/fs/btrfs/compression.c @@ -514,6 +514,8 @@ static noinline int add_ra_bio_pages(struct inode *inode, put_page(page); break; } + add_size = min(em->start + em->len, page_end + 1) - cur; + free_extent_map(em); if (page->index == end_index) { @@ -526,7 +528,6 @@ static noinline int add_ra_bio_pages(struct inode *inode, } } - add_size = min(em->start + em->len, page_end + 1) - cur; ret = bio_add_page(orig_bio, page, add_size, offset_in_page(cur)); if (ret != add_size) { unlock_extent(tree, cur, page_end, NULL); --- base-commit: 563a50672d8a86ec4b114a4a2f44d6e7ff855f5b change-id: 20240710-bug11-a8ac18afb724 Best regards, -- Pei Li <peili.dev(a)gmail.com>

9 months, 3 weeks

4
3
0 0

[PATCH v2 1/4] jbd2: Make jbd2_journal_get_max_txn_bufs() internal

by Jan Kara

There's no reason to have jbd2_journal_get_max_txn_bufs() public function. Currently all users are internal and can use journal->j_max_transaction_buffers instead. This saves some unnecessary recomputations of the limit as a bonus which becomes important as this function gets more complex in the following patch. CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/jbd2/commit.c | 2 +- fs/jbd2/journal.c | 5 +++++ include/linux/jbd2.h | 5 ----- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c index 75ea4e9a5cab..e7fc912693bd 100644 --- a/fs/jbd2/commit.c +++ b/fs/jbd2/commit.c @@ -766,7 +766,7 @@ void jbd2_journal_commit_transaction(journal_t *journal) if (first_block < journal->j_tail) freed += journal->j_last - journal->j_first; /* Update tail only if we free significant amount of space */ - if (freed < jbd2_journal_get_max_txn_bufs(journal)) + if (freed < journal->j_max_transaction_buffers) update_tail = 0; } J_ASSERT(commit_transaction->t_state == T_COMMIT); diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c index 03c4b9214f56..1bb73750d307 100644 --- a/fs/jbd2/journal.c +++ b/fs/jbd2/journal.c @@ -1698,6 +1698,11 @@ journal_t *jbd2_journal_init_inode(struct inode *inode) return journal; } +static int jbd2_journal_get_max_txn_bufs(journal_t *journal) +{ + return (journal->j_total_len - journal->j_fc_wbufsize) / 4; +} + /* * Given a journal_t structure, initialise the various fields for * startup of a new journaling session. We use this both when creating diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h index ab04c1c27fae..f91b930abe20 100644 --- a/include/linux/jbd2.h +++ b/include/linux/jbd2.h @@ -1660,11 +1660,6 @@ int jbd2_wait_inode_data(journal_t *journal, struct jbd2_inode *jinode); int jbd2_fc_wait_bufs(journal_t *journal, int num_blks); int jbd2_fc_release_bufs(journal_t *journal); -static inline int jbd2_journal_get_max_txn_bufs(journal_t *journal) -{ - return (journal->j_total_len - journal->j_fc_wbufsize) / 4; -} - /* * is_journal_abort * -- 2.35.3

9 months, 4 weeks

3
2
0 0

+ mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: fix potential race with try_memory_failure_hugetlb() has been added to the -mm mm-unstable branch. Its filename is mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/hugetlb: fix potential race with try_memory_failure_hugetlb() Date: Wed, 10 Jul 2024 16:14:45 +0800 There is a potential race between __update_and_free_hugetlb_folio() and try_memory_failure_hugetlb(): CPU1 CPU2 __update_and_free_hugetlb_folio try_memory_failure_hugetlb spin_lock_irq(&hugetlb_lock); __get_huge_page_for_hwpoison folio_test_hugetlb -- It's still hugetlb folio. folio_test_hugetlb_raw_hwp_unreliable -- raw_hwp_unreliable flag is not set yet. folio_set_hugetlb_hwpoison -- raw_hwp_unreliable flag might be set. spin_unlock_irq(&hugetlb_lock); spin_lock_irq(&hugetlb_lock); __folio_clear_hugetlb(folio); -- Hugetlb flag is cleared but too late! spin_unlock_irq(&hugetlb_lock); When this race occurs, raw error pages will hit pcplists/buddy. Fix this issue by deferring folio_test_hugetlb_raw_hwp_unreliable() until __folio_clear_hugetlb() is done. The raw_hwp_unreliable flag cannot be set after hugetlb folio flag is cleared. Link: https://lkml.kernel.org/r/20240710081445.3307355-1-linmiaohe@huawei.com Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb +++ a/mm/hugetlb.c @@ -1706,13 +1706,6 @@ static void __update_and_free_hugetlb_fo return; /* - * If we don't know which subpages are hwpoisoned, we can't free - * the hugepage, so it's leaked intentionally. - */ - if (folio_test_hugetlb_raw_hwp_unreliable(folio)) - return; - - /* * If folio is not vmemmap optimized (!clear_flag), then the folio * is no longer identified as a hugetlb page. hugetlb_vmemmap_restore_folio * can only be passed hugetlb pages and will BUG otherwise. @@ -1730,6 +1723,13 @@ static void __update_and_free_hugetlb_fo } /* + * If we don't know which subpages are hwpoisoned, we can't free + * the hugepage, so it's leaked intentionally. + */ + if (folio_test_hugetlb_raw_hwp_unreliable(folio)) + return; + + /* * Move PageHWPoison flag from head page to the raw error pages, * which makes any healthy subpages reusable. */ _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-remove-obsolete-mf_msg_different_compound.patch mm-hugetlb-fix-potential-race-with-try_memory_failure_hugetlb.patch

9 months, 4 weeks

1
0
0 0

[PATCH 05/12] drm/v3d: Validate passed in drm syncobj handles in the performance extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfuly or otherwise fail the extension by jumping into the existing unwind. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 3313423080e7..b51600e236c8 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -706,6 +706,10 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->performance_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->performance_query.count = reset.count; job->performance_query.nperfmons = reset.nperfmons; @@ -787,6 +791,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!job->performance_query.queries[i].syncobj) { + err = -ENOENT; + goto error; + } } job->performance_query.count = copy.count; job->performance_query.nperfmons = copy.nperfmons; -- 2.44.0

9 months, 4 weeks

2
1
0 0

[PATCH 03/12] drm/v3d: Fix potential memory leak in the performance extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_drv.h | 2 ++ drivers/gpu/drm/v3d/v3d_sched.c | 22 +++++++++++++----- drivers/gpu/drm/v3d/v3d_submit.c | 40 +++++++++++++++++++++----------- 3 files changed, 44 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h index 95651c3c926f..38c80168da51 100644 --- a/drivers/gpu/drm/v3d/v3d_drv.h +++ b/drivers/gpu/drm/v3d/v3d_drv.h @@ -565,6 +565,8 @@ void v3d_mmu_remove_ptes(struct v3d_bo *bo); /* v3d_sched.c */ void __v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, unsigned int count); +void __v3d_performance_query_info_free(struct v3d_performance_query_info *qinfo, + unsigned int count); void v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue); int v3d_sched_init(struct v3d_dev *v3d); void v3d_sched_fini(struct v3d_dev *v3d); diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index e45d3ddc6f82..173801aa54ee 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -87,20 +87,30 @@ __v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, } } +void +__v3d_performance_query_info_free(struct v3d_performance_query_info *qinfo, + unsigned int count) +{ + if (qinfo->queries) { + unsigned int i; + + for (i = 0; i < count; i++) + drm_syncobj_put(qinfo->queries[i].syncobj); + + kvfree(qinfo->queries); + } +} + static void v3d_cpu_job_free(struct drm_sched_job *sched_job) { struct v3d_cpu_job *job = to_cpu_job(sched_job); - struct v3d_performance_query_info *performance_query = &job->performance_query; __v3d_timestamp_query_info_free(&job->timestamp_query, job->timestamp_query.count); - if (performance_query->queries) { - for (int i = 0; i < performance_query->count; i++) - drm_syncobj_put(performance_query->queries[i].syncobj); - kvfree(performance_query->queries); - } + __v3d_performance_query_info_free(&job->performance_query, + job->performance_query.count); v3d_job_cleanup(&job->base); } diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 2818afdd4807..ca1b1ad0a75c 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -637,6 +637,7 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, u32 __user *syncs; u64 __user *kperfmon_ids; struct drm_v3d_reset_performance_query reset; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -672,32 +673,36 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, u32 id; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } - job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); - if (copy_from_user(&ids, kperfmon_ids++, sizeof(ids))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } ids_pointer = u64_to_user_ptr(ids); for (int j = 0; j < reset.nperfmons; j++) { if (copy_from_user(&id, ids_pointer++, sizeof(id))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->performance_query.queries[i].kperfmon_ids[j] = id; } + + job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); } job->performance_query.count = reset.count; job->performance_query.nperfmons = reset.nperfmons; return 0; + +error: + __v3d_performance_query_info_free(qinfo, i); + return err; } static int @@ -708,6 +713,7 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, u32 __user *syncs; u64 __user *kperfmon_ids; struct drm_v3d_copy_performance_query copy; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -746,27 +752,29 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, u32 id; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); if (copy_from_user(&ids, kperfmon_ids++, sizeof(ids))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } ids_pointer = u64_to_user_ptr(ids); for (int j = 0; j < copy.nperfmons; j++) { if (copy_from_user(&id, ids_pointer++, sizeof(id))) { - kvfree(job->performance_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->performance_query.queries[i].kperfmon_ids[j] = id; } + + job->performance_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); } job->performance_query.count = copy.count; job->performance_query.nperfmons = copy.nperfmons; @@ -779,6 +787,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, job->copy.stride = copy.stride; return 0; + +error: + __v3d_performance_query_info_free(qinfo, i); + return err; } /* Whenever userspace sets ioctl extensions, v3d_get_extensions parses data -- 2.44.0

9 months, 4 weeks

2
1
0 0

[PATCH 02/12] drm/v3d: Fix potential memory leak in the timestamp extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 9ba0ff3e083f ("drm/v3d: Create a CPU job extension for the timestamp query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_drv.h | 2 ++ drivers/gpu/drm/v3d/v3d_sched.c | 22 +++++++++++++------ drivers/gpu/drm/v3d/v3d_submit.c | 36 ++++++++++++++++++++++---------- 3 files changed, 43 insertions(+), 17 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h index 099b962bdfde..95651c3c926f 100644 --- a/drivers/gpu/drm/v3d/v3d_drv.h +++ b/drivers/gpu/drm/v3d/v3d_drv.h @@ -563,6 +563,8 @@ void v3d_mmu_insert_ptes(struct v3d_bo *bo); void v3d_mmu_remove_ptes(struct v3d_bo *bo); /* v3d_sched.c */ +void __v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, + unsigned int count); void v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue); int v3d_sched_init(struct v3d_dev *v3d); void v3d_sched_fini(struct v3d_dev *v3d); diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index 03df37a3acf5..e45d3ddc6f82 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -73,18 +73,28 @@ v3d_sched_job_free(struct drm_sched_job *sched_job) v3d_job_cleanup(job); } +void +__v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, + unsigned int count) +{ + if (qinfo->queries) { + unsigned int i; + + for (i = 0; i < count; i++) + drm_syncobj_put(qinfo->queries[i].syncobj); + + kvfree(qinfo->queries); + } +} + static void v3d_cpu_job_free(struct drm_sched_job *sched_job) { struct v3d_cpu_job *job = to_cpu_job(sched_job); - struct v3d_timestamp_query_info *timestamp_query = &job->timestamp_query; struct v3d_performance_query_info *performance_query = &job->performance_query; - if (timestamp_query->queries) { - for (int i = 0; i < timestamp_query->count; i++) - drm_syncobj_put(timestamp_query->queries[i].syncobj); - kvfree(timestamp_query->queries); - } + __v3d_timestamp_query_info_free(&job->timestamp_query, + job->timestamp_query.count); if (performance_query->queries) { for (int i = 0; i < performance_query->count; i++) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 263fefc1d04f..2818afdd4807 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -452,6 +452,7 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, { u32 __user *offsets, *syncs; struct drm_v3d_timestamp_query timestamp; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -484,15 +485,15 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, u32 offset, sync; if (copy_from_user(&offset, offsets++, sizeof(offset))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].offset = offset; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -500,6 +501,10 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, job->timestamp_query.count = timestamp.count; return 0; + +error: + __v3d_timestamp_query_info_free(qinfo, i); + return err; } static int @@ -509,6 +514,7 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, { u32 __user *syncs; struct drm_v3d_reset_timestamp_query reset; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -539,8 +545,8 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, job->timestamp_query.queries[i].offset = reset.offset + 8 * i; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -548,6 +554,10 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, job->timestamp_query.count = reset.count; return 0; + +error: + __v3d_timestamp_query_info_free(qinfo, i); + return err; } /* Get data for the copy timestamp query results job submission. */ @@ -558,7 +568,7 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, { u32 __user *offsets, *syncs; struct drm_v3d_copy_timestamp_query copy; - int i; + int i, err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -591,15 +601,15 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, u32 offset, sync; if (copy_from_user(&offset, offsets++, sizeof(offset))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].offset = offset; if (copy_from_user(&sync, syncs++, sizeof(sync))) { - kvfree(job->timestamp_query.queries); - return -EFAULT; + err = -EFAULT; + goto error; } job->timestamp_query.queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -613,6 +623,10 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, job->copy.stride = copy.stride; return 0; + +error: + __v3d_timestamp_query_info_free(qinfo, i); + return err; } static int -- 2.44.0

9 months, 4 weeks

2
1
0 0

+ mm-fix-old-young-bit-handling-in-the-faulting-path.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix old/young bit handling in the faulting path has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-old-young-bit-handling-in-the-faulting-path.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ram Tummala <rtummala(a)nvidia.com> Subject: mm: fix old/young bit handling in the faulting path Date: Tue, 9 Jul 2024 18:45:39 -0700 Commit 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") replaced do_set_pte() with set_pte_range() and that introduced a regression in the following faulting path of non-anonymous vmas which caused the PTE for the faulting address to be marked as old instead of young. handle_pte_fault() do_pte_missing() do_fault() do_read_fault() || do_cow_fault() || do_shared_fault() finish_fault() set_pte_range() The polarity of prefault calculation is incorrect. This leads to prefault being incorrectly set for the faulting address. The following check will incorrectly mark the PTE old rather than young. On some architectures this will cause a double fault to mark it young when the access is retried. if (prefault && arch_wants_old_prefaulted_pte()) entry = pte_mkold(entry); On a subsequent fault on the same address, the faulting path will see a non NULL vmf->pte and instead of reaching the do_pte_missing() path, PTE will then be correctly marked young in handle_pte_fault() itself. Due to this bug, performance degradation in the fault handling path will be observed due to unnecessary double faulting. Link: https://lkml.kernel.org/r/20240710014539.746200-1-rtummala@nvidia.com Fixes: 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") Signed-off-by: Ram Tummala <rtummala(a)nvidia.com> Reviewed-by: Yin Fengwei <fengwei.yin(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Yin Fengwei <fengwei.yin(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/memory.c~mm-fix-old-young-bit-handling-in-the-faulting-path +++ a/mm/memory.c @@ -4681,7 +4681,7 @@ void set_pte_range(struct vm_fault *vmf, { struct vm_area_struct *vma = vmf->vma; bool write = vmf->flags & FAULT_FLAG_WRITE; - bool prefault = in_range(vmf->address, addr, nr * PAGE_SIZE); + bool prefault = !in_range(vmf->address, addr, nr * PAGE_SIZE); pte_t entry; flush_icache_pages(vma, page, nr); _ Patches currently in -mm which might be from rtummala(a)nvidia.com are mm-fix-old-young-bit-handling-in-the-faulting-path.patch

9 months, 4 weeks

1
0
0 0

[PATCH 01/12] drm/v3d: Prevent out of bounds access in performance query extensions

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be copied into. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 88f63d526b22..263fefc1d04f 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -637,6 +637,9 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, if (copy_from_user(&reset, ext, sizeof(reset))) return -EFAULT; + if (reset.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + job->job_type = V3D_CPU_JOB_TYPE_RESET_PERFORMANCE_QUERY; job->performance_query.queries = kvmalloc_array(reset.count, @@ -708,6 +711,9 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, if (copy.pad) return -EINVAL; + if (copy.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + job->job_type = V3D_CPU_JOB_TYPE_COPY_PERFORMANCE_QUERY; job->performance_query.queries = kvmalloc_array(copy.count, -- 2.44.0

9 months, 4 weeks

3
2
0 0

[PATCH] drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8

by Nitin Gote

We're seeing a GPU HANG issue on a CHV platform, which was caused by bac24f59f454 ("drm/i915/execlists: Enable coarse preemption boundaries for gen8"). Gen8 platform has only timeslice and doesn't support a preemption mechanism as engines do not have a preemption timer and doesn't send an irq if the preemption timeout expires. So, add a fix to not consider preemption during dequeuing for gen8 platforms. Also move can_preemt() above need_preempt() function to resolve implicit declaration of function ‘can_preempt' error and make can_preempt() function param as const to resolve error: passing argument 1 of ‘can_preempt’ discards ‘const’ qualifier from the pointer target type. Fixes: bac24f59f454 ("drm/i915/execlists: Enable coarse preemption boundaries for gen8") Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/11396 Suggested-by: Andi Shyti <andi.shyti(a)intel.com> Signed-off-by: Nitin Gote <nitin.r.gote(a)intel.com> Cc: Chris Wilson <chris.p.wilson(a)linux.intel.com> CC: <stable(a)vger.kernel.org> # v5.2+ --- .../drm/i915/gt/intel_execlists_submission.c | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c index 21829439e686..30631cc690f2 100644 --- a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c +++ b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c @@ -294,11 +294,26 @@ static int virtual_prio(const struct intel_engine_execlists *el) return rb ? rb_entry(rb, struct ve_node, rb)->prio : INT_MIN; } +static bool can_preempt(const struct intel_engine_cs *engine) +{ + if (GRAPHICS_VER(engine->i915) > 8) + return true; + + if (IS_CHERRYVIEW(engine->i915) || IS_BROADWELL(engine->i915)) + return false; + + /* GPGPU on bdw requires extra w/a; not implemented */ + return engine->class != RENDER_CLASS; +} + static bool need_preempt(const struct intel_engine_cs *engine, const struct i915_request *rq) { int last_prio; + if ((GRAPHICS_VER(engine->i915) <= 8) && can_preempt(engine)) + return false; + if (!intel_engine_has_semaphores(engine)) return false; @@ -3313,15 +3328,6 @@ static void remove_from_engine(struct i915_request *rq) i915_request_notify_execute_cb_imm(rq); } -static bool can_preempt(struct intel_engine_cs *engine) -{ - if (GRAPHICS_VER(engine->i915) > 8) - return true; - - /* GPGPU on bdw requires extra w/a; not implemented */ - return engine->class != RENDER_CLASS; -} - static void kick_execlists(const struct i915_request *rq, int prio) { struct intel_engine_cs *engine = rq->engine; -- 2.25.1

9 months, 4 weeks

3
3
0 0

[PATCH v2] cxl: Fix possible null pointer dereference in read_handle()

by Ma Ke

In read_handle(), of_get_address() may return NULL which is later dereferenced. Fix this by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: 14baf4d9c739 ("cxl: Add guest-specific code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - The potential vulnerability was discovered as follows: based on our customized static analysis tool, extract vulnerability features[1], and then match similar vulnerability features in this function. - Reference link: [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --- drivers/misc/cxl/of.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/cxl/of.c b/drivers/misc/cxl/of.c index bcc005dff1c0..d8dbb3723951 100644 --- a/drivers/misc/cxl/of.c +++ b/drivers/misc/cxl/of.c @@ -58,7 +58,7 @@ static int read_handle(struct device_node *np, u64 *handle) /* Get address and size of the node */ prop = of_get_address(np, 0, &size, NULL); - if (size) + if (!prop || size) return -EINVAL; /* Helper to read a big number; size is in cells (not bytes) */ -- 2.25.1

9 months, 4 weeks

3
2
0 0

+ mm-fix-pte_af-handling-in-fault-path-on-architectures-with-hw-af-support.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix PTE_AF handling in fault path on architectures with HW AF support has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-pte_af-handling-in-fault-path-on-architectures-with-hw-af-support.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ram Tummala <rtummala(a)nvidia.com> Subject: mm: fix PTE_AF handling in fault path on architectures with HW AF support Date: Tue, 9 Jul 2024 17:09:42 -0700 Commit 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") replaced do_set_pte() with set_pte_range() and that introduced a regression in the following faulting path of non-anonymous vmas on CPUs with HW AF (Access Flag) support. handle_pte_fault() do_pte_missing() do_fault() do_read_fault() || do_cow_fault() || do_shared_fault() finish_fault() set_pte_range() The polarity of prefault calculation is incorrect. This leads to prefault being incorrectly set for the faulting address. The following if check will incorrectly clear the PTE_AF bit instead of setting it and the access will fault again on the same address due to the missing PTE_AF bit. if (prefault && arch_wants_old_prefaulted_pte()) entry = pte_mkold(entry); On a subsequent fault on the same address, the faulting path will see a non NULL vmf->pte and instead of reaching the do_pte_missing() path, PTE_AF will be correctly set in handle_pte_fault() itself. Due to this bug, performance degradation in the fault handling path will be observed due to unnecessary double faulting. Link: https://lkml.kernel.org/r/20240710000942.623704-1-rtummala@nvidia.com Fixes: 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") Signed-off-by: Ram Tummala <rtummala(a)nvidia.com> Reviewed-by: Yin Fengwei <fengwei.yin(a)intel.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/memory.c~mm-fix-pte_af-handling-in-fault-path-on-architectures-with-hw-af-support +++ a/mm/memory.c @@ -4681,7 +4681,7 @@ void set_pte_range(struct vm_fault *vmf, { struct vm_area_struct *vma = vmf->vma; bool write = vmf->flags & FAULT_FLAG_WRITE; - bool prefault = in_range(vmf->address, addr, nr * PAGE_SIZE); + bool prefault = !in_range(vmf->address, addr, nr * PAGE_SIZE); pte_t entry; flush_icache_pages(vma, page, nr); _ Patches currently in -mm which might be from rtummala(a)nvidia.com are mm-fix-pte_af-handling-in-fault-path-on-architectures-with-hw-af-support.patch

9 months, 4 weeks

2
1
0 0

[PATCH AUTOSEL 4.19] wifi: cfg80211: wext: add extra SIOCSIWSCAN data check

by Sasha Levin

From: Dmitry Antipov <dmantipov(a)yandex.ru> [ Upstream commit 6ef09cdc5ba0f93826c09d810c141a8d103a80fc ] In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise. Reported-by: syzbot+253cd2d2491df77c93ac(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=253cd2d2491df77c93ac Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://msgid.link/20240531032010.451295-1-dmantipov@yandex.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/scan.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index dacb9ceee3efd..0dc27703443c8 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -1405,10 +1405,14 @@ int cfg80211_wext_siwscan(struct net_device *dev, wiphy = &rdev->wiphy; /* Determine number of channels, needed to allocate creq */ - if (wreq && wreq->num_channels) + if (wreq && wreq->num_channels) { + /* Passed from userspace so should be checked */ + if (unlikely(wreq->num_channels > IW_MAX_FREQUENCIES)) + return -EINVAL; n_channels = wreq->num_channels; - else + } else { n_channels = ieee80211_get_num_supported_channels(wiphy); + } creq = kzalloc(sizeof(*creq) + sizeof(struct cfg80211_ssid) + n_channels * sizeof(void *), -- 2.43.0

9 months, 4 weeks

3
3
0 0

[PATCH AUTOSEL 6.1 01/29] scsi: core: alua: I/O errors for ALUA state transitions

by Sasha Levin

From: Martin Wilck <martin.wilck(a)suse.com> [ Upstream commit 10157b1fc1a762293381e9145041253420dfc6ad ] When a host is configured with a few LUNs and I/O is running, injecting FC faults repeatedly leads to path recovery problems. The LUNs have 4 paths each and 3 of them come back active after say an FC fault which makes 2 of the paths go down, instead of all 4. This happens after several iterations of continuous FC faults. Reason here is that we're returning an I/O error whenever we're encountering sense code 06/04/0a (LOGICAL UNIT NOT ACCESSIBLE, ASYMMETRIC ACCESS STATE TRANSITION) instead of retrying. [mwilck: The original patch was developed by Rajashekhar M A and Hannes Reinecke. I moved the code to alua_check_sense() as suggested by Mike Christie [1]. Evan Milne had raised the question whether pg->state should be set to transitioning in the UA case [2]. I believe that doing this is correct. SCSI_ACCESS_STATE_TRANSITIONING by itself doesn't cause I/O errors. Our handler schedules an RTPG, which will only result in an I/O error condition if the transitioning timeout expires.] [1] https://lore.kernel.org/all/0bc96e82-fdda-4187-148d-5b34f81d4942@oracle.com/ [2] https://lore.kernel.org/all/CAGtn9r=kicnTDE2o7Gt5Y=yoidHYD7tG8XdMHEBJTBraVE… Co-developed-by: Rajashekhar M A <rajs(a)netapp.com> Co-developed-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Martin Wilck <martin.wilck(a)suse.com> Link: https://lore.kernel.org/r/20240514140344.19538-1-mwilck@suse.com Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Mike Christie <michael.christie(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c index 0781f991e7845..f5fc8631883d5 100644 --- a/drivers/scsi/device_handler/scsi_dh_alua.c +++ b/drivers/scsi/device_handler/scsi_dh_alua.c @@ -406,28 +406,40 @@ static char print_alua_state(unsigned char state) } } -static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, - struct scsi_sense_hdr *sense_hdr) +static void alua_handle_state_transition(struct scsi_device *sdev) { struct alua_dh_data *h = sdev->handler_data; struct alua_port_group *pg; + rcu_read_lock(); + pg = rcu_dereference(h->pg); + if (pg) + pg->state = SCSI_ACCESS_STATE_TRANSITIONING; + rcu_read_unlock(); + alua_check(sdev, false); +} + +static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, + struct scsi_sense_hdr *sense_hdr) +{ switch (sense_hdr->sense_key) { case NOT_READY: if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { /* * LUN Not Accessible - ALUA state transition */ - rcu_read_lock(); - pg = rcu_dereference(h->pg); - if (pg) - pg->state = SCSI_ACCESS_STATE_TRANSITIONING; - rcu_read_unlock(); - alua_check(sdev, false); + alua_handle_state_transition(sdev); return NEEDS_RETRY; } break; case UNIT_ATTENTION: + if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { + /* + * LUN Not Accessible - ALUA state transition + */ + alua_handle_state_transition(sdev); + return NEEDS_RETRY; + } if (sense_hdr->asc == 0x29 && sense_hdr->ascq == 0x00) { /* * Power On, Reset, or Bus Device Reset. @@ -494,7 +506,8 @@ static int alua_tur(struct scsi_device *sdev) retval = scsi_test_unit_ready(sdev, ALUA_FAILOVER_TIMEOUT * HZ, ALUA_FAILOVER_RETRIES, &sense_hdr); - if (sense_hdr.sense_key == NOT_READY && + if ((sense_hdr.sense_key == NOT_READY || + sense_hdr.sense_key == UNIT_ATTENTION) && sense_hdr.asc == 0x04 && sense_hdr.ascq == 0x0a) return SCSI_DH_RETRY; else if (retval) -- 2.43.0

9 months, 4 weeks

4
32
0 0

[PATCH v3 2/2] f2fs: use meta inode for GC of COW file

by Sunmin Jeong

In case of the COW file, new updates and GC writes are already separated to page caches of the atomic file and COW file. As some cases that use the meta inode for GC, there are some race issues between a foreground thread and GC thread. To handle them, we need to take care when to invalidate and wait writeback of GC pages in COW files as the case of using the meta inode. Also, a pointer from the COW inode to the original inode is required to check the state of original pages. For the former, we can solve the problem by using the meta inode for GC of COW files. Then let's get a page from the original inode in move_data_block when GCing the COW file to avoid race condition. Fixes: 3db1de0e582c ("f2fs: change the current atomic write way") Cc: stable(a)vger.kernel.org #v5.19+ Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Reviewed-by: Yeongjin Gil <youngjin.gil(a)samsung.com> Signed-off-by: Sunmin Jeong <s_min.jeong(a)samsung.com> Reviewed-by: Chao Yu <chao(a)kernel.org> --- v3: - make the mapping variable to select a proper inode v2: - use union for cow inode to point to atomic inode fs/f2fs/data.c | 2 +- fs/f2fs/f2fs.h | 13 +++++++++++-- fs/f2fs/file.c | 3 +++ fs/f2fs/gc.c | 7 +++++-- fs/f2fs/inline.c | 2 +- fs/f2fs/inode.c | 3 ++- 6 files changed, 23 insertions(+), 7 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 9a213d03005d..f6b1782f965a 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -2606,7 +2606,7 @@ bool f2fs_should_update_outplace(struct inode *inode, struct f2fs_io_info *fio) return true; if (IS_NOQUOTA(inode)) return true; - if (f2fs_is_atomic_file(inode)) + if (f2fs_used_in_atomic_write(inode)) return true; /* rewrite low ratio compress data w/ OPU mode to avoid fragmentation */ if (f2fs_compressed_file(inode) && diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 796ae11c0fa3..4a8621e4a33a 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -843,7 +843,11 @@ struct f2fs_inode_info { struct task_struct *atomic_write_task; /* store atomic write task */ struct extent_tree *extent_tree[NR_EXTENT_CACHES]; /* cached extent_tree entry */ - struct inode *cow_inode; /* copy-on-write inode for atomic write */ + union { + struct inode *cow_inode; /* copy-on-write inode for atomic write */ + struct inode *atomic_inode; + /* point to atomic_inode, available only for cow_inode */ + }; /* avoid racing between foreground op and gc */ struct f2fs_rwsem i_gc_rwsem[2]; @@ -4263,9 +4267,14 @@ static inline bool f2fs_post_read_required(struct inode *inode) f2fs_compressed_file(inode); } +static inline bool f2fs_used_in_atomic_write(struct inode *inode) +{ + return f2fs_is_atomic_file(inode) || f2fs_is_cow_file(inode); +} + static inline bool f2fs_meta_inode_gc_required(struct inode *inode) { - return f2fs_post_read_required(inode) || f2fs_is_atomic_file(inode); + return f2fs_post_read_required(inode) || f2fs_used_in_atomic_write(inode); } /* diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index e4a7cff00796..547e7ec32b1f 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2183,6 +2183,9 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) set_inode_flag(fi->cow_inode, FI_COW_FILE); clear_inode_flag(fi->cow_inode, FI_INLINE_DATA); + + /* Set the COW inode's atomic_inode to the atomic inode */ + F2FS_I(fi->cow_inode)->atomic_inode = inode; } else { /* Reuse the already created COW inode */ ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true); diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c index cb3006551ab5..724bbcb447d3 100644 --- a/fs/f2fs/gc.c +++ b/fs/f2fs/gc.c @@ -1171,7 +1171,8 @@ static bool is_alive(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, static int ra_data_block(struct inode *inode, pgoff_t index) { struct f2fs_sb_info *sbi = F2FS_I_SB(inode); - struct address_space *mapping = inode->i_mapping; + struct address_space *mapping = f2fs_is_cow_file(inode) ? + F2FS_I(inode)->atomic_inode->i_mapping : inode->i_mapping; struct dnode_of_data dn; struct page *page; struct f2fs_io_info fio = { @@ -1260,6 +1261,8 @@ static int ra_data_block(struct inode *inode, pgoff_t index) static int move_data_block(struct inode *inode, block_t bidx, int gc_type, unsigned int segno, int off) { + struct address_space *mapping = f2fs_is_cow_file(inode) ? + F2FS_I(inode)->atomic_inode->i_mapping : inode->i_mapping; struct f2fs_io_info fio = { .sbi = F2FS_I_SB(inode), .ino = inode->i_ino, @@ -1282,7 +1285,7 @@ static int move_data_block(struct inode *inode, block_t bidx, CURSEG_ALL_DATA_ATGC : CURSEG_COLD_DATA; /* do not read out */ - page = f2fs_grab_cache_page(inode->i_mapping, bidx, false); + page = f2fs_grab_cache_page(mapping, bidx, false); if (!page) return -ENOMEM; diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c index 1fba5728be70..cca7d448e55c 100644 --- a/fs/f2fs/inline.c +++ b/fs/f2fs/inline.c @@ -16,7 +16,7 @@ static bool support_inline_data(struct inode *inode) { - if (f2fs_is_atomic_file(inode)) + if (f2fs_used_in_atomic_write(inode)) return false; if (!S_ISREG(inode->i_mode) && !S_ISLNK(inode->i_mode)) return false; diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 7a3e2458b2d9..18dea43e694b 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -804,8 +804,9 @@ void f2fs_evict_inode(struct inode *inode) f2fs_abort_atomic_write(inode, true); - if (fi->cow_inode) { + if (fi->cow_inode && f2fs_is_cow_file(fi->cow_inode)) { clear_inode_flag(fi->cow_inode, FI_COW_FILE); + F2FS_I(fi->cow_inode)->atomic_inode = NULL; iput(fi->cow_inode); fi->cow_inode = NULL; } -- 2.25.1

9 months, 4 weeks

1
0
0 0

[PATCH v2 0/5] ACPI: sysfs: manage sysfs attributes through device core

by Thomas Weißschuh

Simplify the lifecycle of the sysfs attributes by letting the device core manage them. Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Changes in v2: - Add fix to validate buffer type validation (patch 1) - Drop usage of devm-APIs as these are unusable for unbound devices - Evaluate _STR on each sysfs access - Link to v1: https://lore.kernel.org/r/20240613-acpi-sysfs-groups-v1-0-665e0deb052a@weis… --- Thomas Weißschuh (5): ACPI: sysfs: validate return type of _STR method ACPI: sysfs: evaluate _STR on each sysfs access ACPI: sysfs: manage attributes as attribute_group ACPI: sysfs: manage sysfs attributes through device core ACPI: sysfs: remove return value of acpi_device_setup_files() drivers/acpi/device_sysfs.c | 196 +++++++++++++++++++------------------------- drivers/acpi/internal.h | 3 +- drivers/acpi/scan.c | 6 +- include/acpi/acpi_bus.h | 1 - 4 files changed, 89 insertions(+), 117 deletions(-) --- base-commit: 34afb82a3c67f869267a26f593b6f8fc6bf35905 change-id: 20240609-acpi-sysfs-groups-cfa756d16752 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

9 months, 4 weeks

2
3
0 0

Re: [PATCH] net: ks8851: Fix potential TX stall after interface reopen

by Hariprasad Kelam

On 2024-07-10 at 01:28:45, Ronald Wahl (rwahl(a)gmx.de) wrote: > From: Ronald Wahl <ronald.wahl(a)raritan.com> > > The amount of TX space in the hardware buffer is tracked in the tx_space > variable. The initial value is currently only set during driver probing. > > After closing the interface and reopening it the tx_space variable has > the last value it had before close. If it is smaller than the size of > the first send packet after reopeing the interface the queue will be > stopped. The queue is woken up after receiving a TX interrupt but this > will never happen since we did not send anything. > > This commit moves the initialization of the tx_space variable to the > ks8851_net_open function right before starting the TX queue. Also query > the value from the hardware instead of using a hard coded value. > > Only the SPI chip variant is affected by this issue because only this > driver variant actually depends on the tx_space variable in the xmit > function. > > Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") > Cc: "David S. Miller" <davem(a)davemloft.net> > Cc: Eric Dumazet <edumazet(a)google.com> > Cc: Jakub Kicinski <kuba(a)kernel.org> > Cc: Paolo Abeni <pabeni(a)redhat.com> > Cc: Simon Horman <horms(a)kernel.org> > Cc: netdev(a)vger.kernel.org > Cc: stable(a)vger.kernel.org # 5.10+ > Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> > --- > drivers/net/ethernet/micrel/ks8851_common.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c > index 6453c92f0fa7..03a554df6e7a 100644 > --- a/drivers/net/ethernet/micrel/ks8851_common.c > +++ b/drivers/net/ethernet/micrel/ks8851_common.c > @@ -482,6 +482,7 @@ static int ks8851_net_open(struct net_device *dev) > ks8851_wrreg16(ks, KS_IER, ks->rc_ier); > > ks->queued_len = 0; > + ks->tx_space = ks8851_rdreg16(ks, KS_TXMIR); > netif_start_queue(ks->netdev); > > netif_dbg(ks, ifup, ks->netdev, "network device up\n"); > @@ -1101,7 +1102,6 @@ int ks8851_probe_common(struct net_device *netdev, struct device *dev, > int ret; > > ks->netdev = netdev; > - ks->tx_space = 6144; > > ks->gpio = devm_gpiod_get_optional(dev, "reset", GPIOD_OUT_HIGH); > ret = PTR_ERR_OR_ZERO(ks->gpio); > -- > 2.45.2 > > Reviewed-by: Hariprasad Kelam <hkelam(a)marvell.com>

9 months, 4 weeks

1
0
0 0

[PATCH] x86/tdx: Support vmalloc() for tdx_enc_status_changed()

by Dexuan Cui

When a TDX guest runs on Hyper-V, the hv_netvsc driver's netvsc_init_buf() allocates buffers using vzalloc(), and needs to share the buffers with the host OS by calling set_memory_decrypted(), which is not working for vmalloc() yet. Add the support by handling the pages one by one. Co-developed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Michael Kelley <mikelley(a)microsoft.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Reviewed-by: Rick Edgecombe <rick.p.edgecombe(a)intel.com> Reviewed-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Kai Huang <kai.huang(a)intel.com> Cc: stable(a)vger.kernel.org --- Hi Boris, Kirill and all, This patch was posted on May 20, 2024: Link: https://lore.kernel.org/all/20240521021238.1803-1-decui%40microsoft.com The patch caused an issue to Kirill's kexec TDX patchset, so Kirill fixed it: Link: https://lore.kernel.org/all/uewczuxr5foiwe6wklhcgzi6ejfwgacxxoa67xadey62s46… Kirill agreed that I should repost the patch with his fix combined, hence I'm posting this new version, which is based on tip's master today (at the moment, it's commit aa9d8caba6e4 ("Merge timers/core into tip/master")). I suppose the patch would go in the branch tip/master or x86/tdx. Thanks, Dexuan arch/x86/coco/tdx/tdx.c | 43 ++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 078e2bac25531..8f471260924f7 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -8,6 +8,7 @@ #include <linux/export.h> #include <linux/io.h> #include <linux/kexec.h> +#include <linux/mm.h> #include <asm/coco.h> #include <asm/tdx.h> #include <asm/vmx.h> @@ -782,6 +783,19 @@ static bool tdx_map_gpa(phys_addr_t start, phys_addr_t end, bool enc) return false; } +static bool tdx_enc_status_changed_phys(phys_addr_t start, phys_addr_t end, + bool enc) +{ + if (!tdx_map_gpa(start, end, enc)) + return false; + + /* shared->private conversion requires memory to be accepted before use */ + if (enc) + return tdx_accept_memory(start, end); + + return true; +} + /* * Inform the VMM of the guest's intent for this physical page: shared with * the VMM or private to the guest. The VMM is expected to change its mapping @@ -789,15 +803,30 @@ static bool tdx_map_gpa(phys_addr_t start, phys_addr_t end, bool enc) */ static bool tdx_enc_status_changed(unsigned long vaddr, int numpages, bool enc) { - phys_addr_t start = __pa(vaddr); - phys_addr_t end = __pa(vaddr + numpages * PAGE_SIZE); + unsigned long start = vaddr; + unsigned long end = start + numpages * PAGE_SIZE; + unsigned long step = end - start; + unsigned long addr; + + /* Step through page-by-page for vmalloc() mappings */ + if (is_vmalloc_addr((void *)vaddr)) + step = PAGE_SIZE; + + for (addr = start; addr < end; addr += step) { + phys_addr_t start_pa; + phys_addr_t end_pa; + + /* The check fails on vmalloc() mappings */ + if (virt_addr_valid(addr)) + start_pa = __pa(addr); + else + start_pa = slow_virt_to_phys((void *)addr); - if (!tdx_map_gpa(start, end, enc)) - return false; + end_pa = start_pa + step; - /* shared->private conversion requires memory to be accepted before use */ - if (enc) - return tdx_accept_memory(start, end); + if (!tdx_enc_status_changed_phys(start_pa, end_pa, enc)) + return false; + } return true; } -- 2.25.1

9 months, 4 weeks

3
10
0 0

[PATCH v2 2/2] f2fs: use meta inode for GC of COW file

by Sunmin Jeong

In case of the COW file, new updates and GC writes are already separated to page caches of the atomic file and COW file. As some cases that use the meta inode for GC, there are some race issues between a foreground thread and GC thread. To handle them, we need to take care when to invalidate and wait writeback of GC pages in COW files as the case of using the meta inode. Also, a pointer from the COW inode to the original inode is required to check the state of original pages. For the former, we can solve the problem by using the meta inode for GC of COW files. Then let's get a page from the original inode in move_data_block when GCing the COW file to avoid race condition. Fixes: 3db1de0e582c ("f2fs: change the current atomic write way") Cc: stable(a)vger.kernel.org #v5.19+ Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Reviewed-by: Yeongjin Gil <youngjin.gil(a)samsung.com> Signed-off-by: Sunmin Jeong <s_min.jeong(a)samsung.com> --- v2: - use union for cow inode to point to atomic inode fs/f2fs/data.c | 2 +- fs/f2fs/f2fs.h | 13 +++++++++++-- fs/f2fs/file.c | 3 +++ fs/f2fs/gc.c | 12 ++++++++++-- fs/f2fs/inline.c | 2 +- fs/f2fs/inode.c | 3 ++- 6 files changed, 28 insertions(+), 7 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 9a213d03005d..f6b1782f965a 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -2606,7 +2606,7 @@ bool f2fs_should_update_outplace(struct inode *inode, struct f2fs_io_info *fio) return true; if (IS_NOQUOTA(inode)) return true; - if (f2fs_is_atomic_file(inode)) + if (f2fs_used_in_atomic_write(inode)) return true; /* rewrite low ratio compress data w/ OPU mode to avoid fragmentation */ if (f2fs_compressed_file(inode) && diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 796ae11c0fa3..4a8621e4a33a 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -843,7 +843,11 @@ struct f2fs_inode_info { struct task_struct *atomic_write_task; /* store atomic write task */ struct extent_tree *extent_tree[NR_EXTENT_CACHES]; /* cached extent_tree entry */ - struct inode *cow_inode; /* copy-on-write inode for atomic write */ + union { + struct inode *cow_inode; /* copy-on-write inode for atomic write */ + struct inode *atomic_inode; + /* point to atomic_inode, available only for cow_inode */ + }; /* avoid racing between foreground op and gc */ struct f2fs_rwsem i_gc_rwsem[2]; @@ -4263,9 +4267,14 @@ static inline bool f2fs_post_read_required(struct inode *inode) f2fs_compressed_file(inode); } +static inline bool f2fs_used_in_atomic_write(struct inode *inode) +{ + return f2fs_is_atomic_file(inode) || f2fs_is_cow_file(inode); +} + static inline bool f2fs_meta_inode_gc_required(struct inode *inode) { - return f2fs_post_read_required(inode) || f2fs_is_atomic_file(inode); + return f2fs_post_read_required(inode) || f2fs_used_in_atomic_write(inode); } /* diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index e4a7cff00796..547e7ec32b1f 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2183,6 +2183,9 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) set_inode_flag(fi->cow_inode, FI_COW_FILE); clear_inode_flag(fi->cow_inode, FI_INLINE_DATA); + + /* Set the COW inode's atomic_inode to the atomic inode */ + F2FS_I(fi->cow_inode)->atomic_inode = inode; } else { /* Reuse the already created COW inode */ ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true); diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c index cb3006551ab5..61913fcefd9e 100644 --- a/fs/f2fs/gc.c +++ b/fs/f2fs/gc.c @@ -1186,7 +1186,11 @@ static int ra_data_block(struct inode *inode, pgoff_t index) }; int err; - page = f2fs_grab_cache_page(mapping, index, true); + if (f2fs_is_cow_file(inode)) + page = f2fs_grab_cache_page(F2FS_I(inode)->atomic_inode->i_mapping, + index, true); + else + page = f2fs_grab_cache_page(mapping, index, true); if (!page) return -ENOMEM; @@ -1282,7 +1286,11 @@ static int move_data_block(struct inode *inode, block_t bidx, CURSEG_ALL_DATA_ATGC : CURSEG_COLD_DATA; /* do not read out */ - page = f2fs_grab_cache_page(inode->i_mapping, bidx, false); + if (f2fs_is_cow_file(inode)) + page = f2fs_grab_cache_page(F2FS_I(inode)->atomic_inode->i_mapping, + bidx, false); + else + page = f2fs_grab_cache_page(inode->i_mapping, bidx, false); if (!page) return -ENOMEM; diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c index 1fba5728be70..cca7d448e55c 100644 --- a/fs/f2fs/inline.c +++ b/fs/f2fs/inline.c @@ -16,7 +16,7 @@ static bool support_inline_data(struct inode *inode) { - if (f2fs_is_atomic_file(inode)) + if (f2fs_used_in_atomic_write(inode)) return false; if (!S_ISREG(inode->i_mode) && !S_ISLNK(inode->i_mode)) return false; diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 7a3e2458b2d9..18dea43e694b 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -804,8 +804,9 @@ void f2fs_evict_inode(struct inode *inode) f2fs_abort_atomic_write(inode, true); - if (fi->cow_inode) { + if (fi->cow_inode && f2fs_is_cow_file(fi->cow_inode)) { clear_inode_flag(fi->cow_inode, FI_COW_FILE); + F2FS_I(fi->cow_inode)->atomic_inode = NULL; iput(fi->cow_inode); fi->cow_inode = NULL; } -- 2.25.1

9 months, 4 weeks

3
3
0 0

[PATCH v4] drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes

by Ma Ke

In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 6a227d5fd6c4 ("gma500: Add support for Cedarview") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v4: - revised the recipient email list, apologize for the inadvertent mistake. Changes in v3: - added the recipient's email address, due to the prolonged absence of a response from the recipients. Changes in v2: - modified the patch according to suggestions from other patchs; - added Fixes line; - added Cc stable; - Link: https://lore.kernel.org/lkml/20240622072514.1867582-1-make24@iscas.ac.cn/T/ --- drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/gma500/cdv_intel_lvds.c b/drivers/gpu/drm/gma500/cdv_intel_lvds.c index f08a6803dc18..3adc2c9ab72d 100644 --- a/drivers/gpu/drm/gma500/cdv_intel_lvds.c +++ b/drivers/gpu/drm/gma500/cdv_intel_lvds.c @@ -311,6 +311,9 @@ static int cdv_intel_lvds_get_modes(struct drm_connector *connector) if (mode_dev->panel_fixed_mode != NULL) { struct drm_display_mode *mode = drm_mode_duplicate(dev, mode_dev->panel_fixed_mode); + if (!mode) + return 0; + drm_mode_probed_add(connector, mode); return 1; } -- 2.25.1

9 months, 4 weeks

3
3
0 0

[PATCH net v4 3/4] ipv6: take care of scope when choosing the src addr

by Nicolas Dichtel

When the source address is selected, the scope must be checked. For example, if a loopback address is assigned to the vrf device, it must not be chosen for packets sent outside. CC: stable(a)vger.kernel.org Fixes: afbac6010aec ("net: ipv6: Address selection needs to consider L3 domains") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> --- net/ipv6/addrconf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 5c424a0e7232..4f2c5cc31015 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -1873,7 +1873,8 @@ int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev, master, &dst, scores, hiscore_idx); - if (scores[hiscore_idx].ifa) + if (scores[hiscore_idx].ifa && + scores[hiscore_idx].scopedist >= 0) goto out; } -- 2.43.1

9 months, 4 weeks

1
0
0 0

[PATCH net v4 2/4] ipv6: fix source address selection with route leak

by Nicolas Dichtel

By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 0d240e7811c4 ("net: vrf: Implement get_saddr for IPv6") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> --- include/net/ip6_route.h | 22 +++++++++++++++------- net/ipv6/ip6_output.c | 1 + net/ipv6/route.c | 2 +- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index a18ed24fed94..6dbdf60b342f 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -127,18 +127,26 @@ void rt6_age_exceptions(struct fib6_info *f6i, struct fib6_gc_args *gc_args, static inline int ip6_route_get_saddr(struct net *net, struct fib6_info *f6i, const struct in6_addr *daddr, - unsigned int prefs, + unsigned int prefs, int l3mdev_index, struct in6_addr *saddr) { + struct net_device *l3mdev; + struct net_device *dev; + bool same_vrf; int err = 0; - if (f6i && f6i->fib6_prefsrc.plen) { - *saddr = f6i->fib6_prefsrc.addr; - } else { - struct net_device *dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + rcu_read_lock(); - err = ipv6_dev_get_saddr(net, dev, daddr, prefs, saddr); - } + l3mdev = dev_get_by_index_rcu(net, l3mdev_index); + if (!f6i || !f6i->fib6_prefsrc.plen || l3mdev) + dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + same_vrf = !l3mdev || l3mdev_master_dev_rcu(dev) == l3mdev; + if (f6i && f6i->fib6_prefsrc.plen && same_vrf) + *saddr = f6i->fib6_prefsrc.addr; + else + err = ipv6_dev_get_saddr(net, same_vrf ? dev : l3mdev, daddr, prefs, saddr); + + rcu_read_unlock(); return err; } diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 27d8725445e3..784424ac4147 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1124,6 +1124,7 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk, from = rt ? rcu_dereference(rt->from) : NULL; err = ip6_route_get_saddr(net, from, &fl6->daddr, sk ? READ_ONCE(inet6_sk(sk)->srcprefs) : 0, + fl6->flowi6_l3mdev, &fl6->saddr); rcu_read_unlock(); diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 8d72ca0b086d..c9a9506b714d 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -5689,7 +5689,7 @@ static int rt6_fill_node(struct net *net, struct sk_buff *skb, goto nla_put_failure; } else if (dest) { struct in6_addr saddr_buf; - if (ip6_route_get_saddr(net, rt, dest, 0, &saddr_buf) == 0 && + if (ip6_route_get_saddr(net, rt, dest, 0, 0, &saddr_buf) == 0 && nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) goto nla_put_failure; } -- 2.43.1

9 months, 4 weeks

1
0
0 0

[PATCH net v4 1/4] ipv4: fix source address selection with route leak

by Nicolas Dichtel

By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 8cbb512c923d ("net: Add source address lookup op for VRF") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> --- net/ipv4/fib_semantics.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index f669da98d11d..8956026bc0a2 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -2270,6 +2270,15 @@ void fib_select_path(struct net *net, struct fib_result *res, fib_select_default(fl4, res); check_saddr: - if (!fl4->saddr) - fl4->saddr = fib_result_prefsrc(net, res); + if (!fl4->saddr) { + struct net_device *l3mdev; + + l3mdev = dev_get_by_index_rcu(net, fl4->flowi4_l3mdev); + + if (!l3mdev || + l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) == l3mdev) + fl4->saddr = fib_result_prefsrc(net, res); + else + fl4->saddr = inet_select_addr(l3mdev, 0, RT_SCOPE_LINK); + } } -- 2.43.1

9 months, 4 weeks

1
0
0 0

[PATCH] mm: Fix PTE_AF handling in fault path on architectures with HW AF support

by Ram Tummala

Commit 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") replaced do_set_pte() with set_pte_range() and that introduced a regression in the following faulting path of non-anonymous vmas on CPUs with HW AF support. handle_pte_fault() do_pte_missing() do_fault() do_read_fault() || do_cow_fault() || do_shared_fault() finish_fault() set_pte_range() The polarity of prefault calculation is incorrect. This leads to prefault being incorrectly set for the faulting address. The following if check will incorrectly clear the PTE_AF bit instead of setting it and the access will fault again on the same address due to the missing PTE_AF bit. if (prefault && arch_wants_old_prefaulted_pte()) entry = pte_mkold(entry); On a subsequent fault on the same address, the faulting path will see a non NULL vmf->pte and instead of reaching the do_pte_missing() path, PTE_AF will be correctly set in handle_pte_fault() itself. Due to this bug, performance degradation in the fault handling path will be observed due to unnecessary double faulting. Cc: stable(a)vger.kernel.org Fixes: 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") Signed-off-by: Ram Tummala <rtummala(a)nvidia.com> --- mm/memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memory.c b/mm/memory.c index 0a769f34bbb2..03263034a040 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -4781,7 +4781,7 @@ void set_pte_range(struct vm_fault *vmf, struct folio *folio, { struct vm_area_struct *vma = vmf->vma; bool write = vmf->flags & FAULT_FLAG_WRITE; - bool prefault = in_range(vmf->address, addr, nr * PAGE_SIZE); + bool prefault = !in_range(vmf->address, addr, nr * PAGE_SIZE); pte_t entry; flush_icache_pages(vma, page, nr); -- 2.34.1

9 months, 4 weeks

5
4
0 0

[PATCH v2] mm: Fix old/young bit handling in the faulting path

by Ram Tummala

Commit 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") replaced do_set_pte() with set_pte_range() and that introduced a regression in the following faulting path of non-anonymous vmas which caused the PTE for the faulting address to be marked as old instead of young. handle_pte_fault() do_pte_missing() do_fault() do_read_fault() || do_cow_fault() || do_shared_fault() finish_fault() set_pte_range() The polarity of prefault calculation is incorrect. This leads to prefault being incorrectly set for the faulting address. The following check will incorrectly mark the PTE old rather than young. On some architectures this will cause a double fault to mark it young when the access is retried. if (prefault && arch_wants_old_prefaulted_pte()) entry = pte_mkold(entry); On a subsequent fault on the same address, the faulting path will see a non NULL vmf->pte and instead of reaching the do_pte_missing() path, PTE will then be correctly marked young in handle_pte_fault() itself. Due to this bug, performance degradation in the fault handling path will be observed due to unnecessary double faulting. Cc: stable(a)vger.kernel.org Fixes: 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") Signed-off-by: Ram Tummala <rtummala(a)nvidia.com> Reviewed-by: Yin Fengwei <fengwei.yin(a)intel.com> --- mm/memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memory.c b/mm/memory.c index 0a769f34bbb2..03263034a040 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -4781,7 +4781,7 @@ void set_pte_range(struct vm_fault *vmf, struct folio *folio, { struct vm_area_struct *vma = vmf->vma; bool write = vmf->flags & FAULT_FLAG_WRITE; - bool prefault = in_range(vmf->address, addr, nr * PAGE_SIZE); + bool prefault = !in_range(vmf->address, addr, nr * PAGE_SIZE); pte_t entry; flush_icache_pages(vma, page, nr); -- 2.34.1

9 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-hugetlb-fix-kernel-null-pointer-dereference-when-migrating-hugetlb-folio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: fix kernel NULL pointer dereference when migrating hugetlb folio has been removed from the -mm tree. Its filename was mm-hugetlb-fix-kernel-null-pointer-dereference-when-migrating-hugetlb-folio.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/hugetlb: fix kernel NULL pointer dereference when migrating hugetlb folio Date: Tue, 9 Jul 2024 20:04:33 +0800 A kernel crash was observed when migrating hugetlb folio: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 3435 Comm: bash Not tainted 6.10.0-rc6-00450-g8578ca01f21f #66 RIP: 0010:__folio_undo_large_rmappable+0x70/0xb0 RSP: 0018:ffffb165c98a7b38 EFLAGS: 00000097 RAX: fffffbbc44528090 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffffa30e000a2800 RSI: 0000000000000246 RDI: ffffa3153ffffcc0 RBP: fffffbbc44528000 R08: 0000000000002371 R09: ffffffffbe4e5868 R10: 0000000000000001 R11: 0000000000000001 R12: ffffa3153ffffcc0 R13: fffffbbc44468000 R14: 0000000000000001 R15: 0000000000000001 FS: 00007f5b3a716740(0000) GS:ffffa3151fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010959a000 CR4: 00000000000006f0 Call Trace: <TASK> __folio_migrate_mapping+0x59e/0x950 __migrate_folio.constprop.0+0x5f/0x120 move_to_new_folio+0xfd/0x250 migrate_pages+0x383/0xd70 soft_offline_page+0x2ab/0x7f0 soft_offline_page_store+0x52/0x90 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xb9/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5b3a514887 RSP: 002b:00007ffe138fce68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f5b3a514887 RDX: 000000000000000c RSI: 0000556ab809ee10 RDI: 0000000000000001 RBP: 0000556ab809ee10 R08: 00007f5b3a5d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007f5b3a61b780 R14: 00007f5b3a617600 R15: 00007f5b3a616a00 It's because hugetlb folio is passed to __folio_undo_large_rmappable() unexpectedly. large_rmappable flag is imperceptibly set to hugetlb folio since commit f6a8dd98a2ce ("hugetlb: convert alloc_buddy_hugetlb_folio to use a folio"). Then commit be9581ea8c05 ("mm: fix crashes from deferred split racing folio migration") makes folio_migrate_mapping() call folio_undo_large_rmappable() triggering the bug. Fix this issue by clearing large_rmappable flag for hugetlb folios. They don't need that flag set anyway. Link: https://lkml.kernel.org/r/20240709120433.4136700-1-linmiaohe@huawei.com Fixes: f6a8dd98a2ce ("hugetlb: convert alloc_buddy_hugetlb_folio to use a folio") Fixes: be9581ea8c05 ("mm: fix crashes from deferred split racing folio migration") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/hugetlb.c~mm-hugetlb-fix-kernel-null-pointer-dereference-when-migrating-hugetlb-folio +++ a/mm/hugetlb.c @@ -2162,6 +2162,9 @@ static struct folio *alloc_buddy_hugetlb nid = numa_mem_id(); retry: folio = __folio_alloc(gfp_mask, order, nid, nmask); + /* Ensure hugetlb folio won't have large_rmappable flag set. */ + if (folio) + folio_clear_large_rmappable(folio); if (folio && !folio_ref_freeze(folio, 1)) { folio_put(folio); _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-remove-obsolete-mf_msg_different_compound.patch

9 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-hugetlb-fix-potential-race-in-__update_and_free_hugetlb_folio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio() has been removed from the -mm tree. Its filename was mm-hugetlb-fix-potential-race-in-__update_and_free_hugetlb_folio.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio() Date: Mon, 8 Jul 2024 10:51:27 +0800 There is a potential race between __update_and_free_hugetlb_folio() and try_memory_failure_hugetlb(): CPU1 CPU2 __update_and_free_hugetlb_folio try_memory_failure_hugetlb folio_test_hugetlb -- It's still hugetlb folio. folio_clear_hugetlb_hwpoison spin_lock_irq(&hugetlb_lock); __get_huge_page_for_hwpoison folio_set_hugetlb_hwpoison spin_unlock_irq(&hugetlb_lock); spin_lock_irq(&hugetlb_lock); __folio_clear_hugetlb(folio); -- Hugetlb flag is cleared but too late. spin_unlock_irq(&hugetlb_lock); When the above race occurs, raw error page info will be leaked. Even worse, raw error pages won't have hwpoisoned flag set and hit pcplists/buddy. Fix this issue by deferring folio_clear_hugetlb_hwpoison() until __folio_clear_hugetlb() is done. So all raw error pages will have hwpoisoned flag set. Link: https://lkml.kernel.org/r/20240708025127.107713-1-linmiaohe@huawei.com Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Muchun Song <muchun.song(a)linux.dev> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-potential-race-in-__update_and_free_hugetlb_folio +++ a/mm/hugetlb.c @@ -1726,13 +1726,6 @@ static void __update_and_free_hugetlb_fo } /* - * Move PageHWPoison flag from head page to the raw error pages, - * which makes any healthy subpages reusable. - */ - if (unlikely(folio_test_hwpoison(folio))) - folio_clear_hugetlb_hwpoison(folio); - - /* * If vmemmap pages were allocated above, then we need to clear the * hugetlb flag under the hugetlb lock. */ @@ -1742,6 +1735,13 @@ static void __update_and_free_hugetlb_fo spin_unlock_irq(&hugetlb_lock); } + /* + * Move PageHWPoison flag from head page to the raw error pages, + * which makes any healthy subpages reusable. + */ + if (unlikely(folio_test_hwpoison(folio))) + folio_clear_hugetlb_hwpoison(folio); + folio_ref_unfreeze(folio, 1); /* _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-remove-obsolete-mf_msg_different_compound.patch

9 months, 4 weeks

1
0
0 0

[merged mm-hotfixes-stable] filemap-replace-pte_offset_map-with-pte_offset_map_nolock.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: filemap: replace pte_offset_map() with pte_offset_map_nolock() has been removed from the -mm tree. Its filename was filemap-replace-pte_offset_map-with-pte_offset_map_nolock.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: ZhangPeng <zhangpeng362(a)huawei.com> Subject: filemap: replace pte_offset_map() with pte_offset_map_nolock() Date: Wed, 13 Mar 2024 09:29:13 +0800 The vmf->ptl in filemap_fault_recheck_pte_none() is still set from handle_pte_fault(). But at the same time, we did a pte_unmap(vmf->pte). After a pte_unmap(vmf->pte) unmap and rcu_read_unlock(), the page table may be racily changed and vmf->ptl maybe fails to protect the actual page table. Fix this by replacing pte_offset_map() with pte_offset_map_nolock(). As David said, the PTL pointer might be stale so if we continue to use it infilemap_fault_recheck_pte_none(), it might trigger UAF. Also, if the PTL fails, the issue fixed by commit 58f327f2ce80 ("filemap: avoid unnecessary major faults in filemap_fault()") might reappear. Link: https://lkml.kernel.org/r/20240313012913.2395414-1-zhangpeng362@huawei.com Fixes: 58f327f2ce80 ("filemap: avoid unnecessary major faults in filemap_fault()") Signed-off-by: ZhangPeng <zhangpeng362(a)huawei.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nanyong Sun <sunnanyong(a)huawei.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: Yin Fengwei <fengwei.yin(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/filemap.c~filemap-replace-pte_offset_map-with-pte_offset_map_nolock +++ a/mm/filemap.c @@ -3231,7 +3231,8 @@ static vm_fault_t filemap_fault_recheck_ if (!(vmf->flags & FAULT_FLAG_ORIG_PTE_VALID)) return 0; - ptep = pte_offset_map(vmf->pmd, vmf->address); + ptep = pte_offset_map_nolock(vma->vm_mm, vmf->pmd, vmf->address, + &vmf->ptl); if (unlikely(!ptep)) return VM_FAULT_NOPAGE; _ Patches currently in -mm which might be from zhangpeng362(a)huawei.com are

9 months, 4 weeks

1
0
0 0

+ mm-hugetlb-fix-kernel-null-pointer-dereference-when-migrating-hugetlb-folio.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: fix kernel NULL pointer dereference when migrating hugetlb folio has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-fix-kernel-null-pointer-dereference-when-migrating-hugetlb-folio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/hugetlb: fix kernel NULL pointer dereference when migrating hugetlb folio Date: Tue, 9 Jul 2024 20:04:33 +0800 A kernel crash was observed when migrating hugetlb folio: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 3435 Comm: bash Not tainted 6.10.0-rc6-00450-g8578ca01f21f #66 RIP: 0010:__folio_undo_large_rmappable+0x70/0xb0 RSP: 0018:ffffb165c98a7b38 EFLAGS: 00000097 RAX: fffffbbc44528090 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffffa30e000a2800 RSI: 0000000000000246 RDI: ffffa3153ffffcc0 RBP: fffffbbc44528000 R08: 0000000000002371 R09: ffffffffbe4e5868 R10: 0000000000000001 R11: 0000000000000001 R12: ffffa3153ffffcc0 R13: fffffbbc44468000 R14: 0000000000000001 R15: 0000000000000001 FS: 00007f5b3a716740(0000) GS:ffffa3151fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010959a000 CR4: 00000000000006f0 Call Trace: <TASK> __folio_migrate_mapping+0x59e/0x950 __migrate_folio.constprop.0+0x5f/0x120 move_to_new_folio+0xfd/0x250 migrate_pages+0x383/0xd70 soft_offline_page+0x2ab/0x7f0 soft_offline_page_store+0x52/0x90 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xb9/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5b3a514887 RSP: 002b:00007ffe138fce68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f5b3a514887 RDX: 000000000000000c RSI: 0000556ab809ee10 RDI: 0000000000000001 RBP: 0000556ab809ee10 R08: 00007f5b3a5d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007f5b3a61b780 R14: 00007f5b3a617600 R15: 00007f5b3a616a00 It's because hugetlb folio is passed to __folio_undo_large_rmappable() unexpectedly. large_rmappable flag is imperceptibly set to hugetlb folio since commit f6a8dd98a2ce ("hugetlb: convert alloc_buddy_hugetlb_folio to use a folio"). Then commit be9581ea8c05 ("mm: fix crashes from deferred split racing folio migration") makes folio_migrate_mapping() call folio_undo_large_rmappable() triggering the bug. Fix this issue by clearing large_rmappable flag for hugetlb folios. They don't need that flag set anyway. Link: https://lkml.kernel.org/r/20240709120433.4136700-1-linmiaohe@huawei.com Fixes: f6a8dd98a2ce ("hugetlb: convert alloc_buddy_hugetlb_folio to use a folio") Fixes: be9581ea8c05 ("mm: fix crashes from deferred split racing folio migration") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 3 +++ 1 file changed, 3 insertions(+) --- a/mm/hugetlb.c~mm-hugetlb-fix-kernel-null-pointer-dereference-when-migrating-hugetlb-folio +++ a/mm/hugetlb.c @@ -2162,6 +2162,9 @@ static struct folio *alloc_buddy_hugetlb nid = numa_mem_id(); retry: folio = __folio_alloc(gfp_mask, order, nid, nmask); + /* Ensure hugetlb folio won't have large_rmappable flag set. */ + if (folio) + folio_clear_large_rmappable(folio); if (folio && !folio_ref_freeze(folio, 1)) { folio_put(folio); _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-hugetlb-fix-potential-race-in-__update_and_free_hugetlb_folio.patch mm-hugetlb-fix-kernel-null-pointer-dereference-when-migrating-hugetlb-folio.patch mm-memory-failure-remove-obsolete-mf_msg_different_compound.patch

9 months, 4 weeks

1
0
0 0

[PATCH 0/2] drm/msm/dpu: two fixes targeting 6.11

by Dmitry Baryshkov

Leonard Lausen reported an issue with suspend/resume of the sc7180 devices. Fix the WB atomic check, which caused the issue. Also make sure that DPU debugging logs are always directed to the drm_debug / DRIVER so that usual drm.debug masks work in an expected way. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Dmitry Baryshkov (2): drm/msm/dpu1: don't choke on disabling the writeback connector drm/msm/dpu: don't play tricks with debug macros drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 ++------------ drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 14 +++++++------- 2 files changed, 9 insertions(+), 19 deletions(-) --- base-commit: 0b58e108042b0ed28a71cd7edf5175999955b233 change-id: 20240709-dpu-fix-wb-6cd57e3eb182 Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

9 months, 4 weeks

2
2
0 0

[PATCH v3] net: ks8851: Fix deadlock with the SPI chip variant

by Ronald Wahl

From: Ronald Wahl <ronald.wahl(a)raritan.com> When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmit+0x6c/0xbc sch_direct_xmit+0xa4/0x22c __qdisc_run+0x138/0x3fc qdisc_run+0x24/0x3c net_tx_action+0xf8/0x130 handle_softirqs+0x1ac/0x1f0 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x3c/0x58 do_softirq_own_stack+0x1c/0x28 __irq_exit_rcu+0x54/0x9c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x50 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x64/0x68 __netif_schedule+0x6c/0x80 netif_tx_wake_queue+0x38/0x48 ks8851_irq+0xb8/0x2c8 irq_thread_fn+0x2c/0x74 irq_thread+0x10c/0x1b0 kthread+0xc8/0xd8 ret_from_fork+0x10/0x20 This issue has not been identified earlier because tests were done on a device with SMP disabled and so spinlocks were actually NOPs. Now use spin_(un)lock_bh for TX queue related locking to avoid execution of softirq work synchronously that would lead to a deadlock. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> --- V2: - use spin_lock_bh instead of moving netif_wake_queue outside of locked region (doing the same in the start_xmit function) - add missing net: tag V3: - spin_lock_bh(ks->statelock) always except in xmit which is in BH already drivers/net/ethernet/micrel/ks8851_common.c | 8 ++++---- drivers/net/ethernet/micrel/ks8851_spi.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 6453c92f0fa7..13462811eaae 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -352,11 +352,11 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) netif_dbg(ks, intr, ks->netdev, "%s: txspace %d\n", __func__, tx_space); - spin_lock(&ks->statelock); + spin_lock_bh(&ks->statelock); ks->tx_space = tx_space; if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); - spin_unlock(&ks->statelock); + spin_unlock_bh(&ks->statelock); } if (status & IRQ_SPIBEI) { @@ -635,14 +635,14 @@ static void ks8851_set_rx_mode(struct net_device *dev) /* schedule work to do the actual set of the data if needed */ - spin_lock(&ks->statelock); + spin_lock_bh(&ks->statelock); if (memcmp(&rxctrl, &ks->rxctrl, sizeof(rxctrl)) != 0) { memcpy(&ks->rxctrl, &rxctrl, sizeof(ks->rxctrl)); schedule_work(&ks->rxctrl_work); } - spin_unlock(&ks->statelock); + spin_unlock_bh(&ks->statelock); } static int ks8851_set_mac_address(struct net_device *dev, void *addr) diff --git a/drivers/net/ethernet/micrel/ks8851_spi.c b/drivers/net/ethernet/micrel/ks8851_spi.c index 670c1de966db..3062cc0f9199 100644 --- a/drivers/net/ethernet/micrel/ks8851_spi.c +++ b/drivers/net/ethernet/micrel/ks8851_spi.c @@ -340,10 +340,10 @@ static void ks8851_tx_work(struct work_struct *work) tx_space = ks8851_rdreg16_spi(ks, KS_TXMIR); - spin_lock(&ks->statelock); + spin_lock_bh(&ks->statelock); ks->queued_len -= dequeued_len; ks->tx_space = tx_space; - spin_unlock(&ks->statelock); + spin_unlock_bh(&ks->statelock); ks8851_unlock_spi(ks, &flags); } -- 2.45.2

9 months, 4 weeks

3
2
0 0

[PATCH v3] drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes

by Ma Ke

In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 6a227d5fd6c4 ("gma500: Add support for Cedarview") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - added the recipient's email address, due to the prolonged absence of a response from the recipients. Changes in v2: - modified the patch according to suggestions from other patchs; - added Fixes line; - added Cc stable; - Link: https://lore.kernel.org/lkml/20240622072514.1867582-1-make24@iscas.ac.cn/T/ --- drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/gma500/cdv_intel_lvds.c b/drivers/gpu/drm/gma500/cdv_intel_lvds.c index f08a6803dc18..3adc2c9ab72d 100644 --- a/drivers/gpu/drm/gma500/cdv_intel_lvds.c +++ b/drivers/gpu/drm/gma500/cdv_intel_lvds.c @@ -311,6 +311,9 @@ static int cdv_intel_lvds_get_modes(struct drm_connector *connector) if (mode_dev->panel_fixed_mode != NULL) { struct drm_display_mode *mode = drm_mode_duplicate(dev, mode_dev->panel_fixed_mode); + if (!mode) + return 0; + drm_mode_probed_add(connector, mode); return 1; } -- 2.25.1

9 months, 4 weeks

3
2
0 0

[PATCH -next v3] scsi: sd: Fix an incorrect type in 'sd_spinup_disk()'

by Jiapeng Chong

The return value from the call to scsi_execute_cmd() is int. In the 'else if' branch of the function scsi_execute_cmd, it will return -EINVAL. But the type of "the_result" is "unsigned int", causing the error code to reverse. Modify the type of "the_result" to solve this problem. The code featuring the_result as the return value of the function scsi_execute_cmd is as follows: the_result = scsi_execute_cmd(sdkp->device, cmd, REQ_OP_DRV_IN, NULL, 0, SD_TIMEOUT, sdkp->max_retries, &exec_args); if (the_result > 0) { ... } ./drivers/scsi/sd.c:2333:6-16: WARNING: Unsigned expression compared with zero: the_result > 0. Fixes: c1acf38cd11e ("scsi: sd: Have midlayer retry sd_spinup_disk() errors") Cc: stable(a)vger.kernel.org Reported-by: Abaci Robot <abaci(a)linux.alibaba.com> Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=9463 Signed-off-by: Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> --- Changes in v3: -Amend the commit message, Add "Fixes:" and "Cc: stable" tags. drivers/scsi/sd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 979795dad62b..ade8c6cca295 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -2396,7 +2396,7 @@ sd_spinup_disk(struct scsi_disk *sdkp) static const u8 cmd[10] = { TEST_UNIT_READY }; unsigned long spintime_expire = 0; int spintime, sense_valid = 0; - unsigned int the_result; + int the_result; struct scsi_sense_hdr sshdr; struct scsi_failure failure_defs[] = { /* Do not retry Medium Not Present */ -- 2.20.1.7.g153144c

9 months, 4 weeks

2
1
0 0

[PATCH AUTOSEL 5.10 01/14] Input: elantech - fix touchpad state on resume for Lenovo N24

by Sasha Levin

From: Jonathan Denose <jdenose(a)google.com> [ Upstream commit a69ce592cbe0417664bc5a075205aa75c2ec1273 ] The Lenovo N24 on resume becomes stuck in a state where it sends incorrect packets, causing elantech_packet_check_v4 to fail. The only way for the device to resume sending the correct packets is for it to be disabled and then re-enabled. This change adds a dmi check to trigger this behavior on resume. Signed-off-by: Jonathan Denose <jdenose(a)google.com> Link: https://lore.kernel.org/r/20240503155020.v2.1.Ifa0e25ebf968d8f307f58d678036… Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/input/mouse/elantech.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c index 400281feb4e8d..8246662fa60b7 100644 --- a/drivers/input/mouse/elantech.c +++ b/drivers/input/mouse/elantech.c @@ -1476,16 +1476,47 @@ static void elantech_disconnect(struct psmouse *psmouse) psmouse->private = NULL; } +/* + * Some hw_version 4 models fail to properly activate absolute mode on + * resume without going through disable/enable cycle. + */ +static const struct dmi_system_id elantech_needs_reenable[] = { +#if defined(CONFIG_DMI) && defined(CONFIG_X86) + { + /* Lenovo N24 */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "81AF"), + }, + }, +#endif + { } +}; + /* * Put the touchpad back into absolute mode when reconnecting */ static int elantech_reconnect(struct psmouse *psmouse) { + int err; + psmouse_reset(psmouse); if (elantech_detect(psmouse, 0)) return -1; + if (dmi_check_system(elantech_needs_reenable)) { + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_DISABLE); + if (err) + psmouse_warn(psmouse, "failed to deactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_ENABLE); + if (err) + psmouse_warn(psmouse, "failed to reactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + } + if (elantech_set_absolute_mode(psmouse)) { psmouse_err(psmouse, "failed to put touchpad back into absolute mode.\n"); -- 2.43.0

9 months, 4 weeks

2
15
0 0

[PATCH 08/12] drm/v3d: Validate passed in drm syncobj handles in the performance extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfuly or otherwise fail the extension by jumping into the existing unwind. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index a408db3d3e32..2c4bb39c9ac6 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -714,6 +714,10 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, } qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!qinfo->queries[i].syncobj) { + err = -ENOENT; + goto error; + } } qinfo->count = reset.count; qinfo->nperfmons = reset.nperfmons; @@ -795,6 +799,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, } qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!qinfo->queries[i].syncobj) { + err = -ENOENT; + goto error; + } } qinfo->count = copy.count; qinfo->nperfmons = copy.nperfmons; -- 2.44.0

9 months, 4 weeks

1
0
0 0

[PATCH 07/12] drm/v3d: Validate passed in drm syncobj handles in the timestamp extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfuly or otherwise fail the extension by jumping into the existing unwind. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 9ba0ff3e083f ("drm/v3d: Create a CPU job extension for the timestamp query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 81afcfccc6bb..a408db3d3e32 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -499,6 +499,10 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, } qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!qinfo->queries[i].syncobj) { + err = -ENOENT; + goto error; + } } qinfo->count = timestamp.count; @@ -554,6 +558,10 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, } qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!qinfo->queries[i].syncobj) { + err = -ENOENT; + goto error; + } } qinfo->count = reset.count; @@ -619,6 +627,10 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, } qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); + if (!qinfo->queries[i].syncobj) { + err = -ENOENT; + goto error; + } } qinfo->count = copy.count; -- 2.44.0

9 months, 4 weeks

1
0
0 0

[PATCH 06/12] drm/v3d: Fix potential memory leak in the performance extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_drv.h | 2 ++ drivers/gpu/drm/v3d/v3d_sched.c | 22 ++++++++++++----- drivers/gpu/drm/v3d/v3d_submit.c | 42 ++++++++++++++++++++------------ 3 files changed, 44 insertions(+), 22 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h index 95651c3c926f..38c80168da51 100644 --- a/drivers/gpu/drm/v3d/v3d_drv.h +++ b/drivers/gpu/drm/v3d/v3d_drv.h @@ -565,6 +565,8 @@ void v3d_mmu_remove_ptes(struct v3d_bo *bo); /* v3d_sched.c */ void __v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, unsigned int count); +void __v3d_performance_query_info_free(struct v3d_performance_query_info *qinfo, + unsigned int count); void v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue); int v3d_sched_init(struct v3d_dev *v3d); void v3d_sched_fini(struct v3d_dev *v3d); diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index e45d3ddc6f82..173801aa54ee 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -87,20 +87,30 @@ __v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, } } +void +__v3d_performance_query_info_free(struct v3d_performance_query_info *qinfo, + unsigned int count) +{ + if (qinfo->queries) { + unsigned int i; + + for (i = 0; i < count; i++) + drm_syncobj_put(qinfo->queries[i].syncobj); + + kvfree(qinfo->queries); + } +} + static void v3d_cpu_job_free(struct drm_sched_job *sched_job) { struct v3d_cpu_job *job = to_cpu_job(sched_job); - struct v3d_performance_query_info *performance_query = &job->performance_query; __v3d_timestamp_query_info_free(&job->timestamp_query, job->timestamp_query.count); - if (performance_query->queries) { - for (int i = 0; i < performance_query->count; i++) - drm_syncobj_put(performance_query->queries[i].syncobj); - kvfree(performance_query->queries); - } + __v3d_performance_query_info_free(&job->performance_query, + job->performance_query.count); v3d_job_cleanup(&job->base); } diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 0f1c900c7d35..81afcfccc6bb 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -645,6 +645,7 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, struct drm_v3d_reset_performance_query reset; struct v3d_performance_query_info *qinfo = &job->performance_query; unsigned int i, j; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -680,32 +681,36 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, u32 id; if (get_user(sync, syncs++)) { - kvfree(qinfo->queries); - return -EFAULT; + err = -EFAULT; + goto error; } - qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); - if (get_user(ids, kperfmon_ids++)) { - kvfree(qinfo->queries); - return -EFAULT; + err = -EFAULT; + goto error; } ids_pointer = u64_to_user_ptr(ids); for (j = 0; j < reset.nperfmons; j++) { if (get_user(id, ids_pointer++)) { - kvfree(qinfo->queries); - return -EFAULT; + err = -EFAULT; + goto error; } qinfo->queries[i].kperfmon_ids[j] = id; } + + qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); } qinfo->count = reset.count; qinfo->nperfmons = reset.nperfmons; return 0; + +error: + __v3d_performance_query_info_free(qinfo, i); + return err; } static int @@ -718,6 +723,7 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, struct drm_v3d_copy_performance_query copy; struct v3d_performance_query_info *qinfo = &job->performance_query; unsigned int i, j; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -756,27 +762,27 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, u32 id; if (get_user(sync, syncs++)) { - kvfree(qinfo->queries); - return -EFAULT; + err = -EFAULT; + goto error; } - qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); - if (get_user(ids, kperfmon_ids++)) { - kvfree(qinfo->queries); - return -EFAULT; + err = -EFAULT; + goto error; } ids_pointer = u64_to_user_ptr(ids); for (j = 0; j < copy.nperfmons; j++) { if (get_user(id, ids_pointer++)) { - kvfree(qinfo->queries); - return -EFAULT; + err = -EFAULT; + goto error; } qinfo->queries[i].kperfmon_ids[j] = id; } + + qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); } qinfo->count = copy.count; qinfo->nperfmons = copy.nperfmons; @@ -789,6 +795,10 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, job->copy.stride = copy.stride; return 0; + +error: + __v3d_performance_query_info_free(qinfo, i); + return err; } /* Whenever userspace sets ioctl extensions, v3d_get_extensions parses data -- 2.44.0

9 months, 4 weeks

1
0
0 0

[PATCH 05/12] drm/v3d: Fix potential memory leak in the timestamp extension

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: 9ba0ff3e083f ("drm/v3d: Create a CPU job extension for the timestamp query job") Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_drv.h | 2 ++ drivers/gpu/drm/v3d/v3d_sched.c | 22 ++++++++++++++------ drivers/gpu/drm/v3d/v3d_submit.c | 35 +++++++++++++++++++++++--------- 3 files changed, 43 insertions(+), 16 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_drv.h b/drivers/gpu/drm/v3d/v3d_drv.h index 099b962bdfde..95651c3c926f 100644 --- a/drivers/gpu/drm/v3d/v3d_drv.h +++ b/drivers/gpu/drm/v3d/v3d_drv.h @@ -563,6 +563,8 @@ void v3d_mmu_insert_ptes(struct v3d_bo *bo); void v3d_mmu_remove_ptes(struct v3d_bo *bo); /* v3d_sched.c */ +void __v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, + unsigned int count); void v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue); int v3d_sched_init(struct v3d_dev *v3d); void v3d_sched_fini(struct v3d_dev *v3d); diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index 03df37a3acf5..e45d3ddc6f82 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -73,18 +73,28 @@ v3d_sched_job_free(struct drm_sched_job *sched_job) v3d_job_cleanup(job); } +void +__v3d_timestamp_query_info_free(struct v3d_timestamp_query_info *qinfo, + unsigned int count) +{ + if (qinfo->queries) { + unsigned int i; + + for (i = 0; i < count; i++) + drm_syncobj_put(qinfo->queries[i].syncobj); + + kvfree(qinfo->queries); + } +} + static void v3d_cpu_job_free(struct drm_sched_job *sched_job) { struct v3d_cpu_job *job = to_cpu_job(sched_job); - struct v3d_timestamp_query_info *timestamp_query = &job->timestamp_query; struct v3d_performance_query_info *performance_query = &job->performance_query; - if (timestamp_query->queries) { - for (int i = 0; i < timestamp_query->count; i++) - drm_syncobj_put(timestamp_query->queries[i].syncobj); - kvfree(timestamp_query->queries); - } + __v3d_timestamp_query_info_free(&job->timestamp_query, + job->timestamp_query.count); if (performance_query->queries) { for (int i = 0; i < performance_query->count; i++) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index c960bc6ca32d..0f1c900c7d35 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -454,6 +454,7 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, struct drm_v3d_timestamp_query timestamp; struct v3d_timestamp_query_info *qinfo = &job->timestamp_query; unsigned int i; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -486,15 +487,15 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, u32 offset, sync; if (get_user(offset, offsets++)) { - kvfree(qinfo->queries); - return -EFAULT; + err = -EFAULT; + goto error; } qinfo->queries[i].offset = offset; if (get_user(sync, syncs++)) { - kvfree(qinfo->queries); - return -EFAULT; + err = -EFAULT; + goto error; } qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -502,6 +503,10 @@ v3d_get_cpu_timestamp_query_params(struct drm_file *file_priv, qinfo->count = timestamp.count; return 0; + +error: + __v3d_timestamp_query_info_free(qinfo, i); + return err; } static int @@ -513,6 +518,7 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, struct drm_v3d_reset_timestamp_query reset; struct v3d_timestamp_query_info *qinfo = &job->timestamp_query; unsigned int i; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -543,8 +549,8 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, qinfo->queries[i].offset = reset.offset + 8 * i; if (get_user(sync, syncs++)) { - kvfree(qinfo->queries); - return -EFAULT; + err = -EFAULT; + goto error; } qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -552,6 +558,10 @@ v3d_get_cpu_reset_timestamp_params(struct drm_file *file_priv, qinfo->count = reset.count; return 0; + +error: + __v3d_timestamp_query_info_free(qinfo, i); + return err; } /* Get data for the copy timestamp query results job submission. */ @@ -564,6 +574,7 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, struct drm_v3d_copy_timestamp_query copy; struct v3d_timestamp_query_info *qinfo = &job->timestamp_query; unsigned int i; + int err; if (!job) { DRM_DEBUG("CPU job extension was attached to a GPU job.\n"); @@ -596,15 +607,15 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, u32 offset, sync; if (get_user(offset, offsets++)) { - kvfree(qinfo->queries); - return -EFAULT; + err = -EFAULT; + goto error; } qinfo->queries[i].offset = offset; if (get_user(sync, syncs++)) { - kvfree(qinfo->queries); - return -EFAULT; + err = -EFAULT; + goto error; } qinfo->queries[i].syncobj = drm_syncobj_find(file_priv, sync); @@ -618,6 +629,10 @@ v3d_get_cpu_copy_query_results_params(struct drm_file *file_priv, job->copy.stride = copy.stride; return 0; + +error: + __v3d_timestamp_query_info_free(qinfo, i); + return err; } static int -- 2.44.0

9 months, 4 weeks

1
0
0 0

[PATCH 01/12] drm/v3d: Prevent out of bounds access in performance query extensions

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be copied into. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bae7cb5d6800 ("drm/v3d: Create a CPU job extension for the reset performance query job" Cc: Maíra Canal <mcanal(a)igalia.com> Cc: Iago Toral Quiroga <itoral(a)igalia.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/v3d/v3d_submit.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/v3d/v3d_submit.c b/drivers/gpu/drm/v3d/v3d_submit.c index 88f63d526b22..263fefc1d04f 100644 --- a/drivers/gpu/drm/v3d/v3d_submit.c +++ b/drivers/gpu/drm/v3d/v3d_submit.c @@ -637,6 +637,9 @@ v3d_get_cpu_reset_performance_params(struct drm_file *file_priv, if (copy_from_user(&reset, ext, sizeof(reset))) return -EFAULT; + if (reset.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + job->job_type = V3D_CPU_JOB_TYPE_RESET_PERFORMANCE_QUERY; job->performance_query.queries = kvmalloc_array(reset.count, @@ -708,6 +711,9 @@ v3d_get_cpu_copy_performance_query_params(struct drm_file *file_priv, if (copy.pad) return -EINVAL; + if (copy.nperfmons > V3D_MAX_PERFMONS) + return -EINVAL; + job->job_type = V3D_CPU_JOB_TYPE_COPY_PERFORMANCE_QUERY; job->performance_query.queries = kvmalloc_array(copy.count, -- 2.44.0

9 months, 4 weeks

1
0
0 0

[PATCH AUTOSEL 5.15 01/17] Input: elantech - fix touchpad state on resume for Lenovo N24

by Sasha Levin

From: Jonathan Denose <jdenose(a)google.com> [ Upstream commit a69ce592cbe0417664bc5a075205aa75c2ec1273 ] The Lenovo N24 on resume becomes stuck in a state where it sends incorrect packets, causing elantech_packet_check_v4 to fail. The only way for the device to resume sending the correct packets is for it to be disabled and then re-enabled. This change adds a dmi check to trigger this behavior on resume. Signed-off-by: Jonathan Denose <jdenose(a)google.com> Link: https://lore.kernel.org/r/20240503155020.v2.1.Ifa0e25ebf968d8f307f58d678036… Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/input/mouse/elantech.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c index 4e38229404b4b..b4723ea395eb9 100644 --- a/drivers/input/mouse/elantech.c +++ b/drivers/input/mouse/elantech.c @@ -1476,16 +1476,47 @@ static void elantech_disconnect(struct psmouse *psmouse) psmouse->private = NULL; } +/* + * Some hw_version 4 models fail to properly activate absolute mode on + * resume without going through disable/enable cycle. + */ +static const struct dmi_system_id elantech_needs_reenable[] = { +#if defined(CONFIG_DMI) && defined(CONFIG_X86) + { + /* Lenovo N24 */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "81AF"), + }, + }, +#endif + { } +}; + /* * Put the touchpad back into absolute mode when reconnecting */ static int elantech_reconnect(struct psmouse *psmouse) { + int err; + psmouse_reset(psmouse); if (elantech_detect(psmouse, 0)) return -1; + if (dmi_check_system(elantech_needs_reenable)) { + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_DISABLE); + if (err) + psmouse_warn(psmouse, "failed to deactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_ENABLE); + if (err) + psmouse_warn(psmouse, "failed to reactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + } + if (elantech_set_absolute_mode(psmouse)) { psmouse_err(psmouse, "failed to put touchpad back into absolute mode.\n"); -- 2.43.0

9 months, 4 weeks

1
16
0 0

[PATCH AUTOSEL 6.1 01/27] Input: elantech - fix touchpad state on resume for Lenovo N24

by Sasha Levin

From: Jonathan Denose <jdenose(a)google.com> [ Upstream commit a69ce592cbe0417664bc5a075205aa75c2ec1273 ] The Lenovo N24 on resume becomes stuck in a state where it sends incorrect packets, causing elantech_packet_check_v4 to fail. The only way for the device to resume sending the correct packets is for it to be disabled and then re-enabled. This change adds a dmi check to trigger this behavior on resume. Signed-off-by: Jonathan Denose <jdenose(a)google.com> Link: https://lore.kernel.org/r/20240503155020.v2.1.Ifa0e25ebf968d8f307f58d678036… Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/input/mouse/elantech.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c index 4e38229404b4b..b4723ea395eb9 100644 --- a/drivers/input/mouse/elantech.c +++ b/drivers/input/mouse/elantech.c @@ -1476,16 +1476,47 @@ static void elantech_disconnect(struct psmouse *psmouse) psmouse->private = NULL; } +/* + * Some hw_version 4 models fail to properly activate absolute mode on + * resume without going through disable/enable cycle. + */ +static const struct dmi_system_id elantech_needs_reenable[] = { +#if defined(CONFIG_DMI) && defined(CONFIG_X86) + { + /* Lenovo N24 */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "81AF"), + }, + }, +#endif + { } +}; + /* * Put the touchpad back into absolute mode when reconnecting */ static int elantech_reconnect(struct psmouse *psmouse) { + int err; + psmouse_reset(psmouse); if (elantech_detect(psmouse, 0)) return -1; + if (dmi_check_system(elantech_needs_reenable)) { + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_DISABLE); + if (err) + psmouse_warn(psmouse, "failed to deactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_ENABLE); + if (err) + psmouse_warn(psmouse, "failed to reactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + } + if (elantech_set_absolute_mode(psmouse)) { psmouse_err(psmouse, "failed to put touchpad back into absolute mode.\n"); -- 2.43.0

9 months, 4 weeks

1
26
0 0

[PATCH AUTOSEL 6.6 01/33] Input: elantech - fix touchpad state on resume for Lenovo N24

by Sasha Levin

From: Jonathan Denose <jdenose(a)google.com> [ Upstream commit a69ce592cbe0417664bc5a075205aa75c2ec1273 ] The Lenovo N24 on resume becomes stuck in a state where it sends incorrect packets, causing elantech_packet_check_v4 to fail. The only way for the device to resume sending the correct packets is for it to be disabled and then re-enabled. This change adds a dmi check to trigger this behavior on resume. Signed-off-by: Jonathan Denose <jdenose(a)google.com> Link: https://lore.kernel.org/r/20240503155020.v2.1.Ifa0e25ebf968d8f307f58d678036… Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/input/mouse/elantech.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c index 4e38229404b4b..b4723ea395eb9 100644 --- a/drivers/input/mouse/elantech.c +++ b/drivers/input/mouse/elantech.c @@ -1476,16 +1476,47 @@ static void elantech_disconnect(struct psmouse *psmouse) psmouse->private = NULL; } +/* + * Some hw_version 4 models fail to properly activate absolute mode on + * resume without going through disable/enable cycle. + */ +static const struct dmi_system_id elantech_needs_reenable[] = { +#if defined(CONFIG_DMI) && defined(CONFIG_X86) + { + /* Lenovo N24 */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "81AF"), + }, + }, +#endif + { } +}; + /* * Put the touchpad back into absolute mode when reconnecting */ static int elantech_reconnect(struct psmouse *psmouse) { + int err; + psmouse_reset(psmouse); if (elantech_detect(psmouse, 0)) return -1; + if (dmi_check_system(elantech_needs_reenable)) { + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_DISABLE); + if (err) + psmouse_warn(psmouse, "failed to deactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_ENABLE); + if (err) + psmouse_warn(psmouse, "failed to reactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + } + if (elantech_set_absolute_mode(psmouse)) { psmouse_err(psmouse, "failed to put touchpad back into absolute mode.\n"); -- 2.43.0

9 months, 4 weeks

1
32
0 0

Re: [PATCH 6.9 000/197] 6.9.9-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

9 months, 4 weeks

1
0
0 0

[PATCH v2] drm/amd/display: Add otg_master NULL check within init_pipe_slice_table_from_context

by Ma Ke

To avoid reports of NULL_RETURN warning, we should add otg_master NULL check. Cc: stable(a)vger.kernel.org Fixes: c51d87202d1f ("drm/amd/display: do not attempt ODM power optimization if minimal transition doesn't exist") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added the recipient's email address, due to the prolonged absence of a response from the recipient. - added Cc stable. --- drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c index f6fe0a64beac..8972598ca77f 100644 --- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c +++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c @@ -1177,6 +1177,9 @@ static void init_pipe_slice_table_from_context( stream = context->streams[i]; otg_master = resource_get_otg_master_for_stream( &context->res_ctx, stream); + if (!otg_master) + continue; + count = resource_get_odm_slice_count(otg_master); update_slice_table_for_stream(table, stream, count); -- 2.25.1

9 months, 4 weeks

2
1
0 0

[PATCH] EDAC/altera: Fix possible null pointer dereference

by Ma Ke

In altr_s10_sdram_check_ecc_deps(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: e1bca853dddc ("EDAC/altera: Add SDRAM ECC check for U-Boot") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/edac/altera_edac.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c index fe89f5c4837f..d6bf0eebeb41 100644 --- a/drivers/edac/altera_edac.c +++ b/drivers/edac/altera_edac.c @@ -1086,6 +1086,7 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) struct arm_smccc_res result; struct device_node *np; phys_addr_t sdram_addr; + const __be32 *sdram_addrp; u32 read_reg; int ret; @@ -1093,8 +1094,14 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) if (!np) goto sdram_err; - sdram_addr = of_translate_address(np, of_get_address(np, 0, - NULL, NULL)); + sdram_addrp = of_get_address(np, 0, NULL, NULL); + if (!sdram_addrp) + return -EINVAL; + + sdram_addr = of_translate_address(np, sdram_addrp); + if (!sdram_addr) + return -EINVAL; + of_node_put(np); sdram_ecc_addr = (unsigned long)sdram_addr + prv->ecc_en_ofst; arm_smccc_smc(INTEL_SIP_SMC_REG_READ, sdram_ecc_addr, -- 2.25.1

9 months, 4 weeks

2
1
0 0

[PATCH] wifi: ath12k: fix soft lockup on suspend

by Johan Hovold

The ext interrupts are enabled when the firmware has been started, but this may never happen, for example, if the board configuration file is missing. When the system is later suspended, the driver unconditionally tries to disable interrupts, which results in an irq disable imbalance and causes the driver to spin indefinitely in napi_synchronize(). Make sure that the interrupts have been enabled before attempting to disable them. Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: stable(a)vger.kernel.org # 6.3 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/net/wireless/ath/ath12k/pci.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath12k/pci.c b/drivers/net/wireless/ath/ath12k/pci.c index 16af046c33d9..55fde0d33183 100644 --- a/drivers/net/wireless/ath/ath12k/pci.c +++ b/drivers/net/wireless/ath/ath12k/pci.c @@ -472,7 +472,8 @@ static void __ath12k_pci_ext_irq_disable(struct ath12k_base *ab) { int i; - clear_bit(ATH12K_FLAG_EXT_IRQ_ENABLED, &ab->dev_flags); + if (!test_and_clear_bit(ATH12K_FLAG_EXT_IRQ_ENABLED, &ab->dev_flags)) + return; for (i = 0; i < ATH12K_EXT_IRQ_GRP_NUM_MAX; i++) { struct ath12k_ext_irq_grp *irq_grp = &ab->ext_irq_grp[i]; -- 2.44.1

9 months, 4 weeks

2
1
0 0

[PATCH] cxl: Fix possible null pointer dereference in read_handle()

by Ma Ke

In read_handle() of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: 14baf4d9c739 ("cxl: Add guest-specific code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/misc/cxl/of.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/cxl/of.c b/drivers/misc/cxl/of.c index bcc005dff1c0..d8dbb3723951 100644 --- a/drivers/misc/cxl/of.c +++ b/drivers/misc/cxl/of.c @@ -58,7 +58,7 @@ static int read_handle(struct device_node *np, u64 *handle) /* Get address and size of the node */ prop = of_get_address(np, 0, &size, NULL); - if (size) + if (!prop || size) return -EINVAL; /* Helper to read a big number; size is in cells (not bytes) */ -- 2.25.1

9 months, 4 weeks

3
2
0 0

[PATCH 2/3] perf/x86/intel: Add a distinct name for Granite Rapids

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> Currently, the Sapphire Rapids and Granite Rapids share the same PMU name, sapphire_rapids. Because from the kernel’s perspective, GNR is similar to SPR. The only key difference is that they support different extra MSRs. The code path and the PMU name are shared. However, from end users' perspective, they are quite different. Besides the extra MSRs, GNR has a newer PEBS format, supports Retire Latency, supports new CPUID enumeration architecture, doesn't required the load-latency AUX event, has additional TMA Level 1 Architectural Events, etc. The differences can be enumerated by CPUID or the PERF_CAPABILITIES MSR. They weren't reflected in the model-specific kernel setup. But it is worth to have a distinct PMU name for GNR. Fixes: a6742cb90b56 ("perf/x86/intel: Fix the FRONTEND encoding on GNR and MTL") Suggested-by: Ahmad Yasin <ahmad.yasin(a)intel.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/core.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index b61367991a16..7a9f931a1f48 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -6943,12 +6943,17 @@ __init int intel_pmu_init(void) case INTEL_EMERALDRAPIDS_X: x86_pmu.flags |= PMU_FL_MEM_LOADS_AUX; x86_pmu.extra_regs = intel_glc_extra_regs; + pr_cont("Sapphire Rapids events, "); + name = "sapphire_rapids"; fallthrough; case INTEL_GRANITERAPIDS_X: case INTEL_GRANITERAPIDS_D: intel_pmu_init_glc(NULL); - if (!x86_pmu.extra_regs) + if (!x86_pmu.extra_regs) { x86_pmu.extra_regs = intel_rwc_extra_regs; + pr_cont("Granite Rapids events, "); + name = "granite_rapids"; + } x86_pmu.pebs_ept = 1; x86_pmu.hw_config = hsw_hw_config; x86_pmu.get_event_constraints = glc_get_event_constraints; @@ -6959,8 +6964,6 @@ __init int intel_pmu_init(void) td_attr = glc_td_events_attrs; tsx_attr = glc_tsx_events_attrs; intel_pmu_pebs_data_source_skl(true); - pr_cont("Sapphire Rapids events, "); - name = "sapphire_rapids"; break; case INTEL_ALDERLAKE: -- 2.38.1

9 months, 4 weeks

4
3
0 0

WARNING&Oops in v6.6.37 on ppc64lea - Trying to vfree() bad address (00000000453be747)

by Vitaly Chikunov

Hi, There is new WARNING and Oops on ppc64le in v6.6.37 when running LTP tests: bpf_prog01, bpf_prog02, bpf_prog04, bpf_prog05, prctl04. Logs excerpt below. I see there is 1 commit in v6.6.36..v6.6.37 with call to bpf_jit_binary_pack_finalize, backported from 5 patch mainline patchset: f99feda5684a powerpc/bpf: use bpf_jit_binary_pack_[alloc|finalize|free] Log: [ 8.822079] LTP: starting bpf_prog01 [ 8.841853] ------------[ cut here ]------------ [ 8.841946] Trying to vfree() bad address (00000000453be747) [ 8.842024] WARNING: CPU: 6 PID: 689 at mm/vmalloc.c:2700 remove_vm_area+0xb4/0xf0 [ 8.842103] Modules linked in: virtio_rng rng_core virtio_net net_failover failover sd_mod ata_generic ata_piix libata scsi_mod scsi_common virtio_blk virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev 9pnet_virtio virtio_ring virtio 9p 9pnet netfs [ 8.842323] CPU: 6 PID: 689 Comm: bpf_prog01 Not tainted 6.6.37-un-def-alt1 #1 [ 8.842396] Hardware name: IBM pSeries (emulated by qemu) POWER8 (raw) 0x4d0200 0xf000004 of:SLOF,git-3a259d hv:linux,kvm pSeries [ 8.842519] NIP: c0000000004faf04 LR: c0000000004faf00 CTR: 0000000000000000 [ 8.842598] REGS: c000000009b6f250 TRAP: 0700 Not tainted (6.6.37-un-def-alt1) [ 8.842669] MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 28002822 XER: 00000000 [ 8.842748] CFAR: c00000000015df94 IRQMASK: 0 [ 8.842748] GPR00: 0000000000000000 c000000009b6f4f0 c000000001ac7f00 0000000000000000 [ 8.842748] GPR04: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 8.842748] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 8.842748] GPR12: 0000000000000000 c00000003fff7a00 0000000000000000 0000000000000000 [ 8.842748] GPR16: 0000000000000012 0000000000000000 000000000000008c 0000000000000000 [ 8.842748] GPR20: c008000000040a40 0000000000000002 c0000000022a7560 c008000000040a4c [ 8.842748] GPR24: c000000005716480 0000000000000000 c000000002155698 c0000000022a7680 [ 8.842748] GPR28: c000000002155688 c008000000040a40 c008000000040a40 c008000000040a40 [ 8.843347] NIP [c0000000004faf04] remove_vm_area+0xb4/0xf0 [ 8.843398] LR [c0000000004faf00] remove_vm_area+0xb0/0xf0 [ 8.843448] Call Trace: [ 8.843484] [c000000009b6f4f0] [c0000000004faf00] remove_vm_area+0xb0/0xf0 (unreliable) [ 8.843559] [c000000009b6f560] [c0000000004fb360] vfree+0x60/0x2a0 [ 8.843621] [c000000009b6f5e0] [c000000000269c6c] module_memfree+0x3c/0x60 [ 8.843685] [c000000009b6f600] [c00000000038cf60] bpf_jit_free_exec+0x20/0x40 [ 8.843759] [c000000009b6f620] [c00000000038f518] bpf_prog_pack_free+0x2f8/0x390 [ 8.843832] [c000000009b6f6b0] [c00000000038f878] bpf_jit_binary_pack_finalize+0x98/0xd0 [ 8.843906] [c000000009b6f6e0] [c000000000118240] bpf_int_jit_compile+0x2c0/0x710 [ 8.843979] [c000000009b6f830] [c00000000038ef64] bpf_prog_select_runtime+0x154/0x1b0 [ 8.844053] [c000000009b6f880] [c000000000398edc] bpf_prog_load+0x94c/0xe90 [ 8.844114] [c000000009b6f990] [c00000000039c878] __sys_bpf+0x418/0x2970 [ 8.844176] [c000000009b6fac0] [c00000000039f1a0] sys_bpf+0x30/0x50 [ 8.844237] [c000000009b6fae0] [c000000000030230] system_call_exception+0x190/0x390 [ 8.844312] [c000000009b6fe50] [c00000000000c7d4] system_call_common+0xf4/0x258 [ 8.844386] --- interrupt: c00 at 0x7fffb0839ad4 [ 8.844437] NIP: 00007fffb0839ad4 LR: 000000012a027fb4 CTR: 0000000000000000 [ 8.844524] REGS: c000000009b6fe80 TRAP: 0c00 Not tainted (6.6.37-un-def-alt1) [ 8.844596] MSR: 800000000280f033 <SF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE> CR: 22002240 XER: 00000000 [ 8.844690] IRQMASK: 0 [ 8.844690] GPR00: 0000000000000169 00007fffd8534200 00007fffb0936d00 0000000000000005 [ 8.844690] GPR04: 00007fffb06aff90 0000000000000070 000000012a0538a0 0000000000000001 [ 8.844690] GPR08: 000000012a0801f4 0000000000000000 0000000000000000 0000000000000000 [ 8.844690] GPR12: 0000000000000000 00007fffb09ea540 0000000000000000 0000000000000000 [ 8.844690] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 8.844690] GPR20: 00007fffd85344b0 0000000000000000 0000000000000001 0000000000000000 [ 8.844690] GPR24: 000000012a0801f4 00007fffb06ce000 0000000000000000 00000000000f4240 [ 8.844690] GPR28: 00007fffb06aff90 00007fffb09e3550 0000000000000001 0000000000001118 [ 8.845267] NIP [00007fffb0839ad4] 0x7fffb0839ad4 [ 8.845315] LR [000000012a027fb4] 0x12a027fb4 [ 8.845363] --- interrupt: c00 [ 8.845399] Code: 38000000 38800000 39200000 4e800020 60000000 60000000 60420000 3c62ffa2 7fe4fb78 3863e698 4bc62f8d 60000000 <0fe00000> 38210070 3bc00000 e8010010 [ 8.845550] ---[ end trace 0000000000000000 ]--- [ 8.845603] ------------[ cut here ]------------ [ 8.845651] Trying to vfree() nonexistent vm area (00000000453be747) [ 8.845714] WARNING: CPU: 6 PID: 689 at mm/vmalloc.c:2835 vfree+0x1d8/0x2a0 [ 8.845776] Modules linked in: virtio_rng rng_core virtio_net net_failover failover sd_mod ata_generic ata_piix libata scsi_mod scsi_common virtio_blk virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev 9pnet_virtio virtio_ring virtio 9p 9pnet netfs [ 8.845989] CPU: 6 PID: 689 Comm: bpf_prog01 Tainted: G W 6.6.37-un-def-alt1 #1 [ 8.846072] Hardware name: IBM pSeries (emulated by qemu) POWER8 (raw) 0x4d0200 0xf000004 of:SLOF,git-3a259d hv:linux,kvm pSeries [ 8.846177] NIP: c0000000004fb4d8 LR: c0000000004fb4d4 CTR: 0000000000000000 [ 8.846248] REGS: c000000009b6f2c0 TRAP: 0700 Tainted: G W (6.6.37-un-def-alt1) [ 8.846330] MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 28002222 XER: 00000000 [ 8.846408] CFAR: c00000000015df94 IRQMASK: 0 [ 8.846408] GPR00: 0000000000000000 c000000009b6f560 c000000001ac7f00 0000000000000000 [ 8.846408] GPR04: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 8.846408] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 8.846408] GPR12: 0000000000000000 c00000003fff7a00 0000000000000000 0000000000000000 [ 8.846408] GPR16: 0000000000000012 0000000000000000 000000000000008c 0000000000000000 [ 8.846408] GPR20: c008000000040a40 0000000000000002 c0000000022a7560 c008000000040a4c [ 8.846408] GPR24: c000000005716480 0000000000000000 c000000002155698 c0000000022a7680 [ 8.846408] GPR28: c000000002155688 0000000000000000 c008000000040a40 0000000000000000 [ 8.851030] NIP [c0000000004fb4d8] vfree+0x1d8/0x2a0 [ 8.851085] LR [c0000000004fb4d4] vfree+0x1d4/0x2a0 [ 8.851135] Call Trace: [ 8.851160] [c000000009b6f560] [c0000000004fb4d4] vfree+0x1d4/0x2a0 (unreliable) [ 8.851234] [c000000009b6f5e0] [c000000000269c6c] module_memfree+0x3c/0x60 [ 8.851297] [c000000009b6f600] [c00000000038cf60] bpf_jit_free_exec+0x20/0x40 [ 8.851371] [c000000009b6f620] [c00000000038f518] bpf_prog_pack_free+0x2f8/0x390 [ 8.851445] [c000000009b6f6b0] [c00000000038f878] bpf_jit_binary_pack_finalize+0x98/0xd0 [ 8.851529] [c000000009b6f6e0] [c000000000118240] bpf_int_jit_compile+0x2c0/0x710 [ 8.851602] [c000000009b6f830] [c00000000038ef64] bpf_prog_select_runtime+0x154/0x1b0 [ 8.851675] [c000000009b6f880] [c000000000398edc] bpf_prog_load+0x94c/0xe90 [ 8.851737] [c000000009b6f990] [c00000000039c878] __sys_bpf+0x418/0x2970 [ 8.851798] [c000000009b6fac0] [c00000000039f1a0] sys_bpf+0x30/0x50 [ 8.851860] [c000000009b6fae0] [c000000000030230] system_call_exception+0x190/0x390 [ 8.851934] [c000000009b6fe50] [c00000000000c7d4] system_call_common+0xf4/0x258 [ 8.852007] --- interrupt: c00 at 0x7fffb0839ad4 [ 8.852057] NIP: 00007fffb0839ad4 LR: 000000012a027fb4 CTR: 0000000000000000 [ 8.852128] REGS: c000000009b6fe80 TRAP: 0c00 Tainted: G W (6.6.37-un-def-alt1) [ 8.852212] MSR: 800000000280f033 <SF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE> CR: 22002240 XER: 00000000 [ 8.852307] IRQMASK: 0 [ 8.852307] GPR00: 0000000000000169 00007fffd8534200 00007fffb0936d00 0000000000000005 [ 8.852307] GPR04: 00007fffb06aff90 0000000000000070 000000012a0538a0 0000000000000001 [ 8.852307] GPR08: 000000012a0801f4 0000000000000000 0000000000000000 0000000000000000 [ 8.852307] GPR12: 0000000000000000 00007fffb09ea540 0000000000000000 0000000000000000 [ 8.852307] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 8.852307] GPR20: 00007fffd85344b0 0000000000000000 0000000000000001 0000000000000000 [ 8.852307] GPR24: 000000012a0801f4 00007fffb06ce000 0000000000000000 00000000000f4240 [ 8.852307] GPR28: 00007fffb06aff90 00007fffb09e3550 0000000000000001 0000000000001118 [ 8.852889] NIP [00007fffb0839ad4] 0x7fffb0839ad4 [ 8.852938] LR [000000012a027fb4] 0x12a027fb4 [ 8.852986] --- interrupt: c00 [ 8.853022] Code: 4e800020 60420000 3949ffff 4bffff0c 38210080 ebe1fff8 4bfffd68 3c62ffa2 7fc4f378 3863e6f0 4bc629b9 60000000 <0fe00000> eba10068 4bffff8c 2c080000 [ 8.853164] ---[ end trace 0000000000000000 ]--- [ 8.856619] kernel tried to execute exec-protected page (c008000000040a4c) - exploit attempt? (uid: 0) [ 8.856717] BUG: Unable to handle kernel instruction fetch [ 8.856763] Faulting instruction address: 0xc008000000040a4c [ 8.856825] Oops: Kernel access of bad area, sig: 11 [#1] [ 8.856875] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries [ 8.856937] Modules linked in: virtio_rng rng_core virtio_net net_failover failover sd_mod ata_generic ata_piix libata scsi_mod scsi_common virtio_blk virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev 9pnet_virtio virtio_ring virtio 9p 9pnet netfs [ 8.857154] CPU: 6 PID: 689 Comm: bpf_prog01 Tainted: G W 6.6.37-un-def-alt1 #1 [ 8.857236] Hardware name: IBM pSeries (emulated by qemu) POWER8 (raw) 0x4d0200 0xf000004 of:SLOF,git-3a259d hv:linux,kvm pSeries [ 8.857342] NIP: c008000000040a4c LR: c000000000ed25d0 CTR: c008000000040a4c [ 8.857413] REGS: c000000009b6f6f0 TRAP: 0400 Tainted: G W (6.6.37-un-def-alt1) [ 8.857510] MSR: 8000000010009033 <SF,EE,ME,IR,DR,RI,LE> CR: 28008286 XER: 00000000 [ 8.857588] CFAR: c000000000ed25cc IRQMASK: 0 [ 8.857588] GPR00: c000000000ed25a8 c000000009b6f990 c000000001ac7f00 c000000006130400 [ 8.857588] GPR04: c008000000920048 0000000000000001 0000000000000000 0000000000000000 [ 8.857588] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 8.857588] GPR12: c008000000040a4c c00000003fff7a00 0000000000000000 0000000000000000 [ 8.857588] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 8.857588] GPR20: 7fffffffffffffff 0000000000000000 0000000000000001 0000000000000000 [ 8.857588] GPR24: c000000006130400 c000000006510a00 c000000006510f00 c0000000041a9000 [ 8.857588] GPR28: 0000000000000001 c000000006130400 0000000000000000 c008000000920000 [ 8.858184] NIP [c008000000040a4c] bpf_prog_2fb4fda3a3499517+0x0/0x8c [ 8.858245] LR [c000000000ed25d0] sk_filter_trim_cap+0xc0/0x370 [ 8.858308] Call Trace: [ 8.858333] [c000000009b6f990] [c000000000ed2574] sk_filter_trim_cap+0x64/0x370 (unreliable) [ 8.858421] [c000000009b6fa10] [c000000001068b64] unix_dgram_sendmsg+0x214/0xb10 [ 8.858511] [c000000009b6fad0] [c000000000e4c59c] sock_write_iter+0x19c/0x1e0 [ 8.858586] [c000000009b6fb80] [c0000000005b1b58] vfs_write+0x258/0x4e0 [ 8.858648] [c000000009b6fc40] [c0000000005b21d4] ksys_write+0x114/0x170 [ 8.858711] [c000000009b6fc90] [c000000000030230] system_call_exception+0x190/0x390 [ 8.858785] [c000000009b6fe50] [c00000000000c7d4] system_call_common+0xf4/0x258 [ 8.858859] --- interrupt: c00 at 0x7fffb082b884 [ 8.858908] NIP: 00007fffb082b884 LR: 000000012a02ab70 CTR: 0000000000000000 [ 8.858979] REGS: c000000009b6fe80 TRAP: 0c00 Tainted: G W (6.6.37-un-def-alt1) [ 8.859060] MSR: 800000000280f033 <SF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE> CR: 28002281 XER: 00000000 [ 8.859153] IRQMASK: 0 [ 8.859153] GPR00: 0000000000000004 00007fffd85341f0 00007fffb0936d00 0000000000000005 [ 8.859153] GPR04: 00007fffb068fffa 0000000000000006 0000000000000001 0000000000000005 [ 8.859153] GPR08: 00007fffb068fffa 0000000000000000 0000000000000000 0000000000000000 [ 8.859153] GPR12: 0000000000000000 00007fffb09ea540 0000000000000000 0000000000000000 [ 8.859153] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 8.859153] GPR20: 00007fffd85344b0 0000000000000000 0000000000000001 0000000000000000 [ 8.859153] GPR24: 000000012a053698 000000000000008b 0000000000000000 0000000000000001 [ 8.859153] GPR28: 00007fffb068fffa 0000000000000005 0000000000000006 000000012a053698 [ 8.859738] NIP [00007fffb082b884] 0x7fffb082b884 [ 8.859786] LR [000000012a02ab70] 0x12a02ab70 [ 8.859836] --- interrupt: c00 [ 8.859872] Code: 7fe00008 7fe00008 7fe00008 7fe00008 7fe00008 7fe00008 7fe00008 7fe00008 7fe00008 7fe00008 7fe00008 7fe00008 <7fe00008> 7fe00008 7fe00008 7fe00008 [ 8.860013] ---[ end trace 0000000000000000 ]--- [ 8.863088] pstore: backend (nvram) writing error (-1) [ 8.863141] [ 8.863166] note: bpf_prog01[689] exited with irqs disabled And so on. Temporary build/test log is at https://git.altlinux.org/tasks/352218/build/100/ppc64le/log Other stable/longterm branches or other architectures does not exhibit this. Thanks,

9 months, 4 weeks

5
6
0 0

Re: Patch "igc: fix a log entry using uninitialized netdev" has been added to the 6.9-stable tree

by Corinna Vinschen

Hi Sasha, my patch should not go into the stable branches. Under certain circumstances it triggered kernel crashes. Consequentially this patch has been reverted in the main development branch: 8eef5c3cea65 Revert "igc: fix a log entry using uninitialized netdev" So I suggest to remove my patch 86167183a17e from the stable branches or apply 8eef5c3cea65 as well. Sorry and thanks, Corinna On Jul 5 15:29, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > igc: fix a log entry using uninitialized netdev > > to the 6.9-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > igc-fix-a-log-entry-using-uninitialized-netdev.patch > and it can be found in the queue-6.9 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit ee112b3c8929ec718b444134db87e1c585eb7d70 > Author: Corinna Vinschen <vinschen(a)redhat.com> > Date: Tue Apr 23 12:24:54 2024 +0200 > > igc: fix a log entry using uninitialized netdev > > [ Upstream commit 86167183a17e03ec77198897975e9fdfbd53cb0b ] > > During successful probe, igc logs this: > > [ 5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > The reason is that igc_ptp_init() is called very early, even before > register_netdev() has been called. So the netdev_info() call works > on a partially uninitialized netdev. > > Fix this by calling igc_ptp_init() after register_netdev(), right > after the media autosense check, just as in igb. Add a comment, > just as in igb. > > Now the log message is fine: > > [ 5.200987] igc 0000:01:00.0 eth0: PHC added > > Signed-off-by: Corinna Vinschen <vinschen(a)redhat.com> > Reviewed-by: Hariprasad Kelam <hkelam(a)marvell.com> > Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> > Tested-by: Naama Meir <naamax.meir(a)linux.intel.com> > Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/net/ethernet/intel/igc/igc_main.c b/drivers/net/ethernet/intel/igc/igc_main.c > index 58bc96021bb4c..07feb951be749 100644 > --- a/drivers/net/ethernet/intel/igc/igc_main.c > +++ b/drivers/net/ethernet/intel/igc/igc_main.c > @@ -6932,8 +6932,6 @@ static int igc_probe(struct pci_dev *pdev, > device_set_wakeup_enable(&adapter->pdev->dev, > adapter->flags & IGC_FLAG_WOL_SUPPORTED); > > - igc_ptp_init(adapter); > - > igc_tsn_clear_schedule(adapter); > > /* reset the hardware with the new settings */ > @@ -6955,6 +6953,9 @@ static int igc_probe(struct pci_dev *pdev, > /* Check if Media Autosense is enabled */ > adapter->ei = *ei; > > + /* do hw tstamp init after resetting */ > + igc_ptp_init(adapter); > + > /* print pcie link status and MAC address */ > pcie_print_link_status(pdev); > netdev_info(netdev, "MAC: %pM\n", netdev->dev_addr);

