- Linux-stable-mirror - lists.linaro.org

[PATCH] kheaders: explicitly define file modes for archived headers

by Matthias Männich

From: Matthias Maennich <maennich(a)google.com> Build environments might be running with different umask settings resulting in indeterministic file modes for the files contained in kheaders.tar.xz. The file itself is served with 444, i.e. world readable. Archive the files explicitly with 744,a+X to improve reproducibility across build environments. --mode=0444 is not suitable as directories need to be executable. Also, 444 makes it hard to delete all the readonly files after extraction. Cc: stable(a)vger.kernel.org Cc: linux-kbuild(a)vger.kernel.org Cc: Masahiro Yamada <masahiroy(a)kernel.org> Cc: Joel Fernandes <joel(a)joelfernandes.org> Signed-off-by: Matthias Maennich <maennich(a)google.com> --- kernel/gen_kheaders.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/gen_kheaders.sh b/kernel/gen_kheaders.sh index 6d443ea22bb7..8b6e0c2bc0df 100755 --- a/kernel/gen_kheaders.sh +++ b/kernel/gen_kheaders.sh @@ -84,7 +84,7 @@ find $cpio_dir -type f -print0 | # Create archive and try to normalize metadata for reproducibility. tar "${KBUILD_BUILD_TIMESTAMP:+--mtime=$KBUILD_BUILD_TIMESTAMP}" \ - --owner=0 --group=0 --sort=name --numeric-owner \ + --owner=0 --group=0 --sort=name --numeric-owner --mode=u=rw,go=r,a+X \ -I $XZ -cf $tarfile -C $cpio_dir/ . > /dev/null echo $headers_md5 > kernel/kheaders.md5 -- 2.45.1.288.g0e0cd299f1-goog

11 months, 1 week

2
1
0 0

[PATCH v3] ata: ahci: Do not apply Intel PCS quirk on Intel Alder Lake

by Jason Nader

Commit b8b8b4e0c052 ("ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list") added Intel Alder Lake to the ahci_pci_tbl. Because of the way that the Intel PCS quirk was implemented, having an explicit entry in the ahci_pci_tbl caused the Intel PCS quirk to be applied. (The quirk was not being applied if there was no explict entry.) Thus, entries that were added to the ahci_pci_tbl also got the Intel PCS quirk applied. The quirk was cleaned up in commit 7edbb6059274 ("ahci: clean up intel_pcs_quirk"), such that it is clear which entries that actually applies the Intel PCS quirk. Newer Intel AHCI controllers do not need the Intel PCS quirk, and applying it when not needed actually breaks some platforms. Do not apply the Intel PCS quirk for Intel Alder Lake. This is in line with how things worked before commit b8b8b4e0c052 ("ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list"), such that certain platforms using Intel Alder Lake will work once again. Cc: stable(a)vger.kernel.org # 6.7 Fixes: b8b8b4e0c052 ("ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list") Signed-off-by: Jason Nader <dev(a)kayoway.com> --- drivers/ata/ahci.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index 6548f10e61d9..07d66d2c5f0d 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -429,7 +429,6 @@ static const struct pci_device_id ahci_pci_tbl[] = { { PCI_VDEVICE(INTEL, 0x02d7), board_ahci_pcs_quirk }, /* Comet Lake PCH RAID */ /* Elkhart Lake IDs 0x4b60 & 0x4b62 https://sata-io.org/product/8803 not tested yet */ { PCI_VDEVICE(INTEL, 0x4b63), board_ahci_pcs_quirk }, /* Elkhart Lake AHCI */ - { PCI_VDEVICE(INTEL, 0x7ae2), board_ahci_pcs_quirk }, /* Alder Lake-P AHCI */ /* JMicron 360/1/3/5/6, match class to avoid IDE function */ { PCI_VENDOR_ID_JMICRON, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, -- 2.45.1

11 months, 1 week

3
2
0 0

[REGRESSION][BISECTED] Scheduling errors with the AMD FX 8300 CPU

by Christian Heusel

Hello Thomas, Tim reports a regression on his AMD FX 8300 CPU that causes him scheduling errors (see dmesg below), initially on the latest stable kernel from Arch Linux. The issue reproduces by simply booting the kernel on his hardware. He also reported some ATA related errors (also attached below the dmesg), of which I dont know whether they are relevant or not. We have debugged the issue together in the ticket in our bugtracker[0] and collectively bisected it down to the following commit: c749ce393b8f ("x86/cpu: Use common topology code for AMD") Tim (in CC) offered to be available for further debugging in this thread. Reported-by: Tim Teichmann <teichmanntim(a)outlook.de> Bisected-by: Christian Heusel <christian(a)heusel.eu> Cheers, Chris [0]: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/56 --- #regzbot link: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/56 #regzbot introduced: c749ce393b8f #regzbot title: Scheduling errors with the AMD FX 8300 CPU --- dmesg output: May 23 23:36:49 archlinux kernel: smp: Bringing up secondary CPUs ... May 23 23:36:49 archlinux kernel: smpboot: x86: Booting SMP configuration: May 23 23:36:49 archlinux kernel: .... node #0, CPUs: #2 #4 #6 May 23 23:36:49 archlinux kernel: __common_interrupt: 2.55 No irq handler for vector May 23 23:36:49 archlinux kernel: __common_interrupt: 4.55 No irq handler for vector May 23 23:36:49 archlinux kernel: __common_interrupt: 6.55 No irq handler for vector May 23 23:36:49 archlinux kernel: #1 #3 #5 #7 May 23 23:36:49 archlinux kernel: ------------[ cut here ]------------ May 23 23:36:49 archlinux kernel: WARNING: CPU: 1 PID: 0 at kernel/sched/core.c:6482 sched_cpu_starting+0x183/0x250 May 23 23:36:49 archlinux kernel: Modules linked in: May 23 23:36:49 archlinux kernel: CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.9.1-arch1-2 #1 06928436e5a6b4805e171d14d8efa397d7db9ad0 May 23 23:36:49 archlinux kernel: Hardware name: Gigabyte Technology Co., Ltd. GA-78LMT-USB3 R2/GA-78LMT-USB3 R2, BIOS F1 11/08/2017 May 23 23:36:49 archlinux kernel: RIP: 0010:sched_cpu_starting+0x183/0x250 May 23 23:36:49 archlinux kernel: Code: 00 8b 0d b0 e0 10 02 39 c8 0f 83 71 ff ff ff 48 63 d0 48 8b 3c d5 20 53 71 a6 4c 01 e7 39 c3 75 c7 4c 89 bf 48 0d 00 00 eb c7 <0f> 0b eb c3 be 04 00> May 23 23:36:49 archlinux kernel: RSP: 0000:ffffa6a3c00cfe38 EFLAGS: 00010087 May 23 23:36:49 archlinux kernel: RAX: 0000000000000002 RBX: 0000000000000001 RCX: 0000000000000008 May 23 23:36:49 archlinux kernel: RDX: 0000000000000002 RSI: fffffffffffffffc RDI: ffff9367aeb36540 May 23 23:36:49 archlinux kernel: RBP: ffff9367aea99b00 R08: ffff9367aea99b00 R09: 0000000000000003 May 23 23:36:49 archlinux kernel: R10: ffff9367aea99b00 R11: 0000000000000006 R12: 0000000000036540 May 23 23:36:49 archlinux kernel: R13: 0000000000036540 R14: 0000000000000001 R15: ffff9367aea36540 May 23 23:36:49 archlinux kernel: FS: 0000000000000000(0000) GS:ffff9367aea80000(0000) knlGS:0000000000000000 May 23 23:36:49 archlinux kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 23 23:36:49 archlinux kernel: CR2: 0000000000000000 CR3: 000000036dc20000 CR4: 00000000000406f0 May 23 23:36:49 archlinux kernel: Call Trace: May 23 23:36:49 archlinux kernel: <TASK> May 23 23:36:49 archlinux kernel: ? sched_cpu_starting+0x183/0x250 May 23 23:36:49 archlinux kernel: ? __warn.cold+0x8e/0xe8 May 23 23:36:49 archlinux kernel: ? sched_cpu_starting+0x183/0x250 May 23 23:36:49 archlinux kernel: ? report_bug+0xff/0x140 May 23 23:36:49 archlinux kernel: ? handle_bug+0x3c/0x80 May 23 23:36:49 archlinux kernel: ? exc_invalid_op+0x17/0x70 May 23 23:36:49 archlinux kernel: ? asm_exc_invalid_op+0x1a/0x20 May 23 23:36:49 archlinux kernel: ? sched_cpu_starting+0x183/0x250 May 23 23:36:49 archlinux kernel: ? sched_cpu_starting+0x15a/0x250 May 23 23:36:49 archlinux kernel: ? __pfx_sched_cpu_starting+0x10/0x10 May 23 23:36:49 archlinux kernel: cpuhp_invoke_callback+0x122/0x410 May 23 23:36:49 archlinux kernel: __cpuhp_invoke_callback_range+0x64/0xc0 May 23 23:36:49 archlinux kernel: start_secondary+0x9c/0x140 May 23 23:36:49 archlinux kernel: common_startup_64+0x13e/0x141 May 23 23:36:49 archlinux kernel: </TASK> May 23 23:36:49 archlinux kernel: ---[ end trace 0000000000000000 ]--- May 23 23:36:49 archlinux kernel: __common_interrupt: 1.55 No irq handler for vector May 23 23:36:49 archlinux kernel: __common_interrupt: 3.55 No irq handler for vector May 23 23:36:49 archlinux kernel: __common_interrupt: 5.55 No irq handler for vector May 23 23:36:49 archlinux kernel: __common_interrupt: 7.55 No irq handler for vector May 23 23:36:49 archlinux kernel: smp: Brought up 1 node, 8 CPUs May 23 23:36:49 archlinux kernel: smpboot: Total of 8 processors activated (53173.28 BogoMIPS) May 23 23:36:49 archlinux kernel: ------------[ cut here ]------------ May 23 23:36:49 archlinux kernel: WARNING: CPU: 0 PID: 1 at kernel/sched/topology.c:2408 build_sched_domains+0x76b/0x12b0 May 23 23:36:49 archlinux kernel: Modules linked in: May 23 23:36:49 archlinux kernel: CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.9.1-arch1-2 #1 06928436e5a6b4805e171d14d8efa397d7db9ad0 May 23 23:36:49 archlinux kernel: Hardware name: Gigabyte Technology Co., Ltd. GA-78LMT-USB3 R2/GA-78LMT-USB3 R2, BIOS F1 11/08/2017 May 23 23:36:49 archlinux kernel: RIP: 0010:build_sched_domains+0x76b/0x12b0 May 23 23:36:49 archlinux kernel: Code: 63 4d 14 39 34 8a 0f 8e 73 fe ff ff 25 e9 ef ff ff 80 cc 04 41 89 46 3c e9 62 fe ff ff 41 c7 46 30 01 00 00 00 e9 55 fe ff ff <0f> 0b bb f4 ff ff ff> May 23 23:36:49 archlinux kernel: RSP: 0018:ffffa6a3c001fe10 EFLAGS: 00010202 May 23 23:36:49 archlinux kernel: RAX: 00000000ffffff01 RBX: 0000000000000000 RCX: 00000000ffffff01 May 23 23:36:49 archlinux kernel: RDX: 00000000fffffff8 RSI: 0000000000000003 RDI: ffff9367aea19b00 May 23 23:36:49 archlinux kernel: RBP: ffff936480367a00 R08: ffff9367aea19b00 R09: 0000000000000000 May 23 23:36:49 archlinux kernel: R10: ffffa6a3c001fdd8 R11: 0000000000000000 R12: 0000000000000001 May 23 23:36:49 archlinux kernel: R13: ffff9367aea99b00 R14: 0000000000000001 R15: ffff936480942e80 May 23 23:36:49 archlinux kernel: FS: 0000000000000000(0000) GS:ffff9367aea00000(0000) knlGS:0000000000000000 May 23 23:36:49 archlinux kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 23 23:36:49 archlinux kernel: CR2: ffff9366eea01000 CR3: 000000036dc20000 CR4: 00000000000406f0 May 23 23:36:49 archlinux kernel: Call Trace: May 23 23:36:49 archlinux kernel: <TASK> May 23 23:36:49 archlinux kernel: ? build_sched_domains+0x76b/0x12b0 May 23 23:36:49 archlinux kernel: ? __warn.cold+0x8e/0xe8 May 23 23:36:49 archlinux kernel: ? build_sched_domains+0x76b/0x12b0 May 23 23:36:49 archlinux kernel: ? report_bug+0xff/0x140 May 23 23:36:49 archlinux kernel: ? handle_bug+0x3c/0x80 May 23 23:36:49 archlinux kernel: ? exc_invalid_op+0x17/0x70 May 23 23:36:49 archlinux kernel: ? asm_exc_invalid_op+0x1a/0x20 May 23 23:36:49 archlinux kernel: ? build_sched_domains+0x76b/0x12b0 May 23 23:36:49 archlinux kernel: ? kmalloc_trace+0x13a/0x320 May 23 23:36:49 archlinux kernel: sched_init_smp+0x3e/0xc0 May 23 23:36:49 archlinux kernel: ? stop_machine+0x30/0x40 May 23 23:36:49 archlinux kernel: kernel_init_freeable+0x109/0x250 May 23 23:36:49 archlinux kernel: ? __pfx_kernel_init+0x10/0x10 May 23 23:36:49 archlinux kernel: kernel_init+0x1a/0x140 May 23 23:36:49 archlinux kernel: ret_from_fork+0x34/0x50 May 23 23:36:49 archlinux kernel: ? __pfx_kernel_init+0x10/0x10 May 23 23:36:49 archlinux kernel: ret_from_fork_asm+0x1a/0x30 May 23 23:36:49 archlinux kernel: </TASK> May 23 23:36:49 archlinux kernel: ---[ end trace 0000000000000000 ]--- --- ATA stuff: May 23 23:36:59 archlinux kernel: ata2.00: exception Emask 0x10 SAct 0x1fffe000 SErr 0x40d0002 action 0xe frozen May 23 23:36:59 archlinux kernel: ata2.00: irq_stat 0x00000040, connection status changed May 23 23:36:59 archlinux kernel: ata2: SError: { RecovComm PHYRdyChg CommWake 10B8B DevExch } May 23 23:36:59 archlinux kernel: ata2.00: failed command: WRITE FPDMA QUEUED May 23 23:36:59 archlinux kernel: ata2.00: cmd 61/10:68:10:f8:07/00:00:00:00:00/40 tag 13 ncq dma 8192 out res 40/00:01:00:00:00/00:00:00:00:00/00 Emask 0x10 (ATA bus error) May 23 23:36:59 archlinux kernel: ata2.00: status: { DRDY } May 23 23:36:59 archlinux kernel: ata2.00: failed command: WRITE FPDMA QUEUED May 23 23:36:59 archlinux kernel: ata2.00: cmd 61/08:70:28:f8:07/00:00:00:00:00/40 tag 14 ncq dma 4096 out res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x10 (ATA bus error) May 23 23:36:59 archlinux kernel: ata2.00: status: { DRDY } May 23 23:36:59 archlinux kernel: ata2.00: failed command: WRITE FPDMA QUEUED May 23 23:36:59 archlinux kernel: ata2.00: cmd 61/18:78:50:f8:07/00:00:00:00:00/40 tag 15 ncq dma 12288 out res 40/00:68:00:00:00/00:00:00:00:00/40 Emask 0x10 (ATA