9 months, 4 weeks

2
2
0 0

[tip: perf/core] task_work: s/task_work_cancel()/task_work_cancel_func()/

by tip-bot2 for Frederic Weisbecker

The following commit has been merged into the perf/core branch of tip: Commit-ID: 68cbd415dd4b9c5b9df69f0f091879e56bf5907a Gitweb: https://git.kernel.org/tip/68cbd415dd4b9c5b9df69f0f091879e56bf5907a Author: Frederic Weisbecker <frederic(a)kernel.org> AuthorDate: Fri, 21 Jun 2024 11:15:58 +02:00 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Tue, 09 Jul 2024 13:26:31 +02:00 task_work: s/task_work_cancel()/task_work_cancel_func()/ A proper task_work_cancel() API that actually cancels a callback and not *any* callback pointing to a given function is going to be needed for perf events event freeing. Do the appropriate rename to prepare for that. Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240621091601.18227-2-frederic@kernel.org --- include/linux/task_work.h | 2 +- kernel/irq/manage.c | 2 +- kernel/task_work.c | 10 +++++----- security/keys/keyctl.c | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/linux/task_work.h b/include/linux/task_work.h index 795ef5a..23ab01a 100644 --- a/include/linux/task_work.h +++ b/include/linux/task_work.h @@ -30,7 +30,7 @@ int task_work_add(struct task_struct *task, struct callback_head *twork, struct callback_head *task_work_cancel_match(struct task_struct *task, bool (*match)(struct callback_head *, void *data), void *data); -struct callback_head *task_work_cancel(struct task_struct *, task_work_func_t); +struct callback_head *task_work_cancel_func(struct task_struct *, task_work_func_t); void task_work_run(void); static inline void exit_task_work(struct task_struct *task) diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c index 71b0fc2..dd53298 100644 --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -1337,7 +1337,7 @@ static int irq_thread(void *data) * synchronize_hardirq(). So neither IRQTF_RUNTHREAD nor the * oneshot mask bit can be set. */ - task_work_cancel(current, irq_thread_dtor); + task_work_cancel_func(current, irq_thread_dtor); return 0; } diff --git a/kernel/task_work.c b/kernel/task_work.c index 95a7e1b..54ac240 100644 --- a/kernel/task_work.c +++ b/kernel/task_work.c @@ -120,9 +120,9 @@ static bool task_work_func_match(struct callback_head *cb, void *data) } /** - * task_work_cancel - cancel a pending work added by task_work_add() - * @task: the task which should execute the work - * @func: identifies the work to remove + * task_work_cancel_func - cancel a pending work matching a function added by task_work_add() + * @task: the task which should execute the func's work + * @func: identifies the func to match with a work to remove * * Find the last queued pending work with ->func == @func and remove * it from queue. @@ -131,7 +131,7 @@ static bool task_work_func_match(struct callback_head *cb, void *data) * The found work or NULL if not found. */ struct callback_head * -task_work_cancel(struct task_struct *task, task_work_func_t func) +task_work_cancel_func(struct task_struct *task, task_work_func_t func) { return task_work_cancel_match(task, task_work_func_match, func); } @@ -168,7 +168,7 @@ void task_work_run(void) if (!work) break; /* - * Synchronize with task_work_cancel(). It can not remove + * Synchronize with task_work_cancel_match(). It can not remove * the first entry == work, cmpxchg(task_works) must fail. * But it can remove another entry from the ->next list. */ diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 4bc3e93..ab927a1 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1694,7 +1694,7 @@ long keyctl_session_to_parent(void) goto unlock; /* cancel an already pending keyring replacement */ - oldwork = task_work_cancel(parent, key_change_session_keyring); + oldwork = task_work_cancel_func(parent, key_change_session_keyring); /* the replacement session keyring is applied just prior to userspace * restarting */

9 months, 4 weeks

1
0
0 0

[tip: perf/core] perf: Fix event leak upon exit

by tip-bot2 for Frederic Weisbecker

The following commit has been merged into the perf/core branch of tip: Commit-ID: 2fd5ad3f310de22836cdacae919dd99d758a1f1b Gitweb: https://git.kernel.org/tip/2fd5ad3f310de22836cdacae919dd99d758a1f1b Author: Frederic Weisbecker <frederic(a)kernel.org> AuthorDate: Fri, 21 Jun 2024 11:16:00 +02:00 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Tue, 09 Jul 2024 13:26:33 +02:00 perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferred to the target task upon resume to userspace via task_work. However failures while adding an event's callback to the task_work engine are ignored. And since the last call for events exit happen after task work is eventually closed, there is a small window during which pending sigtrap can be queued though ignored, leaking the event refcount addition such as in the following scenario: TASK A ----- do_exit() exit_task_work(tsk); <IRQ> perf_event_overflow() event->pending_sigtrap = pending_id; irq_work_queue(&event->pending_irq); </IRQ> =========> PREEMPTION: TASK A -> TASK B event_sched_out() event->pending_sigtrap = 0; atomic_long_inc_not_zero(&event->refcount) // FAILS: task work has exited task_work_add(&event->pending_task) [...] <IRQ WORK> perf_pending_irq() // early return: event->oncpu = -1 </IRQ WORK> [...] =========> TASK B -> TASK A perf_event_exit_task(tsk) perf_event_exit_event() free_event() WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1) // leak event due to unexpected refcount == 2 As a result the event is never released while the task exits. Fix this with appropriate task_work_add()'s error handling. Fixes: 517e6a301f34 ("perf: Fix perf_pending_task() UaF") Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240621091601.18227-4-frederic@kernel.org --- kernel/events/core.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index 51ce436..576400d 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -2284,18 +2284,15 @@ event_sched_out(struct perf_event *event, struct perf_event_context *ctx) } if (event->pending_sigtrap) { - bool dec = true; - event->pending_sigtrap = 0; if (state != PERF_EVENT_STATE_OFF && - !event->pending_work) { - event->pending_work = 1; - dec = false; + !event->pending_work && + !task_work_add(current, &event->pending_task, TWA_RESUME)) { WARN_ON_ONCE(!atomic_long_inc_not_zero(&event->refcount)); - task_work_add(current, &event->pending_task, TWA_RESUME); - } - if (dec) + event->pending_work = 1; + } else { local_dec(&event->ctx->nr_pending); + } } perf_event_set_state(event, state);

9 months, 4 weeks

1
0
0 0

[tip: perf/core] task_work: Introduce task_work_cancel() again

by tip-bot2 for Frederic Weisbecker

The following commit has been merged into the perf/core branch of tip: Commit-ID: f409530e4db9dd11b88cb7703c97c8f326ff6566 Gitweb: https://git.kernel.org/tip/f409530e4db9dd11b88cb7703c97c8f326ff6566 Author: Frederic Weisbecker <frederic(a)kernel.org> AuthorDate: Fri, 21 Jun 2024 11:15:59 +02:00 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Tue, 09 Jul 2024 13:26:32 +02:00 task_work: Introduce task_work_cancel() again Re-introduce task_work_cancel(), this time to cancel an actual callback and not *any* callback pointing to a given function. This is going to be needed for perf events event freeing. Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240621091601.18227-3-frederic@kernel.org --- include/linux/task_work.h | 1 + kernel/task_work.c | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/include/linux/task_work.h b/include/linux/task_work.h index 23ab01a..26b8a47 100644 --- a/include/linux/task_work.h +++ b/include/linux/task_work.h @@ -31,6 +31,7 @@ int task_work_add(struct task_struct *task, struct callback_head *twork, struct callback_head *task_work_cancel_match(struct task_struct *task, bool (*match)(struct callback_head *, void *data), void *data); struct callback_head *task_work_cancel_func(struct task_struct *, task_work_func_t); +bool task_work_cancel(struct task_struct *task, struct callback_head *cb); void task_work_run(void); static inline void exit_task_work(struct task_struct *task) diff --git a/kernel/task_work.c b/kernel/task_work.c index 54ac240..2134ac8 100644 --- a/kernel/task_work.c +++ b/kernel/task_work.c @@ -136,6 +136,30 @@ task_work_cancel_func(struct task_struct *task, task_work_func_t func) return task_work_cancel_match(task, task_work_func_match, func); } +static bool task_work_match(struct callback_head *cb, void *data) +{ + return cb == data; +} + +/** + * task_work_cancel - cancel a pending work added by task_work_add() + * @task: the task which should execute the work + * @cb: the callback to remove if queued + * + * Remove a callback from a task's queue if queued. + * + * RETURNS: + * True if the callback was queued and got cancelled, false otherwise. + */ +bool task_work_cancel(struct task_struct *task, struct callback_head *cb) +{ + struct callback_head *ret; + + ret = task_work_cancel_match(task, task_work_match, cb); + + return ret == cb; +} + /** * task_work_run - execute the works added by task_work_add() *

9 months, 4 weeks

1
0
0 0

[tip: perf/core] perf: Fix event leak upon exec and file release

by tip-bot2 for Frederic Weisbecker

The following commit has been merged into the perf/core branch of tip: Commit-ID: 3a5465418f5fd970e86a86c7f4075be262682840 Gitweb: https://git.kernel.org/tip/3a5465418f5fd970e86a86c7f4075be262682840 Author: Frederic Weisbecker <frederic(a)kernel.org> AuthorDate: Fri, 21 Jun 2024 11:16:01 +02:00 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Tue, 09 Jul 2024 13:26:33 +02:00 perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via free_event() directly, this can potentially result in a leaked event, such as in the following scenario that doesn't even require a weak IRQ work implementation to trigger: schedule() prepare_task_switch() =======> <NMI> perf_event_overflow() event->pending_sigtrap = ... irq_work_queue(&event->pending_irq) <======= </NMI> perf_event_task_sched_out() event_sched_out() event->pending_sigtrap = 0; atomic_long_inc_not_zero(&event->refcount) task_work_add(&event->pending_task) finish_lock_switch() =======> <IRQ> perf_pending_irq() //do nothing, rely on pending task work <======= </IRQ> begin_new_exec() perf_event_exit_task() perf_event_exit_event() // If is child event free_event() WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1) // event is leaked Similar scenarios can also happen with perf_event_remove_on_exec() or simply against concurrent perf_event_release(). Fix this with synchonizing against the possibly remaining pending task work while freeing the event, just like is done with remaining pending IRQ work. This means that the pending task callback neither need nor should hold a reference to the event, preventing it from ever beeing freed. Fixes: 517e6a301f34 ("perf: Fix perf_pending_task() UaF") Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240621091601.18227-5-frederic@kernel.org --- include/linux/perf_event.h | 1 +- kernel/events/core.c | 38 +++++++++++++++++++++++++++++++++---- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index a5304ae..393fb13 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h @@ -786,6 +786,7 @@ struct perf_event { struct irq_work pending_irq; struct callback_head pending_task; unsigned int pending_work; + struct rcuwait pending_work_wait; atomic_t event_limit; diff --git a/kernel/events/core.c b/kernel/events/core.c index 576400d..32c7996 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -2288,7 +2288,6 @@ event_sched_out(struct perf_event *event, struct perf_event_context *ctx) if (state != PERF_EVENT_STATE_OFF && !event->pending_work && !task_work_add(current, &event->pending_task, TWA_RESUME)) { - WARN_ON_ONCE(!atomic_long_inc_not_zero(&event->refcount)); event->pending_work = 1; } else { local_dec(&event->ctx->nr_pending); @@ -5203,9 +5202,35 @@ static bool exclusive_event_installable(struct perf_event *event, static void perf_addr_filters_splice(struct perf_event *event, struct list_head *head); +static void perf_pending_task_sync(struct perf_event *event) +{ + struct callback_head *head = &event->pending_task; + + if (!event->pending_work) + return; + /* + * If the task is queued to the current task's queue, we + * obviously can't wait for it to complete. Simply cancel it. + */ + if (task_work_cancel(current, head)) { + event->pending_work = 0; + local_dec(&event->ctx->nr_pending); + return; + } + + /* + * All accesses related to the event are within the same + * non-preemptible section in perf_pending_task(). The RCU + * grace period before the event is freed will make sure all + * those accesses are complete by then. + */ + rcuwait_wait_event(&event->pending_work_wait, !event->pending_work, TASK_UNINTERRUPTIBLE); +} + static void _free_event(struct perf_event *event) { irq_work_sync(&event->pending_irq); + perf_pending_task_sync(event); unaccount_event(event); @@ -6818,23 +6843,27 @@ static void perf_pending_task(struct callback_head *head) int rctx; /* + * All accesses to the event must belong to the same implicit RCU read-side + * critical section as the ->pending_work reset. See comment in + * perf_pending_task_sync(). + */ + preempt_disable_notrace(); + /* * If we 'fail' here, that's OK, it means recursion is already disabled * and we won't recurse 'further'. */ - preempt_disable_notrace(); rctx = perf_swevent_get_recursion_context(); if (event->pending_work) { event->pending_work = 0; perf_sigtrap(event); local_dec(&event->ctx->nr_pending); + rcuwait_wake_up(&event->pending_work_wait); } if (rctx >= 0) perf_swevent_put_recursion_context(rctx); preempt_enable_notrace(); - - put_event(event); } #ifdef CONFIG_GUEST_PERF_EVENTS @@ -11948,6 +11977,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, init_waitqueue_head(&event->waitq); init_irq_work(&event->pending_irq, perf_pending_irq); init_task_work(&event->pending_task, perf_pending_task); + rcuwait_init(&event->pending_work_wait); mutex_init(&event->mmap_mutex); raw_spin_lock_init(&event->addr_filters.lock);

9 months, 4 weeks

1
0
0 0

[PATCH 3/3] perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> A non-0 retire latency can be observed on a Raptorlake which doesn't support the retire latency feature. By design, the retire latency shares the PERF_SAMPLE_WEIGHT_STRUCT sample type with other types of latency. That could avoid adding too many different sample types to support all kinds of latency. For the machine which doesn't support some kind of latency, 0 should be returned. Perf doesn’t clear/init all the fields of a sample data for the sake of performance. It expects the later perf_{prepare,output}_sample() to update the uninitialized field. However, the current implementation doesn't touch the field of the retire latency if the feature is not supported. The memory garbage is dumped into the perf data. Clear the retire latency if the feature is not supported. Fixes: c87a31093c70 ("perf/x86: Support Retire Latency") Reported-by: "Bayduraev, Alexey V" <alexey.v.bayduraev(a)intel.com> Tested-by: "Bayduraev, Alexey V" <alexey.v.bayduraev(a)intel.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/ds.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index b9cc520b2942..fa5ea65de0d0 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -1944,8 +1944,12 @@ static void setup_pebs_adaptive_sample_data(struct perf_event *event, set_linear_ip(regs, basic->ip); regs->flags = PERF_EFLAGS_EXACT; - if ((sample_type & PERF_SAMPLE_WEIGHT_STRUCT) && (x86_pmu.flags & PMU_FL_RETIRE_LATENCY)) - data->weight.var3_w = format_size >> PEBS_RETIRE_LATENCY_OFFSET & PEBS_LATENCY_MASK; + if (sample_type & PERF_SAMPLE_WEIGHT_STRUCT) { + if (x86_pmu.flags & PMU_FL_RETIRE_LATENCY) + data->weight.var3_w = format_size >> PEBS_RETIRE_LATENCY_OFFSET & PEBS_LATENCY_MASK; + else + data->weight.var3_w = 0; + } /* * The record for MEMINFO is in front of GP -- 2.38.1

9 months, 4 weeks

2
1
0 0

[RESEND PATCH] perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The perf stat errors out with UNC_CHA_TOR_INSERTS.IA_HIT_CXL_ACC_LOCAL event. $perf stat -e uncore_cha_55/event=0x35,umask=0x10c0008101/ -a -- ls event syntax error: '..0x35,umask=0x10c0008101/' \___ Bad event or PMU The definition of the CHA umask is config:8-15,32-55, which is 32bit. However, the umask of the event is bigger than 32bit. This is an error in the original uncore spec. Add a new umask_ext5 for the new CHA umask range. Fixes: 949b11381f81 ("perf/x86/intel/uncore: Add Sapphire Rapids server CHA support") Closes: https://lore.kernel.org/linux-perf-users/alpine.LRH.2.20.2401300733310.1135… Reviewed-by: Ian Rogers <irogers(a)google.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/uncore_snbep.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c index a96496bef678..7924f315269a 100644 --- a/arch/x86/events/intel/uncore_snbep.c +++ b/arch/x86/events/intel/uncore_snbep.c @@ -461,6 +461,7 @@ #define SPR_UBOX_DID 0x3250 /* SPR CHA */ +#define SPR_CHA_EVENT_MASK_EXT 0xffffffff #define SPR_CHA_PMON_CTL_TID_EN (1 << 16) #define SPR_CHA_PMON_EVENT_MASK (SNBEP_PMON_RAW_EVENT_MASK | \ SPR_CHA_PMON_CTL_TID_EN) @@ -477,6 +478,7 @@ DEFINE_UNCORE_FORMAT_ATTR(umask_ext, umask, "config:8-15,32-43,45-55"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext2, umask, "config:8-15,32-57"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext3, umask, "config:8-15,32-39"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext4, umask, "config:8-15,32-55"); +DEFINE_UNCORE_FORMAT_ATTR(umask_ext5, umask, "config:8-15,32-63"); DEFINE_UNCORE_FORMAT_ATTR(qor, qor, "config:16"); DEFINE_UNCORE_FORMAT_ATTR(edge, edge, "config:18"); DEFINE_UNCORE_FORMAT_ATTR(tid_en, tid_en, "config:19"); @@ -5957,7 +5959,7 @@ static struct intel_uncore_ops spr_uncore_chabox_ops = { static struct attribute *spr_uncore_cha_formats_attr[] = { &format_attr_event.attr, - &format_attr_umask_ext4.attr, + &format_attr_umask_ext5.attr, &format_attr_tid_en2.attr, &format_attr_edge.attr, &format_attr_inv.attr, @@ -5993,7 +5995,7 @@ ATTRIBUTE_GROUPS(uncore_alias); static struct intel_uncore_type spr_uncore_chabox = { .name = "cha", .event_mask = SPR_CHA_PMON_EVENT_MASK, - .event_mask_ext = SPR_RAW_EVENT_MASK_EXT, + .event_mask_ext = SPR_CHA_EVENT_MASK_EXT, .num_shared_regs = 1, .constraints = skx_uncore_chabox_constraints, .ops = &spr_uncore_chabox_ops, -- 2.35.1

9 months, 4 weeks

2
1
0 0

[PATCH v2] pmdomain: qcom: rpmhpd: Skip retention level for Power Domains

by Taniya Das

In the cases where the power domain connected to logics is allowed to transition from a level(L)-->power collapse(0)-->retention(1) or vice versa retention(1)-->power collapse(0)-->level(L) will cause the logic to lose the configurations. The ARC does not support retention to collapse transition on MxC rails. The targets from SM8450 onwards the PLL logics of clock controllers are connected to MxC rails and the recommended configurations are carried out during the clock controller probes. The MxC transition as mentioned above should be skipped to ensure the PLL settings are intact across clock controller power on & off. On older targets that do not split MX into MxA and MxC does not collapse the logic and it is parked always at RETENTION, thus this issue is never observed on those targets. Cc: stable(a)vger.kernel.org # v5.17 Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Taniya Das <quic_tdas(a)quicinc.com> --- [Changes in v2]: Incorporate the comments in the commit text. --- drivers/pmdomain/qcom/rpmhpd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/pmdomain/qcom/rpmhpd.c b/drivers/pmdomain/qcom/rpmhpd.c index de9121ef4216..d2cb4271a1ca 100644 --- a/drivers/pmdomain/qcom/rpmhpd.c +++ b/drivers/pmdomain/qcom/rpmhpd.c @@ -40,6 +40,7 @@ * @addr: Resource address as looped up using resource name from * cmd-db * @state_synced: Indicator that sync_state has been invoked for the rpmhpd resource + * @skip_retention_level: Indicate that retention level should not be used for the power domain */ struct rpmhpd { struct device *dev; @@ -56,6 +57,7 @@ struct rpmhpd { const char *res_name; u32 addr; bool state_synced; + bool skip_retention_level; }; struct rpmhpd_desc { @@ -173,6 +175,7 @@ static struct rpmhpd mxc = { .pd = { .name = "mxc", }, .peer = &mxc_ao, .res_name = "mxc.lvl", + .skip_retention_level = true, }; static struct rpmhpd mxc_ao = { @@ -180,6 +183,7 @@ static struct rpmhpd mxc_ao = { .active_only = true, .peer = &mxc, .res_name = "mxc.lvl", + .skip_retention_level = true, }; static struct rpmhpd nsp = { @@ -819,6 +823,9 @@ static int rpmhpd_update_level_mapping(struct rpmhpd *rpmhpd) return -EINVAL; for (i = 0; i < rpmhpd->level_count; i++) { + if (rpmhpd->skip_retention_level && buf[i] == RPMH_REGULATOR_LEVEL_RETENTION) + continue; + rpmhpd->level[i] = buf[i]; /* Remember the first corner with non-zero level */ --- base-commit: 62c97045b8f720c2eac807a5f38e26c9ed512371 change-id: 20240625-avoid_mxc_retention-b095a761d981 Best regards, -- Taniya Das <quic_tdas(a)quicinc.com>

9 months, 4 weeks

2
1
0 0

[PATCH 4.19 5.4 5.10 5.15 6.1 6.6] nilfs2: fix incorrect inode allocation from reserved inodes

by Ryusuke Konishi

commit 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 upstream. If the bitmap block that manages the inode allocation status is corrupted, nilfs_ifile_create_inode() may allocate a new inode from the reserved inode area where it should not be allocated. Previous fix commit d325dc6eb763 ("nilfs2: fix use-after-free bug of struct nilfs_root"), fixed the problem that reserved inodes with inode numbers less than NILFS_USER_INO (=11) were incorrectly reallocated due to bitmap corruption, but since the start number of non-reserved inodes is read from the super block and may change, in which case inode allocation may occur from the extended reserved inode area. If that happens, access to that inode will cause an IO error, causing the file system to degrade to an error state. Fix this potential issue by adding a wraparound option to the common metadata object allocation routine and by modifying nilfs_ifile_create_inode() to disable the option so that it only allocates inodes with inode numbers greater than or equal to the inode number read in "nilfs->ns_first_ino", regardless of the bitmap status of reserved inodes. Link: https://lkml.kernel.org/r/20240623051135.4180-4-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: Hillf Danton <hdanton(a)sina.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Please apply this patch to the stable trees indicated by the subject prefix instead of the patch that failed. This patch is tailored to avoid conflicts with a series involving extensive conversions and can be applied from v4.8 to v6.8. Also, all the builds and tests I did on each stable tree passed. Thanks, Ryusuke Konishi fs/nilfs2/alloc.c | 18 ++++++++++++++---- fs/nilfs2/alloc.h | 4 ++-- fs/nilfs2/dat.c | 2 +- fs/nilfs2/ifile.c | 7 ++----- 4 files changed, 19 insertions(+), 12 deletions(-) diff --git a/fs/nilfs2/alloc.c b/fs/nilfs2/alloc.c index 7342de296ec3..25881bdd212b 100644 --- a/fs/nilfs2/alloc.c +++ b/fs/nilfs2/alloc.c @@ -377,11 +377,12 @@ void *nilfs_palloc_block_get_entry(const struct inode *inode, __u64 nr, * @target: offset number of an entry in the group (start point) * @bsize: size in bits * @lock: spin lock protecting @bitmap + * @wrap: whether to wrap around */ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, unsigned long target, unsigned int bsize, - spinlock_t *lock) + spinlock_t *lock, bool wrap) { int pos, end = bsize; @@ -397,6 +398,8 @@ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, end = target; } + if (!wrap) + return -ENOSPC; /* wrap around */ for (pos = 0; pos < end; pos++) { @@ -495,9 +498,10 @@ int nilfs_palloc_count_max_entries(struct inode *inode, u64 nused, u64 *nmaxp) * nilfs_palloc_prepare_alloc_entry - prepare to allocate a persistent object * @inode: inode of metadata file using this allocator * @req: nilfs_palloc_req structure exchanged for the allocation + * @wrap: whether to wrap around */ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, - struct nilfs_palloc_req *req) + struct nilfs_palloc_req *req, bool wrap) { struct buffer_head *desc_bh, *bitmap_bh; struct nilfs_palloc_group_desc *desc; @@ -516,7 +520,7 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, entries_per_group = nilfs_palloc_entries_per_group(inode); for (i = 0; i < ngroups; i += n) { - if (group >= ngroups) { + if (group >= ngroups && wrap) { /* wrap around */ group = 0; maxgroup = nilfs_palloc_group(inode, req->pr_entry_nr, @@ -541,7 +545,13 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, bitmap = bitmap_kaddr + bh_offset(bitmap_bh); pos = nilfs_palloc_find_available_slot( bitmap, group_offset, - entries_per_group, lock); + entries_per_group, lock, wrap); + /* + * Since the search for a free slot in the + * second and subsequent bitmap blocks always + * starts from the beginning, the wrap flag + * only has an effect on the first search. + */ if (pos >= 0) { /* found a free entry */ nilfs_palloc_group_desc_add_entries( diff --git a/fs/nilfs2/alloc.h b/fs/nilfs2/alloc.h index b667e869ac07..d825a9faca6d 100644 --- a/fs/nilfs2/alloc.h +++ b/fs/nilfs2/alloc.h @@ -50,8 +50,8 @@ struct nilfs_palloc_req { struct buffer_head *pr_entry_bh; }; -int nilfs_palloc_prepare_alloc_entry(struct inode *, - struct nilfs_palloc_req *); +int nilfs_palloc_prepare_alloc_entry(struct inode *inode, + struct nilfs_palloc_req *req, bool wrap); void nilfs_palloc_commit_alloc_entry(struct inode *, struct nilfs_palloc_req *); void nilfs_palloc_abort_alloc_entry(struct inode *, struct nilfs_palloc_req *); diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c index 9cf6ba58f585..351010828d88 100644 --- a/fs/nilfs2/dat.c +++ b/fs/nilfs2/dat.c @@ -75,7 +75,7 @@ int nilfs_dat_prepare_alloc(struct inode *dat, struct nilfs_palloc_req *req) { int ret; - ret = nilfs_palloc_prepare_alloc_entry(dat, req); + ret = nilfs_palloc_prepare_alloc_entry(dat, req, true); if (ret < 0) return ret; diff --git a/fs/nilfs2/ifile.c b/fs/nilfs2/ifile.c index a8a4bc8490b4..ac10a62a41e9 100644 --- a/fs/nilfs2/ifile.c +++ b/fs/nilfs2/ifile.c @@ -55,13 +55,10 @@ int nilfs_ifile_create_inode(struct inode *ifile, ino_t *out_ino, struct nilfs_palloc_req req; int ret; - req.pr_entry_nr = 0; /* - * 0 says find free inode from beginning - * of a group. dull code!! - */ + req.pr_entry_nr = NILFS_FIRST_INO(ifile->i_sb); req.pr_entry_bh = NULL; - ret = nilfs_palloc_prepare_alloc_entry(ifile, &req); + ret = nilfs_palloc_prepare_alloc_entry(ifile, &req, false); if (!ret) { ret = nilfs_palloc_get_entry_block(ifile, req.pr_entry_nr, 1, &req.pr_entry_bh); -- 2.43.5

9 months, 4 weeks

2
1
0 0

[PATCH] Revert "bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()" for linux-6.6.37

by WangYuli

This reverts commit 08f6c05feb1db21653e98ca84ea04ca032d014c7. Upstream commit e60adf513275 ("bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()") depends on upstream commit 1dad391daef1 ("bpf, arm64: use bpf_prog_pack for memory management"). It will cause a compilation warning on the arm64 if it's not merged: arch/arm64/net/bpf_jit_comp.c: In function ‘bpf_int_jit_compile’: arch/arm64/net/bpf_jit_comp.c:1651:17: warning: ignoring return value of ‘bpf_jit_binary_lock_ro’ declared with attribute ‘warn_unused_result’ [-Wunused-result] 1651 | bpf_jit_binary_lock_ro(header); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This will prevent the kernel with the '-Werror' compile option from being compiled successfully. We might as well revert this commit in linux-6.6.37 to solve the problem in a simple way. Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- arch/arm/net/bpf_jit_32.c | 25 +++++++++++++------------ arch/loongarch/net/bpf_jit.c | 22 ++++++---------------- arch/mips/net/bpf_jit_comp.c | 3 +-- arch/parisc/net/bpf_jit_core.c | 8 +------- arch/s390/net/bpf_jit_comp.c | 6 +----- arch/sparc/net/bpf_jit_comp_64.c | 6 +----- arch/x86/net/bpf_jit_comp32.c | 3 ++- include/linux/filter.h | 5 ++--- 8 files changed, 27 insertions(+), 51 deletions(-) diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c index ac8e4d9bf954..6a1c9fca5260 100644 --- a/arch/arm/net/bpf_jit_32.c +++ b/arch/arm/net/bpf_jit_32.c @@ -1982,21 +1982,28 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) /* If building the body of the JITed code fails somehow, * we fall back to the interpretation. */ - if (build_body(&ctx) < 0) - goto out_free; + if (build_body(&ctx) < 0) { + image_ptr = NULL; + bpf_jit_binary_free(header); + prog = orig_prog; + goto out_imms; + } build_epilogue(&ctx); /* 3.) Extra pass to validate JITed Code */ - if (validate_code(&ctx)) - goto out_free; + if (validate_code(&ctx)) { + image_ptr = NULL; + bpf_jit_binary_free(header); + prog = orig_prog; + goto out_imms; + } flush_icache_range((u32)header, (u32)(ctx.target + ctx.idx)); if (bpf_jit_enable > 1) /* there are 2 passes here */ bpf_jit_dump(prog->len, image_size, 2, ctx.target); - if (bpf_jit_binary_lock_ro(header)) - goto out_free; + bpf_jit_binary_lock_ro(header); prog->bpf_func = (void *)ctx.target; prog->jited = 1; prog->jited_len = image_size; @@ -2013,11 +2020,5 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) bpf_jit_prog_release_other(prog, prog == orig_prog ? tmp : orig_prog); return prog; - -out_free: - image_ptr = NULL; - bpf_jit_binary_free(header); - prog = orig_prog; - goto out_imms; } diff --git a/arch/loongarch/net/bpf_jit.c b/arch/loongarch/net/bpf_jit.c index 13cd480385ca..9eb7753d117d 100644 --- a/arch/loongarch/net/bpf_jit.c +++ b/arch/loongarch/net/bpf_jit.c @@ -1206,19 +1206,16 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) flush_icache_range((unsigned long)header, (unsigned long)(ctx.image + ctx.idx)); if (!prog->is_func || extra_pass) { - int err; - if (extra_pass && ctx.idx != jit_data->ctx.idx) { pr_err_once("multi-func JIT bug %d != %d\n", ctx.idx, jit_data->ctx.idx); - goto out_free; - } - err = bpf_jit_binary_lock_ro(header); - if (err) { - pr_err_once("bpf_jit_binary_lock_ro() returned %d\n", - err); - goto out_free; + bpf_jit_binary_free(header); + prog->bpf_func = NULL; + prog->jited = 0; + prog->jited_len = 0; + goto out_offset; } + bpf_jit_binary_lock_ro(header); } else { jit_data->ctx = ctx; jit_data->image = image_ptr; @@ -1249,13 +1246,6 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) out_offset = -1; return prog; - -out_free: - bpf_jit_binary_free(header); - prog->bpf_func = NULL; - prog->jited = 0; - prog->jited_len = 0; - goto out_offset; } /* Indicate the JIT backend supports mixing bpf2bpf and tailcalls. */ diff --git a/arch/mips/net/bpf_jit_comp.c b/arch/mips/net/bpf_jit_comp.c index e355dfca4400..a40d926b6513 100644 --- a/arch/mips/net/bpf_jit_comp.c +++ b/arch/mips/net/bpf_jit_comp.c @@ -1012,8 +1012,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) bpf_prog_fill_jited_linfo(prog, &ctx.descriptors[1]); /* Set as read-only exec and flush instruction cache */ - if (bpf_jit_binary_lock_ro(header)) - goto out_err; + bpf_jit_binary_lock_ro(header); flush_icache_range((unsigned long)header, (unsigned long)&ctx.target[ctx.jit_index]); diff --git a/arch/parisc/net/bpf_jit_core.c b/arch/parisc/net/bpf_jit_core.c index 979f45d4d1fb..d6ee2fd45550 100644 --- a/arch/parisc/net/bpf_jit_core.c +++ b/arch/parisc/net/bpf_jit_core.c @@ -167,13 +167,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) bpf_flush_icache(jit_data->header, ctx->insns + ctx->ninsns); if (!prog->is_func || extra_pass) { - if (bpf_jit_binary_lock_ro(jit_data->header)) { - bpf_jit_binary_free(jit_data->header); - prog->bpf_func = NULL; - prog->jited = 0; - prog->jited_len = 0; - goto out_offset; - } + bpf_jit_binary_lock_ro(jit_data->header); prologue_len = ctx->epilogue_offset - ctx->body_len; for (i = 0; i < prog->len; i++) ctx->offset[i] += prologue_len; diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index 05746e22fe79..62ee557d4b49 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -1973,11 +1973,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp) print_fn_code(jit.prg_buf, jit.size_prg); } if (!fp->is_func || extra_pass) { - if (bpf_jit_binary_lock_ro(header)) { - bpf_jit_binary_free(header); - fp = orig_fp; - goto free_addrs; - } + bpf_jit_binary_lock_ro(header); } else { jit_data->header = header; jit_data->ctx = jit; diff --git a/arch/sparc/net/bpf_jit_comp_64.c b/arch/sparc/net/bpf_jit_comp_64.c index 73bf0aea8baf..fa0759bfe498 100644 --- a/arch/sparc/net/bpf_jit_comp_64.c +++ b/arch/sparc/net/bpf_jit_comp_64.c @@ -1602,11 +1602,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) bpf_flush_icache(header, (u8 *)header + header->size); if (!prog->is_func || extra_pass) { - if (bpf_jit_binary_lock_ro(header)) { - bpf_jit_binary_free(header); - prog = orig_prog; - goto out_off; - } + bpf_jit_binary_lock_ro(header); } else { jit_data->ctx = ctx; jit_data->image = image_ptr; diff --git a/arch/x86/net/bpf_jit_comp32.c b/arch/x86/net/bpf_jit_comp32.c index f2fc8c38629b..429a89c5468b 100644 --- a/arch/x86/net/bpf_jit_comp32.c +++ b/arch/x86/net/bpf_jit_comp32.c @@ -2600,7 +2600,8 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) if (bpf_jit_enable > 1) bpf_jit_dump(prog->len, proglen, pass + 1, image); - if (image && !bpf_jit_binary_lock_ro(header)) { + if (image) { + bpf_jit_binary_lock_ro(header); prog->bpf_func = (void *)image; prog->jited = 1; prog->jited_len = proglen; diff --git a/include/linux/filter.h b/include/linux/filter.h index a74d97114a54..5a2800ec94ea 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -853,11 +853,10 @@ static inline int __must_check bpf_prog_lock_ro(struct bpf_prog *fp) return 0; } -static inline int __must_check -bpf_jit_binary_lock_ro(struct bpf_binary_header *hdr) +static inline void bpf_jit_binary_lock_ro(struct bpf_binary_header *hdr) { set_vm_flush_reset_perms(hdr); - return set_memory_rox((unsigned long)hdr, hdr->size >> PAGE_SHIFT); + set_memory_rox((unsigned long)hdr, hdr->size >> PAGE_SHIFT); } int sk_filter_trim_cap(struct sock *sk, struct sk_buff *skb, unsigned int cap); -- 2.43.0

9 months, 4 weeks

3
8
0 0

Linux 6.6.38

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.38 kernel. All powerpc and arm64 users of the 6.6 kernel series must upgrade. Everyone else probably should as well to be safe. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/net/bpf_jit_32.c | 25 ++++---- arch/loongarch/net/bpf_jit.c | 22 ++----- arch/mips/net/bpf_jit_comp.c | 3 - arch/parisc/net/bpf_jit_core.c | 8 -- arch/powerpc/net/bpf_jit.h | 18 ++++-- arch/powerpc/net/bpf_jit_comp.c | 110 ++++++++++---------------------------- arch/powerpc/net/bpf_jit_comp32.c | 13 ++-- arch/powerpc/net/bpf_jit_comp64.c | 10 +-- arch/s390/net/bpf_jit_comp.c | 6 -- arch/sparc/net/bpf_jit_comp_64.c | 6 -- arch/x86/net/bpf_jit_comp32.c | 3 - include/linux/filter.h | 10 +-- kernel/bpf/core.c | 4 - kernel/bpf/verifier.c | 8 -- 15 files changed, 86 insertions(+), 162 deletions(-) Greg Kroah-Hartman (5): Revert "bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()" Revert "powerpc/bpf: use bpf_jit_binary_pack_[alloc|finalize|free]" Revert "powerpc/bpf: rename powerpc64_jit_data to powerpc_jit_data" Revert "bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()" Linux 6.6.38

9 months, 4 weeks

1
1
0 0

[PATCH v2] drm/client: fix null pointer dereference in drm_client_modeset_probe

by Ma Ke

In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: cf13909aee05 ("drm/fb-helper: Move out modeset config code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added the recipient's email address, due to the prolonged absence of a response from the recipients. - added Cc stable. --- drivers/gpu/drm/drm_client_modeset.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 31af5cf37a09..cca37b225385 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -880,6 +880,9 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, kfree(modeset->mode); modeset->mode = drm_mode_duplicate(dev, mode); + if (!modeset->mode) + continue; + drm_connector_get(connector); modeset->connectors[modeset->num_connectors++] = connector; modeset->x = offset->x; -- 2.25.1

9 months, 4 weeks

1
0
0 0

[PATCH v3] drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes

by Ma Ke

In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 89c78134cc54 ("gma500: Add Poulsbo support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - added the recipient's email address, due to the prolonged absence of a response from the recipients. Changes in v2: - modified the patch according to suggestions; - added Fixes line; - added Cc stable. --- drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/gma500/psb_intel_lvds.c b/drivers/gpu/drm/gma500/psb_intel_lvds.c index 8486de230ec9..8d1be94a443b 100644 --- a/drivers/gpu/drm/gma500/psb_intel_lvds.c +++ b/drivers/gpu/drm/gma500/psb_intel_lvds.c @@ -504,6 +504,9 @@ static int psb_intel_lvds_get_modes(struct drm_connector *connector) if (mode_dev->panel_fixed_mode != NULL) { struct drm_display_mode *mode = drm_mode_duplicate(dev, mode_dev->panel_fixed_mode); + if (!mode) + return 0; + drm_mode_probed_add(connector, mode); return 1; } -- 2.25.1

9 months, 4 weeks

1
0
0 0

[PATCH iwl-next] ice: Add a per-VF limit on number of FDIR filters

by Ahmed Zaki

While the iavf driver adds a s/w limit (128) on the number of FDIR filters that the VF can request, a malicious VF driver can request more than that and exhaust the resources for other VFs. Add a similar limit in ice. CC: stable(a)vger.kernel.org Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Suggested-by: Sridhar Samudrala <sridhar.samudrala(a)intel.com> Signed-off-by: Ahmed Zaki <ahmed.zaki(a)intel.com> --- .../net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 +- drivers/net/ethernet/intel/ice/ice_fdir.h | 3 +++ .../net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 ++++++++++++++++ .../net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 + 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c b/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c index e3cab8e98f52..5412eff8ef23 100644 --- a/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c +++ b/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c @@ -534,7 +534,7 @@ ice_parse_rx_flow_user_data(struct ethtool_rx_flow_spec *fsp, * * Returns the number of available flow director filters to this VSI */ -static int ice_fdir_num_avail_fltr(struct ice_hw *hw, struct ice_vsi *vsi) +int ice_fdir_num_avail_fltr(struct ice_hw *hw, struct ice_vsi *vsi) { u16 vsi_num = ice_get_hw_vsi_num(hw, vsi->idx); u16 num_guar; diff --git a/drivers/net/ethernet/intel/ice/ice_fdir.h b/drivers/net/ethernet/intel/ice/ice_fdir.h index 021ecbac7848..ab5b118daa2d 100644 --- a/drivers/net/ethernet/intel/ice/ice_fdir.h +++ b/drivers/net/ethernet/intel/ice/ice_fdir.h @@ -207,6 +207,8 @@ struct ice_fdir_base_pkt { const u8 *tun_pkt; }; +struct ice_vsi; + int ice_alloc_fd_res_cntr(struct ice_hw *hw, u16 *cntr_id); int ice_free_fd_res_cntr(struct ice_hw *hw, u16 cntr_id); int ice_alloc_fd_guar_item(struct ice_hw *hw, u16 *cntr_id, u16 num_fltr); @@ -218,6 +220,7 @@ int ice_fdir_get_gen_prgm_pkt(struct ice_hw *hw, struct ice_fdir_fltr *input, u8 *pkt, bool frag, bool tun); int ice_get_fdir_cnt_all(struct ice_hw *hw); +int ice_fdir_num_avail_fltr(struct ice_hw *hw, struct ice_vsi *vsi); bool ice_fdir_is_dup_fltr(struct ice_hw *hw, struct ice_fdir_fltr *input); bool ice_fdir_has_frag(enum ice_fltr_ptype flow); struct ice_fdir_fltr * diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c index b8df8d0b2d85..60bf71da53bd 100644 --- a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c +++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c @@ -550,6 +550,8 @@ static void ice_vc_fdir_reset_cnt_all(struct ice_vf_fdir *fdir) fdir->fdir_fltr_cnt[flow][0] = 0; fdir->fdir_fltr_cnt[flow][1] = 0; } + + fdir->fdir_fltr_cnt_total = 0; } /** @@ -1694,6 +1696,7 @@ ice_vc_add_fdir_fltr_post(struct ice_vf *vf, struct ice_vf_fdir_ctx *ctx, resp->status = status; resp->flow_id = conf->flow_id; vf->fdir.fdir_fltr_cnt[conf->input.flow_type][is_tun]++; + vf->fdir.fdir_fltr_cnt_total++; ret = ice_vc_send_msg_to_vf(vf, ctx->v_opcode, v_ret, (u8 *)resp, len); @@ -1758,6 +1761,7 @@ ice_vc_del_fdir_fltr_post(struct ice_vf *vf, struct ice_vf_fdir_ctx *ctx, resp->status = status; ice_vc_fdir_remove_entry(vf, conf, conf->flow_id); vf->fdir.fdir_fltr_cnt[conf->input.flow_type][is_tun]--; + vf->fdir.fdir_fltr_cnt_total--; ret = ice_vc_send_msg_to_vf(vf, ctx->v_opcode, v_ret, (u8 *)resp, len); @@ -2074,6 +2078,7 @@ int ice_vc_add_fdir_fltr(struct ice_vf *vf, u8 *msg) struct virtchnl_fdir_add *stat = NULL; struct virtchnl_fdir_fltr_conf *conf; enum virtchnl_status_code v_ret; + struct ice_vsi *vf_vsi; struct device *dev; struct ice_pf *pf; int is_tun = 0; @@ -2082,6 +2087,17 @@ int ice_vc_add_fdir_fltr(struct ice_vf *vf, u8 *msg) pf = vf->pf; dev = ice_pf_to_dev(pf); + vf_vsi = ice_get_vf_vsi(vf); + +#define ICE_VF_MAX_FDIR_FILTERS 128 + if (!ice_fdir_num_avail_fltr(&pf->hw, vf_vsi) || + vf->fdir.fdir_fltr_cnt_total >= ICE_VF_MAX_FDIR_FILTERS) { + v_ret = VIRTCHNL_STATUS_ERR_PARAM; + dev_err(dev, "Max number of FDIR filters for VF %d is reached\n", + vf->vf_id); + goto err_exit; + } + ret = ice_vc_fdir_param_check(vf, fltr->vsi_id); if (ret) { v_ret = VIRTCHNL_STATUS_ERR_PARAM; diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h index c5bcc8d7481c..ac6dcab454b4 100644 --- a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h +++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h @@ -29,6 +29,7 @@ struct ice_vf_fdir_ctx { struct ice_vf_fdir { u16 fdir_fltr_cnt[ICE_FLTR_PTYPE_MAX][ICE_FD_HW_SEG_MAX]; int prof_entry_cnt[ICE_FLTR_PTYPE_MAX][ICE_FD_HW_SEG_MAX]; + u16 fdir_fltr_cnt_total; struct ice_fd_hw_prof **fdir_prof; struct idr fdir_rule_idr; -- 2.43.0

9 months, 4 weeks

3
2
0 0

[PATCH net v3 2/4] ipv6: fix source address selection with route leak

by Nicolas Dichtel

By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 0d240e7811c4 ("net: vrf: Implement get_saddr for IPv6") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> --- include/net/ip6_route.h | 21 ++++++++++++++------- net/ipv6/ip6_output.c | 1 + net/ipv6/route.c | 2 +- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index a18ed24fed94..667f0a517fd0 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -127,18 +127,25 @@ void rt6_age_exceptions(struct fib6_info *f6i, struct fib6_gc_args *gc_args, static inline int ip6_route_get_saddr(struct net *net, struct fib6_info *f6i, const struct in6_addr *daddr, - unsigned int prefs, + unsigned int prefs, int l3mdev_index, struct in6_addr *saddr) { + struct net_device *l3mdev; + struct net_device *dev; + bool same_vrf; int err = 0; - if (f6i && f6i->fib6_prefsrc.plen) { - *saddr = f6i->fib6_prefsrc.addr; - } else { - struct net_device *dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + rcu_read_lock(); - err = ipv6_dev_get_saddr(net, dev, daddr, prefs, saddr); - } + l3mdev = dev_get_by_index_rcu(net, l3mdev_index); + dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + same_vrf = !l3mdev || l3mdev_master_dev_rcu(dev) == l3mdev; + if (f6i && f6i->fib6_prefsrc.plen && same_vrf) + *saddr = f6i->fib6_prefsrc.addr; + else + err = ipv6_dev_get_saddr(net, same_vrf ? dev : l3mdev, daddr, prefs, saddr); + + rcu_read_unlock(); return err; } diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 27d8725445e3..784424ac4147 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1124,6 +1124,7 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk, from = rt ? rcu_dereference(rt->from) : NULL; err = ip6_route_get_saddr(net, from, &fl6->daddr, sk ? READ_ONCE(inet6_sk(sk)->srcprefs) : 0, + fl6->flowi6_l3mdev, &fl6->saddr); rcu_read_unlock(); diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 8d72ca0b086d..c9a9506b714d 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -5689,7 +5689,7 @@ static int rt6_fill_node(struct net *net, struct sk_buff *skb, goto nla_put_failure; } else if (dest) { struct in6_addr saddr_buf; - if (ip6_route_get_saddr(net, rt, dest, 0, &saddr_buf) == 0 && + if (ip6_route_get_saddr(net, rt, dest, 0, 0, &saddr_buf) == 0 && nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) goto nla_put_failure; } -- 2.43.1

10 months

2
1
0 0

[PATCH net v3 1/4] ipv4: fix source address selection with route leak

by Nicolas Dichtel

By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 8cbb512c923d ("net: Add source address lookup op for VRF") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> --- net/ipv4/fib_semantics.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index f669da98d11d..8956026bc0a2 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -2270,6 +2270,15 @@ void fib_select_path(struct net *net, struct fib_result *res, fib_select_default(fl4, res); check_saddr: - if (!fl4->saddr) - fl4->saddr = fib_result_prefsrc(net, res); + if (!fl4->saddr) { + struct net_device *l3mdev; + + l3mdev = dev_get_by_index_rcu(net, fl4->flowi4_l3mdev); + + if (!l3mdev || + l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) == l3mdev) + fl4->saddr = fib_result_prefsrc(net, res); + else + fl4->saddr = inet_select_addr(l3mdev, 0, RT_SCOPE_LINK); + } } -- 2.43.1

10 months

2
1
0 0

+ mm-truncate-batch-clear-shadow-entries.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/truncate: batch-clear shadow entries has been added to the -mm mm-unstable branch. Its filename is mm-truncate-batch-clear-shadow-entries.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Zhao <yuzhao(a)google.com> Subject: mm/truncate: batch-clear shadow entries Date: Mon, 8 Jul 2024 15:27:53 -0600 Make clear_shadow_entry() clear shadow entries in `struct folio_batch` so that it can reduce contention on i_lock and i_pages locks, e.g., watchdog: BUG: soft lockup - CPU#29 stuck for 11s! [fio:2701649] clear_shadow_entry+0x3d/0x100 mapping_try_invalidate+0x117/0x1d0 invalidate_mapping_pages+0x10/0x20 invalidate_bdev+0x3c/0x50 blkdev_common_ioctl+0x5f7/0xa90 blkdev_ioctl+0x109/0x270 Link: https://lkml.kernel.org/r/20240708212753.3120511-1-yuzhao@google.com Reported-by: Bharata B Rao <bharata(a)amd.com> Closes: https://lore.kernel.org/d2841226-e27b-4d3d-a578-63587a3aa4f3@amd.com/ Signed-off-by: Yu Zhao <yuzhao(a)google.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/truncate.c | 67 +++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 37 deletions(-) --- a/mm/truncate.c~mm-truncate-batch-clear-shadow-entries +++ a/mm/truncate.c @@ -39,12 +39,24 @@ static inline void __clear_shadow_entry( xas_store(&xas, NULL); } -static void clear_shadow_entry(struct address_space *mapping, pgoff_t index, - void *entry) +static void clear_shadow_entry(struct address_space *mapping, + struct folio_batch *fbatch, pgoff_t *indices) { + int i; + + if (shmem_mapping(mapping) || dax_mapping(mapping)) + return; + spin_lock(&mapping->host->i_lock); xa_lock_irq(&mapping->i_pages); - __clear_shadow_entry(mapping, index, entry); + + for (i = 0; i < folio_batch_count(fbatch); i++) { + struct folio *folio = fbatch->folios[i]; + + if (xa_is_value(folio)) + __clear_shadow_entry(mapping, indices[i], folio); + } + xa_unlock_irq(&mapping->i_pages); if (mapping_shrinkable(mapping)) inode_add_lru(mapping->host); @@ -105,36 +117,6 @@ static void truncate_folio_batch_excepti fbatch->nr = j; } -/* - * Invalidate exceptional entry if easily possible. This handles exceptional - * entries for invalidate_inode_pages(). - */ -static int invalidate_exceptional_entry(struct address_space *mapping, - pgoff_t index, void *entry) -{ - /* Handled by shmem itself, or for DAX we do nothing. */ - if (shmem_mapping(mapping) || dax_mapping(mapping)) - return 1; - clear_shadow_entry(mapping, index, entry); - return 1; -} - -/* - * Invalidate exceptional entry if clean. This handles exceptional entries for - * invalidate_inode_pages2() so for DAX it evicts only clean entries. - */ -static int invalidate_exceptional_entry2(struct address_space *mapping, - pgoff_t index, void *entry) -{ - /* Handled by shmem itself */ - if (shmem_mapping(mapping)) - return 1; - if (dax_mapping(mapping)) - return dax_invalidate_mapping_entry_sync(mapping, index); - clear_shadow_entry(mapping, index, entry); - return 1; -} - /** * folio_invalidate - Invalidate part or all of a folio. * @folio: The folio which is affected. @@ -494,6 +476,7 @@ unsigned long mapping_try_invalidate(str unsigned long ret; unsigned long count = 0; int i; + bool xa_has_values = false; folio_batch_init(&fbatch); while (find_lock_entries(mapping, &index, end, &fbatch, indices)) { @@ -503,8 +486,8 @@ unsigned long mapping_try_invalidate(str /* We rely upon deletion not changing folio->index */ if (xa_is_value(folio)) { - count += invalidate_exceptional_entry(mapping, - indices[i], folio); + xa_has_values = true; + count++; continue; } @@ -522,6 +505,10 @@ unsigned long mapping_try_invalidate(str } count += ret; } + + if (xa_has_values) + clear_shadow_entry(mapping, &fbatch, indices); + folio_batch_remove_exceptionals(&fbatch); folio_batch_release(&fbatch); cond_resched(); @@ -616,6 +603,7 @@ int invalidate_inode_pages2_range(struct int ret = 0; int ret2 = 0; int did_range_unmap = 0; + bool xa_has_values = false; if (mapping_empty(mapping)) return 0; @@ -629,8 +617,9 @@ int invalidate_inode_pages2_range(struct /* We rely upon deletion not changing folio->index */ if (xa_is_value(folio)) { - if (!invalidate_exceptional_entry2(mapping, - indices[i], folio)) + xa_has_values = true; + if (dax_mapping(mapping) && + !dax_invalidate_mapping_entry_sync(mapping, indices[i])) ret = -EBUSY; continue; } @@ -666,6 +655,10 @@ int invalidate_inode_pages2_range(struct ret = ret2; folio_unlock(folio); } + + if (xa_has_values) + clear_shadow_entry(mapping, &fbatch, indices); + folio_batch_remove_exceptionals(&fbatch); folio_batch_release(&fbatch); cond_resched(); _ Patches currently in -mm which might be from yuzhao(a)google.com are mm-truncate-batch-clear-shadow-entries.patch

10 months

1
0
0 0

+ mm-hugetlb-fix-potential-race-in-__update_and_free_hugetlb_folio.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-fix-potential-race-in-__update_and_free_hugetlb_folio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio() Date: Mon, 8 Jul 2024 10:51:27 +0800 There is a potential race between __update_and_free_hugetlb_folio() and try_memory_failure_hugetlb(): CPU1 CPU2 __update_and_free_hugetlb_folio try_memory_failure_hugetlb folio_test_hugetlb -- It's still hugetlb folio. folio_clear_hugetlb_hwpoison spin_lock_irq(&hugetlb_lock); __get_huge_page_for_hwpoison folio_set_hugetlb_hwpoison spin_unlock_irq(&hugetlb_lock); spin_lock_irq(&hugetlb_lock); __folio_clear_hugetlb(folio); -- Hugetlb flag is cleared but too late. spin_unlock_irq(&hugetlb_lock); When the above race occurs, raw error page info will be leaked. Even worse, raw error pages won't have hwpoisoned flag set and hit pcplists/buddy. Fix this issue by deferring folio_clear_hugetlb_hwpoison() until __folio_clear_hugetlb() is done. So all raw error pages will have hwpoisoned flag set. Link: https://lkml.kernel.org/r/20240708025127.107713-1-linmiaohe@huawei.com Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: Muchun Song <muchun.song(a)linux.dev> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-potential-race-in-__update_and_free_hugetlb_folio +++ a/mm/hugetlb.c @@ -1726,13 +1726,6 @@ static void __update_and_free_hugetlb_fo } /* - * Move PageHWPoison flag from head page to the raw error pages, - * which makes any healthy subpages reusable. - */ - if (unlikely(folio_test_hwpoison(folio))) - folio_clear_hugetlb_hwpoison(folio); - - /* * If vmemmap pages were allocated above, then we need to clear the * hugetlb flag under the hugetlb lock. */ @@ -1742,6 +1735,13 @@ static void __update_and_free_hugetlb_fo spin_unlock_irq(&hugetlb_lock); } + /* + * Move PageHWPoison flag from head page to the raw error pages, + * which makes any healthy subpages reusable. + */ + if (unlikely(folio_test_hwpoison(folio))) + folio_clear_hugetlb_hwpoison(folio); + folio_ref_unfreeze(folio, 1); /* _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-hugetlb-fix-potential-race-in-__update_and_free_hugetlb_folio.patch mm-memory-failure-remove-obsolete-mf_msg_different_compound.patch

10 months

1
0
0 0

[PATCH net v2 1/4] ipv4: fix source address selection with route leak

by Nicolas Dichtel

By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 8cbb512c923d ("net: Add source address lookup op for VRF") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> --- net/ipv4/fib_semantics.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index f669da98d11d..459082f4936d 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -2270,6 +2270,13 @@ void fib_select_path(struct net *net, struct fib_result *res, fib_select_default(fl4, res); check_saddr: - if (!fl4->saddr) - fl4->saddr = fib_result_prefsrc(net, res); + if (!fl4->saddr) { + struct net_device *l3mdev = dev_get_by_index_rcu(net, fl4->flowi4_l3mdev); + + if (!l3mdev || + l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) == l3mdev) + fl4->saddr = fib_result_prefsrc(net, res); + else + fl4->saddr = inet_select_addr(l3mdev, 0, RT_SCOPE_LINK); + } } -- 2.43.1

10 months

3
4
0 0

[PATCH net v2 2/4] ipv6: fix source address selection with route leak

by Nicolas Dichtel

By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 0d240e7811c4 ("net: vrf: Implement get_saddr for IPv6") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> --- include/net/ip6_route.h | 19 ++++++++++++------- net/ipv6/ip6_output.c | 1 + net/ipv6/route.c | 2 +- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index a18ed24fed94..a7c27f0c6bce 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -127,18 +127,23 @@ void rt6_age_exceptions(struct fib6_info *f6i, struct fib6_gc_args *gc_args, static inline int ip6_route_get_saddr(struct net *net, struct fib6_info *f6i, const struct in6_addr *daddr, - unsigned int prefs, + unsigned int prefs, int l3mdev_index, struct in6_addr *saddr) { + struct net_device *l3mdev; + struct net_device *dev; + bool same_vrf; int err = 0; - if (f6i && f6i->fib6_prefsrc.plen) { + rcu_read_lock(); + l3mdev = dev_get_by_index_rcu(net, l3mdev_index); + dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + same_vrf = l3mdev == NULL || l3mdev_master_dev_rcu(dev) == l3mdev; + if (f6i && f6i->fib6_prefsrc.plen && same_vrf) *saddr = f6i->fib6_prefsrc.addr; - } else { - struct net_device *dev = f6i ? fib6_info_nh_dev(f6i) : NULL; - - err = ipv6_dev_get_saddr(net, dev, daddr, prefs, saddr); - } + else + err = ipv6_dev_get_saddr(net, same_vrf ? dev : l3mdev, daddr, prefs, saddr); + rcu_read_unlock(); return err; } diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 27d8725445e3..784424ac4147 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1124,6 +1124,7 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk, from = rt ? rcu_dereference(rt->from) : NULL; err = ip6_route_get_saddr(net, from, &fl6->daddr, sk ? READ_ONCE(inet6_sk(sk)->srcprefs) : 0, + fl6->flowi6_l3mdev, &fl6->saddr); rcu_read_unlock(); diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 8d72ca0b086d..c9a9506b714d 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -5689,7 +5689,7 @@ static int rt6_fill_node(struct net *net, struct sk_buff *skb, goto nla_put_failure; } else if (dest) { struct in6_addr saddr_buf; - if (ip6_route_get_saddr(net, rt, dest, 0, &saddr_buf) == 0 && + if (ip6_route_get_saddr(net, rt, dest, 0, 0, &saddr_buf) == 0 && nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) goto nla_put_failure; } -- 2.43.1

10 months

2
4
0 0

[PATCH net v3 3/4] ipv6: take care of scope when choosing the src addr

by Nicolas Dichtel

When the source address is selected, the scope must be checked. For example, if a loopback address is assigned to the vrf device, it must not be chosen for packets sent outside. CC: stable(a)vger.kernel.org Fixes: afbac6010aec ("net: ipv6: Address selection needs to consider L3 domains") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> --- net/ipv6/addrconf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 5c424a0e7232..4f2c5cc31015 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -1873,7 +1873,8 @@ int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev, master, &dst, scores, hiscore_idx); - if (scores[hiscore_idx].ifa) + if (scores[hiscore_idx].ifa && + scores[hiscore_idx].scopedist >= 0) goto out; } -- 2.43.1

10 months

1
0
0 0

Re: Patch "gpiolib: of: add polarity quirk for TSC2005" has been added to the 5.15-stable tree

by Dmitry Torokhov

On Sun, Jul 07, 2024 at 10:58:55AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > gpiolib: of: add polarity quirk for TSC2005 > > to the 5.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > gpiolib-of-add-polarity-quirk-for-tsc2005.patch > and it can be found in the queue-5.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Sasha, you are picking up a fix for an issue that was there for 7 years (since 2017), that nobody reported, for a device that there probably 1 or 2 users in the world attempt to boot on mainline kernel. For this you are forklifting bunch of other changes as dependencies. I questioned myself when I was sending this change to mainline if it was even worth it, and I am very sure the risks far outweigh the benefits(?) of having this in stable. The same goes for other cherry-picks to other stable branches. Thanks. -- Dmitry

10 months

1
0
0 0

[tip: sched/core] sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks

by tip-bot2 for Tejun Heo

The following commit has been merged into the sched/core branch of tip: Commit-ID: d329605287020c3d1c3b0dadc63d8208e7251382 Gitweb: https://git.kernel.org/tip/d329605287020c3d1c3b0dadc63d8208e7251382 Author: Tejun Heo <tj(a)kernel.org> AuthorDate: Tue, 25 Jun 2024 15:29:58 -10:00 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Thu, 04 Jul 2024 15:59:52 +02:00 sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks When a task's weight is being changed, set_load_weight() is called with @update_load set. As weight changes aren't trivial for the fair class, set_load_weight() calls fair.c::reweight_task() for fair class tasks. However, set_load_weight() first tests task_has_idle_policy() on entry and skips calling reweight_task() for SCHED_IDLE tasks. This is buggy as SCHED_IDLE tasks are just fair tasks with a very low weight and they would incorrectly skip load, vlag and position updates. Fix it by updating reweight_task() to take struct load_weight as idle weight can't be expressed with prio and making set_load_weight() call reweight_task() for SCHED_IDLE tasks too when @update_load is set. Fixes: 9059393e4ec1 ("sched/fair: Use reweight_entity() for set_user_nice()") Suggested-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org # v4.15+ Link: http://lkml.kernel.org/r/20240624102331.GI31592@noisy.programming.kicks-ass… --- kernel/sched/core.c | 23 ++++++++++------------- kernel/sched/fair.c | 7 +++---- kernel/sched/sched.h | 2 +- 3 files changed, 14 insertions(+), 18 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 0935f9d..7476834 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1328,27 +1328,24 @@ int tg_nop(struct task_group *tg, void *data) void set_load_weight(struct task_struct *p, bool update_load) { int prio = p->static_prio - MAX_RT_PRIO; - struct load_weight *load = &p->se.load; + struct load_weight lw; - /* - * SCHED_IDLE tasks get minimal weight: - */ if (task_has_idle_policy(p)) { - load->weight = scale_load(WEIGHT_IDLEPRIO); - load->inv_weight = WMULT_IDLEPRIO; - return; + lw.weight = scale_load(WEIGHT_IDLEPRIO); + lw.inv_weight = WMULT_IDLEPRIO; + } else { + lw.weight = scale_load(sched_prio_to_weight[prio]); + lw.inv_weight = sched_prio_to_wmult[prio]; } /* * SCHED_OTHER tasks have to update their load when changing their * weight */ - if (update_load && p->sched_class == &fair_sched_class) { - reweight_task(p, prio); - } else { - load->weight = scale_load(sched_prio_to_weight[prio]); - load->inv_weight = sched_prio_to_wmult[prio]; - } + if (update_load && p->sched_class == &fair_sched_class) + reweight_task(p, &lw); + else + p->se.load = lw; } #ifdef CONFIG_UCLAMP_TASK diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 41b5838..f205e24 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -3835,15 +3835,14 @@ static void reweight_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, } } -void reweight_task(struct task_struct *p, int prio) +void reweight_task(struct task_struct *p, const struct load_weight *lw) { struct sched_entity *se = &p->se; struct cfs_rq *cfs_rq = cfs_rq_of(se); struct load_weight *load = &se->load; - unsigned long weight = scale_load(sched_prio_to_weight[prio]); - reweight_entity(cfs_rq, se, weight); - load->inv_weight = sched_prio_to_wmult[prio]; + reweight_entity(cfs_rq, se, lw->weight); + load->inv_weight = lw->inv_weight; } static inline int throttled_hierarchy(struct cfs_rq *cfs_rq); diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index 62fd8bc..9ab5343 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -2509,7 +2509,7 @@ extern void init_sched_dl_class(void); extern void init_sched_rt_class(void); extern void init_sched_fair_class(void); -extern void reweight_task(struct task_struct *p, int prio); +extern void reweight_task(struct task_struct *p, const struct load_weight *lw); extern void resched_curr(struct rq *rq); extern void resched_cpu(int cpu);

10 months

1
0
0 0

[PATCH] ima: Avoid blocking in RCU read-side critical section

by Roberto Sassu

From: GUO Zihua <guozihua(a)huawei.com> A panic happens in ima_match_policy: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 42f873067 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 5 PID: 1286325 Comm: kubeletmonit.sh Kdump: loaded Tainted: P Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 RIP: 0010:ima_match_policy+0x84/0x450 Code: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39 7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d f2 b9 f4 00 0f 84 9c 01 00 00 <44> 85 73 10 74 ea 44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f RSP: 0018:ff71570009e07a80 EFLAGS: 00010207 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200 RDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739 R10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970 R13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001 FS: 00007f5195b51740(0000) GS:ff3e278b12d40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ima_get_action+0x22/0x30 process_measurement+0xb0/0x830 ? page_add_file_rmap+0x15/0x170 ? alloc_set_pte+0x269/0x4c0 ? prep_new_page+0x81/0x140 ? simple_xattr_get+0x75/0xa0 ? selinux_file_open+0x9d/0xf0 ima_file_check+0x64/0x90 path_openat+0x571/0x1720 do_filp_open+0x9b/0x110 ? page_counter_try_charge+0x57/0xc0 ? files_cgroup_alloc_fd+0x38/0x60 ? __alloc_fd+0xd4/0x250 ? do_sys_open+0x1bd/0x250 do_sys_open+0x1bd/0x250 do_syscall_64+0x5d/0x1d0 entry_SYSCALL_64_after_hwframe+0x65/0xca Commit c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()") introduced call to ima_lsm_copy_rule within a RCU read-side critical section which contains kmalloc with GFP_KERNEL. This implies a possible sleep and violates limitations of RCU read-side critical sections on non-PREEMPT systems. Sleeping within RCU read-side critical section might cause synchronize_rcu() returning early and break RCU protection, allowing a UAF to happen. The root cause of this issue could be described as follows: | Thread A | Thread B | | |ima_match_policy | | | rcu_read_lock | |ima_lsm_update_rule | | | synchronize_rcu | | | | kmalloc(GFP_KERNEL)| | | sleep | ==> synchronize_rcu returns early | kfree(entry) | | | | entry = entry->next| ==> UAF happens and entry now becomes NULL (or could be anything). | | entry->action | ==> Accessing entry might cause panic. To fix this issue, we are converting all kmalloc that is called within RCU read-side critical section to use GFP_ATOMIC. Fixes: c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()") Cc: stable(a)vger.kernel.org Signed-off-by: GUO Zihua <guozihua(a)huawei.com> Acked-by: John Johansen <john.johansen(a)canonical.com> Reviewed-by: Mimi Zohar <zohar(a)linux.ibm.com> Reviewed-by: Casey Schaufler <casey(a)schaufler-ca.com> [PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case] Signed-off-by: Paul Moore <paul(a)paul-moore.com> (cherry picked from commit 9a95c5bfbf02a0a7f5983280fe284a0ff0836c34) Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> --- Backporting notes: - Remove security_audit_rule_init() documentation changes - Add default return value parameter to call_int_hook() in security_audit_rule_init() - Can be backported to 6.1.x, 5.15.x, 5.10.x include/linux/lsm_hook_defs.h | 2 +- include/linux/security.h | 5 +++-- kernel/auditfilter.c | 5 +++-- security/apparmor/audit.c | 6 +++--- security/apparmor/include/audit.h | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_policy.c | 15 +++++++++------ security/security.c | 6 ++++-- security/selinux/include/audit.h | 4 +++- security/selinux/ss/services.c | 5 +++-- security/smack/smack_lsm.c | 4 +++- 11 files changed, 34 insertions(+), 22 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 6239a378c0ea..0b4f7289951a 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -382,7 +382,7 @@ LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **_buffer) #ifdef CONFIG_AUDIT LSM_HOOK(int, 0, audit_rule_init, u32 field, u32 op, char *rulestr, - void **lsmrule) + void **lsmrule, gfp_t gfp) LSM_HOOK(int, 0, audit_rule_known, struct audit_krule *krule) LSM_HOOK(int, 0, audit_rule_match, u32 secid, u32 field, u32 op, void *lsmrule) LSM_HOOK(void, LSM_RET_VOID, audit_rule_free, void *lsmrule) diff --git a/include/linux/security.h b/include/linux/security.h index 2772f6375f14..c33c95f409eb 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1921,7 +1921,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_AUDIT #ifdef CONFIG_SECURITY -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, + gfp_t gfp); int security_audit_rule_known(struct audit_krule *krule); int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); void security_audit_rule_free(void *lsmrule); @@ -1929,7 +1930,7 @@ void security_audit_rule_free(void *lsmrule); #else static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) + void **lsmrule, gfp_t gfp) { return 0; } diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 42d99896e7a6..6c9a4d322309 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -529,7 +529,8 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, entry->rule.buflen += f_val; f->lsm_str = str; err = security_audit_rule_init(f->type, f->op, str, - (void **)&f->lsm_rule); + (void **)&f->lsm_rule, + GFP_KERNEL); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (err == -EINVAL) { @@ -798,7 +799,7 @@ static inline int audit_dupe_lsm_field(struct audit_field *df, /* our own (refreshed) copy of lsm_rule */ ret = security_audit_rule_init(df->type, df->op, df->lsm_str, - (void **)&df->lsm_rule); + (void **)&df->lsm_rule, GFP_KERNEL); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (ret == -EINVAL) { diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 704b0c895605..963df28584ee 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -173,7 +173,7 @@ void aa_audit_rule_free(void *vrule) } } -int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) +int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, gfp_t gfp) { struct aa_audit_rule *rule; @@ -186,14 +186,14 @@ int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) return -EINVAL; } - rule = kzalloc(sizeof(struct aa_audit_rule), GFP_KERNEL); + rule = kzalloc(sizeof(struct aa_audit_rule), gfp); if (!rule) return -ENOMEM; /* Currently rules are treated as coming from the root ns */ rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr, - GFP_KERNEL, true, false); + gfp, true, false); if (IS_ERR(rule->label)) { int err = PTR_ERR(rule->label); aa_audit_rule_free(rule); diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 18519a4eb67e..f325f1bef8d6 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -186,7 +186,7 @@ static inline int complain_error(int error) } void aa_audit_rule_free(void *vrule); -int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule); +int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, gfp_t gfp); int aa_audit_rule_known(struct audit_krule *rule); int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule); diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index be965a8715e4..c80bc15b4486 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -428,7 +428,7 @@ static inline void ima_free_modsig(struct modsig *modsig) #else static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) + void **lsmrule, gfp_t gfp) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index bdc40535ff48..1f930711db76 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -377,7 +377,8 @@ static void ima_free_rule(struct ima_rule_entry *entry) kfree(entry); } -static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) +static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry, + gfp_t gfp) { struct ima_rule_entry *nentry; int i; @@ -386,7 +387,7 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) * Immutable elements are copied over as pointers and data; only * lsm rules can change */ - nentry = kmemdup(entry, sizeof(*nentry), GFP_KERNEL); + nentry = kmemdup(entry, sizeof(*nentry), gfp); if (!nentry) return NULL; @@ -401,7 +402,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) ima_filter_rule_init(nentry->lsm[i].type, Audit_equal, nentry->lsm[i].args_p, - &nentry->lsm[i].rule); + &nentry->lsm[i].rule, + gfp); if (!nentry->lsm[i].rule) pr_warn("rule for LSM \'%s\' is undefined\n", nentry->lsm[i].args_p); @@ -414,7 +416,7 @@ static int ima_lsm_update_rule(struct ima_rule_entry *entry) int i; struct ima_rule_entry *nentry; - nentry = ima_lsm_copy_rule(entry); + nentry = ima_lsm_copy_rule(entry, GFP_KERNEL); if (!nentry) return -ENOMEM; @@ -638,7 +640,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, } if (rc == -ESTALE && !rule_reinitialized) { - lsm_rule = ima_lsm_copy_rule(rule); + lsm_rule = ima_lsm_copy_rule(rule, GFP_ATOMIC); if (lsm_rule) { rule_reinitialized = true; goto retry; @@ -1113,7 +1115,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, entry->lsm[lsm_rule].type = audit_type; result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, entry->lsm[lsm_rule].args_p, - &entry->lsm[lsm_rule].rule); + &entry->lsm[lsm_rule].rule, + GFP_KERNEL); if (!entry->lsm[lsm_rule].rule) { pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); diff --git a/security/security.c b/security/security.c index 1b504c296551..fb1692254851 100644 --- a/security/security.c +++ b/security/security.c @@ -2617,9 +2617,11 @@ int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_AUDIT -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, + gfp_t gfp) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule, + gfp); } int security_audit_rule_known(struct audit_krule *krule) diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h index 406bceb90c6c..ef54f61a3066 100644 --- a/security/selinux/include/audit.h +++ b/security/selinux/include/audit.h @@ -21,12 +21,14 @@ * @op: the operator the rule uses * @rulestr: the text "target" of the rule * @rule: pointer to the new rule structure returned via this + * @gfp: GFP flag used for kmalloc * * Returns 0 if successful, -errno if not. On success, the rule structure * will be allocated internally. The caller must free this structure with * selinux_audit_rule_free() after use. */ -int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule); +int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule, + gfp_t gfp); /** * selinux_audit_rule_free - free an selinux audit rule structure. diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 64a6a37dc36d..2b8ebd390e37 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3563,7 +3563,8 @@ void selinux_audit_rule_free(void *vrule) } } -int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) +int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, + gfp_t gfp) { struct selinux_state *state = &selinux_state; struct selinux_policy *policy; @@ -3604,7 +3605,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) return -EINVAL; } - tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL); + tmprule = kzalloc(sizeof(struct selinux_audit_rule), gfp); if (!tmprule) return -ENOMEM; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index feba69549d08..b0a483e40c82 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4552,11 +4552,13 @@ static int smack_post_notification(const struct cred *w_cred, * @op: required testing operator (=, !=, >, <, ...) * @rulestr: smack label to be audited * @vrule: pointer to save our own audit rule representation + * @gfp: type of the memory for the allocation * * Prepare to audit cases where (@field @op @rulestr) is true. * The label to be audited is created if necessay. */ -static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) +static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, + gfp_t gfp) { struct smack_known *skp; char **rule = (char **)vrule; -- 2.34.1

10 months

4
3
0 0

[PATCH] ima: Avoid blocking in RCU read-side critical section

by Mimi Zohar

From: GUO Zihua <guozihua(a)huawei.com> A panic happens in ima_match_policy: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 42f873067 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 5 PID: 1286325 Comm: kubeletmonit.sh Kdump: loaded Tainted: P Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 RIP: 0010:ima_match_policy+0x84/0x450 Code: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39 7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d f2 b9 f4 00 0f 84 9c 01 00 00 <44> 85 73 10 74 ea 44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f RSP: 0018:ff71570009e07a80 EFLAGS: 00010207 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200 RDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739 R10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970 R13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001 FS: 00007f5195b51740(0000) GS:ff3e278b12d40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ima_get_action+0x22/0x30 process_measurement+0xb0/0x830 ? page_add_file_rmap+0x15/0x170 ? alloc_set_pte+0x269/0x4c0 ? prep_new_page+0x81/0x140 ? simple_xattr_get+0x75/0xa0 ? selinux_file_open+0x9d/0xf0 ima_file_check+0x64/0x90 path_openat+0x571/0x1720 do_filp_open+0x9b/0x110 ? page_counter_try_charge+0x57/0xc0 ? files_cgroup_alloc_fd+0x38/0x60 ? __alloc_fd+0xd4/0x250 ? do_sys_open+0x1bd/0x250 do_sys_open+0x1bd/0x250 do_syscall_64+0x5d/0x1d0 entry_SYSCALL_64_after_hwframe+0x65/0xca Commit c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()") introduced call to ima_lsm_copy_rule within a RCU read-side critical section which contains kmalloc with GFP_KERNEL. This implies a possible sleep and violates limitations of RCU read-side critical sections on non-PREEMPT systems. Sleeping within RCU read-side critical section might cause synchronize_rcu() returning early and break RCU protection, allowing a UAF to happen. The root cause of this issue could be described as follows: | Thread A | Thread B | | |ima_match_policy | | | rcu_read_lock | |ima_lsm_update_rule | | | synchronize_rcu | | | | kmalloc(GFP_KERNEL)| | | sleep | ==> synchronize_rcu returns early | kfree(entry) | | | | entry = entry->next| ==> UAF happens and entry now becomes NULL (or could be anything). | | entry->action | ==> Accessing entry might cause panic. To fix this issue, we are converting all kmalloc that is called within RCU read-side critical section to use GFP_ATOMIC. Fixes: c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()") Cc: stable(a)vger.kernel.org Signed-off-by: GUO Zihua <guozihua(a)huawei.com> Acked-by: John Johansen <john.johansen(a)canonical.com> Reviewed-by: Mimi Zohar <zohar(a)linux.ibm.com> Reviewed-by: Casey Schaufler <casey(a)schaufler-ca.com> [PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case] Signed-off-by: Paul Moore <paul(a)paul-moore.com> (cherry picked from commit 9a95c5bfbf02a0a7f5983280fe284a0ff0836c34) Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> --- Backport notes: - Restore default return value parameter to call_int_hook() in security_audit_rule_init() in lieu of backporting commit 260017f31a8c ("lsm: use default hook return value in call_int_hook()"). - Applies to linux-6.8.y -> linux-6.4.y include/linux/lsm_hook_defs.h | 2 +- include/linux/security.h | 5 +++-- kernel/auditfilter.c | 5 +++-- security/apparmor/audit.c | 6 +++--- security/apparmor/include/audit.h | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_policy.c | 15 +++++++++------ security/security.c | 6 ++++-- security/selinux/include/audit.h | 4 +++- security/selinux/ss/services.c | 5 +++-- security/smack/smack_lsm.c | 4 +++- 11 files changed, 34 insertions(+), 22 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index f9b5baf1b5f4..4903a724e344 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -394,7 +394,7 @@ LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **buffer) #ifdef CONFIG_AUDIT LSM_HOOK(int, 0, audit_rule_init, u32 field, u32 op, char *rulestr, - void **lsmrule) + void **lsmrule, gfp_t gfp) LSM_HOOK(int, 0, audit_rule_known, struct audit_krule *krule) LSM_HOOK(int, 0, audit_rule_match, u32 secid, u32 field, u32 op, void *lsmrule) LSM_HOOK(void, LSM_RET_VOID, audit_rule_free, void *lsmrule) diff --git a/include/linux/security.h b/include/linux/security.h index 3180d823e023..3f23438a0a4d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1988,7 +1988,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) #ifdef CONFIG_AUDIT #ifdef CONFIG_SECURITY -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); +int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, + gfp_t gfp); int security_audit_rule_known(struct audit_krule *krule); int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); void security_audit_rule_free(void *lsmrule); @@ -1996,7 +1997,7 @@ void security_audit_rule_free(void *lsmrule); #else static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) + void **lsmrule, gfp_t gfp) { return 0; } diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 8317a37dea0b..685bccb20b6f 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -529,7 +529,8 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, entry->rule.buflen += f_val; f->lsm_str = str; err = security_audit_rule_init(f->type, f->op, str, - (void **)&f->lsm_rule); + (void **)&f->lsm_rule, + GFP_KERNEL); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (err == -EINVAL) { @@ -799,7 +800,7 @@ static inline int audit_dupe_lsm_field(struct audit_field *df, /* our own (refreshed) copy of lsm_rule */ ret = security_audit_rule_init(df->type, df->op, df->lsm_str, - (void **)&df->lsm_rule); + (void **)&df->lsm_rule, GFP_KERNEL); /* Keep currently invalid fields around in case they * become valid after a policy reload. */ if (ret == -EINVAL) { diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 45beb1c5f747..6b5181c668b5 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -217,7 +217,7 @@ void aa_audit_rule_free(void *vrule) } } -int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) +int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, gfp_t gfp) { struct aa_audit_rule *rule; @@ -230,14 +230,14 @@ int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) return -EINVAL; } - rule = kzalloc(sizeof(struct aa_audit_rule), GFP_KERNEL); + rule = kzalloc(sizeof(struct aa_audit_rule), gfp); if (!rule) return -ENOMEM; /* Currently rules are treated as coming from the root ns */ rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr, - GFP_KERNEL, true, false); + gfp, true, false); if (IS_ERR(rule->label)) { int err = PTR_ERR(rule->label); aa_audit_rule_free(rule); diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index acbb03b9bd25..0c8cc86b417b 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -200,7 +200,7 @@ static inline int complain_error(int error) } void aa_audit_rule_free(void *vrule); -int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule); +int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, gfp_t gfp); int aa_audit_rule_known(struct audit_krule *rule); int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule); diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index c29db699c996..07a4586e129c 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -430,7 +430,7 @@ static inline void ima_free_modsig(struct modsig *modsig) #else static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) + void **lsmrule, gfp_t gfp) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index f69062617754..f3f46c6186c0 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -401,7 +401,8 @@ static void ima_free_rule(struct ima_rule_entry *entry) kfree(entry); } -static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) +static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry, + gfp_t gfp) { struct ima_rule_entry *nentry; int i; @@ -410,7 +411,7 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) * Immutable elements are copied over as pointers and data; only * lsm rules can change */ - nentry = kmemdup(entry, sizeof(*nentry), GFP_KERNEL); + nentry = kmemdup(entry, sizeof(*nentry), gfp); if (!nentry) return NULL; @@ -425,7 +426,8 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) ima_filter_rule_init(nentry->lsm[i].type, Audit_equal, nentry->lsm[i].args_p, - &nentry->lsm[i].rule); + &nentry->lsm[i].rule, + gfp); if (!nentry->lsm[i].rule) pr_warn("rule for LSM \'%s\' is undefined\n", nentry->lsm[i].args_p); @@ -438,7 +440,7 @@ static int ima_lsm_update_rule(struct ima_rule_entry *entry) int i; struct ima_rule_entry *nentry; - nentry = ima_lsm_copy_rule(entry); + nentry = ima_lsm_copy_rule(entry, GFP_KERNEL); if (!nentry) return -ENOMEM; @@ -664,7 +666,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, } if (rc == -ESTALE && !rule_reinitialized) { - lsm_rule = ima_lsm_copy_rule(rule); + lsm_rule = ima_lsm_copy_rule(rule, GFP_ATOMIC); if (lsm_rule) { rule_reinitialized = true; goto retry; @@ -1140,7 +1142,8 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, entry->lsm[lsm_rule].type = audit_type; result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, entry->lsm[lsm_rule].args_p, - &entry->lsm[lsm_rule].rule); + &entry->lsm[lsm_rule].rule, + GFP_KERNEL); if (!entry->lsm[lsm_rule].rule) { pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); diff --git a/security/security.c b/security/security.c index a344b8fa5530..e0ef2ac7600f 100644 --- a/security/security.c +++ b/security/security.c @@ -5350,15 +5350,17 @@ int security_key_getsecurity(struct key *key, char **buffer) * @op: rule operator * @rulestr: rule context * @lsmrule: receive buffer for audit rule struct + * @gfp: GFP flag used for kmalloc * * Allocate and initialize an LSM audit rule structure. * * Return: Return 0 if @lsmrule has been successfully set, -EINVAL in case of * an invalid rule. */ -int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule, + gfp_t gfp) { - return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); + return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule, gfp); } /** diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h index 52aca71210b4..29c7d4c86f6d 100644 --- a/security/selinux/include/audit.h +++ b/security/selinux/include/audit.h @@ -21,12 +21,14 @@ * @op: the operator the rule uses * @rulestr: the text "target" of the rule * @rule: pointer to the new rule structure returned via this + * @gfp: GFP flag used for kmalloc * * Returns 0 if successful, -errno if not. On success, the rule structure * will be allocated internally. The caller must free this structure with * selinux_audit_rule_free() after use. */ -int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule); +int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule, + gfp_t gfp); /** * selinux_audit_rule_free - free an selinux audit rule structure. diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index e88b1b6c4adb..ded250e525e9 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3508,7 +3508,8 @@ void selinux_audit_rule_free(void *vrule) } } -int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) +int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, + gfp_t gfp) { struct selinux_state *state = &selinux_state; struct selinux_policy *policy; @@ -3549,7 +3550,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) return -EINVAL; } - tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL); + tmprule = kzalloc(sizeof(struct selinux_audit_rule), gfp); if (!tmprule) return -ENOMEM; context_init(&tmprule->au_ctxt); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 6f9a80783a5a..8cc3a6764379 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4690,11 +4690,13 @@ static int smack_post_notification(const struct cred *w_cred, * @op: required testing operator (=, !=, >, <, ...) * @rulestr: smack label to be audited * @vrule: pointer to save our own audit rule representation + * @gfp: type of the memory for the allocation * * Prepare to audit cases where (@field @op @rulestr) is true. * The label to be audited is created if necessay. */ -static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) +static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, + gfp_t gfp) { struct smack_known *skp; char **rule = (char **)vrule; -- 2.43.0

10 months

2
1
0 0

[PATCH backport 5.10.y] bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues

by Wen Gu

From: Wang Yufen <wangyufen(a)huawei.com> [ Upstream commit d8616ee2affcff37c5d315310da557a694a3303d ] During TCP sockmap redirect pressure test, the following warning is triggered: WARNING: CPU: 3 PID: 2145 at net/core/stream.c:205 sk_stream_kill_queues+0xbc/0xd0 CPU: 3 PID: 2145 Comm: iperf Kdump: loaded Tainted: G W 5.10.0+ #9 Call Trace: inet_csk_destroy_sock+0x55/0x110 inet_csk_listen_stop+0xbb/0x380 tcp_close+0x41b/0x480 inet_release+0x42/0x80 __sock_release+0x3d/0xa0 sock_close+0x11/0x20 __fput+0x9d/0x240 task_work_run+0x62/0x90 exit_to_user_mode_prepare+0x110/0x120 syscall_exit_to_user_mode+0x27/0x190 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The reason we observed is that: When the listener is closing, a connection may have completed the three-way handshake but not accepted, and the client has sent some packets. The child sks in accept queue release by inet_child_forget()->inet_csk_destroy_sock(), but psocks of child sks have not released. To fix, add sock_map_destroy to release psocks. Signed-off-by: Wang Yufen <wangyufen(a)huawei.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jakub Sitnicki <jakub(a)cloudflare.com> Acked-by: John Fastabend <john.fastabend(a)gmail.com> Link: https://lore.kernel.org/bpf/20220524075311.649153-1-wangyufen@huawei.com Stable-dep-of: 8bbabb3fddcd ("bpf, sock_map: Move cancel_work_sync() out of sock lock") Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Conflict in include/linux/bpf.h due to function declaration position and remove non-existed sk_psock_stop helper from sock_map_destroy.] Signed-off-by: Wen Gu <guwen(a)linux.alibaba.com> --- background: Link: https://lore.kernel.org/stable/d11bc7e6-a2c7-445a-8561-3599eafb07b0@linux.a… @stable team: This backport has 2 changes compared to the original patch: - fix conflict due to sock_map_destroy declaration position in include/linux/bpf.h; - remove the non-existed sk_psock_stop helper from sock_map_destroy. This helper is introduced by 799aa7f98d53 ("skmsg: Avoid lock_sock() in sk_psock_backlog()") after v5.10, it is not a fix and hard to backport. Considering that what did in sk_psock_stop is done in sk_psock_drop and neither sock_map_close nor sock_map_unhash in v5.10 introduces sk_psock_stop, I removed it from sock_map_destroy too. I tested it in my environment, the regression was gone. Cc: Wang Yufen <wangyufen(a)huawei.com> @Yufen, if I missed anything, please point it out, thanks! --- include/linux/bpf.h | 1 + include/linux/skmsg.h | 1 + net/core/skmsg.c | 1 + net/core/sock_map.c | 22 ++++++++++++++++++++++ net/ipv4/tcp_bpf.c | 1 + 5 files changed, 26 insertions(+) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index a75faf437e75..340f4fef5b5a 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1800,6 +1800,7 @@ int sock_map_get_from_fd(const union bpf_attr *attr, struct bpf_prog *prog); int sock_map_prog_detach(const union bpf_attr *attr, enum bpf_prog_type ptype); int sock_map_update_elem_sys(struct bpf_map *map, void *key, void *value, u64 flags); void sock_map_unhash(struct sock *sk); +void sock_map_destroy(struct sock *sk); void sock_map_close(struct sock *sk, long timeout); #else static inline int sock_map_prog_update(struct bpf_map *map, diff --git a/include/linux/skmsg.h b/include/linux/skmsg.h index 1138dd3071db..e2af013ec05f 100644 --- a/include/linux/skmsg.h +++ b/include/linux/skmsg.h @@ -98,6 +98,7 @@ struct sk_psock { spinlock_t link_lock; refcount_t refcnt; void (*saved_unhash)(struct sock *sk); + void (*saved_destroy)(struct sock *sk); void (*saved_close)(struct sock *sk, long timeout); void (*saved_write_space)(struct sock *sk); struct proto *sk_proto; diff --git a/net/core/skmsg.c b/net/core/skmsg.c index bb4fbc60b272..51792dda1b73 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -599,6 +599,7 @@ struct sk_psock *sk_psock_init(struct sock *sk, int node) psock->eval = __SK_NONE; psock->sk_proto = prot; psock->saved_unhash = prot->unhash; + psock->saved_destroy = prot->destroy; psock->saved_close = prot->close; psock->saved_write_space = sk->sk_write_space; diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 52e395a189df..d1d0ee2dbfaa 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -1566,6 +1566,28 @@ void sock_map_unhash(struct sock *sk) saved_unhash(sk); } +void sock_map_destroy(struct sock *sk) +{ + void (*saved_destroy)(struct sock *sk); + struct sk_psock *psock; + + rcu_read_lock(); + psock = sk_psock_get(sk); + if (unlikely(!psock)) { + rcu_read_unlock(); + if (sk->sk_prot->destroy) + sk->sk_prot->destroy(sk); + return; + } + + saved_destroy = psock->saved_destroy; + sock_map_remove_links(sk, psock); + rcu_read_unlock(); + sk_psock_put(sk, psock); + saved_destroy(sk); +} +EXPORT_SYMBOL_GPL(sock_map_destroy); + void sock_map_close(struct sock *sk, long timeout) { void (*saved_close)(struct sock *sk, long timeout); diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c index d0ca1fc325cd..f909e440bb22 100644 --- a/net/ipv4/tcp_bpf.c +++ b/net/ipv4/tcp_bpf.c @@ -582,6 +582,7 @@ static void tcp_bpf_rebuild_protos(struct proto prot[TCP_BPF_NUM_CFGS], struct proto *base) { prot[TCP_BPF_BASE] = *base; + prot[TCP_BPF_BASE].destroy = sock_map_destroy; prot[TCP_BPF_BASE].close = sock_map_close; prot[TCP_BPF_BASE].recvmsg = tcp_bpf_recvmsg; prot[TCP_BPF_BASE].stream_memory_read = tcp_bpf_stream_read; -- 2.32.0.3.g01195cf9f

10 months

2
1
0 0

FAILED: patch "[PATCH] riscv: dts: starfive: Set EMMC vqmmc maximum voltage to 3.3V" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3c1f81a1b554f49e99b34ca45324b35948c885db # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070822-unfixed-paced-a31d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 3c1f81a1b554 ("riscv: dts: starfive: Set EMMC vqmmc maximum voltage to 3.3V on JH7110 boards") ac9a37e2d6b6 ("riscv: dts: starfive: introduce a common board dtsi for jh7110 based boards") 07da6ddf510b ("riscv: dts: starfive: visionfive 2: add "disable-wp" for tfcard") 0ffce9d49abd ("riscv: dts: starfive: visionfive 2: add tf cd-gpios") ffddddf4aa8d ("riscv: dts: starfive: visionfive 2: use cpus label for timebase freq") b9a1481f259c ("riscv: dts: starfive: visionfive 2: update sound and codec dt node name") e0503d47e93d ("riscv: dts: starfive: visionfive 2: Remove non-existing I2S hardware") dcde4e97b122 ("riscv: dts: starfive: visionfive 2: Remove non-existing TDM hardware") 0f74c64f0a9f ("riscv: dts: starfive: Remove PMIC interrupt info for Visionfive 2 board") 28ecaaa5af19 ("riscv: dts: starfive: jh7110: Add camera subsystem nodes") 8d01f741a046 ("riscv: dts: starfive: jh7110: Add PWM node and pins configuration") 79384a047535 ("Merge tag 'riscv-dt-for-v6.7' of https://git.kernel.org/pub/scm/linux/kernel/git/conor/linux into soc/dt") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3c1f81a1b554f49e99b34ca45324b35948c885db Mon Sep 17 00:00:00 2001 From: Shengyu Qu <wiagn233(a)outlook.com> Date: Wed, 12 Jun 2024 18:33:31 +0800 Subject: [PATCH] riscv: dts: starfive: Set EMMC vqmmc maximum voltage to 3.3V on JH7110 boards Currently, for JH7110 boards with EMMC slot, vqmmc voltage for EMMC is fixed to 1.8V, while the spec needs it to be 3.3V on low speed mode and should support switching to 1.8V when using higher speed mode. Since there are no other peripherals using the same voltage source of EMMC's vqmmc(ALDO4) on every board currently supported by mainline kernel, regulator-max-microvolt of ALDO4 should be set to 3.3V. Cc: stable(a)vger.kernel.org Signed-off-by: Shengyu Qu <wiagn233(a)outlook.com> Fixes: 7dafcfa79cc9 ("riscv: dts: starfive: enable DCDC1&ALDO4 node in axp15060") Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> diff --git a/arch/riscv/boot/dts/starfive/jh7110-common.dtsi b/arch/riscv/boot/dts/starfive/jh7110-common.dtsi index 8ff6ea64f048..68d16717db8c 100644 --- a/arch/riscv/boot/dts/starfive/jh7110-common.dtsi +++ b/arch/riscv/boot/dts/starfive/jh7110-common.dtsi @@ -244,7 +244,7 @@ emmc_vdd: aldo4 { regulator-boot-on; regulator-always-on; regulator-min-microvolt = <1800000>; - regulator-max-microvolt = <1800000>; + regulator-max-microvolt = <3300000>; regulator-name = "emmc_vdd"; }; };

10 months

1
0
0 0

FAILED: patch "[PATCH] riscv: dts: starfive: Set EMMC vqmmc maximum voltage to 3.3V" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 3c1f81a1b554f49e99b34ca45324b35948c885db # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070821-ascent-stiffen-9101@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: 3c1f81a1b554 ("riscv: dts: starfive: Set EMMC vqmmc maximum voltage to 3.3V on JH7110 boards") ac9a37e2d6b6 ("riscv: dts: starfive: introduce a common board dtsi for jh7110 based boards") 07da6ddf510b ("riscv: dts: starfive: visionfive 2: add "disable-wp" for tfcard") 0ffce9d49abd ("riscv: dts: starfive: visionfive 2: add tf cd-gpios") ffddddf4aa8d ("riscv: dts: starfive: visionfive 2: use cpus label for timebase freq") b9a1481f259c ("riscv: dts: starfive: visionfive 2: update sound and codec dt node name") e0503d47e93d ("riscv: dts: starfive: visionfive 2: Remove non-existing I2S hardware") dcde4e97b122 ("riscv: dts: starfive: visionfive 2: Remove non-existing TDM hardware") 0f74c64f0a9f ("riscv: dts: starfive: Remove PMIC interrupt info for Visionfive 2 board") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3c1f81a1b554f49e99b34ca45324b35948c885db Mon Sep 17 00:00:00 2001 From: Shengyu Qu <wiagn233(a)outlook.com> Date: Wed, 12 Jun 2024 18:33:31 +0800 Subject: [PATCH] riscv: dts: starfive: Set EMMC vqmmc maximum voltage to 3.3V on JH7110 boards Currently, for JH7110 boards with EMMC slot, vqmmc voltage for EMMC is fixed to 1.8V, while the spec needs it to be 3.3V on low speed mode and should support switching to 1.8V when using higher speed mode. Since there are no other peripherals using the same voltage source of EMMC's vqmmc(ALDO4) on every board currently supported by mainline kernel, regulator-max-microvolt of ALDO4 should be set to 3.3V. Cc: stable(a)vger.kernel.org Signed-off-by: Shengyu Qu <wiagn233(a)outlook.com> Fixes: 7dafcfa79cc9 ("riscv: dts: starfive: enable DCDC1&ALDO4 node in axp15060") Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> diff --git a/arch/riscv/boot/dts/starfive/jh7110-common.dtsi b/arch/riscv/boot/dts/starfive/jh7110-common.dtsi index 8ff6ea64f048..68d16717db8c 100644 --- a/arch/riscv/boot/dts/starfive/jh7110-common.dtsi +++ b/arch/riscv/boot/dts/starfive/jh7110-common.dtsi @@ -244,7 +244,7 @@ emmc_vdd: aldo4 { regulator-boot-on; regulator-always-on; regulator-min-microvolt = <1800000>; - regulator-max-microvolt = <1800000>; + regulator-max-microvolt = <3300000>; regulator-name = "emmc_vdd"; }; };

10 months

1
0
0 0

FAILED: patch "[PATCH] mtd: rawnand: Ensure ECC configuration is propagated to upper" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3a1b777eb9fb75d09c45ae5dd1d007eddcbebf1f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070824-sprint-steadying-855b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 3a1b777eb9fb ("mtd: rawnand: Ensure ECC configuration is propagated to upper layers") 80fe603160a4 ("mtd: nand: ecc-bch: Stop using raw NAND structures") ea146d7fbf50 ("mtd: nand: ecc-bch: Update the prototypes to be more generic") 127aae607756 ("mtd: nand: ecc-bch: Drop mtd_nand_has_bch()") 3c0fe36abebe ("mtd: nand: ecc-bch: Stop exporting the private structure") 8c5c20921856 ("mtd: nand: ecc-bch: Cleanup and style fixes") cdbe8df5e28e ("mtd: nand: ecc-bch: Move BCH code to the generic NAND layer") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3a1b777eb9fb75d09c45ae5dd1d007eddcbebf1f Mon Sep 17 00:00:00 2001 From: Miquel Raynal <miquel.raynal(a)bootlin.com> Date: Tue, 7 May 2024 10:58:42 +0200 Subject: [PATCH] mtd: rawnand: Ensure ECC configuration is propagated to upper layers Until recently the "upper layer" was MTD. But following incremental reworks to bring spi-nand support and more recently generic ECC support, there is now an intermediate "generic NAND" layer that also needs to get access to some values. When using "converted" ECC engines, like the software ones, these values are already propagated correctly. But otherwise when using good old raw NAND controller drivers, we need to manually set these values ourselves at the end of the "scan" operation, once these values have been negotiated. Without this propagation, later (generic) checks like the one warning users that the ECC strength is not high enough might simply no longer work. Fixes: 8c126720fe10 ("mtd: rawnand: Use the ECC framework nand_ecc_is_strong_enough() helper") Cc: stable(a)vger.kernel.org Reported-by: Sascha Hauer <s.hauer(a)pengutronix.de> Closes: https://lore.kernel.org/all/Zhe2JtvvN1M4Ompw@pengutronix.de/ Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Tested-by: Sascha Hauer <s.hauer(a)pengutronix.de> Link: https://lore.kernel.org/linux-mtd/20240507085842.108844-1-miquel.raynal@boo… diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index d7dbbd469b89..acd137dd0957 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -6301,6 +6301,7 @@ static const struct nand_ops rawnand_ops = { static int nand_scan_tail(struct nand_chip *chip) { struct mtd_info *mtd = nand_to_mtd(chip); + struct nand_device *base = &chip->base; struct nand_ecc_ctrl *ecc = &chip->ecc; int ret, i; @@ -6445,9 +6446,13 @@ static int nand_scan_tail(struct nand_chip *chip) if (!ecc->write_oob_raw) ecc->write_oob_raw = ecc->write_oob; - /* propagate ecc info to mtd_info */ + /* Propagate ECC info to the generic NAND and MTD layers */ mtd->ecc_strength = ecc->strength; + if (!base->ecc.ctx.conf.strength) + base->ecc.ctx.conf.strength = ecc->strength; mtd->ecc_step_size = ecc->size; + if (!base->ecc.ctx.conf.step_size) + base->ecc.ctx.conf.step_size = ecc->size; /* * Set the number of read / write steps for one page depending on ECC @@ -6455,6 +6460,8 @@ static int nand_scan_tail(struct nand_chip *chip) */ if (!ecc->steps) ecc->steps = mtd->writesize / ecc->size; + if (!base->ecc.ctx.nsteps) + base->ecc.ctx.nsteps = ecc->steps; if (ecc->steps * ecc->size != mtd->writesize) { WARN(1, "Invalid ECC parameters\n"); ret = -EINVAL;

10 months

1
0
0 0

FAILED: patch "[PATCH] filelock: Remove locks reliably when fcntl/close race is" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 3cad1bc010416c6dd780643476bc59ed742436b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070803-gummy-tuition-6ac3@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected") 4ca52f539865 ("filelock: have fs/locks.c deal with file_lock_core directly") a69ce85ec9af ("filelock: split common fields into struct file_lock_core") 3d40f78169a0 ("filelock: drop the IS_* macros") 75cabec0111b ("filelock: add some new helper functions") 587a67b6830b ("filelock: rename some fields in tracepoints") 0e9876d8e88d ("filelock: fl_pid field should be signed int") 6c9007f65d14 ("fs/locks: F_UNLCK extension for F_OFD_GETLK") dc592190a554 ("fs/locks: Remove redundant assignment to cmd") 3822a7c40997 ("Merge tag 'mm-stable-2023-02-20-13-37' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3cad1bc010416c6dd780643476bc59ed742436b9 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 2 Jul 2024 18:26:52 +0200 Subject: [PATCH] filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. In theory (but AFAIK not in practice), posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. This only affects systems with SELinux / Smack / AppArmor / BPF-LSM in enforcing mode and only works from some security contexts. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush(). Fixes: c293621bbf67 ("[PATCH] stale POSIX lock handling") Cc: stable(a)kernel.org Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=2563 Signed-off-by: Jann Horn <jannh(a)google.com> Link: https://lore.kernel.org/r/20240702-fs-lock-recover-2-v1-1-edd456f63789@goog… Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/locks.c b/fs/locks.c index 90c8746874de..c360d1992d21 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2448,8 +2448,9 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, error = do_lock_file_wait(filp, cmd, file_lock); /* - * Attempt to detect a close/fcntl race and recover by releasing the - * lock that was just acquired. There is no need to do that when we're + * Detect close/fcntl races and recover by zapping all POSIX locks + * associated with this file and our files_struct, just like on + * filp_flush(). There is no need to do that when we're * unlocking though, or for OFD locks. */ if (!error && file_lock->c.flc_type != F_UNLCK && @@ -2464,9 +2465,7 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, f = files_lookup_fd_locked(files, fd); spin_unlock(&files->file_lock); if (f != filp) { - file_lock->c.flc_type = F_UNLCK; - error = do_lock_file_wait(filp, cmd, file_lock); - WARN_ON_ONCE(error); + locks_remove_posix(filp, files); error = -EBADF; } }

10 months

1
0
0 0

FAILED: patch "[PATCH] filelock: Remove locks reliably when fcntl/close race is" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 3cad1bc010416c6dd780643476bc59ed742436b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070802-nebula-stir-11eb@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected") 4ca52f539865 ("filelock: have fs/locks.c deal with file_lock_core directly") a69ce85ec9af ("filelock: split common fields into struct file_lock_core") 3d40f78169a0 ("filelock: drop the IS_* macros") 75cabec0111b ("filelock: add some new helper functions") 587a67b6830b ("filelock: rename some fields in tracepoints") 0e9876d8e88d ("filelock: fl_pid field should be signed int") 6c9007f65d14 ("fs/locks: F_UNLCK extension for F_OFD_GETLK") dc592190a554 ("fs/locks: Remove redundant assignment to cmd") 3822a7c40997 ("Merge tag 'mm-stable-2023-02-20-13-37' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3cad1bc010416c6dd780643476bc59ed742436b9 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 2 Jul 2024 18:26:52 +0200 Subject: [PATCH] filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. In theory (but AFAIK not in practice), posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. This only affects systems with SELinux / Smack / AppArmor / BPF-LSM in enforcing mode and only works from some security contexts. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush(). Fixes: c293621bbf67 ("[PATCH] stale POSIX lock handling") Cc: stable(a)kernel.org Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=2563 Signed-off-by: Jann Horn <jannh(a)google.com> Link: https://lore.kernel.org/r/20240702-fs-lock-recover-2-v1-1-edd456f63789@goog… Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/locks.c b/fs/locks.c index 90c8746874de..c360d1992d21 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2448,8 +2448,9 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, error = do_lock_file_wait(filp, cmd, file_lock); /* - * Attempt to detect a close/fcntl race and recover by releasing the - * lock that was just acquired. There is no need to do that when we're + * Detect close/fcntl races and recover by zapping all POSIX locks + * associated with this file and our files_struct, just like on + * filp_flush(). There is no need to do that when we're * unlocking though, or for OFD locks. */ if (!error && file_lock->c.flc_type != F_UNLCK && @@ -2464,9 +2465,7 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, f = files_lookup_fd_locked(files, fd); spin_unlock(&files->file_lock); if (f != filp) { - file_lock->c.flc_type = F_UNLCK; - error = do_lock_file_wait(filp, cmd, file_lock); - WARN_ON_ONCE(error); + locks_remove_posix(filp, files); error = -EBADF; } }

10 months

1
0
0 0

FAILED: patch "[PATCH] filelock: Remove locks reliably when fcntl/close race is" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3cad1bc010416c6dd780643476bc59ed742436b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070801-hatbox-ripple-b0ef@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected") 4ca52f539865 ("filelock: have fs/locks.c deal with file_lock_core directly") a69ce85ec9af ("filelock: split common fields into struct file_lock_core") 3d40f78169a0 ("filelock: drop the IS_* macros") 75cabec0111b ("filelock: add some new helper functions") 587a67b6830b ("filelock: rename some fields in tracepoints") 0e9876d8e88d ("filelock: fl_pid field should be signed int") 6c9007f65d14 ("fs/locks: F_UNLCK extension for F_OFD_GETLK") dc592190a554 ("fs/locks: Remove redundant assignment to cmd") 3822a7c40997 ("Merge tag 'mm-stable-2023-02-20-13-37' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3cad1bc010416c6dd780643476bc59ed742436b9 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 2 Jul 2024 18:26:52 +0200 Subject: [PATCH] filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. In theory (but AFAIK not in practice), posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. This only affects systems with SELinux / Smack / AppArmor / BPF-LSM in enforcing mode and only works from some security contexts. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush(). Fixes: c293621bbf67 ("[PATCH] stale POSIX lock handling") Cc: stable(a)kernel.org Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=2563 Signed-off-by: Jann Horn <jannh(a)google.com> Link: https://lore.kernel.org/r/20240702-fs-lock-recover-2-v1-1-edd456f63789@goog… Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/locks.c b/fs/locks.c index 90c8746874de..c360d1992d21 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2448,8 +2448,9 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, error = do_lock_file_wait(filp, cmd, file_lock); /* - * Attempt to detect a close/fcntl race and recover by releasing the - * lock that was just acquired. There is no need to do that when we're + * Detect close/fcntl races and recover by zapping all POSIX locks + * associated with this file and our files_struct, just like on + * filp_flush(). There is no need to do that when we're * unlocking though, or for OFD locks. */ if (!error && file_lock->c.flc_type != F_UNLCK && @@ -2464,9 +2465,7 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, f = files_lookup_fd_locked(files, fd); spin_unlock(&files->file_lock); if (f != filp) { - file_lock->c.flc_type = F_UNLCK; - error = do_lock_file_wait(filp, cmd, file_lock); - WARN_ON_ONCE(error); + locks_remove_posix(filp, files); error = -EBADF; } }

10 months

1
0
0 0

FAILED: patch "[PATCH] filelock: Remove locks reliably when fcntl/close race is" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3cad1bc010416c6dd780643476bc59ed742436b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070800-certainly-antibody-ea44@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected") 4ca52f539865 ("filelock: have fs/locks.c deal with file_lock_core directly") a69ce85ec9af ("filelock: split common fields into struct file_lock_core") 3d40f78169a0 ("filelock: drop the IS_* macros") 75cabec0111b ("filelock: add some new helper functions") 587a67b6830b ("filelock: rename some fields in tracepoints") 0e9876d8e88d ("filelock: fl_pid field should be signed int") 6c9007f65d14 ("fs/locks: F_UNLCK extension for F_OFD_GETLK") dc592190a554 ("fs/locks: Remove redundant assignment to cmd") 3822a7c40997 ("Merge tag 'mm-stable-2023-02-20-13-37' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3cad1bc010416c6dd780643476bc59ed742436b9 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 2 Jul 2024 18:26:52 +0200 Subject: [PATCH] filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. In theory (but AFAIK not in practice), posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. This only affects systems with SELinux / Smack / AppArmor / BPF-LSM in enforcing mode and only works from some security contexts. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush(). Fixes: c293621bbf67 ("[PATCH] stale POSIX lock handling") Cc: stable(a)kernel.org Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=2563 Signed-off-by: Jann Horn <jannh(a)google.com> Link: https://lore.kernel.org/r/20240702-fs-lock-recover-2-v1-1-edd456f63789@goog… Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/locks.c b/fs/locks.c index 90c8746874de..c360d1992d21 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2448,8 +2448,9 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, error = do_lock_file_wait(filp, cmd, file_lock); /* - * Attempt to detect a close/fcntl race and recover by releasing the - * lock that was just acquired. There is no need to do that when we're + * Detect close/fcntl races and recover by zapping all POSIX locks + * associated with this file and our files_struct, just like on + * filp_flush(). There is no need to do that when we're * unlocking though, or for OFD locks. */ if (!error && file_lock->c.flc_type != F_UNLCK && @@ -2464,9 +2465,7 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, f = files_lookup_fd_locked(files, fd); spin_unlock(&files->file_lock); if (f != filp) { - file_lock->c.flc_type = F_UNLCK; - error = do_lock_file_wait(filp, cmd, file_lock); - WARN_ON_ONCE(error); + locks_remove_posix(filp, files); error = -EBADF; } }

10 months

1
0
0 0

FAILED: patch "[PATCH] filelock: Remove locks reliably when fcntl/close race is" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3cad1bc010416c6dd780643476bc59ed742436b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070859-celibacy-goldsmith-46fd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected") 4ca52f539865 ("filelock: have fs/locks.c deal with file_lock_core directly") a69ce85ec9af ("filelock: split common fields into struct file_lock_core") 3d40f78169a0 ("filelock: drop the IS_* macros") 75cabec0111b ("filelock: add some new helper functions") 587a67b6830b ("filelock: rename some fields in tracepoints") 0e9876d8e88d ("filelock: fl_pid field should be signed int") 6c9007f65d14 ("fs/locks: F_UNLCK extension for F_OFD_GETLK") dc592190a554 ("fs/locks: Remove redundant assignment to cmd") 3822a7c40997 ("Merge tag 'mm-stable-2023-02-20-13-37' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3cad1bc010416c6dd780643476bc59ed742436b9 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 2 Jul 2024 18:26:52 +0200 Subject: [PATCH] filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. In theory (but AFAIK not in practice), posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. This only affects systems with SELinux / Smack / AppArmor / BPF-LSM in enforcing mode and only works from some security contexts. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush(). Fixes: c293621bbf67 ("[PATCH] stale POSIX lock handling") Cc: stable(a)kernel.org Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=2563 Signed-off-by: Jann Horn <jannh(a)google.com> Link: https://lore.kernel.org/r/20240702-fs-lock-recover-2-v1-1-edd456f63789@goog… Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/locks.c b/fs/locks.c index 90c8746874de..c360d1992d21 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2448,8 +2448,9 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, error = do_lock_file_wait(filp, cmd, file_lock); /* - * Attempt to detect a close/fcntl race and recover by releasing the - * lock that was just acquired. There is no need to do that when we're + * Detect close/fcntl races and recover by zapping all POSIX locks + * associated with this file and our files_struct, just like on + * filp_flush(). There is no need to do that when we're * unlocking though, or for OFD locks. */ if (!error && file_lock->c.flc_type != F_UNLCK && @@ -2464,9 +2465,7 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, f = files_lookup_fd_locked(files, fd); spin_unlock(&files->file_lock); if (f != filp) { - file_lock->c.flc_type = F_UNLCK; - error = do_lock_file_wait(filp, cmd, file_lock); - WARN_ON_ONCE(error); + locks_remove_posix(filp, files); error = -EBADF; } }

10 months

1
0
0 0

FAILED: patch "[PATCH] filelock: Remove locks reliably when fcntl/close race is" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3cad1bc010416c6dd780643476bc59ed742436b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070858-anew-deuce-98ab@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected") 4ca52f539865 ("filelock: have fs/locks.c deal with file_lock_core directly") a69ce85ec9af ("filelock: split common fields into struct file_lock_core") 3d40f78169a0 ("filelock: drop the IS_* macros") 75cabec0111b ("filelock: add some new helper functions") 587a67b6830b ("filelock: rename some fields in tracepoints") 0e9876d8e88d ("filelock: fl_pid field should be signed int") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3cad1bc010416c6dd780643476bc59ed742436b9 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 2 Jul 2024 18:26:52 +0200 Subject: [PATCH] filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. In theory (but AFAIK not in practice), posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. This only affects systems with SELinux / Smack / AppArmor / BPF-LSM in enforcing mode and only works from some security contexts. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush(). Fixes: c293621bbf67 ("[PATCH] stale POSIX lock handling") Cc: stable(a)kernel.org Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=2563 Signed-off-by: Jann Horn <jannh(a)google.com> Link: https://lore.kernel.org/r/20240702-fs-lock-recover-2-v1-1-edd456f63789@goog… Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/locks.c b/fs/locks.c index 90c8746874de..c360d1992d21 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2448,8 +2448,9 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, error = do_lock_file_wait(filp, cmd, file_lock); /* - * Attempt to detect a close/fcntl race and recover by releasing the - * lock that was just acquired. There is no need to do that when we're + * Detect close/fcntl races and recover by zapping all POSIX locks + * associated with this file and our files_struct, just like on + * filp_flush(). There is no need to do that when we're * unlocking though, or for OFD locks. */ if (!error && file_lock->c.flc_type != F_UNLCK && @@ -2464,9 +2465,7 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, f = files_lookup_fd_locked(files, fd); spin_unlock(&files->file_lock); if (f != filp) { - file_lock->c.flc_type = F_UNLCK; - error = do_lock_file_wait(filp, cmd, file_lock); - WARN_ON_ONCE(error); + locks_remove_posix(filp, files); error = -EBADF; } }

10 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/pseries: Fix scv instruction crash with kexec" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 21a741eb75f80397e5f7d3739e24d7d75e619011 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070820-relapse-humbly-3545@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 21a741eb75f8 ("powerpc/pseries: Fix scv instruction crash with kexec") 2ab2d5794f14 ("powerpc/kasan: Disable address sanitization in kexec paths") e6f6390ab7b9 ("powerpc: Add missing headers") 3ba4289a3e7f ("powerpc: Simplify and move arch_randomize_brk()") ce0091a0e060 ("powerpc/time: Fix sparse warnings") 387e220a2e5e ("powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU") 20626177c9de ("powerpc: make memremap_compat_align 64s-only") ffbe5d21d10f ("powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix") f43d2ffb47c9 ("powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c") 162b0889bba6 ("powerpc/64s: move THP trace point creation out of hash specific file") 3d3282fd34d8 ("powerpc/pseries: lparcfg don't include slb_size line in radix mode") 0c7cc15e9215 ("powerpc/pseries: move process table registration away from hash-specific code") 7ebc49031d04 ("powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE") 6e5772c8d9cf ("Merge tag 'x86_cc_for_v5.16_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 21a741eb75f80397e5f7d3739e24d7d75e619011 Mon Sep 17 00:00:00 2001 From: Nicholas Piggin <npiggin(a)gmail.com> Date: Tue, 25 Jun 2024 23:40:47 +1000 Subject: [PATCH] powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL is disabled, which causes an interrupt at an unexpected entry location that crashes the kernel. Change the kexec sequence to disable AIL after other CPUs have been brought down. As a refresher, the real-mode scv interrupt vector is 0x17000, and the fixed-location head code probably couldn't easily deal with implementing such high addresses so it was just decided not to support that interrupt at all. Fixes: 7fa95f9adaee ("powerpc/64s: system call support for scv/rfscv instructions") Cc: stable(a)vger.kernel.org # v5.9+ Reported-by: Sourabh Jain <sourabhjain(a)linux.ibm.com> Closes: https://lore.kernel.org/3b4b2943-49ad-4619-b195-bc416f1d1409@linux.ibm.com Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Tested-by: Gautam Menghani <gautam(a)linux.ibm.com> Tested-by: Sourabh Jain <sourabhjain(a)linux.ibm.com> Link: https://msgid.link/20240625134047.298759-1-npiggin@gmail.com Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/kexec/core_64.c b/arch/powerpc/kexec/core_64.c index 85050be08a23..72b12bc10f90 100644 --- a/arch/powerpc/kexec/core_64.c +++ b/arch/powerpc/kexec/core_64.c @@ -27,6 +27,7 @@ #include <asm/paca.h> #include <asm/mmu.h> #include <asm/sections.h> /* _end */ +#include <asm/setup.h> #include <asm/smp.h> #include <asm/hw_breakpoint.h> #include <asm/svm.h> @@ -317,6 +318,16 @@ void default_machine_kexec(struct kimage *image) if (!kdump_in_progress()) kexec_prepare_cpus(); +#ifdef CONFIG_PPC_PSERIES + /* + * This must be done after other CPUs have shut down, otherwise they + * could execute the 'scv' instruction, which is not supported with + * reloc disabled (see configure_exceptions()). + */ + if (firmware_has_feature(FW_FEATURE_SET_MODE)) + pseries_disable_reloc_on_exc(); +#endif + printk("kexec: Starting switchover sequence.\n"); /* switch to a staticly allocated stack. Based on irq stack code. diff --git a/arch/powerpc/platforms/pseries/kexec.c b/arch/powerpc/platforms/pseries/kexec.c index 096d09ed89f6..431be156ca9b 100644 --- a/arch/powerpc/platforms/pseries/kexec.c +++ b/arch/powerpc/platforms/pseries/kexec.c @@ -61,11 +61,3 @@ void pseries_kexec_cpu_down(int crash_shutdown, int secondary) } else xics_kexec_teardown_cpu(secondary); } - -void pseries_machine_kexec(struct kimage *image) -{ - if (firmware_has_feature(FW_FEATURE_SET_MODE)) - pseries_disable_reloc_on_exc(); - - default_machine_kexec(image); -} diff --git a/arch/powerpc/platforms/pseries/pseries.h b/arch/powerpc/platforms/pseries/pseries.h index bba4ad192b0f..3968a6970fa8 100644 --- a/arch/powerpc/platforms/pseries/pseries.h +++ b/arch/powerpc/platforms/pseries/pseries.h @@ -38,7 +38,6 @@ static inline void smp_init_pseries(void) { } #endif extern void pseries_kexec_cpu_down(int crash_shutdown, int secondary); -void pseries_machine_kexec(struct kimage *image); extern void pSeries_final_fixup(void); diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index cba40d9d1284..b10a25325238 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -1159,7 +1159,6 @@ define_machine(pseries) { .machine_check_exception = pSeries_machine_check_exception, .machine_check_log_err = pSeries_machine_check_log_err, #ifdef CONFIG_KEXEC_CORE - .machine_kexec = pseries_machine_kexec, .kexec_cpu_down = pseries_kexec_cpu_down, #endif #ifdef CONFIG_MEMORY_HOTPLUG

10 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/pseries: Fix scv instruction crash with kexec" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 21a741eb75f80397e5f7d3739e24d7d75e619011 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070819-steering-gag-75e6@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 21a741eb75f8 ("powerpc/pseries: Fix scv instruction crash with kexec") 2ab2d5794f14 ("powerpc/kasan: Disable address sanitization in kexec paths") e6f6390ab7b9 ("powerpc: Add missing headers") 3ba4289a3e7f ("powerpc: Simplify and move arch_randomize_brk()") ce0091a0e060 ("powerpc/time: Fix sparse warnings") 387e220a2e5e ("powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU") 20626177c9de ("powerpc: make memremap_compat_align 64s-only") ffbe5d21d10f ("powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix") f43d2ffb47c9 ("powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c") 162b0889bba6 ("powerpc/64s: move THP trace point creation out of hash specific file") 3d3282fd34d8 ("powerpc/pseries: lparcfg don't include slb_size line in radix mode") 0c7cc15e9215 ("powerpc/pseries: move process table registration away from hash-specific code") 7ebc49031d04 ("powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE") 6e5772c8d9cf ("Merge tag 'x86_cc_for_v5.16_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 21a741eb75f80397e5f7d3739e24d7d75e619011 Mon Sep 17 00:00:00 2001 From: Nicholas Piggin <npiggin(a)gmail.com> Date: Tue, 25 Jun 2024 23:40:47 +1000 Subject: [PATCH] powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL is disabled, which causes an interrupt at an unexpected entry location that crashes the kernel. Change the kexec sequence to disable AIL after other CPUs have been brought down. As a refresher, the real-mode scv interrupt vector is 0x17000, and the fixed-location head code probably couldn't easily deal with implementing such high addresses so it was just decided not to support that interrupt at all. Fixes: 7fa95f9adaee ("powerpc/64s: system call support for scv/rfscv instructions") Cc: stable(a)vger.kernel.org # v5.9+ Reported-by: Sourabh Jain <sourabhjain(a)linux.ibm.com> Closes: https://lore.kernel.org/3b4b2943-49ad-4619-b195-bc416f1d1409@linux.ibm.com Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Tested-by: Gautam Menghani <gautam(a)linux.ibm.com> Tested-by: Sourabh Jain <sourabhjain(a)linux.ibm.com> Link: https://msgid.link/20240625134047.298759-1-npiggin@gmail.com Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/kexec/core_64.c b/arch/powerpc/kexec/core_64.c index 85050be08a23..72b12bc10f90 100644 --- a/arch/powerpc/kexec/core_64.c +++ b/arch/powerpc/kexec/core_64.c @@ -27,6 +27,7 @@ #include <asm/paca.h> #include <asm/mmu.h> #include <asm/sections.h> /* _end */ +#include <asm/setup.h> #include <asm/smp.h> #include <asm/hw_breakpoint.h> #include <asm/svm.h> @@ -317,6 +318,16 @@ void default_machine_kexec(struct kimage *image) if (!kdump_in_progress()) kexec_prepare_cpus(); +#ifdef CONFIG_PPC_PSERIES + /* + * This must be done after other CPUs have shut down, otherwise they + * could execute the 'scv' instruction, which is not supported with + * reloc disabled (see configure_exceptions()). + */ + if (firmware_has_feature(FW_FEATURE_SET_MODE)) + pseries_disable_reloc_on_exc(); +#endif + printk("kexec: Starting switchover sequence.\n"); /* switch to a staticly allocated stack. Based on irq stack code. diff --git a/arch/powerpc/platforms/pseries/kexec.c b/arch/powerpc/platforms/pseries/kexec.c index 096d09ed89f6..431be156ca9b 100644 --- a/arch/powerpc/platforms/pseries/kexec.c +++ b/arch/powerpc/platforms/pseries/kexec.c @@ -61,11 +61,3 @@ void pseries_kexec_cpu_down(int crash_shutdown, int secondary) } else xics_kexec_teardown_cpu(secondary); } - -void pseries_machine_kexec(struct kimage *image) -{ - if (firmware_has_feature(FW_FEATURE_SET_MODE)) - pseries_disable_reloc_on_exc(); - - default_machine_kexec(image); -} diff --git a/arch/powerpc/platforms/pseries/pseries.h b/arch/powerpc/platforms/pseries/pseries.h index bba4ad192b0f..3968a6970fa8 100644 --- a/arch/powerpc/platforms/pseries/pseries.h +++ b/arch/powerpc/platforms/pseries/pseries.h @@ -38,7 +38,6 @@ static inline void smp_init_pseries(void) { } #endif extern void pseries_kexec_cpu_down(int crash_shutdown, int secondary); -void pseries_machine_kexec(struct kimage *image); extern void pSeries_final_fixup(void); diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index cba40d9d1284..b10a25325238 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -1159,7 +1159,6 @@ define_machine(pseries) { .machine_check_exception = pSeries_machine_check_exception, .machine_check_log_err = pSeries_machine_check_log_err, #ifdef CONFIG_KEXEC_CORE - .machine_kexec = pseries_machine_kexec, .kexec_cpu_down = pseries_kexec_cpu_down, #endif #ifdef CONFIG_MEMORY_HOTPLUG

10 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f72383371e8c5d1d108532d7e395ff2c277233e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070843-concrete-lather-a4a3@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f72383371e8c ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f72383371e8c5d1d108532d7e395ff2c277233e5 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… (cherry picked from commit aaf9dc86bd806458f848c39057d59e5aa652a399) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index 3c3fc53376ce..6bff169fa8d4 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2088,6 +2088,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

10 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f72383371e8c5d1d108532d7e395ff2c277233e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070843-geriatric-salaried-2036@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f72383371e8c ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f72383371e8c5d1d108532d7e395ff2c277233e5 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… (cherry picked from commit aaf9dc86bd806458f848c39057d59e5aa652a399) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index 3c3fc53376ce..6bff169fa8d4 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2088,6 +2088,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

10 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f72383371e8c5d1d108532d7e395ff2c277233e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070842-lugged-armband-abac@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f72383371e8c ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f72383371e8c5d1d108532d7e395ff2c277233e5 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… (cherry picked from commit aaf9dc86bd806458f848c39057d59e5aa652a399) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index 3c3fc53376ce..6bff169fa8d4 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2088,6 +2088,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

10 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f72383371e8c5d1d108532d7e395ff2c277233e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070841-tanning-polka-a370@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f72383371e8c ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f72383371e8c5d1d108532d7e395ff2c277233e5 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… (cherry picked from commit aaf9dc86bd806458f848c39057d59e5aa652a399) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index 3c3fc53376ce..6bff169fa8d4 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2088,6 +2088,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

10 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f72383371e8c5d1d108532d7e395ff2c277233e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070840-gurgle-wikipedia-e4e0@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: f72383371e8c ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f72383371e8c5d1d108532d7e395ff2c277233e5 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… (cherry picked from commit aaf9dc86bd806458f848c39057d59e5aa652a399) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index 3c3fc53376ce..6bff169fa8d4 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2088,6 +2088,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

10 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f72383371e8c5d1d108532d7e395ff2c277233e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070840-unworn-partly-35f5@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f72383371e8c ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f72383371e8c5d1d108532d7e395ff2c277233e5 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… (cherry picked from commit aaf9dc86bd806458f848c39057d59e5aa652a399) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index 3c3fc53376ce..6bff169fa8d4 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2088,6 +2088,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

10 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x f72383371e8c5d1d108532d7e395ff2c277233e5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070839-undertake-variably-bedc@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: f72383371e8c ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f72383371e8c5d1d108532d7e395ff2c277233e5 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… (cherry picked from commit aaf9dc86bd806458f848c39057d59e5aa652a399) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index 3c3fc53376ce..6bff169fa8d4 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2088,6 +2088,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

10 months

1
0
0 0

[PATCH 4.19] Bluetooth: Fix incorrect pointer arithmatic in ext_adv_report_evt

by Wentao Guan

From: Jaganath Kanakkassery <jaganath.k.os(a)gmail.com> Please apply the upstream commit: commit cd9151b618da ("Bluetooth: Fix incorrect pointer arithmatic in ext_adv_report_evt") Solved kernel BT Err "Bluetooth: Unknown advertising packet type: 0x100" ------------------------------------------------------------------------- In ext_adv_report_event rssi comes before data (not after data as in legacy adv_report_evt) so "+ 1" is not required in the ptr arithmatic to point to next report. Cc: stable(a)vger.kernel.org # 4.19- Signed-off-by: Jaganath Kanakkassery <jaganath.kanakkassery(a)intel.com> Signed-off-by: Marcel Holtmann <marcel(a)holtmann.org> Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> --- net/bluetooth/hci_event.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 3e7badb3ac2d..4f972c9e9dbe 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -5402,7 +5402,7 @@ static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) ev->data, ev->length); } - ptr += sizeof(*ev) + ev->length + 1; + ptr += sizeof(*ev) + ev->length; } hci_dev_unlock(hdev); -- 2.20.1

10 months

2
1
0 0

[PATCH AUTOSEL 6.6 01/18] nvme-multipath: find NUMA path only for online numa-node

by Sasha Levin

From: Nilay Shroff <nilay(a)linux.ibm.com> [ Upstream commit d3a043733f25d743f3aa617c7f82dbcb5ee2211a ] In current native multipath design when a shared namespace is created, we loop through each possible numa-node, calculate the NUMA distance of that node from each nvme controller and then cache the optimal IO path for future reference while sending IO. The issue with this design is that we may refer to the NUMA distance table for an offline node which may not be populated at the time and so we may inadvertently end up finding and caching a non-optimal path for IO. Then latter when the corresponding numa-node becomes online and hence the NUMA distance table entry for that node is created, ideally we should re-calculate the multipath node distance for the newly added node however that doesn't happen unless we rescan/reset the controller. So essentially, we may keep using non-optimal IO path for a node which is made online after namespace is created. This patch helps fix this issue ensuring that when a shared namespace is created, we calculate the multipath node distance for each online numa-node instead of each possible numa-node. Then latter when a node becomes online and we receive any IO on that newly added node, we would calculate the multipath node distance for newly added node but this time NUMA distance table would have been already populated for newly added node. Hence we would be able to correctly calculate the multipath node distance and choose the optimal path for the IO. Signed-off-by: Nilay Shroff <nilay(a)linux.ibm.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/nvme/host/multipath.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c index 0a88d7bdc5e37..6a444ce273366 100644 --- a/drivers/nvme/host/multipath.c +++ b/drivers/nvme/host/multipath.c @@ -592,7 +592,7 @@ static void nvme_mpath_set_live(struct nvme_ns *ns) int node, srcu_idx; srcu_idx = srcu_read_lock(&head->srcu); - for_each_node(node) + for_each_online_node(node) __nvme_find_path(head, node); srcu_read_unlock(&head->srcu, srcu_idx); } -- 2.43.0

10 months

2
20
0 0

FAILED: patch "[PATCH] tpm: Address !chip->auth in tpm2_*_auth_session()" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 25ee48a55fd59c72e0bd46dd9160c2d406b5a497 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070848-graveness-probiotic-9eb0@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: 25ee48a55fd5 ("tpm: Address !chip->auth in tpm2_*_auth_session()") eb24c9788cd9 ("tpm: disable the TPM if NULL name changes") d0a25bb961e6 ("tpm: Add HMAC session name/handle append") 699e3efd6c64 ("tpm: Add HMAC session start and end functions") 033ee84e5f01 ("tpm: Add TCG mandated Key Derivation Functions (KDFs)") d2add27cf2b8 ("tpm: Add NULL primary creation") 17d89b2e2f76 ("tpm: Move buffer handling from static inlines to real functions") cf792e903aff ("tpm: Remove unused tpm_buf_tag()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25ee48a55fd59c72e0bd46dd9160c2d406b5a497 Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen <jarkko(a)kernel.org> Date: Wed, 3 Jul 2024 19:39:27 +0300 Subject: [PATCH] tpm: Address !chip->auth in tpm2_*_auth_session() Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm2_*_auth_session(). Thus, address !chip->auth in tpm2_*_auth_session(). Cc: stable(a)vger.kernel.org # v6.9+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") Tested-by: Michael Ellerman <mpe(a)ellerman.id.au> # ppc Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 907ac9956a78..2f1d96a5a5a7 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -824,8 +824,13 @@ EXPORT_SYMBOL(tpm_buf_check_hmac_response); */ void tpm2_end_auth_session(struct tpm_chip *chip) { - tpm2_flush_context(chip, chip->auth->handle); - memzero_explicit(chip->auth, sizeof(*chip->auth)); + struct tpm2_auth *auth = chip->auth; + + if (!auth) + return; + + tpm2_flush_context(chip, auth->handle); + memzero_explicit(auth, sizeof(*auth)); } EXPORT_SYMBOL(tpm2_end_auth_session); @@ -907,6 +912,11 @@ int tpm2_start_auth_session(struct tpm_chip *chip) int rc; u32 null_key; + if (!auth) { + dev_warn_once(&chip->dev, "auth session is not active\n"); + return 0; + } + rc = tpm2_load_null(chip, &null_key); if (rc) goto out;

10 months

1
0
0 0

FAILED: patch "[PATCH] tpm: Address !chip->auth in tpm_buf_append_hmac_session*()" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 7ca110f2679b7d1f3ac1afc90e6ffbf0af3edf0d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070837-moonlike-computing-e29c@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_session*()") a61809a33239 ("tpm: Address !chip->auth in tpm_buf_append_name()") f09fc6cee0dc ("tpm: Rename TPM2_OA_TMPL to TPM2_OA_NULL_KEY and make it local") eb24c9788cd9 ("tpm: disable the TPM if NULL name changes") 1085b8276bb4 ("tpm: Add the rest of the session HMAC API") d0a25bb961e6 ("tpm: Add HMAC session name/handle append") 699e3efd6c64 ("tpm: Add HMAC session start and end functions") 033ee84e5f01 ("tpm: Add TCG mandated Key Derivation Functions (KDFs)") d2add27cf2b8 ("tpm: Add NULL primary creation") 17d89b2e2f76 ("tpm: Move buffer handling from static inlines to real functions") cf792e903aff ("tpm: Remove unused tpm_buf_tag()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7ca110f2679b7d1f3ac1afc90e6ffbf0af3edf0d Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen <jarkko(a)kernel.org> Date: Wed, 3 Jul 2024 18:47:46 +0300 Subject: [PATCH] tpm: Address !chip->auth in tpm_buf_append_hmac_session*() Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm_buf_hmac_session*(). Thus, address !chip->auth in tpm_buf_hmac_session*() and remove the fallback implementation for !TCG_TPM2_HMAC. Cc: stable(a)vger.kernel.org # v6.9+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: 1085b8276bb4 ("tpm: Add the rest of the session HMAC API") Tested-by: Michael Ellerman <mpe(a)ellerman.id.au> # ppc Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index b3ed35e7ec00..2281d55df545 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -272,6 +272,110 @@ void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, } EXPORT_SYMBOL_GPL(tpm_buf_append_name); +/** + * tpm_buf_append_hmac_session() - Append a TPM session element + * @chip: the TPM chip structure + * @buf: The buffer to be appended + * @attributes: The session attributes + * @passphrase: The session authority (NULL if none) + * @passphrase_len: The length of the session authority (0 if none) + * + * This fills in a session structure in the TPM command buffer, except + * for the HMAC which cannot be computed until the command buffer is + * complete. The type of session is controlled by the @attributes, + * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the + * session won't terminate after tpm_buf_check_hmac_response(), + * TPM2_SA_DECRYPT which means this buffers first parameter should be + * encrypted with a session key and TPM2_SA_ENCRYPT, which means the + * response buffer's first parameter needs to be decrypted (confusing, + * but the defines are written from the point of view of the TPM). + * + * Any session appended by this command must be finalized by calling + * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect + * and the TPM will reject the command. + * + * As with most tpm_buf operations, success is assumed because failure + * will be caused by an incorrect programming model and indicated by a + * kernel message. + */ +void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, + u8 attributes, u8 *passphrase, + int passphrase_len) +{ +#ifdef CONFIG_TCG_TPM2_HMAC + u8 nonce[SHA256_DIGEST_SIZE]; + struct tpm2_auth *auth; + u32 len; +#endif + + if (!tpm2_chip_auth(chip)) { + /* offset tells us where the sessions area begins */ + int offset = buf->handles * 4 + TPM_HEADER_SIZE; + u32 len = 9 + passphrase_len; + + if (tpm_buf_length(buf) != offset) { + /* not the first session so update the existing length */ + len += get_unaligned_be32(&buf->data[offset]); + put_unaligned_be32(len, &buf->data[offset]); + } else { + tpm_buf_append_u32(buf, len); + } + /* auth handle */ + tpm_buf_append_u32(buf, TPM2_RS_PW); + /* nonce */ + tpm_buf_append_u16(buf, 0); + /* attributes */ + tpm_buf_append_u8(buf, 0); + /* passphrase */ + tpm_buf_append_u16(buf, passphrase_len); + tpm_buf_append(buf, passphrase, passphrase_len); + return; + } + +#ifdef CONFIG_TCG_TPM2_HMAC + /* + * The Architecture Guide requires us to strip trailing zeros + * before computing the HMAC + */ + while (passphrase && passphrase_len > 0 && passphrase[passphrase_len - 1] == '\0') + passphrase_len--; + + auth = chip->auth; + auth->attrs = attributes; + auth->passphrase_len = passphrase_len; + if (passphrase_len) + memcpy(auth->passphrase, passphrase, passphrase_len); + + if (auth->session != tpm_buf_length(buf)) { + /* we're not the first session */ + len = get_unaligned_be32(&buf->data[auth->session]); + if (4 + len + auth->session != tpm_buf_length(buf)) { + WARN(1, "session length mismatch, cannot append"); + return; + } + + /* add our new session */ + len += 9 + 2 * SHA256_DIGEST_SIZE; + put_unaligned_be32(len, &buf->data[auth->session]); + } else { + tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); + } + + /* random number for our nonce */ + get_random_bytes(nonce, sizeof(nonce)); + memcpy(auth->our_nonce, nonce, sizeof(nonce)); + tpm_buf_append_u32(buf, auth->handle); + /* our new nonce */ + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); + tpm_buf_append_u8(buf, auth->attrs); + /* and put a placeholder for the hmac */ + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); +#endif +} +EXPORT_SYMBOL_GPL(tpm_buf_append_hmac_session); + #ifdef CONFIG_TCG_TPM2_HMAC static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, @@ -457,82 +561,6 @@ static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) crypto_free_kpp(kpp); } -/** - * tpm_buf_append_hmac_session() - Append a TPM session element - * @chip: the TPM chip structure - * @buf: The buffer to be appended - * @attributes: The session attributes - * @passphrase: The session authority (NULL if none) - * @passphrase_len: The length of the session authority (0 if none) - * - * This fills in a session structure in the TPM command buffer, except - * for the HMAC which cannot be computed until the command buffer is - * complete. The type of session is controlled by the @attributes, - * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the - * session won't terminate after tpm_buf_check_hmac_response(), - * TPM2_SA_DECRYPT which means this buffers first parameter should be - * encrypted with a session key and TPM2_SA_ENCRYPT, which means the - * response buffer's first parameter needs to be decrypted (confusing, - * but the defines are written from the point of view of the TPM). - * - * Any session appended by this command must be finalized by calling - * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect - * and the TPM will reject the command. - * - * As with most tpm_buf operations, success is assumed because failure - * will be caused by an incorrect programming model and indicated by a - * kernel message. - */ -void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, - u8 attributes, u8 *passphrase, - int passphrase_len) -{ - u8 nonce[SHA256_DIGEST_SIZE]; - u32 len; - struct tpm2_auth *auth = chip->auth; - - /* - * The Architecture Guide requires us to strip trailing zeros - * before computing the HMAC - */ - while (passphrase && passphrase_len > 0 - && passphrase[passphrase_len - 1] == '\0') - passphrase_len--; - - auth->attrs = attributes; - auth->passphrase_len = passphrase_len; - if (passphrase_len) - memcpy(auth->passphrase, passphrase, passphrase_len); - - if (auth->session != tpm_buf_length(buf)) { - /* we're not the first session */ - len = get_unaligned_be32(&buf->data[auth->session]); - if (4 + len + auth->session != tpm_buf_length(buf)) { - WARN(1, "session length mismatch, cannot append"); - return; - } - - /* add our new session */ - len += 9 + 2 * SHA256_DIGEST_SIZE; - put_unaligned_be32(len, &buf->data[auth->session]); - } else { - tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); - } - - /* random number for our nonce */ - get_random_bytes(nonce, sizeof(nonce)); - memcpy(auth->our_nonce, nonce, sizeof(nonce)); - tpm_buf_append_u32(buf, auth->handle); - /* our new nonce */ - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); - tpm_buf_append_u8(buf, auth->attrs); - /* and put a placeholder for the hmac */ - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); -} -EXPORT_SYMBOL(tpm_buf_append_hmac_session); - /** * tpm_buf_fill_hmac_session() - finalize the session HMAC * @chip: the TPM chip structure @@ -563,6 +591,9 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) u8 cphash[SHA256_DIGEST_SIZE]; struct sha256_state sctx; + if (!auth) + return; + /* save the command code in BE format */ auth->ordinal = head->ordinal; @@ -721,6 +752,9 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, u32 cc = be32_to_cpu(auth->ordinal); int parm_len, len, i, handles; + if (!auth) + return rc; + if (auth->session >= TPM_HEADER_SIZE) { WARN(1, "tpm session not filled correctly\n"); goto out; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 4d3071e885a0..e93ee8d936a9 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -502,10 +502,6 @@ static inline struct tpm2_auth *tpm2_chip_auth(struct tpm_chip *chip) void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, u32 handle, u8 *name); - -#ifdef CONFIG_TCG_TPM2_HMAC - -int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen); @@ -515,9 +511,27 @@ static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, u8 *passphrase, int passphraselen) { - tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, - passphraselen); + struct tpm_header *head; + int offset; + + if (tpm2_chip_auth(chip)) { + tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, passphraselen); + } else { + offset = buf->handles * 4 + TPM_HEADER_SIZE; + head = (struct tpm_header *)buf->data; + + /* + * If the only sessions are optional, the command tag must change to + * TPM2_ST_NO_SESSIONS. + */ + if (tpm_buf_length(buf) == offset) + head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); + } } + +#ifdef CONFIG_TCG_TPM2_HMAC + +int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf); int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, int rc); @@ -532,48 +546,6 @@ static inline int tpm2_start_auth_session(struct tpm_chip *chip) static inline void tpm2_end_auth_session(struct tpm_chip *chip) { } -static inline void tpm_buf_append_hmac_session(struct tpm_chip *chip, - struct tpm_buf *buf, - u8 attributes, u8 *passphrase, - int passphraselen) -{ - /* offset tells us where the sessions area begins */ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; - u32 len = 9 + passphraselen; - - if (tpm_buf_length(buf) != offset) { - /* not the first session so update the existing length */ - len += get_unaligned_be32(&buf->data[offset]); - put_unaligned_be32(len, &buf->data[offset]); - } else { - tpm_buf_append_u32(buf, len); - } - /* auth handle */ - tpm_buf_append_u32(buf, TPM2_RS_PW); - /* nonce */ - tpm_buf_append_u16(buf, 0); - /* attributes */ - tpm_buf_append_u8(buf, 0); - /* passphrase */ - tpm_buf_append_u16(buf, passphraselen); - tpm_buf_append(buf, passphrase, passphraselen); -} -static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, - struct tpm_buf *buf, - u8 attributes, - u8 *passphrase, - int passphraselen) -{ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; - struct tpm_header *head = (struct tpm_header *) buf->data; - - /* - * if the only sessions are optional, the command tag - * must change to TPM2_ST_NO_SESSIONS - */ - if (tpm_buf_length(buf) == offset) - head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); -} static inline void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) {

10 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix incorrect inode allocation from reserved inodes" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070811-tutor-disinfect-e4e6@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 93aef9eda1ce ("nilfs2: fix incorrect inode allocation from reserved inodes") af6eae646851 ("nilfs2: convert persistent object allocator to use kmap_local") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 23 Jun 2024 14:11:35 +0900 Subject: [PATCH] nilfs2: fix incorrect inode allocation from reserved inodes If the bitmap block that manages the inode allocation status is corrupted, nilfs_ifile_create_inode() may allocate a new inode from the reserved inode area where it should not be allocated. Previous fix commit d325dc6eb763 ("nilfs2: fix use-after-free bug of struct nilfs_root"), fixed the problem that reserved inodes with inode numbers less than NILFS_USER_INO (=11) were incorrectly reallocated due to bitmap corruption, but since the start number of non-reserved inodes is read from the super block and may change, in which case inode allocation may occur from the extended reserved inode area. If that happens, access to that inode will cause an IO error, causing the file system to degrade to an error state. Fix this potential issue by adding a wraparound option to the common metadata object allocation routine and by modifying nilfs_ifile_create_inode() to disable the option so that it only allocates inodes with inode numbers greater than or equal to the inode number read in "nilfs->ns_first_ino", regardless of the bitmap status of reserved inodes. Link: https://lkml.kernel.org/r/20240623051135.4180-4-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: Hillf Danton <hdanton(a)sina.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/alloc.c b/fs/nilfs2/alloc.c index 89caef7513db..ba50388ee4bf 100644 --- a/fs/nilfs2/alloc.c +++ b/fs/nilfs2/alloc.c @@ -377,11 +377,12 @@ void *nilfs_palloc_block_get_entry(const struct inode *inode, __u64 nr, * @target: offset number of an entry in the group (start point) * @bsize: size in bits * @lock: spin lock protecting @bitmap + * @wrap: whether to wrap around */ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, unsigned long target, unsigned int bsize, - spinlock_t *lock) + spinlock_t *lock, bool wrap) { int pos, end = bsize; @@ -397,6 +398,8 @@ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, end = target; } + if (!wrap) + return -ENOSPC; /* wrap around */ for (pos = 0; pos < end; pos++) { @@ -495,9 +498,10 @@ int nilfs_palloc_count_max_entries(struct inode *inode, u64 nused, u64 *nmaxp) * nilfs_palloc_prepare_alloc_entry - prepare to allocate a persistent object * @inode: inode of metadata file using this allocator * @req: nilfs_palloc_req structure exchanged for the allocation + * @wrap: whether to wrap around */ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, - struct nilfs_palloc_req *req) + struct nilfs_palloc_req *req, bool wrap) { struct buffer_head *desc_bh, *bitmap_bh; struct nilfs_palloc_group_desc *desc; @@ -516,7 +520,7 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, entries_per_group = nilfs_palloc_entries_per_group(inode); for (i = 0; i < ngroups; i += n) { - if (group >= ngroups) { + if (group >= ngroups && wrap) { /* wrap around */ group = 0; maxgroup = nilfs_palloc_group(inode, req->pr_entry_nr, @@ -550,7 +554,14 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, bitmap_kaddr = kmap_local_page(bitmap_bh->b_page); bitmap = bitmap_kaddr + bh_offset(bitmap_bh); pos = nilfs_palloc_find_available_slot( - bitmap, group_offset, entries_per_group, lock); + bitmap, group_offset, entries_per_group, lock, + wrap); + /* + * Since the search for a free slot in the second and + * subsequent bitmap blocks always starts from the + * beginning, the wrap flag only has an effect on the + * first search. + */ kunmap_local(bitmap_kaddr); if (pos >= 0) goto found; diff --git a/fs/nilfs2/alloc.h b/fs/nilfs2/alloc.h index b667e869ac07..d825a9faca6d 100644 --- a/fs/nilfs2/alloc.h +++ b/fs/nilfs2/alloc.h @@ -50,8 +50,8 @@ struct nilfs_palloc_req { struct buffer_head *pr_entry_bh; }; -int nilfs_palloc_prepare_alloc_entry(struct inode *, - struct nilfs_palloc_req *); +int nilfs_palloc_prepare_alloc_entry(struct inode *inode, + struct nilfs_palloc_req *req, bool wrap); void nilfs_palloc_commit_alloc_entry(struct inode *, struct nilfs_palloc_req *); void nilfs_palloc_abort_alloc_entry(struct inode *, struct nilfs_palloc_req *); diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c index 180fc8d36213..fc1caf63a42a 100644 --- a/fs/nilfs2/dat.c +++ b/fs/nilfs2/dat.c @@ -75,7 +75,7 @@ int nilfs_dat_prepare_alloc(struct inode *dat, struct nilfs_palloc_req *req) { int ret; - ret = nilfs_palloc_prepare_alloc_entry(dat, req); + ret = nilfs_palloc_prepare_alloc_entry(dat, req, true); if (ret < 0) return ret; diff --git a/fs/nilfs2/ifile.c b/fs/nilfs2/ifile.c index 612e609158b5..1e86b9303b7c 100644 --- a/fs/nilfs2/ifile.c +++ b/fs/nilfs2/ifile.c @@ -56,13 +56,10 @@ int nilfs_ifile_create_inode(struct inode *ifile, ino_t *out_ino, struct nilfs_palloc_req req; int ret; - req.pr_entry_nr = 0; /* - * 0 says find free inode from beginning - * of a group. dull code!! - */ + req.pr_entry_nr = NILFS_FIRST_INO(ifile->i_sb); req.pr_entry_bh = NULL; - ret = nilfs_palloc_prepare_alloc_entry(ifile, &req); + ret = nilfs_palloc_prepare_alloc_entry(ifile, &req, false); if (!ret) { ret = nilfs_palloc_get_entry_block(ifile, req.pr_entry_nr, 1, &req.pr_entry_bh);

10 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix incorrect inode allocation from reserved inodes" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070809-graceful-refute-ca40@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 93aef9eda1ce ("nilfs2: fix incorrect inode allocation from reserved inodes") af6eae646851 ("nilfs2: convert persistent object allocator to use kmap_local") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 23 Jun 2024 14:11:35 +0900 Subject: [PATCH] nilfs2: fix incorrect inode allocation from reserved inodes If the bitmap block that manages the inode allocation status is corrupted, nilfs_ifile_create_inode() may allocate a new inode from the reserved inode area where it should not be allocated. Previous fix commit d325dc6eb763 ("nilfs2: fix use-after-free bug of struct nilfs_root"), fixed the problem that reserved inodes with inode numbers less than NILFS_USER_INO (=11) were incorrectly reallocated due to bitmap corruption, but since the start number of non-reserved inodes is read from the super block and may change, in which case inode allocation may occur from the extended reserved inode area. If that happens, access to that inode will cause an IO error, causing the file system to degrade to an error state. Fix this potential issue by adding a wraparound option to the common metadata object allocation routine and by modifying nilfs_ifile_create_inode() to disable the option so that it only allocates inodes with inode numbers greater than or equal to the inode number read in "nilfs->ns_first_ino", regardless of the bitmap status of reserved inodes. Link: https://lkml.kernel.org/r/20240623051135.4180-4-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: Hillf Danton <hdanton(a)sina.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/alloc.c b/fs/nilfs2/alloc.c index 89caef7513db..ba50388ee4bf 100644 --- a/fs/nilfs2/alloc.c +++ b/fs/nilfs2/alloc.c @@ -377,11 +377,12 @@ void *nilfs_palloc_block_get_entry(const struct inode *inode, __u64 nr, * @target: offset number of an entry in the group (start point) * @bsize: size in bits * @lock: spin lock protecting @bitmap + * @wrap: whether to wrap around */ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, unsigned long target, unsigned int bsize, - spinlock_t *lock) + spinlock_t *lock, bool wrap) { int pos, end = bsize; @@ -397,6 +398,8 @@ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, end = target; } + if (!wrap) + return -ENOSPC; /* wrap around */ for (pos = 0; pos < end; pos++) { @@ -495,9 +498,10 @@ int nilfs_palloc_count_max_entries(struct inode *inode, u64 nused, u64 *nmaxp) * nilfs_palloc_prepare_alloc_entry - prepare to allocate a persistent object * @inode: inode of metadata file using this allocator * @req: nilfs_palloc_req structure exchanged for the allocation + * @wrap: whether to wrap around */ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, - struct nilfs_palloc_req *req) + struct nilfs_palloc_req *req, bool wrap) { struct buffer_head *desc_bh, *bitmap_bh; struct nilfs_palloc_group_desc *desc; @@ -516,7 +520,7 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, entries_per_group = nilfs_palloc_entries_per_group(inode); for (i = 0; i < ngroups; i += n) { - if (group >= ngroups) { + if (group >= ngroups && wrap) { /* wrap around */ group = 0; maxgroup = nilfs_palloc_group(inode, req->pr_entry_nr, @@ -550,7 +554,14 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, bitmap_kaddr = kmap_local_page(bitmap_bh->b_page); bitmap = bitmap_kaddr + bh_offset(bitmap_bh); pos = nilfs_palloc_find_available_slot( - bitmap, group_offset, entries_per_group, lock); + bitmap, group_offset, entries_per_group, lock, + wrap); + /* + * Since the search for a free slot in the second and + * subsequent bitmap blocks always starts from the + * beginning, the wrap flag only has an effect on the + * first search. + */ kunmap_local(bitmap_kaddr); if (pos >= 0) goto found; diff --git a/fs/nilfs2/alloc.h b/fs/nilfs2/alloc.h index b667e869ac07..d825a9faca6d 100644 --- a/fs/nilfs2/alloc.h +++ b/fs/nilfs2/alloc.h @@ -50,8 +50,8 @@ struct nilfs_palloc_req { struct buffer_head *pr_entry_bh; }; -int nilfs_palloc_prepare_alloc_entry(struct inode *, - struct nilfs_palloc_req *); +int nilfs_palloc_prepare_alloc_entry(struct inode *inode, + struct nilfs_palloc_req *req, bool wrap); void nilfs_palloc_commit_alloc_entry(struct inode *, struct nilfs_palloc_req *); void nilfs_palloc_abort_alloc_entry(struct inode *, struct nilfs_palloc_req *); diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c index 180fc8d36213..fc1caf63a42a 100644 --- a/fs/nilfs2/dat.c +++ b/fs/nilfs2/dat.c @@ -75,7 +75,7 @@ int nilfs_dat_prepare_alloc(struct inode *dat, struct nilfs_palloc_req *req) { int ret; - ret = nilfs_palloc_prepare_alloc_entry(dat, req); + ret = nilfs_palloc_prepare_alloc_entry(dat, req, true); if (ret < 0) return ret; diff --git a/fs/nilfs2/ifile.c b/fs/nilfs2/ifile.c index 612e609158b5..1e86b9303b7c 100644 --- a/fs/nilfs2/ifile.c +++ b/fs/nilfs2/ifile.c @@ -56,13 +56,10 @@ int nilfs_ifile_create_inode(struct inode *ifile, ino_t *out_ino, struct nilfs_palloc_req req; int ret; - req.pr_entry_nr = 0; /* - * 0 says find free inode from beginning - * of a group. dull code!! - */ + req.pr_entry_nr = NILFS_FIRST_INO(ifile->i_sb); req.pr_entry_bh = NULL; - ret = nilfs_palloc_prepare_alloc_entry(ifile, &req); + ret = nilfs_palloc_prepare_alloc_entry(ifile, &req, false); if (!ret) { ret = nilfs_palloc_get_entry_block(ifile, req.pr_entry_nr, 1, &req.pr_entry_bh);

10 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix incorrect inode allocation from reserved inodes" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070808-exclude-sighing-1813@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 93aef9eda1ce ("nilfs2: fix incorrect inode allocation from reserved inodes") af6eae646851 ("nilfs2: convert persistent object allocator to use kmap_local") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 23 Jun 2024 14:11:35 +0900 Subject: [PATCH] nilfs2: fix incorrect inode allocation from reserved inodes If the bitmap block that manages the inode allocation status is corrupted, nilfs_ifile_create_inode() may allocate a new inode from the reserved inode area where it should not be allocated. Previous fix commit d325dc6eb763 ("nilfs2: fix use-after-free bug of struct nilfs_root"), fixed the problem that reserved inodes with inode numbers less than NILFS_USER_INO (=11) were incorrectly reallocated due to bitmap corruption, but since the start number of non-reserved inodes is read from the super block and may change, in which case inode allocation may occur from the extended reserved inode area. If that happens, access to that inode will cause an IO error, causing the file system to degrade to an error state. Fix this potential issue by adding a wraparound option to the common metadata object allocation routine and by modifying nilfs_ifile_create_inode() to disable the option so that it only allocates inodes with inode numbers greater than or equal to the inode number read in "nilfs->ns_first_ino", regardless of the bitmap status of reserved inodes. Link: https://lkml.kernel.org/r/20240623051135.4180-4-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: Hillf Danton <hdanton(a)sina.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/alloc.c b/fs/nilfs2/alloc.c index 89caef7513db..ba50388ee4bf 100644 --- a/fs/nilfs2/alloc.c +++ b/fs/nilfs2/alloc.c @@ -377,11 +377,12 @@ void *nilfs_palloc_block_get_entry(const struct inode *inode, __u64 nr, * @target: offset number of an entry in the group (start point) * @bsize: size in bits * @lock: spin lock protecting @bitmap + * @wrap: whether to wrap around */ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, unsigned long target, unsigned int bsize, - spinlock_t *lock) + spinlock_t *lock, bool wrap) { int pos, end = bsize; @@ -397,6 +398,8 @@ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, end = target; } + if (!wrap) + return -ENOSPC; /* wrap around */ for (pos = 0; pos < end; pos++) { @@ -495,9 +498,10 @@ int nilfs_palloc_count_max_entries(struct inode *inode, u64 nused, u64 *nmaxp) * nilfs_palloc_prepare_alloc_entry - prepare to allocate a persistent object * @inode: inode of metadata file using this allocator * @req: nilfs_palloc_req structure exchanged for the allocation + * @wrap: whether to wrap around */ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, - struct nilfs_palloc_req *req) + struct nilfs_palloc_req *req, bool wrap) { struct buffer_head *desc_bh, *bitmap_bh; struct nilfs_palloc_group_desc *desc; @@ -516,7 +520,7 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, entries_per_group = nilfs_palloc_entries_per_group(inode); for (i = 0; i < ngroups; i += n) { - if (group >= ngroups) { + if (group >= ngroups && wrap) { /* wrap around */ group = 0; maxgroup = nilfs_palloc_group(inode, req->pr_entry_nr, @@ -550,7 +554,14 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, bitmap_kaddr = kmap_local_page(bitmap_bh->b_page); bitmap = bitmap_kaddr + bh_offset(bitmap_bh); pos = nilfs_palloc_find_available_slot( - bitmap, group_offset, entries_per_group, lock); + bitmap, group_offset, entries_per_group, lock, + wrap); + /* + * Since the search for a free slot in the second and + * subsequent bitmap blocks always starts from the + * beginning, the wrap flag only has an effect on the + * first search. + */ kunmap_local(bitmap_kaddr); if (pos >= 0) goto found; diff --git a/fs/nilfs2/alloc.h b/fs/nilfs2/alloc.h index b667e869ac07..d825a9faca6d 100644 --- a/fs/nilfs2/alloc.h +++ b/fs/nilfs2/alloc.h @@ -50,8 +50,8 @@ struct nilfs_palloc_req { struct buffer_head *pr_entry_bh; }; -int nilfs_palloc_prepare_alloc_entry(struct inode *, - struct nilfs_palloc_req *); +int nilfs_palloc_prepare_alloc_entry(struct inode *inode, + struct nilfs_palloc_req *req, bool wrap); void nilfs_palloc_commit_alloc_entry(struct inode *, struct nilfs_palloc_req *); void nilfs_palloc_abort_alloc_entry(struct inode *, struct nilfs_palloc_req *); diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c index 180fc8d36213..fc1caf63a42a 100644 --- a/fs/nilfs2/dat.c +++ b/fs/nilfs2/dat.c @@ -75,7 +75,7 @@ int nilfs_dat_prepare_alloc(struct inode *dat, struct nilfs_palloc_req *req) { int ret; - ret = nilfs_palloc_prepare_alloc_entry(dat, req); + ret = nilfs_palloc_prepare_alloc_entry(dat, req, true); if (ret < 0) return ret; diff --git a/fs/nilfs2/ifile.c b/fs/nilfs2/ifile.c index 612e609158b5..1e86b9303b7c 100644 --- a/fs/nilfs2/ifile.c +++ b/fs/nilfs2/ifile.c @@ -56,13 +56,10 @@ int nilfs_ifile_create_inode(struct inode *ifile, ino_t *out_ino, struct nilfs_palloc_req req; int ret; - req.pr_entry_nr = 0; /* - * 0 says find free inode from beginning - * of a group. dull code!! - */ + req.pr_entry_nr = NILFS_FIRST_INO(ifile->i_sb); req.pr_entry_bh = NULL; - ret = nilfs_palloc_prepare_alloc_entry(ifile, &req); + ret = nilfs_palloc_prepare_alloc_entry(ifile, &req, false); if (!ret) { ret = nilfs_palloc_get_entry_block(ifile, req.pr_entry_nr, 1, &req.pr_entry_bh);

10 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix incorrect inode allocation from reserved inodes" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070807-flagpole-strut-4d64@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 93aef9eda1ce ("nilfs2: fix incorrect inode allocation from reserved inodes") af6eae646851 ("nilfs2: convert persistent object allocator to use kmap_local") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 23 Jun 2024 14:11:35 +0900 Subject: [PATCH] nilfs2: fix incorrect inode allocation from reserved inodes If the bitmap block that manages the inode allocation status is corrupted, nilfs_ifile_create_inode() may allocate a new inode from the reserved inode area where it should not be allocated. Previous fix commit d325dc6eb763 ("nilfs2: fix use-after-free bug of struct nilfs_root"), fixed the problem that reserved inodes with inode numbers less than NILFS_USER_INO (=11) were incorrectly reallocated due to bitmap corruption, but since the start number of non-reserved inodes is read from the super block and may change, in which case inode allocation may occur from the extended reserved inode area. If that happens, access to that inode will cause an IO error, causing the file system to degrade to an error state. Fix this potential issue by adding a wraparound option to the common metadata object allocation routine and by modifying nilfs_ifile_create_inode() to disable the option so that it only allocates inodes with inode numbers greater than or equal to the inode number read in "nilfs->ns_first_ino", regardless of the bitmap status of reserved inodes. Link: https://lkml.kernel.org/r/20240623051135.4180-4-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: Hillf Danton <hdanton(a)sina.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/alloc.c b/fs/nilfs2/alloc.c index 89caef7513db..ba50388ee4bf 100644 --- a/fs/nilfs2/alloc.c +++ b/fs/nilfs2/alloc.c @@ -377,11 +377,12 @@ void *nilfs_palloc_block_get_entry(const struct inode *inode, __u64 nr, * @target: offset number of an entry in the group (start point) * @bsize: size in bits * @lock: spin lock protecting @bitmap + * @wrap: whether to wrap around */ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, unsigned long target, unsigned int bsize, - spinlock_t *lock) + spinlock_t *lock, bool wrap) { int pos, end = bsize; @@ -397,6 +398,8 @@ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, end = target; } + if (!wrap) + return -ENOSPC; /* wrap around */ for (pos = 0; pos < end; pos++) { @@ -495,9 +498,10 @@ int nilfs_palloc_count_max_entries(struct inode *inode, u64 nused, u64 *nmaxp) * nilfs_palloc_prepare_alloc_entry - prepare to allocate a persistent object * @inode: inode of metadata file using this allocator * @req: nilfs_palloc_req structure exchanged for the allocation + * @wrap: whether to wrap around */ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, - struct nilfs_palloc_req *req) + struct nilfs_palloc_req *req, bool wrap) { struct buffer_head *desc_bh, *bitmap_bh; struct nilfs_palloc_group_desc *desc; @@ -516,7 +520,7 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, entries_per_group = nilfs_palloc_entries_per_group(inode); for (i = 0; i < ngroups; i += n) { - if (group >= ngroups) { + if (group >= ngroups && wrap) { /* wrap around */ group = 0; maxgroup = nilfs_palloc_group(inode, req->pr_entry_nr, @@ -550,7 +554,14 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, bitmap_kaddr = kmap_local_page(bitmap_bh->b_page); bitmap = bitmap_kaddr + bh_offset(bitmap_bh); pos = nilfs_palloc_find_available_slot( - bitmap, group_offset, entries_per_group, lock); + bitmap, group_offset, entries_per_group, lock, + wrap); + /* + * Since the search for a free slot in the second and + * subsequent bitmap blocks always starts from the + * beginning, the wrap flag only has an effect on the + * first search. + */ kunmap_local(bitmap_kaddr); if (pos >= 0) goto found; diff --git a/fs/nilfs2/alloc.h b/fs/nilfs2/alloc.h index b667e869ac07..d825a9faca6d 100644 --- a/fs/nilfs2/alloc.h +++ b/fs/nilfs2/alloc.h @@ -50,8 +50,8 @@ struct nilfs_palloc_req { struct buffer_head *pr_entry_bh; }; -int nilfs_palloc_prepare_alloc_entry(struct inode *, - struct nilfs_palloc_req *); +int nilfs_palloc_prepare_alloc_entry(struct inode *inode, + struct nilfs_palloc_req *req, bool wrap); void nilfs_palloc_commit_alloc_entry(struct inode *, struct nilfs_palloc_req *); void nilfs_palloc_abort_alloc_entry(struct inode *, struct nilfs_palloc_req *); diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c index 180fc8d36213..fc1caf63a42a 100644 --- a/fs/nilfs2/dat.c +++ b/fs/nilfs2/dat.c @@ -75,7 +75,7 @@ int nilfs_dat_prepare_alloc(struct inode *dat, struct nilfs_palloc_req *req) { int ret; - ret = nilfs_palloc_prepare_alloc_entry(dat, req); + ret = nilfs_palloc_prepare_alloc_entry(dat, req, true); if (ret < 0) return ret; diff --git a/fs/nilfs2/ifile.c b/fs/nilfs2/ifile.c index 612e609158b5..1e86b9303b7c 100644 --- a/fs/nilfs2/ifile.c +++ b/fs/nilfs2/ifile.c @@ -56,13 +56,10 @@ int nilfs_ifile_create_inode(struct inode *ifile, ino_t *out_ino, struct nilfs_palloc_req req; int ret; - req.pr_entry_nr = 0; /* - * 0 says find free inode from beginning - * of a group. dull code!! - */ + req.pr_entry_nr = NILFS_FIRST_INO(ifile->i_sb); req.pr_entry_bh = NULL; - ret = nilfs_palloc_prepare_alloc_entry(ifile, &req); + ret = nilfs_palloc_prepare_alloc_entry(ifile, &req, false); if (!ret) { ret = nilfs_palloc_get_entry_block(ifile, req.pr_entry_nr, 1, &req.pr_entry_bh);

10 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix incorrect inode allocation from reserved inodes" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070806-fifteen-agnostic-36a6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 93aef9eda1ce ("nilfs2: fix incorrect inode allocation from reserved inodes") af6eae646851 ("nilfs2: convert persistent object allocator to use kmap_local") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 23 Jun 2024 14:11:35 +0900 Subject: [PATCH] nilfs2: fix incorrect inode allocation from reserved inodes If the bitmap block that manages the inode allocation status is corrupted, nilfs_ifile_create_inode() may allocate a new inode from the reserved inode area where it should not be allocated. Previous fix commit d325dc6eb763 ("nilfs2: fix use-after-free bug of struct nilfs_root"), fixed the problem that reserved inodes with inode numbers less than NILFS_USER_INO (=11) were incorrectly reallocated due to bitmap corruption, but since the start number of non-reserved inodes is read from the super block and may change, in which case inode allocation may occur from the extended reserved inode area. If that happens, access to that inode will cause an IO error, causing the file system to degrade to an error state. Fix this potential issue by adding a wraparound option to the common metadata object allocation routine and by modifying nilfs_ifile_create_inode() to disable the option so that it only allocates inodes with inode numbers greater than or equal to the inode number read in "nilfs->ns_first_ino", regardless of the bitmap status of reserved inodes. Link: https://lkml.kernel.org/r/20240623051135.4180-4-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: Hillf Danton <hdanton(a)sina.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/alloc.c b/fs/nilfs2/alloc.c index 89caef7513db..ba50388ee4bf 100644 --- a/fs/nilfs2/alloc.c +++ b/fs/nilfs2/alloc.c @@ -377,11 +377,12 @@ void *nilfs_palloc_block_get_entry(const struct inode *inode, __u64 nr, * @target: offset number of an entry in the group (start point) * @bsize: size in bits * @lock: spin lock protecting @bitmap + * @wrap: whether to wrap around */ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, unsigned long target, unsigned int bsize, - spinlock_t *lock) + spinlock_t *lock, bool wrap) { int pos, end = bsize; @@ -397,6 +398,8 @@ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, end = target; } + if (!wrap) + return -ENOSPC; /* wrap around */ for (pos = 0; pos < end; pos++) { @@ -495,9 +498,10 @@ int nilfs_palloc_count_max_entries(struct inode *inode, u64 nused, u64 *nmaxp) * nilfs_palloc_prepare_alloc_entry - prepare to allocate a persistent object * @inode: inode of metadata file using this allocator * @req: nilfs_palloc_req structure exchanged for the allocation + * @wrap: whether to wrap around */ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, - struct nilfs_palloc_req *req) + struct nilfs_palloc_req *req, bool wrap) { struct buffer_head *desc_bh, *bitmap_bh; struct nilfs_palloc_group_desc *desc; @@ -516,7 +520,7 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, entries_per_group = nilfs_palloc_entries_per_group(inode); for (i = 0; i < ngroups; i += n) { - if (group >= ngroups) { + if (group >= ngroups && wrap) { /* wrap around */ group = 0; maxgroup = nilfs_palloc_group(inode, req->pr_entry_nr, @@ -550,7 +554,14 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, bitmap_kaddr = kmap_local_page(bitmap_bh->b_page); bitmap = bitmap_kaddr + bh_offset(bitmap_bh); pos = nilfs_palloc_find_available_slot( - bitmap, group_offset, entries_per_group, lock); + bitmap, group_offset, entries_per_group, lock, + wrap); + /* + * Since the search for a free slot in the second and + * subsequent bitmap blocks always starts from the + * beginning, the wrap flag only has an effect on the + * first search. + */ kunmap_local(bitmap_kaddr); if (pos >= 0) goto found; diff --git a/fs/nilfs2/alloc.h b/fs/nilfs2/alloc.h index b667e869ac07..d825a9faca6d 100644 --- a/fs/nilfs2/alloc.h +++ b/fs/nilfs2/alloc.h @@ -50,8 +50,8 @@ struct nilfs_palloc_req { struct buffer_head *pr_entry_bh; }; -int nilfs_palloc_prepare_alloc_entry(struct inode *, - struct nilfs_palloc_req *); +int nilfs_palloc_prepare_alloc_entry(struct inode *inode, + struct nilfs_palloc_req *req, bool wrap); void nilfs_palloc_commit_alloc_entry(struct inode *, struct nilfs_palloc_req *); void nilfs_palloc_abort_alloc_entry(struct inode *, struct nilfs_palloc_req *); diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c index 180fc8d36213..fc1caf63a42a 100644 --- a/fs/nilfs2/dat.c +++ b/fs/nilfs2/dat.c @@ -75,7 +75,7 @@ int nilfs_dat_prepare_alloc(struct inode *dat, struct nilfs_palloc_req *req) { int ret; - ret = nilfs_palloc_prepare_alloc_entry(dat, req); + ret = nilfs_palloc_prepare_alloc_entry(dat, req, true); if (ret < 0) return ret; diff --git a/fs/nilfs2/ifile.c b/fs/nilfs2/ifile.c index 612e609158b5..1e86b9303b7c 100644 --- a/fs/nilfs2/ifile.c +++ b/fs/nilfs2/ifile.c @@ -56,13 +56,10 @@ int nilfs_ifile_create_inode(struct inode *ifile, ino_t *out_ino, struct nilfs_palloc_req req; int ret; - req.pr_entry_nr = 0; /* - * 0 says find free inode from beginning - * of a group. dull code!! - */ + req.pr_entry_nr = NILFS_FIRST_INO(ifile->i_sb); req.pr_entry_bh = NULL; - ret = nilfs_palloc_prepare_alloc_entry(ifile, &req); + ret = nilfs_palloc_prepare_alloc_entry(ifile, &req, false); if (!ret) { ret = nilfs_palloc_get_entry_block(ifile, req.pr_entry_nr, 1, &req.pr_entry_bh);

10 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix incorrect inode allocation from reserved inodes" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070805-enchanted-nearness-1ecc@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 93aef9eda1ce ("nilfs2: fix incorrect inode allocation from reserved inodes") af6eae646851 ("nilfs2: convert persistent object allocator to use kmap_local") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93aef9eda1cea9e84ab2453fcceb8addad0e46f1 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Sun, 23 Jun 2024 14:11:35 +0900 Subject: [PATCH] nilfs2: fix incorrect inode allocation from reserved inodes If the bitmap block that manages the inode allocation status is corrupted, nilfs_ifile_create_inode() may allocate a new inode from the reserved inode area where it should not be allocated. Previous fix commit d325dc6eb763 ("nilfs2: fix use-after-free bug of struct nilfs_root"), fixed the problem that reserved inodes with inode numbers less than NILFS_USER_INO (=11) were incorrectly reallocated due to bitmap corruption, but since the start number of non-reserved inodes is read from the super block and may change, in which case inode allocation may occur from the extended reserved inode area. If that happens, access to that inode will cause an IO error, causing the file system to degrade to an error state. Fix this potential issue by adding a wraparound option to the common metadata object allocation routine and by modifying nilfs_ifile_create_inode() to disable the option so that it only allocates inodes with inode numbers greater than or equal to the inode number read in "nilfs->ns_first_ino", regardless of the bitmap status of reserved inodes. Link: https://lkml.kernel.org/r/20240623051135.4180-4-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: Hillf Danton <hdanton(a)sina.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/alloc.c b/fs/nilfs2/alloc.c index 89caef7513db..ba50388ee4bf 100644 --- a/fs/nilfs2/alloc.c +++ b/fs/nilfs2/alloc.c @@ -377,11 +377,12 @@ void *nilfs_palloc_block_get_entry(const struct inode *inode, __u64 nr, * @target: offset number of an entry in the group (start point) * @bsize: size in bits * @lock: spin lock protecting @bitmap + * @wrap: whether to wrap around */ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, unsigned long target, unsigned int bsize, - spinlock_t *lock) + spinlock_t *lock, bool wrap) { int pos, end = bsize; @@ -397,6 +398,8 @@ static int nilfs_palloc_find_available_slot(unsigned char *bitmap, end = target; } + if (!wrap) + return -ENOSPC; /* wrap around */ for (pos = 0; pos < end; pos++) { @@ -495,9 +498,10 @@ int nilfs_palloc_count_max_entries(struct inode *inode, u64 nused, u64 *nmaxp) * nilfs_palloc_prepare_alloc_entry - prepare to allocate a persistent object * @inode: inode of metadata file using this allocator * @req: nilfs_palloc_req structure exchanged for the allocation + * @wrap: whether to wrap around */ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, - struct nilfs_palloc_req *req) + struct nilfs_palloc_req *req, bool wrap) { struct buffer_head *desc_bh, *bitmap_bh; struct nilfs_palloc_group_desc *desc; @@ -516,7 +520,7 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, entries_per_group = nilfs_palloc_entries_per_group(inode); for (i = 0; i < ngroups; i += n) { - if (group >= ngroups) { + if (group >= ngroups && wrap) { /* wrap around */ group = 0; maxgroup = nilfs_palloc_group(inode, req->pr_entry_nr, @@ -550,7 +554,14 @@ int nilfs_palloc_prepare_alloc_entry(struct inode *inode, bitmap_kaddr = kmap_local_page(bitmap_bh->b_page); bitmap = bitmap_kaddr + bh_offset(bitmap_bh); pos = nilfs_palloc_find_available_slot( - bitmap, group_offset, entries_per_group, lock); + bitmap, group_offset, entries_per_group, lock, + wrap); + /* + * Since the search for a free slot in the second and + * subsequent bitmap blocks always starts from the + * beginning, the wrap flag only has an effect on the + * first search. + */ kunmap_local(bitmap_kaddr); if (pos >= 0) goto found; diff --git a/fs/nilfs2/alloc.h b/fs/nilfs2/alloc.h index b667e869ac07..d825a9faca6d 100644 --- a/fs/nilfs2/alloc.h +++ b/fs/nilfs2/alloc.h @@ -50,8 +50,8 @@ struct nilfs_palloc_req { struct buffer_head *pr_entry_bh; }; -int nilfs_palloc_prepare_alloc_entry(struct inode *, - struct nilfs_palloc_req *); +int nilfs_palloc_prepare_alloc_entry(struct inode *inode, + struct nilfs_palloc_req *req, bool wrap); void nilfs_palloc_commit_alloc_entry(struct inode *, struct nilfs_palloc_req *); void nilfs_palloc_abort_alloc_entry(struct inode *, struct nilfs_palloc_req *); diff --git a/fs/nilfs2/dat.c b/fs/nilfs2/dat.c index 180fc8d36213..fc1caf63a42a 100644 --- a/fs/nilfs2/dat.c +++ b/fs/nilfs2/dat.c @@ -75,7 +75,7 @@ int nilfs_dat_prepare_alloc(struct inode *dat, struct nilfs_palloc_req *req) { int ret; - ret = nilfs_palloc_prepare_alloc_entry(dat, req); + ret = nilfs_palloc_prepare_alloc_entry(dat, req, true); if (ret < 0) return ret; diff --git a/fs/nilfs2/ifile.c b/fs/nilfs2/ifile.c index 612e609158b5..1e86b9303b7c 100644 --- a/fs/nilfs2/ifile.c +++ b/fs/nilfs2/ifile.c @@ -56,13 +56,10 @@ int nilfs_ifile_create_inode(struct inode *ifile, ino_t *out_ino, struct nilfs_palloc_req req; int ret; - req.pr_entry_nr = 0; /* - * 0 says find free inode from beginning - * of a group. dull code!! - */ + req.pr_entry_nr = NILFS_FIRST_INO(ifile->i_sb); req.pr_entry_bh = NULL; - ret = nilfs_palloc_prepare_alloc_entry(ifile, &req); + ret = nilfs_palloc_prepare_alloc_entry(ifile, &req, false); if (!ret) { ret = nilfs_palloc_get_entry_block(ifile, req.pr_entry_nr, 1, &req.pr_entry_bh);

10 months

1
0
0 0

FAILED: patch "[PATCH] cpu: Fix broken cmdline "nosmp" and "maxcpus=0"" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6ef8eb5125722c241fd60d7b0c872d5c2e5dd4ca # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070154-legged-throwaway-bd6a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 6ef8eb512572 ("cpu: Fix broken cmdline "nosmp" and "maxcpus=0"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ef8eb5125722c241fd60d7b0c872d5c2e5dd4ca Mon Sep 17 00:00:00 2001 From: Huacai Chen <chenhuacai(a)kernel.org> Date: Tue, 18 Jun 2024 16:13:36 +0800 Subject: [PATCH] cpu: Fix broken cmdline "nosmp" and "maxcpus=0" After the rework of "Parallel CPU bringup", the cmdline "nosmp" and "maxcpus=0" parameters are not working anymore. These parameters set setup_max_cpus to zero and that's handed to bringup_nonboot_cpus(). The code there does a decrement before checking for zero, which brings it into the negative space and brings up all CPUs. Add a zero check at the beginning of the function to prevent this. [ tglx: Massaged change log ] Fixes: 18415f33e2ac4ab382 ("cpu/hotplug: Allow "parallel" bringup up to CPUHP_BP_KICK_AP_STATE") Fixes: 06c6796e0304234da6 ("cpu/hotplug: Fix off by one in cpuhp_bringup_mask()") Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240618081336.3996825-1-chenhuacai@loongson.cn diff --git a/kernel/cpu.c b/kernel/cpu.c index 74cfdb66a9bd..3d2bf1d50a0c 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -1859,6 +1859,9 @@ static inline bool cpuhp_bringup_cpus_parallel(unsigned int ncpus) { return fals void __init bringup_nonboot_cpus(unsigned int max_cpus) { + if (!max_cpus) + return; + /* Try parallel bringup optimization if enabled */ if (cpuhp_bringup_cpus_parallel(max_cpus)) return;

10 months

3
2
0 0

Re: Patch "wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values" has been added to the 6.6-stable tree

by Greg KH

On Sun, Jul 07, 2024 at 10:55:51AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > wifi-cfg80211-restrict-nl80211_attr_txq_quantum-valu.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 0014eb2dd000fba5b30a3cb883b750bd344f050d > Author: Eric Dumazet <edumazet(a)google.com> > Date: Sat Jun 15 16:08:00 2024 +0000 > > wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values > > [ Upstream commit d1cba2ea8121e7fdbe1328cea782876b1dd80993 ] Breaks the build, so I've dropped it now.

10 months

1
0
0 0

FAILED: patch "[PATCH] wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d1cba2ea8121e7fdbe1328cea782876b1dd80993 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024070854-whenever-diaper-8e4b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d1cba2ea8121 ("wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1cba2ea8121e7fdbe1328cea782876b1dd80993 Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Sat, 15 Jun 2024 16:08:00 +0000 Subject: [PATCH] wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM to 2^31. We had a similar issue in sch_fq, fixed with commit d9e15a273306 ("pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM") watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24] Modules linked in: irq event stamp: 131135 hardirqs last enabled at (131134): [<ffff80008ae8778c>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline] hardirqs last enabled at (131134): [<ffff80008ae8778c>] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95 hardirqs last disabled at (131135): [<ffff80008ae85378>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (131135): [<ffff80008ae85378>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (125892): [<ffff80008907e82c>] neigh_hh_init net/core/neighbour.c:1538 [inline] softirqs last enabled at (125892): [<ffff80008907e82c>] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553 softirqs last disabled at (125896): [<ffff80008904166c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: mld mld_ifc_work pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __list_del include/linux/list.h:195 [inline] pc : __list_del_entry include/linux/list.h:218 [inline] pc : list_move_tail include/linux/list.h:310 [inline] pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline] pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854 lr : __list_del_entry include/linux/list.h:218 [inline] lr : list_move_tail include/linux/list.h:310 [inline] lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline] lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854 sp : ffff800093d36700 x29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000 x26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0 x23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0 x20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0 x17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8 x14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff x11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc x2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470 Call trace: __list_del include/linux/list.h:195 [inline] __list_del_entry include/linux/list.h:218 [inline] list_move_tail include/linux/list.h:310 [inline] fq_tin_dequeue include/net/fq_impl.h:112 [inline] ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854 wake_tx_push_queue net/mac80211/util.c:294 [inline] ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315 drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline] schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline] ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664 ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966 ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062 __ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338 ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532 __netdev_start_xmit include/linux/netdevice.h:4903 [inline] netdev_start_xmit include/linux/netdevice.h:4917 [inline] xmit_one net/core/dev.c:3531 [inline] dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547 __dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341 dev_queue_xmit include/linux/netdevice.h:3091 [inline] neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x104c/0x1ee8 net/ipv6/ip6_output.c:137 ip6_finish_output+0x428/0x7a0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x270/0x594 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:450 [inline] NF_HOOK+0x160/0x4f0 include/linux/netfilter.h:314 mld_sendpack+0x7b4/0x10f4 net/ipv6/mcast.c:1818 mld_send_cr net/ipv6/mcast.c:2119 [inline] mld_ifc_work+0x840/0xd0c net/ipv6/mcast.c:2650 process_one_work+0x7b8/0x15d4 kernel/workqueue.c:3267 process_scheduled_works kernel/workqueue.c:3348 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:3429 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860 Fixes: 52539ca89f36 ("cfg80211: Expose TXQ stats and parameters to userspace") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Link: https://patch.msgid.link/20240615160800.250667-1-edumazet@google.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 3c0bca4238d3..72c7bf558581 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -468,6 +468,10 @@ static const struct netlink_range_validation nl80211_punct_bitmap_range = { .max = 0xffff, }; +static const struct netlink_range_validation q_range = { + .max = INT_MAX, +}; + static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD }, [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, @@ -754,7 +758,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 }, [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 }, - [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 }, + [NL80211_ATTR_TXQ_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &q_range), [NL80211_ATTR_HE_CAPABILITY] = NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa, NL80211_HE_MAX_CAPABILITY_LEN),

10 months

1
0
0 0

Re: Patch "drm/amdgpu: fix the warning about the expression (int)size - len" has been added to the 6.1-stable tree

by Greg KH

On Fri, Jul 05, 2024 at 03:34:04PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > drm/amdgpu: fix the warning about the expression (int)size - len > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-amdgpu-fix-the-warning-about-the-expression-int-.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit c71e1d31c7d6735e32dcfd0043970d9fadb00b82 > Author: Jesse Zhang <jesse.zhang(a)amd.com> > Date: Thu Apr 25 15:16:40 2024 +0800 > > drm/amdgpu: fix the warning about the expression (int)size - len > > [ Upstream commit ea686fef5489ef7a2450a9fdbcc732b837fb46a8 ] > > Converting size from size_t to int may overflow. > v2: keep reverse xmas tree order (Christian) > > Signed-off-by: Jesse Zhang <jesse.zhang(a)amd.com> > Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> > Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> Nope, this breaks the build on 6.1, which is kind of worse than fixing a build warning :( I'll go drop this now. thanks, greg k-h

10 months

1
0
0 0

[Patch v2] mtd: rawnand: lpx32xx: Fix dma_request_chan() error checks

by Piotr Wojtaszczyk

The dma_request_chan() returns error pointer in case of error, while dma_request_channel() returns NULL in case of error therefore different error checks are needed for the two. Fixes: 7326d3fb1ee3 ("mtd: rawnand: lpx32xx: Request DMA channels using DT entries") Signed-off-by: Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> Cc: stable(a)vger.kernel.org --- Changes v2: - Corrected 'Fixes' tag - add Cc: stable drivers/mtd/nand/raw/lpc32xx_mlc.c | 2 +- drivers/mtd/nand/raw/lpc32xx_slc.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/nand/raw/lpc32xx_mlc.c b/drivers/mtd/nand/raw/lpc32xx_mlc.c index 92cebe871bb4..b9c3adc54c01 100644 --- a/drivers/mtd/nand/raw/lpc32xx_mlc.c +++ b/drivers/mtd/nand/raw/lpc32xx_mlc.c @@ -575,7 +575,7 @@ static int lpc32xx_dma_setup(struct lpc32xx_nand_host *host) dma_cap_mask_t mask; host->dma_chan = dma_request_chan(mtd->dev.parent, "rx-tx"); - if (!host->dma_chan) { + if (IS_ERR(host->dma_chan)) { /* fallback to request using platform data */ if (!host->pdata || !host->pdata->dma_filter) { dev_err(mtd->dev.parent, "no DMA platform data\n"); diff --git a/drivers/mtd/nand/raw/lpc32xx_slc.c b/drivers/mtd/nand/raw/lpc32xx_slc.c index 3b7e3d259785..ade971e4cc3b 100644 --- a/drivers/mtd/nand/raw/lpc32xx_slc.c +++ b/drivers/mtd/nand/raw/lpc32xx_slc.c @@ -722,7 +722,7 @@ static int lpc32xx_nand_dma_setup(struct lpc32xx_nand_host *host) dma_cap_mask_t mask; host->dma_chan = dma_request_chan(mtd->dev.parent, "rx-tx"); - if (!host->dma_chan) { + if (IS_ERR(host->dma_chan)) { /* fallback to request using platform data */ if (!host->pdata || !host->pdata->dma_filter) { dev_err(mtd->dev.parent, "no DMA platform data\n"); -- 2.25.1

10 months

2
1
0 0

[PATCH 1/3] mm/numa_balancing: Teach mpol_to_str about the balancing mode

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Since balancing mode was added in bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes"), it was possible to set this mode but it wouldn't be shown in /proc/<pid>/numa_maps since there was no support for it in the mpol_to_str() helper. Furthermore, because the balancing mode sets the MPOL_F_MORON flag, it would be displayed as 'default' due a workaround introduced a few years earlier in 8790c71a18e5 ("mm/mempolicy.c: fix mempolicy printing in numa_maps"). To tidy this up we implement two changes: Replace the MPOL_F_MORON check by pointer comparison against the preferred_node_policy array. By doing this we generalise the current special casing and replace the incorrect 'default' with the correct 'bind' for the mode. Secondly, we add a string representation and corresponding handling for the MPOL_F_NUMA_BALANCING flag. With the two changes together we start showing the balancing flag when it is set and therefore complete the fix. Representation format chosen is to separate multiple flags with vertical bars, following what existed long time ago in kernel 2.6.25. But as between then and now there wasn't a way to display multiple flags, this patch does not change the format in practice. Some /proc/<pid>/numa_maps output examples: 555559580000 bind=balancing:0-1,3 file=... 555585800000 bind=balancing|static:0,2 file=... 555635240000 prefer=relative:0 file= v2: * Fully fix by introducing MPOL_F_KERNEL. v3: * Abandoned the MPOL_F_KERNEL approach in favour of pointer comparisons. * Removed lookup generalisation for easier backporting. * Replaced commas as separator with vertical bars. * Added a few more words about the string format in the commit message. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes") References: 8790c71a18e5 ("mm/mempolicy.c: fix mempolicy printing in numa_maps") Cc: Huang Ying <ying.huang(a)intel.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: David Rientjes <rientjes(a)google.com> Cc: <stable(a)vger.kernel.org> # v5.12+ --- mm/mempolicy.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index aec756ae5637..1bfb6c73a39c 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -3293,8 +3293,9 @@ int mpol_parse_str(char *str, struct mempolicy **mpol) * @pol: pointer to mempolicy to be formatted * * Convert @pol into a string. If @buffer is too short, truncate the string. - * Recommend a @maxlen of at least 32 for the longest mode, "interleave", the - * longest flag, "relative", and to display at least a few node ids. + * Recommend a @maxlen of at least 42 for the longest mode, "weighted + * interleave", the longest flag, "balancing", and to display at least a few + * node ids. */ void mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol) { @@ -3303,7 +3304,10 @@ void mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol) unsigned short mode = MPOL_DEFAULT; unsigned short flags = 0; - if (pol && pol != &default_policy && !(pol->flags & MPOL_F_MORON)) { + if (pol && + pol != &default_policy && + !(pol >= &preferred_node_policy[0] && + pol <= &preferred_node_policy[MAX_NUMNODES - 1])) { mode = pol->mode; flags = pol->flags; } @@ -3331,12 +3335,18 @@ void mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol) p += snprintf(p, buffer + maxlen - p, "="); /* - * Currently, the only defined flags are mutually exclusive + * Static and relative are mutually exclusive. */ if (flags & MPOL_F_STATIC_NODES) p += snprintf(p, buffer + maxlen - p, "static"); else if (flags & MPOL_F_RELATIVE_NODES) p += snprintf(p, buffer + maxlen - p, "relative"); + + if (flags & MPOL_F_NUMA_BALANCING) { + if (hweight16(flags & MPOL_MODE_FLAGS) > 1) + p += snprintf(p, buffer + maxlen - p, "|"); + p += snprintf(p, buffer + maxlen - p, "balancing"); + } } if (!nodes_empty(nodes)) -- 2.44.0

10 months

3
2
0 0

[PATCH v2 1/2] f2fs: use meta inode for GC of atomic file

by Sunmin Jeong

The page cache of the atomic file keeps new data pages which will be stored in the COW file. It can also keep old data pages when GCing the atomic file. In this case, new data can be overwritten by old data if a GC thread sets the old data page as dirty after new data page was evicted. Also, since all writes to the atomic file are redirected to COW inodes, GC for the atomic file is not working well as below. f2fs_gc(gc_type=FG_GC) - select A as a victim segment do_garbage_collect - iget atomic file's inode for block B move_data_page f2fs_do_write_data_page - use dn of cow inode - set fio->old_blkaddr from cow inode - seg_freed is 0 since block B is still valid - goto gc_more and A is selected as victim again To solve the problem, let's separate GC writes and updates in the atomic file by using the meta inode for GC writes. Fixes: 3db1de0e582c ("f2fs: change the current atomic write way") Cc: stable(a)vger.kernel.org #v5.19+ Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Reviewed-by: Yeongjin Gil <youngjin.gil(a)samsung.com> Signed-off-by: Sunmin Jeong <s_min.jeong(a)samsung.com> --- v2: - replace post_read to meta_gc fs/f2fs/data.c | 4 ++-- fs/f2fs/f2fs.h | 7 ++++++- fs/f2fs/gc.c | 6 +++--- fs/f2fs/segment.c | 6 +++--- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index b6dcb3bcaef7..9a213d03005d 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -2693,7 +2693,7 @@ int f2fs_do_write_data_page(struct f2fs_io_info *fio) } /* wait for GCed page writeback via META_MAPPING */ - if (fio->post_read) + if (fio->meta_gc) f2fs_wait_on_block_writeback(inode, fio->old_blkaddr); /* @@ -2788,7 +2788,7 @@ int f2fs_write_single_data_page(struct page *page, int *submitted, .submitted = 0, .compr_blocks = compr_blocks, .need_lock = compr_blocks ? LOCK_DONE : LOCK_RETRY, - .post_read = f2fs_post_read_required(inode) ? 1 : 0, + .meta_gc = f2fs_meta_inode_gc_required(inode) ? 1 : 0, .io_type = io_type, .io_wbc = wbc, .bio = bio, diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index f7ee6c5e371e..796ae11c0fa3 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -1211,7 +1211,7 @@ struct f2fs_io_info { unsigned int in_list:1; /* indicate fio is in io_list */ unsigned int is_por:1; /* indicate IO is from recovery or not */ unsigned int encrypted:1; /* indicate file is encrypted */ - unsigned int post_read:1; /* require post read */ + unsigned int meta_gc:1; /* require meta inode GC */ enum iostat_type io_type; /* io type */ struct writeback_control *io_wbc; /* writeback control */ struct bio **bio; /* bio for ipu */ @@ -4263,6 +4263,11 @@ static inline bool f2fs_post_read_required(struct inode *inode) f2fs_compressed_file(inode); } +static inline bool f2fs_meta_inode_gc_required(struct inode *inode) +{ + return f2fs_post_read_required(inode) || f2fs_is_atomic_file(inode); +} + /* * compress.c */ diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c index ef667fec9a12..cb3006551ab5 100644 --- a/fs/f2fs/gc.c +++ b/fs/f2fs/gc.c @@ -1589,7 +1589,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, start_bidx = f2fs_start_bidx_of_node(nofs, inode) + ofs_in_node; - if (f2fs_post_read_required(inode)) { + if (f2fs_meta_inode_gc_required(inode)) { int err = ra_data_block(inode, start_bidx); f2fs_up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); @@ -1640,7 +1640,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, start_bidx = f2fs_start_bidx_of_node(nofs, inode) + ofs_in_node; - if (f2fs_post_read_required(inode)) + if (f2fs_meta_inode_gc_required(inode)) err = move_data_block(inode, start_bidx, gc_type, segno, off); else @@ -1648,7 +1648,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, segno, off); if (!err && (gc_type == FG_GC || - f2fs_post_read_required(inode))) + f2fs_meta_inode_gc_required(inode))) submitted++; if (locked) { diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4db1add43e36..77ef46b384b4 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -3851,7 +3851,7 @@ int f2fs_inplace_write_data(struct f2fs_io_info *fio) goto drop_bio; } - if (fio->post_read) + if (fio->meta_gc) f2fs_truncate_meta_inode_pages(sbi, fio->new_blkaddr, 1); stat_inc_inplace_blocks(fio->sbi); @@ -4021,7 +4021,7 @@ void f2fs_wait_on_block_writeback(struct inode *inode, block_t blkaddr) struct f2fs_sb_info *sbi = F2FS_I_SB(inode); struct page *cpage; - if (!f2fs_post_read_required(inode)) + if (!f2fs_meta_inode_gc_required(inode)) return; if (!__is_valid_data_blkaddr(blkaddr)) @@ -4040,7 +4040,7 @@ void f2fs_wait_on_block_writeback_range(struct inode *inode, block_t blkaddr, struct f2fs_sb_info *sbi = F2FS_I_SB(inode); block_t i; - if (!f2fs_post_read_required(inode)) + if (!f2fs_meta_inode_gc_required(inode)) return; for (i = 0; i < len; i++) -- 2.25.1

10 months

2
1
0 0

[PATCH] FIXUP: genirq: defuse spurious-irq timebomb

by Pete Swain

The flapping-irq detector still has a timebomb. A pathological workload, or test script, can arm the spurious-irq timebomb described in 4f27c00bf80f ("Improve behaviour of spurious IRQ detect") This leads to irqs being moved the much slower polled mode, despite the actual unhandled-irq rate being well under the 99.9k/100k threshold that the code appears to check. How? - Queued completion handler, like nvme, servicing events as they appear in the queue, even if the irq corresponding to the event has not yet been seen. - queues frequently empty, so seeing "spurious" irqs whenever the last events of a threaded handler's while (events_queued()) process_them(); ends with those events' irqs posted while thread was scanning. In this case the while() has consumed last event(s), so next handler says IRQ_NONE. - In each run of "unhandled" irqs, exactly one IRQ_NONE response is promoted from IRQ_NONE to IRQ_HANDLED, by note_interrupt()'s SPURIOUS_DEFERRED logic. - Any 2+ unhandled-irq runs will increment irqs_unhandled. The time_after() check in note_interrupt() resets irqs_unhandled to 1 after an idle period, but if irqs are never spaced more than HZ/10 apart, irqs_unhandled keeps growing. - During processing of long completion queues, the non-threaded handlers will return IRQ_WAKE_THREAD, for potentially thousands of per-event irqs. These bypass note_interrupt()'s irq_count++ logic, so do not count as handled, and do not invoke the flapping-irq logic. - When the _counted_ irq_count reaches the 100k threshold, it's possible for irqs_unhandled > 99.9k to force a move to polling mode, even though many millions of _WAKE_THREAD irqs have been handled without being counted. Solution: include IRQ_WAKE_THREAD events in irq_count. Only when IRQ_NONE responses outweigh (IRQ_HANDLED + IRQ_WAKE_THREAD) by the old 99:1 ratio will an irq be moved to polling mode. Fixes: 4f27c00bf80f ("Improve behaviour of spurious IRQ detect") Cc: stable(a)vger.kernel.org Signed-off-by: Pete Swain <swine(a)google.com> --- kernel/irq/spurious.c | 68 +++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/kernel/irq/spurious.c b/kernel/irq/spurious.c index 02b2daf07441..ac596c8dc4b1 100644 --- a/kernel/irq/spurious.c +++ b/kernel/irq/spurious.c @@ -321,44 +321,44 @@ void note_interrupt(struct irq_desc *desc, irqreturn_t action_ret) */ if (!(desc->threads_handled_last & SPURIOUS_DEFERRED)) { desc->threads_handled_last |= SPURIOUS_DEFERRED; - return; - } - /* - * Check whether one of the threaded handlers - * returned IRQ_HANDLED since the last - * interrupt happened. - * - * For simplicity we just set bit 31, as it is - * set in threads_handled_last as well. So we - * avoid extra masking. And we really do not - * care about the high bits of the handled - * count. We just care about the count being - * different than the one we saw before. - */ - handled = atomic_read(&desc->threads_handled); - handled |= SPURIOUS_DEFERRED; - if (handled != desc->threads_handled_last) { - action_ret = IRQ_HANDLED; - /* - * Note: We keep the SPURIOUS_DEFERRED - * bit set. We are handling the - * previous invocation right now. - * Keep it for the current one, so the - * next hardware interrupt will - * account for it. - */ - desc->threads_handled_last = handled; } else { /* - * None of the threaded handlers felt - * responsible for the last interrupt + * Check whether one of the threaded handlers + * returned IRQ_HANDLED since the last + * interrupt happened. * - * We keep the SPURIOUS_DEFERRED bit - * set in threads_handled_last as we - * need to account for the current - * interrupt as well. + * For simplicity we just set bit 31, as it is + * set in threads_handled_last as well. So we + * avoid extra masking. And we really do not + * care about the high bits of the handled + * count. We just care about the count being + * different than the one we saw before. */ - action_ret = IRQ_NONE; + handled = atomic_read(&desc->threads_handled); + handled |= SPURIOUS_DEFERRED; + if (handled != desc->threads_handled_last) { + action_ret = IRQ_HANDLED; + /* + * Note: We keep the SPURIOUS_DEFERRED + * bit set. We are handling the + * previous invocation right now. + * Keep it for the current one, so the + * next hardware interrupt will + * account for it. + */ + desc->threads_handled_last = handled; + } else { + /* + * None of the threaded handlers felt + * responsible for the last interrupt + * + * We keep the SPURIOUS_DEFERRED bit + * set in threads_handled_last as we + * need to account for the current + * interrupt as well. + */ + action_ret = IRQ_NONE; + } } } else { /* -- 2.45.2.627.g7a2c4fd464-goog

10 months

2
1
0 0

[PATCH net v2 3/4] ipv6: take care of scope when choosing the src addr

by Nicolas Dichtel

When the source address is selected, the scope must be checked. For example, if a loopback address is assigned to the vrf device, it must not be chosen for packets sent outside. CC: stable(a)vger.kernel.org Fixes: afbac6010aec ("net: ipv6: Address selection needs to consider L3 domains") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> --- net/ipv6/addrconf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 5c424a0e7232..4f2c5cc31015 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -1873,7 +1873,8 @@ int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev, master, &dst, scores, hiscore_idx); - if (scores[hiscore_idx].ifa) + if (scores[hiscore_idx].ifa && + scores[hiscore_idx].scopedist >= 0) goto out; } -- 2.43.1

10 months

2
1
0 0

[PATCH v3] mm: Fix khugepaged activation policy

by Ryan Roberts

Since the introduction of mTHP, the docuementation has stated that khugepaged would be enabled when any mTHP size is enabled, and disabled when all mTHP sizes are disabled. There are 2 problems with this; 1. this is not what was implemented by the code and 2. this is not the desirable behavior. Desirable behavior is for khugepaged to be enabled when any PMD-sized THP is enabled, anon or file. (Note that file THP is still controlled by the top-level control so we must always consider that, as well as the PMD-size mTHP control for anon). khugepaged only supports collapsing to PMD-sized THP so there is no value in enabling it when PMD-sized THP is disabled. So let's change the code and documentation to reflect this policy. Further, per-size enabled control modification events were not previously forwarded to khugepaged to give it an opportunity to start or stop. Consequently the following was resulting in khugepaged eroneously not being activated: echo never > /sys/kernel/mm/transparent_hugepage/enabled echo always > /sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Fixes: 3485b88390b0 ("mm: thp: introduce multi-size THP sysfs interface") Closes: https://lore.kernel.org/linux-mm/7a0bbe69-1e3d-4263-b206-da007791a5c4@redha… Cc: stable(a)vger.kernel.org --- Hi All, Applies on top of mm-unstable from a couple of days ago (9bb8753acdd8). No regressions observed in mm selftests. When fixing this I also noticed that khugepaged doesn't get (and never has been) activated/deactivated by `shmem_enabled=`. I've concluded that this is definitely a (separate) bug. But I'm waiting for the conclusion of the conversation at [3] before fixing, so will send separately. Changes since v1 [1] ==================== - hugepage_pmd_enabled() now considers CONFIG_READ_ONLY_THP_FOR_FS as part of decision; means that for kernels without this config, khugepaged will not be started when only the top-level control is enabled. Changes since v2 [2] ==================== - Make hugepage_pmd_enabled() out-of-line static in khugepaged.c (per Andrew) - Refactor hugepage_pmd_enabled() for better readability (per Andrew) [1] https://lore.kernel.org/linux-mm/20240702144617.2291480-1-ryan.roberts@arm.… [2] https://lore.kernel.org/linux-mm/20240704091051.2411934-1-ryan.roberts@arm.… [3] https://lore.kernel.org/linux-mm/65c37315-2741-481f-b433-cec35ef1af35@arm.c… Thanks, Ryan Documentation/admin-guide/mm/transhuge.rst | 11 ++++---- include/linux/huge_mm.h | 12 -------- mm/huge_memory.c | 7 +++++ mm/khugepaged.c | 33 +++++++++++++++++----- 4 files changed, 38 insertions(+), 25 deletions(-) diff --git a/Documentation/admin-guide/mm/transhuge.rst b/Documentation/admin-guide/mm/transhuge.rst index 709fe10b60f4..fc321d40b8ac 100644 --- a/Documentation/admin-guide/mm/transhuge.rst +++ b/Documentation/admin-guide/mm/transhuge.rst @@ -202,12 +202,11 @@ PMD-mappable transparent hugepage:: cat /sys/kernel/mm/transparent_hugepage/hpage_pmd_size -khugepaged will be automatically started when one or more hugepage -sizes are enabled (either by directly setting "always" or "madvise", -or by setting "inherit" while the top-level enabled is set to "always" -or "madvise"), and it'll be automatically shutdown when the last -hugepage size is disabled (either by directly setting "never", or by -setting "inherit" while the top-level enabled is set to "never"). +khugepaged will be automatically started when PMD-sized THP is enabled +(either of the per-size anon control or the top-level control are set +to "always" or "madvise"), and it'll be automatically shutdown when +PMD-sized THP is disabled (when both the per-size anon control and the +top-level control are "never") Khugepaged controls ------------------- diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h index 4d155c7a4792..107da5c4eba4 100644 --- a/include/linux/huge_mm.h +++ b/include/linux/huge_mm.h @@ -128,18 +128,6 @@ static inline bool hugepage_global_always(void) (1<<TRANSPARENT_HUGEPAGE_FLAG); } -static inline bool hugepage_flags_enabled(void) -{ - /* - * We cover both the anon and the file-backed case here; we must return - * true if globally enabled, even when all anon sizes are set to never. - * So we don't need to look at huge_anon_orders_inherit. - */ - return hugepage_global_enabled() || - READ_ONCE(huge_anon_orders_always) || - READ_ONCE(huge_anon_orders_madvise); -} - static inline int highest_order(unsigned long orders) { return fls_long(orders) - 1; diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 251d6932130f..085f5e973231 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -502,6 +502,13 @@ static ssize_t thpsize_enabled_store(struct kobject *kobj, } else ret = -EINVAL; + if (ret > 0) { + int err; + + err = start_stop_khugepaged(); + if (err) + ret = err; + } return ret; } diff --git a/mm/khugepaged.c b/mm/khugepaged.c index 409f67a817f1..a5ec03ef8722 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -413,6 +413,26 @@ static inline int hpage_collapse_test_exit_or_disable(struct mm_struct *mm) test_bit(MMF_DISABLE_THP, &mm->flags); } +static bool hugepage_pmd_enabled(void) +{ + /* + * We cover both the anon and the file-backed case here; file-backed + * hugepages, when configured in, are determined by the global control. + * Anon pmd-sized hugepages are determined by the pmd-size control. + */ + if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && + hugepage_global_enabled()) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_always)) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_madvise)) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_inherit) && + hugepage_global_enabled()) + return true; + return false; +} + void __khugepaged_enter(struct mm_struct *mm) { struct khugepaged_mm_slot *mm_slot; @@ -449,7 +469,7 @@ void khugepaged_enter_vma(struct vm_area_struct *vma, unsigned long vm_flags) { if (!test_bit(MMF_VM_HUGEPAGE, &vma->vm_mm->flags) && - hugepage_flags_enabled()) { + hugepage_pmd_enabled()) { if (thp_vma_allowable_order(vma, vm_flags, TVA_ENFORCE_SYSFS, PMD_ORDER)) __khugepaged_enter(vma->vm_mm); @@ -2462,8 +2482,7 @@ static unsigned int khugepaged_scan_mm_slot(unsigned int pages, int *result, static int khugepaged_has_work(void) { - return !list_empty(&khugepaged_scan.mm_head) && - hugepage_flags_enabled(); + return !list_empty(&khugepaged_scan.mm_head) && hugepage_pmd_enabled(); } static int khugepaged_wait_event(void) @@ -2536,7 +2555,7 @@ static void khugepaged_wait_work(void) return; } - if (hugepage_flags_enabled()) + if (hugepage_pmd_enabled()) wait_event_freezable(khugepaged_wait, khugepaged_wait_event()); } @@ -2567,7 +2586,7 @@ static void set_recommended_min_free_kbytes(void) int nr_zones = 0; unsigned long recommended_min; - if (!hugepage_flags_enabled()) { + if (!hugepage_pmd_enabled()) { calculate_min_free_kbytes(); goto update_wmarks; } @@ -2617,7 +2636,7 @@ int start_stop_khugepaged(void) int err = 0; mutex_lock(&khugepaged_mutex); - if (hugepage_flags_enabled()) { + if (hugepage_pmd_enabled()) { if (!khugepaged_thread) khugepaged_thread = kthread_run(khugepaged, NULL, "khugepaged"); @@ -2643,7 +2662,7 @@ int start_stop_khugepaged(void) void khugepaged_min_free_kbytes_update(void) { mutex_lock(&khugepaged_mutex); - if (hugepage_flags_enabled() && khugepaged_thread) + if (hugepage_pmd_enabled() && khugepaged_thread) set_recommended_min_free_kbytes(); mutex_unlock(&khugepaged_mutex); } -- 2.43.0

10 months

2
1
0 0

[merged mm-hotfixes-stable] mm-fix-crashes-from-deferred-split-racing-folio-migration.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix crashes from deferred split racing folio migration has been removed from the -mm tree. Its filename was mm-fix-crashes-from-deferred-split-racing-folio-migration.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Hugh Dickins <hughd(a)google.com> Subject: mm: fix crashes from deferred split racing folio migration Date: Tue, 2 Jul 2024 00:40:55 -0700 (PDT) Even on 6.10-rc6, I've been seeing elusive "Bad page state"s (often on flags when freeing, yet the flags shown are not bad: PG_locked had been set and cleared??), and VM_BUG_ON_PAGE(page_ref_count(page) == 0)s from deferred_split_scan()'s folio_put(), and a variety of other BUG and WARN symptoms implying double free by deferred split and large folio migration. 6.7 commit 9bcef5973e31 ("mm: memcg: fix split queue list crash when large folio migration") was right to fix the memcg-dependent locking broken in 85ce2c517ade ("memcontrol: only transfer the memcg data for migration"), but missed a subtlety of deferred_split_scan(): it moves folios to its own local list to work on them without split_queue_lock, during which time folio->_deferred_list is not empty, but even the "right" lock does nothing to secure the folio and the list it is on. Fortunately, deferred_split_scan() is careful to use folio_try_get(): so folio_migrate_mapping() can avoid the race by folio_undo_large_rmappable() while the old folio's reference count is temporarily frozen to 0 - adding such a freeze in the !mapping case too (originally, folio lock and unmapping and no swap cache left an anon folio unreachable, so no freezing was needed there: but the deferred split queue offers a way to reach it). Link: https://lkml.kernel.org/r/29c83d1a-11ca-b6c9-f92e-6ccb322af510@google.com Fixes: 9bcef5973e31 ("mm: memcg: fix split queue list crash when large folio migration") Signed-off-by: Hugh Dickins <hughd(a)google.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 11 ----------- mm/migrate.c | 13 +++++++++++++ 2 files changed, 13 insertions(+), 11 deletions(-) --- a/mm/memcontrol.c~mm-fix-crashes-from-deferred-split-racing-folio-migration +++ a/mm/memcontrol.c @@ -7823,17 +7823,6 @@ void mem_cgroup_migrate(struct folio *ol /* Transfer the charge and the css ref */ commit_charge(new, memcg); - /* - * If the old folio is a large folio and is in the split queue, it needs - * to be removed from the split queue now, in case getting an incorrect - * split queue in destroy_large_folio() after the memcg of the old folio - * is cleared. - * - * In addition, the old folio is about to be freed after migration, so - * removing from the split queue a bit earlier seems reasonable. - */ - if (folio_test_large(old) && folio_test_large_rmappable(old)) - folio_undo_large_rmappable(old); old->memcg_data = 0; } --- a/mm/migrate.c~mm-fix-crashes-from-deferred-split-racing-folio-migration +++ a/mm/migrate.c @@ -415,6 +415,15 @@ int folio_migrate_mapping(struct address if (folio_ref_count(folio) != expected_count) return -EAGAIN; + /* Take off deferred split queue while frozen and memcg set */ + if (folio_test_large(folio) && + folio_test_large_rmappable(folio)) { + if (!folio_ref_freeze(folio, expected_count)) + return -EAGAIN; + folio_undo_large_rmappable(folio); + folio_ref_unfreeze(folio, expected_count); + } + /* No turning back from here */ newfolio->index = folio->index; newfolio->mapping = folio->mapping; @@ -433,6 +442,10 @@ int folio_migrate_mapping(struct address return -EAGAIN; } + /* Take off deferred split queue while frozen and memcg set */ + if (folio_test_large(folio) && folio_test_large_rmappable(folio)) + folio_undo_large_rmappable(folio); + /* * Now we know that no one else is looking at the folio: * no turning back from here. _ Patches currently in -mm which might be from hughd(a)google.com are

10 months

1
0
0 0

[merged mm-hotfixes-stable] mm-gup-stop-abusing-try_grab_folio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: gup: stop abusing try_grab_folio has been removed from the -mm tree. Its filename was mm-gup-stop-abusing-try_grab_folio.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yang Shi <yang(a)os.amperecomputing.com> Subject: mm: gup: stop abusing try_grab_folio Date: Fri, 28 Jun 2024 12:14:58 -0700 A kernel warning was reported when pinning folio in CMA memory when launching SEV virtual machine. The splat looks like: [ 464.325306] WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313 __get_user_pages+0x423/0x520 [ 464.325464] CPU: 13 PID: 6734 Comm: qemu-kvm Kdump: loaded Not tainted 6.6.33+ #6 [ 464.325477] RIP: 0010:__get_user_pages+0x423/0x520 [ 464.325515] Call Trace: [ 464.325520] <TASK> [ 464.325523] ? __get_user_pages+0x423/0x520 [ 464.325528] ? __warn+0x81/0x130 [ 464.325536] ? __get_user_pages+0x423/0x520 [ 464.325541] ? report_bug+0x171/0x1a0 [ 464.325549] ? handle_bug+0x3c/0x70 [ 464.325554] ? exc_invalid_op+0x17/0x70 [ 464.325558] ? asm_exc_invalid_op+0x1a/0x20 [ 464.325567] ? __get_user_pages+0x423/0x520 [ 464.325575] __gup_longterm_locked+0x212/0x7a0 [ 464.325583] internal_get_user_pages_fast+0xfb/0x190 [ 464.325590] pin_user_pages_fast+0x47/0x60 [ 464.325598] sev_pin_memory+0xca/0x170 [kvm_amd] [ 464.325616] sev_mem_enc_register_region+0x81/0x130 [kvm_amd] Per the analysis done by yangge, when starting the SEV virtual machine, it will call pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin the memory. But the page is in CMA area, so fast GUP will fail then fallback to the slow path due to the longterm pinnalbe check in try_grab_folio(). The slow path will try to pin the pages then migrate them out of CMA area. But the slow path also uses try_grab_folio() to pin the page, it will also fail due to the same check then the above warning is triggered. In addition, the try_grab_folio() is supposed to be used in fast path and it elevates folio refcount by using add ref unless zero. We are guaranteed to have at least one stable reference in slow path, so the simple atomic add could be used. The performance difference should be trivial, but the misuse may be confusing and misleading. Redefined try_grab_folio() to try_grab_folio_fast(), and try_grab_page() to try_grab_folio(), and use them in the proper paths. This solves both the abuse and the kernel warning. The proper naming makes their usecase more clear and should prevent from abusing in the future. peterx said: : The user will see the pin fails, for gpu-slow it further triggers the WARN : right below that failure (as in the original report): : : folio = try_grab_folio(page, page_increm - 1, : foll_flags); : if (WARN_ON_ONCE(!folio)) { <------------------------ here : /* : * Release the 1st page ref if the : * folio is problematic, fail hard. : */ : gup_put_folio(page_folio(page), 1, : foll_flags); : ret = -EFAULT; : goto out; : } [1] https://lore.kernel.org/linux-mm/1719478388-31917-1-git-send-email-yangge11… [shy828301(a)gmail.com: fix implicit declaration of function try_grab_folio_fast] Link: https://lkml.kernel.org/r/CAHbLzkowMSso-4Nufc9hcMehQsK9PNz3OSu-+eniU-2Mm-xj… Link: https://lkml.kernel.org/r/20240628191458.2605553-1-yang@os.amperecomputing.… Fixes: 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Reported-by: yangge <yangge1116(a)126.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 289 +++++++++++++++++++++++---------------------- mm/huge_memory.c | 2 mm/internal.h | 4 3 files changed, 156 insertions(+), 139 deletions(-) --- a/mm/gup.c~mm-gup-stop-abusing-try_grab_folio +++ a/mm/gup.c @@ -97,95 +97,6 @@ retry: return folio; } -/** - * try_grab_folio() - Attempt to get or pin a folio. - * @page: pointer to page to be grabbed - * @refs: the value to (effectively) add to the folio's refcount - * @flags: gup flags: these are the FOLL_* flag values. - * - * "grab" names in this file mean, "look at flags to decide whether to use - * FOLL_PIN or FOLL_GET behavior, when incrementing the folio's refcount. - * - * Either FOLL_PIN or FOLL_GET (or neither) must be set, but not both at the - * same time. (That's true throughout the get_user_pages*() and - * pin_user_pages*() APIs.) Cases: - * - * FOLL_GET: folio's refcount will be incremented by @refs. - * - * FOLL_PIN on large folios: folio's refcount will be incremented by - * @refs, and its pincount will be incremented by @refs. - * - * FOLL_PIN on single-page folios: folio's refcount will be incremented by - * @refs * GUP_PIN_COUNTING_BIAS. - * - * Return: The folio containing @page (with refcount appropriately - * incremented) for success, or NULL upon failure. If neither FOLL_GET - * nor FOLL_PIN was set, that's considered failure, and furthermore, - * a likely bug in the caller, so a warning is also emitted. - */ -struct folio *try_grab_folio(struct page *page, int refs, unsigned int flags) -{ - struct folio *folio; - - if (WARN_ON_ONCE((flags & (FOLL_GET | FOLL_PIN)) == 0)) - return NULL; - - if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(page))) - return NULL; - - if (flags & FOLL_GET) - return try_get_folio(page, refs); - - /* FOLL_PIN is set */ - - /* - * Don't take a pin on the zero page - it's not going anywhere - * and it is used in a *lot* of places. - */ - if (is_zero_page(page)) - return page_folio(page); - - folio = try_get_folio(page, refs); - if (!folio) - return NULL; - - /* - * Can't do FOLL_LONGTERM + FOLL_PIN gup fast path if not in a - * right zone, so fail and let the caller fall back to the slow - * path. - */ - if (unlikely((flags & FOLL_LONGTERM) && - !folio_is_longterm_pinnable(folio))) { - if (!put_devmap_managed_folio_refs(folio, refs)) - folio_put_refs(folio, refs); - return NULL; - } - - /* - * When pinning a large folio, use an exact count to track it. - * - * However, be sure to *also* increment the normal folio - * refcount field at least once, so that the folio really - * is pinned. That's why the refcount from the earlier - * try_get_folio() is left intact. - */ - if (folio_test_large(folio)) - atomic_add(refs, &folio->_pincount); - else - folio_ref_add(folio, - refs * (GUP_PIN_COUNTING_BIAS - 1)); - /* - * Adjust the pincount before re-checking the PTE for changes. - * This is essentially a smp_mb() and is paired with a memory - * barrier in folio_try_share_anon_rmap_*(). - */ - smp_mb__after_atomic(); - - node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, refs); - - return folio; -} - static void gup_put_folio(struct folio *folio, int refs, unsigned int flags) { if (flags & FOLL_PIN) { @@ -203,58 +114,59 @@ static void gup_put_folio(struct folio * } /** - * try_grab_page() - elevate a page's refcount by a flag-dependent amount - * @page: pointer to page to be grabbed - * @flags: gup flags: these are the FOLL_* flag values. + * try_grab_folio() - add a folio's refcount by a flag-dependent amount + * @folio: pointer to folio to be grabbed + * @refs: the value to (effectively) add to the folio's refcount + * @flags: gup flags: these are the FOLL_* flag values * * This might not do anything at all, depending on the flags argument. * * "grab" names in this file mean, "look at flags to decide whether to use - * FOLL_PIN or FOLL_GET behavior, when incrementing the page's refcount. + * FOLL_PIN or FOLL_GET behavior, when incrementing the folio's refcount. * * Either FOLL_PIN or FOLL_GET (or neither) may be set, but not both at the same - * time. Cases: please see the try_grab_folio() documentation, with - * "refs=1". + * time. * * Return: 0 for success, or if no action was required (if neither FOLL_PIN * nor FOLL_GET was set, nothing is done). A negative error code for failure: * - * -ENOMEM FOLL_GET or FOLL_PIN was set, but the page could not + * -ENOMEM FOLL_GET or FOLL_PIN was set, but the folio could not * be grabbed. + * + * It is called when we have a stable reference for the folio, typically in + * GUP slow path. */ -int __must_check try_grab_page(struct page *page, unsigned int flags) +int __must_check try_grab_folio(struct folio *folio, int refs, + unsigned int flags) { - struct folio *folio = page_folio(page); - if (WARN_ON_ONCE(folio_ref_count(folio) <= 0)) return -ENOMEM; - if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(page))) + if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(&folio->page))) return -EREMOTEIO; if (flags & FOLL_GET) - folio_ref_inc(folio); + folio_ref_add(folio, refs); else if (flags & FOLL_PIN) { /* * Don't take a pin on the zero page - it's not going anywhere * and it is used in a *lot* of places. */ - if (is_zero_page(page)) + if (is_zero_folio(folio)) return 0; /* - * Similar to try_grab_folio(): be sure to *also* - * increment the normal page refcount field at least once, + * Increment the normal page refcount field at least once, * so that the page really is pinned. */ if (folio_test_large(folio)) { - folio_ref_add(folio, 1); - atomic_add(1, &folio->_pincount); + folio_ref_add(folio, refs); + atomic_add(refs, &folio->_pincount); } else { - folio_ref_add(folio, GUP_PIN_COUNTING_BIAS); + folio_ref_add(folio, refs * GUP_PIN_COUNTING_BIAS); } - node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, 1); + node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, refs); } return 0; @@ -515,6 +427,102 @@ static int record_subpages(struct page * return nr; } + +/** + * try_grab_folio_fast() - Attempt to get or pin a folio in fast path. + * @page: pointer to page to be grabbed + * @refs: the value to (effectively) add to the folio's refcount + * @flags: gup flags: these are the FOLL_* flag values. + * + * "grab" names in this file mean, "look at flags to decide whether to use + * FOLL_PIN or FOLL_GET behavior, when incrementing the folio's refcount. + * + * Either FOLL_PIN or FOLL_GET (or neither) must be set, but not both at the + * same time. (That's true throughout the get_user_pages*() and + * pin_user_pages*() APIs.) Cases: + * + * FOLL_GET: folio's refcount will be incremented by @refs. + * + * FOLL_PIN on large folios: folio's refcount will be incremented by + * @refs, and its pincount will be incremented by @refs. + * + * FOLL_PIN on single-page folios: folio's refcount will be incremented by + * @refs * GUP_PIN_COUNTING_BIAS. + * + * Return: The folio containing @page (with refcount appropriately + * incremented) for success, or NULL upon failure. If neither FOLL_GET + * nor FOLL_PIN was set, that's considered failure, and furthermore, + * a likely bug in the caller, so a warning is also emitted. + * + * It uses add ref unless zero to elevate the folio refcount and must be called + * in fast path only. + */ +static struct folio *try_grab_folio_fast(struct page *page, int refs, + unsigned int flags) +{ + struct folio *folio; + + /* Raise warn if it is not called in fast GUP */ + VM_WARN_ON_ONCE(!irqs_disabled()); + + if (WARN_ON_ONCE((flags & (FOLL_GET | FOLL_PIN)) == 0)) + return NULL; + + if (unlikely(!(flags & FOLL_PCI_P2PDMA) && is_pci_p2pdma_page(page))) + return NULL; + + if (flags & FOLL_GET) + return try_get_folio(page, refs); + + /* FOLL_PIN is set */ + + /* + * Don't take a pin on the zero page - it's not going anywhere + * and it is used in a *lot* of places. + */ + if (is_zero_page(page)) + return page_folio(page); + + folio = try_get_folio(page, refs); + if (!folio) + return NULL; + + /* + * Can't do FOLL_LONGTERM + FOLL_PIN gup fast path if not in a + * right zone, so fail and let the caller fall back to the slow + * path. + */ + if (unlikely((flags & FOLL_LONGTERM) && + !folio_is_longterm_pinnable(folio))) { + if (!put_devmap_managed_folio_refs(folio, refs)) + folio_put_refs(folio, refs); + return NULL; + } + + /* + * When pinning a large folio, use an exact count to track it. + * + * However, be sure to *also* increment the normal folio + * refcount field at least once, so that the folio really + * is pinned. That's why the refcount from the earlier + * try_get_folio() is left intact. + */ + if (folio_test_large(folio)) + atomic_add(refs, &folio->_pincount); + else + folio_ref_add(folio, + refs * (GUP_PIN_COUNTING_BIAS - 1)); + /* + * Adjust the pincount before re-checking the PTE for changes. + * This is essentially a smp_mb() and is paired with a memory + * barrier in folio_try_share_anon_rmap_*(). + */ + smp_mb__after_atomic(); + + node_stat_mod_folio(folio, NR_FOLL_PIN_ACQUIRED, refs); + + return folio; +} #endif /* CONFIG_ARCH_HAS_HUGEPD || CONFIG_HAVE_GUP_FAST */ #ifdef CONFIG_ARCH_HAS_HUGEPD @@ -535,7 +543,7 @@ static unsigned long hugepte_addr_end(un */ static int gup_hugepte(struct vm_area_struct *vma, pte_t *ptep, unsigned long sz, unsigned long addr, unsigned long end, unsigned int flags, - struct page **pages, int *nr) + struct page **pages, int *nr, bool fast) { unsigned long pte_end; struct page *page; @@ -558,9 +566,15 @@ static int gup_hugepte(struct vm_area_st page = pte_page(pte); refs = record_subpages(page, sz, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); - if (!folio) - return 0; + if (fast) { + folio = try_grab_folio_fast(page, refs, flags); + if (!folio) + return 0; + } else { + folio = page_folio(page); + if (try_grab_folio(folio, refs, flags)) + return 0; + } if (unlikely(pte_val(pte) != pte_val(ptep_get(ptep)))) { gup_put_folio(folio, refs, flags); @@ -588,7 +602,7 @@ static int gup_hugepte(struct vm_area_st static int gup_hugepd(struct vm_area_struct *vma, hugepd_t hugepd, unsigned long addr, unsigned int pdshift, unsigned long end, unsigned int flags, - struct page **pages, int *nr) + struct page **pages, int *nr, bool fast) { pte_t *ptep; unsigned long sz = 1UL << hugepd_shift(hugepd); @@ -598,7 +612,8 @@ static int gup_hugepd(struct vm_area_str ptep = hugepte_offset(hugepd, addr, pdshift); do { next = hugepte_addr_end(addr, end, sz); - ret = gup_hugepte(vma, ptep, sz, addr, end, flags, pages, nr); + ret = gup_hugepte(vma, ptep, sz, addr, end, flags, pages, nr, + fast); if (ret != 1) return ret; } while (ptep++, addr = next, addr != end); @@ -625,7 +640,7 @@ static struct page *follow_hugepd(struct ptep = hugepte_offset(hugepd, addr, pdshift); ptl = huge_pte_lock(h, vma->vm_mm, ptep); ret = gup_hugepd(vma, hugepd, addr, pdshift, addr + PAGE_SIZE, - flags, &page, &nr); + flags, &page, &nr, false); spin_unlock(ptl); if (ret == 1) { @@ -642,7 +657,7 @@ static struct page *follow_hugepd(struct static inline int gup_hugepd(struct vm_area_struct *vma, hugepd_t hugepd, unsigned long addr, unsigned int pdshift, unsigned long end, unsigned int flags, - struct page **pages, int *nr) + struct page **pages, int *nr, bool fast) { return 0; } @@ -729,7 +744,7 @@ static struct page *follow_huge_pud(stru gup_must_unshare(vma, flags, page)) return ERR_PTR(-EMLINK); - ret = try_grab_page(page, flags); + ret = try_grab_folio(page_folio(page), 1, flags); if (ret) page = ERR_PTR(ret); else @@ -806,7 +821,7 @@ static struct page *follow_huge_pmd(stru VM_BUG_ON_PAGE((flags & FOLL_PIN) && PageAnon(page) && !PageAnonExclusive(page), page); - ret = try_grab_page(page, flags); + ret = try_grab_folio(page_folio(page), 1, flags); if (ret) return ERR_PTR(ret); @@ -968,8 +983,8 @@ static struct page *follow_page_pte(stru VM_BUG_ON_PAGE((flags & FOLL_PIN) && PageAnon(page) && !PageAnonExclusive(page), page); - /* try_grab_page() does nothing unless FOLL_GET or FOLL_PIN is set. */ - ret = try_grab_page(page, flags); + /* try_grab_folio() does nothing unless FOLL_GET or FOLL_PIN is set. */ + ret = try_grab_folio(page_folio(page), 1, flags); if (unlikely(ret)) { page = ERR_PTR(ret); goto out; @@ -1233,7 +1248,7 @@ static int get_gate_page(struct mm_struc goto unmap; *page = pte_page(entry); } - ret = try_grab_page(*page, gup_flags); + ret = try_grab_folio(page_folio(*page), 1, gup_flags); if (unlikely(ret)) goto unmap; out: @@ -1636,20 +1651,19 @@ next_page: * pages. */ if (page_increm > 1) { - struct folio *folio; + struct folio *folio = page_folio(page); /* * Since we already hold refcount on the * large folio, this should never fail. */ - folio = try_grab_folio(page, page_increm - 1, - foll_flags); - if (WARN_ON_ONCE(!folio)) { + if (try_grab_folio(folio, page_increm - 1, + foll_flags)) { /* * Release the 1st page ref if the * folio is problematic, fail hard. */ - gup_put_folio(page_folio(page), 1, + gup_put_folio(folio, 1, foll_flags); ret = -EFAULT; goto out; @@ -2797,7 +2811,6 @@ EXPORT_SYMBOL(get_user_pages_unlocked); * This code is based heavily on the PowerPC implementation by Nick Piggin. */ #ifdef CONFIG_HAVE_GUP_FAST - /* * Used in the GUP-fast path to determine whether GUP is permitted to work on * a specific folio. @@ -2962,7 +2975,7 @@ static int gup_fast_pte_range(pmd_t pmd, VM_BUG_ON(!pfn_valid(pte_pfn(pte))); page = pte_page(pte); - folio = try_grab_folio(page, 1, flags); + folio = try_grab_folio_fast(page, 1, flags); if (!folio) goto pte_unmap; @@ -3049,7 +3062,7 @@ static int gup_fast_devmap_leaf(unsigned break; } - folio = try_grab_folio(page, 1, flags); + folio = try_grab_folio_fast(page, 1, flags); if (!folio) { gup_fast_undo_dev_pagemap(nr, nr_start, flags, pages); break; @@ -3138,7 +3151,7 @@ static int gup_fast_pmd_leaf(pmd_t orig, page = pmd_page(orig); refs = record_subpages(page, PMD_SIZE, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); + folio = try_grab_folio_fast(page, refs, flags); if (!folio) return 0; @@ -3182,7 +3195,7 @@ static int gup_fast_pud_leaf(pud_t orig, page = pud_page(orig); refs = record_subpages(page, PUD_SIZE, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); + folio = try_grab_folio_fast(page, refs, flags); if (!folio) return 0; @@ -3222,7 +3235,7 @@ static int gup_fast_pgd_leaf(pgd_t orig, page = pgd_page(orig); refs = record_subpages(page, PGDIR_SIZE, addr, end, pages + *nr); - folio = try_grab_folio(page, refs, flags); + folio = try_grab_folio_fast(page, refs, flags); if (!folio) return 0; @@ -3276,7 +3289,8 @@ static int gup_fast_pmd_range(pud_t *pud * pmd format and THP pmd format */ if (gup_hugepd(NULL, __hugepd(pmd_val(pmd)), addr, - PMD_SHIFT, next, flags, pages, nr) != 1) + PMD_SHIFT, next, flags, pages, nr, + true) != 1) return 0; } else if (!gup_fast_pte_range(pmd, pmdp, addr, next, flags, pages, nr)) @@ -3306,7 +3320,8 @@ static int gup_fast_pud_range(p4d_t *p4d return 0; } else if (unlikely(is_hugepd(__hugepd(pud_val(pud))))) { if (gup_hugepd(NULL, __hugepd(pud_val(pud)), addr, - PUD_SHIFT, next, flags, pages, nr) != 1) + PUD_SHIFT, next, flags, pages, nr, + true) != 1) return 0; } else if (!gup_fast_pmd_range(pudp, pud, addr, next, flags, pages, nr)) @@ -3333,7 +3348,8 @@ static int gup_fast_p4d_range(pgd_t *pgd BUILD_BUG_ON(p4d_leaf(p4d)); if (unlikely(is_hugepd(__hugepd(p4d_val(p4d))))) { if (gup_hugepd(NULL, __hugepd(p4d_val(p4d)), addr, - P4D_SHIFT, next, flags, pages, nr) != 1) + P4D_SHIFT, next, flags, pages, nr, + true) != 1) return 0; } else if (!gup_fast_pud_range(p4dp, p4d, addr, next, flags, pages, nr)) @@ -3362,7 +3378,8 @@ static void gup_fast_pgd_range(unsigned return; } else if (unlikely(is_hugepd(__hugepd(pgd_val(pgd))))) { if (gup_hugepd(NULL, __hugepd(pgd_val(pgd)), addr, - PGDIR_SHIFT, next, flags, pages, nr) != 1) + PGDIR_SHIFT, next, flags, pages, nr, + true) != 1) return; } else if (!gup_fast_p4d_range(pgdp, pgd, addr, next, flags, pages, nr)) --- a/mm/huge_memory.c~mm-gup-stop-abusing-try_grab_folio +++ a/mm/huge_memory.c @@ -1331,7 +1331,7 @@ struct page *follow_devmap_pmd(struct vm if (!*pgmap) return ERR_PTR(-EFAULT); page = pfn_to_page(pfn); - ret = try_grab_page(page, flags); + ret = try_grab_folio(page_folio(page), 1, flags); if (ret) page = ERR_PTR(ret); --- a/mm/internal.h~mm-gup-stop-abusing-try_grab_folio +++ a/mm/internal.h @@ -1182,8 +1182,8 @@ int migrate_device_coherent_page(struct /* * mm/gup.c */ -struct folio *try_grab_folio(struct page *page, int refs, unsigned int flags); -int __must_check try_grab_page(struct page *page, unsigned int flags); +int __must_check try_grab_folio(struct folio *folio, int refs, + unsigned int flags); /* * mm/huge_memory.c _ Patches currently in -mm which might be from yang(a)os.amperecomputing.com are

10 months

1
0
0 0

buckles ,leather hardware ,bag hardware ,shoe hardware ,cord hardware ,hockey hardware, head pins ,wallets ,trims ,handles,tools ,fashion ,wires supply ?

by qualityfactory＠vip.163.com

Dear Sir : Nice day! This is Su from METAL & HARNESSES factory ,we make D rings , O rings ,Plastic hardware ,clasps ,clips , buckles ,leather hardware ,bag hardware ,shoe hardware ,cord hardware ,hockey hardware, head pins ,wallets ,trims ,handles,tools ,fashion ,wires ,fastening,rivets , grommets,eyelets,buckles,screws , harnesses ,wires ,bolts ,nuts ,clips ,bits ,spurs ,screws,anchors,stainless steel hardware , brass hardware,steel harnesses ,aluminium hardware ,iron hardware ,metal & Harnesses,belt and buckles,straps ,leather Harnesses,tags ,belts,straps ,clips ,rings bars ,hooks , safety buckles,brass buckles, brass rings ,belts,buckles ,Split Ring ,straps ,sliders,snaps ,Bars Rings, Fasteners, magnent buttons,craft hardware ,bindings ,knobs,steps ,straps , bits ,eyelets ,tools , metal gear , metal hardware , metal products, metal Components,S hooks ,bars ,snaps ,webbings , buckles, HOOK,brass buckles, clips , hooks ,straps , accessories ,brass snaps ,brass gear , stainless steel hardware,steel harness ,steel wires, wire rings , wire buckles ,brass gears ,brass products ,iron metal hardware ,Fasteners,safety buckles,brass buckles, brass rings ,belts,buckles ,Ring ,Squares ,straps ,sliders,Bars Rings,Buckles, Cord locks, Hooks & Rings,Tabs, Locks and Slides,magnent buttons,carabiners,trigger ,buttons ,snaps ,fasteners, webbings , webbing buckles, buttons,Hook Loop ，textile accessories,safety buckles,sliders,snaps ,Rings ,chains,suspenders as required for our global clients . We are manufactory, we are the source, our price is very competitive ,you will get the best price , We have profuse designs with series quality grade, and expressly. Our factory always produce customer designs and drawing , if you have any products looking please let me know we could surely make for you Sincerely hope could work with you ! Best regards Su

10 months

1
0
0 0

[PATCH v2] net: ks8851: Fix deadlock with the SPI chip variant

by Ronald Wahl

From: Ronald Wahl <ronald.wahl(a)raritan.com> When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmit+0x6c/0xbc sch_direct_xmit+0xa4/0x22c __qdisc_run+0x138/0x3fc qdisc_run+0x24/0x3c net_tx_action+0xf8/0x130 handle_softirqs+0x1ac/0x1f0 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x3c/0x58 do_softirq_own_stack+0x1c/0x28 __irq_exit_rcu+0x54/0x9c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x50 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x64/0x68 __netif_schedule+0x6c/0x80 netif_tx_wake_queue+0x38/0x48 ks8851_irq+0xb8/0x2c8 irq_thread_fn+0x2c/0x74 irq_thread+0x10c/0x1b0 kthread+0xc8/0xd8 ret_from_fork+0x10/0x20 This issue has not been identified earlier because tests were done on a device with SMP disabled and so spinlocks were actually NOPs. Now use spin_(un)lock_bh for TX queue related locking to avoid execution of softirq work synchronously that would lead to a deadlock. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> --- V2: - use spin_lock_bh instead of moving netif_wake_queue outside of locked region (doing the same in the start_xmit function) - add missing net: tag drivers/net/ethernet/micrel/ks8851_common.c | 4 ++-- drivers/net/ethernet/micrel/ks8851_spi.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 6453c92f0fa7..51fb6c27153e 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -352,11 +352,11 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) netif_dbg(ks, intr, ks->netdev, "%s: txspace %d\n", __func__, tx_space); - spin_lock(&ks->statelock); + spin_lock_bh(&ks->statelock); ks->tx_space = tx_space; if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); - spin_unlock(&ks->statelock); + spin_unlock_bh(&ks->statelock); } if (status & IRQ_SPIBEI) { diff --git a/drivers/net/ethernet/micrel/ks8851_spi.c b/drivers/net/ethernet/micrel/ks8851_spi.c index 670c1de966db..818e1ce3227b 100644 --- a/drivers/net/ethernet/micrel/ks8851_spi.c +++ b/drivers/net/ethernet/micrel/ks8851_spi.c @@ -385,7 +385,7 @@ static netdev_tx_t ks8851_start_xmit_spi(struct sk_buff *skb, netif_dbg(ks, tx_queued, ks->netdev, "%s: skb %p, %d@%p\n", __func__, skb, skb->len, skb->data); - spin_lock(&ks->statelock); + spin_lock_bh(&ks->statelock); if (ks->queued_len + needed > ks->tx_space) { netif_stop_queue(dev); @@ -395,7 +395,7 @@ static netdev_tx_t ks8851_start_xmit_spi(struct sk_buff *skb, skb_queue_tail(&ks->txq, skb); } - spin_unlock(&ks->statelock); + spin_unlock_bh(&ks->statelock); if (ret == NETDEV_TX_OK) schedule_work(&kss->tx_work); -- 2.45.2