11 months, 1 week

6
18
0 0

[PATCH 2/2] arm64: dts: qcom: sc7280: Disable SS instances in park mode

by Krishna Kurapati

On SC7280, in host mode, it is observed that stressing out controller in host mode results in HC died error and only restarting the host mode fixes it. Disable SS instances in park mode for these targets to avoid host controller being dead. Reported-by: Doug Anderson <dianders(a)google.com> Cc: <stable(a)vger.kernel.org> Fixes: bb9efa59c665 ("arm64: dts: qcom: sc7280: Add USB related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- arch/arm64/boot/dts/qcom/sc7280.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/sc7280.dtsi b/arch/arm64/boot/dts/qcom/sc7280.dtsi index 41f51d326111..e0d3eeb6f639 100644 --- a/arch/arm64/boot/dts/qcom/sc7280.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi @@ -4131,6 +4131,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0xe0 0x0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; maximum-speed = "super-speed"; -- 2.34.1

11 months, 1 week

2
1
0 0

[PATCH 1/2] gpio: amd8111: Convert PCIBIOS_* return codes to errnos

by Ilpo Järvinen

amd_gpio_init() uses pci_read_config_dword() that returns PCIBIOS_* codes. The return code is then returned as is but amd_gpio_init() is a module init function that should return normal errnos. Convert PCIBIOS_* returns code using pcibios_err_to_errno() into normal errno before returning it from amd_gpio_init(). Fixes: f942a7de047d ("gpio: add a driver for GPIO pins found on AMD-8111 south bridge chips") Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/gpio/gpio-amd8111.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-amd8111.c b/drivers/gpio/gpio-amd8111.c index 6f3ded619c8b..3377667a28de 100644 --- a/drivers/gpio/gpio-amd8111.c +++ b/drivers/gpio/gpio-amd8111.c @@ -195,8 +195,10 @@ static int __init amd_gpio_init(void) found: err = pci_read_config_dword(pdev, 0x58, &gp.pmbase); - if (err) + if (err) { + err = pcibios_err_to_errno(err); goto out; + } err = -EIO; gp.pmbase &= 0x0000FF00; if (gp.pmbase == 0) -- 2.39.2