10 months

4
4
0 0

patch "bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From c7d0b2db5bc5e8c0fdc67b3c8f463c3dfec92f77 Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Date: Mon, 3 Jun 2024 22:13:54 +0530 Subject: bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone MHI endpoint stack accidentally started allocating memory for objects from DMA zone since commit 62210a26cd4f ("bus: mhi: ep: Use slab allocator where applicable"). But there is no real need to allocate memory from this naturally limited DMA zone. This also causes the MHI endpoint stack to run out of memory while doing high bandwidth transfers. So let's switch over to normal memory. Cc: <stable(a)vger.kernel.org> # 6.8 Fixes: 62210a26cd4f ("bus: mhi: ep: Use slab allocator where applicable") Reviewed-by: Mayank Rana <quic_mrana(a)quicinc.com> Link: https://lore.kernel.org/r/20240603164354.79035-1-manivannan.sadhasivam@lina… Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- drivers/bus/mhi/ep/main.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/bus/mhi/ep/main.c b/drivers/bus/mhi/ep/main.c index f8f674adf1d4..4acfac73ca9a 100644 --- a/drivers/bus/mhi/ep/main.c +++ b/drivers/bus/mhi/ep/main.c @@ -90,7 +90,7 @@ static int mhi_ep_send_completion_event(struct mhi_ep_cntrl *mhi_cntrl, struct m struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -109,7 +109,7 @@ int mhi_ep_send_state_change_event(struct mhi_ep_cntrl *mhi_cntrl, enum mhi_stat struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -127,7 +127,7 @@ int mhi_ep_send_ee_event(struct mhi_ep_cntrl *mhi_cntrl, enum mhi_ee_type exec_e struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -146,7 +146,7 @@ static int mhi_ep_send_cmd_comp_event(struct mhi_ep_cntrl *mhi_cntrl, enum mhi_e struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -438,7 +438,7 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, read_offset = mhi_chan->tre_size - mhi_chan->tre_bytes_left; write_offset = len - buf_left; - buf_addr = kmem_cache_zalloc(mhi_cntrl->tre_buf_cache, GFP_KERNEL | GFP_DMA); + buf_addr = kmem_cache_zalloc(mhi_cntrl->tre_buf_cache, GFP_KERNEL); if (!buf_addr) return -ENOMEM; @@ -1481,14 +1481,14 @@ int mhi_ep_register_controller(struct mhi_ep_cntrl *mhi_cntrl, mhi_cntrl->ev_ring_el_cache = kmem_cache_create("mhi_ep_event_ring_el", sizeof(struct mhi_ring_element), 0, - SLAB_CACHE_DMA, NULL); + 0, NULL); if (!mhi_cntrl->ev_ring_el_cache) { ret = -ENOMEM; goto err_free_cmd; } mhi_cntrl->tre_buf_cache = kmem_cache_create("mhi_ep_tre_buf", MHI_EP_DEFAULT_MTU, 0, - SLAB_CACHE_DMA, NULL); + 0, NULL); if (!mhi_cntrl->tre_buf_cache) { ret = -ENOMEM; goto err_destroy_ev_ring_el_cache; -- 2.45.2

10 months

1
0
0 0

patch "bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From c7d0b2db5bc5e8c0fdc67b3c8f463c3dfec92f77 Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Date: Mon, 3 Jun 2024 22:13:54 +0530 Subject: bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone MHI endpoint stack accidentally started allocating memory for objects from DMA zone since commit 62210a26cd4f ("bus: mhi: ep: Use slab allocator where applicable"). But there is no real need to allocate memory from this naturally limited DMA zone. This also causes the MHI endpoint stack to run out of memory while doing high bandwidth transfers. So let's switch over to normal memory. Cc: <stable(a)vger.kernel.org> # 6.8 Fixes: 62210a26cd4f ("bus: mhi: ep: Use slab allocator where applicable") Reviewed-by: Mayank Rana <quic_mrana(a)quicinc.com> Link: https://lore.kernel.org/r/20240603164354.79035-1-manivannan.sadhasivam@lina… Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- drivers/bus/mhi/ep/main.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/bus/mhi/ep/main.c b/drivers/bus/mhi/ep/main.c index f8f674adf1d4..4acfac73ca9a 100644 --- a/drivers/bus/mhi/ep/main.c +++ b/drivers/bus/mhi/ep/main.c @@ -90,7 +90,7 @@ static int mhi_ep_send_completion_event(struct mhi_ep_cntrl *mhi_cntrl, struct m struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -109,7 +109,7 @@ int mhi_ep_send_state_change_event(struct mhi_ep_cntrl *mhi_cntrl, enum mhi_stat struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -127,7 +127,7 @@ int mhi_ep_send_ee_event(struct mhi_ep_cntrl *mhi_cntrl, enum mhi_ee_type exec_e struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -146,7 +146,7 @@ static int mhi_ep_send_cmd_comp_event(struct mhi_ep_cntrl *mhi_cntrl, enum mhi_e struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -438,7 +438,7 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, read_offset = mhi_chan->tre_size - mhi_chan->tre_bytes_left; write_offset = len - buf_left; - buf_addr = kmem_cache_zalloc(mhi_cntrl->tre_buf_cache, GFP_KERNEL | GFP_DMA); + buf_addr = kmem_cache_zalloc(mhi_cntrl->tre_buf_cache, GFP_KERNEL); if (!buf_addr) return -ENOMEM; @@ -1481,14 +1481,14 @@ int mhi_ep_register_controller(struct mhi_ep_cntrl *mhi_cntrl, mhi_cntrl->ev_ring_el_cache = kmem_cache_create("mhi_ep_event_ring_el", sizeof(struct mhi_ring_element), 0, - SLAB_CACHE_DMA, NULL); + 0, NULL); if (!mhi_cntrl->ev_ring_el_cache) { ret = -ENOMEM; goto err_free_cmd; } mhi_cntrl->tre_buf_cache = kmem_cache_create("mhi_ep_tre_buf", MHI_EP_DEFAULT_MTU, 0, - SLAB_CACHE_DMA, NULL); + 0, NULL); if (!mhi_cntrl->tre_buf_cache) { ret = -ENOMEM; goto err_destroy_ev_ring_el_cache; -- 2.45.2

10 months

1
0
0 0

[PATCH] kbuild: Update ld-version.sh for change in LLD version output

by Nathan Chancellor

After [1] in upstream LLVM, ld.lld's version output is slightly different when the cmake configuration option LLVM_APPEND_VC_REV is disabled. Before: Debian LLD 19.0.0 (compatible with GNU linkers) After: Debian LLD 19.0.0, compatible with GNU linkers This results in ld-version.sh failing with scripts/ld-version.sh: 19: arithmetic expression: expecting EOF: "10000 * 19 + 100 * 0 + 0," because the trailing comma is included in the patch level part of the expression. Remove the trailing comma when assigning the version variable in the LLD block to resolve the error, resulting in the proper output: LLD 190000 With LLVM_APPEND_VC_REV enabled, there is no issue with the new output because it is treated the same as the prior LLVM_APPEND_VC_REV=OFF version string was. ClangBuiltLinux LLD 19.0.0 (https://github.com/llvm/llvm-project a3c5c83273358a85a4e02f5f76379b1a276e7714), compatible with GNU linkers Cc: stable(a)vger.kernel.org Fixes: 02aff8592204 ("kbuild: check the minimum linker version in Kconfig") Link: https://github.com/llvm/llvm-project/commit/0f9fbbb63cfcd2069441aa2ebef622c… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- scripts/ld-version.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/ld-version.sh b/scripts/ld-version.sh index a78b804b680c..f2f425322524 100755 --- a/scripts/ld-version.sh +++ b/scripts/ld-version.sh @@ -47,7 +47,9 @@ else done if [ "$1" = LLD ]; then - version=$2 + # LLD after https://github.com/llvm/llvm-project/commit/0f9fbbb63cfcd2069441aa2ebef622c… + # may have a trailing comma on the patch version with LLVM_APPEND_VC_REV=off. + version=${2%,} min_version=$($min_tool_version llvm) name=LLD disp_name=LLD --- base-commit: 22a40d14b572deb80c0648557f4bd502d7e83826 change-id: 20240704-update-ld-version-for-new-lld-ver-str-b7a4afbbd5f1 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

10 months

3
4
0 0

[tip: perf/core] perf/x86/intel/pt: Fix topa_entry base length

by tip-bot2 for Marco Cavenati

The following commit has been merged into the perf/core branch of tip: Commit-ID: 5638bd722a44bbe97c1a7b3fae5b9efddb3e70ff Gitweb: https://git.kernel.org/tip/5638bd722a44bbe97c1a7b3fae5b9efddb3e70ff Author: Marco Cavenati <cavenati.marco(a)gmail.com> AuthorDate: Mon, 24 Jun 2024 23:10:55 +03:00 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Thu, 04 Jul 2024 16:00:20 +02:00 perf/x86/intel/pt: Fix topa_entry base length topa_entry->base needs to store a pfn. It obviously needs to be large enough to store the largest possible x86 pfn which is MAXPHYADDR-PAGE_SIZE (52-12). So it is 4 bits too small. Increase the size of topa_entry->base from 36 bits to 40 bits. Note, systems where physical addresses can be 256TiB or more are affected. [ Adrian: Amend commit message as suggested by Dave Hansen ] Fixes: 52ca9ced3f70 ("perf/x86/intel/pt: Add Intel PT PMU driver") Signed-off-by: Marco Cavenati <cavenati.marco(a)gmail.com> Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240624201101.60186-2-adrian.hunter@intel.com --- arch/x86/events/intel/pt.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/events/intel/pt.h b/arch/x86/events/intel/pt.h index 96906a6..f5e46c0 100644 --- a/arch/x86/events/intel/pt.h +++ b/arch/x86/events/intel/pt.h @@ -33,8 +33,8 @@ struct topa_entry { u64 rsvd2 : 1; u64 size : 4; u64 rsvd3 : 2; - u64 base : 36; - u64 rsvd4 : 16; + u64 base : 40; + u64 rsvd4 : 12; }; /* TSC to Core Crystal Clock Ratio */

10 months

1
0
0 0

[tip: perf/core] perf/x86/intel/pt: Fix a topa_entry base address calculation

by tip-bot2 for Adrian Hunter

The following commit has been merged into the perf/core branch of tip: Commit-ID: ad97196379d0b8cb24ef3d5006978a6554e6467f Gitweb: https://git.kernel.org/tip/ad97196379d0b8cb24ef3d5006978a6554e6467f Author: Adrian Hunter <adrian.hunter(a)intel.com> AuthorDate: Mon, 24 Jun 2024 23:10:56 +03:00 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Thu, 04 Jul 2024 16:00:21 +02:00 perf/x86/intel/pt: Fix a topa_entry base address calculation topa_entry->base is a bit-field. Bit-fields are not promoted to a 64-bit type, even if the underlying type is 64-bit, and so, if necessary, must be cast to a larger type when calculations are done. Fix a topa_entry->base address calculation by adding a cast. Without the cast, the address was limited to 36-bits i.e. 64GiB. The address calculation is used on systems that do not support Multiple Entry ToPA (only Broadwell), and affects physical addresses on or above 64GiB. Instead of writing to the correct address, the address comprising the first 36 bits would be written to. Intel PT snapshot and sampling modes are not affected. Fixes: 52ca9ced3f70 ("perf/x86/intel/pt: Add Intel PT PMU driver") Reported-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240624201101.60186-3-adrian.hunter@intel.com --- arch/x86/events/intel/pt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c index 14db6d9..047a2cd 100644 --- a/arch/x86/events/intel/pt.c +++ b/arch/x86/events/intel/pt.c @@ -878,7 +878,7 @@ static void pt_update_head(struct pt *pt) */ static void *pt_buffer_region(struct pt_buffer *buf) { - return phys_to_virt(TOPA_ENTRY(buf->cur, buf->cur_idx)->base << TOPA_SHIFT); + return phys_to_virt((phys_addr_t)TOPA_ENTRY(buf->cur, buf->cur_idx)->base << TOPA_SHIFT); } /**

10 months

1
0
0 0

+ mm-fix-khugepaged-activation-policy-v3.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm-fix-khugepaged-activation-policy-v3 has been added to the -mm mm-unstable branch. Its filename is mm-fix-khugepaged-activation-policy-v3.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm-fix-khugepaged-activation-policy-v3 Date: Fri, 5 Jul 2024 11:28:48 +0100 - Make hugepage_pmd_enabled() out-of-line static in khugepaged.c (per Andrew) - Refactor hugepage_pmd_enabled() for better readability (per Andrew) Link: https://lkml.kernel.org/r/20240705102849.2479686-1-ryan.roberts@arm.com Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Fixes: 3485b88390b0 ("mm: thp: introduce multi-size THP sysfs interface") Closes: https://lore.kernel.org/linux-mm/7a0bbe69-1e3d-4263-b206-da007791a5c4@redha… Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Lance Yang <ioworker0(a)gmail.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/huge_mm.h | 13 ------------- mm/khugepaged.c | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 13 deletions(-) --- a/include/linux/huge_mm.h~mm-fix-khugepaged-activation-policy-v3 +++ a/include/linux/huge_mm.h @@ -128,19 +128,6 @@ static inline bool hugepage_global_alway (1<<TRANSPARENT_HUGEPAGE_FLAG); } -static inline bool hugepage_pmd_enabled(void) -{ - /* - * We cover both the anon and the file-backed case here; file-backed - * hugepages, when configured in, are determined by the global control. - * Anon pmd-sized hugepages are determined by the pmd-size control. - */ - return (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && hugepage_global_enabled()) || - test_bit(PMD_ORDER, &huge_anon_orders_always) || - test_bit(PMD_ORDER, &huge_anon_orders_madvise) || - (test_bit(PMD_ORDER, &huge_anon_orders_inherit) && hugepage_global_enabled()); -} - static inline int highest_order(unsigned long orders) { return fls_long(orders) - 1; --- a/mm/khugepaged.c~mm-fix-khugepaged-activation-policy-v3 +++ a/mm/khugepaged.c @@ -413,6 +413,26 @@ static inline int hpage_collapse_test_ex test_bit(MMF_DISABLE_THP, &mm->flags); } +static bool hugepage_pmd_enabled(void) +{ + /* + * We cover both the anon and the file-backed case here; file-backed + * hugepages, when configured in, are determined by the global control. + * Anon pmd-sized hugepages are determined by the pmd-size control. + */ + if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && + hugepage_global_enabled()) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_always)) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_madvise)) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_inherit) && + hugepage_global_enabled()) + return true; + return false; +} + void __khugepaged_enter(struct mm_struct *mm) { struct khugepaged_mm_slot *mm_slot; _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-fix-khugepaged-activation-policy.patch mm-fix-khugepaged-activation-policy-v3.patch

10 months

1
0
0 0

[PATCH iwl-net v1 0/4] igc bug fixes related to qbv_count usage

by Faizal Rahim

These igc bug fixes are sent as a patch series because: 1. The patch "igc: Remove unused qbv_count" has dependency on: "igc: Fix qbv_config_change_errors logics" "igc: Fix reset adapter logics when tx mode change" These two patches remove the reliance on using the qbv_count field. 2. The patch "igc: Fix qbv tx latency by setting gtxoffset" reuse the function igc_tsn_will_tx_mode_change() created in the patch: "igc: Fix reset adapter logics when tx mode change" Faizal Rahim (4): igc: Fix qbv_config_change_errors logics igc: Fix reset adapter logics when tx mode change igc: Remove unused qbv_count igc: Fix qbv tx latency by setting gtxoffset drivers/net/ethernet/intel/igc/igc.h | 1 - drivers/net/ethernet/intel/igc/igc_main.c | 9 +++-- drivers/net/ethernet/intel/igc/igc_tsn.c | 49 ++++++++++++++++------- drivers/net/ethernet/intel/igc/igc_tsn.h | 1 + 4 files changed, 42 insertions(+), 18 deletions(-) -- 2.25.1

10 months

4
12
0 0

[PATCH 1/5] drm/i915/dp: Don't switch the LTTPR mode on an active link

by Imre Deak

Switching to transparent mode leads to a loss of link synchronization, so prevent doing this on an active link. This happened at least on an Intel N100 system / DELL UD22 dock, the LTTPR residing either on the host or the dock. To fix the issue, keep the current mode on an active link, adjusting the LTTPR count accordingly (resetting it to 0 in transparent mode). Fixes: 7b2a4ab8b0ef ("drm/i915: Switch to LTTPR transparent mode link training") Reported-and-tested-by: Gareth Yu <gareth.yu(a)intel.com> Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/10902 Cc: <stable(a)vger.kernel.org> # v5.15+ Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- .../drm/i915/display/intel_dp_link_training.c | 49 +++++++++++++++++-- 1 file changed, 45 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_dp_link_training.c b/drivers/gpu/drm/i915/display/intel_dp_link_training.c index 1bc4ef84ff3bc..08a27fe077917 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_link_training.c +++ b/drivers/gpu/drm/i915/display/intel_dp_link_training.c @@ -117,10 +117,24 @@ intel_dp_set_lttpr_transparent_mode(struct intel_dp *intel_dp, bool enable) return drm_dp_dpcd_write(&intel_dp->aux, DP_PHY_REPEATER_MODE, &val, 1) == 1; } -static int intel_dp_init_lttpr(struct intel_dp *intel_dp, const u8 dpcd[DP_RECEIVER_CAP_SIZE]) +static bool intel_dp_lttpr_transparent_mode_enabled(struct intel_dp *intel_dp) +{ + return intel_dp->lttpr_common_caps[DP_PHY_REPEATER_MODE - + DP_LT_TUNABLE_PHY_REPEATER_FIELD_DATA_STRUCTURE_REV] == + DP_PHY_REPEATER_MODE_TRANSPARENT; +} + +/* + * Read the LTTPR common capabilities and switch the LTTPR PHYs to + * non-transparent mode if this is supported. Preserve the + * transparent/non-transparent mode on an active link. + * + * Return the number of detected LTTPRs in non-transparent mode or 0 if the + * LTTPRs are in transparent mode or the detection failed. + */ +static int intel_dp_init_lttpr_phys(struct intel_dp *intel_dp, const u8 dpcd[DP_RECEIVER_CAP_SIZE]) { int lttpr_count; - int i; if (!intel_dp_read_lttpr_common_caps(intel_dp, dpcd)) return 0; @@ -134,6 +148,19 @@ static int intel_dp_init_lttpr(struct intel_dp *intel_dp, const u8 dpcd[DP_RECEI if (lttpr_count == 0) return 0; + /* + * Don't change the mode on an active link, to prevent a loss of link + * synchronization. See DP Standard v2.0 3.6.7. about the LTTPR + * resetting its internal state when the mode is changed from + * non-transparent to transparent. + */ + if (intel_dp->link_trained) { + if (lttpr_count < 0 || intel_dp_lttpr_transparent_mode_enabled(intel_dp)) + goto out_reset_lttpr_count; + + return lttpr_count; + } + /* * See DP Standard v2.0 3.6.6.1. about the explicit disabling of * non-transparent mode and the disable->enable non-transparent mode @@ -154,11 +181,25 @@ static int intel_dp_init_lttpr(struct intel_dp *intel_dp, const u8 dpcd[DP_RECEI "Switching to LTTPR non-transparent LT mode failed, fall-back to transparent mode\n"); intel_dp_set_lttpr_transparent_mode(intel_dp, true); - intel_dp_reset_lttpr_count(intel_dp); - return 0; + goto out_reset_lttpr_count; } + return lttpr_count; + +out_reset_lttpr_count: + intel_dp_reset_lttpr_count(intel_dp); + + return 0; +} + +static int intel_dp_init_lttpr(struct intel_dp *intel_dp, const u8 dpcd[DP_RECEIVER_CAP_SIZE]) +{ + int lttpr_count; + int i; + + lttpr_count = intel_dp_init_lttpr_phys(intel_dp, dpcd); + for (i = 0; i < lttpr_count; i++) intel_dp_read_lttpr_phy_caps(intel_dp, dpcd, DP_PHY_LTTPR(i)); -- 2.43.3

10 months

3
3
0 0

[PATCH v2 3/3] tpm: Address !chip->auth in tpm_buf_append_hmac_session*()

by Jarkko Sakkinen

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm_buf_hmac_session*(). Thus, address !chip->auth in tpm_buf_hmac_session*() and remove the fallback implementation for !TCG_TPM2_HMAC. Cc: stable(a)vger.kernel.org # v6.9+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: 1085b8276bb4 ("tpm: Add the rest of the session HMAC API") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: - Use auth in place of chip->auth. --- drivers/char/tpm/tpm2-sessions.c | 181 ++++++++++++++++++------------- include/linux/tpm.h | 67 ++++-------- 2 files changed, 124 insertions(+), 124 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 06d0f10a2301..304247090b56 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -268,6 +268,105 @@ void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, } EXPORT_SYMBOL_GPL(tpm_buf_append_name); +/** + * tpm_buf_append_hmac_session() - Append a TPM session element + * @chip: the TPM chip structure + * @buf: The buffer to be appended + * @attributes: The session attributes + * @passphrase: The session authority (NULL if none) + * @passphrase_len: The length of the session authority (0 if none) + * + * This fills in a session structure in the TPM command buffer, except + * for the HMAC which cannot be computed until the command buffer is + * complete. The type of session is controlled by the @attributes, + * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the + * session won't terminate after tpm_buf_check_hmac_response(), + * TPM2_SA_DECRYPT which means this buffers first parameter should be + * encrypted with a session key and TPM2_SA_ENCRYPT, which means the + * response buffer's first parameter needs to be decrypted (confusing, + * but the defines are written from the point of view of the TPM). + * + * Any session appended by this command must be finalized by calling + * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect + * and the TPM will reject the command. + * + * As with most tpm_buf operations, success is assumed because failure + * will be caused by an incorrect programming model and indicated by a + * kernel message. + */ +void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, + u8 attributes, u8 *passphrase, + int passphrase_len) +{ + struct tpm2_auth *auth = chip->auth; + u8 nonce[SHA256_DIGEST_SIZE]; + u32 len; + + if (!auth) { + /* offset tells us where the sessions area begins */ + int offset = buf->handles * 4 + TPM_HEADER_SIZE; + u32 len = 9 + passphrase_len; + + if (tpm_buf_length(buf) != offset) { + /* not the first session so update the existing length */ + len += get_unaligned_be32(&buf->data[offset]); + put_unaligned_be32(len, &buf->data[offset]); + } else { + tpm_buf_append_u32(buf, len); + } + /* auth handle */ + tpm_buf_append_u32(buf, TPM2_RS_PW); + /* nonce */ + tpm_buf_append_u16(buf, 0); + /* attributes */ + tpm_buf_append_u8(buf, 0); + /* passphrase */ + tpm_buf_append_u16(buf, passphrase_len); + tpm_buf_append(buf, passphrase, passphrase_len); + return; + } + + /* + * The Architecture Guide requires us to strip trailing zeros + * before computing the HMAC + */ + while (passphrase && passphrase_len > 0 && passphrase[passphrase_len - 1] == '\0') + passphrase_len--; + + auth->attrs = attributes; + auth->passphrase_len = passphrase_len; + if (passphrase_len) + memcpy(auth->passphrase, passphrase, passphrase_len); + + if (auth->session != tpm_buf_length(buf)) { + /* we're not the first session */ + len = get_unaligned_be32(&buf->data[auth->session]); + if (4 + len + auth->session != tpm_buf_length(buf)) { + WARN(1, "session length mismatch, cannot append"); + return; + } + + /* add our new session */ + len += 9 + 2 * SHA256_DIGEST_SIZE; + put_unaligned_be32(len, &buf->data[auth->session]); + } else { + tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); + } + + /* random number for our nonce */ + get_random_bytes(nonce, sizeof(nonce)); + memcpy(auth->our_nonce, nonce, sizeof(nonce)); + tpm_buf_append_u32(buf, auth->handle); + /* our new nonce */ + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); + tpm_buf_append_u8(buf, auth->attrs); + /* and put a placeholder for the hmac */ + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); +} +EXPORT_SYMBOL_GPL(tpm_buf_append_hmac_session); + #ifdef CONFIG_TCG_TPM2_HMAC /* * It turns out the crypto hmac(sha256) is hard for us to consume @@ -449,82 +548,6 @@ static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) crypto_free_kpp(kpp); } -/** - * tpm_buf_append_hmac_session() - Append a TPM session element - * @chip: the TPM chip structure - * @buf: The buffer to be appended - * @attributes: The session attributes - * @passphrase: The session authority (NULL if none) - * @passphrase_len: The length of the session authority (0 if none) - * - * This fills in a session structure in the TPM command buffer, except - * for the HMAC which cannot be computed until the command buffer is - * complete. The type of session is controlled by the @attributes, - * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the - * session won't terminate after tpm_buf_check_hmac_response(), - * TPM2_SA_DECRYPT which means this buffers first parameter should be - * encrypted with a session key and TPM2_SA_ENCRYPT, which means the - * response buffer's first parameter needs to be decrypted (confusing, - * but the defines are written from the point of view of the TPM). - * - * Any session appended by this command must be finalized by calling - * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect - * and the TPM will reject the command. - * - * As with most tpm_buf operations, success is assumed because failure - * will be caused by an incorrect programming model and indicated by a - * kernel message. - */ -void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, - u8 attributes, u8 *passphrase, - int passphrase_len) -{ - u8 nonce[SHA256_DIGEST_SIZE]; - u32 len; - struct tpm2_auth *auth = chip->auth; - - /* - * The Architecture Guide requires us to strip trailing zeros - * before computing the HMAC - */ - while (passphrase && passphrase_len > 0 - && passphrase[passphrase_len - 1] == '\0') - passphrase_len--; - - auth->attrs = attributes; - auth->passphrase_len = passphrase_len; - if (passphrase_len) - memcpy(auth->passphrase, passphrase, passphrase_len); - - if (auth->session != tpm_buf_length(buf)) { - /* we're not the first session */ - len = get_unaligned_be32(&buf->data[auth->session]); - if (4 + len + auth->session != tpm_buf_length(buf)) { - WARN(1, "session length mismatch, cannot append"); - return; - } - - /* add our new session */ - len += 9 + 2 * SHA256_DIGEST_SIZE; - put_unaligned_be32(len, &buf->data[auth->session]); - } else { - tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); - } - - /* random number for our nonce */ - get_random_bytes(nonce, sizeof(nonce)); - memcpy(auth->our_nonce, nonce, sizeof(nonce)); - tpm_buf_append_u32(buf, auth->handle); - /* our new nonce */ - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); - tpm_buf_append_u8(buf, auth->attrs); - /* and put a placeholder for the hmac */ - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); -} -EXPORT_SYMBOL(tpm_buf_append_hmac_session); - /** * tpm_buf_fill_hmac_session() - finalize the session HMAC * @chip: the TPM chip structure @@ -555,6 +578,9 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) u8 cphash[SHA256_DIGEST_SIZE]; struct sha256_state sctx; + if (!auth) + return; + /* save the command code in BE format */ auth->ordinal = head->ordinal; @@ -713,6 +739,9 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, u32 cc = be32_to_cpu(auth->ordinal); int parm_len, len, i, handles; + if (!auth) + return rc; + if (auth->session >= TPM_HEADER_SIZE) { WARN(1, "tpm session not filled correctly\n"); goto out; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 2844fea4a12a..912fd0d2646d 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -493,22 +493,35 @@ static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle) void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, u32 handle, u8 *name); - -#ifdef CONFIG_TCG_TPM2_HMAC - -int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen); + static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen) { - tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, - passphraselen); + struct tpm_header *head = (struct tpm_header *)buf->data; + int offset = buf->handles * 4 + TPM_HEADER_SIZE; + + if (chip->auth) { + tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, + passphraselen); + } else { + /* + * If the only sessions are optional, the command tag must change to + * TPM2_ST_NO_SESSIONS. + */ + if (tpm_buf_length(buf) == offset) + head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); + } } + +#ifdef CONFIG_TCG_TPM2_HMAC + +int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf); int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, int rc); @@ -523,48 +536,6 @@ static inline int tpm2_start_auth_session(struct tpm_chip *chip) static inline void tpm2_end_auth_session(struct tpm_chip *chip) { } -static inline void tpm_buf_append_hmac_session(struct tpm_chip *chip, - struct tpm_buf *buf, - u8 attributes, u8 *passphrase, - int passphraselen) -{ - /* offset tells us where the sessions area begins */ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; - u32 len = 9 + passphraselen; - - if (tpm_buf_length(buf) != offset) { - /* not the first session so update the existing length */ - len += get_unaligned_be32(&buf->data[offset]); - put_unaligned_be32(len, &buf->data[offset]); - } else { - tpm_buf_append_u32(buf, len); - } - /* auth handle */ - tpm_buf_append_u32(buf, TPM2_RS_PW); - /* nonce */ - tpm_buf_append_u16(buf, 0); - /* attributes */ - tpm_buf_append_u8(buf, 0); - /* passphrase */ - tpm_buf_append_u16(buf, passphraselen); - tpm_buf_append(buf, passphrase, passphraselen); -} -static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, - struct tpm_buf *buf, - u8 attributes, - u8 *passphrase, - int passphraselen) -{ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; - struct tpm_header *head = (struct tpm_header *) buf->data; - - /* - * if the only sessions are optional, the command tag - * must change to TPM2_ST_NO_SESSIONS - */ - if (tpm_buf_length(buf) == offset) - head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); -} static inline void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) { -- 2.45.2

10 months

3
6
0 0

[PATCH v3] drm/xe: Use write-back caching mode for system memory on DGFX

by Thomas Hellström

The caching mode for buffer objects with VRAM as a possible placement was forced to write-combined, regardless of placement. However, write-combined system memory is expensive to allocate and even though it is pooled, the pool is expensive to shrink, since it involves global CPU TLB flushes. Moreover write-combined system memory from TTM is only reliably available on x86 and DGFX doesn't have an x86 restriction. So regardless of the cpu caching mode selected for a bo, internally use write-back caching mode for system memory on DGFX. Coherency is maintained, but user-space clients may perceive a difference in cpu access speeds. v2: - Update RB- and Ack tags. - Rephrase wording in xe_drm.h (Matt Roper) v3: - Really rephrase wording. Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Fixes: 622f709ca629 ("drm/xe/uapi: Add support for CPU caching mode") Cc: Pallavi Mishra <pallavi.mishra(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: dri-devel(a)lists.freedesktop.org Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Effie Yu <effie.yu(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Jose Souza <jose.souza(a)intel.com> Cc: Michal Mrozek <michal.mrozek(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Acked-by: Matthew Auld <matthew.auld(a)intel.com> Acked-by: José Roberto de Souza <jose.souza(a)intel.com> Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Fixes: 622f709ca629 ("drm/xe/uapi: Add support for CPU caching mode") Acked-by: Michal Mrozek <michal.mrozek(a)intel.com> Acked-by: Effie Yu <effie.yu(a)intel.com> #On chat --- drivers/gpu/drm/xe/xe_bo.c | 47 +++++++++++++++++++------------- drivers/gpu/drm/xe/xe_bo_types.h | 3 +- include/uapi/drm/xe_drm.h | 8 +++++- 3 files changed, 37 insertions(+), 21 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 65c696966e96..31192d983d9e 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -343,7 +343,7 @@ static struct ttm_tt *xe_ttm_tt_create(struct ttm_buffer_object *ttm_bo, struct xe_device *xe = xe_bo_device(bo); struct xe_ttm_tt *tt; unsigned long extra_pages; - enum ttm_caching caching; + enum ttm_caching caching = ttm_cached; int err; tt = kzalloc(sizeof(*tt), GFP_KERNEL); @@ -357,26 +357,35 @@ static struct ttm_tt *xe_ttm_tt_create(struct ttm_buffer_object *ttm_bo, extra_pages = DIV_ROUND_UP(xe_device_ccs_bytes(xe, bo->size), PAGE_SIZE); - switch (bo->cpu_caching) { - case DRM_XE_GEM_CPU_CACHING_WC: - caching = ttm_write_combined; - break; - default: - caching = ttm_cached; - break; - } - - WARN_ON((bo->flags & XE_BO_FLAG_USER) && !bo->cpu_caching); - /* - * Display scanout is always non-coherent with the CPU cache. - * - * For Xe_LPG and beyond, PPGTT PTE lookups are also non-coherent and - * require a CPU:WC mapping. + * DGFX system memory is always WB / ttm_cached, since + * other caching modes are only supported on x86. DGFX + * GPU system memory accesses are always coherent with the + * CPU. */ - if ((!bo->cpu_caching && bo->flags & XE_BO_FLAG_SCANOUT) || - (xe->info.graphics_verx100 >= 1270 && bo->flags & XE_BO_FLAG_PAGETABLE)) - caching = ttm_write_combined; + if (!IS_DGFX(xe)) { + switch (bo->cpu_caching) { + case DRM_XE_GEM_CPU_CACHING_WC: + caching = ttm_write_combined; + break; + default: + caching = ttm_cached; + break; + } + + WARN_ON((bo->flags & XE_BO_FLAG_USER) && !bo->cpu_caching); + + /* + * Display scanout is always non-coherent with the CPU cache. + * + * For Xe_LPG and beyond, PPGTT PTE lookups are also + * non-coherent and require a CPU:WC mapping. + */ + if ((!bo->cpu_caching && bo->flags & XE_BO_FLAG_SCANOUT) || + (xe->info.graphics_verx100 >= 1270 && + bo->flags & XE_BO_FLAG_PAGETABLE)) + caching = ttm_write_combined; + } if (bo->flags & XE_BO_FLAG_NEEDS_UC) { /* diff --git a/drivers/gpu/drm/xe/xe_bo_types.h b/drivers/gpu/drm/xe/xe_bo_types.h index 02d68873558a..ebc8abf7930a 100644 --- a/drivers/gpu/drm/xe/xe_bo_types.h +++ b/drivers/gpu/drm/xe/xe_bo_types.h @@ -68,7 +68,8 @@ struct xe_bo { /** * @cpu_caching: CPU caching mode. Currently only used for userspace - * objects. + * objects. Exceptions are system memory on DGFX, which is always + * WB. */ u16 cpu_caching; diff --git a/include/uapi/drm/xe_drm.h b/include/uapi/drm/xe_drm.h index 33544ef78d3e..19619d4952a8 100644 --- a/include/uapi/drm/xe_drm.h +++ b/include/uapi/drm/xe_drm.h @@ -783,7 +783,13 @@ struct drm_xe_gem_create { #define DRM_XE_GEM_CPU_CACHING_WC 2 /** * @cpu_caching: The CPU caching mode to select for this object. If - * mmaping the object the mode selected here will also be used. + * mmaping the object the mode selected here will also be used. The + * exception is when mapping system memory (including data evicted + * to system) on discrete GPUs. The caching mode selected will + * then be overridden to DRM_XE_GEM_CPU_CACHING_WB, and coherency + * between GPU- and CPU is guaranteed. The caching mode of + * existing CPU-mappings will be updated transparently to + * user-space clients. */ __u16 cpu_caching; /** @pad: MBZ */ -- 2.44.0

10 months

1
0
0 0

[PATCH] media: stm32: dcmipp: correct error handling in, dcmipp_create_subdevs

by Hans Verkuil

From: Alain Volmat <alain.volmat(a)foss.st.com> Correct error handling within the dcmipp_create_subdevs by properly decrementing the i counter when releasing the subdevs. Fixes: 28e0f3772296 ("media: stm32-dcmipp: STM32 DCMIPP camera interface driver") Cc: stable(a)vger.kernel.org Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> [hverkuil: correct the indices: it's [i], not [i - 1].] --- The original patch would cause a crash due to the incorrect indices in the statement after the while. Since 'i' can now become 0, so i - 1 would be a negative index access, which was obviously not the intention. I reverted the patch once I noticed this (better to hang in an infinite loop than to crash), but I want to get a proper fix in. Rather than waiting for that, I decided to just take the original patch from Alain, with just the indices fixed. --- drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c b/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c index 4acc3b90d03a..7f771ea49b78 100644 --- a/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c +++ b/drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-core.c @@ -202,8 +202,8 @@ static int dcmipp_create_subdevs(struct dcmipp_device *dcmipp) return 0; err_init_entity: - while (i > 0) - dcmipp->pipe_cfg->ents[i - 1].release(dcmipp->entity[i - 1]); + while (i-- > 0) + dcmipp->pipe_cfg->ents[i].release(dcmipp->entity[i]); return ret; } -- 2.43.0

10 months

2
1
0 0

[PATCH v2] mm: Fix khugepaged activation policy

by Ryan Roberts

Since the introduction of mTHP, the docuementation has stated that khugepaged would be enabled when any mTHP size is enabled, and disabled when all mTHP sizes are disabled. There are 2 problems with this; 1. this is not what was implemented by the code and 2. this is not the desirable behavior. Desirable behavior is for khugepaged to be enabled when any PMD-sized THP is enabled, anon or file. (Note that file THP is still controlled by the top-level control so we must always consider that, as well as the PMD-size mTHP control for anon). khugepaged only supports collapsing to PMD-sized THP so there is no value in enabling it when PMD-sized THP is disabled. So let's change the code and documentation to reflect this policy. Further, per-size enabled control modification events were not previously forwarded to khugepaged to give it an opportunity to start or stop. Consequently the following was resulting in khugepaged eroneously not being activated: echo never > /sys/kernel/mm/transparent_hugepage/enabled echo always > /sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Fixes: 3485b88390b0 ("mm: thp: introduce multi-size THP sysfs interface") Closes: https://lore.kernel.org/linux-mm/7a0bbe69-1e3d-4263-b206-da007791a5c4@redha… Cc: stable(a)vger.kernel.org --- Hi All, Applies on top of mm-unstable from a couple of days ago (9bb8753acdd8). No regressions observed in mm selftests. When fixing this I also noticed that khugepaged doesn't get (and never has been) activated/deactivated by `shmem_enabled=`. I've concluded that this is definitely a (separate) bug. But I'm waiting for the conclusion of the conversation at [2] before fixing, so will send separately. Changes since v1 [1] ==================== - hugepage_pmd_enabled() now considers CONFIG_READ_ONLY_THP_FOR_FS as part of decision; means that for kernels without this config, khugepaged will not be started when only the top-level control is enabled. [1] https://lore.kernel.org/linux-mm/20240702144617.2291480-1-ryan.roberts@arm.… [2] https://lore.kernel.org/linux-mm/65c37315-2741-481f-b433-cec35ef1af35@arm.c… Thanks, Ryan Documentation/admin-guide/mm/transhuge.rst | 11 +++++------ include/linux/huge_mm.h | 15 ++++++++------- mm/huge_memory.c | 7 +++++++ mm/khugepaged.c | 13 ++++++------- 4 files changed, 26 insertions(+), 20 deletions(-) diff --git a/Documentation/admin-guide/mm/transhuge.rst b/Documentation/admin-guide/mm/transhuge.rst index 709fe10b60f4..fc321d40b8ac 100644 --- a/Documentation/admin-guide/mm/transhuge.rst +++ b/Documentation/admin-guide/mm/transhuge.rst @@ -202,12 +202,11 @@ PMD-mappable transparent hugepage:: cat /sys/kernel/mm/transparent_hugepage/hpage_pmd_size -khugepaged will be automatically started when one or more hugepage -sizes are enabled (either by directly setting "always" or "madvise", -or by setting "inherit" while the top-level enabled is set to "always" -or "madvise"), and it'll be automatically shutdown when the last -hugepage size is disabled (either by directly setting "never", or by -setting "inherit" while the top-level enabled is set to "never"). +khugepaged will be automatically started when PMD-sized THP is enabled +(either of the per-size anon control or the top-level control are set +to "always" or "madvise"), and it'll be automatically shutdown when +PMD-sized THP is disabled (when both the per-size anon control and the +top-level control are "never") Khugepaged controls ------------------- diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h index 4d155c7a4792..6debd8b6fd7d 100644 --- a/include/linux/huge_mm.h +++ b/include/linux/huge_mm.h @@ -128,16 +128,17 @@ static inline bool hugepage_global_always(void) (1<<TRANSPARENT_HUGEPAGE_FLAG); } -static inline bool hugepage_flags_enabled(void) +static inline bool hugepage_pmd_enabled(void) { /* - * We cover both the anon and the file-backed case here; we must return - * true if globally enabled, even when all anon sizes are set to never. - * So we don't need to look at huge_anon_orders_inherit. + * We cover both the anon and the file-backed case here; file-backed + * hugepages, when configured in, are determined by the global control. + * Anon pmd-sized hugepages are determined by the pmd-size control. */ - return hugepage_global_enabled() || - READ_ONCE(huge_anon_orders_always) || - READ_ONCE(huge_anon_orders_madvise); + return (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && hugepage_global_enabled()) || + test_bit(PMD_ORDER, &huge_anon_orders_always) || + test_bit(PMD_ORDER, &huge_anon_orders_madvise) || + (test_bit(PMD_ORDER, &huge_anon_orders_inherit) && hugepage_global_enabled()); } static inline int highest_order(unsigned long orders) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 251d6932130f..085f5e973231 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -502,6 +502,13 @@ static ssize_t thpsize_enabled_store(struct kobject *kobj, } else ret = -EINVAL; + if (ret > 0) { + int err; + + err = start_stop_khugepaged(); + if (err) + ret = err; + } return ret; } diff --git a/mm/khugepaged.c b/mm/khugepaged.c index 409f67a817f1..708d0e74b61f 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -449,7 +449,7 @@ void khugepaged_enter_vma(struct vm_area_struct *vma, unsigned long vm_flags) { if (!test_bit(MMF_VM_HUGEPAGE, &vma->vm_mm->flags) && - hugepage_flags_enabled()) { + hugepage_pmd_enabled()) { if (thp_vma_allowable_order(vma, vm_flags, TVA_ENFORCE_SYSFS, PMD_ORDER)) __khugepaged_enter(vma->vm_mm); @@ -2462,8 +2462,7 @@ static unsigned int khugepaged_scan_mm_slot(unsigned int pages, int *result, static int khugepaged_has_work(void) { - return !list_empty(&khugepaged_scan.mm_head) && - hugepage_flags_enabled(); + return !list_empty(&khugepaged_scan.mm_head) && hugepage_pmd_enabled(); } static int khugepaged_wait_event(void) @@ -2536,7 +2535,7 @@ static void khugepaged_wait_work(void) return; } - if (hugepage_flags_enabled()) + if (hugepage_pmd_enabled()) wait_event_freezable(khugepaged_wait, khugepaged_wait_event()); } @@ -2567,7 +2566,7 @@ static void set_recommended_min_free_kbytes(void) int nr_zones = 0; unsigned long recommended_min; - if (!hugepage_flags_enabled()) { + if (!hugepage_pmd_enabled()) { calculate_min_free_kbytes(); goto update_wmarks; } @@ -2617,7 +2616,7 @@ int start_stop_khugepaged(void) int err = 0; mutex_lock(&khugepaged_mutex); - if (hugepage_flags_enabled()) { + if (hugepage_pmd_enabled()) { if (!khugepaged_thread) khugepaged_thread = kthread_run(khugepaged, NULL, "khugepaged"); @@ -2643,7 +2642,7 @@ int start_stop_khugepaged(void) void khugepaged_min_free_kbytes_update(void) { mutex_lock(&khugepaged_mutex); - if (hugepage_flags_enabled() && khugepaged_thread) + if (hugepage_pmd_enabled() && khugepaged_thread) set_recommended_min_free_kbytes(); mutex_unlock(&khugepaged_mutex); } -- 2.43.0

10 months

2
2
0 0

[PATCH] mm/page_alloc: add one PCP list for THP

by yangge1116＠126.com

From: yangge <yangge1116(a)126.com> Since commit 5d0a661d808f ("mm/page_alloc: use only one PCP list for THP-sized allocations") no longer differentiates the migration type of pages in THP-sized PCP list, it's possible that non-movable allocation requests may get a CMA page from the list, in some cases, it's not acceptable. If a large number of CMA memory are configured in system (for example, the CMA memory accounts for 50% of the system memory), starting a virtual machine with device passthrough will get stuck. During starting the virtual machine, it will call pin_user_pages_remote(..., FOLL_LONGTERM, ...) to pin memory. Normally if a page is present and in CMA area, pin_user_pages_remote() will migrate the page from CMA area to non-CMA area because of FOLL_LONGTERM flag. But if non-movable allocation requests return CMA memory, migrate_longterm_unpinnable_pages() will migrate a CMA page to another CMA page, which will fail to pass the check in check_and_migrate_movable_pages() and cause migration endless. Call trace: pin_user_pages_remote --__gup_longterm_locked // endless loops in this function ----_get_user_pages_locked ----check_and_migrate_movable_pages ------migrate_longterm_unpinnable_pages --------alloc_migration_target This problem will also have a negative impact on CMA itself. For example, when CMA is borrowed by THP, and we need to reclaim it through cma_alloc() or dma_alloc_coherent(), we must move those pages out to ensure CMA's users can retrieve that contigous memory. Currently, CMA's memory is occupied by non-movable pages, meaning we can't relocate them. As a result, cma_alloc() is more likely to fail. To fix the problem above, we add one PCP list for THP, which will not introduce a new cacheline for struct per_cpu_pages. THP will have 2 PCP lists, one PCP list is used by MOVABLE allocation, and the other PCP list is used by UNMOVABLE allocation. MOVABLE allocation contains GPF_MOVABLE, and UNMOVABLE allocation contains GFP_UNMOVABLE and GFP_RECLAIMABLE. Fixes: 5d0a661d808f ("mm/page_alloc: use only one PCP list for THP-sized allocations") Signed-off-by: yangge <yangge1116(a)126.com> --- include/linux/mmzone.h | 9 ++++----- mm/page_alloc.c | 9 +++++++-- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h index b7546dd..cb7f265 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h @@ -656,13 +656,12 @@ enum zone_watermarks { }; /* - * One per migratetype for each PAGE_ALLOC_COSTLY_ORDER. One additional list - * for THP which will usually be GFP_MOVABLE. Even if it is another type, - * it should not contribute to serious fragmentation causing THP allocation - * failures. + * One per migratetype for each PAGE_ALLOC_COSTLY_ORDER. Two additional lists + * are added for THP. One PCP list is used by GPF_MOVABLE, and the other PCP list + * is used by GFP_UNMOVABLE and GFP_RECLAIMABLE. */ #ifdef CONFIG_TRANSPARENT_HUGEPAGE -#define NR_PCP_THP 1 +#define NR_PCP_THP 2 #else #define NR_PCP_THP 0 #endif diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 8f416a0..0a837e6 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -504,10 +504,15 @@ static void bad_page(struct page *page, const char *reason) static inline unsigned int order_to_pindex(int migratetype, int order) { + bool __maybe_unused movable; + #ifdef CONFIG_TRANSPARENT_HUGEPAGE if (order > PAGE_ALLOC_COSTLY_ORDER) { VM_BUG_ON(order != HPAGE_PMD_ORDER); - return NR_LOWORDER_PCP_LISTS; + + movable = migratetype == MIGRATE_MOVABLE; + + return NR_LOWORDER_PCP_LISTS + movable; } #else VM_BUG_ON(order > PAGE_ALLOC_COSTLY_ORDER); @@ -521,7 +526,7 @@ static inline int pindex_to_order(unsigned int pindex) int order = pindex / MIGRATE_PCPTYPES; #ifdef CONFIG_TRANSPARENT_HUGEPAGE - if (pindex == NR_LOWORDER_PCP_LISTS) + if (pindex >= NR_LOWORDER_PCP_LISTS) order = HPAGE_PMD_ORDER; #else VM_BUG_ON(order > PAGE_ALLOC_COSTLY_ORDER); -- 2.7.4

10 months

6
6
0 0

[PATCH v2] drm/xe: Use write-back caching mode for system memory on DGFX

by Thomas Hellström

The caching mode for buffer objects with VRAM as a possible placement was forced to write-combined, regardless of placement. However, write-combined system memory is expensive to allocate and even though it is pooled, the pool is expensive to shrink, since it involves global CPU TLB flushes. Moreover write-combined system memory from TTM is only reliably available on x86 and DGFX doesn't have an x86 restriction. So regardless of the cpu caching mode selected for a bo, internally use write-back caching mode for system memory on DGFX. Coherency is maintained, but user-space clients may perceive a difference in cpu access speeds. v2: - Update RB- and Ack tags. - Rephrase wording in xe_drm.h (Matt Roper) Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Fixes: 622f709ca629 ("drm/xe/uapi: Add support for CPU caching mode") Cc: Pallavi Mishra <pallavi.mishra(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: dri-devel(a)lists.freedesktop.org Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Effie Yu <effie.yu(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Jose Souza <jose.souza(a)intel.com> Cc: Michal Mrozek <michal.mrozek(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Acked-by: Matthew Auld <matthew.auld(a)intel.com> Acked-by: José Roberto de Souza <jose.souza(a)intel.com> Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Fixes: 622f709ca629 ("drm/xe/uapi: Add support for CPU caching mode") Acked-by: Michal Mrozek <michal.mrozek(a)intel.com> Acked-by: Effie Yu <effie.yu(a)intel.com> #On chat --- drivers/gpu/drm/xe/xe_bo.c | 47 +++++++++++++++++++------------- drivers/gpu/drm/xe/xe_bo_types.h | 3 +- include/uapi/drm/xe_drm.h | 8 +++++- 3 files changed, 37 insertions(+), 21 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 65c696966e96..31192d983d9e 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -343,7 +343,7 @@ static struct ttm_tt *xe_ttm_tt_create(struct ttm_buffer_object *ttm_bo, struct xe_device *xe = xe_bo_device(bo); struct xe_ttm_tt *tt; unsigned long extra_pages; - enum ttm_caching caching; + enum ttm_caching caching = ttm_cached; int err; tt = kzalloc(sizeof(*tt), GFP_KERNEL); @@ -357,26 +357,35 @@ static struct ttm_tt *xe_ttm_tt_create(struct ttm_buffer_object *ttm_bo, extra_pages = DIV_ROUND_UP(xe_device_ccs_bytes(xe, bo->size), PAGE_SIZE); - switch (bo->cpu_caching) { - case DRM_XE_GEM_CPU_CACHING_WC: - caching = ttm_write_combined; - break; - default: - caching = ttm_cached; - break; - } - - WARN_ON((bo->flags & XE_BO_FLAG_USER) && !bo->cpu_caching); - /* - * Display scanout is always non-coherent with the CPU cache. - * - * For Xe_LPG and beyond, PPGTT PTE lookups are also non-coherent and - * require a CPU:WC mapping. + * DGFX system memory is always WB / ttm_cached, since + * other caching modes are only supported on x86. DGFX + * GPU system memory accesses are always coherent with the + * CPU. */ - if ((!bo->cpu_caching && bo->flags & XE_BO_FLAG_SCANOUT) || - (xe->info.graphics_verx100 >= 1270 && bo->flags & XE_BO_FLAG_PAGETABLE)) - caching = ttm_write_combined; + if (!IS_DGFX(xe)) { + switch (bo->cpu_caching) { + case DRM_XE_GEM_CPU_CACHING_WC: + caching = ttm_write_combined; + break; + default: + caching = ttm_cached; + break; + } + + WARN_ON((bo->flags & XE_BO_FLAG_USER) && !bo->cpu_caching); + + /* + * Display scanout is always non-coherent with the CPU cache. + * + * For Xe_LPG and beyond, PPGTT PTE lookups are also + * non-coherent and require a CPU:WC mapping. + */ + if ((!bo->cpu_caching && bo->flags & XE_BO_FLAG_SCANOUT) || + (xe->info.graphics_verx100 >= 1270 && + bo->flags & XE_BO_FLAG_PAGETABLE)) + caching = ttm_write_combined; + } if (bo->flags & XE_BO_FLAG_NEEDS_UC) { /* diff --git a/drivers/gpu/drm/xe/xe_bo_types.h b/drivers/gpu/drm/xe/xe_bo_types.h index 02d68873558a..ebc8abf7930a 100644 --- a/drivers/gpu/drm/xe/xe_bo_types.h +++ b/drivers/gpu/drm/xe/xe_bo_types.h @@ -68,7 +68,8 @@ struct xe_bo { /** * @cpu_caching: CPU caching mode. Currently only used for userspace - * objects. + * objects. Exceptions are system memory on DGFX, which is always + * WB. */ u16 cpu_caching; diff --git a/include/uapi/drm/xe_drm.h b/include/uapi/drm/xe_drm.h index 33544ef78d3e..83474125f3db 100644 --- a/include/uapi/drm/xe_drm.h +++ b/include/uapi/drm/xe_drm.h @@ -783,7 +783,13 @@ struct drm_xe_gem_create { #define DRM_XE_GEM_CPU_CACHING_WC 2 /** * @cpu_caching: The CPU caching mode to select for this object. If - * mmaping the object the mode selected here will also be used. + * mmaping the object the mode selected here will also be used. The + * exception is when mapping system memory (including evicted + * system memory) on discrete GPUs. The caching mode selected will + * then be overridden to DRM_XE_GEM_CPU_CACHING_WB, and coherency + * between GPU- and CPU is guaranteed. The caching mode of + * existing CPU-mappings will be updated transparently to + * user-space clients. */ __u16 cpu_caching; /** @pad: MBZ */ -- 2.44.0

10 months

1
0
0 0

Linux 6.9.8

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.8 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/kbuild/modules.rst | 8 Makefile | 2 arch/arm/boot/dts/rockchip/rk3066a.dtsi | 1 arch/arm/net/bpf_jit_32.c | 25 arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 18 arch/arm64/boot/dts/rockchip/rk3328-rock-pi-e.dts | 4 arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588-orangepi-5-plus.dts | 1 arch/arm64/boot/dts/rockchip/rk3588-quartzpro64.dts | 1 arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts | 1 arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 5 arch/arm64/boot/dts/rockchip/rk3588s-coolpi-4b.dts | 4 arch/arm64/boot/dts/rockchip/rk3588s-rock-5a.dts | 2 arch/arm64/include/asm/unistd32.h | 2 arch/arm64/kernel/pi/map_kernel.c | 2 arch/arm64/kernel/syscall.c | 16 arch/csky/include/uapi/asm/unistd.h | 1 arch/hexagon/include/asm/syscalls.h | 6 arch/hexagon/include/uapi/asm/unistd.h | 1 arch/hexagon/kernel/syscalltab.c | 7 arch/loongarch/net/bpf_jit.c | 22 arch/mips/kernel/syscalls/syscall_n32.tbl | 2 arch/mips/kernel/syscalls/syscall_o32.tbl | 2 arch/mips/net/bpf_jit_comp.c | 3 arch/parisc/Kconfig | 1 arch/parisc/kernel/sys_parisc32.c | 9 arch/parisc/kernel/syscalls/syscall.tbl | 6 arch/parisc/net/bpf_jit_core.c | 8 arch/powerpc/kernel/syscalls/syscall.tbl | 6 arch/riscv/include/asm/insn.h | 2 arch/riscv/kernel/stacktrace.c | 2 arch/s390/include/asm/entry-common.h | 2 arch/s390/kernel/syscalls/syscall.tbl | 2 arch/s390/net/bpf_jit_comp.c | 6 arch/s390/pci/pci_irq.c | 2 arch/sh/kernel/sys_sh32.c | 11 arch/sh/kernel/syscalls/syscall.tbl | 3 arch/sparc/kernel/sys32.S | 221 ------ arch/sparc/kernel/syscalls/syscall.tbl | 8 arch/sparc/net/bpf_jit_comp_64.c | 6 arch/x86/entry/syscalls/syscall_32.tbl | 2 arch/x86/include/asm/entry-common.h | 15 arch/x86/kernel/fpu/core.c | 4 arch/x86/kernel/time.c | 20 arch/x86/net/bpf_jit_comp32.c | 3 crypto/ecdh.c | 2 drivers/ata/ahci.c | 17 drivers/ata/libata-core.c | 32 drivers/counter/ti-eqep.c | 6 drivers/cpufreq/intel_pstate.c | 13 drivers/cxl/core/core.h | 7 drivers/cxl/core/hdm.c | 13 drivers/cxl/core/memdev.c | 44 - drivers/cxl/core/pmem.c | 16 drivers/cxl/core/region.c | 182 ++++- drivers/cxl/cxl.h | 6 drivers/cxl/cxlmem.h | 10 drivers/cxl/mem.c | 17 drivers/gpio/gpio-davinci.c | 5 drivers/gpio/gpiolib-cdev.c | 28 drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 18 drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c | 5 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 10 drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c | 2 drivers/gpu/drm/amd/display/include/dpcd_defs.h | 5 drivers/gpu/drm/drm_fb_helper.c | 6 drivers/gpu/drm/drm_fbdev_dma.c | 5 drivers/gpu/drm/drm_file.c | 8 drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 drivers/gpu/drm/panel/panel-simple.c | 1 drivers/gpu/drm/radeon/radeon.h | 1 drivers/gpu/drm/radeon/radeon_display.c | 8 drivers/gpu/drm/xe/xe_devcoredump.c | 10 drivers/gpu/drm/xe/xe_pat.c | 2 drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 5 drivers/gpu/drm/xe/xe_ttm_vram_mgr.c | 2 drivers/i2c/i2c-slave-testunit.c | 5 drivers/iio/accel/Kconfig | 2 drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/xilinx-ams.c | 8 drivers/iio/chemical/bme680.h | 2 drivers/iio/chemical/bme680_core.c | 62 + drivers/iio/humidity/hdc3020.c | 325 +++++++--- drivers/infiniband/core/restrack.c | 51 - drivers/input/touchscreen/ili210x.c | 4 drivers/iommu/amd/amd_iommu.h | 1 drivers/iommu/amd/init.c | 1 drivers/iommu/amd/iommu.c | 34 - drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 3 drivers/irqchip/Kconfig | 2 drivers/irqchip/irq-loongson-eiointc.c | 5 drivers/irqchip/irq-loongson-liointc.c | 4 drivers/media/dvb-core/dvbdev.c | 2 drivers/mmc/host/moxart-mmc.c | 78 +- drivers/mmc/host/sdhci-brcmstb.c | 4 drivers/mmc/host/sdhci-pci-core.c | 11 drivers/mmc/host/sdhci-pci-o2micro.c | 41 - drivers/mmc/host/sdhci.c | 25 drivers/mtd/parsers/redboot.c | 2 drivers/net/bonding/bond_main.c | 3 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 14 drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 55 + drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 5 drivers/net/dsa/microchip/ksz9477.c | 10 drivers/net/dsa/microchip/ksz9477_reg.h | 1 drivers/net/dsa/microchip/ksz_common.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 drivers/net/ethernet/ibm/ibmvnic.c | 6 drivers/net/ethernet/intel/ice/ice_main.c | 10 drivers/net/ethernet/mellanox/mlxsw/pci.c | 18 drivers/net/ethernet/mellanox/mlxsw/reg.h | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 20 drivers/net/ethernet/microsoft/mana/mana_en.c | 2 drivers/net/ethernet/pensando/ionic/ionic_dev.h | 4 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 drivers/net/ethernet/pensando/ionic/ionic_txrx.c | 55 + drivers/net/phy/micrel.c | 1 drivers/net/phy/sfp.c | 18 drivers/net/usb/ax88179_178a.c | 6 drivers/net/vxlan/vxlan_core.c | 9 drivers/net/wireless/realtek/rtw89/fw.c | 27 drivers/nvme/target/configfs.c | 41 - drivers/nvme/target/fc.c | 2 drivers/pci/msi/msi.c | 10 drivers/pinctrl/core.c | 2 drivers/pinctrl/pinctrl-rockchip.c | 68 +- drivers/pinctrl/pinctrl-rockchip.h | 1 drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 1 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 4 drivers/pwm/pwm-stm32.c | 62 + drivers/reset/Kconfig | 1 drivers/s390/virtio/virtio_ccw.c | 4 drivers/scsi/libsas/sas_ata.c | 6 drivers/scsi/libsas/sas_discover.c | 2 drivers/soc/ti/wkup_m3_ipc.c | 7 drivers/tty/mxser.c | 2 drivers/tty/serial/8250/8250_omap.c | 22 drivers/tty/serial/8250/8250_pci.c | 13 drivers/tty/serial/bcm63xx_uart.c | 7 drivers/tty/serial/imx.c | 10 drivers/tty/serial/mcf.c | 2 drivers/usb/atm/cxacru.c | 14 drivers/usb/dwc3/core.c | 26 drivers/usb/gadget/function/f_printer.c | 40 - drivers/usb/gadget/function/u_ether.c | 4 drivers/usb/gadget/udc/aspeed_udc.c | 4 drivers/usb/musb/da8xx.c | 8 drivers/usb/typec/ucsi/ucsi.c | 55 - drivers/usb/typec/ucsi/ucsi_glink.c | 5 drivers/usb/typec/ucsi/ucsi_stm32g0.c | 19 drivers/vdpa/vdpa_user/vduse_dev.c | 14 fs/bcachefs/bcachefs.h | 44 - fs/bcachefs/btree_gc.c | 15 fs/bcachefs/btree_gc.h | 48 - fs/bcachefs/btree_gc_types.h | 29 fs/bcachefs/ec.c | 2 fs/bcachefs/sb-downgrade.c | 17 fs/bcachefs/super-io.c | 12 fs/btrfs/free-space-cache.c | 2 fs/btrfs/tree-log.c | 43 - fs/gfs2/log.c | 3 fs/gfs2/super.c | 4 fs/netfs/buffered_write.c | 12 fs/nfs/direct.c | 2 fs/nfsd/nfsctl.c | 2 fs/nfsd/nfssvc.c | 1 fs/ocfs2/aops.c | 5 fs/ocfs2/journal.c | 17 fs/ocfs2/journal.h | 2 fs/ocfs2/ocfs2_trace.h | 2 fs/open.c | 4 include/linux/compat.h | 2 include/linux/filter.h | 10 include/linux/ieee80211.h | 2 include/linux/libata.h | 1 include/linux/mmzone.h | 9 include/linux/nvme.h | 6 include/linux/serial_core.h | 21 include/linux/syscalls.h | 8 include/linux/workqueue.h | 2 include/net/inet_connection_sock.h | 2 include/net/netfilter/nf_tables.h | 5 include/trace/events/qdisc.h | 4 include/uapi/asm-generic/unistd.h | 2 io_uring/io_uring.c | 4 kernel/bpf/arena.c | 16 kernel/bpf/core.c | 6 kernel/bpf/ringbuf.c | 31 kernel/bpf/verifier.c | 69 +- kernel/cpu.c | 11 kernel/sys_ni.c | 2 mm/kasan/common.c | 2 mm/memory.c | 3 mm/page_alloc.c | 9 mm/vmalloc.c | 21 net/batman-adv/originator.c | 27 net/can/j1939/main.c | 6 net/can/j1939/transport.c | 21 net/core/filter.c | 3 net/core/xdp.c | 4 net/dccp/ipv4.c | 7 net/dccp/ipv6.c | 7 net/ipv4/inet_connection_sock.c | 17 net/ipv4/tcp_input.c | 45 + net/iucv/iucv.c | 26 net/netfilter/nf_hooks_lwtunnel.c | 3 net/netfilter/nf_tables_api.c | 8 net/netfilter/nft_lookup.c | 3 net/openvswitch/conntrack.c | 7 net/sunrpc/svc.c | 5 net/unix/af_unix.c | 37 - scripts/Makefile.dtbinst | 2 scripts/Makefile.package | 2 scripts/package/kernel.spec | 8 security/integrity/evm/evm_main.c | 12 sound/core/seq/seq_ump_convert.c | 10 sound/pci/hda/patch_realtek.c | 3 sound/soc/amd/acp/acp-i2s.c | 8 sound/soc/amd/acp/acp-pci.c | 12 sound/soc/atmel/atmel-classd.c | 7 sound/soc/codecs/cs42l43-jack.c | 4 sound/soc/fsl/fsl-asoc-card.c | 3 sound/soc/mediatek/mt8183/mt8183-da7219-max98357.c | 10 sound/soc/mediatek/mt8195/mt8195-mt6359.c | 1 sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 32 sound/soc/rockchip/rockchip_i2s_tdm.c | 13 sound/synth/emux/soundfont.c | 17 tools/power/x86/turbostat/turbostat.c | 2 tools/testing/cxl/test/cxl.c | 4 234 files changed, 2108 insertions(+), 1184 deletions(-) Adrian Hunter (2): mmc: sdhci: Do not invert write-protect twice mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Aleksandr Mishin (1): gpio: davinci: Validate the obtained number of IRQs Alex Bee (1): arm64: dts: rockchip: Add sound-dai-cells for RK3368 Alex Deucher (1): drm/amdgpu/atomfirmware: fix parsing of vram_info Alexander Sverdlin (1): iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF Alexei Starovoitov (3): bpf: Fix remap of arena. bpf: Fix the corner case with may_goto and jump to the 1st insn. bpf: Fix may_goto with negative offset. Alibek Omarov (1): ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk Alison Schofield (2): cxl/region: Move cxl_dpa_to_region() work to the region driver cxl/region: Avoid null pointer dereference in region lookup Andreas Gruenbacher (1): gfs2: Fix NULL pointer dereference in gfs2_log_flush Andrei Simion (1): ASoC: atmel: atmel-classd: Re-add dai_link->platform to fix card init Andrew Bresticker (1): mm/memory: don't require head page for do_set_pmd() Andrew Davis (1): soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Andrey Konovalov (1): kasan: fix bad call to unpoison_slab_object Andy Chiu (1): riscv: stacktrace: convert arch_stack_walk() to noinstr Andy Yan (1): arm64: dts: rockchip: Fix the i2c address of es8316 on Cool Pi 4B Anton Protopopov (1): bpf: Add a check for struct bpf_fib_lookup size Arnd Bergmann (11): sparc: fix old compat_sys_select() sparc: fix compat recv/recvfrom syscalls parisc: use correct compat recv/recvfrom syscalls powerpc: restore some missing spu syscalls parisc: use generic sys_fanotify_mark implementation sh: rework sync_file_range ABI csky, hexagon: fix broken sys_sync_file_range hexagon: fix fadvise64_64 calling conventions ftruncate: pass a signed offset syscalls: fix compat_sys_io_pgetevents_time64 usage syscalls: fix sys_fanotify_mark prototype Chen-Yu Tsai (1): ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link Chia-Yuan Li (1): wifi: rtw89: download firmware with five times retry Christian A. Ehrhardt (1): usb: typec: ucsi: Never send a lone connector change ack Christoph Hellwig (1): nfs: drop the incorrect assertion in nfs_swap_rw() Christophe Leroy (2): bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() Chuck Lever (1): SUNRPC: Fix backchannel reply, again Claudiu Beznea (1): pinctrl: renesas: rzg2l: Use spin_{lock,unlock}_irq{save,restore} Crescent Hsieh (1): tty: serial: 8250: Fix port count mismatch with the device Dan Carpenter (1): usb: musb: da8xx: fix a resource leak in probe() Dan Williams (1): cxl/region: Convert cxl_pmem_region_alloc to scope-based resource management Daniel Borkmann (1): bpf: Fix overrunning reservations in ringbuf Daniil Dulov (1): xdp: Remove WARN() from __xdp_reg_mem_model() David Arcari (1): tools/power turbostat: option '-n' is ambiguous David Howells (2): netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid netfs: Fix netfs_page_mkwrite() to flush conflicting data, not wait David Lechner (1): counter: ti-eqep: enable clock at probe Dawei Li (2): net/iucv: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack Denis Arefev (1): mtd: partitions: redboot: Added conversion of operands to a larger type Dimitri Fedrau (1): iio: humidity: hdc3020: fix hysteresis representation Dirk Su (1): ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665 G11. Doug Brown (1): Revert "serial: core: only stop transmit when HW fifo is empty" Dragan Simic (1): kbuild: Install dtb files as 0644 in Makefile.dtbinst Elinor Montmasson (1): ASoC: fsl-asoc-card: set priv->pdev before using it Enguerrand de Ribaucourt (2): net: phy: micrel: add Microchip KSZ 9477 to the device table net: dsa: microchip: use collision based back pressure mode Erick Archer (1): drm/radeon/radeon_display: Decrease the size of allocated memory FUKAUMI Naoki (3): Revert "arm64: dts: rockchip: remove redundant cd-gpios from rk3588 sdmmc nodes" arm64: dts: rockchip: make poweroff(8) work on Radxa ROCK 5A arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E Fabrice Gasnier (1): usb: ucsi: stm32: fix command completion handling Fernando Yang (1): iio: adc: ad7266: Fix variable checking bug Ferry Toth (2): Revert "usb: gadget: u_ether: Re-attach netif device to mirror detachment" Revert "usb: gadget: u_ether: Replace netif_stop_queue with netif_device_detach" Filipe Manana (1): btrfs: use NOFS context when getting inodes during logging and log replay Greg Kroah-Hartman (2): Revert "net: sfp: enhance quirk for Fibrestore 2.5G copper SFP module" Linux 6.9.8 Guillaume Nault (1): vxlan: Pull inner IP header in vxlan_xmit_one(). Hagar Hemdan (1): pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER Halil Pasic (1): s390/virtio_ccw: Fix config change notifications Hangbin Liu (1): bonding: fix incorrect software timestamping report Hannes Reinecke (3): nvmet: do not return 'reserved' for empty TSAS values nvme: fixup comment for nvme RDMA Provider Type nvmet: make 'tsas' attribute idempotent for RDMA Heikki Krogerus (1): usb: typec: ucsi: Ack also failed Get Error commands Heiko Stuebner (1): arm64: dts: rockchip: set correct pwm0 pinctrl on rk3588-tiger Himal Prasad Ghimiray (1): drm/xe/xe_devcoredump: Check NULL before assignments Hsin-Te Yuan (2): ASoC: mediatek: mt8183-da7219-max98357: Fix kcontrol name collision arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch on rk3399-gru Huacai Chen (3): irqchip/loongson-eiointc: Use early_cpu_to_node() instead of cpu_to_node() cpu: Fix broken cmdline "nosmp" and "maxcpus=0" irqchip/loongson-liointc: Set different ISRs for different cores Huang-Huang Bao (4): pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl: rockchip: use dedicated pinctrl type for RK3328 pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Ido Schimmel (2): mlxsw: pci: Fix driver initialization with Spectrum-4 mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems Ilpo Järvinen (2): mmc: sdhci-pci-o2micro: Convert PCIBIOS_* return codes to errnos mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Jan Kara (1): ocfs2: fix DIO failure due to insufficient transaction credits Jan Sokolowski (1): ice: Rebuild TC queues on VSI queue reconfiguration Jann Horn (1): drm/drm_file: Fix pid refcounting race Janusz Krzysztofik (1): drm/i915/gt: Fix potential UAF by revoke of fence registers Jason Gunthorpe (1): iommu/arm-smmu-v3: Do not allow a SVA domain to be set on the wrong PASID Javier Carrasco (1): usb: typec: ucsi: glink: fix child node release in probe function Jean-Michel Hautbois (1): tty: mcf: MCF54418 has 10 UARTS Jens Axboe (1): io_uring: signal SQPOLL task_work with TWA_SIGNAL_NO_IPI Jeremy Kerr (1): usb: gadget: aspeed_udc: fix device address configuration Jesse Taube (1): RISC-V: fix vector insn load/store width mask Jianguo Wu (1): netfilter: fix undefined reference to 'netfilter_lwtunnel_*' when CONFIG_SYSCTL=n Joachim Vandersmissen (1): crypto: ecdh - explicitly zeroize private_key Johan Hovold (1): pinctrl: qcom: spmi-gpio: drop broken pm8008 support Johan Jonker (1): ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Johannes Berg (1): wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() John Keeping (1): Input: ili210x - fix ili251x_read_touch_data() return value Jonas Gorski (2): serial: core: introduce uart_port_tx_limited_flags() serial: bcm63xx-uart: fix tx after conversion to uart_port_tx_limited() Jonas Karlman (2): arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s arm64: dts: rockchip: Rename LED related pinctrl nodes on rk3308-rock-pi-s Jos Wang (1): usb: dwc3: core: Workaround for CSR read timeout Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: improve link status logs Julia Zhang (1): drm/amdgpu: avoid using null object of framebuffer Kamal Dasu (1): mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard Kees Cook (1): randomize_kstack: Remove non-functional per-arch entropy filtering Kent Gibson (2): gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) gpiolib: cdev: Ignore reconfiguration without direction Kent Overstreet (5): bcachefs: Fix sb_field_downgrade validation bcachefs: Fix sb-downgrade validation bcachefs: Fix bch2_sb_downgrade_update() bcachefs: Fix setting of downgrade recovery passes/errors bcachefs: btree_gc can now handle unknown btrees Kuniyuki Iwashima (4): af_unix: Stop recv(MSG_PEEK) at consumed OOB skb. af_unix: Don't stop recv(MSG_DONTWAIT) if consumed OOB skb is at the head. af_unix: Don't stop recv() at consumed ex-OOB skb. af_unix: Fix wrong ioctl(SIOCATMARK) when consumed OOB skb is at the head. Laurent Pinchart (1): drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Li Ming (1): cxl/mem: Fix no cxl_nvd during pmem region auto-assembling Lijo Lazar (1): drm/amdgpu: Fix pci state save during mode-1 reset Linus Torvalds (1): x86: stop playing stack games in profile_pc() Linus Walleij (1): Revert "mmc: moxart-mmc: Use sg_miter for PIO" Liu Ying (1): drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Ma Ke (3): net: mana: Fix possible double free in error handling path drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Maciej Strozek (1): ASoC: cs42l43: Increase default type detect time and button delay Mark Brown (1): reset: gpio: Fix missing gpiolib dependency for GPIO reset controller Mark-PK Tsai (1): kbuild: doc: Update default INSTALL_MOD_DIR from extra to updates Martin KaFai Lau (1): bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode Martin Schiller (1): MIPS: pci: lantiq: restore reset gpio polarity Masahiro Yamada (1): kbuild: rpm-pkg: fix build error with CONFIG_MODULES=n Maxime Coquelin (2): vduse: validate block features only with block devices vduse: Temporarily fail if control queue feature requested Meng Li (1): usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Michael Strauss (1): drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present Michal Wajdeczko (1): drm/xe: Check pat.ops before dumping PAT settings Mostafa Saleh (1): PCI/MSI: Fix UAF in msi_capability_init Muhammad Ahmed (1): drm/amd/display: Skip pipe if the pipe idx not set properly Naohiro Aota (1): btrfs: zoned: fix initial free space detection Nathan Chancellor (2): tty: mxser: Remove __counted_by from mxser_board.ports[] nvmet-fc: Remove __counted_by from nvmet_fc_tgt_queue.fod[] Neal Cardwell (1): tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO NeilBrown (1): nfsd: initialise nfsd_info.mutex early. Nick Child (1): ibmvnic: Free any outstanding tx skbs during scrq reset Nikita Zhandarovich (1): usb: atm: cxacru: fix endpoint checking in cxacru_bind() Niklas Cassel (5): ata: libata-core: Fix null pointer dereference on error ata,scsi: libata-core: Do not leak memory for ata_port struct members ata: ahci: Clean up sysfs file on error ata: libata-core: Add ATA_HORKAGE_NOLPM for all Crucial BX SSD1 models ata: libata-core: Fix double free on error Niklas Schnelle (1): s390/pci: Add missing virt_to_phys() for directed DIBV Nirmoy Das (2): drm/xe: Fix potential integer overflow in page size calculation drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init Oleksij Rempel (2): net: can: j1939: recover socket queue on CAN bus error during BAM transmission net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oliver Neukum (2): usb: gadget: printer: SS+ support usb: gadget: printer: fix races against disable Oswald Buddenhagen (1): ALSA: emux: improve patch ioctl data validation Pablo Neira Ayuso (1): netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Rafael J. Wysocki (1): cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing Ricardo Ribalda (1): media: dvbdev: Initialize sbuf Sean Anderson (1): iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask Shannon Nelson (1): ionic: use dev_consume_skb_any outside of napi Sherry Wang (1): drm/amd/display: correct hostvm flag Shigeru Yoshida (1): net: can: j1939: Initialize unused data in j1939_send_one() Srinivas Kandagatla (1): ASoC: q6apm-lpass-dai: close graph on prepare errors Stefan Berger (1): evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509 Stefan Eichenberger (2): serial: imx: set receiver level before starting uart serial: imx: only set receiver level if it is zero Sven Eckelmann (1): batman-adv: Don't accept TT entries for out-of-spec VIDs Taehee Yoo (1): ionic: fix kernel panic due to multi-buffer handling Takashi Iwai (2): ALSA: seq: Fix missing channel at encoding RPN/NRPN MIDI2 messages ALSA: seq: Fix missing MSB in MIDI2 SPP conversion Thayne Harbaugh (1): kbuild: Fix build target deb-pkg: ln: failed to create hard link Thomas Bogendoerfer (1): Revert "MIPS: pci: lantiq: restore reset gpio polarity" Thomas Zimmermann (1): drm/fbdev-dma: Only set smem_start is enable per module option Tiezhu Yang (1): irqchip/loongson: Select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP for IRQ_LOONGARCH_CPU Tristram Ha (2): net: dsa: microchip: fix initial port flush problem net: dsa: microchip: fix wrong register write when masking interrupt Udit Kumar (2): serial: 8250_omap: Implementation of Errata i2310 serial: 8250_omap: Fix Errata i2310 with RX FIFO level check Uros Bizjak (1): x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup Uwe Kleine-König (6): pwm: stm32: Improve precision of calculation in .apply() pwm: stm32: Fix for settings using period > UINT32_MAX pwm: stm32: Calculate prescaler with a division instead of a loop pwm: stm32: Refuse too small period requests pwm: stm32: Fix calculation of prescaler pwm: stm32: Fix error message to not describe the previous error path Vasant Hegde (3): iommu/amd: Introduce per device DTE update function iommu/amd: Invalidate cache before removing device from domain list iommu/amd: Fix GT feature enablement again Vasileios Amoiridis (4): iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation Vijendar Mukunda (3): ASoC: amd: acp: add a null check for chip_pdev structure ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() ASoC: amd: acp: move chip->flag variable assignment Vitor Soares (1): can: mcp251xfd: fix infinite loop when xmit fails Wenchao Hao (2): workqueue: Increase worker desc's length to 32 RDMA/restrack: Fix potential invalid address access Wolfram Sang (2): i2c: testunit: don't erase registers after STOP i2c: testunit: discard write requests while old command is running Xin Long (1): openvswitch: get related ct labels from its master if it is not confirmed Yao Xingtao (1): cxl/region: check interleave capability Yonghong Song (2): bpf: Add missed var_off setting in set_sext32_default_val() bpf: Add missed var_off setting in coerce_subreg_to_size_sx() Yunseong Kim (1): tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Yuntao Wang (1): cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() Zenghui Yu (1): arm64: Clear the initial ID map correctly before remapping Zhaoyang Huang (1): mm: fix incorrect vbq reference in purge_fragmented_block luoxuanqiang (1): Fix race for duplicate reqsk on identical SYN yangge (1): mm/page_alloc: Separate THP PCP into movable and non-movable categories

10 months

1
1
0 0

Linux 6.6.37

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.37 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/kbuild/modules.rst | 8 Makefile | 2 arch/arm/boot/dts/rockchip/rk3066a.dtsi | 1 arch/arm/net/bpf_jit_32.c | 25 - arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 18 arch/arm64/boot/dts/rockchip/rk3328-rock-pi-e.dts | 4 arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588s-rock-5a.dts | 1 arch/arm64/include/asm/unistd32.h | 2 arch/arm64/kernel/syscall.c | 16 arch/csky/include/uapi/asm/unistd.h | 1 arch/hexagon/include/asm/syscalls.h | 6 arch/hexagon/include/uapi/asm/unistd.h | 1 arch/hexagon/kernel/syscalltab.c | 7 arch/loongarch/net/bpf_jit.c | 22 arch/mips/kernel/syscalls/syscall_n32.tbl | 2 arch/mips/kernel/syscalls/syscall_o32.tbl | 2 arch/mips/net/bpf_jit_comp.c | 3 arch/parisc/Kconfig | 1 arch/parisc/kernel/sys_parisc32.c | 9 arch/parisc/kernel/syscalls/syscall.tbl | 6 arch/parisc/net/bpf_jit_core.c | 8 arch/powerpc/kernel/syscalls/syscall.tbl | 6 arch/powerpc/net/bpf_jit.h | 18 arch/powerpc/net/bpf_jit_comp.c | 110 +++- arch/powerpc/net/bpf_jit_comp32.c | 13 arch/powerpc/net/bpf_jit_comp64.c | 10 arch/riscv/include/asm/insn.h | 2 arch/riscv/kernel/stacktrace.c | 2 arch/s390/include/asm/entry-common.h | 2 arch/s390/kernel/syscalls/syscall.tbl | 2 arch/s390/net/bpf_jit_comp.c | 6 arch/s390/pci/pci_irq.c | 2 arch/sh/kernel/sys_sh32.c | 11 arch/sh/kernel/syscalls/syscall.tbl | 3 arch/sparc/kernel/sys32.S | 221 ---------- arch/sparc/kernel/syscalls/syscall.tbl | 8 arch/sparc/net/bpf_jit_comp_64.c | 6 arch/x86/entry/syscalls/syscall_32.tbl | 2 arch/x86/include/asm/entry-common.h | 15 arch/x86/kernel/fpu/core.c | 4 arch/x86/kernel/time.c | 20 arch/x86/net/bpf_jit_comp32.c | 3 crypto/ecdh.c | 2 drivers/ata/ahci.c | 17 drivers/ata/libata-core.c | 29 - drivers/counter/ti-eqep.c | 6 drivers/cpufreq/amd-pstate.c | 2 drivers/cpufreq/intel_pstate.c | 13 drivers/cxl/core/core.h | 7 drivers/cxl/core/hdm.c | 13 drivers/cxl/core/memdev.c | 44 - drivers/cxl/core/region.c | 137 ++++++ drivers/cxl/cxl.h | 2 drivers/cxl/cxlmem.h | 10 drivers/gpio/gpio-davinci.c | 5 drivers/gpio/gpiolib-cdev.c | 16 drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 18 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 10 drivers/gpu/drm/amd/display/include/dpcd_defs.h | 5 drivers/gpu/drm/drm_fb_helper.c | 6 drivers/gpu/drm/drm_fbdev_dma.c | 5 drivers/gpu/drm/drm_file.c | 8 drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 drivers/gpu/drm/panel/panel-simple.c | 1 drivers/gpu/drm/radeon/radeon.h | 1 drivers/gpu/drm/radeon/radeon_display.c | 8 drivers/i2c/i2c-slave-testunit.c | 5 drivers/iio/accel/Kconfig | 2 drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/xilinx-ams.c | 8 drivers/iio/chemical/bme680.h | 2 drivers/iio/chemical/bme680_core.c | 62 ++ drivers/iio/pressure/bmp280-core.c | 14 drivers/iio/pressure/bmp280.h | 2 drivers/infiniband/core/restrack.c | 51 -- drivers/input/touchscreen/ili210x.c | 4 drivers/irqchip/Kconfig | 2 drivers/irqchip/irq-loongson-eiointc.c | 5 drivers/irqchip/irq-loongson-liointc.c | 4 drivers/media/dvb-core/dvbdev.c | 2 drivers/mmc/host/sdhci-brcmstb.c | 4 drivers/mmc/host/sdhci-pci-core.c | 11 drivers/mmc/host/sdhci-pci-o2micro.c | 41 - drivers/mmc/host/sdhci.c | 25 - drivers/mtd/parsers/redboot.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 14 drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 55 ++ drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 5 drivers/net/dsa/microchip/ksz9477.c | 10 drivers/net/dsa/microchip/ksz9477_reg.h | 1 drivers/net/dsa/microchip/ksz_common.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 drivers/net/ethernet/ibm/ibmvnic.c | 6 drivers/net/ethernet/intel/ice/ice_main.c | 10 drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 20 drivers/net/ethernet/microsoft/mana/mana_en.c | 2 drivers/net/phy/micrel.c | 1 drivers/net/usb/ax88179_178a.c | 6 drivers/pci/msi/msi.c | 10 drivers/pinctrl/core.c | 2 drivers/pinctrl/pinctrl-rockchip.c | 68 ++- drivers/pinctrl/pinctrl-rockchip.h | 1 drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 1 drivers/pwm/pwm-stm32.c | 3 drivers/scsi/libsas/sas_ata.c | 6 drivers/scsi/libsas/sas_discover.c | 2 drivers/soc/ti/wkup_m3_ipc.c | 7 drivers/tty/serial/8250/8250_omap.c | 22 drivers/tty/serial/bcm63xx_uart.c | 7 drivers/tty/serial/imx.c | 10 drivers/tty/serial/mcf.c | 2 drivers/usb/atm/cxacru.c | 14 drivers/usb/dwc3/core.c | 26 - drivers/usb/dwc3/core.h | 1 drivers/usb/gadget/function/f_printer.c | 40 + drivers/usb/gadget/udc/aspeed_udc.c | 4 drivers/usb/musb/da8xx.c | 8 drivers/usb/typec/ucsi/ucsi.c | 55 +- drivers/usb/typec/ucsi/ucsi_glink.c | 5 drivers/usb/typec/ucsi/ucsi_stm32g0.c | 19 drivers/vdpa/vdpa_user/vduse_dev.c | 14 fs/btrfs/free-space-cache.c | 2 fs/btrfs/tree-log.c | 43 + fs/erofs/data.c | 5 fs/gfs2/log.c | 3 fs/gfs2/super.c | 4 fs/nfs/direct.c | 2 fs/ocfs2/aops.c | 5 fs/ocfs2/journal.c | 17 fs/ocfs2/journal.h | 2 fs/ocfs2/ocfs2_trace.h | 2 fs/open.c | 4 include/linux/compat.h | 2 include/linux/filter.h | 10 include/linux/ieee80211.h | 15 include/linux/libata.h | 1 include/linux/mmzone.h | 9 include/linux/nvme.h | 4 include/linux/serial_core.h | 21 include/linux/syscalls.h | 8 include/linux/workqueue.h | 2 include/net/inet_connection_sock.h | 2 include/net/netfilter/nf_tables.h | 5 include/trace/events/qdisc.h | 4 include/uapi/asm-generic/unistd.h | 2 kernel/bpf/core.c | 6 kernel/bpf/ringbuf.c | 31 + kernel/bpf/verifier.c | 10 kernel/cpu.c | 8 kernel/sys_ni.c | 2 mm/page_alloc.c | 9 mm/vmalloc.c | 21 net/batman-adv/originator.c | 27 + net/can/j1939/main.c | 6 net/can/j1939/transport.c | 21 net/core/xdp.c | 4 net/dccp/ipv4.c | 7 net/dccp/ipv6.c | 7 net/ipv4/inet_connection_sock.c | 17 net/ipv4/tcp_input.c | 45 +- net/iucv/iucv.c | 26 - net/netfilter/nf_hooks_lwtunnel.c | 3 net/netfilter/nf_tables_api.c | 8 net/netfilter/nft_lookup.c | 3 net/openvswitch/conntrack.c | 7 scripts/Makefile.dtbinst | 2 scripts/Makefile.package | 2 sound/core/seq/seq_ump_convert.c | 10 sound/pci/hda/patch_realtek.c | 3 sound/soc/amd/acp/acp-i2s.c | 8 sound/soc/amd/acp/acp-pci.c | 10 sound/soc/atmel/atmel-classd.c | 17 sound/soc/atmel/atmel-pcm-dma.c | 8 sound/soc/atmel/atmel-pcm-pdc.c | 4 sound/soc/atmel/atmel-pdmic.c | 12 sound/soc/atmel/atmel_wm8904.c | 4 sound/soc/atmel/mikroe-proto.c | 2 sound/soc/atmel/sam9g20_wm8731.c | 2 sound/soc/atmel/sam9x5_wm8731.c | 2 sound/soc/fsl/fsl-asoc-card.c | 3 sound/soc/mediatek/mt8183/mt8183-da7219-max98357.c | 10 sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 32 - sound/soc/rockchip/rockchip_i2s_tdm.c | 13 sound/synth/emux/soundfont.c | 17 tools/testing/cxl/test/cxl.c | 4 tools/testing/selftests/net/mptcp/userspace_pm.sh | 50 +- 192 files changed, 1473 insertions(+), 908 deletions(-) Adam Rizkalla (1): iio: pressure: bmp280: Fix BMP580 temperature reading Adrian Hunter (2): mmc: sdhci: Do not invert write-protect twice mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Aleksandr Mishin (1): gpio: davinci: Validate the obtained number of IRQs Alex Bee (1): arm64: dts: rockchip: Add sound-dai-cells for RK3368 Alex Deucher (1): drm/amdgpu/atomfirmware: fix parsing of vram_info Alexander Sverdlin (1): iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF Alibek Omarov (1): ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk Alison Schofield (2): cxl/region: Move cxl_dpa_to_region() work to the region driver cxl/region: Avoid null pointer dereference in region lookup Andreas Gruenbacher (1): gfs2: Fix NULL pointer dereference in gfs2_log_flush Andrei Simion (1): ASoC: atmel: atmel-classd: Re-add dai_link->platform to fix card init Andrew Davis (1): soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Andy Chiu (1): riscv: stacktrace: convert arch_stack_walk() to noinstr Arnd Bergmann (11): sparc: fix old compat_sys_select() sparc: fix compat recv/recvfrom syscalls parisc: use correct compat recv/recvfrom syscalls powerpc: restore some missing spu syscalls parisc: use generic sys_fanotify_mark implementation sh: rework sync_file_range ABI csky, hexagon: fix broken sys_sync_file_range hexagon: fix fadvise64_64 calling conventions ftruncate: pass a signed offset syscalls: fix compat_sys_io_pgetevents_time64 usage syscalls: fix sys_fanotify_mark prototype Christian A. Ehrhardt (1): usb: typec: ucsi: Never send a lone connector change ack Christoph Hellwig (1): nfs: drop the incorrect assertion in nfs_swap_rw() Christophe Leroy (2): bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() Dan Carpenter (1): usb: musb: da8xx: fix a resource leak in probe() Daniel Borkmann (1): bpf: Fix overrunning reservations in ringbuf Daniil Dulov (1): xdp: Remove WARN() from __xdp_reg_mem_model() David Lechner (1): counter: ti-eqep: enable clock at probe Dawei Li (2): net/iucv: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack Denis Arefev (1): mtd: partitions: redboot: Added conversion of operands to a larger type Dirk Su (1): ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665 G11. Doug Brown (1): Revert "serial: core: only stop transmit when HW fifo is empty" Dragan Simic (1): kbuild: Install dtb files as 0644 in Makefile.dtbinst Elinor Montmasson (1): ASoC: fsl-asoc-card: set priv->pdev before using it Enguerrand de Ribaucourt (2): net: phy: micrel: add Microchip KSZ 9477 to the device table net: dsa: microchip: use collision based back pressure mode Erick Archer (1): drm/radeon/radeon_display: Decrease the size of allocated memory FUKAUMI Naoki (2): arm64: dts: rockchip: make poweroff(8) work on Radxa ROCK 5A arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E Fabrice Gasnier (1): usb: ucsi: stm32: fix command completion handling Fernando Yang (1): iio: adc: ad7266: Fix variable checking bug Filipe Manana (1): btrfs: use NOFS context when getting inodes during logging and log replay Geliang Tang (1): selftests: mptcp: print_test out of verify_listener_events Greg Kroah-Hartman (2): Revert "cpufreq: amd-pstate: Fix the inconsistency in max frequency units" Linux 6.6.37 Hagar Hemdan (1): pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER Hannes Reinecke (1): nvme: fixup comment for nvme RDMA Provider Type Hari Bathini (2): powerpc/bpf: rename powerpc64_jit_data to powerpc_jit_data powerpc/bpf: use bpf_jit_binary_pack_[alloc|finalize|free] Heikki Krogerus (1): usb: typec: ucsi: Ack also failed Get Error commands Hsin-Te Yuan (2): ASoC: mediatek: mt8183-da7219-max98357: Fix kcontrol name collision arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch on rk3399-gru Huacai Chen (2): irqchip/loongson-eiointc: Use early_cpu_to_node() instead of cpu_to_node() irqchip/loongson-liointc: Set different ISRs for different cores Huang-Huang Bao (4): pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl: rockchip: use dedicated pinctrl type for RK3328 pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Ido Schimmel (1): mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems Ilpo Järvinen (2): mmc: sdhci-pci-o2micro: Convert PCIBIOS_* return codes to errnos mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Jan Kara (1): ocfs2: fix DIO failure due to insufficient transaction credits Jan Sokolowski (1): ice: Rebuild TC queues on VSI queue reconfiguration Jann Horn (1): drm/drm_file: Fix pid refcounting race Janusz Krzysztofik (1): drm/i915/gt: Fix potential UAF by revoke of fence registers Javier Carrasco (1): usb: typec: ucsi: glink: fix child node release in probe function Jean-Michel Hautbois (1): tty: mcf: MCF54418 has 10 UARTS Jeff Johnson (1): wifi: mac80211: Use flexible array in struct ieee80211_tim_ie Jeremy Kerr (1): usb: gadget: aspeed_udc: fix device address configuration Jesse Taube (1): RISC-V: fix vector insn load/store width mask Jianguo Wu (1): netfilter: fix undefined reference to 'netfilter_lwtunnel_*' when CONFIG_SYSCTL=n Jingbo Xu (1): erofs: fix NULL dereference of dif->bdev_handle in fscache mode Joachim Vandersmissen (1): crypto: ecdh - explicitly zeroize private_key Johan Hovold (1): pinctrl: qcom: spmi-gpio: drop broken pm8008 support Johan Jonker (1): ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Johannes Berg (1): wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() John Keeping (1): Input: ili210x - fix ili251x_read_touch_data() return value Jonas Gorski (2): serial: core: introduce uart_port_tx_limited_flags() serial: bcm63xx-uart: fix tx after conversion to uart_port_tx_limited() Jonas Karlman (2): arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s arm64: dts: rockchip: Rename LED related pinctrl nodes on rk3308-rock-pi-s Jos Wang (1): usb: dwc3: core: Workaround for CSR read timeout Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: improve link status logs Julia Zhang (1): drm/amdgpu: avoid using null object of framebuffer Kamal Dasu (1): mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard Kees Cook (1): randomize_kstack: Remove non-functional per-arch entropy filtering Kent Gibson (1): gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Kuninori Morimoto (1): ASoC: atmel: convert not to use asoc_xxx() Laurent Pinchart (1): drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Li peiyu (1): iio: pressure: fix some word spelling errors Lijo Lazar (1): drm/amdgpu: Fix pci state save during mode-1 reset Linus Torvalds (1): x86: stop playing stack games in profile_pc() Liu Ying (1): drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Ma Ke (3): net: mana: Fix possible double free in error handling path drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Mark-PK Tsai (1): kbuild: doc: Update default INSTALL_MOD_DIR from extra to updates Martin KaFai Lau (1): bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode Martin Schiller (1): MIPS: pci: lantiq: restore reset gpio polarity Matthieu Baerts (NGI0) (1): selftests: mptcp: userspace_pm: fixed subtest names Maxime Coquelin (2): vduse: validate block features only with block devices vduse: Temporarily fail if control queue feature requested Meng Li (1): usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Michael Strauss (1): drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present Mostafa Saleh (1): PCI/MSI: Fix UAF in msi_capability_init Naohiro Aota (1): btrfs: zoned: fix initial free space detection Neal Cardwell (1): tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO Nick Child (1): ibmvnic: Free any outstanding tx skbs during scrq reset Nikita Zhandarovich (1): usb: atm: cxacru: fix endpoint checking in cxacru_bind() Niklas Cassel (4): ata: libata-core: Fix null pointer dereference on error ata,scsi: libata-core: Do not leak memory for ata_port struct members ata: ahci: Clean up sysfs file on error ata: libata-core: Fix double free on error Niklas Schnelle (1): s390/pci: Add missing virt_to_phys() for directed DIBV Oleksij Rempel (2): net: can: j1939: recover socket queue on CAN bus error during BAM transmission net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oliver Neukum (2): usb: gadget: printer: SS+ support usb: gadget: printer: fix races against disable Oswald Buddenhagen (1): ALSA: emux: improve patch ioctl data validation Pablo Neira Ayuso (1): netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Rafael J. Wysocki (1): cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing Ricardo Ribalda (1): media: dvbdev: Initialize sbuf Sean Anderson (1): iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask Shigeru Yoshida (1): net: can: j1939: Initialize unused data in j1939_send_one() Srinivas Kandagatla (1): ASoC: q6apm-lpass-dai: close graph on prepare errors Stefan Eichenberger (2): serial: imx: set receiver level before starting uart serial: imx: only set receiver level if it is zero Sven Eckelmann (1): batman-adv: Don't accept TT entries for out-of-spec VIDs Takashi Iwai (2): ALSA: seq: Fix missing channel at encoding RPN/NRPN MIDI2 messages ALSA: seq: Fix missing MSB in MIDI2 SPP conversion Thayne Harbaugh (1): kbuild: Fix build target deb-pkg: ln: failed to create hard link Thomas Bogendoerfer (1): Revert "MIPS: pci: lantiq: restore reset gpio polarity" Thomas Zimmermann (1): drm/fbdev-dma: Only set smem_start is enable per module option Tiezhu Yang (1): irqchip/loongson: Select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP for IRQ_LOONGARCH_CPU Tristram Ha (2): net: dsa: microchip: fix initial port flush problem net: dsa: microchip: fix wrong register write when masking interrupt Udit Kumar (2): serial: 8250_omap: Implementation of Errata i2310 serial: 8250_omap: Fix Errata i2310 with RX FIFO level check Uros Bizjak (1): x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup Uwe Kleine-König (1): pwm: stm32: Refuse too small period requests Vasileios Amoiridis (4): iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation Vijendar Mukunda (2): ASoC: amd: acp: add a null check for chip_pdev structure ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() Vitor Soares (1): can: mcp251xfd: fix infinite loop when xmit fails Wenchao Hao (2): workqueue: Increase worker desc's length to 32 RDMA/restrack: Fix potential invalid address access Wesley Cheng (1): usb: dwc3: core: Add DWC31 version 2.00a controller Wolfram Sang (2): i2c: testunit: don't erase registers after STOP i2c: testunit: discard write requests while old command is running Xin Long (1): openvswitch: get related ct labels from its master if it is not confirmed Yao Xingtao (1): cxl/region: check interleave capability Yonghong Song (2): bpf: Add missed var_off setting in set_sext32_default_val() bpf: Add missed var_off setting in coerce_subreg_to_size_sx() Yunseong Kim (1): tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Yuntao Wang (1): cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() Zhaoyang Huang (1): mm: fix incorrect vbq reference in purge_fragmented_block luoxuanqiang (1): Fix race for duplicate reqsk on identical SYN yangge (1): mm/page_alloc: Separate THP PCP into movable and non-movable categories

10 months

1
1
0 0

Linux 6.1.97

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.97 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/i2c/amlogic,meson6-i2c.yaml | 4 Documentation/devicetree/bindings/i2c/apple,i2c.yaml | 4 Documentation/devicetree/bindings/i2c/atmel,at91sam-i2c.yaml | 2 Documentation/devicetree/bindings/i2c/cdns,i2c-r1p10.yaml | 4 Documentation/devicetree/bindings/i2c/i2c-mux-gpio.yaml | 4 Documentation/devicetree/bindings/i2c/qcom,i2c-geni-qcom.yaml | 4 Documentation/devicetree/bindings/i2c/st,stm32-i2c.yaml | 2 Documentation/devicetree/bindings/i2c/xlnx,xps-iic-2.00.a.yaml | 4 Makefile | 2 arch/arm/boot/dts/rk3066a.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 18 arch/arm64/boot/dts/rockchip/rk3328-rock-pi-e.dts | 4 arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 arch/arm64/include/asm/unistd32.h | 2 arch/arm64/kernel/syscall.c | 16 arch/csky/include/uapi/asm/unistd.h | 1 arch/hexagon/include/asm/syscalls.h | 6 arch/hexagon/include/uapi/asm/unistd.h | 1 arch/hexagon/kernel/syscalltab.c | 7 arch/mips/kernel/syscalls/syscall_n32.tbl | 2 arch/mips/kernel/syscalls/syscall_o32.tbl | 2 arch/parisc/Kconfig | 1 arch/parisc/kernel/sys_parisc32.c | 9 arch/parisc/kernel/syscalls/syscall.tbl | 6 arch/powerpc/kernel/syscalls/syscall.tbl | 6 arch/riscv/kernel/stacktrace.c | 2 arch/s390/include/asm/entry-common.h | 2 arch/s390/kernel/syscalls/syscall.tbl | 2 arch/s390/pci/pci_irq.c | 2 arch/sh/kernel/sys_sh32.c | 11 arch/sh/kernel/syscalls/syscall.tbl | 3 arch/sparc/kernel/sys32.S | 221 -------- arch/sparc/kernel/syscalls/syscall.tbl | 8 arch/x86/entry/syscalls/syscall_32.tbl | 2 arch/x86/include/asm/efi.h | 11 arch/x86/include/asm/entry-common.h | 15 arch/x86/kernel/fpu/core.c | 4 arch/x86/kernel/time.c | 20 arch/x86/platform/efi/Makefile | 3 arch/x86/platform/efi/efi.c | 8 arch/x86/platform/efi/memmap.c | 249 ++++++++++ crypto/ecdh.c | 2 drivers/acpi/x86/utils.c | 23 drivers/ata/ahci.c | 17 drivers/ata/libata-core.c | 8 drivers/counter/ti-eqep.c | 6 drivers/cpufreq/amd-pstate.c | 2 drivers/cpufreq/intel_pstate.c | 13 drivers/firmware/efi/fdtparams.c | 4 drivers/firmware/efi/memmap.c | 238 --------- drivers/gpio/gpio-davinci.c | 5 drivers/gpio/gpiolib-cdev.c | 16 drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 68 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 18 drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 drivers/gpu/drm/panel/panel-simple.c | 1 drivers/gpu/drm/radeon/radeon.h | 1 drivers/gpu/drm/radeon/radeon_display.c | 8 drivers/i2c/i2c-slave-testunit.c | 5 drivers/iio/accel/Kconfig | 2 drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/xilinx-ams.c | 8 drivers/iio/chemical/bme680.h | 2 drivers/iio/chemical/bme680_core.c | 62 ++ drivers/infiniband/core/restrack.c | 51 -- drivers/input/touchscreen/ili210x.c | 4 drivers/irqchip/irq-loongson-liointc.c | 4 drivers/media/dvb-core/dvbdev.c | 2 drivers/mmc/host/sdhci-brcmstb.c | 4 drivers/mmc/host/sdhci-pci-core.c | 11 drivers/mmc/host/sdhci.c | 25 - drivers/mtd/parsers/redboot.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 14 drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 55 +- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 5 drivers/net/dsa/microchip/ksz9477.c | 10 drivers/net/dsa/microchip/ksz9477_reg.h | 1 drivers/net/dsa/microchip/ksz_common.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 drivers/net/ethernet/ibm/ibmvnic.c | 6 drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 20 drivers/net/phy/micrel.c | 1 drivers/net/usb/ax88179_178a.c | 6 drivers/pinctrl/core.c | 2 drivers/pinctrl/pinctrl-rockchip.c | 68 ++ drivers/pinctrl/pinctrl-rockchip.h | 1 drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 1 drivers/pwm/pwm-stm32.c | 3 drivers/soc/ti/wkup_m3_ipc.c | 7 drivers/tty/serial/8250/8250_omap.c | 22 drivers/tty/serial/imx.c | 10 drivers/tty/serial/mcf.c | 2 drivers/usb/atm/cxacru.c | 14 drivers/usb/dwc3/core.c | 6 drivers/usb/gadget/function/f_printer.c | 40 + drivers/usb/gadget/udc/aspeed_udc.c | 4 drivers/usb/musb/da8xx.c | 8 drivers/usb/typec/ucsi/ucsi.c | 55 +- drivers/usb/typec/ucsi/ucsi_stm32g0.c | 19 drivers/vdpa/vdpa_user/vduse_dev.c | 14 fs/btrfs/free-space-cache.c | 2 fs/gfs2/super.c | 2 fs/nfs/direct.c | 2 fs/ocfs2/aops.c | 5 fs/ocfs2/journal.c | 17 fs/ocfs2/journal.h | 2 fs/ocfs2/ocfs2_trace.h | 2 fs/open.c | 4 include/linux/compat.h | 2 include/linux/efi.h | 10 include/linux/filter.h | 5 include/linux/ieee80211.h | 2 include/linux/mmzone.h | 9 include/linux/nvme.h | 4 include/linux/syscalls.h | 8 include/net/inet_connection_sock.h | 2 include/net/netfilter/nf_tables.h | 21 include/trace/events/qdisc.h | 4 include/uapi/asm-generic/unistd.h | 2 kernel/bpf/core.c | 6 kernel/bpf/ringbuf.c | 31 + kernel/bpf/verifier.c | 8 kernel/cpu.c | 8 kernel/sys_ni.c | 2 mm/page_alloc.c | 8 net/batman-adv/originator.c | 27 + net/can/j1939/main.c | 6 net/can/j1939/transport.c | 21 net/core/filter.c | 3 net/core/xdp.c | 4 net/dccp/ipv4.c | 7 net/dccp/ipv6.c | 7 net/ipv4/inet_connection_sock.c | 17 net/ipv4/tcp_input.c | 45 + net/iucv/iucv.c | 26 - net/netfilter/nf_tables_api.c | 12 net/netfilter/nft_lookup.c | 3 net/netfilter/nft_set_hash.c | 8 net/netfilter/nft_set_pipapo.c | 18 net/netfilter/nft_set_rbtree.c | 6 scripts/Makefile.dtbinst | 2 security/integrity/ima/ima_api.c | 16 security/integrity/ima/ima_template_lib.c | 17 sound/pci/hda/patch_realtek.c | 3 sound/soc/amd/acp/acp-i2s.c | 8 sound/soc/fsl/fsl-asoc-card.c | 3 sound/soc/rockchip/rockchip_i2s_tdm.c | 13 sound/synth/emux/soundfont.c | 17 152 files changed, 1233 insertions(+), 943 deletions(-) Adrian Hunter (2): mmc: sdhci: Do not invert write-protect twice mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Aleksandr Mishin (1): gpio: davinci: Validate the obtained number of IRQs Alex Bee (1): arm64: dts: rockchip: Add sound-dai-cells for RK3368 Alex Deucher (1): drm/amdgpu/atomfirmware: fix parsing of vram_info Alexander Sverdlin (1): iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF Alibek Omarov (1): ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk Andrew Davis (1): soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Andy Chiu (1): riscv: stacktrace: convert arch_stack_walk() to noinstr Anton Protopopov (1): bpf: Add a check for struct bpf_fib_lookup size Ard Biesheuvel (3): efi: memmap: Move manipulation routines into x86 arch tree efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures efi/x86: Free EFI memory map only when installing a new one. Arnd Bergmann (11): sparc: fix old compat_sys_select() sparc: fix compat recv/recvfrom syscalls parisc: use correct compat recv/recvfrom syscalls powerpc: restore some missing spu syscalls parisc: use generic sys_fanotify_mark implementation sh: rework sync_file_range ABI csky, hexagon: fix broken sys_sync_file_range hexagon: fix fadvise64_64 calling conventions ftruncate: pass a signed offset syscalls: fix compat_sys_io_pgetevents_time64 usage syscalls: fix sys_fanotify_mark prototype Christian A. Ehrhardt (1): usb: typec: ucsi: Never send a lone connector change ack Christoph Hellwig (1): nfs: drop the incorrect assertion in nfs_swap_rw() Christophe Leroy (1): bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() Dan Carpenter (1): usb: musb: da8xx: fix a resource leak in probe() Daniel Borkmann (1): bpf: Fix overrunning reservations in ringbuf Daniil Dulov (1): xdp: Remove WARN() from __xdp_reg_mem_model() David Lechner (1): counter: ti-eqep: enable clock at probe Dawei Li (2): net/iucv: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack Denis Arefev (1): mtd: partitions: redboot: Added conversion of operands to a larger type Dirk Su (1): ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665 G11. Dragan Simic (1): kbuild: Install dtb files as 0644 in Makefile.dtbinst Elinor Montmasson (1): ASoC: fsl-asoc-card: set priv->pdev before using it Enguerrand de Ribaucourt (2): net: phy: micrel: add Microchip KSZ 9477 to the device table net: dsa: microchip: use collision based back pressure mode Erick Archer (1): drm/radeon/radeon_display: Decrease the size of allocated memory FUKAUMI Naoki (1): arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E Fabrice Gasnier (1): usb: ucsi: stm32: fix command completion handling Fernando Yang (1): iio: adc: ad7266: Fix variable checking bug Greg Kroah-Hartman (2): Revert "cpufreq: amd-pstate: Fix the inconsistency in max frequency units" Linux 6.1.97 Hagar Hemdan (1): pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER Hannes Reinecke (1): nvme: fixup comment for nvme RDMA Provider Type Heikki Krogerus (1): usb: typec: ucsi: Ack also failed Get Error commands Huacai Chen (1): irqchip/loongson-liointc: Set different ISRs for different cores Huang-Huang Bao (4): pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl: rockchip: use dedicated pinctrl type for RK3328 pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Ido Schimmel (1): mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems Ilpo Järvinen (1): mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Jan Kara (1): ocfs2: fix DIO failure due to insufficient transaction credits Janusz Krzysztofik (1): drm/i915/gt: Fix potential UAF by revoke of fence registers Jean-Michel Hautbois (1): tty: mcf: MCF54418 has 10 UARTS Jeremy Kerr (1): usb: gadget: aspeed_udc: fix device address configuration Joachim Vandersmissen (1): crypto: ecdh - explicitly zeroize private_key Johan Hovold (1): pinctrl: qcom: spmi-gpio: drop broken pm8008 support Johan Jonker (1): ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Johannes Berg (1): wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() John Keeping (1): Input: ili210x - fix ili251x_read_touch_data() return value Jonas Karlman (2): arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s arm64: dts: rockchip: Rename LED related pinctrl nodes on rk3308-rock-pi-s Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: improve link status logs Julia Zhang (1): drm/amdgpu: avoid using null object of framebuffer Juntong Deng (1): gfs2: Fix slab-use-after-free in gfs2_qd_dealloc Kamal Dasu (1): mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard Kees Cook (1): randomize_kstack: Remove non-functional per-arch entropy filtering Kent Gibson (1): gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Krzysztof Kozlowski (1): dt-bindings: i2c: atmel,at91sam: correct path to i2c-controller schema Laurent Pinchart (1): drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Lijo Lazar (1): drm/amdgpu: Fix pci state save during mode-1 reset Linus Torvalds (1): x86: stop playing stack games in profile_pc() Liu Ying (1): drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Ma Ke (2): drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Mario Limonciello (2): ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable ACPI: x86: Force StorageD3Enable on more products Martin KaFai Lau (1): bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode Martin Schiller (1): MIPS: pci: lantiq: restore reset gpio polarity Maxime Coquelin (2): vduse: validate block features only with block devices vduse: Temporarily fail if control queue feature requested Meng Li (1): usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Naohiro Aota (1): btrfs: zoned: fix initial free space detection Neal Cardwell (1): tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO Nick Child (1): ibmvnic: Free any outstanding tx skbs during scrq reset Nikita Zhandarovich (1): usb: atm: cxacru: fix endpoint checking in cxacru_bind() Niklas Cassel (2): ata: ahci: Clean up sysfs file on error ata: libata-core: Fix double free on error Niklas Schnelle (1): s390/pci: Add missing virt_to_phys() for directed DIBV Oleksij Rempel (2): net: can: j1939: recover socket queue on CAN bus error during BAM transmission net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oliver Neukum (2): usb: gadget: printer: SS+ support usb: gadget: printer: fix races against disable Oswald Buddenhagen (1): ALSA: emux: improve patch ioctl data validation Pablo Neira Ayuso (2): netfilter: nf_tables: use timestamp to check for set element timeout netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Rafael J. Wysocki (1): cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing Ricardo Ribalda (1): media: dvbdev: Initialize sbuf Rob Herring (1): dt-bindings: i2c: Drop unneeded quotes Sean Anderson (1): iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask Shigeru Yoshida (1): net: can: j1939: Initialize unused data in j1939_send_one() Srinivasan Shanmugam (1): drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c Stefan Berger (1): ima: Fix use-after-free on a dentry's dname.name Stefan Eichenberger (2): serial: imx: set receiver level before starting uart serial: imx: only set receiver level if it is zero Sven Eckelmann (1): batman-adv: Don't accept TT entries for out-of-spec VIDs Thomas Bogendoerfer (1): Revert "MIPS: pci: lantiq: restore reset gpio polarity" Tristram Ha (2): net: dsa: microchip: fix initial port flush problem net: dsa: microchip: fix wrong register write when masking interrupt Udit Kumar (2): serial: 8250_omap: Implementation of Errata i2310 serial: 8250_omap: Fix Errata i2310 with RX FIFO level check Uros Bizjak (1): x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup Uwe Kleine-König (1): pwm: stm32: Refuse too small period requests Vasileios Amoiridis (4): iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation Vijendar Mukunda (1): ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() Vitor Soares (1): can: mcp251xfd: fix infinite loop when xmit fails Wenchao Hao (1): RDMA/restrack: Fix potential invalid address access Wolfram Sang (2): i2c: testunit: don't erase registers after STOP i2c: testunit: discard write requests while old command is running Yunseong Kim (1): tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Yuntao Wang (1): cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() luoxuanqiang (1): Fix race for duplicate reqsk on identical SYN yangge (1): mm/page_alloc: Separate THP PCP into movable and non-movable categories

10 months

1
1
0 0

Linux 5.15.162

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.162 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/i2c/google,cros-ec-i2c-tunnel.yaml | 2 Makefile | 7 arch/arm/boot/dts/exynos4210-smdkv310.dts | 2 arch/arm/boot/dts/exynos4412-origen.dts | 2 arch/arm/boot/dts/exynos4412-smdk4412.dts | 2 arch/arm/boot/dts/rk3066a.dtsi | 1 arch/arm64/boot/dts/freescale/imx8qm-mek.dts | 2 arch/arm64/boot/dts/rockchip/rk3328-rock-pi-e.dts | 4 arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 arch/arm64/include/asm/kvm_host.h | 1 arch/arm64/include/asm/unistd32.h | 2 arch/arm64/kvm/arm.c | 6 arch/arm64/kvm/vgic/vgic-v3.c | 2 arch/arm64/kvm/vgic/vgic-v4.c | 8 arch/csky/include/uapi/asm/unistd.h | 1 arch/hexagon/include/asm/syscalls.h | 6 arch/hexagon/include/uapi/asm/unistd.h | 1 arch/hexagon/kernel/syscalltab.c | 7 arch/mips/bmips/setup.c | 3 arch/mips/kernel/syscalls/syscall_n32.tbl | 2 arch/mips/kernel/syscalls/syscall_o32.tbl | 2 arch/mips/pci/ops-rc32434.c | 4 arch/mips/pci/pcie-octeon.c | 6 arch/parisc/Kconfig | 1 arch/parisc/kernel/sys_parisc32.c | 9 arch/parisc/kernel/syscalls/syscall.tbl | 6 arch/powerpc/include/asm/fadump-internal.h | 5 arch/powerpc/include/asm/hvcall.h | 8 arch/powerpc/include/asm/io.h | 24 arch/powerpc/include/asm/uaccess.h | 15 arch/powerpc/kernel/fadump.c | 2 arch/powerpc/kernel/syscalls/syscall.tbl | 2 arch/riscv/mm/init.c | 58 -- arch/s390/kernel/syscalls/syscall.tbl | 2 arch/sh/kernel/sys_sh32.c | 11 arch/sh/kernel/syscalls/syscall.tbl | 3 arch/sparc/kernel/sys32.S | 221 -------- arch/sparc/kernel/syscalls/syscall.tbl | 8 arch/x86/entry/syscalls/syscall_32.tbl | 2 arch/x86/include/asm/cpu_device_id.h | 98 +++ arch/x86/include/asm/efi.h | 11 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/cpu/match.c | 4 arch/x86/kernel/fpu/core.c | 4 arch/x86/kernel/kprobes/core.c | 11 arch/x86/kernel/time.c | 20 arch/x86/kvm/x86.c | 9 arch/x86/platform/efi/Makefile | 3 arch/x86/platform/efi/efi.c | 8 arch/x86/platform/efi/memmap.c | 249 +++++++++ block/ioctl.c | 2 crypto/ecdh.c | 2 drivers/acpi/acpica/exregion.c | 23 drivers/acpi/video_detect.c | 8 drivers/acpi/x86/utils.c | 23 drivers/ata/ahci.c | 17 drivers/ata/libata-core.c | 8 drivers/base/core.c | 3 drivers/block/null_blk/zoned.c | 2 drivers/bluetooth/ath3k.c | 25 drivers/bluetooth/btqca.c | 186 +++++- drivers/bluetooth/btqca.h | 36 - drivers/bluetooth/hci_qca.c | 266 +++++++--- drivers/clk/sifive/sifive-prci.c | 8 drivers/crypto/hisilicon/sec2/sec_crypto.c | 4 drivers/dma/dma-axi-dmac.c | 2 drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c | 6 drivers/dma/dw-axi-dmac/dw-axi-dmac.h | 1 drivers/dma/idxd/irq.c | 4 drivers/dma/ioat/init.c | 75 +- drivers/dma/ioat/registers.h | 7 drivers/firmware/efi/fdtparams.c | 4 drivers/firmware/efi/memmap.c | 239 -------- drivers/gpio/Kconfig | 2 drivers/gpio/gpio-davinci.c | 5 drivers/gpio/gpio-tqmx86.c | 46 - drivers/gpio/gpiolib-cdev.c | 16 drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 18 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 144 ++--- drivers/gpu/drm/amd/display/dc/dcn10/dcn10_stream_encoder.c | 6 drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c | 2 drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c | 2 drivers/gpu/drm/bridge/panel.c | 7 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 drivers/gpu/drm/exynos/exynos_hdmi.c | 7 drivers/gpu/drm/i915/display/intel_dp.c | 4 drivers/gpu/drm/i915/gt/intel_breadcrumbs.c | 16 drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 drivers/gpu/drm/lima/lima_bcast.c | 12 drivers/gpu/drm/lima/lima_bcast.h | 3 drivers/gpu/drm/lima/lima_gp.c | 8 drivers/gpu/drm/lima/lima_pp.c | 18 drivers/gpu/drm/lima/lima_sched.c | 7 drivers/gpu/drm/lima/lima_sched.h | 1 drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 drivers/gpu/drm/panel/panel-simple.c | 1 drivers/gpu/drm/radeon/radeon.h | 1 drivers/gpu/drm/radeon/radeon_display.c | 8 drivers/gpu/drm/radeon/sumo_dpm.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 drivers/greybus/interface.c | 1 drivers/hid/hid-core.c | 1 drivers/hid/hid-ids.h | 1 drivers/hid/hid-logitech-dj.c | 4 drivers/hid/hid-multitouch.c | 6 drivers/hwtracing/intel_th/pci.c | 25 drivers/i2c/busses/i2c-at91-slave.c | 3 drivers/i2c/busses/i2c-designware-slave.c | 2 drivers/i2c/busses/i2c-ocores.c | 2 drivers/i2c/i2c-core-acpi.c | 30 - drivers/i2c/i2c-core-base.c | 98 +++ drivers/i2c/i2c-core-of.c | 66 -- drivers/i2c/i2c-slave-testunit.c | 5 drivers/iio/accel/Kconfig | 2 drivers/iio/accel/mxc4005.c | 68 ++ drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/ad9467.c | 4 drivers/iio/chemical/bme680.h | 2 drivers/iio/chemical/bme680_core.c | 62 ++ drivers/iio/dac/ad5592r-base.c | 2 drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 4 drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 4 drivers/infiniband/core/restrack.c | 51 - drivers/infiniband/hw/mlx5/srq.c | 13 drivers/input/input.c | 105 +++ drivers/input/touchscreen/ili210x.c | 4 drivers/iommu/amd/amd_iommu_types.h | 24 drivers/iommu/amd/init.c | 55 ++ drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 drivers/md/bcache/bset.c | 44 - drivers/md/bcache/bset.h | 28 - drivers/md/bcache/btree.c | 40 - drivers/md/bcache/super.c | 5 drivers/md/bcache/sysfs.c | 2 drivers/md/bcache/writeback.c | 10 drivers/media/dvb-core/dvbdev.c | 2 drivers/misc/mei/pci-me.c | 4 drivers/misc/pvpanic/pvpanic-mmio.c | 59 -- drivers/misc/pvpanic/pvpanic-pci.c | 80 --- drivers/misc/pvpanic/pvpanic.c | 90 ++- drivers/misc/pvpanic/pvpanic.h | 10 drivers/misc/vmw_vmci/vmci_event.c | 6 drivers/mmc/host/davinci_mmc.c | 6 drivers/mmc/host/sdhci-pci-core.c | 11 drivers/mmc/host/sdhci.c | 25 drivers/mtd/parsers/redboot.c | 2 drivers/net/dsa/microchip/ksz9477.c | 7 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 drivers/net/ethernet/google/gve/gve.h | 13 drivers/net/ethernet/google/gve/gve_rx_dqo.c | 76 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 21 drivers/net/ethernet/ibm/ibmvnic.c | 6 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 33 - drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c | 5 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 drivers/net/ethernet/qualcomm/qca_debug.c | 6 drivers/net/ethernet/qualcomm/qca_spi.c | 16 drivers/net/ethernet/qualcomm/qca_spi.h | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 6 drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 55 +- drivers/net/phy/micrel.c | 1 drivers/net/phy/sfp.c | 3 drivers/net/usb/ax88179_178a.c | 6 drivers/net/usb/rtl8150.c | 3 drivers/net/virtio_net.c | 12 drivers/net/vxlan/vxlan_core.c | 4 drivers/net/wireless/ath/ath.h | 6 drivers/net/wireless/ath/ath10k/Kconfig | 1 drivers/net/wireless/ath/ath9k/main.c | 3 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 4 drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 19 drivers/net/wireless/realtek/rtlwifi/wifi.h | 1 drivers/of/of_reserved_mem.c | 9 drivers/pci/controller/pcie-rockchip-ep.c | 6 drivers/pci/pci.c | 12 drivers/pinctrl/core.c | 2 drivers/pinctrl/pinctrl-rockchip.c | 68 ++ drivers/pinctrl/pinctrl-rockchip.h | 1 drivers/platform/x86/dell/dell-smbios-base.c | 91 +-- drivers/power/supply/cros_usbpd-charger.c | 11 drivers/ptp/ptp_chardev.c | 3 drivers/ptp/ptp_sysfs.c | 3 drivers/pwm/pwm-stm32.c | 3 drivers/regulator/bd71815-regulator.c | 2 drivers/regulator/core.c | 1 drivers/scsi/mpi3mr/mpi3mr.h | 1 drivers/scsi/mpi3mr/mpi3mr_os.c | 67 ++ drivers/scsi/mpt3sas/mpt3sas_base.c | 19 drivers/scsi/mpt3sas/mpt3sas_base.h | 3 drivers/scsi/mpt3sas/mpt3sas_ctl.c | 4 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 25 drivers/scsi/qedi/qedi_debugfs.c | 12 drivers/scsi/scsi_transport_sas.c | 29 + drivers/soc/ti/ti_sci_pm_domains.c | 20 drivers/soc/ti/wkup_m3_ipc.c | 7 drivers/spmi/hisi-spmi-controller.c | 1 drivers/tty/serial/8250/8250_exar.c | 42 + drivers/tty/serial/8250/8250_omap.c | 22 drivers/tty/serial/8250/8250_pxa.c | 1 drivers/tty/serial/imx.c | 7 drivers/tty/serial/mcf.c | 2 drivers/tty/serial/sc16is7xx.c | 25 drivers/tty/serial/stm32-usart.c | 206 +++++-- drivers/tty/serial/stm32-usart.h | 12 drivers/usb/atm/cxacru.c | 14 drivers/usb/class/cdc-wdm.c | 4 drivers/usb/dwc3/core.c | 6 drivers/usb/gadget/function/f_fs.c | 9 drivers/usb/gadget/function/f_printer.c | 40 + drivers/usb/host/xhci-pci.c | 7 drivers/usb/host/xhci-ring.c | 59 +- drivers/usb/host/xhci.h | 1 drivers/usb/misc/uss720.c | 20 drivers/usb/musb/da8xx.c | 8 drivers/usb/storage/alauda.c | 9 drivers/usb/typec/tcpm/tcpm.c | 1 drivers/vdpa/vdpa_user/vduse_dev.c | 14 fs/btrfs/block-group.c | 11 fs/btrfs/disk-io.c | 10 fs/cifs/cifsfs.c | 2 fs/cifs/smb2transport.c | 2 fs/f2fs/super.c | 2 fs/jfs/xattr.c | 4 fs/ksmbd/mgmt/share_config.c | 6 fs/nfs/read.c | 4 fs/nfsd/nfsfh.c | 4 fs/nilfs2/dir.c | 59 +- fs/nilfs2/segment.c | 3 fs/ocfs2/aops.c | 5 fs/ocfs2/file.c | 2 fs/ocfs2/journal.c | 17 fs/ocfs2/journal.h | 2 fs/ocfs2/namei.c | 2 fs/ocfs2/ocfs2_trace.h | 2 fs/open.c | 4 fs/proc/vmcore.c | 2 fs/udf/udftime.c | 11 include/kvm/arm_vgic.h | 2 include/linux/cma.h | 9 include/linux/compat.h | 2 include/linux/efi.h | 10 include/linux/filter.h | 5 include/linux/i2c.h | 24 include/linux/iommu.h | 2 include/linux/kcov.h | 2 include/linux/mdio.h | 12 include/linux/mod_devicetable.h | 2 include/linux/nvme.h | 4 include/linux/pci.h | 9 include/linux/skbuff.h | 2 include/linux/syscalls.h | 8 include/net/bluetooth/hci_core.h | 36 + include/net/inet_connection_sock.h | 10 include/net/netfilter/nf_tables.h | 5 include/net/request_sock.h | 2 include/net/sock.h | 16 include/net/tcp.h | 2 include/scsi/scsi_transport_sas.h | 2 include/trace/events/qdisc.h | 4 include/uapi/asm-generic/hugetlb_encode.h | 26 include/uapi/asm-generic/unistd.h | 2 kernel/bpf/core.c | 4 kernel/bpf/trampoline.c | 20 kernel/bpf/verifier.c | 8 kernel/cpu.c | 8 kernel/dma/contiguous.c | 4 kernel/events/core.c | 13 kernel/gcov/gcc_4_7.c | 4 kernel/gen_kheaders.sh | 9 kernel/kcov.c | 1 kernel/kprobes.c | 8 kernel/padata.c | 8 kernel/pid_namespace.c | 1 kernel/rcu/rcutorture.c | 16 kernel/sys_ni.c | 2 kernel/time/tick-common.c | 42 - kernel/trace/Kconfig | 4 kernel/trace/ftrace.c | 71 ++ kernel/trace/preemptirq_delay_test.c | 1 mm/cma.c | 20 mm/memory-failure.c | 7 net/batman-adv/originator.c | 29 + net/bluetooth/l2cap_core.c | 8 net/bpf/test_run.c | 6 net/can/j1939/main.c | 6 net/can/j1939/transport.c | 21 net/core/drop_monitor.c | 20 net/core/filter.c | 3 net/core/net_namespace.c | 9 net/core/netpoll.c | 2 net/core/skbuff.c | 24 net/core/sock.c | 20 net/core/sock_map.c | 16 net/core/xdp.c | 4 net/dccp/ipv4.c | 7 net/dccp/ipv6.c | 7 net/ieee802154/socket.c | 4 net/ipv4/af_inet.c | 23 net/ipv4/cipso_ipv4.c | 12 net/ipv4/inet_connection_sock.c | 22 net/ipv4/raw.c | 2 net/ipv4/tcp.c | 16 net/ipv4/tcp_input.c | 50 + net/ipv4/tcp_minisocks.c | 5 net/ipv6/af_inet6.c | 24 net/ipv6/ip6_fib.c | 6 net/ipv6/ipv6_sockglue.c | 17 net/ipv6/route.c | 9 net/ipv6/seg6_iptunnel.c | 14 net/ipv6/seg6_local.c | 8 net/ipv6/tcp_ipv6.c | 9 net/ipv6/xfrm6_policy.c | 8 net/iucv/iucv.c | 26 net/mac80211/he.c | 10 net/mac80211/mesh_pathtbl.c | 13 net/mac80211/sta_info.c | 4 net/mptcp/pm_netlink.c | 21 net/mptcp/protocol.c | 1 net/ncsi/internal.h | 2 net/ncsi/ncsi-manage.c | 93 +-- net/ncsi/ncsi-rsp.c | 4 net/netfilter/ipset/ip_set_core.c | 92 +-- net/netfilter/ipset/ip_set_list_set.c | 30 - net/netfilter/nf_tables_api.c | 8 net/netfilter/nft_lookup.c | 3 net/netlink/af_netlink.c | 4 net/netrom/nr_timer.c | 3 net/packet/af_packet.c | 30 - net/sched/act_api.c | 66 +- net/sched/act_ct.c | 21 net/sched/sch_multiq.c | 2 net/sched/sch_taprio.c | 15 net/sctp/socket.c | 5 net/smc/af_smc.c | 2 net/sunrpc/auth_gss/auth_gss.c | 4 net/tipc/node.c | 1 net/unix/af_unix.c | 113 ++-- net/unix/diag.c | 12 net/wireless/pmsr.c | 8 net/wireless/util.c | 7 net/xdp/xsk.c | 4 scripts/Makefile.dtbinst | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/fsl/fsl-asoc-card.c | 3 sound/synth/emux/soundfont.c | 17 tools/include/asm-generic/hugetlb_encode.h | 26 tools/perf/Documentation/perf-script.txt | 7 tools/perf/builtin-script.c | 24 tools/testing/selftests/arm64/tags/tags_test.c | 4 tools/testing/selftests/bpf/prog_tests/btf_map_in_map.c | 26 tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_eventname.tc | 3 tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 tools/testing/selftests/vm/compaction_test.c | 103 ++- 363 files changed, 3866 insertions(+), 2534 deletions(-) Adam Miotk (1): drm/bridge/panel: Fix runtime warning on panel bridge release Adrian Hunter (3): perf script: Show also errors for --insn-trace option mmc: sdhci: Do not invert write-protect twice mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Akhmat Karakotov (1): tcp: Use BPF timeout setting for SYN ACK RTO Alan Stern (1): USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Aleksandr Aprelkov (1): iommu/arm-smmu-v3: Free MSIs in case of ENOMEM Aleksandr Mishin (2): liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet gpio: davinci: Validate the obtained number of IRQs Aleksandr Nogikh (1): kcov: don't lose track of remote references during softirqs Alessandro Carminati (Red Hat) (1): selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh Alex Bee (1): arm64: dts: rockchip: Add sound-dai-cells for RK3368 Alex Deucher (2): drm/radeon: fix UBSAN warning in kv_dpm.c drm/amdgpu: fix UBSAN warning in kv_dpm.c Alex Henrie (1): usb: misc: uss720: check for incompatible versions of the Belkin F5U002 Alexander Shishkin (5): intel_th: pci: Add Granite Rapids support intel_th: pci: Add Granite Rapids SOC support intel_th: pci: Add Sapphire Rapids SOC support intel_th: pci: Add Meteor Lake-S support intel_th: pci: Add Lunar Lake support Alexander Sverdlin (1): iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF Alexey Kodanev (1): drm/amd/display: drop unnecessary NULL checks in debugfs Amjad Ouled-Ameur (1): drm/komeda: check for error-valued pointer Andrew Davis (1): soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Andy Shevchenko (2): pvpanic: Keep single style across modules pvpanic: Indentation fixes here and there Anton Protopopov (1): bpf: Add a check for struct bpf_fib_lookup size Ard Biesheuvel (3): efi: memmap: Move manipulation routines into x86 arch tree efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures efi/x86: Free EFI memory map only when installing a new one. Armin Wolf (1): platform/x86: dell-smbios: Fix wrong token data in sysfs Arnd Bergmann (11): wifi: ath9k: work around memset overflow warning sparc: fix old compat_sys_select() sparc: fix compat recv/recvfrom syscalls parisc: use correct compat recv/recvfrom syscalls parisc: use generic sys_fanotify_mark implementation sh: rework sync_file_range ABI csky, hexagon: fix broken sys_sync_file_range hexagon: fix fadvise64_64 calling conventions ftruncate: pass a signed offset syscalls: fix compat_sys_io_pgetevents_time64 usage syscalls: fix sys_fanotify_mark prototype Biju Das (1): regulator: core: Fix modpost error "regulator_get_regmap" undefined Bitterblue Smith (1): wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power Bjorn Helgaas (2): dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() dmaengine: ioat: use PCI core macros for PCIe Capability Boris Burkov (1): btrfs: retry block group reclaim without infinite loop Breno Leitao (2): scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory netpoll: Fix race condition in netpoll_owner_active Changbin Du (1): perf: script: add raw|disasm arguments to --insn-trace option Chen Hanxiao (1): SUNRPC: return proper error from gss_wrap_req_priv Chenghai Huang (1): crypto: hisilicon/sec - Fix memory leak for sec resource release Chris Wilson (2): drm/i915/gt: Only kick the signal worker if there's been an update drm/i915/gt: Disarm breadcrumbs if engines are already idle Christian Marangi (1): mips: bmips: BCM6358: make sure CBR is correctly set Christophe Leroy (1): bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() Csókás, Bence (1): net: sfp: Always call `sfp_sm_mod_remove()` on remove Damien Le Moal (2): null_blk: Print correct max open zones limit in null_init_zoned_dev() scsi: mpi3mr: Fix ATA NCQ priority support Dan Carpenter (3): Bluetooth: qca: Fix error code in qca_read_fw_build_info() ptp: fix integer overflow in max_vclocks_store usb: musb: da8xx: fix a resource leak in probe() Daniel Borkmann (1): vxlan: Fix regression when dropping packets due to invalid src addresses Daniil Dulov (1): xdp: Remove WARN() from __xdp_reg_mem_model() David Awogbemila (1): gve: Add RX context. David Hildenbrand (1): cma: factor out minimum alignment requirement David Lechner (1): iio: adc: ad9467: fix scan type sign David Ruth (1): net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() Dawei Li (2): net/iucv: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack DelphineCCChiu (1): net/ncsi: Fix the multi thread manner of NCSI driver Denis Arefev (1): mtd: partitions: redboot: Added conversion of operands to a larger type Dev Jain (2): selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages selftests/mm: compaction_test: fix bogus test success on Aarch64 Dirk Behme (1): drivers: core: synchronize really_probe() and dev_uevent() Dmitry Baryshkov (1): wifi: ath10k: fix QCOM_RPROC_COMMON dependency Dmitry Torokhov (1): Input: try trimming too long modalias strings Doug Brown (1): serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level Dragan Simic (1): kbuild: Install dtb files as 0644 in Makefile.dtbinst Edson Juliano Drosdeck (1): ALSA: hda/realtek: Limit mic boost on N14AP7 Elinor Montmasson (1): ASoC: fsl-asoc-card: set priv->pdev before using it Emmanuel Grumbach (1): wifi: iwlwifi: mvm: don't read past the mfuart notifcation Enguerrand de Ribaucourt (1): net: phy: micrel: add Microchip KSZ 9477 to the device table Enzo Matsumiya (1): smb: client: fix deadlock in smb2_find_smb_tcon() Eric Dumazet (14): ipv6: sr: block BH in seg6_output_core() and seg6_input_core() net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP net: inline sock_prot_inuse_add() net: drop nopreempt requirement on sock_prot_inuse_add() af_unix: annotate lockless accesses to sk->sk_err ipv6: fix possible race in __fib6_drop_pcpu_from() tcp: fix race in tcp_v6_syn_recv_sock() batman-adv: bypass empty buckets in batadv_purge_orig_ref() af_packet: avoid a false positive warning in packet_setsockopt() ipv6: prevent possible NULL deref in fib6_nh_init() ipv6: prevent possible NULL dereference in rt6_probe() xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() ipv6: annotate some data-races around sk->sk_prot Erick Archer (1): drm/radeon/radeon_display: Decrease the size of allocated memory Erico Nunes (2): drm/lima: add mask irq callback to gp and pp drm/lima: mask irqs in timeout path before hard reset Erwan Le Ray (1): serial: stm32: rework RX over DMA Esben Haabendal (1): serial: imx: Introduce timeout when waiting on transmitter empty FUKAUMI Naoki (1): arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E Fernando Yang (1): iio: adc: ad7266: Fix variable checking bug Filipe Manana (1): btrfs: fix leak of qgroup extent records after transaction abort Frank Li (1): arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc Frank van der Linden (1): mm/cma: drop incorrect alignment check in cma_init_reserved_mem Gal Pressman (1): net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Gavrilov Ilia (1): netrom: Fix a memory leak in nr_heartbeat_expiry() George Shen (1): drm/amd/display: Handle Y carry-over in VCP X.Y calculation Greg Kroah-Hartman (2): jfs: xattr: fix buffer overflow for invalid xattr Linux 5.15.162 Gregor Herburger (1): gpio: tqmx86: fix typo in Kconfig label Grygorii Tertychnyi (1): i2c: ocores: set IACK bit after core is enabled Hagar Gamal Halim Hemdan (1): vmci: prevent speculation leaks by sanitizing event in event_deliver() Hagar Hemdan (1): pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER Haifeng Xu (1): perf/core: Fix missing wakeup when waiting for context reference Hamish Martin (1): i2c: acpi: Unbind mux adapters before delete Hangyu Hua (1): net: sched: sch_multiq: fix possible OOB write in multiq_tune() Hannes Reinecke (1): nvme: fixup comment for nvme RDMA Provider Type Hans de Goede (1): iio: accel: mxc4005: Reset chip on probe() and resume() Hector Martin (1): xhci: Handle TD clearing for multiple streams case Heng Qi (1): virtio_net: checksum offloading handling fix Herbert Xu (1): padata: Disable BH when taking works lock on MT path Hersen Wu (1): drm/amd/display: Fix incorrect DSC instance for MST Huang-Huang Bao (4): pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl: rockchip: use dedicated pinctrl type for RK3328 pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Hugo Villeneuve (2): serial: sc16is7xx: replace hardcoded divisor value with BIT() macro serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Ian Forbes (1): drm/vmwgfx: 3D disabled should not effect STDU memory limits Ignat Korchagin (1): net: do not leave a dangling sk pointer, when socket creation fails Ilpo Järvinen (2): MIPS: Routerboard 532: Fix vendor retry check code mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Jan Kara (1): ocfs2: fix DIO failure due to insufficient transaction credits Jani Nikula (2): drm/exynos/vidi: fix memory leak in .get_modes() drm/i915/mso: using joiner is not possible with eDP MSO Janusz Krzysztofik (1): drm/i915/gt: Fix potential UAF by revoke of fence registers Jason Xing (1): tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Jean Delvare (2): i2c: at91: Fix the functionality flags of the slave-only interface i2c: designware: Fix the functionality flags of the slave-only interface Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: delete unneeded update watermark call Jean-Michel Hautbois (1): tty: mcf: MCF54418 has 10 UARTS Jeff Johnson (1): tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test Jianguo Wu (1): seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors Jiapeng Chong (1): drm/amd/display: Clean up some inconsistent indenting Jie Wang (1): net: hns3: add cond_resched() to hns3 ring buffer init process Jiri Olsa (1): bpf: Set run context for rawtp test_run callback Jisheng Zhang (1): riscv: mm: init: try best to use IS_ENABLED(CONFIG_64BIT) instead of #ifdef Joachim Vandersmissen (1): crypto: ecdh - explicitly zeroize private_key Joao Pinto (1): Avoid hw_desc array overrun in dw-axi-dmac Johan Hovold (2): Bluetooth: qca: fix info leak when fetching fw build id Bluetooth: qca: fix info leak when fetching board id Johan Jonker (1): ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Johannes Berg (1): wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 John Keeping (2): usb: gadget: f_fs: use io_data->status consistently Input: ili210x - fix ili251x_read_touch_data() return value Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: improve link status logs José Expósito (1): HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Jozsef Kadlecsik (2): netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type netfilter: ipset: Fix suspicious rcu_dereference_protected() Julia Zhang (1): drm/amdgpu: avoid using null object of framebuffer Justin Stitt (1): block/ioctl: prefer different overflow check Kalle Niemi (1): regulator: bd71815: fix ramp values Karol Kolacinski (1): ptp: Fix error message on failed pin verification Kees Cook (1): rtlwifi: rtl8192de: Style clean-ups Kent Gibson (1): gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Krzysztof Kozlowski (5): Bluetooth: hci_qca: mark OF related data as maybe unused dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema ARM: dts: samsung: smdkv310: fix keypad no-autorepeat ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Kuangyi Chiang (2): xhci: Apply reset resume quirk to Etron EJ188 xHCI host xhci: Apply broken streams quirk to Etron EJ188 xHCI host Kun(llfl) (1): iommu/amd: Fix sysfs leak in iommu init Kuniyuki Iwashima (15): af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. af_unix: Annodate data-races around sk->sk_state for writers. af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). af_unix: Annotate data-race of sk->sk_state in unix_stream_connect(). af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb(). af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). af_unix: Use skb_queue_empty_lockless() in unix_release_sock(). af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). ipv6: Fix data races around sk->sk_prot. tcp: Fix data races around icsk->icsk_af_ops. Kunwu Chan (1): kselftest: arm64: Add a null pointer check Kyle Tso (1): usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state Laurent Pinchart (1): drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Li RongQing (1): dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Lin Ma (1): wifi: cfg80211: pmsr: use correct nla_get_uX functions Lingbo Kong (1): wifi: mac80211: correctly parse Spatial Reuse Parameter Set element Linus Torvalds (1): x86: stop playing stack games in profile_pc() Liu Ying (1): drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Liu Zixian (1): efi: Correct comment on efi_memmap_alloc Lu Baolu (1): iommu: Return right value in iommu_sva_bind_device() Luca Weiss (1): Bluetooth: btqca: Add WCN3988 support Luiz Augusto von Dentz (2): skbuff: introduce skb_pull_data Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Ma Ke (2): drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Manish Rangankar (1): scsi: qedi: Fix crash while reading debugfs attribute Marc Ferland (1): iio: dac: ad5592r: fix temperature channel scaling value Marc Zyngier (1): KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption Marek Szyprowski (1): drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found Mario Limonciello (3): PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable ACPI: x86: Force StorageD3Enable on more products Martin Leung (1): drm/amd/display: revert Exit idle optimizations before HDCP execution Masahiro Yamada (1): Revert "kheaders: substituting --sort in archive creation" Masami Hiramatsu (Google) (1): tracing: Build event generation tests only as modules Mathias Nyman (1): xhci: Set correct transferred length for cancelled bulk transfers Matthew Mirvish (1): bcache: fix variable length array abuse in btree_iter Matthew Wilcox (Oracle) (3): nilfs2: Remove check for PageError nilfs2: return the mapped address from nilfs_get_page() nfs: Leave pages in the pagecache if readpage failed Matthias Goergens (1): hugetlb_encode.h: fix undefined behaviour (34 << 26) Matthias Maennich (1): kheaders: explicitly define file modes for archived headers Matthias Schiffer (1): gpio: tqmx86: store IRQ trigger type and unmask status separately Maxime Coquelin (2): vduse: validate block features only with block devices vduse: Temporarily fail if control queue feature requested Meng Li (1): usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Miaohe Lin (1): mm/huge_memory: don't unpoison huge_zero_folio Michael Ellerman (2): powerpc/uaccess: Fix build errors seen with GCC 13/14 powerpc/io: Avoid clang null pointer arithmetic warnings Min-Hua Chen (1): Bluetooth: btqca: use le32_to_cpu for ver.soc_id Miri Korenblit (1): wifi: iwlwifi: mvm: check n_ssids before accessing the ssids Muhammad Usama Anjum (1): selftests/mm: conform test to TAP format output Nam Cao (1): riscv: fix overlap of allocated page and PTR_ERR Nandor Kracser (1): ksmbd: ignore trailing slashes in share paths Nathan Chancellor (1): kbuild: Remove support for Clang's ThinLTO caching Nathan Lynch (1): powerpc/pseries: Enforce hcall result buffer validity and size Naveen Naidu (1): PCI: Add PCI_ERROR_RESPONSE and related definitions Neal Cardwell (1): tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO Neil Armstrong (1): Bluetooth: qca: use switch case for soc type behavior Nicholas Kazlauskas (1): drm/amd/display: Exit idle optimizations before HDCP execution Nick Child (1): ibmvnic: Free any outstanding tx skbs during scrq reset Nicolas Escande (1): wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects Nikita Shubin (4): dmaengine: ioatdma: Fix leaking on version mismatch dmaengine: ioatdma: Fix error path in ioat3_dma_probe() dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() dmaengine: ioatdma: Fix missing kmem_cache_destroy() Nikita Zhandarovich (2): HID: core: remove unnecessary WARN_ON() in implement() usb: atm: cxacru: fix endpoint checking in cxacru_bind() Niklas Cassel (2): ata: ahci: Clean up sysfs file on error ata: libata-core: Fix double free on error Nuno Sa (1): dmaengine: axi-dmac: fix possible race in remove() Oleg Nesterov (2): tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING Oleksij Rempel (3): net: stmmac: Assign configured channel value to EXTTS event net: can: j1939: recover socket queue on CAN bus error during BAM transmission net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oliver Neukum (3): net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings usb: gadget: printer: SS+ support usb: gadget: printer: fix races against disable Ondrej Mosnacek (1): cipso: fix total option length computation Oswald Buddenhagen (1): ALSA: emux: improve patch ioctl data validation Pablo Neira Ayuso (1): netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Paolo Abeni (1): mptcp: ensure snd_una is properly initialized on connect Parker Newman (1): serial: exar: adding missing CTI and Exar PCI ids Patrisious Haddad (1): RDMA/mlx5: Add check for srq max_sge attribute Paul E. McKenney (1): rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment Pavan Chebbi (1): bnxt_en: Restore PTP tx_avail count in case of skb_pad() error Pedro Tammela (1): net/sched: act_api: rely on rcu in tcf_idr_check_alloc Peter Delevoryas (1): net/ncsi: Simplify Kconfig/dts control flow Peter Oberparleiter (1): gcov: add support for GCC 14 Peter Zijlstra (1): x86/ibt,ftrace: Search for __fentry__ location Petr Pavlu (1): net/ipv6: Fix the RT cache flush via sysctl using a previous delay Qing Wang (1): dmaengine: ioat: switch from 'pci_' to 'dma_' API Raju Rangoju (1): ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Rao Shoaib (1): af_unix: Read with MSG_PEEK loops if the first unread byte is OOB Remi Pommarel (2): wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() wifi: cfg80211: Lock wiphy in cfg80211_get_station Ricardo Ribalda (1): media: dvbdev: Initialize sbuf Rick Wertenbroek (1): PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Rik van Riel (1): fs/proc: fix softlockup in __read_vmcore Roman Smirnov (1): udf: udftime: prevent overflow in udf_disk_stamp_to_time() Russell King (Oracle) (2): i2c: add fwnode APIs net: mdio: add helpers to extract clause 45 regad and devad fields Ryusuke Konishi (2): nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors nilfs2: fix potential kernel bug due to lack of writeback flag waiting Samuel Holland (1): clk: sifive: Do not register clkdevs for PRCI clocks Sean Christopherson (1): KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes Sean O'Brien (1): HID: Add quirk for Logitech Casa touchpad Shahar S Matityahu (1): wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef Shichao Lai (1): usb-storage: alauda: Check whether the media is initialized Shigeru Yoshida (1): net: can: j1939: Initialize unused data in j1939_send_one() Sicong Huang (1): greybus: Fix use-after-free bug in gb_interface_release due to race condition. Simon Horman (1): octeontx2-pf: Add error handling to VLAN unoffload handling Songyang Li (1): MIPS: Octeon: Add PCIe link status check Stefan Wahren (1): qca_spi: Make interrupt remembering atomic Steve French (1): cifs: fix typo in module parameter enable_gcm_256 Steven Rostedt (Google) (1): tracing/selftests: Fix kprobe event name test for .isra. functions Su Yue (2): ocfs2: use coarse time for new created files ocfs2: fix races between hole punching and AIO+DIO Subbaraya Sundeep (1): octeontx2-af: Always allocate PF entries from low prioriy zone Sven Eckelmann (1): batman-adv: Don't accept TT entries for out-of-spec VIDs Taehee Yoo (1): ionic: fix use after netif_napi_del() Takashi Iwai (1): ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 Thadeu Lima de Souza Cascardo (1): sock_map: avoid race between sock_map_close and sk_psock_put Thomas Weißschuh (2): misc/pvpanic: deduplicate common code misc/pvpanic-pci: register attributes via pci_driver Tim Jiang (1): Bluetooth: qca: add support for QCA2066 Tomas Winkler (1): mei: me: release irq in mei_me_pci_resume error path Tomi Valkeinen (1): pmdomain: ti-sci: Fix duplicate PD referrals Tony Luck (2): x86/cpu/vfm: Add new macros to work with (vendor/family/model) values x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL Tristram Ha (1): net: dsa: microchip: fix initial port flush problem Trond Myklebust (1): knfsd: LOOKUP can return an illegal error value Tzung-Bi Shih (1): power: supply: cros_usbpd: provide ID table for avoiding fallback match Udit Kumar (2): serial: 8250_omap: Implementation of Errata i2310 serial: 8250_omap: Fix Errata i2310 with RX FIFO level check Uri Arev (1): Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl Uros Bizjak (1): x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup Uwe Kleine-König (2): mmc: davinci: Don't strip remove function when driver is builtin pwm: stm32: Refuse too small period requests Vamshi Gajjela (1): spmi: hisi-spmi-controller: Do not override device identifier Vasant Hegde (1): iommu/amd: Introduce pci segment structure Vasileios Amoiridis (4): iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation Vlad Buslov (1): net/sched: act_ct: set 'net' pointer when creating new nf_flow_table Wander Lairson Costa (1): drop_monitor: replace spin_lock by raw_spin_lock Wenchao Hao (1): RDMA/restrack: Fix potential invalid address access Wesley Cheng (1): usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Wolfram Sang (2): i2c: testunit: don't erase registers after STOP i2c: testunit: discard write requests while old command is running Xiaolei Wang (2): net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters net: stmmac: No need to calculate speed divider when offload is disabled Xin Long (2): tipc: force a dst refcount before doing decryption sched: act_ct: add netns into the key of tcf_ct_flow_table Yangtao Li (1): mmc: davinci_mmc: Convert to platform remove callback returning void Yazen Ghannam (1): x86/amd_nb: Check for invalid SMN reads Yonghong Song (1): selftests/bpf: Fix flaky test btf_map_in_map/lookup_update Yonglong Liu (1): net: hns3: fix kernel crash problem in concurrent scenario YonglongLi (2): mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID mptcp: pm: update add_addr counters after connect Yue Haibing (1): netns: Make get_net_ns() handle zero refcount net Yunlei He (1): f2fs: remove clear SB_INLINECRYPT flag in default_options Yunseong Kim (1): tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Yuntao Wang (1): cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() Zheng Yejian (1): ftrace: Fix possible use-after-free issue in ftrace_location() Zheng Zhi Yuan (1): drivers: fix typo in firmware/efi/memmap.c Ziwei Xiao (1): gve: Clear napi->skb before dev_kfree_skb_any() Zqiang (2): rcutorture: Make stall-tasks directly exit when rcutorture tests end rcutorture: Fix invalid context warning when enable srcu barrier testing luoxuanqiang (1): Fix race for duplicate reqsk on identical SYN ye xingchen (1): platform/x86: dell-smbios-base: Use sysfs_emit()

10 months

1
1
0 0

Linux 5.10.221

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.221 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/i2c/google,cros-ec-i2c-tunnel.yaml | 2 Makefile | 2 arch/arm/boot/dts/exynos4210-smdkv310.dts | 2 arch/arm/boot/dts/exynos4412-origen.dts | 2 arch/arm/boot/dts/exynos4412-smdk4412.dts | 2 arch/arm/boot/dts/rk3066a.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 arch/arm64/include/asm/kvm_host.h | 1 arch/arm64/include/asm/unistd32.h | 2 arch/arm64/kvm/arm.c | 6 arch/arm64/kvm/vgic/vgic-v3.c | 2 arch/arm64/kvm/vgic/vgic-v4.c | 8 arch/csky/include/uapi/asm/unistd.h | 1 arch/hexagon/include/asm/syscalls.h | 6 arch/hexagon/include/uapi/asm/unistd.h | 1 arch/hexagon/kernel/syscalltab.c | 7 arch/mips/bmips/setup.c | 3 arch/mips/kernel/syscalls/syscall_n32.tbl | 2 arch/mips/kernel/syscalls/syscall_o32.tbl | 2 arch/mips/pci/ops-rc32434.c | 4 arch/mips/pci/pcie-octeon.c | 6 arch/parisc/kernel/syscalls/syscall.tbl | 4 arch/powerpc/include/asm/hvcall.h | 8 arch/powerpc/include/asm/io.h | 24 arch/powerpc/include/asm/uaccess.h | 15 arch/powerpc/kernel/syscalls/syscall.tbl | 2 arch/s390/kernel/syscalls/syscall.tbl | 2 arch/sparc/kernel/sys32.S | 221 ------- arch/sparc/kernel/syscalls/syscall.tbl | 8 arch/x86/entry/syscalls/syscall_32.tbl | 2 arch/x86/include/asm/cpu_device_id.h | 98 +++ arch/x86/include/asm/efi.h | 11 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/cpu/match.c | 4 arch/x86/kernel/time.c | 20 arch/x86/platform/efi/Makefile | 3 arch/x86/platform/efi/efi.c | 8 arch/x86/platform/efi/memmap.c | 249 ++++++++ block/ioctl.c | 2 drivers/acpi/acpica/exregion.c | 23 drivers/acpi/device_pm.c | 3 drivers/acpi/internal.h | 9 drivers/acpi/video_detect.c | 8 drivers/acpi/x86/utils.c | 34 + drivers/ata/ahci.c | 17 drivers/ata/libata-core.c | 8 drivers/base/core.c | 3 drivers/block/null_blk/zoned.c | 2 drivers/bluetooth/ath3k.c | 25 drivers/counter/ti-eqep.c | 6 drivers/dma/dma-axi-dmac.c | 2 drivers/dma/ioat/init.c | 75 +- drivers/dma/ioat/registers.h | 7 drivers/firmware/efi/fdtparams.c | 4 drivers/firmware/efi/memmap.c | 239 -------- drivers/gpio/Kconfig | 2 drivers/gpio/gpio-davinci.c | 5 drivers/gpio/gpio-tqmx86.c | 46 - drivers/gpio/gpiolib-cdev.c | 16 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_stream_encoder.c | 6 drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c | 2 drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c | 2 drivers/gpu/drm/bridge/panel.c | 7 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 drivers/gpu/drm/exynos/exynos_hdmi.c | 7 drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 drivers/gpu/drm/lima/lima_bcast.c | 12 drivers/gpu/drm/lima/lima_bcast.h | 3 drivers/gpu/drm/lima/lima_gp.c | 8 drivers/gpu/drm/lima/lima_pp.c | 18 drivers/gpu/drm/lima/lima_sched.c | 7 drivers/gpu/drm/lima/lima_sched.h | 1 drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 drivers/gpu/drm/panel/panel-simple.c | 1 drivers/gpu/drm/radeon/radeon.h | 1 drivers/gpu/drm/radeon/radeon_display.c | 8 drivers/gpu/drm/radeon/sumo_dpm.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 drivers/greybus/interface.c | 1 drivers/hid/hid-core.c | 1 drivers/hid/hid-ids.h | 1 drivers/hid/hid-logitech-dj.c | 4 drivers/hid/hid-multitouch.c | 6 drivers/hwtracing/intel_th/pci.c | 25 drivers/i2c/busses/i2c-at91-slave.c | 3 drivers/i2c/busses/i2c-designware-slave.c | 2 drivers/i2c/busses/i2c-ocores.c | 2 drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/ad9467.c | 4 drivers/iio/chemical/bme680.h | 2 drivers/iio/chemical/bme680_core.c | 62 +- drivers/iio/dac/ad5592r-base.c | 2 drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 4 drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 4 drivers/infiniband/hw/mlx5/srq.c | 15 drivers/input/input.c | 105 +++ drivers/input/touchscreen/ili210x.c | 4 drivers/iommu/amd/amd_iommu_types.h | 24 drivers/iommu/amd/init.c | 55 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 drivers/md/bcache/bset.c | 44 - drivers/md/bcache/bset.h | 28 drivers/md/bcache/btree.c | 40 - drivers/md/bcache/super.c | 5 drivers/md/bcache/sysfs.c | 2 drivers/md/bcache/writeback.c | 10 drivers/media/dvb-core/dvbdev.c | 2 drivers/misc/mei/pci-me.c | 4 drivers/misc/vmw_vmci/vmci_event.c | 6 drivers/mmc/host/davinci_mmc.c | 4 drivers/mmc/host/sdhci-pci-core.c | 11 drivers/mmc/host/sdhci.c | 25 drivers/mtd/nand/spi/macronix.c | 112 +++ drivers/mtd/parsers/redboot.c | 2 drivers/net/dsa/microchip/ksz9477.c | 6 drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 drivers/net/ethernet/qualcomm/qca_debug.c | 6 drivers/net/ethernet/qualcomm/qca_spi.c | 16 drivers/net/ethernet/qualcomm/qca_spi.h | 3 drivers/net/ethernet/realtek/r8169_main.c | 48 - drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 55 - drivers/net/phy/micrel.c | 1 drivers/net/phy/sfp.c | 3 drivers/net/usb/ax88179_178a.c | 6 drivers/net/usb/rtl8150.c | 3 drivers/net/virtio_net.c | 12 drivers/net/vxlan/vxlan_core.c | 4 drivers/net/wireless/ath/ath.h | 6 drivers/net/wireless/ath/ath9k/main.c | 3 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 4 drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 19 drivers/net/wireless/realtek/rtlwifi/wifi.h | 1 drivers/pci/controller/pcie-rockchip-ep.c | 6 drivers/pci/pci.c | 12 drivers/pinctrl/core.c | 2 drivers/pinctrl/pinctrl-rockchip.c | 294 ++-------- drivers/pinctrl/pinctrl-rockchip.h | 246 ++++++++ drivers/power/supply/cros_usbpd-charger.c | 11 drivers/ptp/ptp_chardev.c | 3 drivers/pwm/pwm-stm32.c | 3 drivers/regulator/core.c | 1 drivers/remoteproc/ti_k3_r5_remoteproc.c | 25 drivers/scsi/mpt3sas/mpt3sas_base.c | 19 drivers/scsi/qedi/qedi_debugfs.c | 12 drivers/soc/ti/ti_sci_pm_domains.c | 20 drivers/soc/ti/wkup_m3_ipc.c | 7 drivers/staging/hikey9xx/hisi-spmi-controller.c | 1 drivers/tty/serial/8250/8250_exar.c | 42 + drivers/tty/serial/8250/8250_omap.c | 22 drivers/tty/serial/8250/8250_pxa.c | 1 drivers/tty/serial/mcf.c | 2 drivers/tty/serial/sc16is7xx.c | 25 drivers/usb/atm/cxacru.c | 14 drivers/usb/class/cdc-wdm.c | 4 drivers/usb/gadget/function/f_fs.c | 4 drivers/usb/gadget/function/f_printer.c | 40 + drivers/usb/host/xhci-pci.c | 7 drivers/usb/host/xhci-ring.c | 5 drivers/usb/misc/uss720.c | 20 drivers/usb/musb/da8xx.c | 8 drivers/usb/storage/alauda.c | 9 fs/btrfs/disk-io.c | 10 fs/cifs/smb2transport.c | 12 fs/f2fs/super.c | 2 fs/jfs/xattr.c | 4 fs/nfs/read.c | 4 fs/nfsd/nfs4state.c | 7 fs/nfsd/nfsfh.c | 4 fs/nilfs2/dir.c | 59 -- fs/nilfs2/segment.c | 3 fs/ocfs2/aops.c | 5 fs/ocfs2/file.c | 2 fs/ocfs2/journal.c | 17 fs/ocfs2/journal.h | 2 fs/ocfs2/namei.c | 2 fs/ocfs2/ocfs2_trace.h | 2 fs/open.c | 4 fs/proc/vmcore.c | 2 fs/udf/udftime.c | 11 include/kvm/arm_vgic.h | 2 include/linux/compat.h | 2 include/linux/efi.h | 10 include/linux/iommu.h | 2 include/linux/kcov.h | 2 include/linux/mod_devicetable.h | 2 include/linux/nvme.h | 4 include/linux/pci.h | 9 include/linux/sunrpc/svc.h | 20 include/linux/syscalls.h | 2 include/net/bluetooth/hci_core.h | 36 + include/net/netfilter/nf_tables.h | 5 include/net/xdp.h | 3 include/trace/events/qdisc.h | 4 include/trace/events/sunrpc.h | 8 include/uapi/asm-generic/hugetlb_encode.h | 26 include/uapi/asm-generic/unistd.h | 2 kernel/events/core.c | 13 kernel/gcov/gcc_4_7.c | 4 kernel/gen_kheaders.sh | 9 kernel/kcov.c | 1 kernel/padata.c | 8 kernel/pid_namespace.c | 1 kernel/rcu/rcutorture.c | 12 kernel/sys_ni.c | 2 kernel/time/tick-common.c | 42 - kernel/trace/Kconfig | 4 kernel/trace/preemptirq_delay_test.c | 1 net/batman-adv/originator.c | 29 net/bluetooth/l2cap_core.c | 8 net/can/j1939/main.c | 6 net/can/j1939/transport.c | 21 net/core/drop_monitor.c | 20 net/core/filter.c | 3 net/core/net_namespace.c | 9 net/core/netpoll.c | 2 net/core/sock.c | 6 net/core/xdp.c | 100 ++- net/ipv4/af_inet.c | 23 net/ipv4/cipso_ipv4.c | 12 net/ipv4/tcp.c | 16 net/ipv6/af_inet6.c | 24 net/ipv6/ip6_fib.c | 6 net/ipv6/ipv6_sockglue.c | 9 net/ipv6/route.c | 9 net/ipv6/seg6_iptunnel.c | 14 net/ipv6/tcp_ipv6.c | 9 net/ipv6/xfrm6_policy.c | 8 net/iucv/iucv.c | 26 net/mac80211/he.c | 10 net/mac80211/mesh_pathtbl.c | 13 net/mac80211/sta_info.c | 4 net/mptcp/pm_netlink.c | 18 net/mptcp/protocol.c | 1 net/ncsi/Kconfig | 6 net/ncsi/internal.h | 7 net/ncsi/ncsi-manage.c | 110 ++- net/ncsi/ncsi-rsp.c | 4 net/netfilter/ipset/ip_set_core.c | 92 +-- net/netfilter/ipset/ip_set_list_set.c | 30 - net/netfilter/nf_tables_api.c | 13 net/netfilter/nft_lookup.c | 3 net/netrom/nr_timer.c | 3 net/packet/af_packet.c | 26 net/sched/act_api.c | 66 +- net/sched/act_ct.c | 21 net/sched/sch_multiq.c | 2 net/sched/sch_taprio.c | 15 net/sunrpc/auth_gss/auth_gss.c | 4 net/sunrpc/svc.c | 18 net/tipc/node.c | 1 net/unix/af_unix.c | 47 - net/unix/diag.c | 12 net/wireless/pmsr.c | 8 scripts/Makefile.dtbinst | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/fsl/fsl-asoc-card.c | 3 sound/soc/intel/boards/sof_sdw.c | 9 sound/synth/emux/soundfont.c | 17 tools/include/asm-generic/hugetlb_encode.h | 20 tools/testing/selftests/arm64/tags/tags_test.c | 4 tools/testing/selftests/bpf/prog_tests/btf_map_in_map.c | 26 tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_eventname.tc | 3 tools/testing/selftests/vm/compaction_test.c | 103 +-- 273 files changed, 2832 insertions(+), 1797 deletions(-) Adam Miotk (1): drm/bridge/panel: Fix runtime warning on panel bridge release Adrian Hunter (2): mmc: sdhci: Do not invert write-protect twice mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Alan Stern (1): USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Aleksandr Aprelkov (1): iommu/arm-smmu-v3: Free MSIs in case of ENOMEM Aleksandr Mishin (2): liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet gpio: davinci: Validate the obtained number of IRQs Aleksandr Nogikh (1): kcov: don't lose track of remote references during softirqs Alessandro Carminati (Red Hat) (1): selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh Alex Bee (1): arm64: dts: rockchip: Add sound-dai-cells for RK3368 Alex Deucher (2): drm/radeon: fix UBSAN warning in kv_dpm.c drm/amdgpu: fix UBSAN warning in kv_dpm.c Alex Henrie (1): usb: misc: uss720: check for incompatible versions of the Belkin F5U002 Alexander Shishkin (5): intel_th: pci: Add Granite Rapids support intel_th: pci: Add Granite Rapids SOC support intel_th: pci: Add Sapphire Rapids SOC support intel_th: pci: Add Meteor Lake-S support intel_th: pci: Add Lunar Lake support Amjad Ouled-Ameur (1): drm/komeda: check for error-valued pointer Andrew Davis (1): soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Anton Protopopov (1): bpf: Add a check for struct bpf_fib_lookup size Ard Biesheuvel (3): efi: memmap: Move manipulation routines into x86 arch tree efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures efi/x86: Free EFI memory map only when installing a new one. Arnd Bergmann (8): wifi: ath9k: work around memset overflow warning sparc: fix old compat_sys_select() sparc: fix compat recv/recvfrom syscalls parisc: use correct compat recv/recvfrom syscalls csky, hexagon: fix broken sys_sync_file_range hexagon: fix fadvise64_64 calling conventions ftruncate: pass a signed offset syscalls: fix compat_sys_io_pgetevents_time64 usage Beleswar Padhi (2): remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs remoteproc: k3-r5: Jump to error handling labels in start/stop errors Biju Das (1): regulator: core: Fix modpost error "regulator_get_regmap" undefined Bitterblue Smith (1): wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power Bjorn Helgaas (2): dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() dmaengine: ioat: use PCI core macros for PCIe Capability Breno Leitao (2): scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory netpoll: Fix race condition in netpoll_owner_active Chen Hanxiao (1): SUNRPC: return proper error from gss_wrap_req_priv Christian Marangi (1): mips: bmips: BCM6358: make sure CBR is correctly set Chuck Lever (3): SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation SUNRPC: Fix svcxdr_init_encode's buflen calculation Csókás, Bence (1): net: sfp: Always call `sfp_sm_mod_remove()` on remove Damien Le Moal (1): null_blk: Print correct max open zones limit in null_init_zoned_dev() Dan Carpenter (1): usb: musb: da8xx: fix a resource leak in probe() Daniel Borkmann (1): vxlan: Fix regression when dropping packets due to invalid src addresses Daniil Dulov (1): xdp: Remove WARN() from __xdp_reg_mem_model() David Lechner (2): iio: adc: ad9467: fix scan type sign counter: ti-eqep: enable clock at probe David Ruth (1): net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() Dawei Li (2): net/iucv: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack DelphineCCChiu (1): net/ncsi: Fix the multi thread manner of NCSI driver Denis Arefev (1): mtd: partitions: redboot: Added conversion of operands to a larger type Dev Jain (2): selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages selftests/mm: compaction_test: fix bogus test success on Aarch64 Dirk Behme (1): drivers: core: synchronize really_probe() and dev_uevent() Dmitry Torokhov (1): Input: try trimming too long modalias strings Doug Brown (1): serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level Dragan Simic (1): kbuild: Install dtb files as 0644 in Makefile.dtbinst Edson Juliano Drosdeck (1): ALSA: hda/realtek: Limit mic boost on N14AP7 Elinor Montmasson (1): ASoC: fsl-asoc-card: set priv->pdev before using it Emmanuel Grumbach (1): wifi: iwlwifi: mvm: don't read past the mfuart notifcation Enguerrand de Ribaucourt (1): net: phy: micrel: add Microchip KSZ 9477 to the device table Enzo Matsumiya (1): smb: client: fix deadlock in smb2_find_smb_tcon() Eric Dumazet (10): ipv6: sr: block BH in seg6_output_core() and seg6_input_core() net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP ipv6: fix possible race in __fib6_drop_pcpu_from() tcp: fix race in tcp_v6_syn_recv_sock() batman-adv: bypass empty buckets in batadv_purge_orig_ref() af_packet: avoid a false positive warning in packet_setsockopt() ipv6: prevent possible NULL deref in fib6_nh_init() ipv6: prevent possible NULL dereference in rt6_probe() xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ipv6: annotate some data-races around sk->sk_prot Erick Archer (1): drm/radeon/radeon_display: Decrease the size of allocated memory Erico Nunes (2): drm/lima: add mask irq callback to gp and pp drm/lima: mask irqs in timeout path before hard reset Fernando Yang (1): iio: adc: ad7266: Fix variable checking bug Filipe Manana (1): btrfs: fix leak of qgroup extent records after transaction abort Gal Pressman (1): net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Gavrilov Ilia (1): netrom: Fix a memory leak in nr_heartbeat_expiry() George Shen (1): drm/amd/display: Handle Y carry-over in VCP X.Y calculation Greg Kroah-Hartman (2): jfs: xattr: fix buffer overflow for invalid xattr Linux 5.10.221 Gregor Herburger (1): gpio: tqmx86: fix typo in Kconfig label Grygorii Tertychnyi (1): i2c: ocores: set IACK bit after core is enabled Hagar Gamal Halim Hemdan (1): vmci: prevent speculation leaks by sanitizing event in event_deliver() Hagar Hemdan (1): pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER Haifeng Xu (1): perf/core: Fix missing wakeup when waiting for context reference Hangyu Hua (1): net: sched: sch_multiq: fix possible OOB write in multiq_tune() Hannes Reinecke (1): nvme: fixup comment for nvme RDMA Provider Type Heiner Kallweit (5): r8169: remove unneeded memory barrier in rtl_tx r8169: improve rtl_tx r8169: improve rtl8169_start_xmit r8169: remove nr_frags argument from rtl_tx_slots_avail r8169: remove not needed check in rtl8169_start_xmit Heng Qi (1): virtio_net: checksum offloading handling fix Herbert Xu (1): padata: Disable BH when taking works lock on MT path Huang-Huang Bao (4): pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl: rockchip: use dedicated pinctrl type for RK3328 pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Hugo Villeneuve (2): serial: sc16is7xx: replace hardcoded divisor value with BIT() macro serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Ian Forbes (1): drm/vmwgfx: 3D disabled should not effect STDU memory limits Ilpo Järvinen (2): MIPS: Routerboard 532: Fix vendor retry check code mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Ivan Mikhaylov (1): net/ncsi: add NCSI Intel OEM command to keep PHY up Jaime Liao (1): mtd: spinand: macronix: Add support for serial NAND flash Jakub Kicinski (1): xdp: Move the rxq_info.mem clearing to unreg_mem_model() Jan Kara (1): ocfs2: fix DIO failure due to insufficient transaction credits Jani Nikula (1): drm/exynos/vidi: fix memory leak in .get_modes() Janusz Krzysztofik (1): drm/i915/gt: Fix potential UAF by revoke of fence registers Jason Xing (1): tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Jean Delvare (2): i2c: at91: Fix the functionality flags of the slave-only interface i2c: designware: Fix the functionality flags of the slave-only interface Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: delete unneeded update watermark call Jean-Michel Hautbois (1): tty: mcf: MCF54418 has 10 UARTS Jeff Johnson (1): tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test Jeff Layton (1): nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Jianqun Xu (1): pinctrl/rockchip: separate struct rockchip_pin_bank to a head file Jie Wang (1): net: hns3: add cond_resched() to hns3 ring buffer init process Johan Jonker (1): ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Johannes Berg (1): wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 John Keeping (1): Input: ili210x - fix ili251x_read_touch_data() return value Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: improve link status logs José Expósito (1): HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Jozsef Kadlecsik (2): netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type netfilter: ipset: Fix suspicious rcu_dereference_protected() Justin Stitt (1): block/ioctl: prefer different overflow check Karol Kolacinski (1): ptp: Fix error message on failed pin verification Kees Cook (1): rtlwifi: rtl8192de: Style clean-ups Ken Milmore (1): r8169: Fix possible ring buffer corruption on fragmented Tx packets. Kent Gibson (1): gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Krzysztof Kozlowski (4): dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema ARM: dts: samsung: smdkv310: fix keypad no-autorepeat ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Kuangyi Chiang (2): xhci: Apply reset resume quirk to Etron EJ188 xHCI host xhci: Apply broken streams quirk to Etron EJ188 xHCI host Kun(llfl) (1): iommu/amd: Fix sysfs leak in iommu init Kuniyuki Iwashima (10): af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). ipv6: Fix data races around sk->sk_prot. tcp: Fix data races around icsk->icsk_af_ops. Kunwu Chan (1): kselftest: arm64: Add a null pointer check Laurent Pinchart (1): drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Lin Ma (1): wifi: cfg80211: pmsr: use correct nla_get_uX functions Lingbo Kong (1): wifi: mac80211: correctly parse Spatial Reuse Parameter Set element Linus Torvalds (1): x86: stop playing stack games in profile_pc() Liu Ying (1): drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Liu Zixian (1): efi: Correct comment on efi_memmap_alloc Lu Baolu (1): iommu: Return right value in iommu_sva_bind_device() Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Ma Ke (2): drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Manish Rangankar (1): scsi: qedi: Fix crash while reading debugfs attribute Marc Ferland (1): iio: dac: ad5592r: fix temperature channel scaling value Marc Zyngier (1): KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption Marek Szyprowski (1): drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found Mario Limonciello (7): PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports ACPI: Add quirks for AMD Renoir/Lucienne CPUs to force the D3 hint ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable ACPI: x86: Add another system to quirk list for forcing StorageD3Enable ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable ACPI: x86: Force StorageD3Enable on more products Martin Leung (1): drm/amd/display: revert Exit idle optimizations before HDCP execution Masahiro Yamada (1): Revert "kheaders: substituting --sort in archive creation" Masami Hiramatsu (Google) (1): tracing: Build event generation tests only as modules Mathias Nyman (1): xhci: Set correct transferred length for cancelled bulk transfers Matthew Mirvish (1): bcache: fix variable length array abuse in btree_iter Matthew Wilcox (Oracle) (3): nilfs2: Remove check for PageError nilfs2: return the mapped address from nilfs_get_page() nfs: Leave pages in the pagecache if readpage failed Matthias Goergens (1): hugetlb_encode.h: fix undefined behaviour (34 << 26) Matthias Maennich (1): kheaders: explicitly define file modes for archived headers Matthias Schiffer (1): gpio: tqmx86: store IRQ trigger type and unmask status separately Michael Ellerman (2): powerpc/uaccess: Fix build errors seen with GCC 13/14 powerpc/io: Avoid clang null pointer arithmetic warnings Miri Korenblit (1): wifi: iwlwifi: mvm: check n_ssids before accessing the ssids Muhammad Usama Anjum (1): selftests/mm: conform test to TAP format output Nathan Lynch (1): powerpc/pseries: Enforce hcall result buffer validity and size Naveen Naidu (1): PCI: Add PCI_ERROR_RESPONSE and related definitions Nicholas Kazlauskas (1): drm/amd/display: Exit idle optimizations before HDCP execution Nicolas Escande (1): wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects Nikita Shubin (4): dmaengine: ioatdma: Fix leaking on version mismatch dmaengine: ioatdma: Fix error path in ioat3_dma_probe() dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() dmaengine: ioatdma: Fix missing kmem_cache_destroy() Nikita Zhandarovich (2): HID: core: remove unnecessary WARN_ON() in implement() usb: atm: cxacru: fix endpoint checking in cxacru_bind() Niklas Cassel (2): ata: ahci: Clean up sysfs file on error ata: libata-core: Fix double free on error Nuno Sa (1): dmaengine: axi-dmac: fix possible race in remove() Oleg Nesterov (2): tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING Oleksij Rempel (2): net: can: j1939: recover socket queue on CAN bus error during BAM transmission net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oliver Neukum (3): net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings usb: gadget: printer: SS+ support usb: gadget: printer: fix races against disable Ondrej Mosnacek (1): cipso: fix total option length computation Oswald Buddenhagen (1): ALSA: emux: improve patch ioctl data validation Pablo Neira Ayuso (2): netfilter: nf_tables: validate family when identifying table via handle netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Paolo Abeni (1): mptcp: ensure snd_una is properly initialized on connect Parker Newman (1): serial: exar: adding missing CTI and Exar PCI ids Patrisious Haddad (1): RDMA/mlx5: Add check for srq max_sge attribute Paul E. McKenney (1): rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment Pedro Tammela (1): net/sched: act_api: rely on rcu in tcf_idr_check_alloc Peter Delevoryas (1): net/ncsi: Simplify Kconfig/dts control flow Peter Oberparleiter (1): gcov: add support for GCC 14 Petr Pavlu (1): net/ipv6: Fix the RT cache flush via sysctl using a previous delay Pierre-Louis Bossart (1): ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14 Qing Wang (1): dmaengine: ioat: switch from 'pci_' to 'dma_' API Raju Rangoju (1): ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Remi Pommarel (1): wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() Ricardo Ribalda (1): media: dvbdev: Initialize sbuf Rick Wertenbroek (1): PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Rik van Riel (1): fs/proc: fix softlockup in __read_vmcore Roman Smirnov (1): udf: udftime: prevent overflow in udf_disk_stamp_to_time() Ryusuke Konishi (2): nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors nilfs2: fix potential kernel bug due to lack of writeback flag waiting Sean O'Brien (1): HID: Add quirk for Logitech Casa touchpad Sebastian Andrzej Siewior (1): xdp: xdp_mem_allocator can be NULL in trace_mem_connect(). Shahar S Matityahu (1): wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef Shichao Lai (1): usb-storage: alauda: Check whether the media is initialized Shigeru Yoshida (1): net: can: j1939: Initialize unused data in j1939_send_one() Shyam Prasad N (1): cifs: missed ref-counting smb session in find Sicong Huang (1): greybus: Fix use-after-free bug in gb_interface_release due to race condition. Songyang Li (1): MIPS: Octeon: Add PCIe link status check Stefan Wahren (1): qca_spi: Make interrupt remembering atomic Steven Rostedt (Google) (1): tracing/selftests: Fix kprobe event name test for .isra. functions Su Yue (2): ocfs2: use coarse time for new created files ocfs2: fix races between hole punching and AIO+DIO Sven Eckelmann (1): batman-adv: Don't accept TT entries for out-of-spec VIDs Taehee Yoo (1): ionic: fix use after netif_napi_del() Takashi Iwai (1): ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 Toke Høiland-Jørgensen (1): xdp: Allow registering memory model without rxq reference Tomas Winkler (1): mei: me: release irq in mei_me_pci_resume error path Tomi Valkeinen (1): pmdomain: ti-sci: Fix duplicate PD referrals Tony Luck (2): x86/cpu/vfm: Add new macros to work with (vendor/family/model) values x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL Tristram Ha (1): net: dsa: microchip: fix initial port flush problem Trond Myklebust (1): knfsd: LOOKUP can return an illegal error value Tzung-Bi Shih (1): power: supply: cros_usbpd: provide ID table for avoiding fallback match Udit Kumar (2): serial: 8250_omap: Implementation of Errata i2310 serial: 8250_omap: Fix Errata i2310 with RX FIFO level check Uri Arev (1): Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl Uwe Kleine-König (2): mmc: davinci: Don't strip remove function when driver is builtin pwm: stm32: Refuse too small period requests Vamshi Gajjela (1): spmi: hisi-spmi-controller: Do not override device identifier Vasant Hegde (1): iommu/amd: Introduce pci segment structure Vasileios Amoiridis (4): iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation Vlad Buslov (1): net/sched: act_ct: set 'net' pointer when creating new nf_flow_table Wander Lairson Costa (1): drop_monitor: replace spin_lock by raw_spin_lock Wesley Cheng (1): usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Xiaolei Wang (2): net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters net: stmmac: No need to calculate speed divider when offload is disabled Xin Long (2): tipc: force a dst refcount before doing decryption sched: act_ct: add netns into the key of tcf_ct_flow_table Yazen Ghannam (1): x86/amd_nb: Check for invalid SMN reads Yonghong Song (1): selftests/bpf: Fix flaky test btf_map_in_map/lookup_update YonglongLi (2): mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID mptcp: pm: update add_addr counters after connect Yue Haibing (1): netns: Make get_net_ns() handle zero refcount net Yunjian Wang (1): SUNRPC: Fix null pointer dereference in svc_rqst_free() Yunlei He (1): f2fs: remove clear SB_INLINECRYPT flag in default_options Yunseong Kim (1): tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Zheng Zhi Yuan (1): drivers: fix typo in firmware/efi/memmap.c Zqiang (1): rcutorture: Fix invalid context warning when enable srcu barrier testing

10 months

1
1
0 0

Linux 5.4.279

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.279 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/exynos4210-smdkv310.dts | 2 arch/arm/boot/dts/exynos4412-origen.dts | 2 arch/arm/boot/dts/exynos4412-smdk4412.dts | 2 arch/arm/boot/dts/rk3066a.dtsi | 1 arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 arch/csky/include/uapi/asm/unistd.h | 1 arch/hexagon/include/asm/syscalls.h | 6 arch/hexagon/include/uapi/asm/unistd.h | 1 arch/hexagon/kernel/syscalltab.c | 7 arch/mips/bmips/setup.c | 3 arch/mips/pci/ops-rc32434.c | 4 arch/mips/pci/pcie-octeon.c | 6 arch/parisc/kernel/syscalls/syscall.tbl | 4 arch/powerpc/include/asm/hvcall.h | 8 arch/powerpc/include/asm/io.h | 24 arch/sparc/kernel/syscalls/syscall.tbl | 2 arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/time.c | 20 drivers/acpi/acpica/exregion.c | 23 drivers/ata/libata-core.c | 8 drivers/base/core.c | 3 drivers/bluetooth/ath3k.c | 25 drivers/dma/dma-axi-dmac.c | 2 drivers/dma/ioat/init.c | 1 drivers/gpio/Kconfig | 2 drivers/gpio/gpio-davinci.c | 5 drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 2 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_stream_encoder.c | 6 drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c | 2 drivers/gpu/drm/bridge/panel.c | 7 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 drivers/gpu/drm/exynos/exynos_hdmi.c | 7 drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 drivers/gpu/drm/radeon/sumo_dpm.c | 2 drivers/greybus/interface.c | 1 drivers/hid/hid-core.c | 1 drivers/hid/hid-logitech-dj.c | 4 drivers/hv/hv_util.c | 19 drivers/hwtracing/intel_th/pci.c | 25 drivers/i2c/busses/i2c-at91-slave.c | 3 drivers/i2c/busses/i2c-ocores.c | 2 drivers/iio/adc/ad7266.c | 2 drivers/iio/chemical/bme680.h | 2 drivers/iio/chemical/bme680_core.c | 62 +- drivers/iio/dac/ad5592r-base.c | 56 - drivers/iio/dac/ad5592r-base.h | 1 drivers/input/input.c | 105 ++- drivers/iommu/amd_iommu_init.c | 9 drivers/media/dvb-core/dvbdev.c | 2 drivers/misc/mei/pci-me.c | 4 drivers/misc/vmw_vmci/vmci_event.c | 6 drivers/mmc/host/sdhci-pci-core.c | 11 drivers/mmc/host/sdhci.c | 25 drivers/mtd/nand/spi/macronix.c | 99 +++ drivers/mtd/parsers/redboot.c | 2 drivers/net/dsa/microchip/ksz9477.c | 6 drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 drivers/net/ethernet/mellanox/mlx5/core/fw.c | 4 drivers/net/ethernet/mellanox/mlx5/core/health.c | 8 drivers/net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 4 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 drivers/net/phy/micrel.c | 15 drivers/net/usb/ax88179_178a.c | 6 drivers/net/usb/rtl8150.c | 3 drivers/net/virtio_net.c | 12 drivers/net/vxlan.c | 4 drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 drivers/pci/controller/pcie-rockchip-ep.c | 6 drivers/pci/pci.c | 12 drivers/pinctrl/core.c | 2 drivers/pinctrl/pinctrl-rockchip.c | 63 +- drivers/ptp/ptp_chardev.c | 3 drivers/pwm/pwm-stm32.c | 3 drivers/regulator/core.c | 1 drivers/scsi/mpt3sas/mpt3sas_base.c | 19 drivers/scsi/qedi/qedi_debugfs.c | 12 drivers/soc/ti/wkup_m3_ipc.c | 7 drivers/tty/serial/mcf.c | 2 drivers/tty/serial/sc16is7xx.c | 25 drivers/usb/atm/cxacru.c | 14 drivers/usb/class/cdc-wdm.c | 4 drivers/usb/gadget/function/f_fs.c | 4 drivers/usb/gadget/function/f_printer.c | 1 drivers/usb/host/xhci-pci.c | 7 drivers/usb/host/xhci-ring.c | 5 drivers/usb/misc/uss720.c | 20 drivers/usb/musb/da8xx.c | 8 drivers/usb/storage/alauda.c | 9 fs/jfs/xattr.c | 4 fs/nfs/read.c | 4 fs/nilfs2/dir.c | 59 - fs/nilfs2/segment.c | 3 fs/ocfs2/file.c | 2 fs/ocfs2/namei.c | 2 fs/open.c | 4 fs/proc/vmcore.c | 2 fs/udf/udftime.c | 11 include/linux/compat.h | 2 include/linux/iommu.h | 2 include/linux/micrel_phy.h | 1 include/linux/nvme.h | 4 include/linux/pci.h | 9 include/linux/syscalls.h | 2 include/net/bluetooth/hci_core.h | 36 + include/net/netfilter/nf_tables.h | 5 include/uapi/asm-generic/hugetlb_encode.h | 24 kernel/events/core.c | 13 kernel/gcov/gcc_4_7.c | 4 kernel/gen_kheaders.sh | 9 kernel/rcu/rcutorture.c | 3 kernel/time/tick-common.c | 42 - kernel/trace/preemptirq_delay_test.c | 1 net/batman-adv/originator.c | 29 net/bluetooth/l2cap_core.c | 8 net/can/j1939/main.c | 6 net/can/j1939/transport.c | 21 net/core/drop_monitor.c | 20 net/core/net_namespace.c | 9 net/core/sock.c | 6 net/ipv4/af_inet.c | 23 net/ipv4/cipso_ipv4.c | 12 net/ipv4/tcp.c | 16 net/ipv6/af_inet6.c | 24 net/ipv6/ip6_fib.c | 6 net/ipv6/ipv6_sockglue.c | 9 net/ipv6/route.c | 9 net/ipv6/seg6_iptunnel.c | 14 net/ipv6/tcp_ipv6.c | 9 net/ipv6/xfrm6_policy.c | 8 net/iucv/iucv.c | 26 net/mac80211/mesh_pathtbl.c | 13 net/mac80211/sta_info.c | 4 net/netfilter/ipset/ip_set_core.c | 92 +- net/netfilter/ipset/ip_set_list_set.c | 30 net/netfilter/nf_tables_api.c | 13 net/netfilter/nft_exthdr.c | 17 net/netfilter/nft_lookup.c | 3 net/netrom/nr_timer.c | 3 net/sched/act_api.c | 66 +- net/sched/sch_multiq.c | 2 net/sched/sch_taprio.c | 15 net/sunrpc/auth_gss/auth_gss.c | 4 net/unix/af_unix.c | 47 - net/unix/diag.c | 12 net/wireless/pmsr.c | 8 sound/soc/fsl/fsl-asoc-card.c | 3 sound/soc/ti/davinci-mcasp.c | 310 ++++------ sound/synth/emux/soundfont.c | 17 tools/include/asm-generic/hugetlb_encode.h | 20 tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_eventname.tc | 3 tools/testing/selftests/vm/compaction_test.c | 103 +-- 159 files changed, 1466 insertions(+), 841 deletions(-) Adam Miotk (1): drm/bridge/panel: Fix runtime warning on panel bridge release Adrian Hunter (2): mmc: sdhci: Do not invert write-protect twice mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Alan Stern (1): USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Aleksandr Mishin (2): liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet gpio: davinci: Validate the obtained number of IRQs Alessandro Carminati (Red Hat) (1): selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh Alex Bee (1): arm64: dts: rockchip: Add sound-dai-cells for RK3368 Alex Deucher (2): drm/radeon: fix UBSAN warning in kv_dpm.c drm/amdgpu: fix UBSAN warning in kv_dpm.c Alex Henrie (1): usb: misc: uss720: check for incompatible versions of the Belkin F5U002 Alexander Shishkin (5): intel_th: pci: Add Granite Rapids support intel_th: pci: Add Granite Rapids SOC support intel_th: pci: Add Sapphire Rapids SOC support intel_th: pci: Add Meteor Lake-S support intel_th: pci: Add Lunar Lake support Alexandru Ardelean (1): iio: dac: ad5592r: un-indent code-block for scale read Amjad Ouled-Ameur (1): drm/komeda: check for error-valued pointer Andrew Davis (1): soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Arnd Bergmann (5): sparc: fix old compat_sys_select() parisc: use correct compat recv/recvfrom syscalls csky, hexagon: fix broken sys_sync_file_range hexagon: fix fadvise64_64 calling conventions ftruncate: pass a signed offset Biju Das (1): regulator: core: Fix modpost error "regulator_get_regmap" undefined Breno Leitao (1): scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory Chen Hanxiao (1): SUNRPC: return proper error from gss_wrap_req_priv Christian Marangi (1): mips: bmips: BCM6358: make sure CBR is correctly set Colin Ian King (1): ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret Dan Carpenter (1): usb: musb: da8xx: fix a resource leak in probe() Daniel Borkmann (1): vxlan: Fix regression when dropping packets due to invalid src addresses David Ruth (1): net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() Dawei Li (2): net/iucv: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack Denis Arefev (1): mtd: partitions: redboot: Added conversion of operands to a larger type Dev Jain (2): selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages selftests/mm: compaction_test: fix bogus test success on Aarch64 Dirk Behme (1): drivers: core: synchronize really_probe() and dev_uevent() Divya Koppera (1): net: phy: mchp: Add support for LAN8814 QUAD PHY Dmitry Torokhov (1): Input: try trimming too long modalias strings Elinor Montmasson (1): ASoC: fsl-asoc-card: set priv->pdev before using it Emmanuel Grumbach (1): wifi: iwlwifi: mvm: don't read past the mfuart notifcation Enguerrand de Ribaucourt (1): net: phy: micrel: add Microchip KSZ 9477 to the device table Eric Dumazet (9): ipv6: sr: block BH in seg6_output_core() and seg6_input_core() net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP ipv6: fix possible race in __fib6_drop_pcpu_from() tcp: fix race in tcp_v6_syn_recv_sock() batman-adv: bypass empty buckets in batadv_purge_orig_ref() ipv6: prevent possible NULL deref in fib6_nh_init() ipv6: prevent possible NULL dereference in rt6_probe() xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ipv6: annotate some data-races around sk->sk_prot Fernando Yang (1): iio: adc: ad7266: Fix variable checking bug Florian Westphal (1): netfilter: nftables: exthdr: fix 4-byte stack OOB write Gal Pressman (1): net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Gavrilov Ilia (1): netrom: Fix a memory leak in nr_heartbeat_expiry() George Shen (1): drm/amd/display: Handle Y carry-over in VCP X.Y calculation Greg Kroah-Hartman (2): jfs: xattr: fix buffer overflow for invalid xattr Linux 5.4.279 Gregor Herburger (1): gpio: tqmx86: fix typo in Kconfig label Grygorii Tertychnyi (1): i2c: ocores: set IACK bit after core is enabled Hagar Gamal Halim Hemdan (1): vmci: prevent speculation leaks by sanitizing event in event_deliver() Hagar Hemdan (1): pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER Haifeng Xu (1): perf/core: Fix missing wakeup when waiting for context reference Hangyu Hua (1): net: sched: sch_multiq: fix possible OOB write in multiq_tune() Hannes Reinecke (1): nvme: fixup comment for nvme RDMA Provider Type Heng Qi (1): virtio_net: checksum offloading handling fix Huang-Huang Bao (3): pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Hugo Villeneuve (2): serial: sc16is7xx: replace hardcoded divisor value with BIT() macro serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Ilpo Järvinen (2): MIPS: Routerboard 532: Fix vendor retry check code mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Jaime Liao (1): mtd: spinand: macronix: Add support for serial NAND flash Jani Nikula (1): drm/exynos/vidi: fix memory leak in .get_modes() Jason Xing (1): tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Jean Delvare (1): i2c: at91: Fix the functionality flags of the slave-only interface Jean-Michel Hautbois (1): tty: mcf: MCF54418 has 10 UARTS Jeff Johnson (1): tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test Joao Paulo Goncalves (1): ASoC: ti: davinci-mcasp: Fix race condition during probe Johan Hovold (1): arm64: dts: qcom: qcs404: fix bluetooth device address Johan Jonker (1): ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Johannes Berg (1): wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: improve link status logs José Expósito (1): HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Jozsef Kadlecsik (2): netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type netfilter: ipset: Fix suspicious rcu_dereference_protected() Karol Kolacinski (1): ptp: Fix error message on failed pin verification Krzysztof Kozlowski (3): ARM: dts: samsung: smdkv310: fix keypad no-autorepeat ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Kuangyi Chiang (2): xhci: Apply reset resume quirk to Etron EJ188 xHCI host xhci: Apply broken streams quirk to Etron EJ188 xHCI host Kun(llfl) (1): iommu/amd: Fix sysfs leak in iommu init Kuniyuki Iwashima (10): af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). ipv6: Fix data races around sk->sk_prot. tcp: Fix data races around icsk->icsk_af_ops. Laurent Pinchart (1): drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Lin Ma (1): wifi: cfg80211: pmsr: use correct nla_get_uX functions Linus Torvalds (1): x86: stop playing stack games in profile_pc() Lu Baolu (1): iommu: Return right value in iommu_sva_bind_device() Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Ma Ke (2): drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Manish Rangankar (1): scsi: qedi: Fix crash while reading debugfs attribute Marc Ferland (1): iio: dac: ad5592r: fix temperature channel scaling value Marek Szyprowski (1): drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found Mario Limonciello (1): PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports Masahiro Yamada (1): Revert "kheaders: substituting --sort in archive creation" Mathias Nyman (1): xhci: Set correct transferred length for cancelled bulk transfers Matthew Wilcox (Oracle) (3): nilfs2: Remove check for PageError nilfs2: return the mapped address from nilfs_get_page() nfs: Leave pages in the pagecache if readpage failed Matthias Goergens (1): hugetlb_encode.h: fix undefined behaviour (34 << 26) Matthias Maennich (1): kheaders: explicitly define file modes for archived headers Michael Ellerman (1): powerpc/io: Avoid clang null pointer arithmetic warnings Moshe Shemesh (1): net/mlx5: Stop waiting for PCI if pci channel is offline Muhammad Usama Anjum (1): selftests/mm: conform test to TAP format output Nathan Lynch (1): powerpc/pseries: Enforce hcall result buffer validity and size Naveen Naidu (1): PCI: Add PCI_ERROR_RESPONSE and related definitions Nicolas Escande (1): wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects Nikita Shubin (1): dmaengine: ioatdma: Fix missing kmem_cache_destroy() Nikita Zhandarovich (2): HID: core: remove unnecessary WARN_ON() in implement() usb: atm: cxacru: fix endpoint checking in cxacru_bind() Niklas Cassel (1): ata: libata-core: Fix double free on error Nuno Sa (1): dmaengine: axi-dmac: fix possible race in remove() Oleg Nesterov (1): tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() Oleksij Rempel (2): net: can: j1939: recover socket queue on CAN bus error during BAM transmission net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oliver Neukum (2): net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings usb: gadget: printer: SS+ support Ondrej Mosnacek (1): cipso: fix total option length computation Oswald Buddenhagen (1): ALSA: emux: improve patch ioctl data validation Pablo Neira Ayuso (2): netfilter: nf_tables: validate family when identifying table via handle netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Paul E. McKenney (1): rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment Pedro Tammela (1): net/sched: act_api: rely on rcu in tcf_idr_check_alloc Peter Oberparleiter (1): gcov: add support for GCC 14 Peter Ujfalusi (4): ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling ASoC: ti: davinci-mcasp: Handle missing required DT properties Petr Pavlu (1): net/ipv6: Fix the RT cache flush via sysctl using a previous delay Raju Rangoju (1): ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Remi Pommarel (1): wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() Ricardo Ribalda (1): media: dvbdev: Initialize sbuf Rick Wertenbroek (1): PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Rik van Riel (1): fs/proc: fix softlockup in __read_vmcore Roman Smirnov (1): udf: udftime: prevent overflow in udf_disk_stamp_to_time() Ryusuke Konishi (2): nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors nilfs2: fix potential kernel bug due to lack of writeback flag waiting Sergiu Cuciurean (1): iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock Shahar S Matityahu (1): wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef Shichao Lai (1): usb-storage: alauda: Check whether the media is initialized Shigeru Yoshida (1): net: can: j1939: Initialize unused data in j1939_send_one() Sicong Huang (1): greybus: Fix use-after-free bug in gb_interface_release due to race condition. Songyang Li (1): MIPS: Octeon: Add PCIe link status check Steven Rostedt (Google) (1): tracing/selftests: Fix kprobe event name test for .isra. functions Su Yue (2): ocfs2: use coarse time for new created files ocfs2: fix races between hole punching and AIO+DIO Sven Eckelmann (1): batman-adv: Don't accept TT entries for out-of-spec VIDs Taehee Yoo (1): ionic: fix use after netif_napi_del() Tomas Winkler (1): mei: me: release irq in mei_me_pci_resume error path Tristram Ha (1): net: dsa: microchip: fix initial port flush problem Uri Arev (1): Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl Uwe Kleine-König (1): pwm: stm32: Refuse too small period requests Vasileios Amoiridis (4): iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation Vineeth Pillai (1): hv_utils: drain the timesync packets on onchannelcallback Wander Lairson Costa (1): drop_monitor: replace spin_lock by raw_spin_lock Wesley Cheng (1): usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Yazen Ghannam (1): x86/amd_nb: Check for invalid SMN reads Yue Haibing (1): netns: Make get_net_ns() handle zero refcount net Zhang Qilong (1): ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params

10 months

1
1
0 0

Linux 4.19.317

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.317 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/exynos4210-smdkv310.dts | 2 arch/arm/boot/dts/exynos4412-origen.dts | 2 arch/arm/boot/dts/exynos4412-smdk4412.dts | 2 arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 arch/hexagon/include/asm/syscalls.h | 6 arch/hexagon/kernel/syscalltab.c | 7 arch/mips/pci/ops-rc32434.c | 4 arch/mips/pci/pcie-octeon.c | 6 arch/powerpc/include/asm/hvcall.h | 8 arch/powerpc/include/asm/io.h | 24 +- arch/x86/kernel/amd_nb.c | 9 arch/x86/kernel/time.c | 21 - drivers/acpi/acpica/exregion.c | 23 -- drivers/ata/libata-core.c | 8 drivers/base/core.c | 3 drivers/dma/dma-axi-dmac.c | 2 drivers/dma/ioat/init.c | 1 drivers/gpio/gpio-davinci.c | 5 drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 2 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_stream_encoder.c | 6 drivers/gpu/drm/bridge/panel.c | 7 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 drivers/gpu/drm/radeon/sumo_dpm.c | 2 drivers/hid/hid-core.c | 1 drivers/hv/hv_util.c | 19 + drivers/hwtracing/intel_th/pci.c | 25 ++ drivers/i2c/busses/i2c-ocores.c | 56 ++++- drivers/iio/adc/ad7266.c | 2 drivers/iio/chemical/bme680.h | 2 drivers/iio/chemical/bme680_core.c | 62 ++++- drivers/iio/dac/ad5592r-base.c | 56 ++--- drivers/iio/dac/ad5592r-base.h | 1 drivers/input/input.c | 105 ++++++++- drivers/iommu/amd_iommu_init.c | 9 drivers/media/dvb-core/dvbdev.c | 2 drivers/media/media-devnode.c | 5 drivers/misc/mei/pci-me.c | 4 drivers/misc/vmw_vmci/vmci_event.c | 6 drivers/mmc/host/sdhci-pci-core.c | 11 drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 drivers/net/usb/ax88179_178a.c | 6 drivers/net/usb/rtl8150.c | 3 drivers/net/virtio_net.c | 11 drivers/net/vxlan.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 drivers/pci/controller/pcie-rockchip-ep.c | 6 drivers/pci/pci.c | 12 + drivers/pinctrl/core.c | 2 drivers/pinctrl/pinctrl-rockchip.c | 63 ++++- drivers/ptp/ptp_chardev.c | 3 drivers/pwm/pwm-stm32.c | 3 drivers/regulator/core.c | 1 drivers/scsi/mpt3sas/mpt3sas_base.c | 112 ++++++++++ drivers/scsi/mpt3sas/mpt3sas_base.h | 11 drivers/scsi/qedi/qedi_debugfs.c | 12 - drivers/soc/ti/wkup_m3_ipc.c | 7 drivers/tty/serial/mcf.c | 2 drivers/tty/serial/sc16is7xx.c | 25 +- drivers/usb/atm/cxacru.c | 14 + drivers/usb/class/cdc-wdm.c | 4 drivers/usb/gadget/function/f_fs.c | 4 drivers/usb/gadget/function/f_printer.c | 1 drivers/usb/host/xhci-pci.c | 12 + drivers/usb/host/xhci-ring.c | 25 +- drivers/usb/host/xhci.h | 3 drivers/usb/misc/uss720.c | 20 + drivers/usb/musb/da8xx.c | 8 drivers/usb/storage/alauda.c | 9 fs/jfs/xattr.c | 4 fs/nilfs2/dir.c | 59 ++--- fs/nilfs2/segment.c | 3 fs/ocfs2/file.c | 2 fs/ocfs2/namei.c | 2 fs/open.c | 4 fs/proc/vmcore.c | 2 fs/udf/udftime.c | 11 include/linux/compat.h | 2 include/linux/nvme.h | 4 include/linux/pci.h | 9 include/linux/syscalls.h | 2 include/net/bluetooth/hci_core.h | 36 ++- include/net/netfilter/nf_tables.h | 5 include/uapi/asm-generic/hugetlb_encode.h | 24 +- kernel/events/core.c | 13 + kernel/gcov/gcc_4_7.c | 4 kernel/rcu/rcutorture.c | 3 kernel/trace/preemptirq_delay_test.c | 1 net/batman-adv/originator.c | 29 ++ net/bluetooth/l2cap_core.c | 8 net/core/sock.c | 6 net/ipv4/af_inet.c | 38 ++- net/ipv4/cipso_ipv4.c | 12 - net/ipv4/tcp.c | 16 - net/ipv6/af_inet6.c | 14 - net/ipv6/ipv6_sockglue.c | 9 net/ipv6/route.c | 8 net/ipv6/seg6_iptunnel.c | 14 - net/ipv6/tcp_ipv6.c | 9 net/ipv6/xfrm6_policy.c | 8 net/iucv/iucv.c | 26 +- net/mac80211/mesh_pathtbl.c | 13 + net/mac80211/sta_info.c | 4 net/netfilter/nf_tables_api.c | 13 - net/netfilter/nft_lookup.c | 3 net/netrom/nr_timer.c | 3 net/unix/af_unix.c | 47 +--- net/unix/diag.c | 12 - net/xdp/xsk.c | 4 sound/soc/fsl/fsl-asoc-card.c | 3 sound/synth/emux/soundfont.c | 17 - tools/include/asm-generic/hugetlb_encode.h | 20 - tools/testing/selftests/ftrace/test.d/trigger/trigger-trace-marker-snapshot.tc | 4 tools/testing/selftests/vm/compaction_test.c | 103 ++++----- 117 files changed, 1129 insertions(+), 457 deletions(-) Adam Miotk (1): drm/bridge/panel: Fix runtime warning on panel bridge release Aditya Pakki (1): ipv6/route: Add a missing check on proc_dointvec Alan Stern (1): USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Aleksandr Mishin (2): liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet gpio: davinci: Validate the obtained number of IRQs Alex Bee (1): arm64: dts: rockchip: Add sound-dai-cells for RK3368 Alex Deucher (2): drm/radeon: fix UBSAN warning in kv_dpm.c drm/amdgpu: fix UBSAN warning in kv_dpm.c Alex Henrie (1): usb: misc: uss720: check for incompatible versions of the Belkin F5U002 Alexander Shishkin (5): intel_th: pci: Add Granite Rapids support intel_th: pci: Add Granite Rapids SOC support intel_th: pci: Add Sapphire Rapids SOC support intel_th: pci: Add Meteor Lake-S support intel_th: pci: Add Lunar Lake support Alexandru Ardelean (1): iio: dac: ad5592r: un-indent code-block for scale read Andrew Davis (1): soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Arnd Bergmann (2): hexagon: fix fadvise64_64 calling conventions ftruncate: pass a signed offset Biju Das (1): regulator: core: Fix modpost error "regulator_get_regmap" undefined Breno Leitao (1): scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory Dan Carpenter (1): usb: musb: da8xx: fix a resource leak in probe() Daniel Borkmann (1): vxlan: Fix regression when dropping packets due to invalid src addresses Dawei Li (1): net/iucv: Avoid explicit cpumask var allocation on stack Dev Jain (2): selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages selftests/mm: compaction_test: fix bogus test success on Aarch64 Dirk Behme (1): drivers: core: synchronize really_probe() and dev_uevent() Dmitry Torokhov (1): Input: try trimming too long modalias strings Elinor Montmasson (1): ASoC: fsl-asoc-card: set priv->pdev before using it Emmanuel Grumbach (1): wifi: iwlwifi: mvm: don't read past the mfuart notifcation Eric Dumazet (7): ipv6: sr: block BH in seg6_output_core() and seg6_input_core() xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING tcp: fix race in tcp_v6_syn_recv_sock() batman-adv: bypass empty buckets in batadv_purge_orig_ref() ipv6: prevent possible NULL dereference in rt6_probe() xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ipv6: annotate some data-races around sk->sk_prot Federico Vaga (1): i2c: ocores: stop transfer on timeout Fernando Yang (1): iio: adc: ad7266: Fix variable checking bug Gavrilov Ilia (1): netrom: Fix a memory leak in nr_heartbeat_expiry() George Shen (1): drm/amd/display: Handle Y carry-over in VCP X.Y calculation Greg Kroah-Hartman (2): jfs: xattr: fix buffer overflow for invalid xattr Linux 4.19.317 Grygorii Tertychnyi (1): i2c: ocores: set IACK bit after core is enabled Hagar Gamal Halim Hemdan (1): vmci: prevent speculation leaks by sanitizing event in event_deliver() Hagar Hemdan (1): pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER Haifeng Xu (1): perf/core: Fix missing wakeup when waiting for context reference Hannes Reinecke (1): nvme: fixup comment for nvme RDMA Provider Type Hans Verkuil (1): media: mc: mark the media devnode as registered from the, start Heng Qi (1): virtio_net: checksum offloading handling fix Huang-Huang Bao (3): pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Hugo Villeneuve (2): serial: sc16is7xx: replace hardcoded divisor value with BIT() macro serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Ilpo Järvinen (2): MIPS: Routerboard 532: Fix vendor retry check code mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Jani Nikula (1): drm/exynos/vidi: fix memory leak in .get_modes() Jason Xing (1): tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Jean-Michel Hautbois (1): tty: mcf: MCF54418 has 10 UARTS Jeff Johnson (1): tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test Joe Perches (1): scsi: mpt3sas: Add ioc_<level> logging macros Johannes Berg (1): wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: improve link status logs Karol Kolacinski (1): ptp: Fix error message on failed pin verification Krzysztof Kozlowski (3): ARM: dts: samsung: smdkv310: fix keypad no-autorepeat ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Kuangyi Chiang (2): xhci: Apply reset resume quirk to Etron EJ188 xHCI host xhci: Apply broken streams quirk to Etron EJ188 xHCI host Kun(llfl) (1): iommu/amd: Fix sysfs leak in iommu init Kuniyuki Iwashima (10): af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). ipv6: Fix data races around sk->sk_prot. tcp: Fix data races around icsk->icsk_af_ops. Laurent Pinchart (1): drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Linus Torvalds (1): x86: stop playing stack games in profile_pc() Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Ma Ke (2): drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Manish Rangankar (1): scsi: qedi: Fix crash while reading debugfs attribute Marc Ferland (1): iio: dac: ad5592r: fix temperature channel scaling value Mario Limonciello (1): PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports Masami Hiramatsu (1): selftests/ftrace: Fix checkbashisms errors Mathias Nyman (2): xhci: Use soft retry to recover faster from transaction errors xhci: Set correct transferred length for cancelled bulk transfers Matthew Wilcox (Oracle) (2): nilfs2: Remove check for PageError nilfs2: return the mapped address from nilfs_get_page() Matthias Goergens (1): hugetlb_encode.h: fix undefined behaviour (34 << 26) Michael Ellerman (1): powerpc/io: Avoid clang null pointer arithmetic warnings Muhammad Usama Anjum (1): selftests/mm: conform test to TAP format output Nathan Lynch (1): powerpc/pseries: Enforce hcall result buffer validity and size Naveen Naidu (1): PCI: Add PCI_ERROR_RESPONSE and related definitions Nicolas Escande (1): wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects Nikita Shubin (1): dmaengine: ioatdma: Fix missing kmem_cache_destroy() Nikita Zhandarovich (2): HID: core: remove unnecessary WARN_ON() in implement() usb: atm: cxacru: fix endpoint checking in cxacru_bind() Niklas Cassel (1): ata: libata-core: Fix double free on error Nuno Sa (1): dmaengine: axi-dmac: fix possible race in remove() Oliver Neukum (2): net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings usb: gadget: printer: SS+ support Ondrej Mosnacek (1): cipso: fix total option length computation Oswald Buddenhagen (1): ALSA: emux: improve patch ioctl data validation Pablo Neira Ayuso (2): netfilter: nf_tables: validate family when identifying table via handle netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Paul E. McKenney (1): rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment Peter Oberparleiter (1): gcov: add support for GCC 14 Petr Pavlu (1): net/ipv6: Fix the RT cache flush via sysctl using a previous delay Raju Rangoju (1): ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Remi Pommarel (1): wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() Ricardo Ribalda (1): media: dvbdev: Initialize sbuf Rick Wertenbroek (1): PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Rik van Riel (1): fs/proc: fix softlockup in __read_vmcore Roman Smirnov (1): udf: udftime: prevent overflow in udf_disk_stamp_to_time() Ryusuke Konishi (2): nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors nilfs2: fix potential kernel bug due to lack of writeback flag waiting Sergiu Cuciurean (1): iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock Shichao Lai (1): usb-storage: alauda: Check whether the media is initialized Songyang Li (1): MIPS: Octeon: Add PCIe link status check Stanislaw Gruszka (1): usb: xhci: do not perform Soft Retry for some xHCI hosts Su Yue (2): ocfs2: use coarse time for new created files ocfs2: fix races between hole punching and AIO+DIO Suganath Prabu (1): scsi: mpt3sas: Gracefully handle online firmware update Sven Eckelmann (1): batman-adv: Don't accept TT entries for out-of-spec VIDs Tomas Winkler (1): mei: me: release irq in mei_me_pci_resume error path Uwe Kleine-König (1): pwm: stm32: Refuse too small period requests Vasileios Amoiridis (4): iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation Vineeth Pillai (1): hv_utils: drain the timesync packets on onchannelcallback Wesley Cheng (1): usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Yazen Ghannam (1): x86/amd_nb: Check for invalid SMN reads

10 months

1
1
0 0

[PATCH 4.19 000/139] 4.19.317-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.317 release. There are 139 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Jul 2024 10:28:04 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.317-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.317-rc1 Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Add sound-dai-cells for RK3368 Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix data races around icsk->icsk_af_ops. Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix data races around sk->sk_prot. Eric Dumazet <edumazet(a)google.com> ipv6: annotate some data-races around sk->sk_prot Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Refuse too small period requests Arnd Bergmann <arnd(a)arndb.de> ftruncate: pass a signed offset Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix double free on error Sven Eckelmann <sven(a)narfation.org> batman-adv: Don't accept TT entries for out-of-spec VIDs Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes Arnd Bergmann <arnd(a)arndb.de> hexagon: fix fadvise64_64 calling conventions Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> tty: mcf: MCF54418 has 10 UARTS Stefan Eichenberger <stefan.eichenberger(a)toradex.com> serial: imx: set receiver level before starting uart Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix endpoint checking in cxacru_bind() Dan Carpenter <dan.carpenter(a)linaro.org> usb: musb: da8xx: fix a resource leak in probe() Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: SS+ support Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: improve link status logs Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix sensor data read operation Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix overflows in compensate() functions Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix calibration data variable Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix pressure value output Fernando Yang <hagisf(a)usp.br> iio: adc: ad7266: Fix variable checking bug Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Linus Torvalds <torvalds(a)linux-foundation.org> x86: stop playing stack games in profile_pc() Grygorii Tertychnyi <grembeter(a)gmail.com> i2c: ocores: set IACK bit after core is enabled Federico Vaga <federico.vaga(a)cern.ch> i2c: ocores: stop transfer on timeout Aleksandr Mishin <amishin(a)t-argos.ru> gpio: davinci: Validate the obtained number of IRQs Hannes Reinecke <hare(a)suse.de> nvme: fixup comment for nvme RDMA Provider Type Andrew Davis <afd(a)ti.com> soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Ricardo Ribalda <ribalda(a)chromium.org> media: dvbdev: Initialize sbuf Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emux: improve patch ioctl data validation Dawei Li <dawei.li(a)shingroup.cn> net/iucv: Avoid explicit cpumask var allocation on stack Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> ASoC: fsl-asoc-card: set priv->pdev before using it Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate family when identifying table via handle Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix UBSAN warning in kv_dpm.c Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins Hagar Hemdan <hagarhem(a)amazon.com> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER Stanislaw Gruszka <stf_xl(a)wp.pl> usb: xhci: do not perform Soft Retry for some xHCI hosts Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set correct transferred length for cancelled bulk transfers Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Use soft retry to recover faster from transaction errors Breno Leitao <leitao(a)debian.org> scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory Suganath Prabu <suganath-prabu.subramani(a)broadcom.com> scsi: mpt3sas: Gracefully handle online firmware update Joe Perches <joe(a)perches.com> scsi: mpt3sas: Add ioc_<level> logging macros Marc Ferland <marc.ferland(a)sonatest.com> iio: dac: ad5592r: fix temperature channel scaling value Alexandru Ardelean <alexandru.ardelean(a)analog.com> iio: dac: ad5592r: un-indent code-block for scale read Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Check for invalid SMN reads Naveen Naidu <naveennaidu479(a)gmail.com> PCI: Add PCI_ERROR_RESPONSE and related definitions Haifeng Xu <haifeng.xu(a)shopee.com> perf/core: Fix missing wakeup when waiting for context reference Jeff Johnson <quic_jjohnson(a)quicinc.com> tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test Masami Hiramatsu <mhiramat(a)kernel.org> selftests/ftrace: Fix checkbashisms errors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdkv310: fix keypad no-autorepeat Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 14 Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: fix UBSAN warning in kv_dpm.c Raju Rangoju <Raju.Rangoju(a)amd.com> ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix missing kmem_cache_destroy() Biju Das <biju.das.jz(a)bp.renesas.com> regulator: core: Fix modpost error "regulator_get_regmap" undefined Oliver Neukum <oneukum(a)suse.com> net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings Heng Qi <hengqi(a)linux.alibaba.com> virtio_net: checksum offloading handling fix Eric Dumazet <edumazet(a)google.com> xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL dereference in rt6_probe() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> netrom: Fix a memory leak in nr_heartbeat_expiry() Ondrej Mosnacek <omosnace(a)redhat.com> cipso: fix total option length computation Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> MIPS: Routerboard 532: Fix vendor retry check code Songyang Li <leesongyang(a)outlook.com> MIPS: Octeon: Add PCIe link status check Mario Limonciello <mario.limonciello(a)amd.com> PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports Roman Smirnov <r.smirnov(a)omp.ru> udf: udftime: prevent overflow in udf_disk_stamp_to_time() Alex Henrie <alexhenrie24(a)gmail.com> usb: misc: uss720: check for incompatible versions of the Belkin F5U002 Michael Ellerman <mpe(a)ellerman.id.au> powerpc/io: Avoid clang null pointer arithmetic warnings Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries: Enforce hcall result buffer validity and size Manish Rangankar <mrangankar(a)marvell.com> scsi: qedi: Fix crash while reading debugfs attribute Eric Dumazet <edumazet(a)google.com> batman-adv: bypass empty buckets in batadv_purge_orig_ref() Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment Shichao Lai <shichaorai(a)gmail.com> usb-storage: alauda: Check whether the media is initialized Matthias Goergens <matthias.goergens(a)gmail.com> hugetlb_encode.h: fix undefined behaviour (34 << 26) Vineeth Pillai <viremana(a)linux.microsoft.com> hv_utils: drain the timesync packets on onchannelcallback Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential kernel bug due to lack of writeback flag waiting Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Lunar Lake support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Sapphire Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids support Nuno Sa <nuno.sa(a)analog.com> dmaengine: axi-dmac: fix possible race in remove() Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Su Yue <glass.su(a)suse.com> ocfs2: fix races between hole punching and AIO+DIO Su Yue <glass.su(a)suse.com> ocfs2: use coarse time for new created files Rik van Riel <riel(a)surriel.com> fs/proc: fix softlockup in __read_vmcore Hagar Gamal Halim Hemdan <hagarhem(a)amazon.com> vmci: prevent speculation leaks by sanitizing event in event_deliver() Jani Nikula <jani.nikula(a)intel.com> drm/exynos/vidi: fix memory leak in .get_modes() Dirk Behme <dirk.behme(a)de.bosch.com> drivers: core: synchronize really_probe() and dev_uevent() Petr Pavlu <petr.pavlu(a)suse.com> net/ipv6: Fix the RT cache flush via sysctl using a previous delay Aditya Pakki <pakki001(a)umn.edu> ipv6/route: Add a missing check on proc_dointvec Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_v6_syn_recv_sock() Adam Miotk <adam.miotk(a)arm.com> drm/bridge/panel: Fix runtime warning on panel bridge release Aleksandr Mishin <amishin(a)t-argos.ru> liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet Kun(llfl) <llfl(a)linux.alibaba.com> iommu/amd: Fix sysfs leak in iommu init Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: core: remove unnecessary WARN_ON() in implement() Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: try trimming too long modalias strings Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply broken streams quirk to Etron EJ188 xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply reset resume quirk to Etron EJ188 xHCI host Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> jfs: xattr: fix buffer overflow for invalid xattr Tomas Winkler <tomas.winkler(a)intel.com> mei: me: release irq in mei_me_pci_resume error path Alan Stern <stern(a)rowland.harvard.edu> USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: return the mapped address from nilfs_get_page() Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: Remove check for PageError Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix bogus test success on Aarch64 Mark Brown <broonie(a)kernel.org> selftests/mm: log a consistent test name for check_compaction Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: conform test to TAP format output Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: mc: mark the media devnode as registered from the, start Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: replace hardcoded divisor value with BIT() macro George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). Karol Kolacinski <karol.kolacinski(a)intel.com> ptp: Fix error message on failed pin verification Jason Xing <kernelxing(a)tencent.com> tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Eric Dumazet <edumazet(a)google.com> ipv6: sr: block BH in seg6_output_core() and seg6_input_core() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't read past the mfuart notifcation Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/exynos4210-smdkv310.dts | 2 +- arch/arm/boot/dts/exynos4412-origen.dts | 2 +- arch/arm/boot/dts/exynos4412-smdk4412.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 + arch/hexagon/include/asm/syscalls.h | 6 ++ arch/hexagon/kernel/syscalltab.c | 7 ++ arch/mips/pci/ops-rc32434.c | 4 +- arch/mips/pci/pcie-octeon.c | 6 ++ arch/powerpc/include/asm/hvcall.h | 8 +- arch/powerpc/include/asm/io.h | 24 ++--- arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/time.c | 21 +--- drivers/acpi/acpica/exregion.c | 23 +---- drivers/ata/libata-core.c | 8 +- drivers/base/core.c | 3 + drivers/dma/dma-axi-dmac.c | 2 +- drivers/dma/ioat/init.c | 1 + drivers/gpio/gpio-davinci.c | 5 + drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 2 + .../amd/display/dc/dcn10/dcn10_stream_encoder.c | 6 ++ drivers/gpu/drm/bridge/panel.c | 7 +- drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 +- drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 ++ drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 +- drivers/gpu/drm/radeon/sumo_dpm.c | 2 + drivers/hid/hid-core.c | 1 - drivers/hv/hv_util.c | 19 +++- drivers/hwtracing/intel_th/pci.c | 25 +++++ drivers/i2c/busses/i2c-ocores.c | 56 +++++++++-- drivers/iio/adc/ad7266.c | 2 + drivers/iio/chemical/bme680.h | 2 + drivers/iio/chemical/bme680_core.c | 62 ++++++++++-- drivers/iio/dac/ad5592r-base.c | 62 ++++++------ drivers/iio/dac/ad5592r-base.h | 1 + drivers/input/input.c | 105 ++++++++++++++++--- drivers/iommu/amd_iommu_init.c | 9 ++ drivers/media/dvb-core/dvbdev.c | 2 +- drivers/media/media-devnode.c | 5 +- drivers/misc/mei/pci-me.c | 4 +- drivers/misc/vmw_vmci/vmci_event.c | 6 +- drivers/mmc/host/sdhci-pci-core.c | 11 +- drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 +- drivers/net/usb/ax88179_178a.c | 6 +- drivers/net/usb/rtl8150.c | 3 +- drivers/net/virtio_net.c | 11 +- drivers/net/vxlan.c | 4 + drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 -- drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 +- drivers/pci/controller/pcie-rockchip-ep.c | 6 +- drivers/pci/pci.c | 12 +++ drivers/pinctrl/core.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 63 ++++++++++-- drivers/ptp/ptp_chardev.c | 3 +- drivers/pwm/pwm-stm32.c | 3 + drivers/regulator/core.c | 1 + drivers/scsi/mpt3sas/mpt3sas_base.c | 112 +++++++++++++++++++++ drivers/scsi/mpt3sas/mpt3sas_base.h | 11 ++ drivers/scsi/qedi/qedi_debugfs.c | 12 +-- drivers/soc/ti/wkup_m3_ipc.c | 7 +- drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/mcf.c | 2 +- drivers/tty/serial/sc16is7xx.c | 25 +++-- drivers/usb/atm/cxacru.c | 14 +++ drivers/usb/class/cdc-wdm.c | 4 +- drivers/usb/gadget/function/f_fs.c | 4 + drivers/usb/gadget/function/f_printer.c | 1 + drivers/usb/host/xhci-pci.c | 12 +++ drivers/usb/host/xhci-ring.c | 25 ++++- drivers/usb/host/xhci.h | 3 + drivers/usb/misc/uss720.c | 22 ++-- drivers/usb/musb/da8xx.c | 8 +- drivers/usb/storage/alauda.c | 9 +- fs/jfs/xattr.c | 4 +- fs/nilfs2/dir.c | 59 ++++++----- fs/nilfs2/segment.c | 3 + fs/ocfs2/file.c | 2 + fs/ocfs2/namei.c | 2 +- fs/open.c | 4 +- fs/proc/vmcore.c | 2 + fs/udf/udftime.c | 11 +- include/linux/compat.h | 2 +- include/linux/nvme.h | 4 +- include/linux/pci.h | 9 ++ include/linux/syscalls.h | 2 +- include/net/bluetooth/hci_core.h | 36 ++++++- include/net/netfilter/nf_tables.h | 5 + include/uapi/asm-generic/hugetlb_encode.h | 24 ++--- kernel/events/core.c | 13 +++ kernel/gcov/gcc_4_7.c | 4 +- kernel/rcu/rcutorture.c | 3 +- kernel/trace/preemptirq_delay_test.c | 1 + net/batman-adv/originator.c | 29 ++++++ net/bluetooth/l2cap_core.c | 8 +- net/core/sock.c | 6 +- net/ipv4/af_inet.c | 38 +++++-- net/ipv4/cipso_ipv4.c | 12 ++- net/ipv4/tcp.c | 16 ++- net/ipv6/af_inet6.c | 14 ++- net/ipv6/ipv6_sockglue.c | 9 +- net/ipv6/route.c | 8 +- net/ipv6/seg6_iptunnel.c | 14 ++- net/ipv6/tcp_ipv6.c | 9 +- net/ipv6/xfrm6_policy.c | 8 +- net/iucv/iucv.c | 26 +++-- net/mac80211/mesh_pathtbl.c | 13 +++ net/mac80211/sta_info.c | 4 +- net/netfilter/nf_tables_api.c | 13 +-- net/netfilter/nft_lookup.c | 3 +- net/netrom/nr_timer.c | 3 +- net/unix/af_unix.c | 47 ++++----- net/unix/diag.c | 12 +-- net/xdp/xsk.c | 4 + sound/soc/fsl/fsl-asoc-card.c | 3 +- sound/synth/emux/soundfont.c | 17 ++-- tools/include/asm-generic/hugetlb_encode.h | 20 ++-- .../trigger/trigger-trace-marker-snapshot.tc | 4 +- tools/testing/selftests/vm/compaction_test.c | 108 +++++++++++--------- 118 files changed, 1141 insertions(+), 464 deletions(-)