11 months, 1 week

4
8
0 0

Linux 6.8.12

by Greg Kroah-Hartman

Note, this the LAST 6.8.y release, this branch is now end-of-life. Please move to the 6.9.y branch at this point in time. ----------------------- I'm announcing the release of the 6.8.12 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 Documentation/devicetree/bindings/media/i2c/ovti,ov2680.yaml | 18 Documentation/devicetree/bindings/soc/rockchip/grf.yaml | 1 Documentation/devicetree/bindings/sound/rt5645.txt | 6 Documentation/devicetree/bindings/thermal/loongson,ls2k-thermal.yaml | 24 Makefile | 2 arch/arm/configs/sunxi_defconfig | 1 arch/arm64/include/asm/irqflags.h | 1 arch/arm64/kernel/fpsimd.c | 44 arch/loongarch/kernel/perf_event.c | 2 arch/m68k/kernel/entry.S | 4 arch/m68k/mac/misc.c | 36 arch/openrisc/kernel/traps.c | 48 arch/parisc/kernel/parisc_ksyms.c | 1 arch/powerpc/sysdev/fsl_msi.c | 2 arch/riscv/Kconfig.errata | 8 arch/riscv/errata/thead/errata.c | 24 arch/riscv/include/asm/errata_list.h | 20 arch/riscv/net/bpf_jit_comp64.c | 20 arch/s390/include/asm/gmap.h | 2 arch/s390/include/asm/mmu.h | 5 arch/s390/include/asm/mmu_context.h | 1 arch/s390/include/asm/pgtable.h | 16 arch/s390/kvm/kvm-s390.c | 4 arch/s390/mm/gmap.c | 165 + arch/s390/net/bpf_jit_comp.c | 8 arch/sh/kernel/kprobes.c | 7 arch/sh/lib/checksum.S | 67 arch/x86/Kconfig | 8 arch/x86/boot/compressed/head_64.S | 5 arch/x86/crypto/nh-avx2-x86_64.S | 1 arch/x86/crypto/sha256-avx2-asm.S | 1 arch/x86/crypto/sha512-avx2-asm.S | 1 arch/x86/entry/vsyscall/vsyscall_64.c | 28 arch/x86/include/asm/cmpxchg_64.h | 2 arch/x86/include/asm/pgtable_types.h | 2 arch/x86/include/asm/processor.h | 1 arch/x86/include/asm/sparsemem.h | 2 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/tsc_sync.c | 6 arch/x86/lib/x86-opcode-map.txt | 10 arch/x86/mm/fault.c | 33 arch/x86/mm/numa.c | 4 arch/x86/mm/pat/set_memory.c | 68 arch/x86/net/bpf_jit_comp.c | 57 arch/x86/purgatory/Makefile | 3 arch/x86/tools/relocs.c | 9 block/blk-core.c | 9 block/blk-merge.c | 2 block/blk-mq.c | 4 block/blk.h | 1 block/fops.c | 2 block/genhd.c | 2 block/partitions/cmdline.c | 49 crypto/asymmetric_keys/Kconfig | 3 drivers/accessibility/speakup/main.c | 2 drivers/acpi/acpi_lpss.c | 1 drivers/acpi/acpica/Makefile | 1 drivers/acpi/bus.c | 5 drivers/acpi/numa/srat.c | 5 drivers/block/null_blk/main.c | 2 drivers/bluetooth/btmrvl_main.c | 9 drivers/bluetooth/btqca.c | 4 drivers/bluetooth/btrsi.c | 1 drivers/bluetooth/btsdio.c | 8 drivers/bluetooth/btusb.c | 5 drivers/bluetooth/hci_bcm4377.c | 1 drivers/bluetooth/hci_ldisc.c | 6 drivers/bluetooth/hci_serdev.c | 5 drivers/bluetooth/hci_uart.h | 1 drivers/bluetooth/hci_vhci.c | 10 drivers/bluetooth/virtio_bt.c | 2 drivers/char/hw_random/stm32-rng.c | 18 drivers/clk/clk-renesas-pcie.c | 10 drivers/clk/mediatek/clk-mt8365-mm.c | 2 drivers/clk/mediatek/clk-pllfh.c | 2 drivers/clk/qcom/Kconfig | 2 drivers/clk/qcom/apss-ipq-pll.c | 3 drivers/clk/qcom/clk-alpha-pll.c | 1 drivers/clk/qcom/dispcc-sm6350.c | 11 drivers/clk/qcom/dispcc-sm8450.c | 20 drivers/clk/qcom/dispcc-sm8550.c | 20 drivers/clk/qcom/dispcc-sm8650.c | 20 drivers/clk/qcom/mmcc-msm8998.c | 8 drivers/clk/renesas/r8a779a0-cpg-mssr.c | 2 drivers/clk/renesas/r9a07g043-cpg.c | 9 drivers/clk/samsung/clk-exynosautov9.c | 8 drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 drivers/cpufreq/cppc_cpufreq.c | 14 drivers/cpufreq/cpufreq.c | 11 drivers/crypto/bcm/spu2.c | 2 drivers/crypto/ccp/sp-platform.c | 14 drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 2 drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c | 1 drivers/crypto/intel/qat/qat_common/adf_rl.c | 2 drivers/crypto/intel/qat/qat_common/adf_telemetry.c | 21 drivers/crypto/intel/qat/qat_common/adf_telemetry.h | 1 drivers/crypto/marvell/octeontx2/cn10k_cpt.c | 4 drivers/dma/xilinx/xdma.c | 14 drivers/dpll/dpll_core.c | 2 drivers/edac/skx_common.c | 2 drivers/edac/versal_edac.c | 5 drivers/firmware/qcom/qcom_scm.c | 12 drivers/firmware/raspberrypi.c | 7 drivers/fpga/dfl-pci.c | 3 drivers/gpio/gpio-npcm-sgpio.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 16 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 8 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 8 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 15 drivers/gpu/drm/amd/display/dc/core/dc.c | 3 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 drivers/gpu/drm/amd/display/dc/dml/dcn31/dcn31_fpu.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c | 10 drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c | 1 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 25 drivers/gpu/drm/arm/malidp_mw.c | 5 drivers/gpu/drm/bridge/analogix/anx7625.c | 15 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 drivers/gpu/drm/bridge/chipone-icn6211.c | 6 drivers/gpu/drm/bridge/lontium-lt8912b.c | 6 drivers/gpu/drm/bridge/lontium-lt9611.c | 6 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/bridge/tc358775.c | 6 drivers/gpu/drm/bridge/ti-dlpc3433.c | 17 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 1 drivers/gpu/drm/ci/test.yml | 6 drivers/gpu/drm/display/drm_dp_helper.c | 35 drivers/gpu/drm/drm_bridge.c | 10 drivers/gpu/drm/drm_edid.c | 2 drivers/gpu/drm/drm_mipi_dsi.c | 6 drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 4 drivers/gpu/drm/imagination/pvr_vm_mips.c | 4 drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 8 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 drivers/gpu/drm/meson/meson_vclk.c | 6 drivers/gpu/drm/msm/dp/dp_aux.c | 20 drivers/gpu/drm/msm/dp/dp_aux.h | 1 drivers/gpu/drm/msm/dp/dp_ctrl.c | 6 drivers/gpu/drm/msm/dp/dp_display.c | 4 drivers/gpu/drm/msm/dp/dp_link.c | 22 drivers/gpu/drm/msm/dp/dp_link.h | 14 drivers/gpu/drm/mxsfb/lcdif_drv.c | 6 drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c | 2 drivers/gpu/drm/omapdrm/Kconfig | 2 drivers/gpu/drm/omapdrm/omap_fbdev.c | 40 drivers/gpu/drm/panel/panel-edp.c | 3 drivers/gpu/drm/panel/panel-leadtek-ltk050h3146w.c | 5 drivers/gpu/drm/panel/panel-novatek-nt35950.c | 6 drivers/gpu/drm/panel/panel-samsung-atna33xc20.c | 24 drivers/gpu/drm/panel/panel-simple.c | 3 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 22 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 10 drivers/hid/hid-mcp2221.c | 2 drivers/hid/hid-nintendo.c | 8 drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 drivers/infiniband/core/cma.c | 4 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 drivers/infiniband/hw/hns/hns_roce_cq.c | 24 drivers/infiniband/hw/hns/hns_roce_hem.h | 12 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 7 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_mr.c | 15 drivers/infiniband/hw/hns/hns_roce_srq.c | 6 drivers/infiniband/hw/mana/cq.c | 54 drivers/infiniband/hw/mana/main.c | 43 drivers/infiniband/hw/mana/mana_ib.h | 14 drivers/infiniband/hw/mana/qp.c | 26 drivers/infiniband/hw/mlx5/mem.c | 8 drivers/infiniband/hw/mlx5/mlx5_ib.h | 3 drivers/infiniband/hw/mlx5/mr.c | 35 drivers/infiniband/sw/rxe/rxe_comp.c | 6 drivers/infiniband/sw/rxe/rxe_net.c | 12 drivers/infiniband/sw/rxe/rxe_verbs.c | 6 drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 drivers/input/input.c | 104 + drivers/input/joystick/xpad.c | 2 drivers/input/mouse/amimouse.c | 8 drivers/iommu/iommu.c | 21 drivers/irqchip/irq-alpine-msi.c | 2 drivers/irqchip/irq-loongson-pch-msi.c | 2 drivers/macintosh/via-macii.c | 11 drivers/md/dm-delay.c | 14 drivers/md/md-bitmap.c | 6 drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 drivers/media/pci/intel/ipu3/ipu3-cio2.c | 10 drivers/media/pci/ngene/ngene-core.c | 4 drivers/media/platform/cadence/cdns-csi2rx.c | 26 drivers/media/platform/renesas/rcar-vin/rcar-vin.h | 2 drivers/media/radio/radio-shark2.c | 2 drivers/media/usb/uvc/uvc_driver.c | 31 drivers/media/usb/uvc/uvcvideo.h | 1 drivers/media/v4l2-core/v4l2-subdev.c | 2 drivers/misc/lkdtm/Makefile | 2 drivers/misc/lkdtm/perms.c | 2 drivers/mtd/mtdcore.c | 6 drivers/mtd/nand/raw/nand_hynix.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 50 drivers/net/dsa/mv88e6xxx/chip.h | 6 drivers/net/dsa/mv88e6xxx/global1.c | 89 + drivers/net/dsa/mv88e6xxx/global1.h | 2 drivers/net/ethernet/cortina/gemini.c | 12 drivers/net/ethernet/freescale/enetc/enetc.c | 2 drivers/net/ethernet/freescale/fec_main.c | 26 drivers/net/ethernet/intel/ice/ice_base.c | 134 + drivers/net/ethernet/intel/ice/ice_base.h | 10 drivers/net/ethernet/intel/ice/ice_common.c | 4 drivers/net/ethernet/intel/ice/ice_ddp.c | 16 drivers/net/ethernet/intel/ice/ice_lag.c | 6 drivers/net/ethernet/intel/ice/ice_lib.c | 129 - drivers/net/ethernet/intel/ice/ice_lib.h | 10 drivers/net/ethernet/intel/ice/ice_sched.c | 4 drivers/net/ethernet/intel/ice/ice_switch.c | 10 drivers/net/ethernet/intel/ice/ice_xsk.c | 22 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 3 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 240 +- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 29 drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 44 drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 6 drivers/net/ethernet/mellanox/mlx5/core/esw/bridge.c | 2 drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 4 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 28 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 6 drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c | 4 drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c | 19 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 6 drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 drivers/net/ethernet/qlogic/qed/qed_main.c | 9 drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/smsc/smc91x.h | 4 drivers/net/ethernet/stmicro/stmmac/common.