10 months

6
147
0 0

[PATCH 5.15 000/356] 5.15.162-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.162 release. There are 356 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Jul 2024 10:28:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.162-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.162-rc1 Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Add sound-dai-cells for RK3368 FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption Ard Biesheuvel <ardb(a)kernel.org> efi/x86: Free EFI memory map only when installing a new one. Ard Biesheuvel <ardb(a)kernel.org> efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures Ard Biesheuvel <ardb(a)kernel.org> efi: memmap: Move manipulation routines into x86 arch tree Liu Zixian <liuzixian4(a)huawei.com> efi: Correct comment on efi_memmap_alloc Zheng Zhi Yuan <kevinjone25(a)g.ncu.edu.tw> drivers: fix typo in firmware/efi/memmap.c Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix data races around icsk->icsk_af_ops. Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix data races around sk->sk_prot. Eric Dumazet <edumazet(a)google.com> ipv6: annotate some data-races around sk->sk_prot Matthew Wilcox (Oracle) <willy(a)infradead.org> nfs: Leave pages in the pagecache if readpage failed Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Refuse too small period requests Arnd Bergmann <arnd(a)arndb.de> syscalls: fix sys_fanotify_mark prototype Arnd Bergmann <arnd(a)arndb.de> syscalls: fix compat_sys_io_pgetevents_time64 usage Arnd Bergmann <arnd(a)arndb.de> ftruncate: pass a signed offset Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix double free on error Niklas Cassel <cassel(a)kernel.org> ata: ahci: Clean up sysfs file on error Sven Eckelmann <sven(a)narfation.org> batman-adv: Don't accept TT entries for out-of-spec VIDs Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix potential UAF by revoke of fence registers Julia Zhang <julia.zhang(a)amd.com> drm/amdgpu: avoid using null object of framebuffer Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes Arnd Bergmann <arnd(a)arndb.de> hexagon: fix fadvise64_64 calling conventions Arnd Bergmann <arnd(a)arndb.de> csky, hexagon: fix broken sys_sync_file_range Arnd Bergmann <arnd(a)arndb.de> sh: rework sync_file_range ABI Dragan Simic <dsimic(a)manjaro.org> kbuild: Install dtb files as 0644 in Makefile.dtbinst Yuntao Wang <ytcoode(a)gmail.com> cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: recover socket queue on CAN bus error during BAM transmission Shigeru Yoshida <syoshida(a)redhat.com> net: can: j1939: Initialize unused data in j1939_send_one() Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> tty: mcf: MCF54418 has 10 UARTS Stefan Eichenberger <stefan.eichenberger(a)toradex.com> serial: imx: set receiver level before starting uart Udit Kumar <u-kumar1(a)ti.com> serial: 8250_omap: Implementation of Errata i2310 Meng Li <Meng.Li(a)windriver.com> usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix endpoint checking in cxacru_bind() Dan Carpenter <dan.carpenter(a)linaro.org> usb: musb: da8xx: fix a resource leak in probe() Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: fix races against disable Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: SS+ support Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: improve link status logs Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix sensor data read operation Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix overflows in compensate() functions Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix calibration data variable Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix pressure value output Alexander Sverdlin <alexander.sverdlin(a)siemens.com> iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF Fernando Yang <hagisf(a)usp.br> iio: adc: ad7266: Fix variable checking bug Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: discard write requests while old command is running Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: don't erase registers after STOP Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not invert write-protect twice Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Jan Kara <jack(a)suse.cz> ocfs2: fix DIO failure due to insufficient transaction credits Arnd Bergmann <arnd(a)arndb.de> parisc: use generic sys_fanotify_mark implementation Linus Torvalds <torvalds(a)linux-foundation.org> x86: stop playing stack games in profile_pc() Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Aleksandr Mishin <amishin(a)t-argos.ru> gpio: davinci: Validate the obtained number of IRQs Liu Ying <victor.liu(a)nxp.com> drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Hannes Reinecke <hare(a)suse.de> nvme: fixup comment for nvme RDMA Provider Type Erick Archer <erick.archer(a)outlook.com> drm/radeon/radeon_display: Decrease the size of allocated memory Andrew Davis <afd(a)ti.com> soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Ricardo Ribalda <ribalda(a)chromium.org> media: dvbdev: Initialize sbuf Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emux: improve patch ioctl data validation Joachim Vandersmissen <git(a)jvdsn.com> crypto: ecdh - explicitly zeroize private_key Dawei Li <dawei.li(a)shingroup.cn> net/dpaa2: Avoid explicit cpumask var allocation on stack Dawei Li <dawei.li(a)shingroup.cn> net/iucv: Avoid explicit cpumask var allocation on stack Wenchao Hao <haowenchao2(a)huawei.com> RDMA/restrack: Fix potential invalid address access Anton Protopopov <aspsk(a)isovalent.com> bpf: Add a check for struct bpf_fib_lookup size Denis Arefev <arefev(a)swemel.ru> mtd: partitions: redboot: Added conversion of operands to a larger type Uros Bizjak <ubizjak(a)gmail.com> x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup Maxime Coquelin <maxime.coquelin(a)redhat.com> vduse: Temporarily fail if control queue feature requested Maxime Coquelin <maxime.coquelin(a)redhat.com> vduse: validate block features only with block devices Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Christophe Leroy <christophe.leroy(a)csgroup.eu> bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() Yunseong Kim <yskelg(a)gmail.com> tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO Arnd Bergmann <arnd(a)arndb.de> parisc: use correct compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix old compat_sys_select() luoxuanqiang <luoxuanqiang(a)kylinos.cn> Fix race for duplicate reqsk on identical SYN Akhmat Karakotov <hmukos(a)yandex-team.ru> tcp: Use BPF timeout setting for SYN ACK RTO Daniil Dulov <d.dulov(a)aladdin.ru> xdp: Remove WARN() from __xdp_reg_mem_model() Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: phy: micrel: add Microchip KSZ 9477 to the device table Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Free any outstanding tx skbs during scrq reset Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix initial port flush problem Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> ASoC: fsl-asoc-card: set priv->pdev before using it Oleksij Rempel <linux(a)rempel-privat.de> net: stmmac: Assign configured channel value to EXTTS event Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: mdio: add helpers to extract clause 45 regad and devad fields Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix UBSAN warning in kv_dpm.c Steve French <stfrench(a)microsoft.com> cifs: fix typo in module parameter enable_gcm_256 Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: use dedicated pinctrl type for RK3328 Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins Hagar Hemdan <hagarhem(a)amazon.com> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER John Keeping <jkeeping(a)inmusicbrands.com> Input: ili210x - fix ili251x_read_touch_data() return value Ziwei Xiao <ziweixiao(a)google.com> gve: Clear napi->skb before dev_kfree_skb_any() David Awogbemila <awogbemila(a)google.com> gve: Add RX context. Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Force StorageD3Enable on more products Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable Jan Beulich <jbeulich(a)suse.com> x86/mm/numa: Use NUMA_NO_NODE when calling memblock_set_node() Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix deadlock in smb2_find_smb_tcon() Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Check for invalid SMN reads Naveen Naidu <naveennaidu479(a)gmail.com> PCI: Add PCI_ERROR_RESPONSE and related definitions Haifeng Xu <haifeng.xu(a)shopee.com> perf/core: Fix missing wakeup when waiting for context reference Nam Cao <namcao(a)linutronix.de> riscv: fix overlap of allocated page and PTR_ERR Jisheng Zhang <jszhang(a)kernel.org> riscv: mm: init: try best to use IS_ENABLED(CONFIG_64BIT) instead of #ifdef Matthias Maennich <maennich(a)google.com> kheaders: explicitly define file modes for archived headers Masahiro Yamada <masahiroy(a)kernel.org> Revert "kheaders: substituting --sort in archive creation" Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Disarm breadcrumbs if engines are already idle Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Only kick the signal worker if there's been an update Nandor Kracser <bonifaido(a)gmail.com> ksmbd: ignore trailing slashes in share paths Tony Luck <tony.luck(a)intel.com> x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL Tony Luck <tony.luck(a)intel.com> x86/cpu/vfm: Add new macros to work with (vendor/family/model) values Jeff Johnson <quic_jjohnson(a)quicinc.com> tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test Matthew Mirvish <matthew(a)mm12.xyz> bcache: fix variable length array abuse in btree_iter Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> pmdomain: ti-sci: Fix duplicate PD referrals Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power Kees Cook <keescook(a)chromium.org> rtlwifi: rtl8192de: Style clean-ups Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdkv310: fix keypad no-autorepeat Adrian Hunter <adrian.hunter(a)intel.com> perf script: Show also errors for --insn-trace option Changbin Du <changbin.du(a)huawei.com> perf: script: add raw|disasm arguments to --insn-trace option Martin Leung <martin.leung(a)amd.com> drm/amd/display: revert Exit idle optimizations before HDCP execution Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema Grygorii Tertychnyi <grembeter(a)gmail.com> i2c: ocores: set IACK bit after core is enabled Eric Dumazet <edumazet(a)google.com> tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() Aleksandr Nogikh <nogikh(a)google.com> kcov: don't lose track of remote references during softirqs Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 14 Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: fix UBSAN warning in kv_dpm.c Jani Nikula <jani.nikula(a)intel.com> drm/i915/mso: using joiner is not possible with eDP MSO Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on N14AP7 Sean Christopherson <seanjc(a)google.com> KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes Boris Burkov <boris(a)bur.io> btrfs: retry block group reclaim without infinite loop Ignat Korchagin <ignat(a)cloudflare.com> net: do not leave a dangling sk pointer, when socket creation fails Erwan Le Ray <erwan.leray(a)foss.st.com> serial: stm32: rework RX over DMA Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Add check for srq max_sge attribute Raju Rangoju <Raju.Rangoju(a)amd.com> ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Kalle Niemi <kaleposti(a)gmail.com> regulator: bd71815: fix ramp values Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix missing kmem_cache_destroy() Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix error path in ioat3_dma_probe() Bjorn Helgaas <bhelgaas(a)google.com> dmaengine: ioat: use PCI core macros for PCIe Capability Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix leaking on version mismatch Bjorn Helgaas <bhelgaas(a)google.com> dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() Qing Wang <wangqing(a)vivo.com> dmaengine: ioat: switch from 'pci_' to 'dma_' API Li RongQing <lirongqing(a)baidu.com> dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Biju Das <biju.das.jz(a)bp.renesas.com> regulator: core: Fix modpost error "regulator_get_regmap" undefined Oliver Neukum <oneukum(a)suse.com> net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: Restore PTP tx_avail count in case of skb_pad() error Jianguo Wu <wujianguo(a)chinatelecom.cn> seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix suspicious rcu_dereference_protected() Simon Horman <horms(a)kernel.org> octeontx2-pf: Add error handling to VLAN unoffload handling Heng Qi <hengqi(a)linux.alibaba.com> virtio_net: checksum offloading handling fix Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: No need to calculate speed divider when offload is disabled Dan Carpenter <dan.carpenter(a)linaro.org> ptp: fix integer overflow in max_vclocks_store Xin Long <lucien.xin(a)gmail.com> sched: act_ct: add netns into the key of tcf_ct_flow_table Vlad Buslov <vladbu(a)nvidia.com> net/sched: act_ct: set 'net' pointer when creating new nf_flow_table Xin Long <lucien.xin(a)gmail.com> tipc: force a dst refcount before doing decryption David Ruth <druth(a)chromium.org> net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_api: rely on rcu in tcf_idr_check_alloc Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Make interrupt remembering atomic Yue Haibing <yuehaibing(a)huawei.com> netns: Make get_net_ns() handle zero refcount net Eric Dumazet <edumazet(a)google.com> xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL dereference in rt6_probe() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL deref in fib6_nh_init() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> netrom: Fix a memory leak in nr_heartbeat_expiry() Ondrej Mosnacek <omosnace(a)redhat.com> cipso: fix total option length computation Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: Build event generation tests only as modules Christian Marangi <ansuelsmth(a)gmail.com> mips: bmips: BCM6358: make sure CBR is correctly set Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> MIPS: Routerboard 532: Fix vendor retry check code Parker Newman <pnewman(a)connecttech.com> serial: exar: adding missing CTI and Exar PCI ids Esben Haabendal <esben(a)geanix.com> serial: imx: Introduce timeout when waiting on transmitter empty Songyang Li <leesongyang(a)outlook.com> MIPS: Octeon: Add PCIe link status check Mario Limonciello <mario.limonciello(a)amd.com> PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports Roman Smirnov <r.smirnov(a)omp.ru> udf: udftime: prevent overflow in udf_disk_stamp_to_time() Joao Pinto <Joao.Pinto(a)synopsys.com> Avoid hw_desc array overrun in dw-axi-dmac Alex Henrie <alexhenrie24(a)gmail.com> usb: misc: uss720: check for incompatible versions of the Belkin F5U002 Yunlei He <heyunlei(a)oppo.com> f2fs: remove clear SB_INLINECRYPT flag in default_options Aleksandr Aprelkov <aaprelkov(a)usergate.com> iommu/arm-smmu-v3: Free MSIs in case of ENOMEM Tzung-Bi Shih <tzungbi(a)kernel.org> power: supply: cros_usbpd: provide ID table for avoiding fallback match Michael Ellerman <mpe(a)ellerman.id.au> powerpc/io: Avoid clang null pointer arithmetic warnings Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries: Enforce hcall result buffer validity and size Erico Nunes <nunes.erico(a)gmail.com> drm/lima: mask irqs in timeout path before hard reset Erico Nunes <nunes.erico(a)gmail.com> drm/lima: add mask irq callback to gp and pp Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Exit idle optimizations before HDCP execution Uri Arev <me(a)wantyapps.xyz> Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl Takashi Iwai <tiwai(a)suse.de> ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 Sean O'Brien <seobrien(a)chromium.org> HID: Add quirk for Logitech Casa touchpad Breno Leitao <leitao(a)debian.org> netpoll: Fix race condition in netpoll_owner_active Kunwu Chan <chentao(a)kylinos.cn> kselftest: arm64: Add a null pointer check Manish Rangankar <mrangankar(a)marvell.com> scsi: qedi: Fix crash while reading debugfs attribute Wander Lairson Costa <wander(a)redhat.com> drop_monitor: replace spin_lock by raw_spin_lock Eric Dumazet <edumazet(a)google.com> af_packet: avoid a false positive warning in packet_setsockopt() Arnd Bergmann <arnd(a)arndb.de> wifi: ath9k: work around memset overflow warning Eric Dumazet <edumazet(a)google.com> batman-adv: bypass empty buckets in batadv_purge_orig_ref() Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix flaky test btf_map_in_map/lookup_update Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh Justin Stitt <justinstitt(a)google.com> block/ioctl: prefer different overflow check Zqiang <qiang.zhang1211(a)gmail.com> rcutorture: Fix invalid context warning when enable srcu barrier testing Zqiang <qiang.zhang1211(a)gmail.com> rcutorture: Make stall-tasks directly exit when rcutorture tests end Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/sec - Fix memory leak for sec resource release Herbert Xu <herbert(a)gondor.apana.org.au> padata: Disable BH when taking works lock on MT path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: qca: Fix error code in qca_read_fw_build_info() Oleg Nesterov <oleg(a)redhat.com> zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING Jean Delvare <jdelvare(a)suse.de> i2c: designware: Fix the functionality flags of the slave-only interface Jean Delvare <jdelvare(a)suse.de> i2c: at91: Fix the functionality flags of the slave-only interface Shichao Lai <shichaorai(a)gmail.com> usb-storage: alauda: Check whether the media is initialized Sicong Huang <congei42(a)163.com> greybus: Fix use-after-free bug in gb_interface_release due to race condition. Nathan Chancellor <nathan(a)kernel.org> kbuild: Remove support for Clang's ThinLTO caching YonglongLi <liyonglong(a)chinatelecom.cn> mptcp: pm: update add_addr counters after connect YonglongLi <liyonglong(a)chinatelecom.cn> mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID Matthias Goergens <matthias.goergens(a)gmail.com> hugetlb_encode.h: fix undefined behaviour (34 << 26) Doug Brown <doug(a)schmorgal.com> serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level Miaohe Lin <linmiaohe(a)huawei.com> mm/huge_memory: don't unpoison huge_zero_folio Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Fix ATA NCQ priority support Oleg Nesterov <oleg(a)redhat.com> tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential kernel bug due to lack of writeback flag waiting Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Lunar Lake support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Sapphire Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids support Nuno Sa <nuno.sa(a)analog.com> dmaengine: axi-dmac: fix possible race in remove() Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Su Yue <glass.su(a)suse.com> ocfs2: fix races between hole punching and AIO+DIO Su Yue <glass.su(a)suse.com> ocfs2: use coarse time for new created files Rik van Riel <riel(a)surriel.com> fs/proc: fix softlockup in __read_vmcore Trond Myklebust <trond.myklebust(a)hammerspace.com> knfsd: LOOKUP can return an illegal error value Vamshi Gajjela <vamshigajjela(a)google.com> spmi: hisi-spmi-controller: Do not override device identifier Hagar Gamal Halim Hemdan <hagarhem(a)amazon.com> vmci: prevent speculation leaks by sanitizing event in event_deliver() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> sock_map: avoid race between sock_map_close and sk_psock_put Damien Le Moal <dlemoal(a)kernel.org> null_blk: Print correct max open zones limit in null_init_zoned_dev() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing/selftests: Fix kprobe event name test for .isra. functions Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_una is properly initialized on connect Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found Jani Nikula <jani.nikula(a)intel.com> drm/exynos/vidi: fix memory leak in .get_modes() Dirk Behme <dirk.behme(a)de.bosch.com> drivers: core: synchronize really_probe() and dev_uevent() Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: delete unneeded update watermark call Marc Ferland <marc.ferland(a)sonatest.com> iio: dac: ad5592r: fix temperature channel scaling value David Lechner <dlechner(a)baylibre.com> iio: adc: ad9467: fix scan type sign Rao Shoaib <Rao.Shoaib(a)oracle.com> af_unix: Read with MSG_PEEK loops if the first unread byte is OOB Taehee Yoo <ap420073(a)gmail.com> ionic: fix use after netif_napi_del() Petr Pavlu <petr.pavlu(a)suse.com> net/ipv6: Fix the RT cache flush via sysctl using a previous delay Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_v6_syn_recv_sock() Adam Miotk <adam.miotk(a)arm.com> drm/bridge/panel: Fix runtime warning on panel bridge release Amjad Ouled-Ameur <amjad.ouled-ameur(a)arm.com> drm/komeda: check for error-valued pointer Aleksandr Mishin <amishin(a)t-argos.ru> liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet Jie Wang <wangjie125(a)huawei.com> net: hns3: add cond_resched() to hns3 ring buffer init process Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash problem in concurrent scenario Csókás, Bence <csokas.bence(a)prolan.hu> net: sfp: Always call `sfp_sm_mod_remove()` on remove Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: 3D disabled should not effect STDU memory limits José Expósito <jose.exposito89(a)gmail.com> HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Return right value in iommu_sva_bind_device() Kun(llfl) <llfl(a)linux.alibaba.com> iommu/amd: Fix sysfs leak in iommu init Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Introduce pci segment structure Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: core: remove unnecessary WARN_ON() in implement() Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> gpio: tqmx86: store IRQ trigger type and unmask status separately Gregor Herburger <gregor.herburger(a)tq-group.com> gpio: tqmx86: fix typo in Kconfig label Armin Wolf <W_Armin(a)gmx.de> platform/x86: dell-smbios: Fix wrong token data in sysfs ye xingchen <ye.xingchen(a)zte.com.cn> platform/x86: dell-smbios-base: Use sysfs_emit() Chen Hanxiao <chenhx.fnst(a)fujitsu.com> SUNRPC: return proper error from gss_wrap_req_priv Samuel Holland <samuel.holland(a)sifive.com> clk: sifive: Do not register clkdevs for PRCI clocks Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: try trimming too long modalias strings Michael Ellerman <mpe(a)ellerman.id.au> powerpc/uaccess: Fix build errors seen with GCC 13/14 Breno Leitao <leitao(a)debian.org> scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply broken streams quirk to Etron EJ188 xHCI host Hector Martin <marcan(a)marcan.st> xhci: Handle TD clearing for multiple streams case Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply reset resume quirk to Etron EJ188 xHCI host Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set correct transferred length for cancelled bulk transfers Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> jfs: xattr: fix buffer overflow for invalid xattr Tomas Winkler <tomas.winkler(a)intel.com> mei: me: release irq in mei_me_pci_resume error path Kyle Tso <kyletso(a)google.com> usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state Alan Stern <stern(a)rowland.harvard.edu> USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: return the mapped address from nilfs_get_page() Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: Remove check for PageError Filipe Manana <fdmanana(a)suse.com> btrfs: fix leak of qgroup extent records after transaction abort Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> wifi: ath10k: fix QCOM_RPROC_COMMON dependency Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix bogus test success on Aarch64 Mark Brown <broonie(a)kernel.org> selftests/mm: log a consistent test name for check_compaction Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: conform test to TAP format output Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Frank van der Linden <fvdl(a)google.com> mm/cma: drop incorrect alignment check in cma_init_reserved_mem David Hildenbrand <david(a)redhat.com> cma: factor out minimum alignment requirement Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> i2c: acpi: Unbind mux adapters before delete Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> i2c: add fwnode APIs Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mmc: davinci: Don't strip remove function when driver is builtin Yangtao Li <frank.li(a)vivo.com> mmc: davinci_mmc: Convert to platform remove callback returning void Zheng Yejian <zhengyejian1(a)huawei.com> ftrace: Fix possible use-after-free issue in ftrace_location() Peter Zijlstra <peterz(a)infradead.org> x86/ibt,ftrace: Search for __fentry__ location Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: replace hardcoded divisor value with BIT() macro Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Neil Armstrong <neil.armstrong(a)linaro.org> Bluetooth: qca: use switch case for soc type behavior Luca Weiss <luca.weiss(a)fairphone.com> Bluetooth: btqca: Add WCN3988 support Min-Hua Chen <minhuadotchen(a)gmail.com> Bluetooth: btqca: use le32_to_cpu for ver.soc_id Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Bluetooth: hci_qca: mark OF related data as maybe unused Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> skbuff: introduce skb_pull_data Thomas Weißschuh <linux(a)weissschuh.net> misc/pvpanic-pci: register attributes via pci_driver Thomas Weißschuh <linux(a)weissschuh.net> misc/pvpanic: deduplicate common code Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pvpanic: Indentation fixes here and there Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pvpanic: Keep single style across modules Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> drm/amd/display: drop unnecessary NULL checks in debugfs Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> drm/amd/display: Clean up some inconsistent indenting George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Reset chip on probe() and resume() Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete John Keeping <john(a)metanate.com> usb: gadget: f_fs: use io_data->status consistently Eric Dumazet <edumazet(a)google.com> ipv6: fix possible race in __fib6_drop_pcpu_from() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use skb_queue_empty_lockless() in unix_release_sock(). Eric Dumazet <edumazet(a)google.com> af_unix: annotate lockless accesses to sk->sk_err Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_stream_connect(). Eric Dumazet <edumazet(a)google.com> net: drop nopreempt requirement on sock_prot_inuse_add() Eric Dumazet <edumazet(a)google.com> net: inline sock_prot_inuse_add() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annodate data-races around sk->sk_state for writers. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. Karol Kolacinski <karol.kolacinski(a)intel.com> ptp: Fix error message on failed pin verification Eric Dumazet <edumazet(a)google.com> net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP Jason Xing <kernelxing(a)tencent.com> tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Hangyu Hua <hbh25y(a)gmail.com> net: sched: sch_multiq: fix possible OOB write in multiq_tune() Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Always allocate PF entries from low prioriy zone Jiri Olsa <jolsa(a)kernel.org> bpf: Set run context for rawtp test_run callback Eric Dumazet <edumazet(a)google.com> ipv6: sr: block BH in seg6_output_core() and seg6_input_core() DelphineCCChiu <delphine_cc_chiu(a)wiwynn.com> net/ncsi: Fix the multi thread manner of NCSI driver Peter Delevoryas <peter(a)pjd.dev> net/ncsi: Simplify Kconfig/dts control flow Lingbo Kong <quic_lingbok(a)quicinc.com> wifi: mac80211: correctly parse Spatial Reuse Parameter Set element Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't read past the mfuart notifcation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: check n_ssids before accessing the ssids Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 Lin Ma <linma(a)zju.edu.cn> wifi: cfg80211: pmsr: use correct nla_get_uX functions Remi Pommarel <repk(a)triplefau.lt> wifi: cfg80211: Lock wiphy in cfg80211_get_station Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects ------------- Diffstat: .../bindings/i2c/google,cros-ec-i2c-tunnel.yaml | 2 +- Makefile | 9 +- arch/arm/boot/dts/exynos4210-smdkv310.dts | 2 +- arch/arm/boot/dts/exynos4412-origen.dts | 2 +- arch/arm/boot/dts/exynos4412-smdk4412.dts | 2 +- arch/arm/boot/dts/rk3066a.dtsi | 1 + arch/arm64/boot/dts/freescale/imx8qm-mek.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3328-rock-pi-e.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 + arch/arm64/include/asm/kvm_host.h | 1 + arch/arm64/include/asm/unistd32.h | 2 +- arch/arm64/kvm/arm.c | 6 +- arch/arm64/kvm/vgic/vgic-v3.c | 2 +- arch/arm64/kvm/vgic/vgic-v4.c | 8 +- arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/asm/syscalls.h | 6 + arch/hexagon/include/uapi/asm/unistd.h | 1 + arch/hexagon/kernel/syscalltab.c | 7 + arch/mips/bmips/setup.c | 3 +- arch/mips/kernel/syscalls/syscall_n32.tbl | 2 +- arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/mips/pci/ops-rc32434.c | 4 +- arch/mips/pci/pcie-octeon.c | 6 + arch/parisc/Kconfig | 1 + arch/parisc/kernel/sys_parisc32.c | 9 - arch/parisc/kernel/syscalls/syscall.tbl | 6 +- arch/powerpc/include/asm/fadump-internal.h | 5 - arch/powerpc/include/asm/hvcall.h | 8 +- arch/powerpc/include/asm/io.h | 24 +- arch/powerpc/include/asm/uaccess.h | 15 +- arch/powerpc/kernel/fadump.c | 2 +- arch/powerpc/kernel/syscalls/syscall.tbl | 2 +- arch/riscv/mm/init.c | 58 ++--- arch/s390/kernel/syscalls/syscall.tbl | 2 +- arch/sh/kernel/sys_sh32.c | 11 + arch/sh/kernel/syscalls/syscall.tbl | 3 +- arch/sparc/kernel/sys32.S | 221 ----------------- arch/sparc/kernel/syscalls/syscall.tbl | 8 +- arch/x86/entry/syscalls/syscall_32.tbl | 2 +- arch/x86/include/asm/cpu_device_id.h | 98 ++++++++ arch/x86/include/asm/efi.h | 11 + arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/cpu/match.c | 4 +- arch/x86/kernel/fpu/core.c | 4 +- arch/x86/kernel/kprobes/core.c | 11 +- arch/x86/kernel/time.c | 20 +- arch/x86/kvm/x86.c | 9 +- arch/x86/mm/numa.c | 6 +- arch/x86/platform/efi/Makefile | 3 +- arch/x86/platform/efi/efi.c | 8 +- arch/x86/platform/efi/memmap.c | 249 +++++++++++++++++++ block/ioctl.c | 2 +- crypto/ecdh.c | 2 + drivers/acpi/acpica/exregion.c | 23 +- drivers/acpi/video_detect.c | 8 + drivers/acpi/x86/utils.c | 23 +- drivers/ata/ahci.c | 17 +- drivers/ata/libata-core.c | 8 +- drivers/base/core.c | 3 + drivers/block/null_blk/zoned.c | 2 +- drivers/bluetooth/ath3k.c | 25 +- drivers/bluetooth/btqca.c | 186 +++++++++++--- drivers/bluetooth/btqca.h | 36 +-- drivers/bluetooth/hci_qca.c | 266 ++++++++++++++++----- drivers/clk/sifive/sifive-prci.c | 8 - drivers/crypto/hisilicon/sec2/sec_crypto.c | 4 +- drivers/dma/dma-axi-dmac.c | 2 +- drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c | 6 +- drivers/dma/dw-axi-dmac/dw-axi-dmac.h | 1 + drivers/dma/idxd/irq.c | 4 +- drivers/dma/ioat/init.c | 73 +++--- drivers/dma/ioat/registers.h | 7 - drivers/firmware/efi/fdtparams.c | 4 + drivers/firmware/efi/memmap.c | 239 +----------------- drivers/gpio/Kconfig | 2 +- drivers/gpio/gpio-davinci.c | 5 + drivers/gpio/gpio-tqmx86.c | 46 ++-- drivers/gpio/gpiolib-cdev.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 18 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 144 +++++------ .../amd/display/dc/dcn10/dcn10_stream_encoder.c | 6 + drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c | 2 + .../drm/arm/display/komeda/komeda_pipeline_state.c | 2 +- drivers/gpu/drm/bridge/panel.c | 7 +- drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 7 +- drivers/gpu/drm/i915/display/intel_dp.c | 4 + drivers/gpu/drm/i915/gt/intel_breadcrumbs.c | 16 +- drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 + drivers/gpu/drm/lima/lima_bcast.c | 12 + drivers/gpu/drm/lima/lima_bcast.h | 3 + drivers/gpu/drm/lima/lima_gp.c | 8 + drivers/gpu/drm/lima/lima_pp.c | 18 ++ drivers/gpu/drm/lima/lima_sched.c | 7 + drivers/gpu/drm/lima/lima_sched.h | 1 + drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 + drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 +- drivers/gpu/drm/panel/panel-simple.c | 1 + drivers/gpu/drm/radeon/radeon.h | 1 - drivers/gpu/drm/radeon/radeon_display.c | 8 +- drivers/gpu/drm/radeon/sumo_dpm.c | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 - drivers/greybus/interface.c | 1 + drivers/hid/hid-core.c | 1 - drivers/hid/hid-ids.h | 1 + drivers/hid/hid-logitech-dj.c | 4 +- drivers/hid/hid-multitouch.c | 6 + drivers/hwtracing/intel_th/pci.c | 25 ++ drivers/i2c/busses/i2c-at91-slave.c | 3 +- drivers/i2c/busses/i2c-designware-slave.c | 2 +- drivers/i2c/busses/i2c-ocores.c | 2 +- drivers/i2c/i2c-core-acpi.c | 30 +-- drivers/i2c/i2c-core-base.c | 98 ++++++++ drivers/i2c/i2c-core-of.c | 66 ----- drivers/i2c/i2c-slave-testunit.c | 5 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/accel/mxc4005.c | 68 ++++++ drivers/iio/adc/ad7266.c | 2 + drivers/iio/adc/ad9467.c | 4 +- drivers/iio/chemical/bme680.h | 2 + drivers/iio/chemical/bme680_core.c | 62 ++++- drivers/iio/dac/ad5592r-base.c | 2 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 4 - drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 4 - drivers/infiniband/core/restrack.c | 51 +--- drivers/infiniband/hw/mlx5/srq.c | 13 +- drivers/input/input.c | 105 ++++++-- drivers/input/touchscreen/ili210x.c | 4 +- drivers/iommu/amd/amd_iommu_types.h | 24 +- drivers/iommu/amd/init.c | 55 ++++- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/md/bcache/bset.c | 44 ++-- drivers/md/bcache/bset.h | 28 ++- drivers/md/bcache/btree.c | 40 ++-- drivers/md/bcache/super.c | 5 +- drivers/md/bcache/sysfs.c | 2 +- drivers/md/bcache/writeback.c | 10 +- drivers/media/dvb-core/dvbdev.c | 2 +- drivers/misc/mei/pci-me.c | 4 +- drivers/misc/pvpanic/pvpanic-mmio.c | 59 +---- drivers/misc/pvpanic/pvpanic-pci.c | 80 +------ drivers/misc/pvpanic/pvpanic.c | 90 ++++++- drivers/misc/pvpanic/pvpanic.h | 10 +- drivers/misc/vmw_vmci/vmci_event.c | 6 +- drivers/mmc/host/davinci_mmc.c | 6 +- drivers/mmc/host/sdhci-pci-core.c | 11 +- drivers/mmc/host/sdhci.c | 25 +- drivers/mtd/parsers/redboot.c | 2 +- drivers/net/dsa/microchip/ksz9477.c | 7 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 +- drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 +- drivers/net/ethernet/google/gve/gve.h | 13 +- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 76 +++--- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 21 +- drivers/net/ethernet/ibm/ibmvnic.c | 6 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 33 ++- .../net/ethernet/marvell/octeontx2/nic/otx2_txrx.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 +- drivers/net/ethernet/qualcomm/qca_debug.c | 6 +- drivers/net/ethernet/qualcomm/qca_spi.c | 16 +- drivers/net/ethernet/qualcomm/qca_spi.h | 3 +- .../net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 6 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 55 ++--- drivers/net/phy/micrel.c | 1 + drivers/net/phy/sfp.c | 3 +- drivers/net/usb/ax88179_178a.c | 6 +- drivers/net/usb/rtl8150.c | 3 +- drivers/net/virtio_net.c | 12 +- drivers/net/vxlan/vxlan_core.c | 4 + drivers/net/wireless/ath/ath.h | 6 +- drivers/net/wireless/ath/ath10k/Kconfig | 1 + drivers/net/wireless/ath/ath9k/main.c | 3 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 - drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 4 +- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 19 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 1 - drivers/of/of_reserved_mem.c | 9 +- drivers/pci/controller/pcie-rockchip-ep.c | 6 +- drivers/pci/pci.c | 12 + drivers/pinctrl/core.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 68 +++++- drivers/pinctrl/pinctrl-rockchip.h | 1 + drivers/platform/x86/dell/dell-smbios-base.c | 91 +++---- drivers/power/supply/cros_usbpd-charger.c | 11 +- drivers/ptp/ptp_chardev.c | 3 +- drivers/ptp/ptp_sysfs.c | 3 +- drivers/pwm/pwm-stm32.c | 3 + drivers/regulator/bd71815-regulator.c | 2 +- drivers/regulator/core.c | 1 + drivers/scsi/mpi3mr/mpi3mr.h | 1 + drivers/scsi/mpi3mr/mpi3mr_os.c | 67 ++++++ drivers/scsi/mpt3sas/mpt3sas_base.c | 19 ++ drivers/scsi/mpt3sas/mpt3sas_base.h | 3 - drivers/scsi/mpt3sas/mpt3sas_ctl.c | 4 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 25 -- drivers/scsi/qedi/qedi_debugfs.c | 12 +- drivers/scsi/scsi_transport_sas.c | 29 +++ drivers/soc/ti/ti_sci_pm_domains.c | 20 +- drivers/soc/ti/wkup_m3_ipc.c | 7 +- drivers/spmi/hisi-spmi-controller.c | 1 - drivers/tty/serial/8250/8250_exar.c | 42 ++++ drivers/tty/serial/8250/8250_omap.c | 25 +- drivers/tty/serial/8250/8250_pxa.c | 1 + drivers/tty/serial/imx.c | 11 +- drivers/tty/serial/mcf.c | 2 +- drivers/tty/serial/sc16is7xx.c | 25 +- drivers/tty/serial/stm32-usart.c | 208 ++++++++++++---- drivers/tty/serial/stm32-usart.h | 12 +- drivers/usb/atm/cxacru.c | 14 ++ drivers/usb/class/cdc-wdm.c | 4 +- drivers/usb/dwc3/core.c | 6 - drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/f_printer.c | 40 +++- drivers/usb/host/xhci-pci.c | 7 + drivers/usb/host/xhci-ring.c | 59 +++-- drivers/usb/host/xhci.h | 1 + drivers/usb/misc/uss720.c | 22 +- drivers/usb/musb/da8xx.c | 8 +- drivers/usb/storage/alauda.c | 9 +- drivers/usb/typec/tcpm/tcpm.c | 1 + drivers/vdpa/vdpa_user/vduse_dev.c | 14 +- fs/btrfs/block-group.c | 11 +- fs/btrfs/disk-io.c | 10 +- fs/cifs/cifsfs.c | 2 +- fs/cifs/smb2transport.c | 2 +- fs/f2fs/super.c | 2 - fs/jfs/xattr.c | 4 +- fs/ksmbd/mgmt/share_config.c | 6 +- fs/nfs/read.c | 4 - fs/nfsd/nfsfh.c | 4 +- fs/nilfs2/dir.c | 59 +++-- fs/nilfs2/segment.c | 3 + fs/ocfs2/aops.c | 5 + fs/ocfs2/file.c | 2 + fs/ocfs2/journal.c | 17 ++ fs/ocfs2/journal.h | 2 + fs/ocfs2/namei.c | 2 +- fs/ocfs2/ocfs2_trace.h | 2 + fs/open.c | 4 +- fs/proc/vmcore.c | 2 + fs/udf/udftime.c | 11 +- include/kvm/arm_vgic.h | 2 +- include/linux/cma.h | 9 + include/linux/compat.h | 2 +- include/linux/efi.h | 10 +- include/linux/filter.h | 5 +- include/linux/i2c.h | 26 +- include/linux/iommu.h | 2 +- include/linux/kcov.h | 2 + include/linux/mdio.h | 12 + include/linux/mod_devicetable.h | 2 + include/linux/nvme.h | 4 +- include/linux/pci.h | 9 + include/linux/skbuff.h | 2 + include/linux/syscalls.h | 8 +- include/net/bluetooth/hci_core.h | 36 ++- include/net/inet_connection_sock.h | 10 +- include/net/netfilter/nf_tables.h | 5 + include/net/request_sock.h | 2 + include/net/sock.h | 16 +- include/net/tcp.h | 2 +- include/scsi/scsi_transport_sas.h | 2 + include/trace/events/qdisc.h | 2 +- include/uapi/asm-generic/hugetlb_encode.h | 26 +- include/uapi/asm-generic/unistd.h | 2 +- kernel/bpf/core.c | 4 +- kernel/bpf/trampoline.c | 20 +- kernel/bpf/verifier.c | 8 +- kernel/cpu.c | 8 +- kernel/dma/contiguous.c | 4 +- kernel/events/core.c | 13 + kernel/gcov/gcc_4_7.c | 4 +- kernel/gen_kheaders.sh | 9 +- kernel/kcov.c | 1 + kernel/kprobes.c | 8 +- kernel/padata.c | 8 +- kernel/pid_namespace.c | 1 + kernel/rcu/rcutorture.c | 16 +- kernel/sys_ni.c | 2 +- kernel/time/tick-common.c | 42 ++-- kernel/trace/Kconfig | 4 +- kernel/trace/ftrace.c | 71 ++++-- kernel/trace/preemptirq_delay_test.c | 1 + mm/cma.c | 20 +- mm/memory-failure.c | 7 + net/batman-adv/originator.c | 29 +++ net/bluetooth/l2cap_core.c | 8 +- net/bpf/test_run.c | 6 + net/can/j1939/main.c | 6 +- net/can/j1939/transport.c | 21 +- net/core/drop_monitor.c | 20 +- net/core/filter.c | 3 + net/core/net_namespace.c | 9 +- net/core/netpoll.c | 2 +- net/core/skbuff.c | 24 ++ net/core/sock.c | 20 +- net/core/sock_map.c | 16 +- net/core/xdp.c | 4 +- net/dccp/ipv4.c | 7 +- net/dccp/ipv6.c | 7 +- net/ieee802154/socket.c | 4 +- net/ipv4/af_inet.c | 23 +- net/ipv4/cipso_ipv4.c | 12 +- net/ipv4/inet_connection_sock.c | 22 +- net/ipv4/raw.c | 2 +- net/ipv4/tcp.c | 16 +- net/ipv4/tcp_input.c | 50 +++- net/ipv4/tcp_minisocks.c | 5 +- net/ipv6/af_inet6.c | 24 +- net/ipv6/ip6_fib.c | 6 +- net/ipv6/ipv6_sockglue.c | 17 +- net/ipv6/route.c | 9 +- net/ipv6/seg6_iptunnel.c | 14 +- net/ipv6/seg6_local.c | 8 +- net/ipv6/tcp_ipv6.c | 9 +- net/ipv6/xfrm6_policy.c | 8 +- net/iucv/iucv.c | 26 +- net/mac80211/he.c | 10 +- net/mac80211/mesh_pathtbl.c | 13 + net/mac80211/sta_info.c | 4 +- net/mptcp/pm_netlink.c | 21 +- net/mptcp/protocol.c | 1 + net/ncsi/internal.h | 2 + net/ncsi/ncsi-manage.c | 95 ++++---- net/ncsi/ncsi-rsp.c | 4 +- net/netfilter/ipset/ip_set_core.c | 104 ++++---- net/netfilter/ipset/ip_set_list_set.c | 30 ++- net/netfilter/nf_tables_api.c | 8 +- net/netfilter/nft_lookup.c | 3 +- net/netlink/af_netlink.c | 4 - net/netrom/nr_timer.c | 3 +- net/packet/af_packet.c | 30 ++- net/sched/act_api.c | 66 +++-- net/sched/act_ct.c | 21 +- net/sched/sch_multiq.c | 2 +- net/sched/sch_taprio.c | 15 +- net/sctp/socket.c | 5 - net/smc/af_smc.c | 2 +- net/sunrpc/auth_gss/auth_gss.c | 4 +- net/tipc/node.c | 1 + net/unix/af_unix.c | 113 +++++---- net/unix/diag.c | 12 +- net/wireless/pmsr.c | 8 +- net/wireless/util.c | 7 +- net/xdp/xsk.c | 4 - scripts/Makefile.dtbinst | 2 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl-asoc-card.c | 3 +- sound/synth/emux/soundfont.c | 17 +- tools/include/asm-generic/hugetlb_encode.h | 26 +- tools/perf/Documentation/perf-script.txt | 7 +- tools/perf/builtin-script.c | 24 +- tools/testing/selftests/arm64/tags/tags_test.c | 4 + .../selftests/bpf/prog_tests/btf_map_in_map.c | 26 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 +- .../ftrace/test.d/kprobe/kprobe_eventname.tc | 3 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 +- tools/testing/selftests/vm/compaction_test.c | 108 +++++---- 364 files changed, 3886 insertions(+), 2550 deletions(-)

10 months

10
371
0 0

[PATCH 5.4 000/183] 5.4.279-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.279 release. There are 183 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 06 Jul 2024 09:44:13 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.279-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.279-rc2 Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Add sound-dai-cells for RK3368 Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix data races around icsk->icsk_af_ops. Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix data races around sk->sk_prot. Eric Dumazet <edumazet(a)google.com> ipv6: annotate some data-races around sk->sk_prot Matthew Wilcox (Oracle) <willy(a)infradead.org> nfs: Leave pages in the pagecache if readpage failed Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Refuse too small period requests Jaime Liao <jaimeliao(a)mxic.com.tw> mtd: spinand: macronix: Add support for serial NAND flash Arnd Bergmann <arnd(a)arndb.de> ftruncate: pass a signed offset Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix double free on error Sven Eckelmann <sven(a)narfation.org> batman-adv: Don't accept TT entries for out-of-spec VIDs Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes Arnd Bergmann <arnd(a)arndb.de> hexagon: fix fadvise64_64 calling conventions Arnd Bergmann <arnd(a)arndb.de> csky, hexagon: fix broken sys_sync_file_range Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: recover socket queue on CAN bus error during BAM transmission Shigeru Yoshida <syoshida(a)redhat.com> net: can: j1939: Initialize unused data in j1939_send_one() Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> tty: mcf: MCF54418 has 10 UARTS Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix endpoint checking in cxacru_bind() Dan Carpenter <dan.carpenter(a)linaro.org> usb: musb: da8xx: fix a resource leak in probe() Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: SS+ support Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: improve link status logs Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix sensor data read operation Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix overflows in compensate() functions Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix calibration data variable Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix pressure value output Fernando Yang <hagisf(a)usp.br> iio: adc: ad7266: Fix variable checking bug Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not invert write-protect twice Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Linus Torvalds <torvalds(a)linux-foundation.org> x86: stop playing stack games in profile_pc() Aleksandr Mishin <amishin(a)t-argos.ru> gpio: davinci: Validate the obtained number of IRQs Hannes Reinecke <hare(a)suse.de> nvme: fixup comment for nvme RDMA Provider Type Andrew Davis <afd(a)ti.com> soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Ricardo Ribalda <ribalda(a)chromium.org> media: dvbdev: Initialize sbuf Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emux: improve patch ioctl data validation Dawei Li <dawei.li(a)shingroup.cn> net/dpaa2: Avoid explicit cpumask var allocation on stack Dawei Li <dawei.li(a)shingroup.cn> net/iucv: Avoid explicit cpumask var allocation on stack Denis Arefev <arefev(a)swemel.ru> mtd: partitions: redboot: Added conversion of operands to a larger type Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Arnd Bergmann <arnd(a)arndb.de> parisc: use correct compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix old compat_sys_select() Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: phy: micrel: add Microchip KSZ 9477 to the device table Divya Koppera <Divya.Koppera(a)microchip.com> net: phy: mchp: Add support for LAN8814 QUAD PHY Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix initial port flush problem Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> ASoC: fsl-asoc-card: set priv->pdev before using it Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate family when identifying table via handle Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix UBSAN warning in kv_dpm.c Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins Hagar Hemdan <hagarhem(a)amazon.com> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER Marc Ferland <marc.ferland(a)sonatest.com> iio: dac: ad5592r: fix temperature channel scaling value Alexandru Ardelean <alexandru.ardelean(a)analog.com> iio: dac: ad5592r: un-indent code-block for scale read Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Check for invalid SMN reads Naveen Naidu <naveennaidu479(a)gmail.com> PCI: Add PCI_ERROR_RESPONSE and related definitions Haifeng Xu <haifeng.xu(a)shopee.com> perf/core: Fix missing wakeup when waiting for context reference Matthias Maennich <maennich(a)google.com> kheaders: explicitly define file modes for archived headers Masahiro Yamada <masahiroy(a)kernel.org> Revert "kheaders: substituting --sort in archive creation" Jeff Johnson <quic_jjohnson(a)quicinc.com> tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: qcs404: fix bluetooth device address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdkv310: fix keypad no-autorepeat Grygorii Tertychnyi <grembeter(a)gmail.com> i2c: ocores: set IACK bit after core is enabled Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 14 Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: fix UBSAN warning in kv_dpm.c Raju Rangoju <Raju.Rangoju(a)amd.com> ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix missing kmem_cache_destroy() Biju Das <biju.das.jz(a)bp.renesas.com> regulator: core: Fix modpost error "regulator_get_regmap" undefined Oliver Neukum <oneukum(a)suse.com> net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix suspicious rcu_dereference_protected() Heng Qi <hengqi(a)linux.alibaba.com> virtio_net: checksum offloading handling fix David Ruth <druth(a)chromium.org> net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_api: rely on rcu in tcf_idr_check_alloc Yue Haibing <yuehaibing(a)huawei.com> netns: Make get_net_ns() handle zero refcount net Eric Dumazet <edumazet(a)google.com> xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL dereference in rt6_probe() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL deref in fib6_nh_init() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> netrom: Fix a memory leak in nr_heartbeat_expiry() Ondrej Mosnacek <omosnace(a)redhat.com> cipso: fix total option length computation Christian Marangi <ansuelsmth(a)gmail.com> mips: bmips: BCM6358: make sure CBR is correctly set Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> MIPS: Routerboard 532: Fix vendor retry check code Songyang Li <leesongyang(a)outlook.com> MIPS: Octeon: Add PCIe link status check Mario Limonciello <mario.limonciello(a)amd.com> PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports Roman Smirnov <r.smirnov(a)omp.ru> udf: udftime: prevent overflow in udf_disk_stamp_to_time() Alex Henrie <alexhenrie24(a)gmail.com> usb: misc: uss720: check for incompatible versions of the Belkin F5U002 Michael Ellerman <mpe(a)ellerman.id.au> powerpc/io: Avoid clang null pointer arithmetic warnings Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries: Enforce hcall result buffer validity and size Uri Arev <me(a)wantyapps.xyz> Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl Manish Rangankar <mrangankar(a)marvell.com> scsi: qedi: Fix crash while reading debugfs attribute Wander Lairson Costa <wander(a)redhat.com> drop_monitor: replace spin_lock by raw_spin_lock Eric Dumazet <edumazet(a)google.com> batman-adv: bypass empty buckets in batadv_purge_orig_ref() Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment Jean Delvare <jdelvare(a)suse.de> i2c: at91: Fix the functionality flags of the slave-only interface Shichao Lai <shichaorai(a)gmail.com> usb-storage: alauda: Check whether the media is initialized Sicong Huang <congei42(a)163.com> greybus: Fix use-after-free bug in gb_interface_release due to race condition. Florian Westphal <fw(a)strlen.de> netfilter: nftables: exthdr: fix 4-byte stack OOB write Matthias Goergens <matthias.goergens(a)gmail.com> hugetlb_encode.h: fix undefined behaviour (34 << 26) Vineeth Pillai <viremana(a)linux.microsoft.com> hv_utils: drain the timesync packets on onchannelcallback Oleg Nesterov <oleg(a)redhat.com> tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential kernel bug due to lack of writeback flag waiting Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Lunar Lake support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Sapphire Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids support Nuno Sa <nuno.sa(a)analog.com> dmaengine: axi-dmac: fix possible race in remove() Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Su Yue <glass.su(a)suse.com> ocfs2: fix races between hole punching and AIO+DIO Su Yue <glass.su(a)suse.com> ocfs2: use coarse time for new created files Rik van Riel <riel(a)surriel.com> fs/proc: fix softlockup in __read_vmcore Hagar Gamal Halim Hemdan <hagarhem(a)amazon.com> vmci: prevent speculation leaks by sanitizing event in event_deliver() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing/selftests: Fix kprobe event name test for .isra. functions Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found Jani Nikula <jani.nikula(a)intel.com> drm/exynos/vidi: fix memory leak in .get_modes() Dirk Behme <dirk.behme(a)de.bosch.com> drivers: core: synchronize really_probe() and dev_uevent() Taehee Yoo <ap420073(a)gmail.com> ionic: fix use after netif_napi_del() Petr Pavlu <petr.pavlu(a)suse.com> net/ipv6: Fix the RT cache flush via sysctl using a previous delay Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_v6_syn_recv_sock() Adam Miotk <adam.miotk(a)arm.com> drm/bridge/panel: Fix runtime warning on panel bridge release Amjad Ouled-Ameur <amjad.ouled-ameur(a)arm.com> drm/komeda: check for error-valued pointer Aleksandr Mishin <amishin(a)t-argos.ru> liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet José Expósito <jose.exposito89(a)gmail.com> HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Return right value in iommu_sva_bind_device() Kun(llfl) <llfl(a)linux.alibaba.com> iommu/amd: Fix sysfs leak in iommu init Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: core: remove unnecessary WARN_ON() in implement() Gregor Herburger <gregor.herburger(a)tq-group.com> gpio: tqmx86: fix typo in Kconfig label Chen Hanxiao <chenhx.fnst(a)fujitsu.com> SUNRPC: return proper error from gss_wrap_req_priv Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: try trimming too long modalias strings Breno Leitao <leitao(a)debian.org> scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply broken streams quirk to Etron EJ188 xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply reset resume quirk to Etron EJ188 xHCI host Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set correct transferred length for cancelled bulk transfers Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> jfs: xattr: fix buffer overflow for invalid xattr Tomas Winkler <tomas.winkler(a)intel.com> mei: me: release irq in mei_me_pci_resume error path Alan Stern <stern(a)rowland.harvard.edu> USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: return the mapped address from nilfs_get_page() Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: Remove check for PageError Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix bogus test success on Aarch64 Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: conform test to TAP format output Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: replace hardcoded divisor value with BIT() macro George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Peter Ujfalusi <peter.ujfalusi(a)ti.com> ASoC: ti: davinci-mcasp: Handle missing required DT properties Peter Ujfalusi <peter.ujfalusi(a)ti.com> ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling Peter Ujfalusi <peter.ujfalusi(a)ti.com> ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing Peter Ujfalusi <peter.ujfalusi(a)ti.com> ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params Colin Ian King <colin.king(a)canonical.com> ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Eric Dumazet <edumazet(a)google.com> ipv6: fix possible race in __fib6_drop_pcpu_from() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). Karol Kolacinski <karol.kolacinski(a)intel.com> ptp: Fix error message on failed pin verification Eric Dumazet <edumazet(a)google.com> net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Stop waiting for PCI if pci channel is offline Jason Xing <kernelxing(a)tencent.com> tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Hangyu Hua <hbh25y(a)gmail.com> net: sched: sch_multiq: fix possible OOB write in multiq_tune() Eric Dumazet <edumazet(a)google.com> ipv6: sr: block BH in seg6_output_core() and seg6_input_core() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't read past the mfuart notifcation Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 Lin Ma <linma(a)zju.edu.cn> wifi: cfg80211: pmsr: use correct nla_get_uX functions Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/exynos4210-smdkv310.dts | 2 +- arch/arm/boot/dts/exynos4412-origen.dts | 2 +- arch/arm/boot/dts/exynos4412-smdk4412.dts | 2 +- arch/arm/boot/dts/rk3066a.dtsi | 1 + arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 + arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/asm/syscalls.h | 6 + arch/hexagon/include/uapi/asm/unistd.h | 1 + arch/hexagon/kernel/syscalltab.c | 7 + arch/mips/bmips/setup.c | 3 +- arch/mips/pci/ops-rc32434.c | 4 +- arch/mips/pci/pcie-octeon.c | 6 + arch/parisc/kernel/syscalls/syscall.tbl | 4 +- arch/powerpc/include/asm/hvcall.h | 8 +- arch/powerpc/include/asm/io.h | 24 +- arch/sparc/kernel/syscalls/syscall.tbl | 2 +- arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/time.c | 20 +- drivers/acpi/acpica/exregion.c | 23 +- drivers/ata/libata-core.c | 8 +- drivers/base/core.c | 3 + drivers/bluetooth/ath3k.c | 25 +- drivers/dma/dma-axi-dmac.c | 2 +- drivers/dma/ioat/init.c | 1 + drivers/gpio/Kconfig | 2 +- drivers/gpio/gpio-davinci.c | 5 + drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 2 + .../amd/display/dc/dcn10/dcn10_stream_encoder.c | 6 + .../drm/arm/display/komeda/komeda_pipeline_state.c | 2 +- drivers/gpu/drm/bridge/panel.c | 7 +- drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 7 +- drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 + drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 +- drivers/gpu/drm/radeon/sumo_dpm.c | 2 + drivers/greybus/interface.c | 1 + drivers/hid/hid-core.c | 1 - drivers/hid/hid-logitech-dj.c | 4 +- drivers/hv/hv_util.c | 19 +- drivers/hwtracing/intel_th/pci.c | 25 ++ drivers/i2c/busses/i2c-at91-slave.c | 3 +- drivers/i2c/busses/i2c-ocores.c | 2 +- drivers/iio/adc/ad7266.c | 2 + drivers/iio/chemical/bme680.h | 2 + drivers/iio/chemical/bme680_core.c | 62 +++- drivers/iio/dac/ad5592r-base.c | 62 ++-- drivers/iio/dac/ad5592r-base.h | 1 + drivers/input/input.c | 105 ++++++- drivers/iommu/amd_iommu_init.c | 9 + drivers/media/dvb-core/dvbdev.c | 2 +- drivers/misc/mei/pci-me.c | 4 +- drivers/misc/vmw_vmci/vmci_event.c | 6 +- drivers/mmc/host/sdhci-pci-core.c | 11 +- drivers/mmc/host/sdhci.c | 25 +- drivers/mtd/nand/spi/macronix.c | 99 +++++++ drivers/mtd/parsers/redboot.c | 2 +- drivers/net/dsa/microchip/ksz9477.c | 6 +- drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/fw.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/health.c | 8 + .../net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 4 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 +- drivers/net/phy/micrel.c | 15 + drivers/net/usb/ax88179_178a.c | 6 +- drivers/net/usb/rtl8150.c | 3 +- drivers/net/virtio_net.c | 12 +- drivers/net/vxlan.c | 4 + drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 - drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 +- drivers/pci/controller/pcie-rockchip-ep.c | 6 +- drivers/pci/pci.c | 12 + drivers/pinctrl/core.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 63 ++++- drivers/ptp/ptp_chardev.c | 3 +- drivers/pwm/pwm-stm32.c | 3 + drivers/regulator/core.c | 1 + drivers/scsi/mpt3sas/mpt3sas_base.c | 19 ++ drivers/scsi/qedi/qedi_debugfs.c | 12 +- drivers/soc/ti/wkup_m3_ipc.c | 7 +- drivers/tty/serial/mcf.c | 2 +- drivers/tty/serial/sc16is7xx.c | 25 +- drivers/usb/atm/cxacru.c | 14 + drivers/usb/class/cdc-wdm.c | 4 +- drivers/usb/gadget/function/f_fs.c | 4 + drivers/usb/gadget/function/f_printer.c | 1 + drivers/usb/host/xhci-pci.c | 7 + drivers/usb/host/xhci-ring.c | 5 +- drivers/usb/misc/uss720.c | 22 +- drivers/usb/musb/da8xx.c | 8 +- drivers/usb/storage/alauda.c | 9 +- fs/jfs/xattr.c | 4 +- fs/nfs/read.c | 4 - fs/nilfs2/dir.c | 59 ++-- fs/nilfs2/segment.c | 3 + fs/ocfs2/file.c | 2 + fs/ocfs2/namei.c | 2 +- fs/open.c | 4 +- fs/proc/vmcore.c | 2 + fs/udf/udftime.c | 11 +- include/linux/compat.h | 2 +- include/linux/iommu.h | 2 +- include/linux/micrel_phy.h | 1 + include/linux/nvme.h | 4 +- include/linux/pci.h | 9 + include/linux/syscalls.h | 2 +- include/net/bluetooth/hci_core.h | 36 ++- include/net/netfilter/nf_tables.h | 5 + include/uapi/asm-generic/hugetlb_encode.h | 24 +- kernel/events/core.c | 13 + kernel/gcov/gcc_4_7.c | 4 +- kernel/gen_kheaders.sh | 9 +- kernel/rcu/rcutorture.c | 3 +- kernel/time/tick-common.c | 42 +-- kernel/trace/preemptirq_delay_test.c | 1 + net/batman-adv/originator.c | 29 ++ net/bluetooth/l2cap_core.c | 8 +- net/can/j1939/main.c | 6 +- net/can/j1939/transport.c | 21 +- net/core/drop_monitor.c | 20 +- net/core/net_namespace.c | 9 +- net/core/sock.c | 6 +- net/ipv4/af_inet.c | 23 +- net/ipv4/cipso_ipv4.c | 12 +- net/ipv4/tcp.c | 16 +- net/ipv6/af_inet6.c | 24 +- net/ipv6/ip6_fib.c | 6 +- net/ipv6/ipv6_sockglue.c | 9 +- net/ipv6/route.c | 9 +- net/ipv6/seg6_iptunnel.c | 14 +- net/ipv6/tcp_ipv6.c | 9 +- net/ipv6/xfrm6_policy.c | 8 +- net/iucv/iucv.c | 26 +- net/mac80211/mesh_pathtbl.c | 13 + net/mac80211/sta_info.c | 4 +- net/netfilter/ipset/ip_set_core.c | 104 ++++--- net/netfilter/ipset/ip_set_list_set.c | 30 +- net/netfilter/nf_tables_api.c | 13 +- net/netfilter/nft_exthdr.c | 17 +- net/netfilter/nft_lookup.c | 3 +- net/netrom/nr_timer.c | 3 +- net/sched/act_api.c | 66 +++-- net/sched/sch_multiq.c | 2 +- net/sched/sch_taprio.c | 15 +- net/sunrpc/auth_gss/auth_gss.c | 4 +- net/unix/af_unix.c | 47 ++-- net/unix/diag.c | 12 +- net/wireless/pmsr.c | 8 +- sound/soc/fsl/fsl-asoc-card.c | 3 +- sound/soc/ti/davinci-mcasp.c | 312 +++++++++------------ sound/synth/emux/soundfont.c | 17 +- tools/include/asm-generic/hugetlb_encode.h | 20 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 +- .../ftrace/test.d/kprobe/kprobe_eventname.tc | 3 +- tools/testing/selftests/vm/compaction_test.c | 103 +++---- 159 files changed, 1478 insertions(+), 853 deletions(-)

10 months

4
3
0 0

[PATCH 2/2] f2fs: use meta inode for GC of COW file

by Sunmin Jeong

In case of the COW file, new updates and GC writes are already separated to page caches of the atomic file and COW file. As some cases that use the meta inode for GC, there are some race issues between a foreground thread and GC thread. To handle them, we need to take care when to invalidate and wait writeback of GC pages in COW files as the case of using the meta inode. Also, a pointer from the COW inode to the original inode is required to check the state of original pages. For the former, we can solve the problem by using the meta inode for GC of COW files. Then let's get a page from the original inode in move_data_block when GCing the COW file to avoid race condition. Fixes: 3db1de0e582c ("f2fs: change the current atomic write way") Cc: stable(a)vger.kernel.org #v5.19+ Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Reviewed-by: Yeongjin Gil <youngjin.gil(a)samsung.com> Signed-off-by: Sunmin Jeong <s_min.jeong(a)samsung.com> --- fs/f2fs/data.c | 2 +- fs/f2fs/f2fs.h | 7 ++++++- fs/f2fs/file.c | 3 +++ fs/f2fs/gc.c | 12 ++++++++++-- fs/f2fs/inline.c | 2 +- fs/f2fs/inode.c | 3 ++- 6 files changed, 23 insertions(+), 6 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 05158f89ef32..90ff0f6f7f7f 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -2651,7 +2651,7 @@ bool f2fs_should_update_outplace(struct inode *inode, struct f2fs_io_info *fio) return true; if (IS_NOQUOTA(inode)) return true; - if (f2fs_is_atomic_file(inode)) + if (f2fs_used_in_atomic_write(inode)) return true; /* rewrite low ratio compress data w/ OPU mode to avoid fragmentation */ if (f2fs_compressed_file(inode) && diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 59c5117e54b1..4f9fd1c1d024 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4267,9 +4267,14 @@ static inline bool f2fs_post_read_required(struct inode *inode) f2fs_compressed_file(inode); } +static inline bool f2fs_used_in_atomic_write(struct inode *inode) +{ + return f2fs_is_atomic_file(inode) || f2fs_is_cow_file(inode); +} + static inline bool f2fs_meta_inode_gc_required(struct inode *inode) { - return f2fs_post_read_required(inode) || f2fs_is_atomic_file(inode); + return f2fs_post_read_required(inode) || f2fs_used_in_atomic_write(inode); } /* diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 25b119cf3499..c9f0ba658cfd 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2116,6 +2116,9 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) set_inode_flag(fi->cow_inode, FI_COW_FILE); clear_inode_flag(fi->cow_inode, FI_INLINE_DATA); + + /* Set the COW inode's cow_inode to the atomic inode */ + F2FS_I(fi->cow_inode)->cow_inode = inode; } else { /* Reuse the already created COW inode */ ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true); diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c index 136b9e8180a3..76854e732b35 100644 --- a/fs/f2fs/gc.c +++ b/fs/f2fs/gc.c @@ -1188,7 +1188,11 @@ static int ra_data_block(struct inode *inode, pgoff_t index) }; int err; - page = f2fs_grab_cache_page(mapping, index, true); + if (f2fs_is_cow_file(inode)) + page = f2fs_grab_cache_page(F2FS_I(inode)->cow_inode->i_mapping, + index, true); + else + page = f2fs_grab_cache_page(mapping, index, true); if (!page) return -ENOMEM; @@ -1287,7 +1291,11 @@ static int move_data_block(struct inode *inode, block_t bidx, CURSEG_ALL_DATA_ATGC : CURSEG_COLD_DATA; /* do not read out */ - page = f2fs_grab_cache_page(inode->i_mapping, bidx, false); + if (f2fs_is_cow_file(inode)) + page = f2fs_grab_cache_page(F2FS_I(inode)->cow_inode->i_mapping, + bidx, false); + else + page = f2fs_grab_cache_page(inode->i_mapping, bidx, false); if (!page) return -ENOMEM; diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c index ac00423f117b..0186ec049db6 100644 --- a/fs/f2fs/inline.c +++ b/fs/f2fs/inline.c @@ -16,7 +16,7 @@ static bool support_inline_data(struct inode *inode) { - if (f2fs_is_atomic_file(inode)) + if (f2fs_used_in_atomic_write(inode)) return false; if (!S_ISREG(inode->i_mode) && !S_ISLNK(inode->i_mode)) return false; diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index c26effdce9aa..c810304e2681 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -807,8 +807,9 @@ void f2fs_evict_inode(struct inode *inode) f2fs_abort_atomic_write(inode, true); - if (fi->cow_inode) { + if (fi->cow_inode && f2fs_is_cow_file(fi->cow_inode)) { clear_inode_flag(fi->cow_inode, FI_COW_FILE); + F2FS_I(fi->cow_inode)->cow_inode = NULL; iput(fi->cow_inode); fi->cow_inode = NULL; } -- 2.25.1

10 months

2
2
0 0

[PATCH 1/2] f2fs: use meta inode for GC of atomic file

by Sunmin Jeong

The page cache of the atomic file keeps new data pages which will be stored in the COW file. It can also keep old data pages when GCing the atomic file. In this case, new data can be overwritten by old data if a GC thread sets the old data page as dirty after new data page was evicted. Also, since all writes to the atomic file are redirected to COW inodes, GC for the atomic file is not working well as below. f2fs_gc(gc_type=FG_GC) - select A as a victim segment do_garbage_collect - iget atomic file's inode for block B move_data_page f2fs_do_write_data_page - use dn of cow inode - set fio->old_blkaddr from cow inode - seg_freed is 0 since block B is still valid - goto gc_more and A is selected as victim again To solve the problem, let's separate GC writes and updates in the atomic file by using the meta inode for GC writes. Fixes: 3db1de0e582c ("f2fs: change the current atomic write way") Cc: stable(a)vger.kernel.org #v5.19+ Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Reviewed-by: Yeongjin Gil <youngjin.gil(a)samsung.com> Signed-off-by: Sunmin Jeong <s_min.jeong(a)samsung.com> --- fs/f2fs/f2fs.h | 5 +++++ fs/f2fs/gc.c | 6 +++--- fs/f2fs/segment.c | 4 ++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index a000cb024dbe..59c5117e54b1 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4267,6 +4267,11 @@ static inline bool f2fs_post_read_required(struct inode *inode) f2fs_compressed_file(inode); } +static inline bool f2fs_meta_inode_gc_required(struct inode *inode) +{ + return f2fs_post_read_required(inode) || f2fs_is_atomic_file(inode); +} + /* * compress.c */ diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c index a079eebfb080..136b9e8180a3 100644 --- a/fs/f2fs/gc.c +++ b/fs/f2fs/gc.c @@ -1580,7 +1580,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, start_bidx = f2fs_start_bidx_of_node(nofs, inode) + ofs_in_node; - if (f2fs_post_read_required(inode)) { + if (f2fs_meta_inode_gc_required(inode)) { int err = ra_data_block(inode, start_bidx); f2fs_up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); @@ -1631,7 +1631,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, start_bidx = f2fs_start_bidx_of_node(nofs, inode) + ofs_in_node; - if (f2fs_post_read_required(inode)) + if (f2fs_meta_inode_gc_required(inode)) err = move_data_block(inode, start_bidx, gc_type, segno, off); else @@ -1639,7 +1639,7 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, segno, off); if (!err && (gc_type == FG_GC || - f2fs_post_read_required(inode))) + f2fs_meta_inode_gc_required(inode))) submitted++; if (locked) { diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 7e47b8054413..b55fc4bd416a 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -3823,7 +3823,7 @@ void f2fs_wait_on_block_writeback(struct inode *inode, block_t blkaddr) struct f2fs_sb_info *sbi = F2FS_I_SB(inode); struct page *cpage; - if (!f2fs_post_read_required(inode)) + if (!f2fs_meta_inode_gc_required(inode)) return; if (!__is_valid_data_blkaddr(blkaddr)) @@ -3842,7 +3842,7 @@ void f2fs_wait_on_block_writeback_range(struct inode *inode, block_t blkaddr, struct f2fs_sb_info *sbi = F2FS_I_SB(inode); block_t i; - if (!f2fs_post_read_required(inode)) + if (!f2fs_meta_inode_gc_required(inode)) return; for (i = 0; i < len; i++) -- 2.25.1

10 months

2
3
0 0

[merged mm-stable] hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: hugetlb: force allocating surplus hugepages on mempolicy allowed nodes has been removed from the -mm tree. Its filename was hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Aristeu Rozanski <aris(a)redhat.com> Subject: hugetlb: force allocating surplus hugepages on mempolicy allowed nodes Date: Fri, 21 Jun 2024 15:00:50 -0400 When trying to allocate a hugepage with no reserved ones free, it may be allowed in case a number of overcommit hugepages was configured (using /proc/sys/vm/nr_overcommit_hugepages) and that number wasn't reached. This allows for a behavior of having extra hugepages allocated dynamically, if there're resources for it. Some sysadmins even prefer not reserving any hugepages and setting a big number of overcommit hugepages. But while attempting to allocate overcommit hugepages in a multi node system (either NUMA or mempolicy/cpuset) said allocations might randomly fail even when there're resources available for the allocation. This happens due to allowed_mems_nr() only accounting for the number of free hugepages in the nodes the current process belongs to and the surplus hugepage allocation is done so it can be allocated in any node. In case one or more of the requested surplus hugepages are allocated in a different node, the whole allocation will fail due allowed_mems_nr() returning a lower value. So allocate surplus hugepages in one of the nodes the current process belongs to. Easy way to reproduce this issue is to use a 2+ NUMA nodes system: # echo 0 >/proc/sys/vm/nr_hugepages # echo 1 >/proc/sys/vm/nr_overcommit_hugepages # numactl -m0 ./tools/testing/selftests/mm/map_hugetlb 2 Repeating the execution of map_hugetlb test application will eventually fail when the hugepage ends up allocated in a different node. [aris(a)ruivo.org: v2] Link: https://lkml.kernel.org/r/20240701212343.GG844599@cathedrallabs.org Link: https://lkml.kernel.org/r/20240621190050.mhxwb65zn37doegp@redhat.com Signed-off-by: Aristeu Rozanski <aris(a)redhat.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Aristeu Rozanski <aris(a)ruivo.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Vishal Moola <vishal.moola(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) --- a/mm/hugetlb.c~hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes +++ a/mm/hugetlb.c @@ -2620,6 +2620,23 @@ struct folio *alloc_hugetlb_folio_nodema return alloc_migrate_hugetlb_folio(h, gfp_mask, preferred_nid, nmask); } +static nodemask_t *policy_mbind_nodemask(gfp_t gfp) +{ +#ifdef CONFIG_NUMA + struct mempolicy *mpol = get_task_policy(current); + + /* + * Only enforce MPOL_BIND policy which overlaps with cpuset policy + * (from policy_nodemask) specifically for hugetlb case + */ + if (mpol->mode == MPOL_BIND && + (apply_policy_zone(mpol, gfp_zone(gfp)) && + cpuset_nodemask_valid_mems_allowed(&mpol->nodes))) + return &mpol->nodes; +#endif + return NULL; +} + /* * Increase the hugetlb pool such that it can accommodate a reservation * of size 'delta'. @@ -2633,6 +2650,8 @@ static int gather_surplus_pages(struct h long i; long needed, allocated; bool alloc_ok = true; + int node; + nodemask_t *mbind_nodemask = policy_mbind_nodemask(htlb_alloc_mask(h)); lockdep_assert_held(&hugetlb_lock); needed = (h->resv_huge_pages + delta) - h->free_huge_pages; @@ -2647,8 +2666,15 @@ static int gather_surplus_pages(struct h retry: spin_unlock_irq(&hugetlb_lock); for (i = 0; i < needed; i++) { - folio = alloc_surplus_hugetlb_folio(h, htlb_alloc_mask(h), - NUMA_NO_NODE, NULL); + folio = NULL; + for_each_node_mask(node, cpuset_current_mems_allowed) { + if (!mbind_nodemask || node_isset(node, *mbind_nodemask)) { + folio = alloc_surplus_hugetlb_folio(h, htlb_alloc_mask(h), + node, NULL); + if (folio) + break; + } + } if (!folio) { alloc_ok = false; break; @@ -4878,23 +4904,6 @@ static int __init default_hugepagesz_set } __setup("default_hugepagesz=", default_hugepagesz_setup); -static nodemask_t *policy_mbind_nodemask(gfp_t gfp) -{ -#ifdef CONFIG_NUMA - struct mempolicy *mpol = get_task_policy(current); - - /* - * Only enforce MPOL_BIND policy which overlaps with cpuset policy - * (from policy_nodemask) specifically for hugetlb case - */ - if (mpol->mode == MPOL_BIND && - (apply_policy_zone(mpol, gfp_zone(gfp)) && - cpuset_nodemask_valid_mems_allowed(&mpol->nodes))) - return &mpol->nodes; -#endif - return NULL; -} - static unsigned int allowed_mems_nr(struct hstate *h) { int node; _ Patches currently in -mm which might be from aris(a)redhat.com are

10 months

1
0
0 0

[folded-merged] hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes-v2.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: hugetlb: force allocating surplus hugepages on mempolicy allowed nodes has been removed from the -mm tree. Its filename was hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes-v2.patch This patch was dropped because it was folded into hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes.patch ------------------------------------------------------ From: Aristeu Rozanski <aris(a)ruivo.org> Subject: hugetlb: force allocating surplus hugepages on mempolicy allowed nodes Date: Mon, 1 Jul 2024 17:23:43 -0400 v2: - attempt to make the description more clear - prevent uninitialized usage of folio in case current process isn't part of any nodes with memory Link: https://lkml.kernel.org/r/20240701212343.GG844599@cathedrallabs.org Signed-off-by: Aristeu Rozanski <aris(a)ruivo.org> Cc: Vishal Moola <vishal.moola(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Aristeu Rozanski <aris(a)redhat.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/hugetlb.c~hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes-v2 +++ a/mm/hugetlb.c @@ -2631,6 +2631,7 @@ static int gather_surplus_pages(struct h retry: spin_unlock_irq(&hugetlb_lock); for (i = 0; i < needed; i++) { + folio = NULL; for_each_node_mask(node, cpuset_current_mems_allowed) { if (!mbind_nodemask || node_isset(node, *mbind_nodemask)) { folio = alloc_surplus_hugetlb_folio(h, htlb_alloc_mask(h), _ Patches currently in -mm which might be from aris(a)ruivo.org are hugetlb-force-allocating-surplus-hugepages-on-mempolicy-allowed-nodes.patch

10 months

1
0
0 0

[PATCH] ks8851: Fix deadlock with the SPI chip variant

by Ronald Wahl

From: Ronald Wahl <ronald.wahl(a)raritan.com> When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmit+0x6c/0xbc sch_direct_xmit+0xa4/0x22c __qdisc_run+0x138/0x3fc qdisc_run+0x24/0x3c net_tx_action+0xf8/0x130 handle_softirqs+0x1ac/0x1f0 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x3c/0x58 do_softirq_own_stack+0x1c/0x28 __irq_exit_rcu+0x54/0x9c irq_exit_rcu+0x10/0x1c el1_interrupt+0x38/0x50 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x64/0x68 __netif_schedule+0x6c/0x80 netif_tx_wake_queue+0x38/0x48 ks8851_irq+0xb8/0x2c8 irq_thread_fn+0x2c/0x74 irq_thread+0x10c/0x1b0 kthread+0xc8/0xd8 ret_from_fork+0x10/0x20 This issue has not been identified earlier because tests were done on a device with SMP disabled and so spinlocks were actually NOPs. This commit moves the netif_wake_queue call outside the spinlock protected area. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> --- drivers/net/ethernet/micrel/ks8851_common.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 6453c92f0fa7..60b959126b26 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -348,15 +348,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); + bool need_wake_queue; netif_dbg(ks, intr, ks->netdev, "%s: txspace %d\n", __func__, tx_space); spin_lock(&ks->statelock); ks->tx_space = tx_space; - if (netif_queue_stopped(ks->netdev)) - netif_wake_queue(ks->netdev); + need_wake_queue = netif_queue_stopped(ks->netdev); spin_unlock(&ks->statelock); + if (need_wake_queue) + netif_wake_queue(ks->netdev); } if (status & IRQ_SPIBEI) { -- 2.45.2

10 months

3
2
0 0

[PATCH 6.9 000/222] 6.9.8-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.8 release. There are 222 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Jul 2024 17:01:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.8-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.8-rc1 David Howells <dhowells(a)redhat.com> netfs: Fix netfs_page_mkwrite() to flush conflicting data, not wait David Howells <dhowells(a)redhat.com> netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid Yao Xingtao <yaoxt.fnst(a)fujitsu.com> cxl/region: check interleave capability Alison Schofield <alison.schofield(a)intel.com> cxl/region: Avoid null pointer dereference in region lookup Alison Schofield <alison.schofield(a)intel.com> cxl/region: Move cxl_dpa_to_region() work to the region driver Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Add sound-dai-cells for RK3368 Andy Yan <andyshrk(a)163.com> arm64: dts: rockchip: Fix the i2c address of es8316 on Cool Pi 4B Mark Brown <broonie(a)kernel.org> reset: gpio: Fix missing gpiolib dependency for GPIO reset controller FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E Li Ming <ming4.li(a)intel.com> cxl/mem: Fix no cxl_nvd during pmem region auto-assembling Dan Williams <dan.j.williams(a)intel.com> cxl/region: Convert cxl_pmem_region_alloc to scope-based resource management FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: make poweroff(8) work on Radxa ROCK 5A FUKAUMI Naoki <naoki(a)radxa.com> Revert "arm64: dts: rockchip: remove redundant cd-gpios from rk3588 sdmmc nodes" Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch on rk3399-gru Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: set correct pwm0 pinctrl on rk3588-tiger Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Rename LED related pinctrl nodes on rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Fix error message to not describe the previous error path Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Fix calculation of prescaler yangge <yangge1116(a)126.com> mm/page_alloc: Separate THP PCP into movable and non-movable categories Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "net: sfp: enhance quirk for Fibrestore 2.5G copper SFP module" Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: btree_gc can now handle unknown btrees Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Fix setting of downgrade recovery passes/errors Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Fix bch2_sb_downgrade_update() Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Fix sb-downgrade validation Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Fix sb_field_downgrade validation Arnd Bergmann <arnd(a)arndb.de> syscalls: fix sys_fanotify_mark prototype Arnd Bergmann <arnd(a)arndb.de> syscalls: fix compat_sys_io_pgetevents_time64 usage Arnd Bergmann <arnd(a)arndb.de> ftruncate: pass a signed offset Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix double free on error Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Add ATA_HORKAGE_NOLPM for all Crucial BX SSD1 models Niklas Cassel <cassel(a)kernel.org> ata: ahci: Clean up sysfs file on error Vitor Soares <vitor.soares(a)toradex.com> can: mcp251xfd: fix infinite loop when xmit fails Sven Eckelmann <sven(a)narfation.org> batman-adv: Don't accept TT entries for out-of-spec VIDs Jens Axboe <axboe(a)kernel.dk> io_uring: signal SQPOLL task_work with TWA_SIGNAL_NO_IPI Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: fix parsing of vram_info Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix potential UAF by revoke of fence registers Julia Zhang <julia.zhang(a)amd.com> drm/amdgpu: avoid using null object of framebuffer Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-dma: Only set smem_start is enable per module option Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes Jann Horn <jannh(a)google.com> drm/drm_file: Fix pid refcounting race Arnd Bergmann <arnd(a)arndb.de> hexagon: fix fadvise64_64 calling conventions Arnd Bergmann <arnd(a)arndb.de> csky, hexagon: fix broken sys_sync_file_range Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix initial free space detection Arnd Bergmann <arnd(a)arndb.de> sh: rework sync_file_range ABI Dragan Simic <dsimic(a)manjaro.org> kbuild: Install dtb files as 0644 in Makefile.dtbinst Huacai Chen <chenhuacai(a)kernel.org> irqchip/loongson-liointc: Set different ISRs for different cores Yuntao Wang <ytcoode(a)gmail.com> cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() Huacai Chen <chenhuacai(a)kernel.org> cpu: Fix broken cmdline "nosmp" and "maxcpus=0" Huacai Chen <chenhuacai(a)kernel.org> irqchip/loongson-eiointc: Use early_cpu_to_node() instead of cpu_to_node() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing Nathan Chancellor <nathan(a)kernel.org> nvmet-fc: Remove __counted_by from nvmet_fc_tgt_queue.fod[] Mostafa Saleh <smostafa(a)google.com> PCI/MSI: Fix UAF in msi_capability_init Oleksij Rempel <o.rempel(a)pengutronix.de> net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oleksij Rempel <o.rempel(a)pengutronix.de> net: can: j1939: recover socket queue on CAN bus error during BAM transmission Shigeru Yoshida <syoshida(a)redhat.com> net: can: j1939: Initialize unused data in j1939_send_one() Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> tty: mcf: MCF54418 has 10 UARTS Nathan Chancellor <nathan(a)kernel.org> tty: mxser: Remove __counted_by from mxser_board.ports[] Dirk Su <dirk.su(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665 G11. Jonas Gorski <jonas.gorski(a)gmail.com> serial: bcm63xx-uart: fix tx after conversion to uart_port_tx_limited() Jonas Gorski <jonas.gorski(a)gmail.com> serial: core: introduce uart_port_tx_limited_flags() Stefan Eichenberger <stefan.eichenberger(a)toradex.com> serial: imx: set receiver level before starting uart Udit Kumar <u-kumar1(a)ti.com> serial: 8250_omap: Implementation of Errata i2310 Crescent Hsieh <crescentcy.hsieh(a)moxa.com> tty: serial: 8250: Fix port count mismatch with the device Doug Brown <doug(a)schmorgal.com> Revert "serial: core: only stop transmit when HW fifo is empty" Jos Wang <joswang(a)lenovo.com> usb: dwc3: core: Workaround for CSR read timeout Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: ucsi: stm32: fix command completion handling Ferry Toth <ftoth(a)exalondelft.nl> Revert "usb: gadget: u_ether: Replace netif_stop_queue with netif_device_detach" Ferry Toth <ftoth(a)exalondelft.nl> Revert "usb: gadget: u_ether: Re-attach netif device to mirror detachment" Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: ucsi: glink: fix child node release in probe function Jeremy Kerr <jk(a)codeconstruct.com.au> usb: gadget: aspeed_udc: fix device address configuration Meng Li <Meng.Li(a)windriver.com> usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix endpoint checking in cxacru_bind() Dan Carpenter <dan.carpenter(a)linaro.org> usb: musb: da8xx: fix a resource leak in probe() Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: fix races against disable Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: SS+ support Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: improve link status logs Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix sensor data read operation Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix overflows in compensate() functions Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix calibration data variable Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix pressure value output Alexander Sverdlin <alexander.sverdlin(a)siemens.com> iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF Fernando Yang <hagisf(a)usp.br> iio: adc: ad7266: Fix variable checking bug Dimitri Fedrau <dima.fedrau(a)gmail.com> iio: humidity: hdc3020: fix hysteresis representation Niklas Cassel <cassel(a)kernel.org> ata,scsi: libata-core: Do not leak memory for ata_port struct members Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix null pointer dereference on error Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: discard write requests while old command is running Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: don't erase registers after STOP Masahiro Yamada <masahiroy(a)kernel.org> kbuild: rpm-pkg: fix build error with CONFIG_MODULES=n Thayne Harbaugh <thayne(a)mastodonlabs.com> kbuild: Fix build target deb-pkg: ln: failed to create hard link Mark-PK Tsai <mark-pk.tsai(a)mediatek.com> kbuild: doc: Update default INSTALL_MOD_DIR from extra to updates David Lechner <dlechner(a)baylibre.com> counter: ti-eqep: enable clock at probe Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix backchannel reply, again Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not invert write-protect twice Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Kamal Dasu <kamal.dasu(a)broadcom.com> mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci-o2micro: Convert PCIBIOS_* return codes to errnos Linus Walleij <linus.walleij(a)linaro.org> Revert "mmc: moxart-mmc: Use sg_miter for PIO" Andrew Bresticker <abrestic(a)rivosinc.com> mm/memory: don't require head page for do_set_pmd() Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: fix incorrect vbq reference in purge_fragmented_block Andrey Konovalov <andreyknvl(a)gmail.com> kasan: fix bad call to unpoison_slab_object Christoph Hellwig <hch(a)lst.de> nfs: drop the incorrect assertion in nfs_swap_rw() Jan Kara <jack(a)suse.cz> ocfs2: fix DIO failure due to insufficient transaction credits Johan Hovold <johan+linaro(a)kernel.org> pinctrl: qcom: spmi-gpio: drop broken pm8008 support Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> Revert "MIPS: pci: lantiq: restore reset gpio polarity" Arnd Bergmann <arnd(a)arndb.de> parisc: use generic sys_fanotify_mark implementation Linus Torvalds <torvalds(a)linux-foundation.org> x86: stop playing stack games in profile_pc() Kees Cook <kees(a)kernel.org> randomize_kstack: Remove non-functional per-arch entropy filtering David Arcari <darcari(a)redhat.com> tools/power turbostat: option '-n' is ambiguous Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Ignore reconfiguration without direction Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Fix GT feature enablement again Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Invalidate cache before removing device from domain list Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Introduce per device DTE update function Andy Chiu <andy.chiu(a)sifive.com> riscv: stacktrace: convert arch_stack_walk() to noinstr Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix pci state save during mode-1 reset Jesse Taube <jesse(a)rivosinc.com> RISC-V: fix vector insn load/store width mask NeilBrown <neilb(a)suse.de> nfsd: initialise nfsd_info.mutex early. Zenghui Yu <yuzenghui(a)huawei.com> arm64: Clear the initial ID map correctly before remapping Aleksandr Mishin <amishin(a)t-argos.ru> gpio: davinci: Validate the obtained number of IRQs Liu Ying <victor.liu(a)nxp.com> drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Hannes Reinecke <hare(a)kernel.org> nvmet: make 'tsas' attribute idempotent for RDMA Hannes Reinecke <hare(a)suse.de> nvme: fixup comment for nvme RDMA Provider Type Hannes Reinecke <hare(a)kernel.org> nvmet: do not return 'reserved' for empty TSAS values Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Check pat.ops before dumping PAT settings Erick Archer <erick.archer(a)outlook.com> drm/radeon/radeon_display: Decrease the size of allocated memory Stefan Berger <stefanb(a)linux.ibm.com> evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix NULL pointer dereference in gfs2_log_flush Andrew Davis <afd(a)ti.com> soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu-v3: Do not allow a SVA domain to be set on the wrong PASID Tiezhu Yang <yangtiezhu(a)loongson.cn> irqchip/loongson: Select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP for IRQ_LOONGARCH_CPU Ricardo Ribalda <ribalda(a)chromium.org> media: dvbdev: Initialize sbuf Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emux: improve patch ioctl data validation Joachim Vandersmissen <git(a)jvdsn.com> crypto: ecdh - explicitly zeroize private_key Chia-Yuan Li <leo.li(a)realtek.com> wifi: rtw89: download firmware with five times retry Dawei Li <dawei.li(a)shingroup.cn> net/dpaa2: Avoid explicit cpumask var allocation on stack Dawei Li <dawei.li(a)shingroup.cn> net/iucv: Avoid explicit cpumask var allocation on stack Wenchao Hao <haowenchao2(a)huawei.com> RDMA/restrack: Fix potential invalid address access Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe/xe_devcoredump: Check NULL before assignments Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode Anton Protopopov <aspsk(a)isovalent.com> bpf: Add a check for struct bpf_fib_lookup size Muhammad Ahmed <ahmed.ahmed(a)amd.com> drm/amd/display: Skip pipe if the pipe idx not set properly Johannes Berg <johannes.berg(a)intel.com> wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() Denis Arefev <arefev(a)swemel.ru> mtd: partitions: redboot: Added conversion of operands to a larger type Sherry Wang <Yao.Wang1(a)amd.com> drm/amd/display: correct hostvm flag Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init Uros Bizjak <ubizjak(a)gmail.com> x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup Maxime Coquelin <maxime.coquelin(a)redhat.com> vduse: Temporarily fail if control queue feature requested Maxime Coquelin <maxime.coquelin(a)redhat.com> vduse: validate block features only with block devices Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Fix potential integer overflow in page size calculation Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Christophe Leroy <christophe.leroy(a)csgroup.eu> bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() Christophe Leroy <christophe.leroy(a)csgroup.eu> bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() Ma Ke <make24(a)iscas.ac.cn> net: mana: Fix possible double free in error handling path Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix wrong ioctl(SIOCATMARK) when consumed OOB skb is at the head. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't stop recv() at consumed ex-OOB skb. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't stop recv(MSG_DONTWAIT) if consumed OOB skb is at the head. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Stop recv(MSG_PEEK) at consumed OOB skb. Yunseong Kim <yskelg(a)gmail.com> tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix missing MSB in MIDI2 SPP conversion Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO Shannon Nelson <shannon.nelson(a)amd.com> ionic: use dev_consume_skb_any outside of napi Arnd Bergmann <arnd(a)arndb.de> powerpc: restore some missing spu syscalls Arnd Bergmann <arnd(a)arndb.de> parisc: use correct compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix old compat_sys_select() Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix wrong register write when masking interrupt Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix missing channel at encoding RPN/NRPN MIDI2 messages luoxuanqiang <luoxuanqiang(a)kylinos.cn> Fix race for duplicate reqsk on identical SYN Filipe Manana <fdmanana(a)suse.com> btrfs: use NOFS context when getting inodes during logging and log replay Jianguo Wu <wujianguo(a)chinatelecom.cn> netfilter: fix undefined reference to 'netfilter_lwtunnel_*' when CONFIG_SYSCTL=n Chen-Yu Tsai <wenst(a)chromium.org> ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link Daniil Dulov <d.dulov(a)aladdin.ru> xdp: Remove WARN() from __xdp_reg_mem_model() Alexei Starovoitov <ast(a)kernel.org> bpf: Fix may_goto with negative offset. Jan Sokolowski <jan.sokolowski(a)intel.com> ice: Rebuild TC queues on VSI queue reconfiguration Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: dsa: microchip: use collision based back pressure mode Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: phy: micrel: add Microchip KSZ 9477 to the device table Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Free any outstanding tx skbs during scrq reset Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_xmit_one(). Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix overrunning reservations in ringbuf Alexei Starovoitov <ast(a)kernel.org> bpf: Fix the corner case with may_goto and jump to the 1st insn. Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems Ido Schimmel <idosch(a)nvidia.com> mlxsw: pci: Fix driver initialization with Spectrum-4 Taehee Yoo <ap420073(a)gmail.com> ionic: fix kernel panic due to multi-buffer handling Hangbin Liu <liuhangbin(a)gmail.com> bonding: fix incorrect software timestamping report Xin Long <lucien.xin(a)gmail.com> openvswitch: get related ct labels from its master if it is not confirmed Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix initial port flush problem Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> ASoC: fsl-asoc-card: set priv->pdev before using it Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: move chip->flag variable assignment Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: add a null check for chip_pdev structure Alexei Starovoitov <ast(a)kernel.org> bpf: Fix remap of arena. Halil Pasic <pasic(a)linux.ibm.com> s390/virtio_ccw: Fix config change notifications Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Add missing virt_to_phys() for directed DIBV Yonghong Song <yonghong.song(a)linux.dev> bpf: Add missed var_off setting in coerce_subreg_to_size_sx() Yonghong Song <yonghong.song(a)linux.dev> bpf: Add missed var_off setting in set_sext32_default_val() Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm-lpass-dai: close graph on prepare errors Wenchao Hao <haowenchao22(a)gmail.com> workqueue: Increase worker desc's length to 32 Andrei Simion <andrei.simion(a)microchip.com> ASoC: atmel: atmel-classd: Re-add dai_link->platform to fix card init Hsin-Te Yuan <yuanhsinte(a)chromium.org> ASoC: mediatek: mt8183-da7219-max98357: Fix kcontrol name collision Alibek Omarov <a1ba.omarov(a)gmail.com> ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk Maciej Strozek <mstrozek(a)opensource.cirrus.com> ASoC: cs42l43: Increase default type detect time and button delay Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Refuse too small period requests Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: stm32: Calculate prescaler with a division instead of a loop Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: stm32: Fix for settings using period > UINT32_MAX Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: stm32: Improve precision of calculation in .apply() Martin Schiller <ms(a)dev.tdt.de> MIPS: pci: lantiq: restore reset gpio polarity Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: use dedicated pinctrl type for RK3328 Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins Hagar Hemdan <hagarhem(a)amazon.com> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER John Keeping <jkeeping(a)inmusicbrands.com> Input: ili210x - fix ili251x_read_touch_data() return value Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Use spin_{lock,unlock}_irq{save,restore} Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: Ack also failed Get Error commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Never send a lone connector change ack ------------- Diffstat: Documentation/kbuild/modules.rst | 8 +- Makefile | 4 +- arch/arm/boot/dts/rockchip/rk3066a.dtsi | 1 + arch/arm/net/bpf_jit_32.c | 25 +- arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 18 +- arch/arm64/boot/dts/rockchip/rk3328-rock-pi-e.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 + arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 2 +- .../boot/dts/rockchip/rk3588-orangepi-5-plus.dts | 1 + .../arm64/boot/dts/rockchip/rk3588-quartzpro64.dts | 1 + arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts | 1 + arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 5 + arch/arm64/boot/dts/rockchip/rk3588s-coolpi-4b.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3588s-rock-5a.dts | 2 + arch/arm64/include/asm/unistd32.h | 2 +- arch/arm64/kernel/pi/map_kernel.c | 2 +- arch/arm64/kernel/syscall.c | 16 +- arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/asm/syscalls.h | 6 + arch/hexagon/include/uapi/asm/unistd.h | 1 + arch/hexagon/kernel/syscalltab.c | 7 + arch/loongarch/net/bpf_jit.c | 22 +- arch/mips/kernel/syscalls/syscall_n32.tbl | 2 +- arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/mips/net/bpf_jit_comp.c | 3 +- arch/parisc/Kconfig | 1 + arch/parisc/kernel/sys_parisc32.c | 9 - arch/parisc/kernel/syscalls/syscall.tbl | 6 +- arch/parisc/net/bpf_jit_core.c | 8 +- arch/powerpc/kernel/syscalls/syscall.tbl | 6 +- arch/riscv/include/asm/insn.h | 2 +- arch/riscv/kernel/stacktrace.c | 2 +- arch/s390/include/asm/entry-common.h | 2 +- arch/s390/kernel/syscalls/syscall.tbl | 2 +- arch/s390/net/bpf_jit_comp.c | 6 +- arch/s390/pci/pci_irq.c | 2 +- arch/sh/kernel/sys_sh32.c | 11 + arch/sh/kernel/syscalls/syscall.tbl | 3 +- arch/sparc/kernel/sys32.S | 221 -------------- arch/sparc/kernel/syscalls/syscall.tbl | 8 +- arch/sparc/net/bpf_jit_comp_64.c | 6 +- arch/x86/entry/syscalls/syscall_32.tbl | 2 +- arch/x86/include/asm/entry-common.h | 15 +- arch/x86/kernel/fpu/core.c | 4 +- arch/x86/kernel/time.c | 20 +- arch/x86/net/bpf_jit_comp32.c | 3 +- crypto/ecdh.c | 2 + drivers/ata/ahci.c | 17 +- drivers/ata/libata-core.c | 32 +- drivers/counter/ti-eqep.c | 6 + drivers/cpufreq/intel_pstate.c | 13 +- drivers/cxl/core/core.h | 7 + drivers/cxl/core/hdm.c | 13 + drivers/cxl/core/memdev.c | 44 --- drivers/cxl/core/pmem.c | 16 +- drivers/cxl/core/region.c | 182 ++++++++++-- drivers/cxl/cxl.h | 6 +- drivers/cxl/cxlmem.h | 10 + drivers/cxl/mem.c | 17 +- drivers/gpio/gpio-davinci.c | 5 + drivers/gpio/gpiolib-cdev.c | 28 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 18 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c | 5 + .../display/dc/link/protocols/link_dp_capability.c | 10 +- .../amd/display/dc/resource/dcn31/dcn31_resource.c | 2 +- drivers/gpu/drm/amd/display/include/dpcd_defs.h | 5 + drivers/gpu/drm/drm_fb_helper.c | 6 +- drivers/gpu/drm/drm_fbdev_dma.c | 5 +- drivers/gpu/drm/drm_file.c | 8 +- drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 + drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 + drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 +- drivers/gpu/drm/panel/panel-simple.c | 1 + drivers/gpu/drm/radeon/radeon.h | 1 - drivers/gpu/drm/radeon/radeon_display.c | 8 +- drivers/gpu/drm/xe/xe_devcoredump.c | 10 +- drivers/gpu/drm/xe/xe_pat.c | 2 +- drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 5 + drivers/gpu/drm/xe/xe_ttm_vram_mgr.c | 2 +- drivers/i2c/i2c-slave-testunit.c | 5 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad7266.c | 2 + drivers/iio/adc/xilinx-ams.c | 8 +- drivers/iio/chemical/bme680.h | 2 + drivers/iio/chemical/bme680_core.c | 62 +++- drivers/iio/humidity/hdc3020.c | 323 ++++++++++++++++----- drivers/infiniband/core/restrack.c | 51 +--- drivers/input/touchscreen/ili210x.c | 4 +- drivers/iommu/amd/amd_iommu.h | 1 + drivers/iommu/amd/init.c | 1 + drivers/iommu/amd/iommu.c | 34 ++- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 3 + drivers/irqchip/Kconfig | 2 +- drivers/irqchip/irq-loongson-eiointc.c | 5 +- drivers/irqchip/irq-loongson-liointc.c | 4 +- drivers/media/dvb-core/dvbdev.c | 2 +- drivers/mmc/host/moxart-mmc.c | 78 ++--- drivers/mmc/host/sdhci-brcmstb.c | 4 + drivers/mmc/host/sdhci-pci-core.c | 11 +- drivers/mmc/host/sdhci-pci-o2micro.c | 41 +-- drivers/mmc/host/sdhci.c | 25 +- drivers/mtd/parsers/redboot.c | 2 +- drivers/net/bonding/bond_main.c | 3 + drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 14 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 55 +++- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 5 + drivers/net/dsa/microchip/ksz9477.c | 10 +- drivers/net/dsa/microchip/ksz9477_reg.h | 1 + drivers/net/dsa/microchip/ksz_common.c | 2 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 +- drivers/net/ethernet/ibm/ibmvnic.c | 6 + drivers/net/ethernet/intel/ice/ice_main.c | 10 +- drivers/net/ethernet/mellanox/mlxsw/pci.c | 18 +- drivers/net/ethernet/mellanox/mlxsw/reg.h | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 20 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 2 + drivers/net/ethernet/pensando/ionic/ionic_dev.h | 4 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_txrx.c | 55 ++-- drivers/net/phy/micrel.c | 1 + drivers/net/phy/sfp.c | 18 +- drivers/net/usb/ax88179_178a.c | 6 +- drivers/net/vxlan/vxlan_core.c | 9 +- drivers/net/wireless/realtek/rtw89/fw.c | 27 +- drivers/nvme/target/configfs.c | 41 ++- drivers/nvme/target/fc.c | 2 +- drivers/pci/msi/msi.c | 10 +- drivers/pinctrl/core.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 68 ++++- drivers/pinctrl/pinctrl-rockchip.h | 1 + drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 1 - drivers/pinctrl/renesas/pinctrl-rzg2l.c | 4 +- drivers/pwm/pwm-stm32.c | 62 ++-- drivers/reset/Kconfig | 1 + drivers/s390/virtio/virtio_ccw.c | 4 +- drivers/scsi/libsas/sas_ata.c | 6 +- drivers/scsi/libsas/sas_discover.c | 2 +- drivers/soc/ti/wkup_m3_ipc.c | 7 +- drivers/tty/mxser.c | 2 +- drivers/tty/serial/8250/8250_omap.c | 25 +- drivers/tty/serial/8250/8250_pci.c | 13 +- drivers/tty/serial/bcm63xx_uart.c | 7 +- drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/mcf.c | 2 +- drivers/usb/atm/cxacru.c | 14 + drivers/usb/dwc3/core.c | 26 +- drivers/usb/gadget/function/f_printer.c | 40 ++- drivers/usb/gadget/function/u_ether.c | 4 +- drivers/usb/gadget/udc/aspeed_udc.c | 4 +- drivers/usb/musb/da8xx.c | 8 +- drivers/usb/typec/ucsi/ucsi.c | 55 ++-- drivers/usb/typec/ucsi/ucsi_glink.c | 5 +- drivers/usb/typec/ucsi/ucsi_stm32g0.c | 19 +- drivers/vdpa/vdpa_user/vduse_dev.c | 14 +- fs/bcachefs/bcachefs.h | 44 +-- fs/bcachefs/btree_gc.c | 15 +- fs/bcachefs/btree_gc.h | 48 ++- fs/bcachefs/btree_gc_types.h | 29 ++ fs/bcachefs/ec.c | 2 +- fs/bcachefs/sb-downgrade.c | 17 +- fs/bcachefs/super-io.c | 12 +- fs/btrfs/free-space-cache.c | 2 +- fs/btrfs/tree-log.c | 43 ++- fs/gfs2/log.c | 3 +- fs/gfs2/super.c | 4 + fs/netfs/buffered_write.c | 12 +- fs/nfs/direct.c | 2 - fs/nfsd/nfsctl.c | 2 + fs/nfsd/nfssvc.c | 1 - fs/ocfs2/aops.c | 5 + fs/ocfs2/journal.c | 17 ++ fs/ocfs2/journal.h | 2 + fs/ocfs2/ocfs2_trace.h | 2 + fs/open.c | 4 +- include/linux/compat.h | 2 +- include/linux/filter.h | 10 +- include/linux/ieee80211.h | 2 +- include/linux/libata.h | 1 + include/linux/mmzone.h | 9 +- include/linux/nvme.h | 6 +- include/linux/serial_core.h | 21 +- include/linux/syscalls.h | 8 +- include/linux/workqueue.h | 2 +- include/net/inet_connection_sock.h | 2 +- include/net/netfilter/nf_tables.h | 5 + include/trace/events/qdisc.h | 2 +- include/uapi/asm-generic/unistd.h | 2 +- io_uring/io_uring.c | 4 +- kernel/bpf/arena.c | 16 +- kernel/bpf/core.c | 6 +- kernel/bpf/ringbuf.c | 31 +- kernel/bpf/verifier.c | 69 ++++- kernel/cpu.c | 11 +- kernel/sys_ni.c | 2 +- mm/kasan/common.c | 2 +- mm/memory.c | 3 +- mm/page_alloc.c | 9 +- mm/vmalloc.c | 21 +- net/batman-adv/originator.c | 27 ++ net/can/j1939/main.c | 6 +- net/can/j1939/transport.c | 21 +- net/core/filter.c | 3 + net/core/xdp.c | 4 +- net/dccp/ipv4.c | 7 +- net/dccp/ipv6.c | 7 +- net/ipv4/inet_connection_sock.c | 17 +- net/ipv4/tcp_input.c | 45 ++- net/iucv/iucv.c | 26 +- net/netfilter/nf_hooks_lwtunnel.c | 3 + net/netfilter/nf_tables_api.c | 8 +- net/netfilter/nft_lookup.c | 3 +- net/openvswitch/conntrack.c | 7 +- net/sunrpc/svc.c | 5 +- net/unix/af_unix.c | 37 ++- scripts/Makefile.dtbinst | 2 +- scripts/Makefile.package | 2 +- scripts/package/kernel.spec | 8 +- security/integrity/evm/evm_main.c | 12 +- sound/core/seq/seq_ump_convert.c | 10 +- sound/pci/hda/patch_realtek.c | 3 + sound/soc/amd/acp/acp-i2s.c | 8 - sound/soc/amd/acp/acp-pci.c | 12 +- sound/soc/atmel/atmel-classd.c | 7 +- sound/soc/codecs/cs42l43-jack.c | 4 +- sound/soc/fsl/fsl-asoc-card.c | 3 +- sound/soc/mediatek/mt8183/mt8183-da7219-max98357.c | 10 +- sound/soc/mediatek/mt8195/mt8195-mt6359.c | 1 + sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 32 +- sound/soc/rockchip/rockchip_i2s_tdm.c | 13 +- sound/synth/emux/soundfont.c | 17 +- tools/power/x86/turbostat/turbostat.c | 2 +- tools/testing/cxl/test/cxl.c | 4 + 234 files changed, 2103 insertions(+), 1184 deletions(-)

10 months

15
238
0 0

[GIT PULL] Kselftest fixes for v6.10

by Mickaël Salaün

Hi Linus, This PR fixes a few kselftests [1]. This has been in linux-next for a week and rebased to add Mark Brown's Tested-by. The race condition found while writing this fix is not new and seems specific to UML's hostfs (I also tested against ext4 and btrfs without being able to trigger this issue). Feel free to take this PR if you see fit. Regards, Mickaël [1] https://lore.kernel.org/r/9341d4db-5e21-418c-bf9e-9ae2da7877e1@sirena.org.uk -- The following changes since commit f2661062f16b2de5d7b6a5c42a9a5c96326b8454: Linux 6.10-rc5 (2024-06-23 17:08:54 -0400) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git tags/kselftest-fix-2024-07-04 for you to fetch changes up to 130e42806773013e9cf32d211922c935ae2df86c: selftests/harness: Fix tests timeout and race condition (2024-06-28 16:06:03 +0200) ---------------------------------------------------------------- Fix Kselftests timeout and race condition ---------------------------------------------------------------- Mickaël Salaün (1): selftests/harness: Fix tests timeout and race condition tools/testing/selftests/kselftest_harness.h | 43 ++++++++++++++++------------- 1 file changed, 24 insertions(+), 19 deletions(-)

10 months

2
1
0 0

[PATCH v4 3/3] tpm: Address !chip->auth in tpm_buf_append_hmac_session*()

by Jarkko Sakkinen

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm_buf_hmac_session*(). Thus, address !chip->auth in tpm_buf_hmac_session*() and remove the fallback implementation for !TCG_TPM2_HMAC. Cc: stable(a)vger.kernel.org # v6.9+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: 1085b8276bb4 ("tpm: Add the rest of the session HMAC API") Tested-by: Michael Ellerman <mpe(a)ellerman.id.au> # ppc Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v4: * Address: https://lore.kernel.org/linux-integrity/CAHk-=wiM=Cyw-07EkbAH66pE50VzJiT3bV… * Added tested-by from Michael Ellerman. v3: * Address: https://lore.kernel.org/linux-integrity/922603265d61011dbb23f18a04525ae973b… v2: * Use auth in place of chip->auth. --- drivers/char/tpm/tpm2-sessions.c | 186 ++++++++++++++++++------------- include/linux/tpm.h | 68 ++++------- 2 files changed, 130 insertions(+), 124 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index b3ed35e7ec00..2281d55df545 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -272,6 +272,110 @@ void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, } EXPORT_SYMBOL_GPL(tpm_buf_append_name); +/** + * tpm_buf_append_hmac_session() - Append a TPM session element + * @chip: the TPM chip structure + * @buf: The buffer to be appended + * @attributes: The session attributes + * @passphrase: The session authority (NULL if none) + * @passphrase_len: The length of the session authority (0 if none) + * + * This fills in a session structure in the TPM command buffer, except + * for the HMAC which cannot be computed until the command buffer is + * complete. The type of session is controlled by the @attributes, + * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the + * session won't terminate after tpm_buf_check_hmac_response(), + * TPM2_SA_DECRYPT which means this buffers first parameter should be + * encrypted with a session key and TPM2_SA_ENCRYPT, which means the + * response buffer's first parameter needs to be decrypted (confusing, + * but the defines are written from the point of view of the TPM). + * + * Any session appended by this command must be finalized by calling + * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect + * and the TPM will reject the command. + * + * As with most tpm_buf operations, success is assumed because failure + * will be caused by an incorrect programming model and indicated by a + * kernel message. + */ +void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, + u8 attributes, u8 *passphrase, + int passphrase_len) +{ +#ifdef CONFIG_TCG_TPM2_HMAC + u8 nonce[SHA256_DIGEST_SIZE]; + struct tpm2_auth *auth; + u32 len; +#endif + + if (!tpm2_chip_auth(chip)) { + /* offset tells us where the sessions area begins */ + int offset = buf->handles * 4 + TPM_HEADER_SIZE; + u32 len = 9 + passphrase_len; + + if (tpm_buf_length(buf) != offset) { + /* not the first session so update the existing length */ + len += get_unaligned_be32(&buf->data[offset]); + put_unaligned_be32(len, &buf->data[offset]); + } else { + tpm_buf_append_u32(buf, len); + } + /* auth handle */ + tpm_buf_append_u32(buf, TPM2_RS_PW); + /* nonce */ + tpm_buf_append_u16(buf, 0); + /* attributes */ + tpm_buf_append_u8(buf, 0); + /* passphrase */ + tpm_buf_append_u16(buf, passphrase_len); + tpm_buf_append(buf, passphrase, passphrase_len); + return; + } + +#ifdef CONFIG_TCG_TPM2_HMAC + /* + * The Architecture Guide requires us to strip trailing zeros + * before computing the HMAC + */ + while (passphrase && passphrase_len > 0 && passphrase[passphrase_len - 1] == '\0') + passphrase_len--; + + auth = chip->auth; + auth->attrs = attributes; + auth->passphrase_len = passphrase_len; + if (passphrase_len) + memcpy(auth->passphrase, passphrase, passphrase_len); + + if (auth->session != tpm_buf_length(buf)) { + /* we're not the first session */ + len = get_unaligned_be32(&buf->data[auth->session]); + if (4 + len + auth->session != tpm_buf_length(buf)) { + WARN(1, "session length mismatch, cannot append"); + return; + } + + /* add our new session */ + len += 9 + 2 * SHA256_DIGEST_SIZE; + put_unaligned_be32(len, &buf->data[auth->session]); + } else { + tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); + } + + /* random number for our nonce */ + get_random_bytes(nonce, sizeof(nonce)); + memcpy(auth->our_nonce, nonce, sizeof(nonce)); + tpm_buf_append_u32(buf, auth->handle); + /* our new nonce */ + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); + tpm_buf_append_u8(buf, auth->attrs); + /* and put a placeholder for the hmac */ + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); +#endif +} +EXPORT_SYMBOL_GPL(tpm_buf_append_hmac_session); + #ifdef CONFIG_TCG_TPM2_HMAC static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, @@ -457,82 +561,6 @@ static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) crypto_free_kpp(kpp); } -/** - * tpm_buf_append_hmac_session() - Append a TPM session element - * @chip: the TPM chip structure - * @buf: The buffer to be appended - * @attributes: The session attributes - * @passphrase: The session authority (NULL if none) - * @passphrase_len: The length of the session authority (0 if none) - * - * This fills in a session structure in the TPM command buffer, except - * for the HMAC which cannot be computed until the command buffer is - * complete. The type of session is controlled by the @attributes, - * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the - * session won't terminate after tpm_buf_check_hmac_response(), - * TPM2_SA_DECRYPT which means this buffers first parameter should be - * encrypted with a session key and TPM2_SA_ENCRYPT, which means the - * response buffer's first parameter needs to be decrypted (confusing, - * but the defines are written from the point of view of the TPM). - * - * Any session appended by this command must be finalized by calling - * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect - * and the TPM will reject the command. - * - * As with most tpm_buf operations, success is assumed because failure - * will be caused by an incorrect programming model and indicated by a - * kernel message. - */ -void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, - u8 attributes, u8 *passphrase, - int passphrase_len) -{ - u8 nonce[SHA256_DIGEST_SIZE]; - u32 len; - struct tpm2_auth *auth = chip->auth; - - /* - * The Architecture Guide requires us to strip trailing zeros - * before computing the HMAC - */ - while (passphrase && passphrase_len > 0 - && passphrase[passphrase_len - 1] == '\0') - passphrase_len--; - - auth->attrs = attributes; - auth->passphrase_len = passphrase_len; - if (passphrase_len) - memcpy(auth->passphrase, passphrase, passphrase_len); - - if (auth->session != tpm_buf_length(buf)) { - /* we're not the first session */ - len = get_unaligned_be32(&buf->data[auth->session]); - if (4 + len + auth->session != tpm_buf_length(buf)) { - WARN(1, "session length mismatch, cannot append"); - return; - } - - /* add our new session */ - len += 9 + 2 * SHA256_DIGEST_SIZE; - put_unaligned_be32(len, &buf->data[auth->session]); - } else { - tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); - } - - /* random number for our nonce */ - get_random_bytes(nonce, sizeof(nonce)); - memcpy(auth->our_nonce, nonce, sizeof(nonce)); - tpm_buf_append_u32(buf, auth->handle); - /* our new nonce */ - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); - tpm_buf_append_u8(buf, auth->attrs); - /* and put a placeholder for the hmac */ - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); -} -EXPORT_SYMBOL(tpm_buf_append_hmac_session); - /** * tpm_buf_fill_hmac_session() - finalize the session HMAC * @chip: the TPM chip structure @@ -563,6 +591,9 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) u8 cphash[SHA256_DIGEST_SIZE]; struct sha256_state sctx; + if (!auth) + return; + /* save the command code in BE format */ auth->ordinal = head->ordinal; @@ -721,6 +752,9 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, u32 cc = be32_to_cpu(auth->ordinal); int parm_len, len, i, handles; + if (!auth) + return rc; + if (auth->session >= TPM_HEADER_SIZE) { WARN(1, "tpm session not filled correctly\n"); goto out; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 4d3071e885a0..e93ee8d936a9 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -502,10 +502,6 @@ static inline struct tpm2_auth *tpm2_chip_auth(struct tpm_chip *chip) void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, u32 handle, u8 *name); - -#ifdef CONFIG_TCG_TPM2_HMAC - -int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen); @@ -515,9 +511,27 @@ static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, u8 *passphrase, int passphraselen) { - tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, - passphraselen); + struct tpm_header *head; + int offset; + + if (tpm2_chip_auth(chip)) { + tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, passphraselen); + } else { + offset = buf->handles * 4 + TPM_HEADER_SIZE; + head = (struct tpm_header *)buf->data; + + /* + * If the only sessions are optional, the command tag must change to + * TPM2_ST_NO_SESSIONS. + */ + if (tpm_buf_length(buf) == offset) + head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); + } } + +#ifdef CONFIG_TCG_TPM2_HMAC + +int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf); int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, int rc); @@ -532,48 +546,6 @@ static inline int tpm2_start_auth_session(struct tpm_chip *chip) static inline void tpm2_end_auth_session(struct tpm_chip *chip) { } -static inline void tpm_buf_append_hmac_session(struct tpm_chip *chip, - struct tpm_buf *buf, - u8 attributes, u8 *passphrase, - int passphraselen) -{ - /* offset tells us where the sessions area begins */ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; - u32 len = 9 + passphraselen; - - if (tpm_buf_length(buf) != offset) { - /* not the first session so update the existing length */ - len += get_unaligned_be32(&buf->data[offset]); - put_unaligned_be32(len, &buf->data[offset]); - } else { - tpm_buf_append_u32(buf, len); - } - /* auth handle */ - tpm_buf_append_u32(buf, TPM2_RS_PW); - /* nonce */ - tpm_buf_append_u16(buf, 0); - /* attributes */ - tpm_buf_append_u8(buf, 0); - /* passphrase */ - tpm_buf_append_u16(buf, passphraselen); - tpm_buf_append(buf, passphrase, passphraselen); -} -static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, - struct tpm_buf *buf, - u8 attributes, - u8 *passphrase, - int passphraselen) -{ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; - struct tpm_header *head = (struct tpm_header *) buf->data; - - /* - * if the only sessions are optional, the command tag - * must change to TPM2_ST_NO_SESSIONS - */ - if (tpm_buf_length(buf) == offset) - head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); -} static inline void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) { -- 2.45.2

10 months

1
0
0 0

[PATCH v4 2/3] tpm: Address !chip->auth in tpm_buf_append_name()

by Jarkko Sakkinen

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm_buf_append_name(). Thus, address !chip->auth in tpm_buf_append_name() and remove the fallback implementation for !TCG_TPM2_HMAC. Cc: stable(a)vger.kernel.org # v6.10+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: d0a25bb961e6 ("tpm: Add HMAC session name/handle append") Tested-by: Michael Ellerman <mpe(a)ellerman.id.au> # ppc Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v4: * Address: https://lore.kernel.org/linux-integrity/CAHk-=wiM=Cyw-07EkbAH66pE50VzJiT3bV… * Added tested-by from Michael Ellerman. v3: * Address: https://lore.kernel.org/linux-integrity/922603265d61011dbb23f18a04525ae973b… v2: * N/A --- drivers/char/tpm/Makefile | 2 +- drivers/char/tpm/tpm2-sessions.c | 219 +++++++++++++++++-------------- include/linux/tpm.h | 21 +-- 3 files changed, 131 insertions(+), 111 deletions(-) diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile index 4c695b0388f3..9bb142c75243 100644 --- a/drivers/char/tpm/Makefile +++ b/drivers/char/tpm/Makefile @@ -16,8 +16,8 @@ tpm-y += eventlog/common.o tpm-y += eventlog/tpm1.o tpm-y += eventlog/tpm2.o tpm-y += tpm-buf.o +tpm-y += tpm2-sessions.o -tpm-$(CONFIG_TCG_TPM2_HMAC) += tpm2-sessions.o tpm-$(CONFIG_ACPI) += tpm_ppi.o eventlog/acpi.o tpm-$(CONFIG_EFI) += eventlog/efi.o tpm-$(CONFIG_OF) += eventlog/of.o diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 2f1d96a5a5a7..b3ed35e7ec00 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -83,9 +83,6 @@ #define AES_KEY_BYTES AES_KEYSIZE_128 #define AES_KEY_BITS (AES_KEY_BYTES*8) -static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, - u32 *handle, u8 *name); - /* * This is the structure that carries all the auth information (like * session handle, nonces, session key and auth) from use to use it is @@ -148,6 +145,7 @@ struct tpm2_auth { u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE]; }; +#ifdef CONFIG_TCG_TPM2_HMAC /* * Name Size based on TPM algorithm (assumes no hash bigger than 255) */ @@ -163,6 +161,122 @@ static u8 name_size(const u8 *name) return size_map[alg] + 2; } +static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) +{ + struct tpm_header *head = (struct tpm_header *)buf->data; + off_t offset = TPM_HEADER_SIZE; + u32 tot_len = be32_to_cpu(head->length); + u32 val; + + /* we're starting after the header so adjust the length */ + tot_len -= TPM_HEADER_SIZE; + + /* skip public */ + val = tpm_buf_read_u16(buf, &offset); + if (val > tot_len) + return -EINVAL; + offset += val; + /* name */ + val = tpm_buf_read_u16(buf, &offset); + if (val != name_size(&buf->data[offset])) + return -EINVAL; + memcpy(name, &buf->data[offset], val); + /* forget the rest */ + return 0; +} + +static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) +{ + struct tpm_buf buf; + int rc; + + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); + if (rc) + return rc; + + tpm_buf_append_u32(&buf, handle); + rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); + if (rc == TPM2_RC_SUCCESS) + rc = tpm2_parse_read_public(name, &buf); + + tpm_buf_destroy(&buf); + + return rc; +} +#endif /* CONFIG_TCG_TPM2_HMAC */ + +/** + * tpm_buf_append_name() - add a handle area to the buffer + * @chip: the TPM chip structure + * @buf: The buffer to be appended + * @handle: The handle to be appended + * @name: The name of the handle (may be NULL) + * + * In order to compute session HMACs, we need to know the names of the + * objects pointed to by the handles. For most objects, this is simply + * the actual 4 byte handle or an empty buf (in these cases @name + * should be NULL) but for volatile objects, permanent objects and NV + * areas, the name is defined as the hash (according to the name + * algorithm which should be set to sha256) of the public area to + * which the two byte algorithm id has been appended. For these + * objects, the @name pointer should point to this. If a name is + * required but @name is NULL, then TPM2_ReadPublic() will be called + * on the handle to obtain the name. + * + * As with most tpm_buf operations, success is assumed because failure + * will be caused by an incorrect programming model and indicated by a + * kernel message. + */ +void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, + u32 handle, u8 *name) +{ +#ifdef CONFIG_TCG_TPM2_HMAC + enum tpm2_mso_type mso = tpm2_handle_mso(handle); + struct tpm2_auth *auth; + int slot; +#endif + + if (!tpm2_chip_auth(chip)) { + tpm_buf_append_u32(buf, handle); + /* count the number of handles in the upper bits of flags */ + buf->handles++; + return; + } + +#ifdef CONFIG_TCG_TPM2_HMAC + slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE) / 4; + if (slot >= AUTH_MAX_NAMES) { + dev_err(&chip->dev, "TPM: too many handles\n"); + return; + } + auth = chip->auth; + WARN(auth->session != tpm_buf_length(buf), + "name added in wrong place\n"); + tpm_buf_append_u32(buf, handle); + auth->session += 4; + + if (mso == TPM2_MSO_PERSISTENT || + mso == TPM2_MSO_VOLATILE || + mso == TPM2_MSO_NVRAM) { + if (!name) + tpm2_read_public(chip, handle, auth->name[slot]); + } else { + if (name) + dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); + } + + auth->name_h[slot] = handle; + if (name) + memcpy(auth->name[slot], name, name_size(name)); +#endif +} +EXPORT_SYMBOL_GPL(tpm_buf_append_name); + +#ifdef CONFIG_TCG_TPM2_HMAC + +static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, + u32 *handle, u8 *name); + /* * It turns out the crypto hmac(sha256) is hard for us to consume * because it assumes a fixed key and the TPM seems to change the key @@ -567,104 +681,6 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) } EXPORT_SYMBOL(tpm_buf_fill_hmac_session); -static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - off_t offset = TPM_HEADER_SIZE; - u32 tot_len = be32_to_cpu(head->length); - u32 val; - - /* we're starting after the header so adjust the length */ - tot_len -= TPM_HEADER_SIZE; - - /* skip public */ - val = tpm_buf_read_u16(buf, &offset); - if (val > tot_len) - return -EINVAL; - offset += val; - /* name */ - val = tpm_buf_read_u16(buf, &offset); - if (val != name_size(&buf->data[offset])) - return -EINVAL; - memcpy(name, &buf->data[offset], val); - /* forget the rest */ - return 0; -} - -static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) -{ - struct tpm_buf buf; - int rc; - - rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); - if (rc) - return rc; - - tpm_buf_append_u32(&buf, handle); - rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); - if (rc == TPM2_RC_SUCCESS) - rc = tpm2_parse_read_public(name, &buf); - - tpm_buf_destroy(&buf); - - return rc; -} - -/** - * tpm_buf_append_name() - add a handle area to the buffer - * @chip: the TPM chip structure - * @buf: The buffer to be appended - * @handle: The handle to be appended - * @name: The name of the handle (may be NULL) - * - * In order to compute session HMACs, we need to know the names of the - * objects pointed to by the handles. For most objects, this is simply - * the actual 4 byte handle or an empty buf (in these cases @name - * should be NULL) but for volatile objects, permanent objects and NV - * areas, the name is defined as the hash (according to the name - * algorithm which should be set to sha256) of the public area to - * which the two byte algorithm id has been appended. For these - * objects, the @name pointer should point to this. If a name is - * required but @name is NULL, then TPM2_ReadPublic() will be called - * on the handle to obtain the name. - * - * As with most tpm_buf operations, success is assumed because failure - * will be caused by an incorrect programming model and indicated by a - * kernel message. - */ -void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, - u32 handle, u8 *name) -{ - enum tpm2_mso_type mso = tpm2_handle_mso(handle); - struct tpm2_auth *auth = chip->auth; - int slot; - - slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE)/4; - if (slot >= AUTH_MAX_NAMES) { - dev_err(&chip->dev, "TPM: too many handles\n"); - return; - } - WARN(auth->session != tpm_buf_length(buf), - "name added in wrong place\n"); - tpm_buf_append_u32(buf, handle); - auth->session += 4; - - if (mso == TPM2_MSO_PERSISTENT || - mso == TPM2_MSO_VOLATILE || - mso == TPM2_MSO_NVRAM) { - if (!name) - tpm2_read_public(chip, handle, auth->name[slot]); - } else { - if (name) - dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); - } - - auth->name_h[slot] = handle; - if (name) - memcpy(auth->name[slot], name, name_size(name)); -} -EXPORT_SYMBOL(tpm_buf_append_name); - /** * tpm_buf_check_hmac_response() - check the TPM return HMAC for correctness * @chip: the TPM chip structure @@ -1311,3 +1327,4 @@ int tpm2_sessions_init(struct tpm_chip *chip) return rc; } +#endif /* CONFIG_TCG_TPM2_HMAC */ diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 21a67dc9efe8..4d3071e885a0 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -490,11 +490,22 @@ static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle) { } #endif + +static inline struct tpm2_auth *tpm2_chip_auth(struct tpm_chip *chip) +{ #ifdef CONFIG_TCG_TPM2_HMAC + return chip->auth; +#else + return NULL; +#endif +} -int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, u32 handle, u8 *name); + +#ifdef CONFIG_TCG_TPM2_HMAC + +int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen); @@ -521,14 +532,6 @@ static inline int tpm2_start_auth_session(struct tpm_chip *chip) static inline void tpm2_end_auth_session(struct tpm_chip *chip) { } -static inline void tpm_buf_append_name(struct tpm_chip *chip, - struct tpm_buf *buf, - u32 handle, u8 *name) -{ - tpm_buf_append_u32(buf, handle); - /* count the number of handles in the upper bits of flags */ - buf->handles++; -} static inline void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, -- 2.45.2

10 months

1
0
0 0

[PATCH v4 1/3] tpm: Address !chip->auth in tpm2_*_auth_session()

by Jarkko Sakkinen

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm2_*_auth_session(). Thus, address !chip->auth in tpm2_*_auth_session(). Cc: stable(a)vger.kernel.org # v6.9+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") Tested-by: Michael Ellerman <mpe(a)ellerman.id.au> # ppc Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v4: * Added tested-by from Michael Ellerman. v3: * No changes. v2: * Use dev_warn_once() instead of pr_warn_once(). --- drivers/char/tpm/tpm2-sessions.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 907ac9956a78..2f1d96a5a5a7 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -824,8 +824,13 @@ EXPORT_SYMBOL(tpm_buf_check_hmac_response); */ void tpm2_end_auth_session(struct tpm_chip *chip) { - tpm2_flush_context(chip, chip->auth->handle); - memzero_explicit(chip->auth, sizeof(*chip->auth)); + struct tpm2_auth *auth = chip->auth; + + if (!auth) + return; + + tpm2_flush_context(chip, auth->handle); + memzero_explicit(auth, sizeof(*auth)); } EXPORT_SYMBOL(tpm2_end_auth_session); @@ -907,6 +912,11 @@ int tpm2_start_auth_session(struct tpm_chip *chip) int rc; u32 null_key; + if (!auth) { + dev_warn_once(&chip->dev, "auth session is not active\n"); + return 0; + } + rc = tpm2_load_null(chip, &null_key); if (rc) goto out; -- 2.45.2

10 months

1
0
0 0

+ mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/gup: clear the LRU flag of a page before adding to LRU batch has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: yangge <yangge1116(a)126.com> Subject: mm/gup: clear the LRU flag of a page before adding to LRU batch Date: Wed, 3 Jul 2024 20:02:33 +0800 If a large number of CMA memory are configured in system (for example, the CMA memory accounts for 50% of the system memory), starting a virtual virtual machine with device passthrough, it will call pin_user_pages_remote(..., FOLL_LONGTERM, ...) to pin memory. Normally if a page is present and in CMA area, pin_user_pages_remote() will migrate the page from CMA area to non-CMA area because of FOLL_LONGTERM flag. But the current code will cause the migration failure due to unexpected page refcounts, and eventually cause the virtual machine fail to start. If a page is added in LRU batch, its refcount increases one, remove the page from LRU batch decreases one. Page migration requires the page is not referenced by others except page mapping. Before migrating a page, we should try to drain the page from LRU batch in case the page is in it, however, folio_test_lru() is not sufficient to tell whether the page is in LRU batch or not, if the page is in LRU batch, the migration will fail. To solve the problem above, we modify the logic of adding to LRU batch. Before adding a page to LRU batch, we clear the LRU flag of the page so that we can check whether the page is in LRU batch by folio_test_lru(page). It's quite valuable, because likely we don't want to blindly drain the LRU batch simply because there is some unexpected reference on a page, as described above. This change makes the LRU flag of a page invisible for longer, which may impact some programs. For example, as long as a page is on a LRU batch, we cannot isolate it, and we cannot check if it's an LRU page. Further, a page can now only be on exactly one LRU batch. This doesn't seem to matter much, because a new page is allocated from buddy and added to the lru batch, or be isolated, it's LRU flag may also be invisible for a long time. Link: https://lkml.kernel.org/r/1720075944-27201-1-git-send-email-yangge1116@126.… Link: https://lkml.kernel.org/r/1720008153-16035-1-git-send-email-yangge1116@126.… Fixes: 9a4e9f3b2d73 ("mm: update get_user_pages_longterm to migrate pages allocated from CMA region") Signed-off-by: yangge <yangge1116(a)126.com> Cc: Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swap.c | 43 +++++++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 12 deletions(-) --- a/mm/swap.c~mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch +++ a/mm/swap.c @@ -212,10 +212,6 @@ static void folio_batch_move_lru(struct for (i = 0; i < folio_batch_count(fbatch); i++) { struct folio *folio = fbatch->folios[i]; - /* block memcg migration while the folio moves between lru */ - if (move_fn != lru_add_fn && !folio_test_clear_lru(folio)) - continue; - folio_lruvec_relock_irqsave(folio, &lruvec, &flags); move_fn(lruvec, folio); @@ -256,11 +252,16 @@ static void lru_move_tail_fn(struct lruv void folio_rotate_reclaimable(struct folio *folio) { if (!folio_test_locked(folio) && !folio_test_dirty(folio) && - !folio_test_unevictable(folio) && folio_test_lru(folio)) { + !folio_test_unevictable(folio)) { struct folio_batch *fbatch; unsigned long flags; folio_get(folio); + if (!folio_test_clear_lru(folio)) { + folio_put(folio); + return; + } + local_lock_irqsave(&lru_rotate.lock, flags); fbatch = this_cpu_ptr(&lru_rotate.fbatch); folio_batch_add_and_move(fbatch, folio, lru_move_tail_fn); @@ -353,11 +354,15 @@ static void folio_activate_drain(int cpu void folio_activate(struct folio *folio) { - if (folio_test_lru(folio) && !folio_test_active(folio) && - !folio_test_unevictable(folio)) { + if (!folio_test_active(folio) && !folio_test_unevictable(folio)) { struct folio_batch *fbatch; folio_get(folio); + if (!folio_test_clear_lru(folio)) { + folio_put(folio); + return; + } + local_lock(&cpu_fbatches.lock); fbatch = this_cpu_ptr(&cpu_fbatches.activate); folio_batch_add_and_move(fbatch, folio, folio_activate_fn); @@ -701,6 +706,11 @@ void deactivate_file_folio(struct folio return; folio_get(folio); + if (!folio_test_clear_lru(folio)) { + folio_put(folio); + return; + } + local_lock(&cpu_fbatches.lock); fbatch = this_cpu_ptr(&cpu_fbatches.lru_deactivate_file); folio_batch_add_and_move(fbatch, folio, lru_deactivate_file_fn); @@ -717,11 +727,16 @@ void deactivate_file_folio(struct folio */ void folio_deactivate(struct folio *folio) { - if (folio_test_lru(folio) && !folio_test_unevictable(folio) && - (folio_test_active(folio) || lru_gen_enabled())) { + if (!folio_test_unevictable(folio) && (folio_test_active(folio) || + lru_gen_enabled())) { struct folio_batch *fbatch; folio_get(folio); + if (!folio_test_clear_lru(folio)) { + folio_put(folio); + return; + } + local_lock(&cpu_fbatches.lock); fbatch = this_cpu_ptr(&cpu_fbatches.lru_deactivate); folio_batch_add_and_move(fbatch, folio, lru_deactivate_fn); @@ -738,12 +753,16 @@ void folio_deactivate(struct folio *foli */ void folio_mark_lazyfree(struct folio *folio) { - if (folio_test_lru(folio) && folio_test_anon(folio) && - folio_test_swapbacked(folio) && !folio_test_swapcache(folio) && - !folio_test_unevictable(folio)) { + if (folio_test_anon(folio) && folio_test_swapbacked(folio) && + !folio_test_swapcache(folio) && !folio_test_unevictable(folio)) { struct folio_batch *fbatch; folio_get(folio); + if (!folio_test_clear_lru(folio)) { + folio_put(folio); + return; + } + local_lock(&cpu_fbatches.lock); fbatch = this_cpu_ptr(&cpu_fbatches.lru_lazyfree); folio_batch_add_and_move(fbatch, folio, lru_lazyfree_fn); _ Patches currently in -mm which might be from yangge1116(a)126.com are mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch.patch

10 months

1
0
0 0

+ mm-fix-khugepaged-activation-policy.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix khugepaged activation policy has been added to the -mm mm-unstable branch. Its filename is mm-fix-khugepaged-activation-policy.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: fix khugepaged activation policy Date: Thu, 4 Jul 2024 10:10:50 +0100 Since the introduction of mTHP, the docuementation has stated that khugepaged would be enabled when any mTHP size is enabled, and disabled when all mTHP sizes are disabled. There are 2 problems with this; 1. this is not what was implemented by the code and 2. this is not the desirable behavior. Desirable behavior is for khugepaged to be enabled when any PMD-sized THP is enabled, anon or file. (Note that file THP is still controlled by the top-level control so we must always consider that, as well as the PMD-size mTHP control for anon). khugepaged only supports collapsing to PMD-sized THP so there is no value in enabling it when PMD-sized THP is disabled. So let's change the code and documentation to reflect this policy. Further, per-size enabled control modification events were not previously forwarded to khugepaged to give it an opportunity to start or stop. Consequently the following was resulting in khugepaged eroneously not being activated: echo never > /sys/kernel/mm/transparent_hugepage/enabled echo always > /sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled Link: https://lkml.kernel.org/r/20240704091051.2411934-1-ryan.roberts@arm.com Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Fixes: 3485b88390b0 ("mm: thp: introduce multi-size THP sysfs interface") Closes: https://lore.kernel.org/linux-mm/7a0bbe69-1e3d-4263-b206-da007791a5c4@redha… Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Lance Yang <ioworker0(a)gmail.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/mm/transhuge.rst | 11 +++++------ include/linux/huge_mm.h | 15 ++++++++------- mm/huge_memory.c | 7 +++++++ mm/khugepaged.c | 13 ++++++------- 4 files changed, 26 insertions(+), 20 deletions(-) --- a/Documentation/admin-guide/mm/transhuge.rst~mm-fix-khugepaged-activation-policy +++ a/Documentation/admin-guide/mm/transhuge.rst @@ -202,12 +202,11 @@ PMD-mappable transparent hugepage:: cat /sys/kernel/mm/transparent_hugepage/hpage_pmd_size -khugepaged will be automatically started when one or more hugepage -sizes are enabled (either by directly setting "always" or "madvise", -or by setting "inherit" while the top-level enabled is set to "always" -or "madvise"), and it'll be automatically shutdown when the last -hugepage size is disabled (either by directly setting "never", or by -setting "inherit" while the top-level enabled is set to "never"). +khugepaged will be automatically started when PMD-sized THP is enabled +(either of the per-size anon control or the top-level control are set +to "always" or "madvise"), and it'll be automatically shutdown when +PMD-sized THP is disabled (when both the per-size anon control and the +top-level control are "never") Khugepaged controls ------------------- --- a/include/linux/huge_mm.h~mm-fix-khugepaged-activation-policy +++ a/include/linux/huge_mm.h @@ -128,16 +128,17 @@ static inline bool hugepage_global_alway (1<<TRANSPARENT_HUGEPAGE_FLAG); } -static inline bool hugepage_flags_enabled(void) +static inline bool hugepage_pmd_enabled(void) { /* - * We cover both the anon and the file-backed case here; we must return - * true if globally enabled, even when all anon sizes are set to never. - * So we don't need to look at huge_anon_orders_inherit. + * We cover both the anon and the file-backed case here; file-backed + * hugepages, when configured in, are determined by the global control. + * Anon pmd-sized hugepages are determined by the pmd-size control. */ - return hugepage_global_enabled() || - READ_ONCE(huge_anon_orders_always) || - READ_ONCE(huge_anon_orders_madvise); + return (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && hugepage_global_enabled()) || + test_bit(PMD_ORDER, &huge_anon_orders_always) || + test_bit(PMD_ORDER, &huge_anon_orders_madvise) || + (test_bit(PMD_ORDER, &huge_anon_orders_inherit) && hugepage_global_enabled()); } static inline int highest_order(unsigned long orders) --- a/mm/huge_memory.c~mm-fix-khugepaged-activation-policy +++ a/mm/huge_memory.c @@ -502,6 +502,13 @@ static ssize_t thpsize_enabled_store(str } else ret = -EINVAL; + if (ret > 0) { + int err; + + err = start_stop_khugepaged(); + if (err) + ret = err; + } return ret; } --- a/mm/khugepaged.c~mm-fix-khugepaged-activation-policy +++ a/mm/khugepaged.c @@ -449,7 +449,7 @@ void khugepaged_enter_vma(struct vm_area unsigned long vm_flags) { if (!test_bit(MMF_VM_HUGEPAGE, &vma->vm_mm->flags) && - hugepage_flags_enabled()) { + hugepage_pmd_enabled()) { if (thp_vma_allowable_order(vma, vm_flags, TVA_ENFORCE_SYSFS, PMD_ORDER)) __khugepaged_enter(vma->vm_mm); @@ -2462,8 +2462,7 @@ breakouterloop_mmap_lock: static int khugepaged_has_work(void) { - return !list_empty(&khugepaged_scan.mm_head) && - hugepage_flags_enabled(); + return !list_empty(&khugepaged_scan.mm_head) && hugepage_pmd_enabled(); } static int khugepaged_wait_event(void) @@ -2536,7 +2535,7 @@ static void khugepaged_wait_work(void) return; } - if (hugepage_flags_enabled()) + if (hugepage_pmd_enabled()) wait_event_freezable(khugepaged_wait, khugepaged_wait_event()); } @@ -2567,7 +2566,7 @@ static void set_recommended_min_free_kby int nr_zones = 0; unsigned long recommended_min; - if (!hugepage_flags_enabled()) { + if (!hugepage_pmd_enabled()) { calculate_min_free_kbytes(); goto update_wmarks; } @@ -2617,7 +2616,7 @@ int start_stop_khugepaged(void) int err = 0; mutex_lock(&khugepaged_mutex); - if (hugepage_flags_enabled()) { + if (hugepage_pmd_enabled()) { if (!khugepaged_thread) khugepaged_thread = kthread_run(khugepaged, NULL, "khugepaged"); @@ -2643,7 +2642,7 @@ fail: void khugepaged_min_free_kbytes_update(void) { mutex_lock(&khugepaged_mutex); - if (hugepage_flags_enabled() && khugepaged_thread) + if (hugepage_pmd_enabled() && khugepaged_thread) set_recommended_min_free_kbytes(); mutex_unlock(&khugepaged_mutex); } _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are mm-fix-khugepaged-activation-policy.patch

10 months

1
0
0 0

[tip: timers/core] timers/migration: Do not rely always on group->parent

by tip-bot2 for Anna-Maria Behnsen

The following commit has been merged into the timers/core branch of tip: Commit-ID: cabe7ebd57a0bfd0ef8e74f0c70423ae8d4d9171 Gitweb: https://git.kernel.org/tip/cabe7ebd57a0bfd0ef8e74f0c70423ae8d4d9171 Author: Anna-Maria Behnsen <anna-maria(a)linutronix.de> AuthorDate: Mon, 01 Jul 2024 12:18:37 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 04 Jul 2024 20:22:21 +02:00 timers/migration: Do not rely always on group->parent When reading group->parent without holding the group lock it is racy against CPUs coming online the first time and thereby creating another level of the hierarchy. This is not a problem when this value is read once to decide whether to abort a propagation or not. The worst outcome is an unnecessary/early CPU wake up. But it is racy when reading it several times during a single 'action' (like activation, deactivation, checking for remote timer expiry,...) and relying on the consitency of this value without holding the lock. This happens at the moment e.g. in tmigr_inactive_up() which is also calling tmigr_udpate_events(). Code relys on group->parent not to change during this 'action'. Update parent struct member description to explain the above only once. Remove parent pointer checks when they are not mandatory (like update of data->childmask). Remove a warning, which would be nice but the trigger of this warning is not reliable and add expand the data structure member description instead. Expand a comment, why it is safe to rely on parent pointer here (inside hierarchy update). Fixes: 7ee988770326 ("timers: Implement the hierarchical pull model") Reported-by: Borislav Petkov <bp(a)alien8.de> Signed-off-by: Anna-Maria Behnsen <anna-maria(a)linutronix.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Frederic Weisbecker <frederic(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240701-tmigr-fixes-v3-1-25cd5de318fb@linutronix… --- kernel/time/timer_migration.c | 33 +++++++++++++++------------------ kernel/time/timer_migration.h | 12 +++++++++++- 2 files changed, 26 insertions(+), 19 deletions(-) diff --git a/kernel/time/timer_migration.c b/kernel/time/timer_migration.c index 8441311..d91efe1 100644 --- a/kernel/time/timer_migration.c +++ b/kernel/time/timer_migration.c @@ -507,7 +507,14 @@ static void walk_groups(up_f up, void *data, struct tmigr_cpu *tmc) * (get_next_timer_interrupt()) * @firstexp: Contains the first event expiry information when last * active CPU of hierarchy is on the way to idle to make - * sure CPU will be back in time. + * sure CPU will be back in time. It is updated in top + * level group only. Be aware, there could occur a new top + * level of the hierarchy between the 'top level call' in + * tmigr_update_events() and the check for the parent group + * in walk_groups(). Then @firstexp might contain a value + * != KTIME_MAX even if it was not the final top + * level. This is not a problem, as the worst outcome is a + * CPU which might wake up a little early. * @evt: Pointer to tmigr_event which needs to be queued (of idle * child group) * @childmask: childmask of child group @@ -649,7 +656,7 @@ static bool tmigr_active_up(struct tmigr_group *group, } while (!atomic_try_cmpxchg(&group->migr_state, &curstate.state, newstate.state)); - if ((walk_done == false) && group->parent) + if (walk_done == false) data->childmask = group->childmask; /* @@ -1317,20 +1324,9 @@ static bool tmigr_inactive_up(struct tmigr_group *group, /* Event Handling */ tmigr_update_events(group, child, data); - if (group->parent && (walk_done == false)) + if (walk_done == false) data->childmask = group->childmask; - /* - * data->firstexp was set by tmigr_update_events() and contains the - * expiry of the first global event which needs to be handled. It - * differs from KTIME_MAX if: - * - group is the top level group and - * - group is idle (which means CPU was the last active CPU in the - * hierarchy) and - * - there is a pending event in the hierarchy - */ - WARN_ON_ONCE(data->firstexp != KTIME_MAX && group->parent); - trace_tmigr_group_set_cpu_inactive(group, newstate, childmask); return walk_done; @@ -1552,10 +1548,11 @@ static void tmigr_connect_child_parent(struct tmigr_group *child, data.childmask = child->childmask; /* - * There is only one new level per time. When connecting the - * child and the parent and set the child active when the parent - * is inactive, the parent needs to be the uppermost - * level. Otherwise there went something wrong! + * There is only one new level per time (which is protected by + * tmigr_mutex). When connecting the child and the parent and + * set the child active when the parent is inactive, the parent + * needs to be the uppermost level. Otherwise there went + * something wrong! */ WARN_ON(!tmigr_active_up(parent, child, &data) && parent->parent); } diff --git a/kernel/time/timer_migration.h b/kernel/time/timer_migration.h index 6c37d94..494f68c 100644 --- a/kernel/time/timer_migration.h +++ b/kernel/time/timer_migration.h @@ -22,7 +22,17 @@ struct tmigr_event { * struct tmigr_group - timer migration hierarchy group * @lock: Lock protecting the event information and group hierarchy * information during setup - * @parent: Pointer to the parent group + * @parent: Pointer to the parent group. Pointer is updated when a + * new hierarchy level is added because of a CPU coming + * online the first time. Once it is set, the pointer will + * not be removed or updated. When accessing parent pointer + * lock less to decide whether to abort a propagation or + * not, it is not a problem. The worst outcome is an + * unnecessary/early CPU wake up. But do not access parent + * pointer several times in the same 'action' (like + * activation, deactivation, check for remote expiry,...) + * without holding the lock as it is not ensured that value + * will not change. * @groupevt: Next event of the group which is only used when the * group is !active. The group event is then queued into * the parent timer queue.

10 months

1
0
0 0

[tip: timers/core] timers/migration: Move hierarchy setup into cpuhotplug prepare callback

by tip-bot2 for Anna-Maria Behnsen

The following commit has been merged into the timers/core branch of tip: Commit-ID: 8cdb61838ee5c63556773ea2eed24deab6b15257 Gitweb: https://git.kernel.org/tip/8cdb61838ee5c63556773ea2eed24deab6b15257 Author: Anna-Maria Behnsen <anna-maria(a)linutronix.de> AuthorDate: Wed, 03 Jul 2024 22:28:39 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 04 Jul 2024 20:22:22 +02:00 timers/migration: Move hierarchy setup into cpuhotplug prepare callback When a CPU comes online the first time, it is possible that a new top level group will be created. In general all propagation is done from the bottom to top. This minimizes complexity and prevents possible races. But when a new top level group is created, the formely top level group needs to be connected to the new level. This is the only time, when the direction to propagate changes is changed: the changes are propagated from top (new top level group) to bottom (formerly top level group). This introduces two races (see (A) and (B)) as reported by Frederic: (A) This race happens, when marking the formely top level group as active, but the last active CPU of the formerly top level group goes idle. Then it's likely that formerly group is no longer active, but marked nevertheless as active in new top level group: [GRP0:0] migrator = 0 active = 0 nextevt = KTIME_MAX / \ 0 1 .. 7 active idle 0) Hierarchy has for now only 8 CPUs and CPU 0 is the only active CPU. [GRP1:0] migrator = TMIGR_NONE active = NONE nextevt = KTIME_MAX \ [GRP0:0] [GRP0:1] migrator = 0 migrator = TMIGR_NONE active = 0 active = NONE nextevt = KTIME_MAX nextevt = KTIME_MAX / \ 0 1 .. 7 8 active idle !online 1) CPU 8 is booting and creates a new group in first level GRP0:1 and therefore also a new top group GRP1:0. For now the setup code proceeded only until the connected between GRP0:1 to the new top group. The connection between CPU8 and GRP0:1 is not yet established and CPU 8 is still !online. [GRP1:0] migrator = TMIGR_NONE active = NONE nextevt = KTIME_MAX / \ [GRP0:0] [GRP0:1] migrator = 0 migrator = TMIGR_NONE active = 0 active = NONE nextevt = KTIME_MAX nextevt = KTIME_MAX / \ 0 1 .. 7 8 active idle !online 2) Setup code now connects GRP0:0 to GRP1:0 and observes while in tmigr_connect_child_parent() that GRP0:0 is not TMIGR_NONE. So it prepares to call tmigr_active_up() on it. It hasn't done it yet. [GRP1:0] migrator = TMIGR_NONE active = NONE nextevt = KTIME_MAX / \ [GRP0:0] [GRP0:1] migrator = TMIGR_NONE migrator = TMIGR_NONE active = NONE active = NONE nextevt = KTIME_MAX nextevt = KTIME_MAX / \ 0 1 .. 7 8 idle idle !online 3) CPU 0 goes idle. Since GRP0:0->parent has been updated by CPU 8 with GRP0:0->lock held, CPU 0 observes GRP1:0 after calling tmigr_update_events() and it propagates the change to the top (no change there and no wakeup programmed since there is no timer). [GRP1:0] migrator = GRP0:0 active = GRP0:0 nextevt = KTIME_MAX / \ [GRP0:0] [GRP0:1] migrator = TMIGR_NONE migrator = TMIGR_NONE active = NONE active = NONE nextevt = KTIME_MAX nextevt = KTIME_MAX / \ 0 1 .. 7 8 idle idle !online 4) Now the setup code finally calls tmigr_active_up() to and sets GRP0:0 active in GRP1:0 [GRP1:0] migrator = GRP0:0 active = GRP0:0, GRP0:1 nextevt = KTIME_MAX / \ [GRP0:0] [GRP0:1] migrator = TMIGR_NONE migrator = 8 active = NONE active = 8 nextevt = KTIME_MAX nextevt = KTIME_MAX / \ | 0 1 .. 7 8 idle idle active 5) Now CPU 8 is connected with GRP0:1 and CPU 8 calls tmigr_active_up() out of tmigr_cpu_online(). [GRP1:0] migrator = GRP0:0 active = GRP0:0 nextevt = T8 / \ [GRP0:0] [GRP0:1] migrator = TMIGR_NONE migrator = TMIGR_NONE active = NONE active = NONE nextevt = KTIME_MAX nextevt = T8 / \ | 0 1 .. 7 8 idle idle idle 5) CPU 8 goes idle with a timer T8 and relies on GRP0:0 as the migrator. But it's not really active, so T8 gets ignored. --> The update which is done in third step is not noticed by setup code. So a wrong migrator is set to top level group and a timer could get ignored. (B) Reading group->parent and group->childmask when an hierarchy update is ongoing and reaches the formerly top level group is racy as those values could be inconsistent. (The notation of migrator and active now slightly changes in contrast to the above example, as now the childmasks are used.) [GRP1:0] migrator = TMIGR_NONE active = 0x00 nextevt = KTIME_MAX \ [GRP0:0] [GRP0:1] migrator = TMIGR_NONE migrator = TMIGR_NONE active = 0x00 active = 0x00 nextevt = KTIME_MAX nextevt = KTIME_MAX childmask= 0 childmask= 1 parent = NULL parent = GRP1:0 / \ 0 1 .. 7 8 idle idle !online childmask=1 1) Hierarchy has 8 CPUs. CPU 8 is at the moment in the process of onlining but did not yet connect GRP0:0 to GRP1:0. [GRP1:0] migrator = TMIGR_NONE active = 0x00 nextevt = KTIME_MAX / \ [GRP0:0] [GRP0:1] migrator = TMIGR_NONE migrator = TMIGR_NONE active = 0x00 active = 0x00 nextevt = KTIME_MAX nextevt = KTIME_MAX childmask= 0 childmask= 1 parent = GRP1:0 parent = GRP1:0 / \ 0 1 .. 7 8 idle idle !online childmask=1 2) Setup code (running on CPU 8) now connects GRP0:0 to GRP1:0, updates parent pointer of GRP0:0 and ... [GRP1:0] migrator = TMIGR_NONE active = 0x00 nextevt = KTIME_MAX / \ [GRP0:0] [GRP0:1] migrator = 0x01 migrator = TMIGR_NONE active = 0x01 active = 0x00 nextevt = KTIME_MAX nextevt = KTIME_MAX childmask= 0 childmask= 1 parent = GRP1:0 parent = GRP1:0 / \ 0 1 .. 7 8 active idle !online childmask=1 tmigr_walk.childmask = 0 3) ... CPU 0 comes active in the same time. As migrator in GRP0:0 was TMIGR_NONE, childmask of GRP0:0 is stored in update propagation data structure tmigr_walk (as update of childmask is not yet visible/updated). And now ... [GRP1:0] migrator = TMIGR_NONE active = 0x00 nextevt = KTIME_MAX / \ [GRP0:0] [GRP0:1] migrator = 0x01 migrator = TMIGR_NONE active = 0x01 active = 0x00 nextevt = KTIME_MAX nextevt = KTIME_MAX childmask= 2 childmask= 1 parent = GRP1:0 parent = GRP1:0 / \ 0 1 .. 7 8 active idle !online childmask=1 tmigr_walk.childmask = 0 4) ... childmask of GRP0:0 is updated by CPU 8 (still part of setup code). [GRP1:0] migrator = 0x00 active = 0x00 nextevt = KTIME_MAX / \ [GRP0:0] [GRP0:1] migrator = 0x01 migrator = TMIGR_NONE active = 0x01 active = 0x00 nextevt = KTIME_MAX nextevt = KTIME_MAX childmask= 2 childmask= 1 parent = GRP1:0 parent = GRP1:0 / \ 0 1 .. 7 8 active idle !online childmask=1 tmigr_walk.childmask = 0 5) CPU 0 sees the connection to GRP1:0 and now propagates active state to GRP1:0 but with childmask = 0 as stored in propagation data structure. --> Now GRP1:0 always has a migrator as 0x00 != TMIGR_NONE and for all CPUs it looks like GRP1:0 is always active. To prevent those races, the setup of the hierarchy is moved into the cpuhotplug prepare callback. The prepare callback is not executed by the CPU which will come online, it is executed by the CPU which prepares onlining of the other CPU. This CPU is active while it is connecting the formerly top level to the new one. This prevents from (A) to happen and it also prevents from any further walk above the formerly top level until that active CPU becomes inactive, releasing the new ->parent and ->childmask updates to be visible by any subsequent walk up above the formerly top level hierarchy. This prevents from (B) to happen. The direction for the updates is now forced to look like "from bottom to top". However if the active CPU prevents from tmigr_cpu_(in)active() to walk up with the update not-or-half visible, nothing prevents walking up to the new top with a 0 childmask in tmigr_handle_remote_up() or tmigr_requires_handle_remote_up() if the active CPU doing the prepare is not the migrator. But then it looks fine because: * tmigr_check_migrator() should just return false * The migrator is active and should eventually observe the new childmask at some point in a future tick. Split setup functionality of online callback into the cpuhotplug prepare callback and setup hotplug state. Reorder the code, that all prepare related functions are close to each other and online and offline callbacks are also close together. Fixes: 7ee988770326 ("timers: Implement the hierarchical pull model") Signed-off-by: Anna-Maria Behnsen <anna-maria(a)linutronix.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Frederic Weisbecker <frederic(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240703202839.8921-1-anna-maria@linutronix.de --- include/linux/cpuhotplug.h | 1 +- kernel/time/timer_migration.c | 181 ++++++++++++++++++--------------- 2 files changed, 101 insertions(+), 81 deletions(-) diff --git a/include/linux/cpuhotplug.h b/include/linux/cpuhotplug.h index 7a5785f..df59666 100644 --- a/include/linux/cpuhotplug.h +++ b/include/linux/cpuhotplug.h @@ -122,6 +122,7 @@ enum cpuhp_state { CPUHP_KVM_PPC_BOOK3S_PREPARE, CPUHP_ZCOMP_PREPARE, CPUHP_TIMERS_PREPARE, + CPUHP_TMIGR_PREPARE, CPUHP_MIPS_SOC_PREPARE, CPUHP_BP_PREPARE_DYN, CPUHP_BP_PREPARE_DYN_END = CPUHP_BP_PREPARE_DYN + 20, diff --git a/kernel/time/timer_migration.c b/kernel/time/timer_migration.c index d91efe1..9b86efd 100644 --- a/kernel/time/timer_migration.c +++ b/kernel/time/timer_migration.c @@ -1438,6 +1438,66 @@ u64 tmigr_quick_check(u64 nextevt) return KTIME_MAX; } +/* + * tmigr_trigger_active() - trigger a CPU to become active again + * + * This function is executed on a CPU which is part of cpu_online_mask, when the + * last active CPU in the hierarchy is offlining. With this, it is ensured that + * the other CPU is active and takes over the migrator duty. + */ +static long tmigr_trigger_active(void *unused) +{ + struct tmigr_cpu *tmc = this_cpu_ptr(&tmigr_cpu); + + WARN_ON_ONCE(!tmc->online || tmc->idle); + + return 0; +} + +static int tmigr_cpu_offline(unsigned int cpu) +{ + struct tmigr_cpu *tmc = this_cpu_ptr(&tmigr_cpu); + int migrator; + u64 firstexp; + + raw_spin_lock_irq(&tmc->lock); + tmc->online = false; + WRITE_ONCE(tmc->wakeup, KTIME_MAX); + + /* + * CPU has to handle the local events on his own, when on the way to + * offline; Therefore nextevt value is set to KTIME_MAX + */ + firstexp = __tmigr_cpu_deactivate(tmc, KTIME_MAX); + trace_tmigr_cpu_offline(tmc); + raw_spin_unlock_irq(&tmc->lock); + + if (firstexp != KTIME_MAX) { + migrator = cpumask_any_but(cpu_online_mask, cpu); + work_on_cpu(migrator, tmigr_trigger_active, NULL); + } + + return 0; +} + +static int tmigr_cpu_online(unsigned int cpu) +{ + struct tmigr_cpu *tmc = this_cpu_ptr(&tmigr_cpu); + + /* Check whether CPU data was successfully initialized */ + if (WARN_ON_ONCE(!tmc->tmgroup)) + return -EINVAL; + + raw_spin_lock_irq(&tmc->lock); + trace_tmigr_cpu_online(tmc); + tmc->idle = timer_base_is_idle(); + if (!tmc->idle) + __tmigr_cpu_activate(tmc); + tmc->online = true; + raw_spin_unlock_irq(&tmc->lock); + return 0; +} + static void tmigr_init_group(struct tmigr_group *group, unsigned int lvl, int node) { @@ -1512,7 +1572,7 @@ static struct tmigr_group *tmigr_get_group(unsigned int cpu, int node, static void tmigr_connect_child_parent(struct tmigr_group *child, struct tmigr_group *parent) { - union tmigr_state childstate; + struct tmigr_walk data; raw_spin_lock_irq(&child->lock); raw_spin_lock_nested(&parent->lock, SINGLE_DEPTH_NESTING); @@ -1540,22 +1600,24 @@ static void tmigr_connect_child_parent(struct tmigr_group *child, * child to the new parent. So tmigr_connect_child_parent() is * executed with the formerly top level group (child) and the newly * created group (parent). + * + * * It is ensured that the child is active, as this setup path is + * executed in hotplug prepare callback. This is exectued by an + * already connected and !idle CPU. Even if all other CPUs go idle, + * the CPU executing the setup will be responsible up to current top + * level group. And the next time it goes inactive, it will release + * the new childmask and parent to subsequent walkers through this + * @child. Therefore propagate active state unconditionally. */ - childstate.state = atomic_read(&child->migr_state); - if (childstate.migrator != TMIGR_NONE) { - struct tmigr_walk data; - - data.childmask = child->childmask; + data.childmask = child->childmask; - /* - * There is only one new level per time (which is protected by - * tmigr_mutex). When connecting the child and the parent and - * set the child active when the parent is inactive, the parent - * needs to be the uppermost level. Otherwise there went - * something wrong! - */ - WARN_ON(!tmigr_active_up(parent, child, &data) && parent->parent); - } + /* + * There is only one new level per time (which is protected by + * tmigr_mutex). When connecting the child and the parent and set the + * child active when the parent is inactive, the parent needs to be the + * uppermost level. Otherwise there went something wrong! + */ + WARN_ON(!tmigr_active_up(parent, child, &data) && parent->parent); } static int tmigr_setup_groups(unsigned int cpu, unsigned int node) @@ -1661,80 +1723,32 @@ static int tmigr_add_cpu(unsigned int cpu) return ret; } -static int tmigr_cpu_online(unsigned int cpu) +static int tmigr_cpu_prepare(unsigned int cpu) { - struct tmigr_cpu *tmc = this_cpu_ptr(&tmigr_cpu); - int ret; - - /* First online attempt? Initialize CPU data */ - if (!tmc->tmgroup) { - raw_spin_lock_init(&tmc->lock); - - ret = tmigr_add_cpu(cpu); - if (ret < 0) - return ret; - - if (tmc->childmask == 0) - return -EINVAL; + struct tmigr_cpu *tmc = per_cpu_ptr(&tmigr_cpu, cpu); + int ret = 0; - timerqueue_init(&tmc->cpuevt.nextevt); - tmc->cpuevt.nextevt.expires = KTIME_MAX; - tmc->cpuevt.ignore = true; - tmc->cpuevt.cpu = cpu; - - tmc->remote = false; - WRITE_ONCE(tmc->wakeup, KTIME_MAX); - } - raw_spin_lock_irq(&tmc->lock); - trace_tmigr_cpu_online(tmc); - tmc->idle = timer_base_is_idle(); - if (!tmc->idle) - __tmigr_cpu_activate(tmc); - tmc->online = true; - raw_spin_unlock_irq(&tmc->lock); - return 0; -} - -/* - * tmigr_trigger_active() - trigger a CPU to become active again - * - * This function is executed on a CPU which is part of cpu_online_mask, when the - * last active CPU in the hierarchy is offlining. With this, it is ensured that - * the other CPU is active and takes over the migrator duty. - */ -static long tmigr_trigger_active(void *unused) -{ - struct tmigr_cpu *tmc = this_cpu_ptr(&tmigr_cpu); + /* Not first online attempt? */ + if (tmc->tmgroup) + return ret; - WARN_ON_ONCE(!tmc->online || tmc->idle); + raw_spin_lock_init(&tmc->lock); - return 0; -} + ret = tmigr_add_cpu(cpu); + if (ret < 0) + return ret; -static int tmigr_cpu_offline(unsigned int cpu) -{ - struct tmigr_cpu *tmc = this_cpu_ptr(&tmigr_cpu); - int migrator; - u64 firstexp; + if (tmc->childmask == 0) + return -EINVAL; - raw_spin_lock_irq(&tmc->lock); - tmc->online = false; + timerqueue_init(&tmc->cpuevt.nextevt); + tmc->cpuevt.nextevt.expires = KTIME_MAX; + tmc->cpuevt.ignore = true; + tmc->cpuevt.cpu = cpu; + tmc->remote = false; WRITE_ONCE(tmc->wakeup, KTIME_MAX); - /* - * CPU has to handle the local events on his own, when on the way to - * offline; Therefore nextevt value is set to KTIME_MAX - */ - firstexp = __tmigr_cpu_deactivate(tmc, KTIME_MAX); - trace_tmigr_cpu_offline(tmc); - raw_spin_unlock_irq(&tmc->lock); - - if (firstexp != KTIME_MAX) { - migrator = cpumask_any_but(cpu_online_mask, cpu); - work_on_cpu(migrator, tmigr_trigger_active, NULL); - } - - return 0; + return ret; } static int __init tmigr_init(void) @@ -1793,6 +1807,11 @@ static int __init tmigr_init(void) tmigr_hierarchy_levels, TMIGR_CHILDREN_PER_GROUP, tmigr_crossnode_level); + ret = cpuhp_setup_state(CPUHP_AP_TMIGR_ONLINE, "tmigr:prepare", + tmigr_cpu_prepare, NULL); + if (ret) + goto err; + ret = cpuhp_setup_state(CPUHP_AP_TMIGR_ONLINE, "tmigr:online", tmigr_cpu_online, tmigr_cpu_offline); if (ret)

10 months

1
0
0 0

[PATCH v2 2/3] tpm: Address !chip->auth in tpm_buf_append_name()

by Jarkko Sakkinen

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm_buf_append_name(). Thus, address !chip->auth in tpm_buf_append_name() and remove the fallback implementation for !TCG_TPM2_HMAC. Cc: stable(a)vger.kernel.org # v6.9+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: d0a25bb961e6 ("tpm: Add HMAC session name/handle append") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- drivers/char/tpm/Makefile | 2 +- drivers/char/tpm/tpm2-sessions.c | 205 ++++++++++++++++--------------- include/linux/tpm.h | 16 +-- 3 files changed, 113 insertions(+), 110 deletions(-) diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile index 4c695b0388f3..9bb142c75243 100644 --- a/drivers/char/tpm/Makefile +++ b/drivers/char/tpm/Makefile @@ -16,8 +16,8 @@ tpm-y += eventlog/common.o tpm-y += eventlog/tpm1.o tpm-y += eventlog/tpm2.o tpm-y += tpm-buf.o +tpm-y += tpm2-sessions.o -tpm-$(CONFIG_TCG_TPM2_HMAC) += tpm2-sessions.o tpm-$(CONFIG_ACPI) += tpm_ppi.o eventlog/acpi.o tpm-$(CONFIG_EFI) += eventlog/efi.o tpm-$(CONFIG_OF) += eventlog/of.o diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 2f1d96a5a5a7..06d0f10a2301 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -163,6 +163,112 @@ static u8 name_size(const u8 *name) return size_map[alg] + 2; } +static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) +{ + struct tpm_header *head = (struct tpm_header *)buf->data; + off_t offset = TPM_HEADER_SIZE; + u32 tot_len = be32_to_cpu(head->length); + u32 val; + + /* we're starting after the header so adjust the length */ + tot_len -= TPM_HEADER_SIZE; + + /* skip public */ + val = tpm_buf_read_u16(buf, &offset); + if (val > tot_len) + return -EINVAL; + offset += val; + /* name */ + val = tpm_buf_read_u16(buf, &offset); + if (val != name_size(&buf->data[offset])) + return -EINVAL; + memcpy(name, &buf->data[offset], val); + /* forget the rest */ + return 0; +} + +static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) +{ + struct tpm_buf buf; + int rc; + + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); + if (rc) + return rc; + + tpm_buf_append_u32(&buf, handle); + rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); + if (rc == TPM2_RC_SUCCESS) + rc = tpm2_parse_read_public(name, &buf); + + tpm_buf_destroy(&buf); + + return rc; +} + +/** + * tpm_buf_append_name() - add a handle area to the buffer + * @chip: the TPM chip structure + * @buf: The buffer to be appended + * @handle: The handle to be appended + * @name: The name of the handle (may be NULL) + * + * In order to compute session HMACs, we need to know the names of the + * objects pointed to by the handles. For most objects, this is simply + * the actual 4 byte handle or an empty buf (in these cases @name + * should be NULL) but for volatile objects, permanent objects and NV + * areas, the name is defined as the hash (according to the name + * algorithm which should be set to sha256) of the public area to + * which the two byte algorithm id has been appended. For these + * objects, the @name pointer should point to this. If a name is + * required but @name is NULL, then TPM2_ReadPublic() will be called + * on the handle to obtain the name. + * + * As with most tpm_buf operations, success is assumed because failure + * will be caused by an incorrect programming model and indicated by a + * kernel message. + */ +void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, + u32 handle, u8 *name) +{ + enum tpm2_mso_type mso = tpm2_handle_mso(handle); + struct tpm2_auth *auth = chip->auth; + int slot; + + if (!chip->auth) { + tpm_buf_append_u32(buf, handle); + /* count the number of handles in the upper bits of flags */ + buf->handles++; + return; + } + + slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE) / 4; + if (slot >= AUTH_MAX_NAMES) { + dev_err(&chip->dev, "TPM: too many handles\n"); + return; + } + WARN(auth->session != tpm_buf_length(buf), + "name added in wrong place\n"); + tpm_buf_append_u32(buf, handle); + auth->session += 4; + + if (mso == TPM2_MSO_PERSISTENT || + mso == TPM2_MSO_VOLATILE || + mso == TPM2_MSO_NVRAM) { + if (!name) + tpm2_read_public(chip, handle, auth->name[slot]); + } else { + if (name) + dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); + } + + auth->name_h[slot] = handle; + if (name) + memcpy(auth->name[slot], name, name_size(name)); +} +EXPORT_SYMBOL_GPL(tpm_buf_append_name); + +#ifdef CONFIG_TCG_TPM2_HMAC /* * It turns out the crypto hmac(sha256) is hard for us to consume * because it assumes a fixed key and the TPM seems to change the key @@ -567,104 +673,6 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) } EXPORT_SYMBOL(tpm_buf_fill_hmac_session); -static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - off_t offset = TPM_HEADER_SIZE; - u32 tot_len = be32_to_cpu(head->length); - u32 val; - - /* we're starting after the header so adjust the length */ - tot_len -= TPM_HEADER_SIZE; - - /* skip public */ - val = tpm_buf_read_u16(buf, &offset); - if (val > tot_len) - return -EINVAL; - offset += val; - /* name */ - val = tpm_buf_read_u16(buf, &offset); - if (val != name_size(&buf->data[offset])) - return -EINVAL; - memcpy(name, &buf->data[offset], val); - /* forget the rest */ - return 0; -} - -static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) -{ - struct tpm_buf buf; - int rc; - - rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); - if (rc) - return rc; - - tpm_buf_append_u32(&buf, handle); - rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); - if (rc == TPM2_RC_SUCCESS) - rc = tpm2_parse_read_public(name, &buf); - - tpm_buf_destroy(&buf); - - return rc; -} - -/** - * tpm_buf_append_name() - add a handle area to the buffer - * @chip: the TPM chip structure - * @buf: The buffer to be appended - * @handle: The handle to be appended - * @name: The name of the handle (may be NULL) - * - * In order to compute session HMACs, we need to know the names of the - * objects pointed to by the handles. For most objects, this is simply - * the actual 4 byte handle or an empty buf (in these cases @name - * should be NULL) but for volatile objects, permanent objects and NV - * areas, the name is defined as the hash (according to the name - * algorithm which should be set to sha256) of the public area to - * which the two byte algorithm id has been appended. For these - * objects, the @name pointer should point to this. If a name is - * required but @name is NULL, then TPM2_ReadPublic() will be called - * on the handle to obtain the name. - * - * As with most tpm_buf operations, success is assumed because failure - * will be caused by an incorrect programming model and indicated by a - * kernel message. - */ -void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, - u32 handle, u8 *name) -{ - enum tpm2_mso_type mso = tpm2_handle_mso(handle); - struct tpm2_auth *auth = chip->auth; - int slot; - - slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE)/4; - if (slot >= AUTH_MAX_NAMES) { - dev_err(&chip->dev, "TPM: too many handles\n"); - return; - } - WARN(auth->session != tpm_buf_length(buf), - "name added in wrong place\n"); - tpm_buf_append_u32(buf, handle); - auth->session += 4; - - if (mso == TPM2_MSO_PERSISTENT || - mso == TPM2_MSO_VOLATILE || - mso == TPM2_MSO_NVRAM) { - if (!name) - tpm2_read_public(chip, handle, auth->name[slot]); - } else { - if (name) - dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); - } - - auth->name_h[slot] = handle; - if (name) - memcpy(auth->name[slot], name, name_size(name)); -} -EXPORT_SYMBOL(tpm_buf_append_name); - /** * tpm_buf_check_hmac_response() - check the TPM return HMAC for correctness * @chip: the TPM chip structure @@ -1311,3 +1319,4 @@ int tpm2_sessions_init(struct tpm_chip *chip) return rc; } +#endif /* CONFIG_TCG_TPM2_HMAC */ diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 21a67dc9efe8..2844fea4a12a 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -211,8 +211,8 @@ struct tpm_chip { u8 null_key_name[TPM2_NAME_SIZE]; u8 null_ec_key_x[EC_PT_SZ]; u8 null_ec_key_y[EC_PT_SZ]; - struct tpm2_auth *auth; #endif + struct tpm2_auth *auth; }; #define TPM_HEADER_SIZE 10 @@ -490,11 +490,13 @@ static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle) { } #endif -#ifdef CONFIG_TCG_TPM2_HMAC -int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, u32 handle, u8 *name); + +#ifdef CONFIG_TCG_TPM2_HMAC + +int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen); @@ -521,14 +523,6 @@ static inline int tpm2_start_auth_session(struct tpm_chip *chip) static inline void tpm2_end_auth_session(struct tpm_chip *chip) { } -static inline void tpm_buf_append_name(struct tpm_chip *chip, - struct tpm_buf *buf, - u32 handle, u8 *name) -{ - tpm_buf_append_u32(buf, handle); - /* count the number of handles in the upper bits of flags */ - buf->handles++; -} static inline void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, -- 2.45.2

10 months

3
5
0 0

[PATCH net 4/4] wireguard: send: annotate intentional data race in checking empty queue

by Jason A. Donenfeld

KCSAN reports a race in wg_packet_send_keepalive, which is intentional: BUG: KCSAN: data-race in wg_packet_send_keepalive / wg_packet_send_staged_packets write to 0xffff88814cd91280 of 8 bytes by task 3194 on cpu 0: __skb_queue_head_init include/linux/skbuff.h:2162 [inline] skb_queue_splice_init include/linux/skbuff.h:2248 [inline] wg_packet_send_staged_packets+0xe5/0xad0 drivers/net/wireguard/send.c:351 wg_xmit+0x5b8/0x660 drivers/net/wireguard/device.c:218 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3564 __dev_queue_xmit+0xeff/0x1d80 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x231/0x2a0 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0xa66/0xce0 net/ipv6/ip6_output.c:137 ip6_finish_output+0x1a5/0x490 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0xeb/0x220 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ndisc_send_skb+0x4a2/0x670 net/ipv6/ndisc.c:509 ndisc_send_rs+0x3ab/0x3e0 net/ipv6/ndisc.c:719 addrconf_dad_completed+0x640/0x8e0 net/ipv6/addrconf.c:4295 addrconf_dad_work+0x891/0xbc0 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706 worker_thread+0x525/0x730 kernel/workqueue.c:2787 kthread+0x1d7/0x210 kernel/kthread.c:388 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 read to 0xffff88814cd91280 of 8 bytes by task 3202 on cpu 1: skb_queue_empty include/linux/skbuff.h:1798 [inline] wg_packet_send_keepalive+0x20/0x100 drivers/net/wireguard/send.c:225 wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline] wg_packet_handshake_receive_worker+0x445/0x5e0 drivers/net/wireguard/receive.c:213 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706 worker_thread+0x525/0x730 kernel/workqueue.c:2787 kthread+0x1d7/0x210 kernel/kthread.c:388 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 value changed: 0xffff888148fef200 -> 0xffff88814cd91280 Mark this race as intentional by using the skb_queue_empty_lockless() function rather than skb_queue_empty(), which uses READ_ONCE() internally to annotate the race. Cc: stable(a)vger.kernel.org Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> --- drivers/net/wireguard/send.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireguard/send.c b/drivers/net/wireguard/send.c index 0d48e0f4a1ba..26e09c30d596 100644 --- a/drivers/net/wireguard/send.c +++ b/drivers/net/wireguard/send.c @@ -222,7 +222,7 @@ void wg_packet_send_keepalive(struct wg_peer *peer) { struct sk_buff *skb; - if (skb_queue_empty(&peer->staged_packet_queue)) { + if (skb_queue_empty_lockless(&peer->staged_packet_queue)) { skb = alloc_skb(DATA_PACKET_HEAD_ROOM + MESSAGE_MINIMUM_LENGTH, GFP_ATOMIC); if (unlikely(!skb)) -- 2.45.2

10 months

1
0
0 0

[PATCH net 3/4] wireguard: queueing: annotate intentional data race in cpu round robin

by Jason A. Donenfeld

KCSAN reports a race in the CPU round robin function, which, as the comment points out, is intentional: BUG: KCSAN: data-race in wg_packet_send_staged_packets / wg_packet_send_staged_packets read to 0xffff88811254eb28 of 4 bytes by task 3160 on cpu 1: wg_cpumask_next_online drivers/net/wireguard/queueing.h:127 [inline] wg_queue_enqueue_per_device_and_peer drivers/net/wireguard/queueing.h:173 [inline] wg_packet_create_data drivers/net/wireguard/send.c:320 [inline] wg_packet_send_staged_packets+0x60e/0xac0 drivers/net/wireguard/send.c:388 wg_packet_send_keepalive+0xe2/0x100 drivers/net/wireguard/send.c:239 wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline] wg_packet_handshake_receive_worker+0x449/0x5f0 drivers/net/wireguard/receive.c:213 process_one_work kernel/workqueue.c:3248 [inline] process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3329 worker_thread+0x526/0x720 kernel/workqueue.c:3409 kthread+0x1d1/0x210 kernel/kthread.c:389 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 write to 0xffff88811254eb28 of 4 bytes by task 3158 on cpu 0: wg_cpumask_next_online drivers/net/wireguard/queueing.h:130 [inline] wg_queue_enqueue_per_device_and_peer drivers/net/wireguard/queueing.h:173 [inline] wg_packet_create_data drivers/net/wireguard/send.c:320 [inline] wg_packet_send_staged_packets+0x6e5/0xac0 drivers/net/wireguard/send.c:388 wg_packet_send_keepalive+0xe2/0x100 drivers/net/wireguard/send.c:239 wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline] wg_packet_handshake_receive_worker+0x449/0x5f0 drivers/net/wireguard/receive.c:213 process_one_work kernel/workqueue.c:3248 [inline] process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3329 worker_thread+0x526/0x720 kernel/workqueue.c:3409 kthread+0x1d1/0x210 kernel/kthread.c:389 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 value changed: 0xffffffff -> 0x00000000 Mark this race as intentional by using READ/WRITE_ONCE(). Cc: stable(a)vger.kernel.org Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> --- drivers/net/wireguard/queueing.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h index 1ea4f874e367..7eb76724b3ed 100644 --- a/drivers/net/wireguard/queueing.h +++ b/drivers/net/wireguard/queueing.h @@ -124,10 +124,10 @@ static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) */ static inline int wg_cpumask_next_online(int *last_cpu) { - int cpu = cpumask_next(*last_cpu, cpu_online_mask); + int cpu = cpumask_next(READ_ONCE(*last_cpu), cpu_online_mask); if (cpu >= nr_cpu_ids) cpu = cpumask_first(cpu_online_mask); - *last_cpu = cpu; + WRITE_ONCE(*last_cpu, cpu); return cpu; } -- 2.45.2

10 months

1
0
0 0

[PATCH net 2/4] wireguard: allowedips: avoid unaligned 64-bit memory accesses

by Jason A. Donenfeld

From: Helge Deller <deller(a)kernel.org> On the parisc platform, the kernel issues kernel warnings because swap_endian() tries to load a 128-bit IPv6 address from an unaligned memory location: Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc) Avoid such unaligned memory accesses by instead using the get_unaligned_be64() helper macro. Signed-off-by: Helge Deller <deller(a)gmx.de> [Jason: replace src[8] in original patch with src+8] Cc: stable(a)vger.kernel.org Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> --- drivers/net/wireguard/allowedips.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireguard/allowedips.c b/drivers/net/wireguard/allowedips.c index 0ba714ca5185..4b8528206cc8 100644 --- a/drivers/net/wireguard/allowedips.c +++ b/drivers/net/wireguard/allowedips.c @@ -15,8 +15,8 @@ static void swap_endian(u8 *dst, const u8 *src, u8 bits) if (bits == 32) { *(u32 *)dst = be32_to_cpu(*(const __be32 *)src); } else if (bits == 128) { - ((u64 *)dst)[0] = be64_to_cpu(((const __be64 *)src)[0]); - ((u64 *)dst)[1] = be64_to_cpu(((const __be64 *)src)[1]); + ((u64 *)dst)[0] = get_unaligned_be64(src); + ((u64 *)dst)[1] = get_unaligned_be64(src + 8); } } -- 2.45.2

10 months

1
0
0 0

[PATCH net 1/4] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU

by Jason A. Donenfeld

QEMU 9.0 removed -no-acpi, in favor of machine properties, so update the Makefile to use the correct QEMU invocation. Cc: stable(a)vger.kernel.org Fixes: b83fdcd9fb8a ("wireguard: selftests: use microvm on x86") Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> --- tools/testing/selftests/wireguard/qemu/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/wireguard/qemu/Makefile b/tools/testing/selftests/wireguard/qemu/Makefile index e95bd56b332f..35856b11c143 100644 --- a/tools/testing/selftests/wireguard/qemu/Makefile +++ b/tools/testing/selftests/wireguard/qemu/Makefile @@ -109,9 +109,9 @@ KERNEL_ARCH := x86_64 KERNEL_BZIMAGE := $(KERNEL_BUILD_PATH)/arch/x86/boot/bzImage QEMU_VPORT_RESULT := virtio-serial-device ifeq ($(HOST_ARCH),$(ARCH)) -QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off -no-acpi +QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off,acpi=off else -QEMU_MACHINE := -cpu max -machine microvm -no-acpi +QEMU_MACHINE := -cpu max -machine microvm,acpi=off endif else ifeq ($(ARCH),i686) CHOST := i686-linux-musl @@ -120,9 +120,9 @@ KERNEL_ARCH := x86 KERNEL_BZIMAGE := $(KERNEL_BUILD_PATH)/arch/x86/boot/bzImage QEMU_VPORT_RESULT := virtio-serial-device ifeq ($(subst x86_64,i686,$(HOST_ARCH)),$(ARCH)) -QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off -no-acpi +QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off,acpi=off else -QEMU_MACHINE := -cpu coreduo -machine microvm -no-acpi +QEMU_MACHINE := -cpu coreduo -machine microvm,acpi=off endif else ifeq ($(ARCH),mips64) CHOST := mips64-linux-musl -- 2.45.2

10 months

1
0
0 0

[PATCH 8/8] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB

by Krishna Kurapati

For Gen-1 targets like SDM845, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SDM845 to mitigate this issue. Cc: <stable(a)vger.kernel.org> Fixes: ca4db2b538a1 ("arm64: dts: qcom: sdm845: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi index 23b101bb3842..54077549b9da 100644 --- a/arch/arm64/boot/dts/qcom/sdm845.dtsi +++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi @@ -4138,6 +4138,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0x740 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; @@ -4213,6 +4214,7 @@ usb_2_dwc3: usb@a800000 { iommus = <&apps_smmu 0x760 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_2_hsphy>, <&usb_2_qmpphy>; phy-names = "usb2-phy", "usb3-phy"; }; -- 2.34.1

10 months

1
0
0 0

[PATCH 7/8] arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB

by Krishna Kurapati

For Gen-1 targets like MSM8996, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for MSM8996 to mitigate this issue. Cc: <stable(a)vger.kernel.org> Fixes: 1e39255ed29d ("arm64: dts: msm8996: Add device node for qcom,dwc3") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/msm8996.dtsi b/arch/arm64/boot/dts/qcom/msm8996.dtsi index 2b20cedfe26c..0fd2b1b944a5 100644 --- a/arch/arm64/boot/dts/qcom/msm8996.dtsi +++ b/arch/arm64/boot/dts/qcom/msm8996.dtsi @@ -3101,6 +3101,7 @@ usb3_dwc3: usb@6a00000 { snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; snps,is-utmi-l1-suspend; + snps,parkmode-disable-ss-quirk; tx-fifo-resize; }; }; -- 2.34.1

10 months

1
0
0 0

[PATCH 6/8] arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for USB

by Krishna Kurapati

For Gen-1 targets like SM6350, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SM6350 to mitigate this issue. Cc: <stable(a)vger.kernel.org> Fixes: 23737b9557fe ("arm64: dts: qcom: sm6350: Add USB1 nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- arch/arm64/boot/dts/qcom/sm6350.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/sm6350.dtsi b/arch/arm64/boot/dts/qcom/sm6350.dtsi index 46e122c4421c..84009b74aee7 100644 --- a/arch/arm64/boot/dts/qcom/sm6350.dtsi +++ b/arch/arm64/boot/dts/qcom/sm6350.dtsi @@ -1921,6 +1921,7 @@ usb_1_dwc3: usb@a600000 { snps,dis_enblslpm_quirk; snps,has-lpm-erratum; snps,hird-threshold = /bits/ 8 <0x10>; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; usb-role-switch; -- 2.34.1

10 months

1
0
0 0

[PATCH 5/8] arm64: dts: qcom: sm6115: Disable SS instance in Parkmode for USB

by Krishna Kurapati

For Gen-1 targets like SM6115, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SM6115 to mitigate this issue. Cc: <stable(a)vger.kernel.org> Fixes: 97e563bf5ba1 ("arm64: dts: qcom: sm6115: Add basic soc dtsi") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- arch/arm64/boot/dts/qcom/sm6115.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/sm6115.dtsi b/arch/arm64/boot/dts/qcom/sm6115.dtsi index 48ccd6fa8a11..e374733f3b85 100644 --- a/arch/arm64/boot/dts/qcom/sm6115.dtsi +++ b/arch/arm64/boot/dts/qcom/sm6115.dtsi @@ -1660,6 +1660,7 @@ usb_dwc3: usb@4e00000 { snps,has-lpm-erratum; snps,hird-threshold = /bits/ 8 <0x10>; snps,usb3_lpm_capable; + snps,parkmode-disable-ss-quirk; usb-role-switch; -- 2.34.1

10 months

1
0
0 0

[PATCH 4/8] arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB

by Krishna Kurapati

For Gen-1 targets like SDM630, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SDM630 to mitigate this issue. Cc: <stable(a)vger.kernel.org> Fixes: c65a4ed2ea8b ("arm64: dts: qcom: sdm630: Add USB configuration") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/sdm630.dtsi b/arch/arm64/boot/dts/qcom/sdm630.dtsi index 94057ebf767f..c7e3764a8cf3 100644 --- a/arch/arm64/boot/dts/qcom/sdm630.dtsi +++ b/arch/arm64/boot/dts/qcom/sdm630.dtsi @@ -1302,6 +1302,7 @@ usb3_dwc3: usb@a800000 { interrupts = <GIC_SPI 131 IRQ_TYPE_LEVEL_HIGH>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&qusb2phy0>, <&usb3_qmpphy>; phy-names = "usb2-phy", "usb3-phy"; -- 2.34.1

10 months

1
0
0 0

[PATCH 3/8] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB

by Krishna Kurapati

For Gen-1 targets like MSM8998, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for MSM8998 to mitigate this issue. Cc: <stable(a)vger.kernel.org> Fixes: 026dad8f5873 ("arm64: dts: qcom: msm8998: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/msm8998.dtsi b/arch/arm64/boot/dts/qcom/msm8998.dtsi index 3c94d823a514..6d5e1c7b2da5 100644 --- a/arch/arm64/boot/dts/qcom/msm8998.dtsi +++ b/arch/arm64/boot/dts/qcom/msm8998.dtsi @@ -2144,6 +2144,7 @@ usb3_dwc3: usb@a800000 { interrupts = <GIC_SPI 131 IRQ_TYPE_LEVEL_HIGH>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&qusb2phy>, <&usb3phy>; phy-names = "usb2-phy", "usb3-phy"; snps,has-lpm-erratum; -- 2.34.1

10 months

1
0
0 0

[PATCH 2/8] arm64: dts: ipq8074: Disable SS instance in Parkmode for USB

by Krishna Kurapati

For Gen-1 targets like IPQ8074, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for IPQ8074 to mitigate this issue. Cc: <stable(a)vger.kernel.org> Fixes: 5e09bc51d07b ("arm64: dts: ipq8074: enable USB support") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/ipq8074.dtsi b/arch/arm64/boot/dts/qcom/ipq8074.dtsi index 92682d3c9478..284a4553070f 100644 --- a/arch/arm64/boot/dts/qcom/ipq8074.dtsi +++ b/arch/arm64/boot/dts/qcom/ipq8074.dtsi @@ -666,6 +666,7 @@ dwc_0: usb@8a00000 { interrupts = <GIC_SPI 140 IRQ_TYPE_LEVEL_HIGH>; phys = <&qusb_phy_0>, <&ssphy_0>; phy-names = "usb2-phy", "usb3-phy"; + snps,parkmode-disable-ss-quirk; snps,is-utmi-l1-suspend; snps,hird-threshold = /bits/ 8 <0x0>; snps,dis_u2_susphy_quirk; @@ -715,6 +716,7 @@ dwc_1: usb@8c00000 { interrupts = <GIC_SPI 99 IRQ_TYPE_LEVEL_HIGH>; phys = <&qusb_phy_1>, <&ssphy_1>; phy-names = "usb2-phy", "usb3-phy"; + snps,parkmode-disable-ss-quirk; snps,is-utmi-l1-suspend; snps,hird-threshold = /bits/ 8 <0x0>; snps,dis_u2_susphy_quirk; -- 2.34.1

10 months

1
0
0 0

[PATCH 1/8] arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB

by Krishna Kurapati

For Gen-1 targets like IPQ6018, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for IPQ6018 to mitigate this issue. Cc: <stable(a)vger.kernel.org> Fixes: 20bb9e3dd2e4 ("arm64: dts: qcom: ipq6018: add usb3 DT description") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- arch/arm64/boot/dts/qcom/ipq6018.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/ipq6018.dtsi b/arch/arm64/boot/dts/qcom/ipq6018.dtsi index b3b98f050cfd..e1e45da7f787 100644 --- a/arch/arm64/boot/dts/qcom/ipq6018.dtsi +++ b/arch/arm64/boot/dts/qcom/ipq6018.dtsi @@ -704,6 +704,7 @@ dwc_0: usb@8a00000 { clocks = <&xo>; clock-names = "ref"; tx-fifo-resize; + snps,parkmode-disable-ss-quirk; snps,is-utmi-l1-suspend; snps,hird-threshold = /bits/ 8 <0x0>; snps,dis_u2_susphy_quirk; -- 2.34.1

10 months

1
0
0 0

[PATCH 6.6 000/163] 6.6.37-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.37 release. There are 163 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Jul 2024 17:01:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.37-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.37-rc1 Yao Xingtao <yaoxt.fnst(a)fujitsu.com> cxl/region: check interleave capability Alison Schofield <alison.schofield(a)intel.com> cxl/region: Avoid null pointer dereference in region lookup Alison Schofield <alison.schofield(a)intel.com> cxl/region: Move cxl_dpa_to_region() work to the region driver Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Add sound-dai-cells for RK3368 FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: make poweroff(8) work on Radxa ROCK 5A Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch on rk3399-gru Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Rename LED related pinctrl nodes on rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s yangge <yangge1116(a)126.com> mm/page_alloc: Separate THP PCP into movable and non-movable categories Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "cpufreq: amd-pstate: Fix the inconsistency in max frequency units" Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Refuse too small period requests Jingbo Xu <jefflexu(a)linux.alibaba.com> erofs: fix NULL dereference of dif->bdev_handle in fscache mode Arnd Bergmann <arnd(a)arndb.de> syscalls: fix sys_fanotify_mark prototype Arnd Bergmann <arnd(a)arndb.de> syscalls: fix compat_sys_io_pgetevents_time64 usage Arnd Bergmann <arnd(a)arndb.de> ftruncate: pass a signed offset Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix double free on error Niklas Cassel <cassel(a)kernel.org> ata: ahci: Clean up sysfs file on error Vitor Soares <vitor.soares(a)toradex.com> can: mcp251xfd: fix infinite loop when xmit fails Sven Eckelmann <sven(a)narfation.org> batman-adv: Don't accept TT entries for out-of-spec VIDs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: fix parsing of vram_info Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix potential UAF by revoke of fence registers Julia Zhang <julia.zhang(a)amd.com> drm/amdgpu: avoid using null object of framebuffer Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-dma: Only set smem_start is enable per module option Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes Jann Horn <jannh(a)google.com> drm/drm_file: Fix pid refcounting race Arnd Bergmann <arnd(a)arndb.de> hexagon: fix fadvise64_64 calling conventions Arnd Bergmann <arnd(a)arndb.de> csky, hexagon: fix broken sys_sync_file_range Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix initial free space detection Arnd Bergmann <arnd(a)arndb.de> sh: rework sync_file_range ABI Dragan Simic <dsimic(a)manjaro.org> kbuild: Install dtb files as 0644 in Makefile.dtbinst Huacai Chen <chenhuacai(a)kernel.org> irqchip/loongson-liointc: Set different ISRs for different cores Yuntao Wang <ytcoode(a)gmail.com> cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() Huacai Chen <chenhuacai(a)kernel.org> irqchip/loongson-eiointc: Use early_cpu_to_node() instead of cpu_to_node() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing Mostafa Saleh <smostafa(a)google.com> PCI/MSI: Fix UAF in msi_capability_init Oleksij Rempel <o.rempel(a)pengutronix.de> net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oleksij Rempel <o.rempel(a)pengutronix.de> net: can: j1939: recover socket queue on CAN bus error during BAM transmission Shigeru Yoshida <syoshida(a)redhat.com> net: can: j1939: Initialize unused data in j1939_send_one() Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> tty: mcf: MCF54418 has 10 UARTS Dirk Su <dirk.su(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665 G11. Jonas Gorski <jonas.gorski(a)gmail.com> serial: bcm63xx-uart: fix tx after conversion to uart_port_tx_limited() Jonas Gorski <jonas.gorski(a)gmail.com> serial: core: introduce uart_port_tx_limited_flags() Stefan Eichenberger <stefan.eichenberger(a)toradex.com> serial: imx: set receiver level before starting uart Udit Kumar <u-kumar1(a)ti.com> serial: 8250_omap: Implementation of Errata i2310 Doug Brown <doug(a)schmorgal.com> Revert "serial: core: only stop transmit when HW fifo is empty" Jos Wang <joswang(a)lenovo.com> usb: dwc3: core: Workaround for CSR read timeout Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: core: Add DWC31 version 2.00a controller Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: ucsi: stm32: fix command completion handling Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: ucsi: glink: fix child node release in probe function Jeremy Kerr <jk(a)codeconstruct.com.au> usb: gadget: aspeed_udc: fix device address configuration Meng Li <Meng.Li(a)windriver.com> usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix endpoint checking in cxacru_bind() Dan Carpenter <dan.carpenter(a)linaro.org> usb: musb: da8xx: fix a resource leak in probe() Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: fix races against disable Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: SS+ support Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: improve link status logs Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix sensor data read operation Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix overflows in compensate() functions Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix calibration data variable Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix pressure value output Alexander Sverdlin <alexander.sverdlin(a)siemens.com> iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF Fernando Yang <hagisf(a)usp.br> iio: adc: ad7266: Fix variable checking bug Niklas Cassel <cassel(a)kernel.org> ata,scsi: libata-core: Do not leak memory for ata_port struct members Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix null pointer dereference on error Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: discard write requests while old command is running Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: don't erase registers after STOP Thayne Harbaugh <thayne(a)mastodonlabs.com> kbuild: Fix build target deb-pkg: ln: failed to create hard link Mark-PK Tsai <mark-pk.tsai(a)mediatek.com> kbuild: doc: Update default INSTALL_MOD_DIR from extra to updates David Lechner <dlechner(a)baylibre.com> counter: ti-eqep: enable clock at probe Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not invert write-protect twice Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Kamal Dasu <kamal.dasu(a)broadcom.com> mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci-o2micro: Convert PCIBIOS_* return codes to errnos Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> mm: fix incorrect vbq reference in purge_fragmented_block Christoph Hellwig <hch(a)lst.de> nfs: drop the incorrect assertion in nfs_swap_rw() Jan Kara <jack(a)suse.cz> ocfs2: fix DIO failure due to insufficient transaction credits Johan Hovold <johan+linaro(a)kernel.org> pinctrl: qcom: spmi-gpio: drop broken pm8008 support Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> Revert "MIPS: pci: lantiq: restore reset gpio polarity" Arnd Bergmann <arnd(a)arndb.de> parisc: use generic sys_fanotify_mark implementation Linus Torvalds <torvalds(a)linux-foundation.org> x86: stop playing stack games in profile_pc() Kees Cook <kees(a)kernel.org> randomize_kstack: Remove non-functional per-arch entropy filtering Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Andy Chiu <andy.chiu(a)sifive.com> riscv: stacktrace: convert arch_stack_walk() to noinstr Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix pci state save during mode-1 reset Jesse Taube <jesse(a)rivosinc.com> RISC-V: fix vector insn load/store width mask Aleksandr Mishin <amishin(a)t-argos.ru> gpio: davinci: Validate the obtained number of IRQs Liu Ying <victor.liu(a)nxp.com> drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Hannes Reinecke <hare(a)suse.de> nvme: fixup comment for nvme RDMA Provider Type Erick Archer <erick.archer(a)outlook.com> drm/radeon/radeon_display: Decrease the size of allocated memory Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix NULL pointer dereference in gfs2_log_flush Andrew Davis <afd(a)ti.com> soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Tiezhu Yang <yangtiezhu(a)loongson.cn> irqchip/loongson: Select GENERIC_IRQ_EFFECTIVE_AFF_MASK if SMP for IRQ_LOONGARCH_CPU Ricardo Ribalda <ribalda(a)chromium.org> media: dvbdev: Initialize sbuf Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emux: improve patch ioctl data validation Joachim Vandersmissen <git(a)jvdsn.com> crypto: ecdh - explicitly zeroize private_key Dawei Li <dawei.li(a)shingroup.cn> net/dpaa2: Avoid explicit cpumask var allocation on stack Dawei Li <dawei.li(a)shingroup.cn> net/iucv: Avoid explicit cpumask var allocation on stack Wenchao Hao <haowenchao2(a)huawei.com> RDMA/restrack: Fix potential invalid address access Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode Johannes Berg <johannes.berg(a)intel.com> wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() Denis Arefev <arefev(a)swemel.ru> mtd: partitions: redboot: Added conversion of operands to a larger type Uros Bizjak <ubizjak(a)gmail.com> x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup Maxime Coquelin <maxime.coquelin(a)redhat.com> vduse: Temporarily fail if control queue feature requested Maxime Coquelin <maxime.coquelin(a)redhat.com> vduse: validate block features only with block devices Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Christophe Leroy <christophe.leroy(a)csgroup.eu> bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() Christophe Leroy <christophe.leroy(a)csgroup.eu> bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() Ma Ke <make24(a)iscas.ac.cn> net: mana: Fix possible double free in error handling path Yunseong Kim <yskelg(a)gmail.com> tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix missing MSB in MIDI2 SPP conversion Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO Arnd Bergmann <arnd(a)arndb.de> powerpc: restore some missing spu syscalls Arnd Bergmann <arnd(a)arndb.de> parisc: use correct compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix old compat_sys_select() Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix wrong register write when masking interrupt Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix missing channel at encoding RPN/NRPN MIDI2 messages luoxuanqiang <luoxuanqiang(a)kylinos.cn> Fix race for duplicate reqsk on identical SYN Filipe Manana <fdmanana(a)suse.com> btrfs: use NOFS context when getting inodes during logging and log replay Jianguo Wu <wujianguo(a)chinatelecom.cn> netfilter: fix undefined reference to 'netfilter_lwtunnel_*' when CONFIG_SYSCTL=n Daniil Dulov <d.dulov(a)aladdin.ru> xdp: Remove WARN() from __xdp_reg_mem_model() Jan Sokolowski <jan.sokolowski(a)intel.com> ice: Rebuild TC queues on VSI queue reconfiguration Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: dsa: microchip: use collision based back pressure mode Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: phy: micrel: add Microchip KSZ 9477 to the device table Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Free any outstanding tx skbs during scrq reset Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix overrunning reservations in ringbuf Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems Xin Long <lucien.xin(a)gmail.com> openvswitch: get related ct labels from its master if it is not confirmed Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix initial port flush problem Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> ASoC: fsl-asoc-card: set priv->pdev before using it Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: add a null check for chip_pdev structure Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Add missing virt_to_phys() for directed DIBV Yonghong Song <yonghong.song(a)linux.dev> bpf: Add missed var_off setting in coerce_subreg_to_size_sx() Yonghong Song <yonghong.song(a)linux.dev> bpf: Add missed var_off setting in set_sext32_default_val() Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm-lpass-dai: close graph on prepare errors Wenchao Hao <haowenchao22(a)gmail.com> workqueue: Increase worker desc's length to 32 Andrei Simion <andrei.simion(a)microchip.com> ASoC: atmel: atmel-classd: Re-add dai_link->platform to fix card init Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: atmel: convert not to use asoc_xxx() Hsin-Te Yuan <yuanhsinte(a)chromium.org> ASoC: mediatek: mt8183-da7219-max98357: Fix kcontrol name collision Alibek Omarov <a1ba.omarov(a)gmail.com> ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: Use flexible array in struct ieee80211_tim_ie Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: userspace_pm: fixed subtest names Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: print_test out of verify_listener_events Martin Schiller <ms(a)dev.tdt.de> MIPS: pci: lantiq: restore reset gpio polarity Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: use dedicated pinctrl type for RK3328 Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins Hagar Hemdan <hagarhem(a)amazon.com> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER John Keeping <jkeeping(a)inmusicbrands.com> Input: ili210x - fix ili251x_read_touch_data() return value Jan Beulich <jbeulich(a)suse.com> x86/mm/numa: Use NUMA_NO_NODE when calling memblock_set_node() Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: Ack also failed Get Error commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Never send a lone connector change ack Adam Rizkalla <ajarizzo(a)gmail.com> iio: pressure: bmp280: Fix BMP580 temperature reading Li peiyu <579lpy(a)gmail.com> iio: pressure: fix some word spelling errors ------------- Diffstat: Documentation/kbuild/modules.rst | 8 +- Makefile | 4 +- arch/arm/boot/dts/rockchip/rk3066a.dtsi | 1 + arch/arm/net/bpf_jit_32.c | 25 ++- arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 18 +- arch/arm64/boot/dts/rockchip/rk3328-rock-pi-e.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 + arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3588s-rock-5a.dts | 1 + arch/arm64/include/asm/unistd32.h | 2 +- arch/arm64/kernel/syscall.c | 16 +- arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/asm/syscalls.h | 6 + arch/hexagon/include/uapi/asm/unistd.h | 1 + arch/hexagon/kernel/syscalltab.c | 7 + arch/loongarch/net/bpf_jit.c | 22 +- arch/mips/kernel/syscalls/syscall_n32.tbl | 2 +- arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/mips/net/bpf_jit_comp.c | 3 +- arch/parisc/Kconfig | 1 + arch/parisc/kernel/sys_parisc32.c | 9 - arch/parisc/kernel/syscalls/syscall.tbl | 6 +- arch/parisc/net/bpf_jit_core.c | 8 +- arch/powerpc/kernel/syscalls/syscall.tbl | 6 +- arch/riscv/include/asm/insn.h | 2 +- arch/riscv/kernel/stacktrace.c | 2 +- arch/s390/include/asm/entry-common.h | 2 +- arch/s390/kernel/syscalls/syscall.tbl | 2 +- arch/s390/net/bpf_jit_comp.c | 6 +- arch/s390/pci/pci_irq.c | 2 +- arch/sh/kernel/sys_sh32.c | 11 + arch/sh/kernel/syscalls/syscall.tbl | 3 +- arch/sparc/kernel/sys32.S | 221 --------------------- arch/sparc/kernel/syscalls/syscall.tbl | 8 +- arch/sparc/net/bpf_jit_comp_64.c | 6 +- arch/x86/entry/syscalls/syscall_32.tbl | 2 +- arch/x86/include/asm/entry-common.h | 15 +- arch/x86/kernel/fpu/core.c | 4 +- arch/x86/kernel/time.c | 20 +- arch/x86/mm/numa.c | 6 +- arch/x86/net/bpf_jit_comp32.c | 3 +- crypto/ecdh.c | 2 + drivers/ata/ahci.c | 17 +- drivers/ata/libata-core.c | 29 ++- drivers/counter/ti-eqep.c | 6 + drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/intel_pstate.c | 13 +- drivers/cxl/core/core.h | 7 + drivers/cxl/core/hdm.c | 13 ++ drivers/cxl/core/memdev.c | 44 ---- drivers/cxl/core/region.c | 137 +++++++++++++ drivers/cxl/cxl.h | 2 + drivers/cxl/cxlmem.h | 10 + drivers/gpio/gpio-davinci.c | 5 + drivers/gpio/gpiolib-cdev.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 18 +- .../display/dc/link/protocols/link_dp_capability.c | 10 +- drivers/gpu/drm/amd/display/include/dpcd_defs.h | 5 + drivers/gpu/drm/drm_fb_helper.c | 6 +- drivers/gpu/drm/drm_fbdev_dma.c | 5 +- drivers/gpu/drm/drm_file.c | 8 +- drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 + drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 + drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 +- drivers/gpu/drm/panel/panel-simple.c | 1 + drivers/gpu/drm/radeon/radeon.h | 1 - drivers/gpu/drm/radeon/radeon_display.c | 8 +- drivers/i2c/i2c-slave-testunit.c | 5 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad7266.c | 2 + drivers/iio/adc/xilinx-ams.c | 8 +- drivers/iio/chemical/bme680.h | 2 + drivers/iio/chemical/bme680_core.c | 62 +++++- drivers/iio/pressure/bmp280-core.c | 14 +- drivers/iio/pressure/bmp280.h | 2 +- drivers/infiniband/core/restrack.c | 51 +---- drivers/input/touchscreen/ili210x.c | 4 +- drivers/irqchip/Kconfig | 2 +- drivers/irqchip/irq-loongson-eiointc.c | 5 +- drivers/irqchip/irq-loongson-liointc.c | 4 +- drivers/media/dvb-core/dvbdev.c | 2 +- drivers/mmc/host/sdhci-brcmstb.c | 4 + drivers/mmc/host/sdhci-pci-core.c | 11 +- drivers/mmc/host/sdhci-pci-o2micro.c | 41 ++-- drivers/mmc/host/sdhci.c | 25 ++- drivers/mtd/parsers/redboot.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 14 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 55 ++++- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 5 + drivers/net/dsa/microchip/ksz9477.c | 10 +- drivers/net/dsa/microchip/ksz9477_reg.h | 1 + drivers/net/dsa/microchip/ksz_common.c | 2 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 +- drivers/net/ethernet/ibm/ibmvnic.c | 6 + drivers/net/ethernet/intel/ice/ice_main.c | 10 +- .../net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 20 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 2 + drivers/net/phy/micrel.c | 1 + drivers/net/usb/ax88179_178a.c | 6 +- drivers/pci/msi/msi.c | 10 +- drivers/pinctrl/core.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 68 ++++++- drivers/pinctrl/pinctrl-rockchip.h | 1 + drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 1 - drivers/pwm/pwm-stm32.c | 3 + drivers/scsi/libsas/sas_ata.c | 6 +- drivers/scsi/libsas/sas_discover.c | 2 +- drivers/soc/ti/wkup_m3_ipc.c | 7 +- drivers/tty/serial/8250/8250_omap.c | 25 ++- drivers/tty/serial/bcm63xx_uart.c | 7 +- drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/mcf.c | 2 +- drivers/usb/atm/cxacru.c | 14 ++ drivers/usb/dwc3/core.c | 26 ++- drivers/usb/dwc3/core.h | 1 + drivers/usb/gadget/function/f_printer.c | 40 +++- drivers/usb/gadget/udc/aspeed_udc.c | 4 +- drivers/usb/musb/da8xx.c | 8 +- drivers/usb/typec/ucsi/ucsi.c | 55 +++-- drivers/usb/typec/ucsi/ucsi_glink.c | 5 +- drivers/usb/typec/ucsi/ucsi_stm32g0.c | 19 +- drivers/vdpa/vdpa_user/vduse_dev.c | 14 +- fs/btrfs/free-space-cache.c | 2 +- fs/btrfs/tree-log.c | 43 ++-- fs/erofs/data.c | 5 +- fs/gfs2/log.c | 3 +- fs/gfs2/super.c | 4 + fs/nfs/direct.c | 2 - fs/ocfs2/aops.c | 5 + fs/ocfs2/journal.c | 17 ++ fs/ocfs2/journal.h | 2 + fs/ocfs2/ocfs2_trace.h | 2 + fs/open.c | 4 +- include/linux/compat.h | 2 +- include/linux/filter.h | 10 +- include/linux/ieee80211.h | 15 +- include/linux/libata.h | 1 + include/linux/mmzone.h | 9 +- include/linux/nvme.h | 4 +- include/linux/serial_core.h | 21 +- include/linux/syscalls.h | 8 +- include/linux/workqueue.h | 2 +- include/net/inet_connection_sock.h | 2 +- include/net/netfilter/nf_tables.h | 5 + include/trace/events/qdisc.h | 2 +- include/uapi/asm-generic/unistd.h | 2 +- kernel/bpf/core.c | 6 +- kernel/bpf/ringbuf.c | 31 ++- kernel/bpf/verifier.c | 10 +- kernel/cpu.c | 8 +- kernel/sys_ni.c | 2 +- mm/page_alloc.c | 9 +- mm/vmalloc.c | 21 +- net/batman-adv/originator.c | 27 +++ net/can/j1939/main.c | 6 +- net/can/j1939/transport.c | 21 +- net/core/xdp.c | 4 +- net/dccp/ipv4.c | 7 +- net/dccp/ipv6.c | 7 +- net/ipv4/inet_connection_sock.c | 17 +- net/ipv4/tcp_input.c | 45 +++-- net/iucv/iucv.c | 26 ++- net/netfilter/nf_hooks_lwtunnel.c | 3 + net/netfilter/nf_tables_api.c | 8 +- net/netfilter/nft_lookup.c | 3 +- net/openvswitch/conntrack.c | 7 +- scripts/Makefile.dtbinst | 2 +- scripts/Makefile.package | 2 +- sound/core/seq/seq_ump_convert.c | 10 +- sound/pci/hda/patch_realtek.c | 3 + sound/soc/amd/acp/acp-i2s.c | 8 - sound/soc/amd/acp/acp-pci.c | 10 +- sound/soc/atmel/atmel-classd.c | 17 +- sound/soc/atmel/atmel-pcm-dma.c | 8 +- sound/soc/atmel/atmel-pcm-pdc.c | 4 +- sound/soc/atmel/atmel-pdmic.c | 12 +- sound/soc/atmel/atmel_wm8904.c | 4 +- sound/soc/atmel/mikroe-proto.c | 2 +- sound/soc/atmel/sam9g20_wm8731.c | 2 +- sound/soc/atmel/sam9x5_wm8731.c | 2 +- sound/soc/fsl/fsl-asoc-card.c | 3 +- sound/soc/mediatek/mt8183/mt8183-da7219-max98357.c | 10 +- sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 32 +-- sound/soc/rockchip/rockchip_i2s_tdm.c | 13 +- sound/synth/emux/soundfont.c | 17 +- tools/testing/cxl/test/cxl.c | 4 + tools/testing/selftests/net/mptcp/userspace_pm.sh | 50 +++-- 189 files changed, 1374 insertions(+), 859 deletions(-)

10 months

13
177
0 0

[PATCH] ASoC: codecs: wcd939x: Fix typec mux and switch leak during device removal

by Krzysztof Kozlowski

Driver does not unregister typec structures (typec_mux_dev and typec_switch_desc) during removal leading to leaks. Fix this by moving typec registering parts to separate function and using devm interface to release them. This also makes code a bit simpler: - Smaller probe() function with less error paths and no #ifdefs, - No need to store typec_mux_dev and typec_switch_desc in driver state container structure. Cc: <stable(a)vger.kernel.org> Fixes: 10f514bd172a ("ASoC: codecs: Add WCD939x Codec driver") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Not tested on hardware. --- sound/soc/codecs/wcd939x.c | 113 ++++++++++++++++++++++--------------- 1 file changed, 66 insertions(+), 47 deletions(-) diff --git a/sound/soc/codecs/wcd939x.c b/sound/soc/codecs/wcd939x.c index 72d8a6a35052..28cb74f6f330 100644 --- a/sound/soc/codecs/wcd939x.c +++ b/sound/soc/codecs/wcd939x.c @@ -181,8 +181,6 @@ struct wcd939x_priv { /* typec handling */ bool typec_analog_mux; #if IS_ENABLED(CONFIG_TYPEC) - struct typec_mux_dev *typec_mux; - struct typec_switch_dev *typec_sw; enum typec_orientation typec_orientation; unsigned long typec_mode; struct typec_switch *typec_switch; @@ -3519,6 +3517,68 @@ static const struct component_master_ops wcd939x_comp_ops = { .unbind = wcd939x_unbind, }; +static void __maybe_unused wcd939x_typec_mux_unregister(void *data) +{ + struct typec_mux_dev *typec_mux = data; + + typec_mux_unregister(typec_mux); +} + +static void __maybe_unused wcd939x_typec_switch_unregister(void *data) +{ + struct typec_switch_dev *typec_sw = data; + + typec_switch_unregister(typec_sw); +} + +static int wcd939x_add_typec(struct wcd939x_priv *wcd939x, struct device *dev) +{ +#if IS_ENABLED(CONFIG_TYPEC) + int ret; + struct typec_mux_dev *typec_mux; + struct typec_switch_dev *typec_sw; + struct typec_mux_desc mux_desc = { + .drvdata = wcd939x, + .fwnode = dev_fwnode(dev), + .set = wcd939x_typec_mux_set, + }; + struct typec_switch_desc sw_desc = { + .drvdata = wcd939x, + .fwnode = dev_fwnode(dev), + .set = wcd939x_typec_switch_set, + }; + + /* + * Is USBSS is used to mux analog lines, + * register a typec mux/switch to get typec events + */ + if (!wcd939x->typec_analog_mux) + return 0; + + typec_mux = typec_mux_register(dev, &mux_desc); + if (IS_ERR(typec_mux)) + return dev_err_probe(dev, PTR_ERR(typec_mux), + "failed to register typec mux\n"); + + ret = devm_add_action_or_reset(dev, wcd939x_typec_mux_unregister, + typec_mux); + if (ret) + return ret; + + typec_sw = typec_switch_register(dev, &sw_desc); + if (IS_ERR(typec_sw)) + return dev_err_probe(dev, PTR_ERR(typec_sw), + "failed to register typec switch\n"); + + ret = devm_add_action_or_reset(dev, wcd939x_typec_switch_unregister, + typec_sw); + if (ret) + return ret; +#endif + + return 0; +} + static int wcd939x_add_slave_components(struct wcd939x_priv *wcd939x, struct device *dev, struct component_match **matchptr) @@ -3567,42 +3627,13 @@ static int wcd939x_probe(struct platform_device *pdev) return -EINVAL; } -#if IS_ENABLED(CONFIG_TYPEC) - /* - * Is USBSS is used to mux analog lines, - * register a typec mux/switch to get typec events - */ - if (wcd939x->typec_analog_mux) { - struct typec_mux_desc mux_desc = { - .drvdata = wcd939x, - .fwnode = dev_fwnode(dev), - .set = wcd939x_typec_mux_set, - }; - struct typec_switch_desc sw_desc = { - .drvdata = wcd939x, - .fwnode = dev_fwnode(dev), - .set = wcd939x_typec_switch_set, - }; - - wcd939x->typec_mux = typec_mux_register(dev, &mux_desc); - if (IS_ERR(wcd939x->typec_mux)) { - ret = dev_err_probe(dev, PTR_ERR(wcd939x->typec_mux), - "failed to register typec mux\n"); - goto err_disable_regulators; - } - - wcd939x->typec_sw = typec_switch_register(dev, &sw_desc); - if (IS_ERR(wcd939x->typec_sw)) { - ret = dev_err_probe(dev, PTR_ERR(wcd939x->typec_sw), - "failed to register typec switch\n"); - goto err_unregister_typec_mux; - } - } -#endif /* CONFIG_TYPEC */ + ret = wcd939x_add_typec(wcd939x, dev); + if (ret) + goto err_disable_regulators; ret = wcd939x_add_slave_components(wcd939x, dev, &match); if (ret) - goto err_unregister_typec_switch; + goto err_disable_regulators; wcd939x_reset(wcd939x); @@ -3619,18 +3650,6 @@ static int wcd939x_probe(struct platform_device *pdev) return 0; -#if IS_ENABLED(CONFIG_TYPEC) -err_unregister_typec_mux: - if (wcd939x->typec_analog_mux) - typec_mux_unregister(wcd939x->typec_mux); -#endif /* CONFIG_TYPEC */ - -err_unregister_typec_switch: -#if IS_ENABLED(CONFIG_TYPEC) - if (wcd939x->typec_analog_mux) - typec_switch_unregister(wcd939x->typec_sw); -#endif /* CONFIG_TYPEC */ - err_disable_regulators: regulator_bulk_disable(WCD939X_MAX_SUPPLY, wcd939x->supplies); regulator_bulk_free(WCD939X_MAX_SUPPLY, wcd939x->supplies); -- 2.43.0

10 months

3
2
0 0

[PATCH 6.1 000/128] 6.1.97-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.97 release. There are 128 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Jul 2024 17:01:55 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.97-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.97-rc1 Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Add sound-dai-cells for RK3368 FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Rename LED related pinctrl nodes on rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s Ard Biesheuvel <ardb(a)kernel.org> efi/x86: Free EFI memory map only when installing a new one. Ard Biesheuvel <ardb(a)kernel.org> efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures Ard Biesheuvel <ardb(a)kernel.org> efi: memmap: Move manipulation routines into x86 arch tree Juntong Deng <juntong.deng(a)outlook.com> gfs2: Fix slab-use-after-free in gfs2_qd_dealloc yangge <yangge1116(a)126.com> mm/page_alloc: Separate THP PCP into movable and non-movable categories Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "cpufreq: amd-pstate: Fix the inconsistency in max frequency units" Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Refuse too small period requests Arnd Bergmann <arnd(a)arndb.de> syscalls: fix sys_fanotify_mark prototype Arnd Bergmann <arnd(a)arndb.de> syscalls: fix compat_sys_io_pgetevents_time64 usage Arnd Bergmann <arnd(a)arndb.de> ftruncate: pass a signed offset Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix double free on error Niklas Cassel <cassel(a)kernel.org> ata: ahci: Clean up sysfs file on error Vitor Soares <vitor.soares(a)toradex.com> can: mcp251xfd: fix infinite loop when xmit fails Sven Eckelmann <sven(a)narfation.org> batman-adv: Don't accept TT entries for out-of-spec VIDs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: fix parsing of vram_info Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix potential UAF by revoke of fence registers Julia Zhang <julia.zhang(a)amd.com> drm/amdgpu: avoid using null object of framebuffer Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes Arnd Bergmann <arnd(a)arndb.de> hexagon: fix fadvise64_64 calling conventions Arnd Bergmann <arnd(a)arndb.de> csky, hexagon: fix broken sys_sync_file_range Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix initial free space detection Arnd Bergmann <arnd(a)arndb.de> sh: rework sync_file_range ABI Dragan Simic <dsimic(a)manjaro.org> kbuild: Install dtb files as 0644 in Makefile.dtbinst Huacai Chen <chenhuacai(a)kernel.org> irqchip/loongson-liointc: Set different ISRs for different cores Yuntao Wang <ytcoode(a)gmail.com> cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: recover socket queue on CAN bus error during BAM transmission Shigeru Yoshida <syoshida(a)redhat.com> net: can: j1939: Initialize unused data in j1939_send_one() Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> tty: mcf: MCF54418 has 10 UARTS Dirk Su <dirk.su(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook 645/665 G11. Stefan Eichenberger <stefan.eichenberger(a)toradex.com> serial: imx: set receiver level before starting uart Udit Kumar <u-kumar1(a)ti.com> serial: 8250_omap: Implementation of Errata i2310 Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> usb: ucsi: stm32: fix command completion handling Jeremy Kerr <jk(a)codeconstruct.com.au> usb: gadget: aspeed_udc: fix device address configuration Meng Li <Meng.Li(a)windriver.com> usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix endpoint checking in cxacru_bind() Dan Carpenter <dan.carpenter(a)linaro.org> usb: musb: da8xx: fix a resource leak in probe() Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: fix races against disable Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: SS+ support Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: improve link status logs Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix sensor data read operation Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix overflows in compensate() functions Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix calibration data variable Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix pressure value output Alexander Sverdlin <alexander.sverdlin(a)siemens.com> iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF Fernando Yang <hagisf(a)usp.br> iio: adc: ad7266: Fix variable checking bug Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: discard write requests while old command is running Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: don't erase registers after STOP David Lechner <dlechner(a)baylibre.com> counter: ti-eqep: enable clock at probe Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Don't include ams_ctrl_channels in scan_mask Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not invert write-protect twice Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Kamal Dasu <kamal.dasu(a)broadcom.com> mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard Christoph Hellwig <hch(a)lst.de> nfs: drop the incorrect assertion in nfs_swap_rw() Jan Kara <jack(a)suse.cz> ocfs2: fix DIO failure due to insufficient transaction credits Johan Hovold <johan+linaro(a)kernel.org> pinctrl: qcom: spmi-gpio: drop broken pm8008 support Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> Revert "MIPS: pci: lantiq: restore reset gpio polarity" Arnd Bergmann <arnd(a)arndb.de> parisc: use generic sys_fanotify_mark implementation Linus Torvalds <torvalds(a)linux-foundation.org> x86: stop playing stack games in profile_pc() Stefan Berger <stefanb(a)linux.ibm.com> ima: Fix use-after-free on a dentry's dname.name Kees Cook <kees(a)kernel.org> randomize_kstack: Remove non-functional per-arch entropy filtering Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Andy Chiu <andy.chiu(a)sifive.com> riscv: stacktrace: convert arch_stack_walk() to noinstr Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix pci state save during mode-1 reset Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c Aleksandr Mishin <amishin(a)t-argos.ru> gpio: davinci: Validate the obtained number of IRQs Liu Ying <victor.liu(a)nxp.com> drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Hannes Reinecke <hare(a)suse.de> nvme: fixup comment for nvme RDMA Provider Type Erick Archer <erick.archer(a)outlook.com> drm/radeon/radeon_display: Decrease the size of allocated memory Andrew Davis <afd(a)ti.com> soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Ricardo Ribalda <ribalda(a)chromium.org> media: dvbdev: Initialize sbuf Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emux: improve patch ioctl data validation Joachim Vandersmissen <git(a)jvdsn.com> crypto: ecdh - explicitly zeroize private_key Dawei Li <dawei.li(a)shingroup.cn> net/dpaa2: Avoid explicit cpumask var allocation on stack Dawei Li <dawei.li(a)shingroup.cn> net/iucv: Avoid explicit cpumask var allocation on stack Wenchao Hao <haowenchao2(a)huawei.com> RDMA/restrack: Fix potential invalid address access Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode Anton Protopopov <aspsk(a)isovalent.com> bpf: Add a check for struct bpf_fib_lookup size Johannes Berg <johannes.berg(a)intel.com> wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() Denis Arefev <arefev(a)swemel.ru> mtd: partitions: redboot: Added conversion of operands to a larger type Uros Bizjak <ubizjak(a)gmail.com> x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup Maxime Coquelin <maxime.coquelin(a)redhat.com> vduse: Temporarily fail if control queue feature requested Maxime Coquelin <maxime.coquelin(a)redhat.com> vduse: validate block features only with block devices Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Christophe Leroy <christophe.leroy(a)csgroup.eu> bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() Yunseong Kim <yskelg(a)gmail.com> tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO Arnd Bergmann <arnd(a)arndb.de> powerpc: restore some missing spu syscalls Arnd Bergmann <arnd(a)arndb.de> parisc: use correct compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix old compat_sys_select() Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix wrong register write when masking interrupt luoxuanqiang <luoxuanqiang(a)kylinos.cn> Fix race for duplicate reqsk on identical SYN Daniil Dulov <d.dulov(a)aladdin.ru> xdp: Remove WARN() from __xdp_reg_mem_model() Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: dsa: microchip: use collision based back pressure mode Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: phy: micrel: add Microchip KSZ 9477 to the device table Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Free any outstanding tx skbs during scrq reset Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix overrunning reservations in ringbuf Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix initial port flush problem Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> ASoC: fsl-asoc-card: set priv->pdev before using it Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Add missing virt_to_phys() for directed DIBV Alibek Omarov <a1ba.omarov(a)gmail.com> ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use timestamp to check for set element timeout Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: i2c: atmel,at91sam: correct path to i2c-controller schema Rob Herring <robh(a)kernel.org> dt-bindings: i2c: Drop unneeded quotes Martin Schiller <ms(a)dev.tdt.de> MIPS: pci: lantiq: restore reset gpio polarity Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: use dedicated pinctrl type for RK3328 Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins Hagar Hemdan <hagarhem(a)amazon.com> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER John Keeping <jkeeping(a)inmusicbrands.com> Input: ili210x - fix ili251x_read_touch_data() return value Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Force StorageD3Enable on more products Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable Jan Beulich <jbeulich(a)suse.com> x86/mm/numa: Use NUMA_NO_NODE when calling memblock_set_node() Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: Ack also failed Get Error commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Never send a lone connector change ack ------------- Diffstat: .../bindings/i2c/amlogic,meson6-i2c.yaml | 4 +- .../devicetree/bindings/i2c/apple,i2c.yaml | 4 +- .../devicetree/bindings/i2c/atmel,at91sam-i2c.yaml | 2 +- .../devicetree/bindings/i2c/cdns,i2c-r1p10.yaml | 4 +- .../devicetree/bindings/i2c/i2c-mux-gpio.yaml | 4 +- .../bindings/i2c/qcom,i2c-geni-qcom.yaml | 4 +- .../devicetree/bindings/i2c/st,stm32-i2c.yaml | 2 +- .../bindings/i2c/xlnx,xps-iic-2.00.a.yaml | 4 +- Makefile | 4 +- arch/arm/boot/dts/rk3066a.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 18 +- arch/arm64/boot/dts/rockchip/rk3328-rock-pi-e.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 + arch/arm64/include/asm/unistd32.h | 2 +- arch/arm64/kernel/syscall.c | 16 +- arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/asm/syscalls.h | 6 + arch/hexagon/include/uapi/asm/unistd.h | 1 + arch/hexagon/kernel/syscalltab.c | 7 + arch/mips/kernel/syscalls/syscall_n32.tbl | 2 +- arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/parisc/Kconfig | 1 + arch/parisc/kernel/sys_parisc32.c | 9 - arch/parisc/kernel/syscalls/syscall.tbl | 6 +- arch/powerpc/kernel/syscalls/syscall.tbl | 6 +- arch/riscv/kernel/stacktrace.c | 2 +- arch/s390/include/asm/entry-common.h | 2 +- arch/s390/kernel/syscalls/syscall.tbl | 2 +- arch/s390/pci/pci_irq.c | 2 +- arch/sh/kernel/sys_sh32.c | 11 + arch/sh/kernel/syscalls/syscall.tbl | 3 +- arch/sparc/kernel/sys32.S | 221 ------------------ arch/sparc/kernel/syscalls/syscall.tbl | 8 +- arch/x86/entry/syscalls/syscall_32.tbl | 2 +- arch/x86/include/asm/efi.h | 11 + arch/x86/include/asm/entry-common.h | 15 +- arch/x86/kernel/fpu/core.c | 4 +- arch/x86/kernel/time.c | 20 +- arch/x86/mm/numa.c | 6 +- arch/x86/platform/efi/Makefile | 3 +- arch/x86/platform/efi/efi.c | 8 +- arch/x86/platform/efi/memmap.c | 249 +++++++++++++++++++++ crypto/ecdh.c | 2 + drivers/acpi/x86/utils.c | 23 +- drivers/ata/ahci.c | 17 +- drivers/ata/libata-core.c | 8 +- drivers/counter/ti-eqep.c | 6 + drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/intel_pstate.c | 13 +- drivers/firmware/efi/fdtparams.c | 4 + drivers/firmware/efi/memmap.c | 238 +------------------- drivers/gpio/gpio-davinci.c | 5 + drivers/gpio/gpiolib-cdev.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 68 +++--- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 18 +- drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 + drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 + drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 +- drivers/gpu/drm/panel/panel-simple.c | 1 + drivers/gpu/drm/radeon/radeon.h | 1 - drivers/gpu/drm/radeon/radeon_display.c | 8 +- drivers/i2c/i2c-slave-testunit.c | 5 +- drivers/iio/accel/Kconfig | 2 + drivers/iio/adc/ad7266.c | 2 + drivers/iio/adc/xilinx-ams.c | 8 +- drivers/iio/chemical/bme680.h | 2 + drivers/iio/chemical/bme680_core.c | 62 ++++- drivers/infiniband/core/restrack.c | 51 +---- drivers/input/touchscreen/ili210x.c | 4 +- drivers/irqchip/irq-loongson-liointc.c | 4 +- drivers/media/dvb-core/dvbdev.c | 2 +- drivers/mmc/host/sdhci-brcmstb.c | 4 + drivers/mmc/host/sdhci-pci-core.c | 11 +- drivers/mmc/host/sdhci.c | 25 ++- drivers/mtd/parsers/redboot.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 14 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 55 ++++- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 5 + drivers/net/dsa/microchip/ksz9477.c | 10 +- drivers/net/dsa/microchip/ksz9477_reg.h | 1 + drivers/net/dsa/microchip/ksz_common.c | 2 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 +- drivers/net/ethernet/ibm/ibmvnic.c | 6 + .../net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 20 +- drivers/net/phy/micrel.c | 1 + drivers/net/usb/ax88179_178a.c | 6 +- drivers/pinctrl/core.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 68 +++++- drivers/pinctrl/pinctrl-rockchip.h | 1 + drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 1 - drivers/pwm/pwm-stm32.c | 3 + drivers/soc/ti/wkup_m3_ipc.c | 7 +- drivers/tty/serial/8250/8250_omap.c | 25 ++- drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/mcf.c | 2 +- drivers/usb/atm/cxacru.c | 14 ++ drivers/usb/dwc3/core.c | 6 - drivers/usb/gadget/function/f_printer.c | 40 +++- drivers/usb/gadget/udc/aspeed_udc.c | 4 +- drivers/usb/musb/da8xx.c | 8 +- drivers/usb/typec/ucsi/ucsi.c | 55 +++-- drivers/usb/typec/ucsi/ucsi_stm32g0.c | 19 +- drivers/vdpa/vdpa_user/vduse_dev.c | 14 +- fs/btrfs/free-space-cache.c | 2 +- fs/gfs2/super.c | 2 + fs/nfs/direct.c | 2 - fs/ocfs2/aops.c | 5 + fs/ocfs2/journal.c | 17 ++ fs/ocfs2/journal.h | 2 + fs/ocfs2/ocfs2_trace.h | 2 + fs/open.c | 4 +- include/linux/compat.h | 2 +- include/linux/efi.h | 10 +- include/linux/filter.h | 5 +- include/linux/ieee80211.h | 2 +- include/linux/mmzone.h | 9 +- include/linux/nvme.h | 4 +- include/linux/syscalls.h | 8 +- include/net/inet_connection_sock.h | 2 +- include/net/netfilter/nf_tables.h | 21 +- include/trace/events/qdisc.h | 2 +- include/uapi/asm-generic/unistd.h | 2 +- kernel/bpf/core.c | 6 +- kernel/bpf/ringbuf.c | 31 ++- kernel/bpf/verifier.c | 8 +- kernel/cpu.c | 8 +- kernel/sys_ni.c | 2 +- mm/page_alloc.c | 8 +- net/batman-adv/originator.c | 27 +++ net/can/j1939/main.c | 6 +- net/can/j1939/transport.c | 21 +- net/core/filter.c | 3 + net/core/xdp.c | 4 +- net/dccp/ipv4.c | 7 +- net/dccp/ipv6.c | 7 +- net/ipv4/inet_connection_sock.c | 17 +- net/ipv4/tcp_input.c | 45 +++- net/iucv/iucv.c | 26 ++- net/netfilter/nf_tables_api.c | 12 +- net/netfilter/nft_lookup.c | 3 +- net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 18 +- net/netfilter/nft_set_rbtree.c | 6 +- scripts/Makefile.dtbinst | 2 +- security/integrity/ima/ima_api.c | 16 +- security/integrity/ima/ima_template_lib.c | 17 +- sound/pci/hda/patch_realtek.c | 3 + sound/soc/amd/acp/acp-i2s.c | 8 - sound/soc/fsl/fsl-asoc-card.c | 3 +- sound/soc/rockchip/rockchip_i2s_tdm.c | 13 +- sound/synth/emux/soundfont.c | 17 +- 153 files changed, 1232 insertions(+), 947 deletions(-)

10 months

15
144
0 0

[PATCH v2] net: ethernet: mtk_ppe: Change PPE entries number to 16K

by Shengyu Qu

MT7981,7986 and 7988 all supports 32768 PPE entries, and MT7621/MT7620 supports 16384 PPE entries, but only set to 8192 entries in driver. So incrase max entries to 16384 instead. Cc: stable(a)vger.kernel.org Signed-off-by: Elad Yifee <eladwf(a)gmail.com> Signed-off-by: Shengyu Qu <wiagn233(a)outlook.com> Fixes: ba37b7caf1ed ("net: ethernet: mtk_eth_soc: add support for initializing the PPE") --- Changes since V1: - Reduced max entries from 32768 to 16384 to keep compatible with MT7620/21 devices. - Add fixes tag --- drivers/net/ethernet/mediatek/mtk_ppe.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/mediatek/mtk_ppe.h b/drivers/net/ethernet/mediatek/mtk_ppe.h index 691806bca372..223f709e2704 100644 --- a/drivers/net/ethernet/mediatek/mtk_ppe.h +++ b/drivers/net/ethernet/mediatek/mtk_ppe.h @@ -8,7 +8,7 @@ #include <linux/bitfield.h> #include <linux/rhashtable.h> -#define MTK_PPE_ENTRIES_SHIFT 3 +#define MTK_PPE_ENTRIES_SHIFT 4 #define MTK_PPE_ENTRIES (1024 << MTK_PPE_ENTRIES_SHIFT) #define MTK_PPE_HASH_MASK (MTK_PPE_ENTRIES - 1) #define MTK_PPE_WAIT_TIMEOUT_US 1000000 -- 2.39.2

10 months

3
6
0 0

[PATCH] kobject_uevent: Fix OOB access within zap_modalias_env()

by Zijun Hu

zap_modalias_env() wrongly calculates size of memory block to move, so maybe cause OOB memory access issue, fixed by correcting size to memmove. Fixes: 9b3fa47d4a76 ("kobject: fix suppressing modalias in uevents delivered over netlink") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- lib/kobject_uevent.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c index 03b427e2707e..f153b4f9d4d9 100644 --- a/lib/kobject_uevent.c +++ b/lib/kobject_uevent.c @@ -434,7 +434,7 @@ static void zap_modalias_env(struct kobj_uevent_env *env) if (i != env->envp_idx - 1) { memmove(env->envp[i], env->envp[i + 1], - env->buflen - len); + env->buf + env->buflen - env->envp[i + 1]); for (j = i; j < env->envp_idx - 1; j++) env->envp[j] = env->envp[j + 1] - len; -- 2.7.4

10 months

4
10
0 0

[PATCH 6.6.y] ALSA: hda: i915: Allow override of gpu binding.

by kovalev＠altlinux.org

From: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> commit 2e8c90386db48e425997ca644fa40876b2058b30 upstream. Selecting CONFIG_DRM selects CONFIG_VIDEO_NOMODESET, which exports video_firmware_drivers_only(). This can be used as a first approximation on whether i915 will be available. It's safe to use as this is only built when CONFIG_SND_HDA_I915 is selected by CONFIG_I915. It's not completely fool proof, as you can boot with "nomodeset i915.modeset=1" to make i915 load regardless, or use "i915.force_probe=!*" to never load i915, but the common case of booting with nomodeset to disable all GPU drivers this will work as intended. Because of this, we add an extra module parameter, snd_hda_core.gpu_bind that can be used to signal users intent. -1 follows nomodeset, 0 disables binding, 1 forces wait/-EPROBE_DEFER on binding. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Reviewed-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Kai Vehmanen <kai.vehmanen(a)linux.intel.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Link: https://lore.kernel.org/r/20231009115437.99976-7-maarten.lankhorst@linux.in… Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- sound/hda/hdac_i915.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/sound/hda/hdac_i915.c b/sound/hda/hdac_i915.c index b428537f284c7..a4a712c795c3d 100644 --- a/sound/hda/hdac_i915.c +++ b/sound/hda/hdac_i915.c @@ -10,6 +10,12 @@ #include <sound/hdaudio.h> #include <sound/hda_i915.h> #include <sound/hda_register.h> +#include <video/nomodeset.h> + +static int gpu_bind = -1; +module_param(gpu_bind, int, 0644); +MODULE_PARM_DESC(gpu_bind, "Whether to bind sound component to GPU " + "(1=always, 0=never, -1=on nomodeset(default))"); /** * snd_hdac_i915_set_bclk - Reprogram BCLK for HSW/BDW @@ -122,6 +128,9 @@ static int i915_gfx_present(struct pci_dev *hdac_pci) { struct pci_dev *display_dev = NULL; + if (!gpu_bind || (gpu_bind < 0 && video_firmware_drivers_only())) + return false; + for_each_pci_dev(display_dev) { if (display_dev->vendor == PCI_VENDOR_ID_INTEL && (display_dev->class >> 16) == PCI_BASE_CLASS_DISPLAY && -- 2.33.8

10 months

1
1
0 0

[PATCH v2 1/2] sched.h: always_inline alloc_tag_{save|restore} to fix modpost warnings

by Suren Baghdasaryan

Mark alloc_tag_{save|restore} as always_inline to fix the following modpost warnings: WARNING: modpost: vmlinux: section mismatch in reference: alloc_tag_save+0x1c (section: .text.unlikely) -> initcall_level_names (section: .init.data) WARNING: modpost: vmlinux: section mismatch in reference: alloc_tag_restore+0x3c (section: .text.unlikely) -> initcall_level_names (section: .init.data) The warnings happen when these functions are called from an __init function and they don't get inlined (remain in the .text section) while the value returned by get_current() points into .init.data section. Assuming get_current() always returns a valid address, this situation can happen only during init stage and accessing .init.data from .text section during that stage should pose no issues. Fixes: 22d407b164ff ("lib: add allocation tagging support for memory allocation profiling") Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202407032306.gi9nZsBi-lkp@intel.com/ Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> --- Changes since v1 [1]: - Added the second patch to resolve follow-up warnings - Expanded changelog description, per Andrew Morton - CC'ed stable, per Andrew Morton - Added Fixes tag, per Andrew Morton [1] https://lore.kernel.org/all/20240703221520.4108464-1-surenb@google.com/ include/linux/sched.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/sched.h b/include/linux/sched.h index 61591ac6eab6..a5f4b48fca18 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -2192,13 +2192,13 @@ static inline int sched_core_idle_cpu(int cpu) { return idle_cpu(cpu); } extern void sched_set_stop_task(int cpu, struct task_struct *stop); #ifdef CONFIG_MEM_ALLOC_PROFILING -static inline struct alloc_tag *alloc_tag_save(struct alloc_tag *tag) +static __always_inline struct alloc_tag *alloc_tag_save(struct alloc_tag *tag) { swap(current->alloc_tag, tag); return tag; } -static inline void alloc_tag_restore(struct alloc_tag *tag, struct alloc_tag *old) +static __always_inline void alloc_tag_restore(struct alloc_tag *tag, struct alloc_tag *old) { #ifdef CONFIG_MEM_ALLOC_PROFILING_DEBUG WARN(current->alloc_tag != tag, "current->alloc_tag was changed:\n"); base-commit: 795c58e4c7fc6163d8fb9f2baa86cfe898fa4b19 -- 2.45.2.803.g4e1b14247a-goog

10 months

1
1
0 0

[PATCH v2 RESEND] drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes

by Ma Ke

In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 89c78134cc54 ("gma500: Add Poulsbo support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the patch according to suggestions; - added Fixes line; - added Cc stable. --- drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/gma500/psb_intel_lvds.c b/drivers/gpu/drm/gma500/psb_intel_lvds.c index 8486de230ec9..8d1be94a443b 100644 --- a/drivers/gpu/drm/gma500/psb_intel_lvds.c +++ b/drivers/gpu/drm/gma500/psb_intel_lvds.c @@ -504,6 +504,9 @@ static int psb_intel_lvds_get_modes(struct drm_connector *connector) if (mode_dev->panel_fixed_mode != NULL) { struct drm_display_mode *mode = drm_mode_duplicate(dev, mode_dev->panel_fixed_mode); + if (!mode) + return 0; + drm_mode_probed_add(connector, mode); return 1; } -- 2.25.1

10 months

1
0
0 0

[PATCHv5 3/4] x86/tdx: Dynamically disable SEPT violations from causing #VEs

by Kirill A. Shutemov

Memory access #VE's are hard for Linux to handle in contexts like the entry code or NMIs. But other OSes need them for functionality. There's a static (pre-guest-boot) way for a VMM to choose one or the other. But VMMs don't always know which OS they are booting, so they choose to deliver those #VE's so the "other" OSes will work. That, unfortunately has left us in the lurch and exposed to these hard-to-handle #VEs. The TDX module has introduced a new feature. Even if the static configuration is "send nasty #VE's", the kernel can dynamically request that they be disabled. Check if the feature is available and disable SEPT #VE if possible. If the TD allowed to disable/enable SEPT #VEs, the ATTR_SEPT_VE_DISABLE attribute is no longer reliable. It reflects the initial state of the control for the TD, but it will not be updated if someone (e.g. bootloader) changes it before the kernel starts. Kernel must check TDCS_TD_CTLS bit to determine if SEPT #VEs are enabled or disabled. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Fixes: 373e715e31bf ("x86/tdx: Panic on bad configs that #VE on "private" memory access") Cc: stable(a)vger.kernel.org --- arch/x86/coco/tdx/tdx.c | 76 ++++++++++++++++++++++++------- arch/x86/include/asm/shared/tdx.h | 10 +++- 2 files changed, 69 insertions(+), 17 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 08ce488b54d0..ba3103877b21 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -78,7 +78,7 @@ static inline void tdcall(u64 fn, struct tdx_module_args *args) } /* Read TD-scoped metadata */ -static inline u64 __maybe_unused tdg_vm_rd(u64 field, u64 *value) +static inline u64 tdg_vm_rd(u64 field, u64 *value) { struct tdx_module_args args = { .rdx = field, @@ -193,6 +193,62 @@ static void __noreturn tdx_panic(const char *msg) __tdx_hypercall(&args); } +/* + * The kernel cannot handle #VEs when accessing normal kernel memory. Ensure + * that no #VE will be delivered for accesses to TD-private memory. + * + * TDX 1.0 does not allow the guest to disable SEPT #VE on its own. The VMM + * controls if the guest will receive such #VE with TD attribute + * ATTR_SEPT_VE_DISABLE. + * + * Newer TDX module allows the guest to control if it wants to receive SEPT + * violation #VEs. + * + * Check if the feature is available and disable SEPT #VE if possible. + * + * If the TD allowed to disable/enable SEPT #VEs, the ATTR_SEPT_VE_DISABLE + * attribute is no longer reliable. It reflects the initial state of the + * control for the TD, but it will not be updated if someone (e.g. bootloader) + * changes it before the kernel starts. Kernel must check TDCS_TD_CTLS bit to + * determine if SEPT #VEs are enabled or disabled. + */ +static void disable_sept_ve(u64 td_attr) +{ + const char *msg = "TD misconfiguration: SEPT #VE has to be disabled"; + bool debug = td_attr & ATTR_DEBUG; + u64 config, controls; + + /* Is this TD allowed to disable SEPT #VE */ + tdg_vm_rd(TDCS_CONFIG_FLAGS, &config); + if (!(config & TDCS_CONFIG_FLEXIBLE_PENDING_VE)) { + /* No SEPT #VE controls for the guest: check the attribute */ + if (td_attr & ATTR_SEPT_VE_DISABLE) + return; + + /* Relax SEPT_VE_DISABLE check for debug TD for backtraces */ + if (debug) + pr_warn("%s\n", msg); + else + tdx_panic(msg); + return; + } + + /* Check if SEPT #VE has been disabled before us */ + tdg_vm_rd(TDCS_TD_CTLS, &controls); + if (controls & TD_CTLS_PENDING_VE_DISABLE) + return; + + /* Keep #VEs enabled for splats in debugging environments */ + if (debug) + return; + + /* Disable SEPT #VEs */ + tdg_vm_wr(TDCS_TD_CTLS, TD_CTLS_PENDING_VE_DISABLE, + TD_CTLS_PENDING_VE_DISABLE); + + return; +} + static void tdx_setup(u64 *cc_mask) { struct tdx_module_args args = {}; @@ -218,24 +274,12 @@ static void tdx_setup(u64 *cc_mask) gpa_width = args.rcx & GENMASK(5, 0); *cc_mask = BIT_ULL(gpa_width - 1); + td_attr = args.rdx; + /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); - /* - * The kernel can not handle #VE's when accessing normal kernel - * memory. Ensure that no #VE will be delivered for accesses to - * TD-private memory. Only VMM-shared memory (MMIO) will #VE. - */ - td_attr = args.rdx; - if (!(td_attr & ATTR_SEPT_VE_DISABLE)) { - const char *msg = "TD misconfiguration: SEPT_VE_DISABLE attribute must be set."; - - /* Relax SEPT_VE_DISABLE check for debug TD. */ - if (td_attr & ATTR_DEBUG) - pr_warn("%s\n", msg); - else - tdx_panic(msg); - } + disable_sept_ve(td_attr); } /* diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h index 7e12cfa28bec..fecb2a6e864b 100644 --- a/arch/x86/include/asm/shared/tdx.h +++ b/arch/x86/include/asm/shared/tdx.h @@ -19,9 +19,17 @@ #define TDG_VM_RD 7 #define TDG_VM_WR 8 -/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */ +/* TDX TD-Scope Metadata. To be used by TDG.VM.WR and TDG.VM.RD */ +#define TDCS_CONFIG_FLAGS 0x1110000300000016 +#define TDCS_TD_CTLS 0x1110000300000017 #define TDCS_NOTIFY_ENABLES 0x9100000000000010 +/* TDCS_CONFIG_FLAGS bits */ +#define TDCS_CONFIG_FLEXIBLE_PENDING_VE BIT_ULL(1) + +/* TDCS_TD_CTLS bits */ +#define TD_CTLS_PENDING_VE_DISABLE BIT_ULL(0) + /* TDX hypercall Leaf IDs */ #define TDVMCALL_MAP_GPA 0x10001 #define TDVMCALL_GET_QUOTE 0x10002 -- 2.43.0

10 months

3
5
0 0

[PATCH v2 RESEND] drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes

by Ma Ke

In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 6a227d5fd6c4 ("gma500: Add support for Cedarview") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the patch according to suggestions from other patchs; - added Fixes line; - added Cc stable; - Link: https://lore.kernel.org/lkml/20240622072514.1867582-1-make24@iscas.ac.cn/T/ --- drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/gma500/cdv_intel_lvds.c b/drivers/gpu/drm/gma500/cdv_intel_lvds.c index f08a6803dc18..3adc2c9ab72d 100644 --- a/drivers/gpu/drm/gma500/cdv_intel_lvds.c +++ b/drivers/gpu/drm/gma500/cdv_intel_lvds.c @@ -311,6 +311,9 @@ static int cdv_intel_lvds_get_modes(struct drm_connector *connector) if (mode_dev->panel_fixed_mode != NULL) { struct drm_display_mode *mode = drm_mode_duplicate(dev, mode_dev->panel_fixed_mode); + if (!mode) + return 0; + drm_mode_probed_add(connector, mode); return 1; } -- 2.25.1

10 months

1
0
0 0

[PATCH] acpi: Support CONFIG_ACPI without CONFIG_PCI

by Suraj Jitindar Singh

Make is possible to use ACPI without having CONFIG_PCI set. When initialising ACPI the following call chain occurs: acpi_init() -> acpi_bus_init() -> acpi_load_tables() -> acpi_ev_install_region_handlers() -> acpi_ev_install_region_handlers() calls acpi_ev_install_space_handler() on each of the default address spaces defined as: u8 acpi_gbl_default_address_spaces[ACPI_NUM_DEFAULT_SPACES] = { ACPI_ADR_SPACE_SYSTEM_MEMORY, ACPI_ADR_SPACE_SYSTEM_IO, ACPI_ADR_SPACE_PCI_CONFIG, ACPI_ADR_SPACE_DATA_TABLE }; However in acpi_ev_install_space_handler() the case statement for ACPI_ADR_SPACE_PCI_CONFIG is ifdef'd as: #ifdef ACPI_PCI_CONFIGURED case ACPI_ADR_SPACE_PCI_CONFIG: handler = acpi_ex_pci_config_space_handler; setup = acpi_ev_pci_config_region_setup; break; #endif ACPI_PCI_CONFIGURED is not defined if CONFIG_PCI is not enabled, thus the attempt to install the handler fails. Fix this by ifdef'ing ACPI_ADR_SPACE_PCI_CONFIG in the list of default address spaces. Fixes: bd23fac3eaaa ("ACPICA: Remove PCI bits from ACPICA when CONFIG_PCI is unset") CC: stable(a)vger.kernel.org # 5.0.x- Signed-off-by: Suraj Jitindar Singh <surajjs(a)amazon.com> --- drivers/acpi/acpica/evhandler.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/acpi/acpica/evhandler.c b/drivers/acpi/acpica/evhandler.c index 1c8cb6d924df..371093acb362 100644 --- a/drivers/acpi/acpica/evhandler.c +++ b/drivers/acpi/acpica/evhandler.c @@ -26,7 +26,9 @@ acpi_ev_install_handler(acpi_handle obj_handle, u8 acpi_gbl_default_address_spaces[ACPI_NUM_DEFAULT_SPACES] = { ACPI_ADR_SPACE_SYSTEM_MEMORY, ACPI_ADR_SPACE_SYSTEM_IO, +#ifdef ACPI_PCI_CONFIGURED ACPI_ADR_SPACE_PCI_CONFIG, +#endif ACPI_ADR_SPACE_DATA_TABLE }; -- 2.34.1

10 months

3
3
0 0

[PATCH] tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset()

by Yunseong Kim

Support backports for stable version. There are two places where null deref could happen before commit 2c92ca849fcc ("tracing/treewide: Remove second parameter of __assign_str()") Link: https://lore.kernel.org/linux-trace-kernel/20240516133454.681ba6a0@rorschac… I've checked +v6.1.82 +v6.6.22 +v6.7.10, +v6.8, +6.9, this version need to be applied, So, I applied the patch, tested it again, and confirmed working fine. Fixes: 51270d573a8d ("tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string") Link: https://lore.kernel.org/lkml/20240229143432.273b4871@gandalf.local.home/t/ Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # +v6.1.82 +v6.6.22 +v6.7.10, +v6.8, +6.9 Tested-by: Yunseong Kim <yskelg(a)gmail.com> Reviewed-by: Pedro Tammela <pctammela(a)mojatatu.com> Signed-off-by: Yunseong Kim <yskelg(a)gmail.com> Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> Link: https://lore.kernel.org/r/20240624173320.24945-4-yskelg@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/trace/events/qdisc.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/trace/events/qdisc.h b/include/trace/events/qdisc.h index 1f4258308b96..061fd4960303 100644 --- a/include/trace/events/qdisc.h +++ b/include/trace/events/qdisc.h @@ -81,14 +81,14 @@ TRACE_EVENT(qdisc_reset, TP_ARGS(q), TP_STRUCT__entry( - __string( dev, qdisc_dev(q)->name ) + __string( dev, qdisc_dev(q) ? qdisc_dev(q)->name : "(null)" ) __string( kind, q->ops->id ) __field( u32, parent ) __field( u32, handle ) ), TP_fast_assign( - __assign_str(dev, qdisc_dev(q)->name); + __assign_str(dev, qdisc_dev(q) ? qdisc_dev(q)->name : "(null)"); __assign_str(kind, q->ops->id); __entry->parent = q->parent; __entry->handle = q->handle; -- 2.45.2

10 months

3
4
0 0

[PATCH v2 2/3] serial: qcom-geni: fix hard lockup on buffer flush

by Johan Hovold

The Qualcomm GENI serial driver does not handle buffer flushing and used to continue printing discarded characters when the circular buffer was cleared. Since commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") this instead results in a hard lockup due to qcom_geni_serial_send_chunk_fifo() spinning indefinitely in the interrupt handler. This is easily triggered by interrupting a command such as dmesg in a serial console but can also happen when stopping a serial getty on reboot. Implement the flush_buffer() callback and use it to cancel any active TX command when the write buffer has been emptied. Reported-by: Douglas Anderson <dianders(a)chromium.org> Link: https://lore.kernel.org/lkml/20240610222515.3023730-1-dianders@chromium.org/ Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Cc: stable(a)vger.kernel.org # 5.0 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index a41360d34790..b2bbd2d79dbb 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -906,13 +906,17 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, else pending = kfifo_len(&tport->xmit_fifo); - /* All data has been transmitted and acknowledged as received */ - if (!pending && !status && done) { + /* All data has been transmitted or command has been cancelled */ + if (!pending && done) { qcom_geni_serial_stop_tx_fifo(uport); goto out_write_wakeup; } - avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + if (active) + avail = port->tx_fifo_depth - (status & TX_FIFO_WC); + else + avail = port->tx_fifo_depth; + avail *= BYTES_PER_FIFO_WORD; chunk = min(avail, pending); @@ -1091,6 +1095,11 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) qcom_geni_serial_cancel_tx_cmd(uport); } +static void qcom_geni_serial_flush_buffer(struct uart_port *uport) +{ + qcom_geni_serial_cancel_tx_cmd(uport); +} + static int qcom_geni_serial_port_setup(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); @@ -1547,6 +1556,7 @@ static const struct uart_ops qcom_geni_console_pops = { .request_port = qcom_geni_serial_request_port, .config_port = qcom_geni_serial_config_port, .shutdown = qcom_geni_serial_shutdown, + .flush_buffer = qcom_geni_serial_flush_buffer, .type = qcom_geni_serial_get_type, .set_mctrl = qcom_geni_serial_set_mctrl, .get_mctrl = qcom_geni_serial_get_mctrl, -- 2.44.1

10 months

1
0
0 0

[PATCH v2 1/3] serial: qcom-geni: fix soft lockup on sw flow control and suspend

by Johan Hovold

The stop_tx() callback is used to implement software flow control and must not discard data as the Qualcomm GENI driver is currently doing when there is an active TX command. Cancelling an active command can also leave data in the hardware FIFO, which prevents the watermark interrupt from being enabled when TX is later restarted. This results in a soft lockup and is easily triggered by stopping TX using software flow control in a serial console but this can also happen after suspend. Fix this by only stopping any active command, and effectively clearing the hardware fifo, when shutting down the port. When TX is later restarted, a transfer command may need to be issued to discard any stale data that could prevent the watermark interrupt from firing. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 33 +++++++++++++++++++-------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 2bd25afe0d92..a41360d34790 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -649,15 +649,25 @@ static void qcom_geni_serial_start_tx_dma(struct uart_port *uport) static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) { + unsigned char c; u32 irq_en; - if (qcom_geni_serial_main_active(uport) || - !qcom_geni_serial_tx_empty(uport)) - return; + /* + * Start a new transfer in case the previous command was cancelled and + * left data in the FIFO which may prevent the watermark interrupt + * from triggering. Note that the stale data is discarded. + */ + if (!qcom_geni_serial_main_active(uport) && + !qcom_geni_serial_tx_empty(uport)) { + if (uart_fifo_out(uport, &c, 1) == 1) { + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + qcom_geni_serial_setup_tx(uport, 1); + writel(c, uport->membase + SE_GENI_TX_FIFOn); + } + } irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en |= M_TX_FIFO_WATERMARK_EN | M_CMD_DONE_EN; - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } @@ -665,13 +675,17 @@ static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) { u32 irq_en; - struct qcom_geni_serial_port *port = to_dev_port(uport); irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en &= ~(M_CMD_DONE_EN | M_TX_FIFO_WATERMARK_EN); writel(0, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); - /* Possible stop tx is called multiple times. */ +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + if (!qcom_geni_serial_main_active(uport)) return; @@ -684,6 +698,8 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + + port->tx_remaining = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -1069,11 +1085,10 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) { disable_irq(uport->irq); - if (uart_console(uport)) - return; - qcom_geni_serial_stop_tx(uport); qcom_geni_serial_stop_rx(uport); + + qcom_geni_serial_cancel_tx_cmd(uport); } static int qcom_geni_serial_port_setup(struct uart_port *uport) -- 2.44.1