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_est.c | 6 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 8 drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 105 + drivers/net/ethernet/sun/sungem.c | 14 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 14 drivers/net/ethernet/wangxun/libwx/wx_hw.c | 2 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 76 drivers/net/ethernet/wangxun/libwx/wx_lib.h | 2 drivers/net/ethernet/wangxun/libwx/wx_type.h | 23 drivers/net/ethernet/wangxun/ngbe/ngbe_ethtool.c | 18 drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 1 drivers/net/ethernet/wangxun/txgbe/Makefile | 1 drivers/net/ethernet/wangxun/txgbe/txgbe_ethtool.c | 18 drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 269 +++ drivers/net/ethernet/wangxun/txgbe/txgbe_irq.h | 7 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 172 -- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 90 - drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h | 3 drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 18 drivers/net/phy/micrel.c | 3 drivers/net/usb/aqc111.c | 8 drivers/net/usb/qmi_wwan.c | 3 drivers/net/usb/smsc95xx.c | 15 drivers/net/usb/sr9700.c | 10 drivers/net/wireless/ath/ar5523/ar5523.c | 14 drivers/net/wireless/ath/ath10k/core.c | 3 drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 drivers/net/wireless/ath/ath10k/hw.h | 1 drivers/net/wireless/ath/ath10k/targaddrs.h | 3 drivers/net/wireless/ath/ath10k/wmi.c | 26 drivers/net/wireless/ath/ath11k/mac.c | 9 drivers/net/wireless/ath/ath12k/qmi.c | 3 drivers/net/wireless/ath/ath12k/wmi.c | 2 drivers/net/wireless/ath/carl9170/tx.c | 3 drivers/net/wireless/ath/carl9170/usb.c | 32 drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 15 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 19 drivers/net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 47 drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 19 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 7 drivers/net/wireless/marvell/mwl8k.c | 2 drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 46 drivers/net/wireless/mediatek/mt76/mt7603/mac.c | 1 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 1 drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 2 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 12 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 1 drivers/net/wireless/realtek/rtw89/ps.c | 3 drivers/net/wireless/realtek/rtw89/wow.c | 12 drivers/nvme/host/core.c | 21 drivers/nvme/host/multipath.c | 3 drivers/nvme/host/nvme.h | 21 drivers/nvme/host/pci.c | 8 drivers/nvme/host/tcp.c | 10 drivers/nvme/target/auth.c | 8 drivers/nvme/target/configfs.c | 12 drivers/nvme/target/core.c | 5 drivers/nvme/target/nvmet.h | 1 drivers/nvme/target/tcp.c | 11 drivers/of/module.c | 7 drivers/perf/hisilicon/hisi_pcie_pmu.c | 14 drivers/perf/hisilicon/hns3_pmu.c | 16 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 1 drivers/platform/x86/xiaomi-wmi.c | 18 drivers/ptp/ptp_ocp.c | 6 drivers/pwm/core.c | 852 ++++------ drivers/pwm/pwm-clps711x.c | 1 drivers/pwm/pwm-cros-ec.c | 1 drivers/pwm/pwm-meson.c | 51 drivers/pwm/pwm-pxa.c | 4 drivers/pwm/pwm-sti.c | 46 drivers/pwm/sysfs.c | 4 drivers/regulator/irq_helpers.c | 3 drivers/regulator/qcom-refgen-regulator.c | 1 drivers/regulator/vqmmc-ipq4019-regulator.c | 1 drivers/s390/cio/trace.h | 2 drivers/scsi/bfa/bfad_debugfs.c | 4 drivers/scsi/hpsa.c | 2 drivers/scsi/libsas/sas_expander.c | 3 drivers/scsi/qedf/qedf_debugfs.c | 2 drivers/scsi/qla2xxx/qla_dfs.c | 2 drivers/soc/mediatek/mtk-cmdq-helper.c | 5 drivers/soc/qcom/pmic_glink.c | 26 drivers/staging/media/atomisp/pci/sh_css.c | 1 drivers/staging/media/starfive/camss/stf-camss.c | 6 drivers/thermal/mediatek/lvts_thermal.c | 4 drivers/thermal/qcom/tsens.c | 2 drivers/thermal/thermal_core.c | 12 drivers/thermal/thermal_debugfs.c | 27 drivers/thermal/thermal_debugfs.h | 4 drivers/tty/n_gsm.c | 140 + drivers/tty/serial/8250/8250_bcm7271.c | 101 - drivers/tty/serial/8250/8250_mtk.c | 8 drivers/tty/serial/sc16is7xx.c | 23 drivers/ufs/core/ufs-mcq.c | 3 drivers/ufs/core/ufshcd.c | 6 drivers/ufs/host/cdns-pltfrm.c | 2 drivers/ufs/host/ufs-qcom.c | 7 drivers/ufs/host/ufs-qcom.h | 12 drivers/video/fbdev/Kconfig | 4 drivers/video/fbdev/core/Kconfig | 6 drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 drivers/video/fbdev/sis/init301.c | 3 drivers/virt/acrn/mm.c | 61 fs/btrfs/ioctl.c | 33 fs/btrfs/qgroup.c | 21 fs/dlm/ast.c | 14 fs/dlm/dlm_internal.h | 1 fs/dlm/user.c | 15 fs/ecryptfs/keystore.c | 4 fs/eventpoll.c | 38 fs/exec.c | 11 fs/ext4/inode.c | 3 fs/ext4/mballoc.c | 1 fs/ext4/namei.c | 2 fs/gfs2/glock.c | 91 - fs/gfs2/glock.h | 1 fs/gfs2/glops.c | 3 fs/gfs2/incore.h | 1 fs/gfs2/lock_dlm.c | 32 fs/gfs2/ops_fstype.c | 1 fs/gfs2/super.c | 3 fs/gfs2/util.c | 1 fs/jffs2/xattr.c | 3 fs/libfs.c | 147 + fs/nfsd/nfsctl.c | 4 fs/nilfs2/ioctl.c | 2 fs/nilfs2/segment.c | 63 fs/ntfs3/dir.c | 1 fs/ntfs3/index.c | 6 fs/ntfs3/inode.c | 7 fs/ntfs3/record.c | 11 fs/ntfs3/super.c | 2 fs/openpromfs/inode.c | 8 fs/smb/server/mgmt/share_config.c | 6 fs/smb/server/oplock.c | 21 include/drm/display/drm_dp_helper.h | 6 include/drm/drm_displayid.h | 1 include/drm/drm_mipi_dsi.h | 6 include/linux/acpi.h | 6 include/linux/bitops.h | 1 include/linux/cpu.h | 11 include/linux/dev_printk.h | 25 include/linux/fb.h | 4 include/linux/fs.h | 8 include/linux/ieee80211.h | 2 include/linux/ksm.h | 13 include/linux/maple_tree.h | 7 include/linux/mlx5/driver.h | 1 include/linux/numa.h | 7 include/linux/overflow.h | 25 include/linux/printk.h | 2 include/linux/pwm.h | 7 include/linux/stmmac.h | 2 include/net/ax25.h | 3 include/net/bluetooth/bluetooth.h | 2 include/net/bluetooth/hci.h | 122 - include/net/bluetooth/hci_core.h | 53 include/net/bluetooth/l2cap.h | 11 include/net/mac80211.h | 3 include/net/tcp.h | 5 include/trace/events/asoc.h | 2 include/uapi/linux/bpf.h | 2 include/uapi/linux/virtio_bt.h | 1 io_uring/io-wq.c | 13 io_uring/io_uring.h | 2 io_uring/net.c | 22 io_uring/nop.c | 2 kernel/bpf/syscall.c | 5 kernel/bpf/verifier.c | 29 kernel/cgroup/cpuset.c | 2 kernel/cpu.c | 14 kernel/rcu/tasks.h | 2 kernel/rcu/tree_stall.h | 3 kernel/sched/core.c | 2 kernel/sched/fair.c | 53 kernel/sched/isolation.c | 7 kernel/sched/topology.c | 2 kernel/softirq.c | 12 kernel/trace/ftrace.c | 39 kernel/trace/ring_buffer.c | 9 kernel/trace/trace_events_user.c | 181 +- lib/fortify_kunit.c | 16 lib/kunit/device.c | 2 lib/kunit/test.c | 3 lib/kunit/try-catch.c | 9 lib/maple_tree.c | 93 + lib/overflow_kunit.c | 19 lib/slub_kunit.c | 2 lib/test_hmm.c | 8 mm/shmem.c | 7 mm/userfaultfd.c | 35 net/ax25/ax25_dev.c | 48 net/bluetooth/hci_conn.c | 35 net/bluetooth/hci_core.c | 144 - net/bluetooth/hci_event.c | 313 --- net/bluetooth/hci_sock.c | 9 net/bluetooth/hci_sync.c | 207 -- net/bluetooth/iso.c | 125 - net/bluetooth/l2cap_core.c | 77 net/bluetooth/l2cap_sock.c | 91 - net/bluetooth/mgmt.c | 84 net/bridge/br_device.c | 6 net/bridge/br_mst.c | 16 net/core/dev.c | 3 net/ipv4/tcp_ipv4.c | 13 net/ipv4/udp.c | 21 net/ipv6/reassembly.c | 2 net/ipv6/seg6.c | 5 net/ipv6/udp.c | 20 net/l2tp/l2tp_core.c | 44 net/mac80211/mlme.c | 3 net/mac80211/rate.c | 6 net/mac80211/scan.c | 17 net/mac80211/tx.c | 13 net/mptcp/protocol.c | 54 net/mptcp/protocol.h | 45 net/mptcp/sockopt.c | 129 + net/netrom/nr_route.c | 19 net/openvswitch/flow.c | 3 net/packet/af_packet.c | 3 net/qrtr/ns.c | 27 net/sunrpc/auth_gss/svcauth_gss.c | 10 net/sunrpc/stats.c | 2 net/sunrpc/svc.c | 2 net/unix/af_unix.c | 2 net/wireless/nl80211.c | 14 net/wireless/trace.h | 4 samples/landlock/sandboxer.c | 5 scripts/module.lds.S | 1 sound/core/init.c | 11 sound/hda/intel-dsp-config.c | 27 sound/pci/emu10k1/io.c | 1 sound/pci/hda/cs35l41_hda_property.c | 4 sound/pci/hda/cs35l56_hda.c | 4 sound/pci/hda/patch_realtek.c | 3 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/cs35l41.c | 26 sound/soc/codecs/cs35l56.c | 13 sound/soc/codecs/da7219-aad.c | 6 sound/soc/codecs/rt5645.c | 25 sound/soc/codecs/rt715-sdca.c | 8 sound/soc/codecs/rt715-sdw.c | 1 sound/soc/codecs/rt722-sdca.c | 27 sound/soc/codecs/rt722-sdca.h | 3 sound/soc/intel/avs/boards/ssm4567.c | 1 sound/soc/intel/avs/cldma.c | 2 sound/soc/intel/avs/path.c | 1 sound/soc/intel/avs/pcm.c | 4 sound/soc/intel/avs/probes.c | 14 sound/soc/intel/boards/bxt_da7219_max98357a.c | 1 sound/soc/intel/boards/bxt_rt298.c | 1 sound/soc/intel/boards/bytcr_rt5640.c | 14 sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 sound/soc/intel/boards/kbl_da7219_max98357a.c | 1 sound/soc/intel/boards/kbl_da7219_max98927.c | 4 sound/soc/intel/boards/kbl_rt5660.c | 1 sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 sound/soc/intel/boards/kbl_rt5663_rt5514_max98927.c | 1 sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 sound/soc/intel/boards/skl_nau88l25_max98357a.c | 1 sound/soc/intel/boards/skl_rt286.c | 1 sound/soc/kirkwood/kirkwood-dma.c | 3 sound/soc/mediatek/common/mtk-soundcard-driver.c | 6 sound/soc/sof/intel/hda-dai.c | 31 sound/soc/sof/intel/lnl.c | 3 sound/soc/sof/intel/lnl.h | 15 sound/soc/sof/intel/mtl.c | 42 sound/soc/sof/intel/mtl.h | 4 sound/soc/sof/ipc3-pcm.c | 1 sound/soc/sof/ipc4-pcm.c | 91 - sound/soc/sof/pcm.c | 13 sound/soc/sof/sof-audio.h | 2 tools/arch/x86/lib/x86-opcode-map.txt | 10 tools/bpf/bpftool/common.c | 96 - tools/bpf/bpftool/iter.c | 2 tools/bpf/bpftool/main.h | 3 tools/bpf/bpftool/prog.c | 5 tools/bpf/bpftool/skeleton/pid_iter.bpf.c | 4 tools/bpf/bpftool/struct_ops.c | 2 tools/include/nolibc/stdlib.h | 2 tools/include/uapi/linux/bpf.h | 2 tools/lib/bpf/libbpf.c | 9 tools/testing/selftests/bpf/cgroup_helpers.c | 3 tools/testing/selftests/bpf/network_helpers.c | 2 tools/testing/selftests/bpf/prog_tests/cgroup1_hierarchy.c | 7 tools/testing/selftests/bpf/prog_tests/xdp_do_redirect.c | 4 tools/testing/selftests/bpf/progs/bench_local_storage_create.c | 5 tools/testing/selftests/bpf/progs/local_storage.c | 20 tools/testing/selftests/bpf/progs/lsm_cgroup.c | 8 tools/testing/selftests/bpf/test_sockmap.c | 2 tools/testing/selftests/cgroup/cgroup_util.c | 8 tools/testing/selftests/cgroup/cgroup_util.h | 2 tools/testing/selftests/cgroup/test_core.c | 7 tools/testing/selftests/cgroup/test_cpu.c | 2 tools/testing/selftests/cgroup/test_cpuset.c | 2 tools/testing/selftests/cgroup/test_freezer.c | 2 tools/testing/selftests/cgroup/test_hugetlb_memcg.c | 2 tools/testing/selftests/cgroup/test_kill.c | 2 tools/testing/selftests/cgroup/test_kmem.c | 2 tools/testing/selftests/cgroup/test_memcontrol.c | 2 tools/testing/selftests/cgroup/test_zswap.c | 2 tools/testing/selftests/damon/_damon_sysfs.py | 2 tools/testing/selftests/filesystems/binderfs/Makefile | 2 tools/testing/selftests/ftrace/test.d/dynevent/add_remove_btfarg.tc | 2 tools/testing/selftests/kcmp/kcmp_test.c | 2 tools/testing/selftests/kvm/aarch64/vgic_init.c | 49 tools/testing/selftests/lib.mk | 12 tools/testing/selftests/net/amt.sh | 12 tools/testing/selftests/net/config | 1 tools/testing/selftests/net/forwarding/bridge_igmp.sh | 6 tools/testing/selftests/net/forwarding/bridge_mld.sh | 6 tools/testing/selftests/net/lib.sh | 6 tools/testing/selftests/resctrl/Makefile | 4 tools/testing/selftests/syscall_user_dispatch/sud_test.c | 14 tools/tracing/latency/latency-collector.c | 8 565 files changed, 5947 insertions(+), 3932 deletions(-) Aapo Vienamo (1): mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() Abdelrahman Morsy (1): HID: mcp-2221: cancel delayed_work only when CONFIG_IIO is enabled Adam Guerin (2): crypto: qat - improve error message in adf_get_arbiter_mapping() crypto: qat - improve error logging to be consistent across features Adrian Hunter (2): x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS Akiva Goldberger (2): net/mlx5: Add a timeout to acquire the command queue semaphore net/mlx5: Discard command completions in internal error Al Viro (1): parisc: add missing export of __cmpxchg_u8() Aleksandr Aprelkov (1): sunrpc: removed redundant procp check Aleksandr Burakov (1): media: ngene: Add dvb_ca_en50221_init return value check Aleksandr Mishin (6): crypto: bcm - Fix pointer arithmetic cppc_cpufreq: Fix possible null pointer dereference thermal/drivers/tsens: Fix null pointer dereference ASoC: kirkwood: Fix potential NULL dereference drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference drm: vc4: Fix possible null pointer dereference Alexander Aring (1): dlm: fix user space lock decision to copy lvb Alexander Lobakin (1): bitops: add missing prototype check Alexandre Mergnat (1): clk: mediatek: mt8365-mm: fix DPI0 parent Alexei Starovoitov (1): bpf: Fix verifier assumptions about socket->sk Aloka Dixit (1): wifi: ath12k: use correct flag field for 320 MHz channels Amadeusz Sławiński (1): ASoC: Intel: avs: Restore stream decoupling on prepare Andreas Gruenbacher (6): gfs2: Don't forget to complete delayed withdraw gfs2: Fix "ignore unlock failures after withdraw" gfs2: Remove ill-placed consistency check gfs2: Fix potential glock use-after-free on unmount gfs2: finish_xmote cleanup gfs2: do_xmote fixes Andrew Halaney (8): scsi: ufs: qcom: Perform read back after writing reset bit scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US scsi: ufs: qcom: Perform read back after writing unipro mode scsi: ufs: qcom: Perform read back after writing CGC enable scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV scsi: ufs: core: Perform read back after writing UTP_TASK_REQ_LIST_BASE_H scsi: ufs: core: Perform read back after disabling interrupts scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andrii Nakryiko (1): bpf: prevent r10 register from being marked as precise Andy Chi (1): ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11. Andy Shevchenko (1): ACPI: LPSS: Advertise number of chip selects via property AngeloGioacchino Del Regno (1): ASoC: mediatek: Assign dummy when codec not specified for a DAI link Anton Protopopov (1): bpf: Pack struct bpf_fib_lookup Ard Biesheuvel (3): arm64/fpsimd: Avoid erroneous elide of user state reload x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57 x86/purgatory: Switch to the position-independent small code model Armin Wolf (6): ACPI: bus: Indicate support for _TFP thru _OSC ACPI: bus: Indicate support for more than 16 p-states thru _OSC ACPI: bus: Indicate support for the Generic Event Device thru _OSC ACPI: Fix Generic Initiator Affinity _OSC bit ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC platform/x86: xiaomi-wmi: Fix race condition when reporting key events Arnd Bergmann (14): nilfs2: fix out-of-range warning crypto: ccp - drop platform ifdef checks enetc: avoid truncating error message qed: avoid truncating work queue length mlx5: avoid truncating error message mlx5: stop warning for 64KB pages wifi: carl9170: re-fix fortified-memset warning x86/microcode/AMD: Avoid -Wformat warning with clang-15 ACPI: disable -Wstringop-truncation drm/imagination: avoid -Woverflow warning fbdev: shmobile: fix snprintf truncation powerpc/fsl-soc: hide unused const variable fbdev: sisfb: hide unused variables media: rcar-vin: work around -Wenum-compare-conditional warning Ayala Beker (1): wifi: mac80211: don't select link ID if not provided in scan request Baochen Qiang (2): wifi: ath10k: poll service ready message before failing wifi: ath11k: don't force enable power save on non-running vdevs Bart Van Assche (1): scsi: ufs: core: mcq: Fix ufshcd_mcq_sqe_search() Basavaraj Natikar (1): HID: amd_sfh: Handle "no sensors" in PM operations Beau Belgrave (2): tracing/user_events: Prepare find/delete for same name events tracing/user_events: Fix non-spaced field matching Benjamin Berg (1): wifi: iwlwifi: mvm: fix active link counting during recovery Benjamin Marzinski (2): dm-delay: fix workqueue delay_timer race dm-delay: fix max_delay calculations Bibo Mao (1): LoongArch: Lately init pmu after smp is online Binbin Zhou (2): dt-bindings: thermal: loongson,ls2k-thermal: Add Loongson-2K0500 compatible dt-bindings: thermal: loongson,ls2k-thermal: Fix incorrect compatible definition Bjorn Andersson (1): soc: qcom: pmic_glink: Make client-lock non-sleeping Bob Pearson (3): RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt RDMA/rxe: Allow good work requests to be executed RDMA/rxe: Fix incorrect rxe_put in error path Brennan Xavier McManus (1): tools/nolibc/stdlib: fix memory error in realloc() Breno Leitao (1): af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Brian Kubisiak (1): ecryptfs: Fix buffer size for tag 66 packet Bui Quang Minh (2): scsi: bfa: Ensure the copied buf is NUL terminated scsi: qedf: Ensure the copied buf is NUL terminated Catalin Popescu (1): clk: rs9: fix wrong default value for clock amplitude Cezary Rojewski (5): ASoC: Intel: Disable route checks for Skylake boards ASoC: Intel: avs: ssm4567: Do not ignore route checks ASoC: Intel: avs: Fix ASRC module initialization ASoC: Intel: avs: Fix potential integer overflow ASoC: Intel: avs: Test result of avs_get_module_entry() Chad Monroe (1): wifi: mt76: mt7996: fix size of txpower MCU command Changhuang Liang (1): staging: media: starfive: Remove links when unregistering devices Chen Ni (3): crypto: octeontx2 - add missing check for dma_map_single HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors dpll: fix return value check for kmemdup Cheng Yu (1): sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() Chengchang Tang (5): RDMA/hns: Fix deadlock on SRQ async events. RDMA/hns: Fix UAF for cq async event RDMA/hns: Fix GMV table pagesize RDMA/hns: Use complete parentheses in macros RDMA/hns: Modify the print level of CQE error Chih-Kang Chang (1): wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode Chris Lew (1): net: qrtr: ns: Fix module refcnt Christian Hewitt (1): drm/meson: vclk: fix calculation of 59.94 fractional rates Christoph Hellwig (2): block: refine the EOF check in blkdev_iomap_begin virt: acrn: stop using follow_pfn Christoph Müllner (2): riscv: thead: Rename T-Head PBMT to MAE riscv: T-Head: Test availability bit before enabling MAE errata Christophe JAILLET (1): Bluetooth: Remove usage of the deprecated ida_simple_xx() API Chuck Lever (9): libfs: Re-arrange locking in offset_iterate_dir() libfs: Define a minimum directory offset libfs: Add simple_offset_empty() maple_tree: Add mtree_alloc_cyclic() libfs: Convert simple directory offsets to use a Maple Tree libfs: Fix simple_offset_rename_exchange() libfs: Add simple_offset_rename() API shmem: Fix shmem_rename2() SUNRPC: Fix gss_free_in_token_pages() Chun-Kuang Hu (1): soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE Clément Léger (1): selftests: sud_test: return correct emulated syscall value on RISC-V Dan Carpenter (6): speakup: Fix sizeof() vs ARRAY_SIZE() bug nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists() wifi: mwl8k: initialize cmd->addr[] properly Bluetooth: qca: Fix error code in qca_read_fw_build_info() Bluetooth: ISO: Clean up returns values in iso_connect_ind() ext4: fix potential unnitialized variable Dan Nowlin (1): ice: Fix package download algorithm Daniel Golle (1): net: ethernet: mediatek: use ADMAv1 instead of ADMAv2.0 on MT7981 and MT7986 Daniel J Blueman (1): x86/tsc: Trust initial offset in architectural TSC-adjust MSRs Daniel Starke (2): tty: n_gsm: fix possible out-of-bounds in gsm0_receive() tty: n_gsm: fix missing receive state reset after mode switch Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN920C04 compositions David Hildenbrand (3): mm/userfaultfd: Do not place zeropages when zeropages are disallowed s390/mm: Re-enable the shared zeropage for !PV and !skeys KVM guests drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() Derek Fang (2): ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating ASoC: dt-bindings: rt5645: add cbj sleeve gpio property Derek Foreman (1): drm/etnaviv: fix tx clock gating on some GC7000 variants Detlev Casanova (1): drm/rockchip: vop2: Do not divide height twice for YUV Dmitry Baryshkov (9): soc: qcom: pmic_glink: don't traverse clients list without a lock soc: qcom: pmic_glink: notify clients about the current state wifi: ath10k: populate board data for WCN3990 drm/msm/dp: allow voltage swing / pre emphasis of 3 drm/mipi-dsi: use correct return type for the DSC functions clk: qcom: dispcc-sm8450: fix DisplayPort clocks clk: qcom: dispcc-sm6350: fix DisplayPort clocks clk: qcom: dispcc-sm8550: fix DisplayPort clocks clk: qcom: dispcc-sm8650: fix DisplayPort clocks Dmitry Torokhov (1): Input: try trimming too long modalias strings Doug Berger (1): serial: 8250_bcm7271: use default_mux_rate if possible Douglas Anderson (4): drm/dp: Don't attempt AUX transfers when eDP panels are not powered drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't assert drm/mediatek: Init `ddp_comp` with devm_kcalloc() drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected Duanqiang Wen (2): Revert "net: txgbe: fix i2c dev name cannot match clkdev" Revert "net: txgbe: fix clk_name exceed MAX_DEV_ID limits" Duoming Zhou (5): wifi: brcmfmac: pcie: handle randbuf allocation failure ax25: Use kernel universal linked list to implement ax25_dev_list ax25: Fix reference count leak issues of ax25_dev ax25: Fix reference count leak issue of net_device lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure Edward Liaw (1): selftests/kcmp: remove unused open mode Eric Biggers (5): KEYS: asymmetric: Add missing dependency on CRYPTO_SIG KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST crypto: x86/nh-avx2 - add missing vzeroupper crypto: x86/sha256-avx2 - add missing vzeroupper crypto: x86/sha512-avx2 - add missing vzeroupper Eric Dumazet (7): tcp: avoid premature drops in tcp_add_backlog() net: give more chances to rcu in netdev_wait_allrefs_any() usb: aqc111: stop lying about skb->truesize net: usb: sr9700: stop lying about skb->truesize net: usb: smsc95xx: stop lying about skb->truesize netrom: fix possible dead-lock in nr_rt_ioctl() af_packet: do not call packet_read_pending() from tpacket_destruct_skb() Eric Sandeen (1): openpromfs: finish conversion to the new mount API Fabio Estevam (1): media: dt-bindings: ovti,ov2680: Fix the power supply names Felix Fietkau (2): wifi: mt76: mt7603: fix tx queue of loopback packets wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset Felix Kuehling (1): drm/amdgpu: Update BO eviction priorities Finn Thain (2): macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" m68k: mac: Fix reboot hang on Mac IIci Gabor Juhos (2): clk: qcom: clk-alpha-pll: remove invalid Stromer register offset clk: qcom: apss-ipq-pll: fix PLL rate for IPQ5018 Gabriel Krisman Bertazi (2): io-wq: write next_work before dropping acct_lock udp: Avoid call to compute_score on multiple sites Geert Uytterhoeven (4): sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() printk: Let no_printk() use _printk() dev_printk: Add and use dev_no_printk() clk: renesas: r8a779a0: Fix CANFD parent clock Geliang Tang (2): selftests/bpf: Fix umount cgroup2 error in test_sockmap selftests/bpf: Fix a fd leak in error paths in open_netns George Stark (2): pwm: meson: Add check for error from clk_round_rate() pwm: meson: Use mul_u64_u64_div_u64() for frequency calculating Giovanni Cabiddu (1): crypto: qat - specify firmware files for 402xx Greg Kroah-Hartman (1): Linux 6.8.12 Guenter Roeck (2): mm/slub, kunit: Use inverted data to corrupt kmem cache Revert "sh: Handle calling csum_partial with misaligned data" Guixiong Wei (1): x86/boot: Ignore relocations in .notes sections in walk_relocs() too Gustavo A. R. Silva (1): Bluetooth: hci_conn, hci_sync: Use __counted_by() to avoid -Wfamnae warnings Hangbin Liu (4): ipv6: sr: add missing seg6_local_exit ipv6: sr: fix incorrect unregister order ipv6: sr: fix invalid unregister error path selftests/net/lib: no need to record ns name if it already exist Hannes Reinecke (1): nvme-tcp: strict pdu pacing to avoid send stalls on TLS Hans de Goede (1): ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too Hao Chen (1): drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() Hechao Li (1): tcp: increase the default TCP scaling ratio Heiko Stuebner (2): drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init Heiner Kallweit (1): Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already" Herve Codina (1): net: lan966x: remove debugfs directory in probe() error path Himanshu Madhani (1): scsi: qla2xxx: Fix debugfs output for fw_resource_count Horatiu Vultur (1): net: micrel: Fix receiving the timestamp in the frame for lan8841 Howard Hsu (1): wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Hsin-Te Yuan (2): thermal/drivers/mediatek/lvts_thermal: Add coeff for mt8192 drm/bridge: anx7625: Update audio status while detecting Huai-Yuan Liu (1): drm/arm/malidp: fix a possible null pointer dereference Hugo Villeneuve (1): serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler INAGAKI Hiroshi (1): block: fix and simplify blkdevparts= cmdline parsing Igor Artemiev (1): wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class Ilan Peer (1): wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete Ilya Denisyev (1): jffs2: prevent xattr node from overflowing the eraseblock Ilya Leoshkevich (1): s390/bpf: Emit a barrier for BPF_FETCH instructions Ilya Maximets (1): net: openvswitch: fix overwriting ct original tuple for ICMPv6 Iulia Tanasescu (2): Bluetooth: ISO: Add hcon for listening bis sk Bluetooth: ISO: Make iso_get_sock_listen generic Ivanov Mikhail (1): samples/landlock: Fix incorrect free in populate_ruleset_net Jack Xiao (1): drm/amdgpu/mes: fix use-after-free issue Jack Yu (4): ASoC: rt722-sdca: modify channel number to support 4 channels ASoC: rt722-sdca: add headset microphone vrefo setting ASoC: rt715: add vendor clear control register ASoC: rt715-sdca: volume step modification Jaewon Kim (1): clk: samsung: exynosautov9: fix wrong pll clock id value Jagan Teki (1): drm/bridge: Fix improper bridge init order with pre_enable_prev_first Jakub Kicinski (3): eth: sungem: remove .ndo_poll_controller to avoid deadlocks selftests: net: add missing config for amt.sh selftests: net: move amt to socat for better compatibility Jan Kara (1): ext4: avoid excessive credit estimate in ext4_tmpfile() Jason Gunthorpe (1): IB/mlx5: Use __iowrite64_copy() for write combining stores Jens Axboe (3): io_uring: use the right type for work_llist empty check io_uring/net: remove dependency on REQ_F_PARTIAL_IO for sr->done_io io_uring/net: ensure async prep handlers always initialize ->done_io Jiawen Wu (7): net: wangxun: fix to change Rx features net: wangxun: match VLAN CTAG and STAG features net: txgbe: move interrupt codes to a separate file net: txgbe: use irq_domain for interrupt controller net: txgbe: fix to control VLAN strip net: txgbe: fix to clear interrupt status after handling IRQ net: txgbe: fix GPIO interrupt blocking Jim Liu (1): gpio: nuvoton: Fix sgpio irq handle error Jinjiang Tu (1): mm/ksm: fix ksm exec support for prctl Jinjie Ruan (1): arm64: Remove unnecessary irqflags alternative.h include Jiri Olsa (1): libbpf: Fix error message in attach_kprobe_multi Joel Colledge (1): dm-delay: fix hung task introduced by kthread mode Johannes Berg (7): wifi: mac80211: don't use rate mask for scanning wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() wifi: iwlwifi: mvm: allocate STA links only for active links wifi: iwlwifi: mvm: select STA mask only for active links wifi: iwlwifi: reconfigure TLC during HW restart wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask wifi: iwlwifi: mvm: init vif works only once John Hubbard (2): selftests/binderfs: use the Makefile's rules, not Make's implicit rules selftests/resctrl: fix clang build failure: use LOCAL_HDRS Josef Bacik (2): sunrpc: use the struct net as the svc proc private btrfs: take the cleaner_mutex earlier in qgroup disable Joshua Ashton (1): drm/amd/display: Set color_mgmt_changed to true on unsuspend Juergen Gross (3): x86/pat: Introduce lookup_address_in_pgd_attr() x86/pat: Restructure _lookup_address_cpa() x86/pat: Fix W^X violation false-positives when running as Xen PV guest Junhao He (2): drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group Justin Green (1): drm/mediatek: Add 0 size check to mtk_drm_gem_obj Karthikeyan Kathirvel (1): wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Kees Cook (4): kunit/fortify: Fix mismatched kvalloc()/vfree() usage lkdtm: Disable CFI checking for perms functions wifi: nl80211: Avoid address calculations via out of bounds array indexing overflow: Change DEFINE_FLEX to take __counted_by member Ken Milmore (1): r8169: Fix possible ring buffer corruption on fragmented Tx packets. Konstantin Komarov (4): fs/ntfs3: Remove max link count info display during driver init fs/ntfs3: Taking DOS names into account during link counting fs/ntfs3: Fix case when index is reused during tree transformation fs/ntfs3: Break dir enumeration if directory contents error Konstantin Taranov (3): RDMA/mana_ib: Introduce helpers to create and destroy mana queues RDMA/mana_ib: Use struct mana_ib_queue for CQs RDMA/mana_ib: boundary check before installing cq callbacks Krzysztof Kozlowski (3): regulator: qcom-refgen: fix module autoloading regulator: vqmmc-ipq4019: fix module autoloading firmware: qcom: qcm: fix unused qcom_scm_qseecom_allowlist Lad Prabhakar (1): clk: renesas: r9a07g043: Add clock and reset entry for PLIC Lancelot SIX (1): drm/amdkfd: Flush the process wq before creating a kfd_process Laurent Pinchart (2): firmware: raspberrypi: Use correct device for DMA mappings media: v4l2-subdev: Fix stream handling for crop API Leo Ma (1): drm/amd/display: Fix DC mode screen flickering on DCN321 Leon Romanovsky (1): RDMA/IPoIB: Fix format truncation compilation errors Lijo Lazar (1): drm/amd/pm: Restore config space after reset Linus Torvalds (2): x86/mm: Remove broken vsyscall emulation code from the page fault code epoll: be better about file lifetimes Linus Walleij (1): net: ethernet: cortina: Locking fixes Lorenzo Bianconi (3): wifi: mt76: mt7915: workaround too long expansion sparse warnings wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() net: ethernet: mediatek: split tx and rx fields in mtk_soc_data struct Lucas Segarra Fernandez (1): crypto: qat - validate slices count returned by FW Luiz Augusto von Dentz (2): Bluetooth: HCI: Remove HCI_AMP support Bluetooth: hci_core: Fix not handling hdev->le_num_of_adv_sets=1 Lukas Bulwahn (1): Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS Lyude Paul (1): drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() Maciej Fijalkowski (2): ice: make ice_vsi_cfg_rxq() static ice: make ice_vsi_cfg_txq() static Maher Sanalla (1): net/mlx5: Reload only IB representors upon lag disable/enable Marc Gonzalez (1): clk: qcom: mmcc-msm8998: fix venus clock issue Marek Vasut (5): hwrng: stm32 - use logical OR in conditional hwrng: stm32 - put IP into RPM suspend on failure hwrng: stm32 - repair clock handling drm/lcdif: Do not disable clocks on already suspended hardware drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Masami Hiramatsu (Google) (1): selftests/ftrace: Fix BTFARG testcase to check fprobe is enabled correctly Matthias Schiffer (2): net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches Matthieu Baerts (NGI0) (2): mptcp: SO_KEEPALIVE: fix getsockopt support mptcp: fix full TCP keep-alive support Matti Vaittinen (1): regulator: irq_helpers: duplicate IRQ name Maurizio Lombardi (2): nvmet-auth: return the error code to the nvmet_auth_host_hash() callers nvmet-auth: replace pr_debug() with pr_err() to report an error. Maxim Korotkov (1): mtd: rawnand: hynix: fixed typo Maxime Ripard (1): ARM: configs: sunxi: Enable DRM_DW_HDMI Meenakshikumar Somasundaram (1): drm/amd/display: Allocate zero bw after bw alloc enable Michael Schmitz (1): m68k: Fix spinlock race in kernel thread creation Michal Schmidt (3): selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq idpf: don't skip over ethtool tcp-data-split setting Mickaël Salaün (1): kunit: Fix kthread reference Ming Lei (1): io_uring: fail NOP if non-zero op flags is passed in Ming Yen Hsieh (1): wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command Miquel Raynal (1): dmaengine: xilinx: xdma: Clarify kdoc in XDMA driver Miri Korenblit (1): wifi: iwlwifi: implement can_activate_links callback Mukesh Ojha (1): firmware: qcom: scm: Fix __scm and waitq completion variable initialization Mukul Joshi (2): drm/amdkfd: Add VRAM accounting for SVM migration drm/amdgpu: Fix VRAM memory accounting Namjae Jeon (1): ksmbd: avoid to send duplicate oplock break notifications Nandor Kracser (1): ksmbd: ignore trailing slashes in share paths Nathan Chancellor (2): clk: qcom: Fix SC_CAMCC_8280XP dependencies clk: qcom: Fix SM_GPUCC_8650 dependencies NeilBrown (1): nfsd: don't create nfsv4recoverydir in nfsdfs when not used. Nikita Kiryushin (2): rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow rcu: Fix buffer overflow in print_cpu_stall_info() Nikita Zhandarovich (2): wifi: carl9170: add a proper sanity check for endpoints wifi: ar5523: enable proper endpoint verification Nikolay Aleksandrov (3): net: bridge: xmit: make sure we have at least eth header len bytes selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval net: bridge: mst: fix vlan use-after-free Nilay Shroff (2): nvme: find numa distance only if controller has valid numa id nvme: cancel pending I/O if nvme controller is in terminal state Nuno Pereira (1): HID: nintendo: Fix N64 controller being identified as mouse Nícolas F. R. A. Prado (9): drm/bridge: anx7625: Don't log an error when DSI host can't be found drm/bridge: icn6211: Don't log an error when DSI host can't be found drm/bridge: lt8912b: Don't log an error when DSI host can't be found drm/bridge: lt9611: Don't log an error when DSI host can't be found drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found drm/bridge: tc358775: Don't log an error when DSI host can't be found drm/bridge: dpc3433: Don't log an error when DSI host can't be found drm/panel: novatek-nt35950: Don't log an error when DSI host can't be found clk: mediatek: pllfh: Don't log error for missing fhctl node Oleg Nesterov (1): sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU Oliver Upton (1): KVM: selftests: Add test for uaccesses to non-existent vgic-v2 CPUIF Or Har-Toov (3): RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent RDMA/mlx5: Change check for cacheable mkeys RDMA/mlx5: Adding remote atomic access flag to updatable flags Oswald Buddenhagen (1): ALSA: emu10k1: make E-MU FPGA writes potentially more reliable Paolo Abeni (4): mptcp: cleanup writer wake-up mptcp: avoid some duplicate code in socket option handling mptcp: implement TCP_NOTSENT_LOWAT support mptcp: cleanup SOL_TCP handling Pavel Begunkov (1): io_uring/net: fix sendzc lazy wake polling Peter Colberg (1): fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card Peter Oberparleiter (1): s390/cio: fix tracepoint subchannel type field Peter Ujfalusi (7): ASoC: SOF: ipc4-pcm: Use consistent name for snd_sof_pcm_stream pointer ASoC: SOF: ipc4-pcm: Use consistent name for sof_ipc4_timestamp_info pointer ASoC: SOF: ipc4-pcm: Introduce generic sof_ipc4_pcm_stream_priv ASoC: SOF: Intel: mtl: Correct rom_status_reg ASoC: SOF: Intel: lnl: Correct rom_status_reg ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed ASoC: SOF: Intel: mtl: Implement firmware boot state check Petr Pavlu (1): ring-buffer: Fix a race between readers and resize checks Pierre-Louis Bossart (4): ASoC: da7219-aad: fix usage of device_get_named_child_node() ASoC: cs35l56: fix usages of device_get_named_child_node() ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection ASoC: SOF: Intel: hda-dai: fix channel map configuration for aggregated dailink Pin-yen Lin (1): serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup Portia Stephens (1): cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations Pratyush Yadav (1): media: cadence: csi2rx: configure DPHY before starting source stream Prike Liang (1): drm/amdgpu: Fix the ring buffer size for queue VM flush Puranjay Mohan (2): bpf, x86: Fix PROBE_MEM runtime load check riscv, bpf: make some atomic operations fully ordered Qiuxu Zhuo (1): EDAC/skx_common: Allow decoding of SGX addresses Quentin Monnet (1): libbpf: Prevent null-pointer dereference when prog to load has no BTF Rafael J. Wysocki (3): thermal/debugfs: Avoid excessive updates of trip point statistics thermal/debugfs: Create records for cdev states as they get used thermal/debugfs: Pass cooling device state to thermal_debug_cdev_add() Randy Dunlap (1): fbdev: sh7760fb: allow modular build Ranjani Sridharan (1): ASoC: SOF: pcm: Restrict DSP D0i3 during S0ix to IPC3 Ricardo Ribalda (2): media: radio-shark2: Avoid led_names truncations media: uvcvideo: Add quirk for Logitech Rally Bar Richard Fitzgerald (1): ALSA: hda: cs35l56: Exit cache-only after cs35l56_wait_for_firmware_boot() Richard Kinder (1): wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon timestamp field Rob Herring (1): dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node Robert Richter (1): x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() Rodrigo Siqueira (2): drm/amd/display: Ensure that dmcub support flag is set for DCN20 drm/amd/display: Add VCO speed parameter for DCN31 FPU Rohan G Thomas (3): net: stmmac: Offload queueMaxSDU from tc-taprio net: stmmac: est: Per Tx-queue error count for HLBF net: stmmac: Report taprio offload status Romain Gantois (1): net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() Ryusuke Konishi (3): nilfs2: fix use-after-free of timer for log writer thread nilfs2: fix unexpected freezing of nilfs_segctor_sync() nilfs2: fix potential hang in nilfs_detach_log_writer() Sagi Grimberg (2): nvmet-tcp: fix possible memory leak when tearing down a controller nvmet: fix nvme status code when namespace is disabled Sahil Siddiq (1): bpftool: Mount bpffs on provided dir instead of parent dir Sakari Ailus (1): media: ipu3-cio2: Request IRQ earlier Scott Mayhew (1): kunit: bail out early in __kunit_test_suites_init() if there are no suites to test Sean Christopherson (1): cpu: Ignore "mitigations" kernel parameter if CPU_MITIGATIONS=n Sebastian Urban (1): Bluetooth: compute LE flow credits based on recvbuf space SeongJae Park (1): selftests/damon/_damon_sysfs: check errors from nr_schemes file reads Sergey Shtylyov (1): of: module: add buffer overflow check in of_modalias() Shay Drory (1): net/mlx5: Fix peer devlink set for SF representor devlink port Shrikanth Hegde (1): sched/fair: Add EAS checks before updating root_domain::overutilized Shuah Khan (1): tools/latency-collector: Fix -Wformat-security compile warns Shubhrajyoti Datta (1): EDAC/versal: Do not register for NOC errors Souradeep Chakrabarti (1): net: mana: Fix the extra HZ in mana_hwc_send_request Srinivas Pandruvada (1): platform/x86: ISST: Add Grand Ridge to HPM CPU list Srinivasan Shanmugam (2): drm/amd/display: Fix potential index out of bounds in color transformation function drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() Stafford Horne (1): openrisc: traps: Don't send signals to kernel mode threads Stanislav Fomichev (1): bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE Stefan Binding (2): ASoC: cs35l41: Update DSP1RX5/6 Sources for DSP config ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 Steven Rostedt (1): ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Su Hui (1): wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Sung Joon Kim (1): drm/amd/display: Disable seamless boot on 128b/132b encoding Swapnil Patel (1): drm/amd/display: Add dtbclk access to dcn315 Takashi Iwai (2): ALSA: core: Fix NULL module pointer assignment at card init ALSA: Fix deadlocks with kctl removals at disconnection Thorsten Blum (1): net: smc91x: Fix m68k kernel compilation for ColdFire CPU Tianchen Ding (1): selftests: cgroup: skip test_cgcore_lesser_ns_open when cgroup2 mounted without nsdelegate Tom Parkin (1): l2tp: fix ICMP error handling for UDP-encap sockets Tony Lindgren (2): drm/omapdrm: Fix console by implementing fb_dirty drm/omapdrm: Fix console with deferred ops Uros Bizjak (1): locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() Uwe Kleine-König (12): Input: amimouse - mark driver struct with __refdata to prevent section mismatch pwm: sti: Prepare removing pwm_chip from driver data pwm: sti: Simplify probe function using devm functions pwm: Drop useless member .of_pwm_n_cells of struct pwm_chip pwm: Let the of_xlate callbacks accept references without period pwm: Drop duplicate check against chip->npwm in of_pwm_xlate_with_flags() pwm: Reorder symbols in core.c pwm: Provide an inline function to get the parent device of a given chip pwm: meson: Change prototype of a few helpers to prepare further changes pwm: meson: Make use of pwmchip_parent() accessor media: i2c: et8ek8: Don't strip remove function when driver is builtin pwm: Fix setting period with #pwm-cells = <1> and of_pwm_single_xlate() Vadim Fedorenko (1): ptp: ocp: fix DPLL functions Valentin Obst (1): selftests: default to host arch for LLVM builds Vicki Pfau (1): Input: xpad - add support for ASUS ROG RAIKIRI Vignesh Raman (1): drm/ci: update device type for volteer devices Viktor Malik (1): selftests/bpf: Run cgroup1_hierarchy test in own mount namespace Ville Syrjälä (1): drm/edid: Parse topology block for all DispID structure v1.x Viresh Kumar (1): cpufreq: exit() callback is optional Vitalii Bursov (1): sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Wander Lairson Costa (1): kunit: unregister the device on error Wang Yao (1): modules: Drop the .export_symbol section from the final modules Wei Fang (1): net: fec: remove .ndo_poll_controller to avoid deadlocks Will Deacon (2): Revert "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Reapply "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Xiaolei Wang (1): net: stmmac: move the EST lock to struct stmmac_priv Xingui Yang (1): scsi: libsas: Fix the failure of adding phy with zero-address to port Yi Liu (1): iommu: Undo pasid attachment only for the devices that have succeeded Yonghong Song (1): bpftool: Fix missing pids during link show Yu Kuai (2): md: fix resync softlockup when bitmap size is less than array size block: support to account io_ticks precisely Yuri Karpov (1): scsi: hpsa: Fix allocation size for Scsi_Host private data Zenghui Yu (2): irqchip/alpine-msi: Fix off-by-one in allocation error path irqchip/loongson-pch-msi: Fix off-by-one on allocation error path Zhang Yi (1): ext4: remove the redundant folio_wait_stable() Zheng Yejian (1): ftrace: Fix possible use-after-free issue in ftrace_location() Zhengchao Shao (1): RDMA/hns: Fix return value in hns_roce_map_mr_sg Zhipeng Lu (1): media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Zhu Yanjun (2): null_blk: Fix missing mutex_destroy() at module removal RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw Zqiang (1): softirq: Fix suspicious RCU usage in __do_softirq() end.to.start (1): ASoC: acp: Support microphone from device Acer 315-24p gaoxingwang (1): net: ipv6: fix wrong start position when receive hop-by-hop fragment

11 months, 1 week

1
1
0 0

Linux 6.9.3

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.3 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml | 5 Documentation/devicetree/bindings/media/i2c/ovti,ov2680.yaml | 18 Documentation/devicetree/bindings/thermal/loongson,ls2k-thermal.yaml | 24 - Makefile | 2 arch/arm/configs/sunxi_defconfig | 1 arch/arm64/include/asm/irqflags.h | 1 arch/arm64/kernel/fpsimd.c | 44 - arch/m68k/Kconfig | 2 arch/m68k/kernel/entry.S | 4 arch/m68k/mac/misc.c | 36 - arch/openrisc/kernel/process.c | 8 arch/openrisc/kernel/traps.c | 48 +- arch/parisc/kernel/parisc_ksyms.c | 1 arch/powerpc/sysdev/fsl_msi.c | 2 arch/riscv/include/asm/csr.h | 2 arch/riscv/net/bpf_jit_comp64.c | 20 arch/s390/include/asm/gmap.h | 2 arch/s390/include/asm/mmu.h | 5 arch/s390/include/asm/mmu_context.h | 1 arch/s390/include/asm/pgtable.h | 16 arch/s390/kernel/vmlinux.lds.S | 2 arch/s390/kvm/kvm-s390.c | 4 arch/s390/mm/gmap.c | 165 +++++- arch/s390/net/bpf_jit_comp.c | 8 arch/sh/kernel/kprobes.c | 7 arch/sh/lib/checksum.S | 67 -- arch/x86/Kconfig | 2 arch/x86/boot/compressed/head_64.S | 5 arch/x86/crypto/nh-avx2-x86_64.S | 1 arch/x86/crypto/sha256-avx2-asm.S | 1 arch/x86/crypto/sha512-avx2-asm.S | 1 arch/x86/include/asm/cmpxchg_64.h | 2 arch/x86/include/asm/pgtable_types.h | 2 arch/x86/include/asm/sparsemem.h | 2 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/tsc_sync.c | 6 arch/x86/lib/x86-opcode-map.txt | 10 arch/x86/mm/numa.c | 4 arch/x86/mm/pat/set_memory.c | 68 ++ arch/x86/purgatory/Makefile | 3 arch/x86/tools/relocs.c | 9 block/blk-core.c | 9 block/blk-merge.c | 2 block/blk-mq.c | 4 block/blk.h | 1 block/fops.c | 2 block/genhd.c | 2 block/partitions/cmdline.c | 49 -- crypto/asymmetric_keys/Kconfig | 3 drivers/accessibility/speakup/main.c | 2 drivers/acpi/acpi_lpss.c | 1 drivers/acpi/acpica/Makefile | 1 drivers/acpi/bus.c | 5 drivers/acpi/numa/srat.c | 5 drivers/block/null_blk/main.c | 2 drivers/bluetooth/btmrvl_main.c | 9 drivers/bluetooth/btqca.c | 4 drivers/bluetooth/btrsi.c | 1 drivers/bluetooth/btsdio.c | 8 drivers/bluetooth/btusb.c | 5 drivers/bluetooth/hci_bcm4377.c | 1 drivers/bluetooth/hci_ldisc.c | 6 drivers/bluetooth/hci_serdev.c | 5 drivers/bluetooth/hci_uart.h | 1 drivers/bluetooth/hci_vhci.c | 10 drivers/bluetooth/virtio_bt.c | 2 drivers/char/hw_random/stm32-rng.c | 18 drivers/clk/clk-renesas-pcie.c | 10 drivers/clk/mediatek/clk-mt8365-mm.c | 2 drivers/clk/mediatek/clk-pllfh.c | 2 drivers/clk/qcom/Kconfig | 2 drivers/clk/qcom/apss-ipq-pll.c | 3 drivers/clk/qcom/clk-alpha-pll.c | 1 drivers/clk/qcom/dispcc-sm6350.c | 11 drivers/clk/qcom/dispcc-sm8450.c | 20 drivers/clk/qcom/dispcc-sm8550.c | 20 drivers/clk/qcom/dispcc-sm8650.c | 20 drivers/clk/qcom/mmcc-msm8998.c | 8 drivers/clk/renesas/r8a779a0-cpg-mssr.c | 2 drivers/clk/renesas/r9a07g043-cpg.c | 9 drivers/clk/samsung/clk-exynosautov9.c | 8 drivers/clk/samsung/clk-gs101.c | 225 +++++---- drivers/clk/samsung/clk.h | 11 drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 drivers/cpufreq/cppc_cpufreq.c | 14 drivers/cpufreq/cpufreq.c | 11 drivers/crypto/bcm/spu2.c | 2 drivers/crypto/ccp/sp-platform.c | 14 drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 2 drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c | 1 drivers/crypto/intel/qat/qat_common/adf_rl.c | 2 drivers/crypto/intel/qat/qat_common/adf_telemetry.c | 21 drivers/crypto/intel/qat/qat_common/adf_telemetry.h | 1 drivers/crypto/marvell/octeontx2/cn10k_cpt.c | 4 drivers/dax/bus.c | 66 -- drivers/dpll/dpll_core.c | 2 drivers/edac/skx_common.c | 2 drivers/firmware/qcom/qcom_scm.c | 12 drivers/firmware/raspberrypi.c | 7 drivers/gpio/