10 months

1
0
0 0

[PATCH 2/3] serial: qcom-geni: fix soft lockup on sw flow control and suspend

by Johan Hovold

The stop_tx() callback is used to implement software flow control and must not discard data as the Qualcomm GENI driver is currently doing when there is an active TX command. Cancelling an active command can also leave data in the hardware FIFO, which prevents the watermark interrupt from being enabled when TX is later restarted. This results in a soft lockup and is easily triggered by stopping TX using software flow control in a serial console but this can also happen after suspend. Fix this by only stopping any active command, and effectively clearing the hardware fifo, when shutting down the port. Make sure to temporarily raise the watermark level so that the interrupt fires when TX is restarted. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 28 +++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 1d5d6045879a..72addeb9f461 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -651,13 +651,8 @@ static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) { u32 irq_en; - if (qcom_geni_serial_main_active(uport) || - !qcom_geni_serial_tx_empty(uport)) - return; - irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en |= M_TX_FIFO_WATERMARK_EN | M_CMD_DONE_EN; - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } @@ -665,16 +660,28 @@ static void qcom_geni_serial_start_tx_fifo(struct uart_port *uport) static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) { u32 irq_en; - struct qcom_geni_serial_port *port = to_dev_port(uport); irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); irq_en &= ~(M_CMD_DONE_EN | M_TX_FIFO_WATERMARK_EN); writel(0, uport->membase + SE_GENI_TX_WATERMARK_REG); writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); - /* Possible stop tx is called multiple times. */ +} + +static void qcom_geni_serial_clear_tx_fifo(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + if (!qcom_geni_serial_main_active(uport)) return; + /* + * Increase watermark level so that TX can be restarted and wait for + * sequencer to start to prevent lockups. + */ + writel(port->tx_fifo_depth, uport->membase + SE_GENI_TX_WATERMARK_REG); + qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, + M_TX_FIFO_WATERMARK_EN, true); + geni_se_cancel_m_cmd(&port->se); if (!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_CANCEL_EN, true)) { @@ -684,6 +691,8 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); + + port->tx_remaining = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -1069,11 +1078,10 @@ static void qcom_geni_serial_shutdown(struct uart_port *uport) { disable_irq(uport->irq); - if (uart_console(uport)) - return; - qcom_geni_serial_stop_tx(uport); qcom_geni_serial_stop_rx(uport); + + qcom_geni_serial_clear_tx_fifo(uport); } static int qcom_geni_serial_port_setup(struct uart_port *uport) -- 2.44.1

10 months

3
5
0 0

[PATCH 5.4 000/189] 5.4.279-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.279 release. There are 189 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Jul 2024 10:28:06 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.279-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.279-rc1 Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Add sound-dai-cells for RK3368 Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix data races around icsk->icsk_af_ops. Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix data races around sk->sk_prot. Eric Dumazet <edumazet(a)google.com> ipv6: annotate some data-races around sk->sk_prot Matthew Wilcox (Oracle) <willy(a)infradead.org> nfs: Leave pages in the pagecache if readpage failed Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Refuse too small period requests Jaime Liao <jaimeliao(a)mxic.com.tw> mtd: spinand: macronix: Add support for serial NAND flash Arnd Bergmann <arnd(a)arndb.de> ftruncate: pass a signed offset Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix double free on error Sven Eckelmann <sven(a)narfation.org> batman-adv: Don't accept TT entries for out-of-spec VIDs Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes Arnd Bergmann <arnd(a)arndb.de> hexagon: fix fadvise64_64 calling conventions Arnd Bergmann <arnd(a)arndb.de> csky, hexagon: fix broken sys_sync_file_range Arnd Bergmann <arnd(a)arndb.de> sh: rework sync_file_range ABI Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: recover socket queue on CAN bus error during BAM transmission Shigeru Yoshida <syoshida(a)redhat.com> net: can: j1939: Initialize unused data in j1939_send_one() Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> tty: mcf: MCF54418 has 10 UARTS Stefan Eichenberger <stefan.eichenberger(a)toradex.com> serial: imx: set receiver level before starting uart Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix endpoint checking in cxacru_bind() Dan Carpenter <dan.carpenter(a)linaro.org> usb: musb: da8xx: fix a resource leak in probe() Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: SS+ support Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: improve link status logs Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix sensor data read operation Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix overflows in compensate() functions Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix calibration data variable Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix pressure value output Fernando Yang <hagisf(a)usp.br> iio: adc: ad7266: Fix variable checking bug Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not invert write-protect twice Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Linus Torvalds <torvalds(a)linux-foundation.org> x86: stop playing stack games in profile_pc() Aleksandr Mishin <amishin(a)t-argos.ru> gpio: davinci: Validate the obtained number of IRQs Hannes Reinecke <hare(a)suse.de> nvme: fixup comment for nvme RDMA Provider Type Andrew Davis <afd(a)ti.com> soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Ricardo Ribalda <ribalda(a)chromium.org> media: dvbdev: Initialize sbuf Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emux: improve patch ioctl data validation Dawei Li <dawei.li(a)shingroup.cn> net/dpaa2: Avoid explicit cpumask var allocation on stack Dawei Li <dawei.li(a)shingroup.cn> net/iucv: Avoid explicit cpumask var allocation on stack Denis Arefev <arefev(a)swemel.ru> mtd: partitions: redboot: Added conversion of operands to a larger type Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Arnd Bergmann <arnd(a)arndb.de> parisc: use correct compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix old compat_sys_select() Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: phy: micrel: add Microchip KSZ 9477 to the device table Divya Koppera <Divya.Koppera(a)microchip.com> net: phy: mchp: Add support for LAN8814 QUAD PHY Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix initial port flush problem Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> ASoC: fsl-asoc-card: set priv->pdev before using it Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate family when identifying table via handle Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix UBSAN warning in kv_dpm.c Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins Hagar Hemdan <hagarhem(a)amazon.com> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER Marc Ferland <marc.ferland(a)sonatest.com> iio: dac: ad5592r: fix temperature channel scaling value Alexandru Ardelean <alexandru.ardelean(a)analog.com> iio: dac: ad5592r: un-indent code-block for scale read Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Check for invalid SMN reads Naveen Naidu <naveennaidu479(a)gmail.com> PCI: Add PCI_ERROR_RESPONSE and related definitions Haifeng Xu <haifeng.xu(a)shopee.com> perf/core: Fix missing wakeup when waiting for context reference Matthias Maennich <maennich(a)google.com> kheaders: explicitly define file modes for archived headers Masahiro Yamada <masahiroy(a)kernel.org> Revert "kheaders: substituting --sort in archive creation" Jeff Johnson <quic_jjohnson(a)quicinc.com> tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test Harald Freudenberger <freude(a)linux.ibm.com> s390/cpacf: Make use of invalid opcode produce a link error Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: qcs404: fix bluetooth device address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdkv310: fix keypad no-autorepeat Grygorii Tertychnyi <grembeter(a)gmail.com> i2c: ocores: set IACK bit after core is enabled Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 14 Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: fix UBSAN warning in kv_dpm.c Raju Rangoju <Raju.Rangoju(a)amd.com> ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix missing kmem_cache_destroy() Biju Das <biju.das.jz(a)bp.renesas.com> regulator: core: Fix modpost error "regulator_get_regmap" undefined Oliver Neukum <oneukum(a)suse.com> net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix suspicious rcu_dereference_protected() Heng Qi <hengqi(a)linux.alibaba.com> virtio_net: checksum offloading handling fix David Ruth <druth(a)chromium.org> net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_api: rely on rcu in tcf_idr_check_alloc Yue Haibing <yuehaibing(a)huawei.com> netns: Make get_net_ns() handle zero refcount net Eric Dumazet <edumazet(a)google.com> xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL dereference in rt6_probe() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL deref in fib6_nh_init() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> netrom: Fix a memory leak in nr_heartbeat_expiry() Ondrej Mosnacek <omosnace(a)redhat.com> cipso: fix total option length computation Christian Marangi <ansuelsmth(a)gmail.com> mips: bmips: BCM6358: make sure CBR is correctly set Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> MIPS: Routerboard 532: Fix vendor retry check code Songyang Li <leesongyang(a)outlook.com> MIPS: Octeon: Add PCIe link status check Mario Limonciello <mario.limonciello(a)amd.com> PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports Roman Smirnov <r.smirnov(a)omp.ru> udf: udftime: prevent overflow in udf_disk_stamp_to_time() Alex Henrie <alexhenrie24(a)gmail.com> usb: misc: uss720: check for incompatible versions of the Belkin F5U002 Michael Ellerman <mpe(a)ellerman.id.au> powerpc/io: Avoid clang null pointer arithmetic warnings Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries: Enforce hcall result buffer validity and size Uri Arev <me(a)wantyapps.xyz> Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl Manish Rangankar <mrangankar(a)marvell.com> scsi: qedi: Fix crash while reading debugfs attribute Wander Lairson Costa <wander(a)redhat.com> drop_monitor: replace spin_lock by raw_spin_lock Eric Dumazet <edumazet(a)google.com> batman-adv: bypass empty buckets in batadv_purge_orig_ref() Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment Jean Delvare <jdelvare(a)suse.de> i2c: at91: Fix the functionality flags of the slave-only interface Shichao Lai <shichaorai(a)gmail.com> usb-storage: alauda: Check whether the media is initialized Sicong Huang <congei42(a)163.com> greybus: Fix use-after-free bug in gb_interface_release due to race condition. Florian Westphal <fw(a)strlen.de> netfilter: nftables: exthdr: fix 4-byte stack OOB write Matthias Goergens <matthias.goergens(a)gmail.com> hugetlb_encode.h: fix undefined behaviour (34 << 26) Vineeth Pillai <viremana(a)linux.microsoft.com> hv_utils: drain the timesync packets on onchannelcallback Oleg Nesterov <oleg(a)redhat.com> tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential kernel bug due to lack of writeback flag waiting Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Lunar Lake support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Sapphire Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids support Nuno Sa <nuno.sa(a)analog.com> dmaengine: axi-dmac: fix possible race in remove() Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Su Yue <glass.su(a)suse.com> ocfs2: fix races between hole punching and AIO+DIO Su Yue <glass.su(a)suse.com> ocfs2: use coarse time for new created files Rik van Riel <riel(a)surriel.com> fs/proc: fix softlockup in __read_vmcore Hagar Gamal Halim Hemdan <hagarhem(a)amazon.com> vmci: prevent speculation leaks by sanitizing event in event_deliver() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing/selftests: Fix kprobe event name test for .isra. functions Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found Jani Nikula <jani.nikula(a)intel.com> drm/exynos/vidi: fix memory leak in .get_modes() Dirk Behme <dirk.behme(a)de.bosch.com> drivers: core: synchronize really_probe() and dev_uevent() Taehee Yoo <ap420073(a)gmail.com> ionic: fix use after netif_napi_del() Petr Pavlu <petr.pavlu(a)suse.com> net/ipv6: Fix the RT cache flush via sysctl using a previous delay Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_v6_syn_recv_sock() Adam Miotk <adam.miotk(a)arm.com> drm/bridge/panel: Fix runtime warning on panel bridge release Amjad Ouled-Ameur <amjad.ouled-ameur(a)arm.com> drm/komeda: check for error-valued pointer Aleksandr Mishin <amishin(a)t-argos.ru> liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet José Expósito <jose.exposito89(a)gmail.com> HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Return right value in iommu_sva_bind_device() Kun(llfl) <llfl(a)linux.alibaba.com> iommu/amd: Fix sysfs leak in iommu init Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: core: remove unnecessary WARN_ON() in implement() Gregor Herburger <gregor.herburger(a)tq-group.com> gpio: tqmx86: fix typo in Kconfig label Chen Hanxiao <chenhx.fnst(a)fujitsu.com> SUNRPC: return proper error from gss_wrap_req_priv Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: try trimming too long modalias strings Breno Leitao <leitao(a)debian.org> scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply broken streams quirk to Etron EJ188 xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply reset resume quirk to Etron EJ188 xHCI host Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set correct transferred length for cancelled bulk transfers Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> jfs: xattr: fix buffer overflow for invalid xattr Tomas Winkler <tomas.winkler(a)intel.com> mei: me: release irq in mei_me_pci_resume error path Alan Stern <stern(a)rowland.harvard.edu> USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: return the mapped address from nilfs_get_page() Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: Remove check for PageError Harald Freudenberger <freude(a)linux.ibm.com> s390/cpacf: Split and rework cpacf query functions Heiko Carstens <hca(a)linux.ibm.com> s390/cpacf: get rid of register asm Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix bogus test success on Aarch64 Mark Brown <broonie(a)kernel.org> selftests/mm: log a consistent test name for check_compaction Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: conform test to TAP format output Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: replace hardcoded divisor value with BIT() macro George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Peter Ujfalusi <peter.ujfalusi(a)ti.com> ASoC: ti: davinci-mcasp: Handle missing required DT properties Peter Ujfalusi <peter.ujfalusi(a)ti.com> ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling Peter Ujfalusi <peter.ujfalusi(a)ti.com> ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing Peter Ujfalusi <peter.ujfalusi(a)ti.com> ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional Zhang Qilong <zhangqilong3(a)huawei.com> ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params Colin Ian King <colin.king(a)canonical.com> ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Eric Dumazet <edumazet(a)google.com> ipv6: fix possible race in __fib6_drop_pcpu_from() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). Karol Kolacinski <karol.kolacinski(a)intel.com> ptp: Fix error message on failed pin verification Eric Dumazet <edumazet(a)google.com> net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Stop waiting for PCI if pci channel is offline Jason Xing <kernelxing(a)tencent.com> tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Hangyu Hua <hbh25y(a)gmail.com> net: sched: sch_multiq: fix possible OOB write in multiq_tune() Eric Dumazet <edumazet(a)google.com> ipv6: sr: block BH in seg6_output_core() and seg6_input_core() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't read past the mfuart notifcation Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 Lin Ma <linma(a)zju.edu.cn> wifi: cfg80211: pmsr: use correct nla_get_uX functions Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/exynos4210-smdkv310.dts | 2 +- arch/arm/boot/dts/exynos4412-origen.dts | 2 +- arch/arm/boot/dts/exynos4412-smdk4412.dts | 2 +- arch/arm/boot/dts/rk3066a.dtsi | 1 + arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 + arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/asm/syscalls.h | 6 + arch/hexagon/include/uapi/asm/unistd.h | 1 + arch/hexagon/kernel/syscalltab.c | 7 + arch/mips/bmips/setup.c | 3 +- arch/mips/pci/ops-rc32434.c | 4 +- arch/mips/pci/pcie-octeon.c | 6 + arch/parisc/kernel/syscalls/syscall.tbl | 4 +- arch/powerpc/include/asm/hvcall.h | 8 +- arch/powerpc/include/asm/io.h | 24 +- arch/s390/include/asm/cpacf.h | 307 ++++++++++++-------- arch/sh/kernel/sys_sh32.c | 11 + arch/sh/kernel/syscalls/syscall.tbl | 3 +- arch/sparc/kernel/syscalls/syscall.tbl | 2 +- arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/time.c | 20 +- drivers/acpi/acpica/exregion.c | 23 +- drivers/ata/libata-core.c | 8 +- drivers/base/core.c | 3 + drivers/bluetooth/ath3k.c | 25 +- drivers/dma/dma-axi-dmac.c | 2 +- drivers/dma/ioat/init.c | 1 + drivers/gpio/Kconfig | 2 +- drivers/gpio/gpio-davinci.c | 5 + drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 2 + .../amd/display/dc/dcn10/dcn10_stream_encoder.c | 6 + .../drm/arm/display/komeda/komeda_pipeline_state.c | 2 +- drivers/gpu/drm/bridge/panel.c | 7 +- drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 7 +- drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 + drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 +- drivers/gpu/drm/radeon/sumo_dpm.c | 2 + drivers/greybus/interface.c | 1 + drivers/hid/hid-core.c | 1 - drivers/hid/hid-logitech-dj.c | 4 +- drivers/hv/hv_util.c | 19 +- drivers/hwtracing/intel_th/pci.c | 25 ++ drivers/i2c/busses/i2c-at91-slave.c | 3 +- drivers/i2c/busses/i2c-ocores.c | 2 +- drivers/iio/adc/ad7266.c | 2 + drivers/iio/chemical/bme680.h | 2 + drivers/iio/chemical/bme680_core.c | 62 +++- drivers/iio/dac/ad5592r-base.c | 62 ++-- drivers/iio/dac/ad5592r-base.h | 1 + drivers/input/input.c | 105 ++++++- drivers/iommu/amd_iommu_init.c | 9 + drivers/media/dvb-core/dvbdev.c | 2 +- drivers/misc/mei/pci-me.c | 4 +- drivers/misc/vmw_vmci/vmci_event.c | 6 +- drivers/mmc/host/sdhci-pci-core.c | 11 +- drivers/mmc/host/sdhci.c | 25 +- drivers/mtd/nand/spi/macronix.c | 99 +++++++ drivers/mtd/parsers/redboot.c | 2 +- drivers/net/dsa/microchip/ksz9477.c | 6 +- drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/fw.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/health.c | 8 + .../net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 4 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 +- drivers/net/phy/micrel.c | 15 + drivers/net/usb/ax88179_178a.c | 6 +- drivers/net/usb/rtl8150.c | 3 +- drivers/net/virtio_net.c | 12 +- drivers/net/vxlan.c | 4 + drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 - drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 +- drivers/pci/controller/pcie-rockchip-ep.c | 6 +- drivers/pci/pci.c | 12 + drivers/pinctrl/core.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 63 ++++- drivers/ptp/ptp_chardev.c | 3 +- drivers/pwm/pwm-stm32.c | 3 + drivers/regulator/core.c | 1 + drivers/scsi/mpt3sas/mpt3sas_base.c | 19 ++ drivers/scsi/qedi/qedi_debugfs.c | 12 +- drivers/soc/ti/wkup_m3_ipc.c | 7 +- drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/mcf.c | 2 +- drivers/tty/serial/sc16is7xx.c | 25 +- drivers/usb/atm/cxacru.c | 14 + drivers/usb/class/cdc-wdm.c | 4 +- drivers/usb/gadget/function/f_fs.c | 4 + drivers/usb/gadget/function/f_printer.c | 1 + drivers/usb/host/xhci-pci.c | 7 + drivers/usb/host/xhci-ring.c | 5 +- drivers/usb/misc/uss720.c | 22 +- drivers/usb/musb/da8xx.c | 8 +- drivers/usb/storage/alauda.c | 9 +- fs/jfs/xattr.c | 4 +- fs/nfs/read.c | 4 - fs/nilfs2/dir.c | 59 ++-- fs/nilfs2/segment.c | 3 + fs/ocfs2/file.c | 2 + fs/ocfs2/namei.c | 2 +- fs/open.c | 4 +- fs/proc/vmcore.c | 2 + fs/udf/udftime.c | 11 +- include/linux/compat.h | 2 +- include/linux/iommu.h | 2 +- include/linux/micrel_phy.h | 1 + include/linux/nvme.h | 4 +- include/linux/pci.h | 9 + include/linux/syscalls.h | 2 +- include/net/bluetooth/hci_core.h | 36 ++- include/net/netfilter/nf_tables.h | 5 + include/uapi/asm-generic/hugetlb_encode.h | 24 +- kernel/events/core.c | 13 + kernel/gcov/gcc_4_7.c | 4 +- kernel/gen_kheaders.sh | 9 +- kernel/rcu/rcutorture.c | 3 +- kernel/time/tick-common.c | 42 +-- kernel/trace/preemptirq_delay_test.c | 1 + net/batman-adv/originator.c | 29 ++ net/bluetooth/l2cap_core.c | 8 +- net/can/j1939/main.c | 6 +- net/can/j1939/transport.c | 21 +- net/core/drop_monitor.c | 20 +- net/core/net_namespace.c | 9 +- net/core/sock.c | 6 +- net/ipv4/af_inet.c | 23 +- net/ipv4/cipso_ipv4.c | 12 +- net/ipv4/tcp.c | 16 +- net/ipv6/af_inet6.c | 24 +- net/ipv6/ip6_fib.c | 6 +- net/ipv6/ipv6_sockglue.c | 9 +- net/ipv6/route.c | 9 +- net/ipv6/seg6_iptunnel.c | 14 +- net/ipv6/tcp_ipv6.c | 9 +- net/ipv6/xfrm6_policy.c | 8 +- net/iucv/iucv.c | 26 +- net/mac80211/mesh_pathtbl.c | 13 + net/mac80211/sta_info.c | 4 +- net/netfilter/ipset/ip_set_core.c | 104 ++++--- net/netfilter/ipset/ip_set_list_set.c | 30 +- net/netfilter/nf_tables_api.c | 13 +- net/netfilter/nft_exthdr.c | 17 +- net/netfilter/nft_lookup.c | 3 +- net/netrom/nr_timer.c | 3 +- net/sched/act_api.c | 66 +++-- net/sched/sch_multiq.c | 2 +- net/sched/sch_taprio.c | 15 +- net/sunrpc/auth_gss/auth_gss.c | 4 +- net/unix/af_unix.c | 47 ++-- net/unix/diag.c | 12 +- net/wireless/pmsr.c | 8 +- sound/soc/fsl/fsl-asoc-card.c | 3 +- sound/soc/ti/davinci-mcasp.c | 312 +++++++++------------ sound/synth/emux/soundfont.c | 17 +- tools/include/asm-generic/hugetlb_encode.h | 20 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 +- .../ftrace/test.d/kprobe/kprobe_eventname.tc | 3 +- tools/testing/selftests/vm/compaction_test.c | 108 +++---- 163 files changed, 1693 insertions(+), 968 deletions(-)

10 months

7
198
0 0

[PATCH 5.10 000/290] 5.10.221-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.221 release. There are 290 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Jul 2024 10:28:12 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.221-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.221-rc1 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xdp: xdp_mem_allocator can be NULL in trace_mem_connect(). Alex Bee <knaerzche(a)gmail.com> arm64: dts: rockchip: Add sound-dai-cells for RK3368 Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption Ard Biesheuvel <ardb(a)kernel.org> efi/x86: Free EFI memory map only when installing a new one. Ard Biesheuvel <ardb(a)kernel.org> efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures Ard Biesheuvel <ardb(a)kernel.org> efi: memmap: Move manipulation routines into x86 arch tree Liu Zixian <liuzixian4(a)huawei.com> efi: Correct comment on efi_memmap_alloc Zheng Zhi Yuan <kevinjone25(a)g.ncu.edu.tw> drivers: fix typo in firmware/efi/memmap.c Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix data races around icsk->icsk_af_ops. Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix data races around sk->sk_prot. Eric Dumazet <edumazet(a)google.com> ipv6: annotate some data-races around sk->sk_prot Matthew Wilcox (Oracle) <willy(a)infradead.org> nfs: Leave pages in the pagecache if readpage failed Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Refuse too small period requests Jaime Liao <jaimeliao(a)mxic.com.tw> mtd: spinand: macronix: Add support for serial NAND flash Arnd Bergmann <arnd(a)arndb.de> syscalls: fix compat_sys_io_pgetevents_time64 usage Arnd Bergmann <arnd(a)arndb.de> ftruncate: pass a signed offset Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix double free on error Niklas Cassel <cassel(a)kernel.org> ata: ahci: Clean up sysfs file on error Sven Eckelmann <sven(a)narfation.org> batman-adv: Don't accept TT entries for out-of-spec VIDs Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix potential UAF by revoke of fence registers Ma Ke <make24(a)iscas.ac.cn> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes Arnd Bergmann <arnd(a)arndb.de> hexagon: fix fadvise64_64 calling conventions Arnd Bergmann <arnd(a)arndb.de> csky, hexagon: fix broken sys_sync_file_range Arnd Bergmann <arnd(a)arndb.de> sh: rework sync_file_range ABI Dragan Simic <dsimic(a)manjaro.org> kbuild: Install dtb files as 0644 in Makefile.dtbinst Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new Oleksij Rempel <linux(a)rempel-privat.de> net: can: j1939: recover socket queue on CAN bus error during BAM transmission Shigeru Yoshida <syoshida(a)redhat.com> net: can: j1939: Initialize unused data in j1939_send_one() Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> tty: mcf: MCF54418 has 10 UARTS Stefan Eichenberger <stefan.eichenberger(a)toradex.com> serial: imx: set receiver level before starting uart Udit Kumar <u-kumar1(a)ti.com> serial: 8250_omap: Implementation of Errata i2310 Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> usb: atm: cxacru: fix endpoint checking in cxacru_bind() Dan Carpenter <dan.carpenter(a)linaro.org> usb: musb: da8xx: fix a resource leak in probe() Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: fix races against disable Oliver Neukum <oneukum(a)suse.com> usb: gadget: printer: SS+ support Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: improve link status logs Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix sensor data read operation Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix overflows in compensate() functions Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix calibration data variable Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix pressure value output Fernando Yang <hagisf(a)usp.br> iio: adc: ad7266: Fix variable checking bug David Lechner <dlechner(a)baylibre.com> counter: ti-eqep: enable clock at probe Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Do not invert write-protect twice Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos Jan Kara <jack(a)suse.cz> ocfs2: fix DIO failure due to insufficient transaction credits Linus Torvalds <torvalds(a)linux-foundation.org> x86: stop playing stack games in profile_pc() Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) Aleksandr Mishin <amishin(a)t-argos.ru> gpio: davinci: Validate the obtained number of IRQs Liu Ying <victor.liu(a)nxp.com> drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA Hannes Reinecke <hare(a)suse.de> nvme: fixup comment for nvme RDMA Provider Type Erick Archer <erick.archer(a)outlook.com> drm/radeon/radeon_display: Decrease the size of allocated memory Andrew Davis <afd(a)ti.com> soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message Ricardo Ribalda <ribalda(a)chromium.org> media: dvbdev: Initialize sbuf Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emux: improve patch ioctl data validation Dawei Li <dawei.li(a)shingroup.cn> net/dpaa2: Avoid explicit cpumask var allocation on stack Dawei Li <dawei.li(a)shingroup.cn> net/iucv: Avoid explicit cpumask var allocation on stack Anton Protopopov <aspsk(a)isovalent.com> bpf: Add a check for struct bpf_fib_lookup size Denis Arefev <arefev(a)swemel.ru> mtd: partitions: redboot: Added conversion of operands to a larger type Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep Yunseong Kim <yskelg(a)gmail.com> tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Arnd Bergmann <arnd(a)arndb.de> parisc: use correct compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix compat recv/recvfrom syscalls Arnd Bergmann <arnd(a)arndb.de> sparc: fix old compat_sys_select() Daniil Dulov <d.dulov(a)aladdin.ru> xdp: Remove WARN() from __xdp_reg_mem_model() Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: Allow registering memory model without rxq reference Jakub Kicinski <kuba(a)kernel.org> xdp: Move the rxq_info.mem clearing to unreg_mem_model() Enguerrand de Ribaucourt <enguerrand.de-ribaucourt(a)savoirfairelinux.com> net: phy: micrel: add Microchip KSZ 9477 to the device table Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: fix initial port flush problem Elinor Montmasson <elinor.montmasson(a)savoirfairelinux.com> ASoC: fsl-asoc-card: set priv->pdev before using it Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix svcxdr_init_encode's buflen calculation Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() Yunjian Wang <wangyunjian(a)huawei.com> SUNRPC: Fix null pointer dereference in svc_rqst_free() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate family when identifying table via handle Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix UBSAN warning in kv_dpm.c Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: use dedicated pinctrl type for RK3328 Jianqun Xu <jay.xu(a)rock-chips.com> pinctrl/rockchip: separate struct rockchip_pin_bank to a head file Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins Hagar Hemdan <hagarhem(a)amazon.com> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER John Keeping <jkeeping(a)inmusicbrands.com> Input: ili210x - fix ili251x_read_touch_data() return value Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Force StorageD3Enable on more products Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Add another system to quirk list for forcing StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable Mario Limonciello <mario.limonciello(a)amd.com> ACPI: Add quirks for AMD Renoir/Lucienne CPUs to force the D3 hint Jan Beulich <jbeulich(a)suse.com> x86/mm/numa: Use NUMA_NO_NODE when calling memblock_set_node() Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix deadlock in smb2_find_smb_tcon() Shyam Prasad N <sprasad(a)microsoft.com> cifs: missed ref-counting smb session in find Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_nb: Check for invalid SMN reads Naveen Naidu <naveennaidu479(a)gmail.com> PCI: Add PCI_ERROR_RESPONSE and related definitions Haifeng Xu <haifeng.xu(a)shopee.com> perf/core: Fix missing wakeup when waiting for context reference Matthias Maennich <maennich(a)google.com> kheaders: explicitly define file modes for archived headers Masahiro Yamada <masahiroy(a)kernel.org> Revert "kheaders: substituting --sort in archive creation" Ken Milmore <ken.milmore(a)gmail.com> r8169: Fix possible ring buffer corruption on fragmented Tx packets. Heiner Kallweit <hkallweit1(a)gmail.com> r8169: remove not needed check in rtl8169_start_xmit Heiner Kallweit <hkallweit1(a)gmail.com> r8169: remove nr_frags argument from rtl_tx_slots_avail Heiner Kallweit <hkallweit1(a)gmail.com> r8169: improve rtl8169_start_xmit Heiner Kallweit <hkallweit1(a)gmail.com> r8169: improve rtl_tx Heiner Kallweit <hkallweit1(a)gmail.com> r8169: remove unneeded memory barrier in rtl_tx Tony Luck <tony.luck(a)intel.com> x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL Tony Luck <tony.luck(a)intel.com> x86/cpu/vfm: Add new macros to work with (vendor/family/model) values Jeff Johnson <quic_jjohnson(a)quicinc.com> tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test Harald Freudenberger <freude(a)linux.ibm.com> s390/cpacf: Make use of invalid opcode produce a link error Matthew Mirvish <matthew(a)mm12.xyz> bcache: fix variable length array abuse in btree_iter Vamshi Gajjela <vamshigajjela(a)google.com> spmi: hisi-spmi-controller: Do not override device identifier Trond Myklebust <trond.myklebust(a)hammerspace.com> knfsd: LOOKUP can return an illegal error value Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> pmdomain: ti-sci: Fix duplicate PD referrals Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power Kees Cook <keescook(a)chromium.org> rtlwifi: rtl8192de: Style clean-ups Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdkv310: fix keypad no-autorepeat Martin Leung <martin.leung(a)amd.com> drm/amd/display: revert Exit idle optimizations before HDCP execution Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema Grygorii Tertychnyi <grembeter(a)gmail.com> i2c: ocores: set IACK bit after core is enabled Aleksandr Nogikh <nogikh(a)google.com> kcov: don't lose track of remote references during softirqs Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 14 Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: fix UBSAN warning in kv_dpm.c Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on N14AP7 Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Add check for srq max_sge attribute Raju Rangoju <Raju.Rangoju(a)amd.com> ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix missing kmem_cache_destroy() Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix error path in ioat3_dma_probe() Bjorn Helgaas <bhelgaas(a)google.com> dmaengine: ioat: use PCI core macros for PCIe Capability Nikita Shubin <n.shubin(a)yadro.com> dmaengine: ioatdma: Fix leaking on version mismatch Bjorn Helgaas <bhelgaas(a)google.com> dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() Qing Wang <wangqing(a)vivo.com> dmaengine: ioat: switch from 'pci_' to 'dma_' API Biju Das <biju.das.jz(a)bp.renesas.com> regulator: core: Fix modpost error "regulator_get_regmap" undefined Oliver Neukum <oneukum(a)suse.com> net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix suspicious rcu_dereference_protected() Heng Qi <hengqi(a)linux.alibaba.com> virtio_net: checksum offloading handling fix Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: No need to calculate speed divider when offload is disabled Xin Long <lucien.xin(a)gmail.com> sched: act_ct: add netns into the key of tcf_ct_flow_table Vlad Buslov <vladbu(a)nvidia.com> net/sched: act_ct: set 'net' pointer when creating new nf_flow_table Xin Long <lucien.xin(a)gmail.com> tipc: force a dst refcount before doing decryption David Ruth <druth(a)chromium.org> net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_api: rely on rcu in tcf_idr_check_alloc Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Make interrupt remembering atomic Yue Haibing <yuehaibing(a)huawei.com> netns: Make get_net_ns() handle zero refcount net Eric Dumazet <edumazet(a)google.com> xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL dereference in rt6_probe() Eric Dumazet <edumazet(a)google.com> ipv6: prevent possible NULL deref in fib6_nh_init() Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> netrom: Fix a memory leak in nr_heartbeat_expiry() Ondrej Mosnacek <omosnace(a)redhat.com> cipso: fix total option length computation Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: Build event generation tests only as modules Christian Marangi <ansuelsmth(a)gmail.com> mips: bmips: BCM6358: make sure CBR is correctly set Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> MIPS: Routerboard 532: Fix vendor retry check code Parker Newman <pnewman(a)connecttech.com> serial: exar: adding missing CTI and Exar PCI ids Songyang Li <leesongyang(a)outlook.com> MIPS: Octeon: Add PCIe link status check Mario Limonciello <mario.limonciello(a)amd.com> PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports Roman Smirnov <r.smirnov(a)omp.ru> udf: udftime: prevent overflow in udf_disk_stamp_to_time() Alex Henrie <alexhenrie24(a)gmail.com> usb: misc: uss720: check for incompatible versions of the Belkin F5U002 Yunlei He <heyunlei(a)oppo.com> f2fs: remove clear SB_INLINECRYPT flag in default_options Aleksandr Aprelkov <aaprelkov(a)usergate.com> iommu/arm-smmu-v3: Free MSIs in case of ENOMEM Tzung-Bi Shih <tzungbi(a)kernel.org> power: supply: cros_usbpd: provide ID table for avoiding fallback match Michael Ellerman <mpe(a)ellerman.id.au> powerpc/io: Avoid clang null pointer arithmetic warnings Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries: Enforce hcall result buffer validity and size Erico Nunes <nunes.erico(a)gmail.com> drm/lima: mask irqs in timeout path before hard reset Erico Nunes <nunes.erico(a)gmail.com> drm/lima: add mask irq callback to gp and pp Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14 Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Exit idle optimizations before HDCP execution Uri Arev <me(a)wantyapps.xyz> Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl Takashi Iwai <tiwai(a)suse.de> ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 Sean O'Brien <seobrien(a)chromium.org> HID: Add quirk for Logitech Casa touchpad Breno Leitao <leitao(a)debian.org> netpoll: Fix race condition in netpoll_owner_active Kunwu Chan <chentao(a)kylinos.cn> kselftest: arm64: Add a null pointer check Manish Rangankar <mrangankar(a)marvell.com> scsi: qedi: Fix crash while reading debugfs attribute Wander Lairson Costa <wander(a)redhat.com> drop_monitor: replace spin_lock by raw_spin_lock Eric Dumazet <edumazet(a)google.com> af_packet: avoid a false positive warning in packet_setsockopt() Arnd Bergmann <arnd(a)arndb.de> wifi: ath9k: work around memset overflow warning Eric Dumazet <edumazet(a)google.com> batman-adv: bypass empty buckets in batadv_purge_orig_ref() Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix flaky test btf_map_in_map/lookup_update Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh Justin Stitt <justinstitt(a)google.com> block/ioctl: prefer different overflow check Zqiang <qiang.zhang1211(a)gmail.com> rcutorture: Fix invalid context warning when enable srcu barrier testing Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment Herbert Xu <herbert(a)gondor.apana.org.au> padata: Disable BH when taking works lock on MT path Oleg Nesterov <oleg(a)redhat.com> zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING Jean Delvare <jdelvare(a)suse.de> i2c: designware: Fix the functionality flags of the slave-only interface Jean Delvare <jdelvare(a)suse.de> i2c: at91: Fix the functionality flags of the slave-only interface Shichao Lai <shichaorai(a)gmail.com> usb-storage: alauda: Check whether the media is initialized Sicong Huang <congei42(a)163.com> greybus: Fix use-after-free bug in gb_interface_release due to race condition. Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Jump to error handling labels in start/stop errors YonglongLi <liyonglong(a)chinatelecom.cn> mptcp: pm: update add_addr counters after connect YonglongLi <liyonglong(a)chinatelecom.cn> mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_una is properly initialized on connect Matthias Goergens <matthias.goergens(a)gmail.com> hugetlb_encode.h: fix undefined behaviour (34 << 26) Doug Brown <doug(a)schmorgal.com> serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level Oleg Nesterov <oleg(a)redhat.com> tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential kernel bug due to lack of writeback flag waiting Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Lunar Lake support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Sapphire Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids SOC support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Granite Rapids support Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs Nuno Sa <nuno.sa(a)analog.com> dmaengine: axi-dmac: fix possible race in remove() Rick Wertenbroek <rick.wertenbroek(a)gmail.com> PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id Su Yue <glass.su(a)suse.com> ocfs2: fix races between hole punching and AIO+DIO Su Yue <glass.su(a)suse.com> ocfs2: use coarse time for new created files Rik van Riel <riel(a)surriel.com> fs/proc: fix softlockup in __read_vmcore Hagar Gamal Halim Hemdan <hagarhem(a)amazon.com> vmci: prevent speculation leaks by sanitizing event in event_deliver() Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found Jani Nikula <jani.nikula(a)intel.com> drm/exynos/vidi: fix memory leak in .get_modes() Dirk Behme <dirk.behme(a)de.bosch.com> drivers: core: synchronize really_probe() and dev_uevent() Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: delete unneeded update watermark call Marc Ferland <marc.ferland(a)sonatest.com> iio: dac: ad5592r: fix temperature channel scaling value David Lechner <dlechner(a)baylibre.com> iio: adc: ad9467: fix scan type sign Taehee Yoo <ap420073(a)gmail.com> ionic: fix use after netif_napi_del() Petr Pavlu <petr.pavlu(a)suse.com> net/ipv6: Fix the RT cache flush via sysctl using a previous delay Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_v6_syn_recv_sock() Adam Miotk <adam.miotk(a)arm.com> drm/bridge/panel: Fix runtime warning on panel bridge release Amjad Ouled-Ameur <amjad.ouled-ameur(a)arm.com> drm/komeda: check for error-valued pointer Aleksandr Mishin <amishin(a)t-argos.ru> liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet Jie Wang <wangjie125(a)huawei.com> net: hns3: add cond_resched() to hns3 ring buffer init process Csókás, Bence <csokas.bence(a)prolan.hu> net: sfp: Always call `sfp_sm_mod_remove()` on remove Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: 3D disabled should not effect STDU memory limits José Expósito <jose.exposito89(a)gmail.com> HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: Return right value in iommu_sva_bind_device() Kun(llfl) <llfl(a)linux.alibaba.com> iommu/amd: Fix sysfs leak in iommu init Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Introduce pci segment structure Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> gpio: tqmx86: store IRQ trigger type and unmask status separately Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> HID: core: remove unnecessary WARN_ON() in implement() Gregor Herburger <gregor.herburger(a)tq-group.com> gpio: tqmx86: fix typo in Kconfig label Chen Hanxiao <chenhx.fnst(a)fujitsu.com> SUNRPC: return proper error from gss_wrap_req_priv Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: try trimming too long modalias strings Michael Ellerman <mpe(a)ellerman.id.au> powerpc/uaccess: Fix build errors seen with GCC 13/14 Breno Leitao <leitao(a)debian.org> scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply broken streams quirk to Etron EJ188 xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Apply reset resume quirk to Etron EJ188 xHCI host Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set correct transferred length for cancelled bulk transfers Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> jfs: xattr: fix buffer overflow for invalid xattr Tomas Winkler <tomas.winkler(a)intel.com> mei: me: release irq in mei_me_pci_resume error path Alan Stern <stern(a)rowland.harvard.edu> USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: return the mapped address from nilfs_get_page() Matthew Wilcox (Oracle) <willy(a)infradead.org> nilfs2: Remove check for PageError Filipe Manana <fdmanana(a)suse.com> btrfs: fix leak of qgroup extent records after transaction abort Harald Freudenberger <freude(a)linux.ibm.com> s390/cpacf: Split and rework cpacf query functions Heiko Carstens <hca(a)linux.ibm.com> s390/cpacf: get rid of register asm Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix bogus test success on Aarch64 Mark Brown <broonie(a)kernel.org> selftests/mm: log a consistent test name for check_compaction Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/mm: conform test to TAP format output Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mmc: davinci: Don't strip remove function when driver is builtin Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: replace hardcoded divisor value with BIT() macro George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Eric Dumazet <edumazet(a)google.com> ipv6: fix possible race in __fib6_drop_pcpu_from() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). Karol Kolacinski <karol.kolacinski(a)intel.com> ptp: Fix error message on failed pin verification Eric Dumazet <edumazet(a)google.com> net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP Jason Xing <kernelxing(a)tencent.com> tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Hangyu Hua <hbh25y(a)gmail.com> net: sched: sch_multiq: fix possible OOB write in multiq_tune() Eric Dumazet <edumazet(a)google.com> ipv6: sr: block BH in seg6_output_core() and seg6_input_core() DelphineCCChiu <delphine_cc_chiu(a)wiwynn.com> net/ncsi: Fix the multi thread manner of NCSI driver Peter Delevoryas <peter(a)pjd.dev> net/ncsi: Simplify Kconfig/dts control flow Ivan Mikhaylov <i.mikhaylov(a)yadro.com> net/ncsi: add NCSI Intel OEM command to keep PHY up Lingbo Kong <quic_lingbok(a)quicinc.com> wifi: mac80211: correctly parse Spatial Reuse Parameter Set element Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't read past the mfuart notifcation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: check n_ssids before accessing the ssids Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 Lin Ma <linma(a)zju.edu.cn> wifi: cfg80211: pmsr: use correct nla_get_uX functions Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects Damien Le Moal <dlemoal(a)kernel.org> null_blk: Print correct max open zones limit in null_init_zoned_dev() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing/selftests: Fix kprobe event name test for .isra. functions ------------- Diffstat: .../bindings/i2c/google,cros-ec-i2c-tunnel.yaml | 2 +- Makefile | 4 +- arch/arm/boot/dts/exynos4210-smdkv310.dts | 2 +- arch/arm/boot/dts/exynos4412-origen.dts | 2 +- arch/arm/boot/dts/exynos4412-smdk4412.dts | 2 +- arch/arm/boot/dts/rk3066a.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3368.dtsi | 3 + arch/arm64/include/asm/kvm_host.h | 1 + arch/arm64/include/asm/unistd32.h | 2 +- arch/arm64/kvm/arm.c | 6 +- arch/arm64/kvm/vgic/vgic-v3.c | 2 +- arch/arm64/kvm/vgic/vgic-v4.c | 8 +- arch/csky/include/uapi/asm/unistd.h | 1 + arch/hexagon/include/asm/syscalls.h | 6 + arch/hexagon/include/uapi/asm/unistd.h | 1 + arch/hexagon/kernel/syscalltab.c | 7 + arch/mips/bmips/setup.c | 3 +- arch/mips/kernel/syscalls/syscall_n32.tbl | 2 +- arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/mips/pci/ops-rc32434.c | 4 +- arch/mips/pci/pcie-octeon.c | 6 + arch/parisc/kernel/syscalls/syscall.tbl | 4 +- arch/powerpc/include/asm/hvcall.h | 8 +- arch/powerpc/include/asm/io.h | 24 +- arch/powerpc/include/asm/uaccess.h | 15 +- arch/powerpc/kernel/syscalls/syscall.tbl | 2 +- arch/s390/include/asm/cpacf.h | 307 +++++++++++++-------- arch/s390/kernel/syscalls/syscall.tbl | 2 +- arch/sh/kernel/sys_sh32.c | 11 + arch/sh/kernel/syscalls/syscall.tbl | 3 +- arch/sparc/kernel/sys32.S | 221 --------------- arch/sparc/kernel/syscalls/syscall.tbl | 8 +- arch/x86/entry/syscalls/syscall_32.tbl | 2 +- arch/x86/include/asm/cpu_device_id.h | 98 +++++++ arch/x86/include/asm/efi.h | 11 + arch/x86/kernel/amd_nb.c | 9 +- arch/x86/kernel/cpu/match.c | 4 +- arch/x86/kernel/time.c | 20 +- arch/x86/mm/numa.c | 6 +- arch/x86/platform/efi/Makefile | 3 +- arch/x86/platform/efi/efi.c | 8 +- arch/x86/platform/efi/memmap.c | 249 +++++++++++++++++ block/ioctl.c | 2 +- drivers/acpi/acpica/exregion.c | 23 +- drivers/acpi/device_pm.c | 3 + drivers/acpi/internal.h | 9 + drivers/acpi/video_detect.c | 8 + drivers/acpi/x86/utils.c | 34 +++ drivers/ata/ahci.c | 17 +- drivers/ata/libata-core.c | 8 +- drivers/base/core.c | 3 + drivers/block/null_blk/zoned.c | 2 +- drivers/bluetooth/ath3k.c | 25 +- drivers/counter/ti-eqep.c | 6 + drivers/dma/dma-axi-dmac.c | 2 +- drivers/dma/ioat/init.c | 73 +++-- drivers/dma/ioat/registers.h | 7 - drivers/firmware/efi/fdtparams.c | 4 + drivers/firmware/efi/memmap.c | 239 +--------------- drivers/gpio/Kconfig | 2 +- drivers/gpio/gpio-davinci.c | 5 + drivers/gpio/gpio-tqmx86.c | 46 +-- drivers/gpio/gpiolib-cdev.c | 16 +- .../amd/display/dc/dcn10/dcn10_stream_encoder.c | 6 + drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c | 2 + .../drm/arm/display/komeda/komeda_pipeline_state.c | 2 +- drivers/gpu/drm/bridge/panel.c | 7 +- drivers/gpu/drm/exynos/exynos_drm_vidi.c | 7 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 7 +- drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c | 1 + drivers/gpu/drm/lima/lima_bcast.c | 12 + drivers/gpu/drm/lima/lima_bcast.h | 3 + drivers/gpu/drm/lima/lima_gp.c | 8 + drivers/gpu/drm/lima/lima_pp.c | 18 ++ drivers/gpu/drm/lima/lima_sched.c | 7 + drivers/gpu/drm/lima/lima_sched.h | 1 + drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 6 + drivers/gpu/drm/panel/panel-ilitek-ili9881c.c | 6 +- drivers/gpu/drm/panel/panel-simple.c | 1 + drivers/gpu/drm/radeon/radeon.h | 1 - drivers/gpu/drm/radeon/radeon_display.c | 8 +- drivers/gpu/drm/radeon/sumo_dpm.c | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 - drivers/greybus/interface.c | 1 + drivers/hid/hid-core.c | 1 - drivers/hid/hid-ids.h | 1 + drivers/hid/hid-logitech-dj.c | 4 +- drivers/hid/hid-multitouch.c | 6 + drivers/hwtracing/intel_th/pci.c | 25 ++ drivers/i2c/busses/i2c-at91-slave.c | 3 +- drivers/i2c/busses/i2c-designware-slave.c | 2 +- drivers/i2c/busses/i2c-ocores.c | 2 +- drivers/iio/adc/ad7266.c | 2 + drivers/iio/adc/ad9467.c | 4 +- drivers/iio/chemical/bme680.h | 2 + drivers/iio/chemical/bme680_core.c | 62 ++++- drivers/iio/dac/ad5592r-base.c | 2 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 4 - drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 4 - drivers/infiniband/hw/mlx5/srq.c | 13 +- drivers/input/input.c | 105 ++++++- drivers/input/touchscreen/ili210x.c | 4 +- drivers/iommu/amd/amd_iommu_types.h | 24 +- drivers/iommu/amd/init.c | 55 +++- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/md/bcache/bset.c | 44 +-- drivers/md/bcache/bset.h | 28 +- drivers/md/bcache/btree.c | 40 +-- drivers/md/bcache/super.c | 5 +- drivers/md/bcache/sysfs.c | 2 +- drivers/md/bcache/writeback.c | 10 +- drivers/media/dvb-core/dvbdev.c | 2 +- drivers/misc/mei/pci-me.c | 4 +- drivers/misc/vmw_vmci/vmci_event.c | 6 +- drivers/mmc/host/davinci_mmc.c | 4 +- drivers/mmc/host/sdhci-pci-core.c | 11 +- drivers/mmc/host/sdhci.c | 25 +- drivers/mtd/nand/spi/macronix.c | 112 ++++++++ drivers/mtd/parsers/redboot.c | 2 +- drivers/net/dsa/microchip/ksz9477.c | 6 +- drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c | 11 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 14 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 +- drivers/net/ethernet/qualcomm/qca_debug.c | 6 +- drivers/net/ethernet/qualcomm/qca_spi.c | 16 +- drivers/net/ethernet/qualcomm/qca_spi.h | 3 +- drivers/net/ethernet/realtek/r8169_main.c | 48 ++-- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 55 ++-- drivers/net/phy/micrel.c | 1 + drivers/net/phy/sfp.c | 3 +- drivers/net/usb/ax88179_178a.c | 6 +- drivers/net/usb/rtl8150.c | 3 +- drivers/net/virtio_net.c | 12 +- drivers/net/vxlan/vxlan_core.c | 4 + drivers/net/wireless/ath/ath.h | 6 +- drivers/net/wireless/ath/ath9k/main.c | 3 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 - drivers/net/wireless/intel/iwlwifi/mvm/rs.h | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 4 +- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 19 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 1 - drivers/pci/controller/pcie-rockchip-ep.c | 6 +- drivers/pci/pci.c | 12 + drivers/pinctrl/core.c | 2 +- drivers/pinctrl/pinctrl-rockchip.c | 294 ++++---------------- drivers/pinctrl/pinctrl-rockchip.h | 246 +++++++++++++++++ drivers/power/supply/cros_usbpd-charger.c | 11 +- drivers/ptp/ptp_chardev.c | 3 +- drivers/pwm/pwm-stm32.c | 3 + drivers/regulator/core.c | 1 + drivers/remoteproc/ti_k3_r5_remoteproc.c | 25 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 19 ++ drivers/scsi/qedi/qedi_debugfs.c | 12 +- drivers/soc/ti/ti_sci_pm_domains.c | 20 +- drivers/soc/ti/wkup_m3_ipc.c | 7 +- drivers/staging/hikey9xx/hisi-spmi-controller.c | 1 - drivers/tty/serial/8250/8250_exar.c | 42 +++ drivers/tty/serial/8250/8250_omap.c | 25 +- drivers/tty/serial/8250/8250_pxa.c | 1 + drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/mcf.c | 2 +- drivers/tty/serial/sc16is7xx.c | 25 +- drivers/usb/atm/cxacru.c | 14 + drivers/usb/class/cdc-wdm.c | 4 +- drivers/usb/gadget/function/f_fs.c | 4 + drivers/usb/gadget/function/f_printer.c | 40 ++- drivers/usb/host/xhci-pci.c | 7 + drivers/usb/host/xhci-ring.c | 5 +- drivers/usb/misc/uss720.c | 22 +- drivers/usb/musb/da8xx.c | 8 +- drivers/usb/storage/alauda.c | 9 +- fs/btrfs/disk-io.c | 10 +- fs/cifs/smb2transport.c | 12 +- fs/f2fs/super.c | 2 - fs/jfs/xattr.c | 4 +- fs/nfs/read.c | 4 - fs/nfsd/nfs4state.c | 7 +- fs/nfsd/nfsfh.c | 4 +- fs/nilfs2/dir.c | 59 ++-- fs/nilfs2/segment.c | 3 + fs/ocfs2/aops.c | 5 + fs/ocfs2/file.c | 2 + fs/ocfs2/journal.c | 17 ++ fs/ocfs2/journal.h | 2 + fs/ocfs2/namei.c | 2 +- fs/ocfs2/ocfs2_trace.h | 2 + fs/open.c | 4 +- fs/proc/vmcore.c | 2 + fs/udf/udftime.c | 11 +- include/kvm/arm_vgic.h | 2 +- include/linux/compat.h | 2 +- include/linux/efi.h | 10 +- include/linux/iommu.h | 2 +- include/linux/kcov.h | 2 + include/linux/mod_devicetable.h | 2 + include/linux/nvme.h | 4 +- include/linux/pci.h | 9 + include/linux/sunrpc/svc.h | 20 +- include/linux/syscalls.h | 2 +- include/net/bluetooth/hci_core.h | 36 ++- include/net/netfilter/nf_tables.h | 5 + include/net/xdp.h | 3 + include/trace/events/qdisc.h | 2 +- include/trace/events/sunrpc.h | 8 +- include/uapi/asm-generic/hugetlb_encode.h | 26 +- include/uapi/asm-generic/unistd.h | 2 +- kernel/events/core.c | 13 + kernel/gcov/gcc_4_7.c | 4 +- kernel/gen_kheaders.sh | 9 +- kernel/kcov.c | 1 + kernel/padata.c | 8 +- kernel/pid_namespace.c | 1 + kernel/rcu/rcutorture.c | 12 +- kernel/sys_ni.c | 2 +- kernel/time/tick-common.c | 42 +-- kernel/trace/Kconfig | 4 +- kernel/trace/preemptirq_delay_test.c | 1 + net/batman-adv/originator.c | 29 ++ net/bluetooth/l2cap_core.c | 8 +- net/can/j1939/main.c | 6 +- net/can/j1939/transport.c | 21 +- net/core/drop_monitor.c | 20 +- net/core/filter.c | 3 + net/core/net_namespace.c | 9 +- net/core/netpoll.c | 2 +- net/core/sock.c | 6 +- net/core/xdp.c | 100 ++++--- net/ipv4/af_inet.c | 23 +- net/ipv4/cipso_ipv4.c | 12 +- net/ipv4/tcp.c | 16 +- net/ipv6/af_inet6.c | 24 +- net/ipv6/ip6_fib.c | 6 +- net/ipv6/ipv6_sockglue.c | 9 +- net/ipv6/route.c | 9 +- net/ipv6/seg6_iptunnel.c | 14 +- net/ipv6/tcp_ipv6.c | 9 +- net/ipv6/xfrm6_policy.c | 8 +- net/iucv/iucv.c | 26 +- net/mac80211/he.c | 10 +- net/mac80211/mesh_pathtbl.c | 13 + net/mac80211/sta_info.c | 4 +- net/mptcp/pm_netlink.c | 18 +- net/mptcp/protocol.c | 1 + net/ncsi/Kconfig | 6 + net/ncsi/internal.h | 7 + net/ncsi/ncsi-manage.c | 112 +++++--- net/ncsi/ncsi-rsp.c | 4 +- net/netfilter/ipset/ip_set_core.c | 104 ++++--- net/netfilter/ipset/ip_set_list_set.c | 30 +- net/netfilter/nf_tables_api.c | 13 +- net/netfilter/nft_lookup.c | 3 +- net/netrom/nr_timer.c | 3 +- net/packet/af_packet.c | 26 +- net/sched/act_api.c | 66 +++-- net/sched/act_ct.c | 21 +- net/sched/sch_multiq.c | 2 +- net/sched/sch_taprio.c | 15 +- net/sunrpc/auth_gss/auth_gss.c | 4 +- net/sunrpc/svc.c | 18 +- net/tipc/node.c | 1 + net/unix/af_unix.c | 47 ++-- net/unix/diag.c | 12 +- net/wireless/pmsr.c | 8 +- scripts/Makefile.dtbinst | 2 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/fsl/fsl-asoc-card.c | 3 +- sound/soc/intel/boards/sof_sdw.c | 9 + sound/synth/emux/soundfont.c | 17 +- tools/include/asm-generic/hugetlb_encode.h | 20 +- tools/testing/selftests/arm64/tags/tags_test.c | 4 + .../selftests/bpf/prog_tests/btf_map_in_map.c | 26 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 +- .../ftrace/test.d/kprobe/kprobe_eventname.tc | 3 +- tools/testing/selftests/vm/compaction_test.c | 108 ++++---- 278 files changed, 3057 insertions(+), 1923 deletions(-)

10 months

6
296
0 0

[PATCH v3 3/3] tpm: Address !chip->auth in tpm_buf_append_hmac_session*()

by Jarkko Sakkinen

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm_buf_hmac_session*(). Thus, address !chip->auth in tpm_buf_hmac_session*() and remove the fallback implementation for !TCG_TPM2_HMAC. Cc: stable(a)vger.kernel.org # v6.9+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: 1085b8276bb4 ("tpm: Add the rest of the session HMAC API") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v3: * Address: https://lore.kernel.org/linux-integrity/922603265d61011dbb23f18a04525ae973b… v2: * Use auth in place of chip->auth. --- drivers/char/tpm/tpm2-sessions.c | 184 ++++++++++++++++++------------- include/linux/tpm.h | 68 ++++-------- 2 files changed, 128 insertions(+), 124 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 179bcaac06ce..e0be22b8ae70 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -270,6 +270,108 @@ void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, } EXPORT_SYMBOL_GPL(tpm_buf_append_name); +/** + * tpm_buf_append_hmac_session() - Append a TPM session element + * @chip: the TPM chip structure + * @buf: The buffer to be appended + * @attributes: The session attributes + * @passphrase: The session authority (NULL if none) + * @passphrase_len: The length of the session authority (0 if none) + * + * This fills in a session structure in the TPM command buffer, except + * for the HMAC which cannot be computed until the command buffer is + * complete. The type of session is controlled by the @attributes, + * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the + * session won't terminate after tpm_buf_check_hmac_response(), + * TPM2_SA_DECRYPT which means this buffers first parameter should be + * encrypted with a session key and TPM2_SA_ENCRYPT, which means the + * response buffer's first parameter needs to be decrypted (confusing, + * but the defines are written from the point of view of the TPM). + * + * Any session appended by this command must be finalized by calling + * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect + * and the TPM will reject the command. + * + * As with most tpm_buf operations, success is assumed because failure + * will be caused by an incorrect programming model and indicated by a + * kernel message. + */ +void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, + u8 attributes, u8 *passphrase, + int passphrase_len) +{ + u8 __maybe_unused nonce[SHA256_DIGEST_SIZE]; + struct tpm2_auth __maybe_unused *auth; + u32 __maybe_unused len; + + if (!__and(IS_ENABLED(CONFIG_TCG_TPM2_HMAC), chip->auth)) { + /* offset tells us where the sessions area begins */ + int offset = buf->handles * 4 + TPM_HEADER_SIZE; + u32 len = 9 + passphrase_len; + + if (tpm_buf_length(buf) != offset) { + /* not the first session so update the existing length */ + len += get_unaligned_be32(&buf->data[offset]); + put_unaligned_be32(len, &buf->data[offset]); + } else { + tpm_buf_append_u32(buf, len); + } + /* auth handle */ + tpm_buf_append_u32(buf, TPM2_RS_PW); + /* nonce */ + tpm_buf_append_u16(buf, 0); + /* attributes */ + tpm_buf_append_u8(buf, 0); + /* passphrase */ + tpm_buf_append_u16(buf, passphrase_len); + tpm_buf_append(buf, passphrase, passphrase_len); + return; + } + +#ifdef CONFIG_TCG_TPM2_HMAC + /* + * The Architecture Guide requires us to strip trailing zeros + * before computing the HMAC + */ + while (passphrase && passphrase_len > 0 && passphrase[passphrase_len - 1] == '\0') + passphrase_len--; + + auth = chip->auth; + auth->attrs = attributes; + auth->passphrase_len = passphrase_len; + if (passphrase_len) + memcpy(auth->passphrase, passphrase, passphrase_len); + + if (auth->session != tpm_buf_length(buf)) { + /* we're not the first session */ + len = get_unaligned_be32(&buf->data[auth->session]); + if (4 + len + auth->session != tpm_buf_length(buf)) { + WARN(1, "session length mismatch, cannot append"); + return; + } + + /* add our new session */ + len += 9 + 2 * SHA256_DIGEST_SIZE; + put_unaligned_be32(len, &buf->data[auth->session]); + } else { + tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); + } + + /* random number for our nonce */ + get_random_bytes(nonce, sizeof(nonce)); + memcpy(auth->our_nonce, nonce, sizeof(nonce)); + tpm_buf_append_u32(buf, auth->handle); + /* our new nonce */ + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); + tpm_buf_append_u8(buf, auth->attrs); + /* and put a placeholder for the hmac */ + tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); + tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); +#endif /* CONFIG_TCG_TPM2_HMAC */ +} +EXPORT_SYMBOL_GPL(tpm_buf_append_hmac_session); + #ifdef CONFIG_TCG_TPM2_HMAC static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, @@ -455,82 +557,6 @@ static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) crypto_free_kpp(kpp); } -/** - * tpm_buf_append_hmac_session() - Append a TPM session element - * @chip: the TPM chip structure - * @buf: The buffer to be appended - * @attributes: The session attributes - * @passphrase: The session authority (NULL if none) - * @passphrase_len: The length of the session authority (0 if none) - * - * This fills in a session structure in the TPM command buffer, except - * for the HMAC which cannot be computed until the command buffer is - * complete. The type of session is controlled by the @attributes, - * the main ones of which are TPM2_SA_CONTINUE_SESSION which means the - * session won't terminate after tpm_buf_check_hmac_response(), - * TPM2_SA_DECRYPT which means this buffers first parameter should be - * encrypted with a session key and TPM2_SA_ENCRYPT, which means the - * response buffer's first parameter needs to be decrypted (confusing, - * but the defines are written from the point of view of the TPM). - * - * Any session appended by this command must be finalized by calling - * tpm_buf_fill_hmac_session() otherwise the HMAC will be incorrect - * and the TPM will reject the command. - * - * As with most tpm_buf operations, success is assumed because failure - * will be caused by an incorrect programming model and indicated by a - * kernel message. - */ -void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, - u8 attributes, u8 *passphrase, - int passphrase_len) -{ - u8 nonce[SHA256_DIGEST_SIZE]; - u32 len; - struct tpm2_auth *auth = chip->auth; - - /* - * The Architecture Guide requires us to strip trailing zeros - * before computing the HMAC - */ - while (passphrase && passphrase_len > 0 - && passphrase[passphrase_len - 1] == '\0') - passphrase_len--; - - auth->attrs = attributes; - auth->passphrase_len = passphrase_len; - if (passphrase_len) - memcpy(auth->passphrase, passphrase, passphrase_len); - - if (auth->session != tpm_buf_length(buf)) { - /* we're not the first session */ - len = get_unaligned_be32(&buf->data[auth->session]); - if (4 + len + auth->session != tpm_buf_length(buf)) { - WARN(1, "session length mismatch, cannot append"); - return; - } - - /* add our new session */ - len += 9 + 2 * SHA256_DIGEST_SIZE; - put_unaligned_be32(len, &buf->data[auth->session]); - } else { - tpm_buf_append_u32(buf, 9 + 2 * SHA256_DIGEST_SIZE); - } - - /* random number for our nonce */ - get_random_bytes(nonce, sizeof(nonce)); - memcpy(auth->our_nonce, nonce, sizeof(nonce)); - tpm_buf_append_u32(buf, auth->handle); - /* our new nonce */ - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); - tpm_buf_append_u8(buf, auth->attrs); - /* and put a placeholder for the hmac */ - tpm_buf_append_u16(buf, SHA256_DIGEST_SIZE); - tpm_buf_append(buf, nonce, SHA256_DIGEST_SIZE); -} -EXPORT_SYMBOL(tpm_buf_append_hmac_session); - /** * tpm_buf_fill_hmac_session() - finalize the session HMAC * @chip: the TPM chip structure @@ -561,6 +587,9 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) u8 cphash[SHA256_DIGEST_SIZE]; struct sha256_state sctx; + if (!auth) + return; + /* save the command code in BE format */ auth->ordinal = head->ordinal; @@ -719,6 +748,9 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, u32 cc = be32_to_cpu(auth->ordinal); int parm_len, len, i, handles; + if (!auth) + return rc; + if (auth->session >= TPM_HEADER_SIZE) { WARN(1, "tpm session not filled correctly\n"); goto out; diff --git a/include/linux/tpm.h b/include/linux/tpm.h index d9a6991b247d..e47f5d65935e 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -493,10 +493,6 @@ static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle) void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, u32 handle, u8 *name); - -#ifdef CONFIG_TCG_TPM2_HMAC - -int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen); @@ -506,9 +502,27 @@ static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, u8 *passphrase, int passphraselen) { - tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, - passphraselen); + struct tpm_header *head; + int offset; + + if (__and(IS_ENABLED(CONFIG_TCG_TPM2_HMAC), chip->auth)) { + tpm_buf_append_hmac_session(chip, buf, attributes, passphrase, passphraselen); + } else { + offset = buf->handles * 4 + TPM_HEADER_SIZE; + head = (struct tpm_header *)buf->data; + + /* + * If the only sessions are optional, the command tag must change to + * TPM2_ST_NO_SESSIONS. + */ + if (tpm_buf_length(buf) == offset) + head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); + } } + +#ifdef CONFIG_TCG_TPM2_HMAC + +int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf); int tpm_buf_check_hmac_response(struct tpm_chip *chip, struct tpm_buf *buf, int rc); @@ -523,48 +537,6 @@ static inline int tpm2_start_auth_session(struct tpm_chip *chip) static inline void tpm2_end_auth_session(struct tpm_chip *chip) { } -static inline void tpm_buf_append_hmac_session(struct tpm_chip *chip, - struct tpm_buf *buf, - u8 attributes, u8 *passphrase, - int passphraselen) -{ - /* offset tells us where the sessions area begins */ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; - u32 len = 9 + passphraselen; - - if (tpm_buf_length(buf) != offset) { - /* not the first session so update the existing length */ - len += get_unaligned_be32(&buf->data[offset]); - put_unaligned_be32(len, &buf->data[offset]); - } else { - tpm_buf_append_u32(buf, len); - } - /* auth handle */ - tpm_buf_append_u32(buf, TPM2_RS_PW); - /* nonce */ - tpm_buf_append_u16(buf, 0); - /* attributes */ - tpm_buf_append_u8(buf, 0); - /* passphrase */ - tpm_buf_append_u16(buf, passphraselen); - tpm_buf_append(buf, passphrase, passphraselen); -} -static inline void tpm_buf_append_hmac_session_opt(struct tpm_chip *chip, - struct tpm_buf *buf, - u8 attributes, - u8 *passphrase, - int passphraselen) -{ - int offset = buf->handles * 4 + TPM_HEADER_SIZE; - struct tpm_header *head = (struct tpm_header *) buf->data; - - /* - * if the only sessions are optional, the command tag - * must change to TPM2_ST_NO_SESSIONS - */ - if (tpm_buf_length(buf) == offset) - head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); -} static inline void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) { -- 2.45.2

10 months

1
0
0 0

[PATCH v3 2/3] tpm: Address !chip->auth in tpm_buf_append_name()

by Jarkko Sakkinen

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm_buf_append_name(). Thus, address !chip->auth in tpm_buf_append_name() and remove the fallback implementation for !TCG_TPM2_HMAC. Cc: stable(a)vger.kernel.org # v6.10+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: d0a25bb961e6 ("tpm: Add HMAC session name/handle append") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v3: * Address: https://lore.kernel.org/linux-integrity/922603265d61011dbb23f18a04525ae973b… v2: * N/A --- drivers/char/tpm/Makefile | 2 +- drivers/char/tpm/tpm2-sessions.c | 217 +++++++++++++++++-------------- include/linux/tpm.h | 14 +- 3 files changed, 121 insertions(+), 112 deletions(-) diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile index 4c695b0388f3..9bb142c75243 100644 --- a/drivers/char/tpm/Makefile +++ b/drivers/char/tpm/Makefile @@ -16,8 +16,8 @@ tpm-y += eventlog/common.o tpm-y += eventlog/tpm1.o tpm-y += eventlog/tpm2.o tpm-y += tpm-buf.o +tpm-y += tpm2-sessions.o -tpm-$(CONFIG_TCG_TPM2_HMAC) += tpm2-sessions.o tpm-$(CONFIG_ACPI) += tpm_ppi.o eventlog/acpi.o tpm-$(CONFIG_EFI) += eventlog/efi.o tpm-$(CONFIG_OF) += eventlog/of.o diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 2f1d96a5a5a7..179bcaac06ce 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -83,9 +83,6 @@ #define AES_KEY_BYTES AES_KEYSIZE_128 #define AES_KEY_BITS (AES_KEY_BYTES*8) -static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, - u32 *handle, u8 *name); - /* * This is the structure that carries all the auth information (like * session handle, nonces, session key and auth) from use to use it is @@ -148,6 +145,7 @@ struct tpm2_auth { u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE]; }; +#ifdef CONFIG_TCG_TPM2_HMAC /* * Name Size based on TPM algorithm (assumes no hash bigger than 255) */ @@ -163,6 +161,120 @@ static u8 name_size(const u8 *name) return size_map[alg] + 2; } +static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) +{ + struct tpm_header *head = (struct tpm_header *)buf->data; + off_t offset = TPM_HEADER_SIZE; + u32 tot_len = be32_to_cpu(head->length); + u32 val; + + /* we're starting after the header so adjust the length */ + tot_len -= TPM_HEADER_SIZE; + + /* skip public */ + val = tpm_buf_read_u16(buf, &offset); + if (val > tot_len) + return -EINVAL; + offset += val; + /* name */ + val = tpm_buf_read_u16(buf, &offset); + if (val != name_size(&buf->data[offset])) + return -EINVAL; + memcpy(name, &buf->data[offset], val); + /* forget the rest */ + return 0; +} + +static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) +{ + struct tpm_buf buf; + int rc; + + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); + if (rc) + return rc; + + tpm_buf_append_u32(&buf, handle); + rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); + if (rc == TPM2_RC_SUCCESS) + rc = tpm2_parse_read_public(name, &buf); + + tpm_buf_destroy(&buf); + + return rc; +} +#endif /* CONFIG_TCG_TPM2_HMAC */ + +/** + * tpm_buf_append_name() - add a handle area to the buffer + * @chip: the TPM chip structure + * @buf: The buffer to be appended + * @handle: The handle to be appended + * @name: The name of the handle (may be NULL) + * + * In order to compute session HMACs, we need to know the names of the + * objects pointed to by the handles. For most objects, this is simply + * the actual 4 byte handle or an empty buf (in these cases @name + * should be NULL) but for volatile objects, permanent objects and NV + * areas, the name is defined as the hash (according to the name + * algorithm which should be set to sha256) of the public area to + * which the two byte algorithm id has been appended. For these + * objects, the @name pointer should point to this. If a name is + * required but @name is NULL, then TPM2_ReadPublic() will be called + * on the handle to obtain the name. + * + * As with most tpm_buf operations, success is assumed because failure + * will be caused by an incorrect programming model and indicated by a + * kernel message. + */ +void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, + u32 handle, u8 *name) +{ + enum tpm2_mso_type __maybe_unused mso = tpm2_handle_mso(handle); + struct tpm2_auth __maybe_unused *auth; + int __maybe_unused slot; + + if (!__and(IS_ENABLED(CONFIG_TCG_TPM2_HMAC), chip->auth)) { + tpm_buf_append_u32(buf, handle); + /* count the number of handles in the upper bits of flags */ + buf->handles++; + return; + } + +#ifdef CONFIG_TCG_TPM2_HMAC + slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE) / 4; + if (slot >= AUTH_MAX_NAMES) { + dev_err(&chip->dev, "TPM: too many handles\n"); + return; + } + auth = chip->auth; + WARN(auth->session != tpm_buf_length(buf), + "name added in wrong place\n"); + tpm_buf_append_u32(buf, handle); + auth->session += 4; + + if (mso == TPM2_MSO_PERSISTENT || + mso == TPM2_MSO_VOLATILE || + mso == TPM2_MSO_NVRAM) { + if (!name) + tpm2_read_public(chip, handle, auth->name[slot]); + } else { + if (name) + dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); + } + + auth->name_h[slot] = handle; + if (name) + memcpy(auth->name[slot], name, name_size(name)); +#endif /* CONFIG_TCG_TPM2_HMAC */ +} +EXPORT_SYMBOL_GPL(tpm_buf_append_name); + +#ifdef CONFIG_TCG_TPM2_HMAC + +static int tpm2_create_primary(struct tpm_chip *chip, u32 hierarchy, + u32 *handle, u8 *name); + /* * It turns out the crypto hmac(sha256) is hard for us to consume * because it assumes a fixed key and the TPM seems to change the key @@ -567,104 +679,6 @@ void tpm_buf_fill_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf) } EXPORT_SYMBOL(tpm_buf_fill_hmac_session); -static int tpm2_parse_read_public(char *name, struct tpm_buf *buf) -{ - struct tpm_header *head = (struct tpm_header *)buf->data; - off_t offset = TPM_HEADER_SIZE; - u32 tot_len = be32_to_cpu(head->length); - u32 val; - - /* we're starting after the header so adjust the length */ - tot_len -= TPM_HEADER_SIZE; - - /* skip public */ - val = tpm_buf_read_u16(buf, &offset); - if (val > tot_len) - return -EINVAL; - offset += val; - /* name */ - val = tpm_buf_read_u16(buf, &offset); - if (val != name_size(&buf->data[offset])) - return -EINVAL; - memcpy(name, &buf->data[offset], val); - /* forget the rest */ - return 0; -} - -static int tpm2_read_public(struct tpm_chip *chip, u32 handle, char *name) -{ - struct tpm_buf buf; - int rc; - - rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_READ_PUBLIC); - if (rc) - return rc; - - tpm_buf_append_u32(&buf, handle); - rc = tpm_transmit_cmd(chip, &buf, 0, "read public"); - if (rc == TPM2_RC_SUCCESS) - rc = tpm2_parse_read_public(name, &buf); - - tpm_buf_destroy(&buf); - - return rc; -} - -/** - * tpm_buf_append_name() - add a handle area to the buffer - * @chip: the TPM chip structure - * @buf: The buffer to be appended - * @handle: The handle to be appended - * @name: The name of the handle (may be NULL) - * - * In order to compute session HMACs, we need to know the names of the - * objects pointed to by the handles. For most objects, this is simply - * the actual 4 byte handle or an empty buf (in these cases @name - * should be NULL) but for volatile objects, permanent objects and NV - * areas, the name is defined as the hash (according to the name - * algorithm which should be set to sha256) of the public area to - * which the two byte algorithm id has been appended. For these - * objects, the @name pointer should point to this. If a name is - * required but @name is NULL, then TPM2_ReadPublic() will be called - * on the handle to obtain the name. - * - * As with most tpm_buf operations, success is assumed because failure - * will be caused by an incorrect programming model and indicated by a - * kernel message. - */ -void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, - u32 handle, u8 *name) -{ - enum tpm2_mso_type mso = tpm2_handle_mso(handle); - struct tpm2_auth *auth = chip->auth; - int slot; - - slot = (tpm_buf_length(buf) - TPM_HEADER_SIZE)/4; - if (slot >= AUTH_MAX_NAMES) { - dev_err(&chip->dev, "TPM: too many handles\n"); - return; - } - WARN(auth->session != tpm_buf_length(buf), - "name added in wrong place\n"); - tpm_buf_append_u32(buf, handle); - auth->session += 4; - - if (mso == TPM2_MSO_PERSISTENT || - mso == TPM2_MSO_VOLATILE || - mso == TPM2_MSO_NVRAM) { - if (!name) - tpm2_read_public(chip, handle, auth->name[slot]); - } else { - if (name) - dev_err(&chip->dev, "TPM: Handle does not require name but one is specified\n"); - } - - auth->name_h[slot] = handle; - if (name) - memcpy(auth->name[slot], name, name_size(name)); -} -EXPORT_SYMBOL(tpm_buf_append_name); - /** * tpm_buf_check_hmac_response() - check the TPM return HMAC for correctness * @chip: the TPM chip structure @@ -1311,3 +1325,4 @@ int tpm2_sessions_init(struct tpm_chip *chip) return rc; } +#endif /* CONFIG_TCG_TPM2_HMAC */ diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 21a67dc9efe8..d9a6991b247d 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -490,11 +490,13 @@ static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle) { } #endif -#ifdef CONFIG_TCG_TPM2_HMAC -int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_name(struct tpm_chip *chip, struct tpm_buf *buf, u32 handle, u8 *name); + +#ifdef CONFIG_TCG_TPM2_HMAC + +int tpm2_start_auth_session(struct tpm_chip *chip); void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, int passphraselen); @@ -521,14 +523,6 @@ static inline int tpm2_start_auth_session(struct tpm_chip *chip) static inline void tpm2_end_auth_session(struct tpm_chip *chip) { } -static inline void tpm_buf_append_name(struct tpm_chip *chip, - struct tpm_buf *buf, - u32 handle, u8 *name) -{ - tpm_buf_append_u32(buf, handle); - /* count the number of handles in the upper bits of flags */ - buf->handles++; -} static inline void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf, u8 attributes, u8 *passphrase, -- 2.45.2

10 months

1
0
0 0

[PATCH v3 1/3] tpm: Address !chip->auth in tpm2_*_auth_session()

by Jarkko Sakkinen

Unless tpm_chip_bootstrap() was called by the driver, !chip->auth can cause a null derefence in tpm2_*_auth_session(). Thus, address !chip->auth in tpm2_*_auth_session(). Cc: stable(a)vger.kernel.org # v6.9+ Reported-by: Stefan Berger <stefanb(a)linux.ibm.com> Closes: https://lore.kernel.org/linux-integrity/20240617193408.1234365-1-stefanb@li… Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: * Use dev_warn_once() instead of pr_warn_once(). --- drivers/char/tpm/tpm2-sessions.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 907ac9956a78..2f1d96a5a5a7 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -824,8 +824,13 @@ EXPORT_SYMBOL(tpm_buf_check_hmac_response); */ void tpm2_end_auth_session(struct tpm_chip *chip) { - tpm2_flush_context(chip, chip->auth->handle); - memzero_explicit(chip->auth, sizeof(*chip->auth)); + struct tpm2_auth *auth = chip->auth; + + if (!auth) + return; + + tpm2_flush_context(chip, auth->handle); + memzero_explicit(auth, sizeof(*auth)); } EXPORT_SYMBOL(tpm2_end_auth_session); @@ -907,6 +912,11 @@ int tpm2_start_auth_session(struct tpm_chip *chip) int rc; u32 null_key; + if (!auth) { + dev_warn_once(&chip->dev, "auth session is not active\n"); + return 0; + } + rc = tpm2_load_null(chip, &null_key); if (rc) goto out; -- 2.45.2

10 months

1
0
0 0

[PATCH] drm/ttm: Always take the bo delayed cleanup path for imported bos

by Thomas Hellström

Bos can be put with multiple unrelated dma-resv locks held. But imported bos attempt to grab the bo dma-resv during dma-buf detach that typically happens during cleanup. That leads to lockde splats similar to the below and a potential ABBA deadlock. Fix this by always taking the delayed workqueue cleanup path for imported bos. Requesting stable fixes from when the Xe driver was introduced, since its usage of drm_exec and wide vm dma_resvs appear to be the first reliable trigger of this. [22982.116427] ============================================ [22982.116428] WARNING: possible recursive locking detected [22982.116429] 6.10.0-rc2+ #10 Tainted: G U W [22982.116430] -------------------------------------------- [22982.116430] glxgears:sh0/5785 is trying to acquire lock: [22982.116431] ffff8c2bafa539a8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: dma_buf_detach+0x3b/0xf0 [22982.116438] but task is already holding lock: [22982.116438] ffff8c2d9aba6da8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: drm_exec_lock_obj+0x49/0x2b0 [drm_exec] [22982.116442] other info that might help us debug this: [22982.116442] Possible unsafe locking scenario: [22982.116443] CPU0 [22982.116444] ---- [22982.116444] lock(reservation_ww_class_mutex); [22982.116445] lock(reservation_ww_class_mutex); [22982.116447] *** DEADLOCK *** [22982.116447] May be due to missing lock nesting notation [22982.116448] 5 locks held by glxgears:sh0/5785: [22982.116449] #0: ffff8c2d9aba58c8 (&xef->vm.lock){+.+.}-{3:3}, at: xe_file_close+0xde/0x1c0 [xe] [22982.116507] #1: ffff8c2e28cc8480 (&vm->lock){++++}-{3:3}, at: xe_vm_close_and_put+0x161/0x9b0 [xe] [22982.116578] #2: ffff8c2e31982970 (&val->lock){.+.+}-{3:3}, at: xe_validation_ctx_init+0x6d/0x70 [xe] [22982.116647] #3: ffffacdc469478a8 (reservation_ww_class_acquire){+.+.}-{0:0}, at: xe_vma_destroy_unlocked+0x7f/0xe0 [xe] [22982.116716] #4: ffff8c2d9aba6da8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: drm_exec_lock_obj+0x49/0x2b0 [drm_exec] [22982.116719] stack backtrace: [22982.116720] CPU: 8 PID: 5785 Comm: glxgears:sh0 Tainted: G U W 6.10.0-rc2+ #10 [22982.116721] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 2001 02/01/2023 [22982.116723] Call Trace: [22982.116724] <TASK> [22982.116725] dump_stack_lvl+0x77/0xb0 [22982.116727] __lock_acquire+0x1232/0x2160 [22982.116730] lock_acquire+0xcb/0x2d0 [22982.116732] ? dma_buf_detach+0x3b/0xf0 [22982.116734] ? __lock_acquire+0x417/0x2160 [22982.116736] __ww_mutex_lock.constprop.0+0xd0/0x13b0 [22982.116738] ? dma_buf_detach+0x3b/0xf0 [22982.116741] ? dma_buf_detach+0x3b/0xf0 [22982.116743] ? ww_mutex_lock+0x2b/0x90 [22982.116745] ww_mutex_lock+0x2b/0x90 [22982.116747] dma_buf_detach+0x3b/0xf0 [22982.116749] drm_prime_gem_destroy+0x2f/0x40 [drm] [22982.116775] xe_ttm_bo_destroy+0x32/0x220 [xe] [22982.116818] ? __mutex_unlock_slowpath+0x3a/0x290 [22982.116821] drm_exec_unlock_all+0xa1/0xd0 [drm_exec] [22982.116823] drm_exec_fini+0x12/0xb0 [drm_exec] [22982.116824] xe_validation_ctx_fini+0x15/0x40 [xe] [22982.116892] xe_vma_destroy_unlocked+0xb1/0xe0 [xe] [22982.116959] xe_vm_close_and_put+0x41a/0x9b0 [xe] [22982.117025] ? xa_find+0xe3/0x1e0 [22982.117028] xe_file_close+0x10a/0x1c0 [xe] [22982.117074] drm_file_free+0x22a/0x280 [drm] [22982.117099] drm_release_noglobal+0x22/0x70 [drm] [22982.117119] __fput+0xf1/0x2d0 [22982.117122] task_work_run+0x59/0x90 [22982.117125] do_exit+0x330/0xb40 [22982.117127] do_group_exit+0x36/0xa0 [22982.117129] get_signal+0xbd2/0xbe0 [22982.117131] arch_do_signal_or_restart+0x3e/0x240 [22982.117134] syscall_exit_to_user_mode+0x1e7/0x290 [22982.117137] do_syscall_64+0xa1/0x180 [22982.117139] ? lock_acquire+0xcb/0x2d0 [22982.117140] ? __set_task_comm+0x28/0x1e0 [22982.117141] ? find_held_lock+0x2b/0x80 [22982.117144] ? __set_task_comm+0xe1/0x1e0 [22982.117145] ? lock_release+0xca/0x290 [22982.117147] ? __do_sys_prctl+0x245/0xab0 [22982.117149] ? lockdep_hardirqs_on_prepare+0xde/0x190 [22982.117150] ? syscall_exit_to_user_mode+0xb0/0x290 [22982.117152] ? do_syscall_64+0xa1/0x180 [22982.117154] ? __lock_acquire+0x417/0x2160 [22982.117155] ? reacquire_held_locks+0xd1/0x1f0 [22982.117156] ? do_user_addr_fault+0x30c/0x790 [22982.117158] ? lock_acquire+0xcb/0x2d0 [22982.117160] ? find_held_lock+0x2b/0x80 [22982.117162] ? do_user_addr_fault+0x357/0x790 [22982.117163] ? lock_release+0xca/0x290 [22982.117164] ? do_user_addr_fault+0x361/0x790 [22982.117166] ? trace_hardirqs_off+0x4b/0xc0 [22982.117168] ? clear_bhb_loop+0x45/0xa0 [22982.117170] ? clear_bhb_loop+0x45/0xa0 [22982.117172] ? clear_bhb_loop+0x45/0xa0 [22982.117174] entry_SYSCALL_64_after_hwframe+0x76/0x7e [22982.117176] RIP: 0033:0x7f943d267169 [22982.117192] Code: Unable to access opcode bytes at 0x7f943d26713f. [22982.117193] RSP: 002b:00007f9430bffc80 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [22982.117195] RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 00007f943d267169 [22982.117196] RDX: 0000000000000000 RSI: 0000000000000189 RDI: 00005622f89579d0 [22982.117197] RBP: 00007f9430bffcb0 R08: 0000000000000000 R09: 00000000ffffffff [22982.117198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [22982.117199] R13: 0000000000000000 R14: 0000000000000000 R15: 00005622f89579d0 [22982.117202] </TASK> Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: Christian König <christian.koenig(a)amd.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: dri-devel(a)lists.freedesktop.org Cc: intel-xe(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/ttm/ttm_bo.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c index 6396dece0db1..2427be8bc97f 100644 --- a/drivers/gpu/drm/ttm/ttm_bo.c +++ b/drivers/gpu/drm/ttm/ttm_bo.c @@ -346,6 +346,7 @@ static void ttm_bo_release(struct kref *kref) if (!dma_resv_test_signaled(bo->base.resv, DMA_RESV_USAGE_BOOKKEEP) || (want_init_on_free() && (bo->ttm != NULL)) || + bo->type == ttm_bo_type_sg || !dma_resv_trylock(bo->base.resv)) { /* The BO is not idle, resurrect it for delayed destroy */ ttm_bo_flush_all_fences(bo); -- 2.44.0

10 months

4
4
0 0

[PATCH] drm/xe: Use write-back caching mode for system memory on DGFX

by Thomas Hellström

The caching mode for buffer objects with VRAM as a possible placement was forced to write-combined, regardless of placement. However, write-combined system memory is expensive to allocate and even though it is pooled, the pool is expensive to shrink, since it involves global CPU TLB flushes. Moreover write-combined system memory from TTM is only reliably available on x86 and DGFX doesn't have an x86 restriction. So regardless of the cpu caching mode selected for a bo, internally use write-back caching mode for system memory on DGFX. Coherency is maintained, but user-space clients may perceive a difference in cpu access speeds. Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Fixes: 622f709ca629 ("drm/xe/uapi: Add support for CPU caching mode") Cc: Pallavi Mishra <pallavi.mishra(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: dri-devel(a)lists.freedesktop.org Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Effie Yu <effie.yu(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Jose Souza <jose.souza(a)intel.com> Cc: Michal Mrozek <michal.mrozek(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_bo.c | 47 +++++++++++++++++++------------- drivers/gpu/drm/xe/xe_bo_types.h | 3 +- include/uapi/drm/xe_drm.h | 8 +++++- 3 files changed, 37 insertions(+), 21 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 65c696966e96..31192d983d9e 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -343,7 +343,7 @@ static struct ttm_tt *xe_ttm_tt_create(struct ttm_buffer_object *ttm_bo, struct xe_device *xe = xe_bo_device(bo); struct xe_ttm_tt *tt; unsigned long extra_pages; - enum ttm_caching caching; + enum ttm_caching caching = ttm_cached; int err; tt = kzalloc(sizeof(*tt), GFP_KERNEL); @@ -357,26 +357,35 @@ static struct ttm_tt *xe_ttm_tt_create(struct ttm_buffer_object *ttm_bo, extra_pages = DIV_ROUND_UP(xe_device_ccs_bytes(xe, bo->size), PAGE_SIZE); - switch (bo->cpu_caching) { - case DRM_XE_GEM_CPU_CACHING_WC: - caching = ttm_write_combined; - break; - default: - caching = ttm_cached; - break; - } - - WARN_ON((bo->flags & XE_BO_FLAG_USER) && !bo->cpu_caching); - /* - * Display scanout is always non-coherent with the CPU cache. - * - * For Xe_LPG and beyond, PPGTT PTE lookups are also non-coherent and - * require a CPU:WC mapping. + * DGFX system memory is always WB / ttm_cached, since + * other caching modes are only supported on x86. DGFX + * GPU system memory accesses are always coherent with the + * CPU. */ - if ((!bo->cpu_caching && bo->flags & XE_BO_FLAG_SCANOUT) || - (xe->info.graphics_verx100 >= 1270 && bo->flags & XE_BO_FLAG_PAGETABLE)) - caching = ttm_write_combined; + if (!IS_DGFX(xe)) { + switch (bo->cpu_caching) { + case DRM_XE_GEM_CPU_CACHING_WC: + caching = ttm_write_combined; + break; + default: + caching = ttm_cached; + break; + } + + WARN_ON((bo->flags & XE_BO_FLAG_USER) && !bo->cpu_caching); + + /* + * Display scanout is always non-coherent with the CPU cache. + * + * For Xe_LPG and beyond, PPGTT PTE lookups are also + * non-coherent and require a CPU:WC mapping. + */ + if ((!bo->cpu_caching && bo->flags & XE_BO_FLAG_SCANOUT) || + (xe->info.graphics_verx100 >= 1270 && + bo->flags & XE_BO_FLAG_PAGETABLE)) + caching = ttm_write_combined; + } if (bo->flags & XE_BO_FLAG_NEEDS_UC) { /* diff --git a/drivers/gpu/drm/xe/xe_bo_types.h b/drivers/gpu/drm/xe/xe_bo_types.h index 86422e113d39..10450f1fbbde 100644 --- a/drivers/gpu/drm/xe/xe_bo_types.h +++ b/drivers/gpu/drm/xe/xe_bo_types.h @@ -66,7 +66,8 @@ struct xe_bo { /** * @cpu_caching: CPU caching mode. Currently only used for userspace - * objects. + * objects. Exceptions are system memory on DGFX, which is always + * WB. */ u16 cpu_caching; diff --git a/include/uapi/drm/xe_drm.h b/include/uapi/drm/xe_drm.h index 93e00be44b2d..1189b3044723 100644 --- a/include/uapi/drm/xe_drm.h +++ b/include/uapi/drm/xe_drm.h @@ -783,7 +783,13 @@ struct drm_xe_gem_create { #define DRM_XE_GEM_CPU_CACHING_WC 2 /** * @cpu_caching: The CPU caching mode to select for this object. If - * mmaping the object the mode selected here will also be used. + * mmaping the object the mode selected here will also be used. The + * exception is when mapping system memory (including evicted + * system memory) on discrete GPUs. The caching mode selected will + * then be overridden to DRM_XE_GEM_CPU_CACHING_WB, and coherency + * between GPU- and CPU is guaranteed. The caching mode of + * existing CPU-mappings will be updated transparently to + * user-space clients. */ __u16 cpu_caching; /** @pad: MBZ */ -- 2.44.0

10 months

5
4
0 0

[merged mm-hotfixes-stable] nilfs2-fix-kernel-bug-on-rename-operation-of-broken-directory.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix kernel bug on rename operation of broken directory has been removed from the -mm tree. Its filename was nilfs2-fix-kernel-bug-on-rename-operation-of-broken-directory.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix kernel bug on rename operation of broken directory Date: Sat, 29 Jun 2024 01:51:07 +0900 Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return location exceeding folio/page size for broken directories. Fix this issue by checking required directory entries ("." and "..") in the first chunk of the directory in nilfs_dotdot(). Link: https://lkml.kernel.org/r/20240628165107.9006-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+d3abed1ad3d367fa2627(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d3abed1ad3d367fa2627 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/dir.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) --- a/fs/nilfs2/dir.c~nilfs2-fix-kernel-bug-on-rename-operation-of-broken-directory +++ a/fs/nilfs2/dir.c @@ -383,11 +383,39 @@ found: struct nilfs_dir_entry *nilfs_dotdot(struct inode *dir, struct folio **foliop) { - struct nilfs_dir_entry *de = nilfs_get_folio(dir, 0, foliop); + struct folio *folio; + struct nilfs_dir_entry *de, *next_de; + size_t limit; + char *msg; + de = nilfs_get_folio(dir, 0, &folio); if (IS_ERR(de)) return NULL; - return nilfs_next_entry(de); + + limit = nilfs_last_byte(dir, 0); /* is a multiple of chunk size */ + if (unlikely(!limit || le64_to_cpu(de->inode) != dir->i_ino || + !nilfs_match(1, ".", de))) { + msg = "missing '.'"; + goto fail; + } + + next_de = nilfs_next_entry(de); + /* + * If "next_de" has not reached the end of the chunk, there is + * at least one more record. Check whether it matches "..". + */ + if (unlikely((char *)next_de == (char *)de + nilfs_chunk_size(dir) || + !nilfs_match(2, "..", next_de))) { + msg = "missing '..'"; + goto fail; + } + *foliop = folio; + return next_de; + +fail: + nilfs_error(dir->i_sb, "directory #%lu %s", dir->i_ino, msg); + folio_release_kmap(folio, de); + return NULL; } ino_t nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr) _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-avoid-undefined-behavior-in-nilfs_cnt32_ge-macro.patch

10 months

1
0
0 0

[merged mm-hotfixes-stable] cachestat-do-not-flush-stats-in-recency-check.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: cachestat: do not flush stats in recency check has been removed from the -mm tree. Its filename was cachestat-do-not-flush-stats-in-recency-check.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Nhat Pham <nphamcs(a)gmail.com> Subject: cachestat: do not flush stats in recency check Date: Thu, 27 Jun 2024 13:17:37 -0700 syzbot detects that cachestat() is flushing stats, which can sleep, in its RCU read section (see [1]). This is done in the workingset_test_recent() step (which checks if the folio's eviction is recent). Move the stat flushing step to before the RCU read section of cachestat, and skip stat flushing during the recency check. [1]: https://lore.kernel.org/cgroups/000000000000f71227061bdf97e0@google.com/ Link: https://lkml.kernel.org/r/20240627201737.3506959-1-nphamcs@gmail.com Fixes: b00684722262 ("mm: workingset: move the stats flush into workingset_test_recent()") Signed-off-by: Nhat Pham <nphamcs(a)gmail.com> Reported-by: syzbot+b7f13b2d0cc156edf61a(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/cgroups/000000000000f71227061bdf97e0@google.com/ Debugged-by: Johannes Weiner <hannes(a)cmpxchg.org> Suggested-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Yosry Ahmed <yosryahmed(a)google.com> Cc: <stable(a)vger.kernel.org> [6.8+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/swap.h | 3 ++- mm/filemap.c | 5 ++++- mm/workingset.c | 14 +++++++++++--- 3 files changed, 17 insertions(+), 5 deletions(-) --- a/include/linux/swap.h~cachestat-do-not-flush-stats-in-recency-check +++ a/include/linux/swap.h @@ -354,7 +354,8 @@ static inline swp_entry_t page_swap_entr } /* linux/mm/workingset.c */ -bool workingset_test_recent(void *shadow, bool file, bool *workingset); +bool workingset_test_recent(void *shadow, bool file, bool *workingset, + bool flush); void workingset_age_nonresident(struct lruvec *lruvec, unsigned long nr_pages); void *workingset_eviction(struct folio *folio, struct mem_cgroup *target_memcg); void workingset_refault(struct folio *folio, void *shadow); --- a/mm/filemap.c~cachestat-do-not-flush-stats-in-recency-check +++ a/mm/filemap.c @@ -4248,6 +4248,9 @@ static void filemap_cachestat(struct add XA_STATE(xas, &mapping->i_pages, first_index); struct folio *folio; + /* Flush stats (and potentially sleep) outside the RCU read section. */ + mem_cgroup_flush_stats_ratelimited(NULL); + rcu_read_lock(); xas_for_each(&xas, folio, last_index) { int order; @@ -4311,7 +4314,7 @@ static void filemap_cachestat(struct add goto resched; } #endif - if (workingset_test_recent(shadow, true, &workingset)) + if (workingset_test_recent(shadow, true, &workingset, false)) cs->nr_recently_evicted += nr_pages; goto resched; --- a/mm/workingset.c~cachestat-do-not-flush-stats-in-recency-check +++ a/mm/workingset.c @@ -412,10 +412,12 @@ void *workingset_eviction(struct folio * * @file: whether the corresponding folio is from the file lru. * @workingset: where the workingset value unpacked from shadow should * be stored. + * @flush: whether to flush cgroup rstat. * * Return: true if the shadow is for a recently evicted folio; false otherwise. */ -bool workingset_test_recent(void *shadow, bool file, bool *workingset) +bool workingset_test_recent(void *shadow, bool file, bool *workingset, + bool flush) { struct mem_cgroup *eviction_memcg; struct lruvec *eviction_lruvec; @@ -467,10 +469,16 @@ bool workingset_test_recent(void *shadow /* * Flush stats (and potentially sleep) outside the RCU read section. + * + * Note that workingset_test_recent() itself might be called in RCU read + * section (for e.g, in cachestat) - these callers need to skip flushing + * stats (via the flush argument). + * * XXX: With per-memcg flushing and thresholding, is ratelimiting * still needed here? */ - mem_cgroup_flush_stats_ratelimited(eviction_memcg); + if (flush) + mem_cgroup_flush_stats_ratelimited(eviction_memcg); eviction_lruvec = mem_cgroup_lruvec(eviction_memcg, pgdat); refault = atomic_long_read(&eviction_lruvec->nonresident_age); @@ -558,7 +566,7 @@ void workingset_refault(struct folio *fo mod_lruvec_state(lruvec, WORKINGSET_REFAULT_BASE + file, nr); - if (!workingset_test_recent(shadow, file, &workingset)) + if (!workingset_test_recent(shadow, file, &workingset, true)) return; folio_set_active(folio); _ Patches currently in -mm which might be from nphamcs(a)gmail.com are

10 months

1
0
0 0

[merged mm-hotfixes-stable] mm-shmem-disable-pmd-sized-page-cache-if-needed.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/shmem: disable PMD-sized page cache if needed has been removed from the -mm tree. Its filename was mm-shmem-disable-pmd-sized-page-cache-if-needed.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Gavin Shan <gshan(a)redhat.com> Subject: mm/shmem: disable PMD-sized page cache if needed Date: Thu, 27 Jun 2024 10:39:52 +1000 For shmem files, it's possible that PMD-sized page cache can't be supported by xarray. For example, 512MB page cache on ARM64 when the base page size is 64KB can't be supported by xarray. It leads to errors as the following messages indicate when this sort of xarray entry is split. WARNING: CPU: 34 PID: 7578 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 \ nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject \ nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse xfs \ libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net \ net_failover virtio_console virtio_blk failover dimlib virtio_mmio CPU: 34 PID: 7578 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff8000882af5f0 x29: ffff8000882af5f0 x28: ffff8000882af650 x27: ffff8000882af768 x26: 0000000000000cc0 x25: 000000000000000d x24: ffff00010625b858 x23: ffff8000882af650 x22: ffffffdfc0900000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0900000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000018000000000 x15: 52f8004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 52f8000000000000 x10: 52f8e1c0ffff6000 x9 : ffffbeb9619a681c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00010b02ddb0 x5 : ffffbeb96395e378 x4 : 0000000000000000 x3 : 0000000000000cc0 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 shmem_undo_range+0x2bc/0x6a8 shmem_fallocate+0x134/0x430 vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by disabling PMD-sized page cache when HPAGE_PMD_ORDER is larger than MAX_PAGECACHE_ORDER. As Matthew Wilcox pointed, the page cache in a shmem file isn't represented by a multi-index entry and doesn't have this limitation when the xarry entry is split until commit 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache"). Link: https://lkml.kernel.org/r/20240627003953.1262512-5-gshan@redhat.com Fixes: 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Darrick J. Wong <djwong(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: Zhenyu Zhang <zhenyzha(a)redhat.com> Cc: <stable(a)vger.kernel.org> [5.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) --- a/mm/shmem.c~mm-shmem-disable-pmd-sized-page-cache-if-needed +++ a/mm/shmem.c @@ -541,8 +541,9 @@ static bool shmem_confirm_swap(struct ad static int shmem_huge __read_mostly = SHMEM_HUGE_NEVER; -bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, - struct mm_struct *mm, unsigned long vm_flags) +static bool __shmem_is_huge(struct inode *inode, pgoff_t index, + bool shmem_huge_force, struct mm_struct *mm, + unsigned long vm_flags) { loff_t i_size; @@ -573,6 +574,16 @@ bool shmem_is_huge(struct inode *inode, } } +bool shmem_is_huge(struct inode *inode, pgoff_t index, + bool shmem_huge_force, struct mm_struct *mm, + unsigned long vm_flags) +{ + if (HPAGE_PMD_ORDER > MAX_PAGECACHE_ORDER) + return false; + + return __shmem_is_huge(inode, index, shmem_huge_force, mm, vm_flags); +} + #if defined(CONFIG_SYSFS) static int shmem_parse_huge(const char *str) { _ Patches currently in -mm which might be from gshan(a)redhat.com are

10 months

1
0
0 0

[merged mm-hotfixes-stable] mm-filemap-skip-to-create-pmd-sized-page-cache-if-needed.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/filemap: skip to create PMD-sized page cache if needed has been removed from the -mm tree. Its filename was mm-filemap-skip-to-create-pmd-sized-page-cache-if-needed.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Gavin Shan <gshan(a)redhat.com> Subject: mm/filemap: skip to create PMD-sized page cache if needed Date: Thu, 27 Jun 2024 10:39:51 +1000 On ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray as the following error messages indicate. ------------[ cut here ]------------ WARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \ fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \ sha1_ce virtio_net net_failover virtio_console virtio_blk failover \ dimlib virtio_mmio CPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff800087a4f6c0 x29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff x26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858 x23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000 x17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28 x8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8 x5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by skipping to allocate PMD-sized page cache when its size is larger than MAX_PAGECACHE_ORDER. For this specific case, we will fall to regular path where the readahead window is determined by BDI's sysfs file (read_ahead_kb). Link: https://lkml.kernel.org/r/20240627003953.1262512-4-gshan@redhat.com Fixes: 4687fdbb805a ("mm/filemap: Support VM_HUGEPAGE for file mappings") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Darrick J. Wong <djwong(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: Zhenyu Zhang <zhenyzha(a)redhat.com> Cc: <stable(a)vger.kernel.org> [5.18+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/filemap.c~mm-filemap-skip-to-create-pmd-sized-page-cache-if-needed +++ a/mm/filemap.c @@ -3124,7 +3124,7 @@ static struct file *do_sync_mmap_readahe #ifdef CONFIG_TRANSPARENT_HUGEPAGE /* Use the readahead code, even if readahead is disabled */ - if (vm_flags & VM_HUGEPAGE) { + if ((vm_flags & VM_HUGEPAGE) && HPAGE_PMD_ORDER <= MAX_PAGECACHE_ORDER) { fpin = maybe_unlock_mmap_for_io(vmf, fpin); ractl._index &= ~((unsigned long)HPAGE_PMD_NR - 1); ra->size = HPAGE_PMD_NR; _ Patches currently in -mm which might be from gshan(a)redhat.com are

10 months

1
0
0 0

[merged mm-hotfixes-stable] mm-readahead-limit-page-cache-size-in-page_cache_ra_order.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/readahead: limit page cache size in page_cache_ra_order() has been removed from the -mm tree. Its filename was mm-readahead-limit-page-cache-size-in-page_cache_ra_order.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Gavin Shan <gshan(a)redhat.com> Subject: mm/readahead: limit page cache size in page_cache_ra_order() Date: Thu, 27 Jun 2024 10:39:50 +1000 In page_cache_ra_order(), the maximal order of the page cache to be allocated shouldn't be larger than MAX_PAGECACHE_ORDER. Otherwise, it's possible the large page cache can't be supported by xarray when the corresponding xarray entry is split. For example, HPAGE_PMD_ORDER is 13 on ARM64 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray. Link: https://lkml.kernel.org/r/20240627003953.1262512-3-gshan@redhat.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Darrick J. Wong <djwong(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: Zhenyu Zhang <zhenyzha(a)redhat.com> Cc: <stable(a)vger.kernel.org> [5.18+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/readahead.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/mm/readahead.c~mm-readahead-limit-page-cache-size-in-page_cache_ra_order +++ a/mm/readahead.c @@ -503,11 +503,11 @@ void page_cache_ra_order(struct readahea limit = min(limit, index + ra->size - 1); - if (new_order < MAX_PAGECACHE_ORDER) { + if (new_order < MAX_PAGECACHE_ORDER) new_order += 2; - new_order = min_t(unsigned int, MAX_PAGECACHE_ORDER, new_order); - new_order = min_t(unsigned int, new_order, ilog2(ra->size)); - } + + new_order = min_t(unsigned int, MAX_PAGECACHE_ORDER, new_order); + new_order = min_t(unsigned int, new_order, ilog2(ra->size)); /* See comment in page_cache_ra_unbounded() */ nofs = memalloc_nofs_save(); _ Patches currently in -mm which might be from gshan(a)redhat.com are

10 months

1
0
0 0

[merged mm-hotfixes-stable] mm-filemap-make-max_pagecache_order-acceptable-to-xarray.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray has been removed from the -mm tree. Its filename was mm-filemap-make-max_pagecache_order-acceptable-to-xarray.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Gavin Shan <gshan(a)redhat.com> Subject: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray Date: Thu, 27 Jun 2024 10:39:49 +1000 Patch series "mm/filemap: Limit page cache size to that supported by xarray", v2. Currently, xarray can't support arbitrary page cache size. More details can be found from the WARN_ON() statement in xas_split_alloc(). In our test whose code is attached below, we hit the WARN_ON() on ARM64 system where the base page size is 64KB and huge page size is 512MB. The issue was reported long time ago and some discussions on it can be found here [1]. [1] https://www.spinics.net/lists/linux-xfs/msg75404.html In order to fix the issue, we need to adjust MAX_PAGECACHE_ORDER to one supported by xarray and avoid PMD-sized page cache if needed. The code changes are suggested by David Hildenbrand. PATCH[1] adjusts MAX_PAGECACHE_ORDER to that supported by xarray PATCH[2-3] avoids PMD-sized page cache in the synchronous readahead path PATCH[4] avoids PMD-sized page cache for shmem files if needed Test program ============ # cat test.c #define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <fcntl.h> #include <errno.h> #include <sys/syscall.h> #include <sys/mman.h> #define TEST_XFS_FILENAME "/tmp/data" #define TEST_SHMEM_FILENAME "/dev/shm/data" #define TEST_MEM_SIZE 0x20000000 int main(int argc, char **argv) { const char *filename; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret; if (pgsize != 0x10000) { fprintf(stderr, "64KB base page size is required\n"); return -EPERM; } system("echo force > /sys/kernel/mm/transparent_hugepage/shmem_enabled"); system("rm -fr /tmp/data"); system("rm -fr /dev/shm/data"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open xfs or shmem file */ filename = TEST_XFS_FILENAME; if (argc > 1 && !strcmp(argv[1], "shmem")) filename = TEST_SHMEM_FILENAME; fd = open(filename, O_CREAT | O_RDWR | O_TRUNC); if (fd < 0) { fprintf(stderr, "Unable to open <%s>\n", filename); return -EIO; } /* Extend file size */ ret = ftruncate(fd, TEST_MEM_SIZE); if (ret) { fprintf(stderr, "Error %d to ftruncate()\n", ret); goto cleanup; } /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (buf == (void *)-1) { fprintf(stderr, "Unable to mmap <%s>\n", filename); goto cleanup; } fprintf(stdout, "mapped buffer at 0x%p\n", buf); ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); if (ret) { fprintf(stderr, "Unable to madvise(MADV_HUGEPAGE)\n"); goto cleanup; } /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_WRITE); if (ret) { fprintf(stderr, "Error %d to madvise(MADV_POPULATE_WRITE)\n", ret); goto cleanup; } /* Punch the file to enforce xarray split */ ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); if (ret) fprintf(stderr, "Error %d to fallocate()\n", ret); cleanup: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return 0; } # gcc test.c -o test # cat /proc/1/smaps | grep KernelPageSize | head -n 1 KernelPageSize: 64 kB # ./test shmem : ------------[ cut here ]------------ WARNING: CPU: 17 PID: 5253 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set nf_tables rfkill nfnetlink vfat fat virtio_balloon \ drm fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \ virtio_net sha1_ce net_failover failover virtio_console virtio_blk \ dimlib virtio_mmio CPU: 17 PID: 5253 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #12 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff80008a92f5b0 x29: ffff80008a92f5b0 x28: ffff80008a92f610 x27: ffff80008a92f728 x26: 0000000000000cc0 x25: 000000000000000d x24: ffff0000cf00c858 x23: ffff80008a92f610 x22: ffffffdfc0600000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0600000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000018000000000 x15: 3374004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 3374000000000000 x10: 3374e1c0ffff6000 x9 : ffffb463a84c681c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff00011c976ce0 x5 : ffffb463aa47e378 x4 : 0000000000000000 x3 : 0000000000000cc0 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 shmem_undo_range+0x2bc/0x6a8 shmem_fallocate+0x134/0x430 vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 This patch (of 4): The largest page cache order can be HPAGE_PMD_ORDER (13) on ARM64 with 64KB base page size. The xarray entry with this order can't be split as the following error messages indicate. ------------[ cut here ]------------ WARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \ fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \ sha1_ce virtio_net net_failover virtio_console virtio_blk failover \ dimlib virtio_mmio CPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff800087a4f6c0 x29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff x26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858 x23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000 x17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28 x8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8 x5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by decreasing MAX_PAGECACHE_ORDER to the largest supported order by xarray. For this specific case, MAX_PAGECACHE_ORDER is dropped from 13 to 11 when CONFIG_BASE_SMALL is disabled. Link: https://lkml.kernel.org/r/20240627003953.1262512-1-gshan@redhat.com Link: https://lkml.kernel.org/r/20240627003953.1262512-2-gshan@redhat.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Darrick J. Wong <djwong(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: Zhenyu Zhang <zhenyzha(a)redhat.com> Cc: <stable(a)vger.kernel.org> [5.18+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/pagemap.h | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) --- a/include/linux/pagemap.h~mm-filemap-make-max_pagecache_order-acceptable-to-xarray +++ a/include/linux/pagemap.h @@ -354,11 +354,18 @@ static inline void mapping_set_gfp_mask( * a good order (that's 1MB if you're using 4kB pages) */ #ifdef CONFIG_TRANSPARENT_HUGEPAGE -#define MAX_PAGECACHE_ORDER HPAGE_PMD_ORDER +#define PREFERRED_MAX_PAGECACHE_ORDER HPAGE_PMD_ORDER #else -#define MAX_PAGECACHE_ORDER 8 +#define PREFERRED_MAX_PAGECACHE_ORDER 8 #endif +/* + * xas_split_alloc() does not support arbitrary orders. This implies no + * 512MB THP on ARM64 with 64KB base page size. + */ +#define MAX_XAS_ORDER (XA_CHUNK_SHIFT * 2 - 1) +#define MAX_PAGECACHE_ORDER min(MAX_XAS_ORDER, PREFERRED_MAX_PAGECACHE_ORDER) + /** * mapping_set_large_folios() - Indicate the file supports large folios. * @mapping: The file. _ Patches currently in -mm which might be from gshan(a)redhat.com are

10 months

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-merge-regions-aggressively-when-max_nr_regions-is-unmet.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: merge regions aggressively when max_nr_regions is unmet has been removed from the -mm tree. Its filename was mm-damon-core-merge-regions-aggressively-when-max_nr_regions-is-unmet.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: merge regions aggressively when max_nr_regions is unmet Date: Mon, 24 Jun 2024 10:58:14 -0700 DAMON keeps the number of regions under max_nr_regions by skipping regions split operations when doing so can make the number higher than the limit. It works well for preventing violation of the limit. But, if somehow the violation happens, it cannot recovery well depending on the situation. In detail, if the real number of regions having different access pattern is higher than the limit, the mechanism cannot reduce the number below the limit. In such a case, the system could suffer from high monitoring overhead of DAMON. The violation can actually happen. For an example, the user could reduce max_nr_regions while DAMON is running, to be lower than the current number of regions. Fix the problem by repeating the merge operations with increasing aggressiveness in kdamond_merge_regions() for the case, until the limit is met. [sj(a)kernel.org: increase regions merge aggressiveness while respecting min_nr_regions] Link: https://lkml.kernel.org/r/20240626164753.46270-1-sj@kernel.org [sj(a)kernel.org: ensure max threshold attempt for max_nr_regions violation] Link: https://lkml.kernel.org/r/20240627163153.75969-1-sj@kernel.org Link: https://lkml.kernel.org/r/20240624175814.89611-1-sj@kernel.org Fixes: b9a6ac4e4ede ("mm/damon: adaptively adjust regions") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [5.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) --- a/mm/damon/core.c~mm-damon-core-merge-regions-aggressively-when-max_nr_regions-is-unmet +++ a/mm/damon/core.c @@ -1358,14 +1358,31 @@ static void damon_merge_regions_of(struc * access frequencies are similar. This is for minimizing the monitoring * overhead under the dynamically changeable access pattern. If a merge was * unnecessarily made, later 'kdamond_split_regions()' will revert it. + * + * The total number of regions could be higher than the user-defined limit, + * max_nr_regions for some cases. For example, the user can update + * max_nr_regions to a number that lower than the current number of regions + * while DAMON is running. For such a case, repeat merging until the limit is + * met while increasing @threshold up to possible maximum level. */ static void kdamond_merge_regions(struct damon_ctx *c, unsigned int threshold, unsigned long sz_limit) { struct damon_target *t; + unsigned int nr_regions; + unsigned int max_thres; - damon_for_each_target(t, c) - damon_merge_regions_of(t, threshold, sz_limit); + max_thres = c->attrs.aggr_interval / + (c->attrs.sample_interval ? c->attrs.sample_interval : 1); + do { + nr_regions = 0; + damon_for_each_target(t, c) { + damon_merge_regions_of(t, threshold, sz_limit); + nr_regions += damon_nr_regions(t); + } + threshold = max(1, threshold * 2); + } while (nr_regions > c->attrs.max_nr_regions && + threshold / 2 < max_thres); } /* _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-paddr-initialize-nr_succeeded-in-__damon_pa_migrate_folio_list.patch docs-mm-damon-design-fix-two-typos.patch docs-mm-damon-design-clarify-regions-merging-operation.patch docs-admin-guide-mm-damon-start-add-access-pattern-snapshot-example.patch docs-mm-damon-design-add-links-from-overall-architecture-to-sections-of-details.patch docs-mm-damon-design-move-configurable-operations-set-section-into-operations-set-layer-section.patch docs-mm-damon-design-remove-programmable-modules-section-in-favor-of-modules-section.patch docs-mm-damon-design-add-links-to-sections-of-damon-sysfs-interface-usage-doc.patch docs-mm-damon-index-add-links-to-design.patch docs-mm-damon-index-add-links-to-admin-guide-doc.patch

10 months

1
0
0 0

[merged mm-hotfixes-stable] fix-userfaultfd_api-to-return-einval-as-expected.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Fix userfaultfd_api to return EINVAL as expected has been removed from the -mm tree. Its filename was fix-userfaultfd_api-to-return-einval-as-expected.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Audra Mitchell <audra(a)redhat.com> Subject: Fix userfaultfd_api to return EINVAL as expected Date: Wed, 26 Jun 2024 09:05:11 -0400 Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an EINVAL. We need to fix this issue since we can end up with a Kernel warning should a program request the feature UFFD_FEATURE_WP_UNPOPULATED on a kernel with the config not set with this feature. [ 200.812896] WARNING: CPU: 91 PID: 13634 at mm/memory.c:1660 zap_pte_range+0x43d/0x660 [ 200.820738] Modules linked in: [ 200.869387] CPU: 91 PID: 13634 Comm: userfaultfd Kdump: loaded Not tainted 6.9.0-rc5+ #8 [ 200.877477] Hardware name: Dell Inc. PowerEdge R6525/0N7YGH, BIOS 2.7.3 03/30/2022 [ 200.885052] RIP: 0010:zap_pte_range+0x43d/0x660 Link: https://lkml.kernel.org/r/20240626130513.120193-1-audra@redhat.com Fixes: e06f1e1dd499 ("userfaultfd: wp: enabled write protection in userfaultfd API") Signed-off-by: Audra Mitchell <audra(a)redhat.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Rafael Aquini <raquini(a)redhat.com> Cc: Shaohua Li <shli(a)fb.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/userfaultfd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/fs/userfaultfd.c~fix-userfaultfd_api-to-return-einval-as-expected +++ a/fs/userfaultfd.c @@ -2057,7 +2057,7 @@ static int userfaultfd_api(struct userfa goto out; features = uffdio_api.features; ret = -EINVAL; - if (uffdio_api.api != UFFD_API || (features & ~UFFD_API_FEATURES)) + if (uffdio_api.api != UFFD_API) goto err_out; ret = -EPERM; if ((features & UFFD_FEATURE_EVENT_FORK) && !capable(CAP_SYS_PTRACE)) @@ -2081,6 +2081,11 @@ static int userfaultfd_api(struct userfa uffdio_api.features &= ~UFFD_FEATURE_WP_UNPOPULATED; uffdio_api.features &= ~UFFD_FEATURE_WP_ASYNC; #endif + + ret = -EINVAL; + if (features & ~uffdio_api.features) + goto err_out; + uffdio_api.ioctls = UFFD_API_IOCTLS; ret = -EFAULT; if (copy_to_user(buf, &uffdio_api, sizeof(uffdio_api))) _ Patches currently in -mm which might be from audra(a)redhat.com are update-uffd-stress-to-handle-einval-for-unset-config-features.patch turn-off-test_uffdio_wp-if-config_pte_marker_uffd_wp-is-not-configured.patch

10 months

1
0
0 0

[merged mm-hotfixes-stable] mm-vmalloc-check-if-a-hash-index-is-in-cpu_possible_mask.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: vmalloc: check if a hash-index is in cpu_possible_mask has been removed from the -mm tree. Its filename was mm-vmalloc-check-if-a-hash-index-is-in-cpu_possible_mask.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Subject: mm: vmalloc: check if a hash-index is in cpu_possible_mask Date: Wed, 26 Jun 2024 16:03:30 +0200 The problem is that there are systems where cpu_possible_mask has gaps between set CPUs, for example SPARC. In this scenario addr_to_vb_xa() hash function can return an index which accesses to not-possible and not setup CPU area using per_cpu() macro. This results in an oops on SPARC. A per-cpu vmap_block_queue is also used as hash table, incorrectly assuming the cpu_possible_mask has no gaps. Fix it by adjusting an index to a next possible CPU. Link: https://lkml.kernel.org/r/20240626140330.89836-1-urezki@gmail.com Fixes: 062eacf57ad9 ("mm: vmalloc: remove a global vmap_blocks xarray") Reported-by: Nick Bowler <nbowler(a)draconx.ca> Closes: https://lore.kernel.org/linux-kernel/ZntjIE6msJbF8zTa@MiWiFi-R3L-srv/T/ Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Reviewed-by: Baoquan He <bhe(a)redhat.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Hailong.Liu <hailong.liu(a)oppo.com> Cc: Oleksiy Avramchenko <oleksiy.avramchenko(a)sony.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/mm/vmalloc.c~mm-vmalloc-check-if-a-hash-index-is-in-cpu_possible_mask +++ a/mm/vmalloc.c @@ -2543,7 +2543,15 @@ static DEFINE_PER_CPU(struct vmap_block_ static struct xarray * addr_to_vb_xa(unsigned long addr) { - int index = (addr / VMAP_BLOCK_SIZE) % num_possible_cpus(); + int index = (addr / VMAP_BLOCK_SIZE) % nr_cpu_ids; + + /* + * Please note, nr_cpu_ids points on a highest set + * possible bit, i.e. we never invoke cpumask_next() + * if an index points on it which is nr_cpu_ids - 1. + */ + if (!cpu_possible(index)) + index = cpumask_next(index, cpu_possible_mask); return &per_cpu(vmap_block_queue, index).vmap_blocks; } _ Patches currently in -mm which might be from urezki(a)gmail.com are

10 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror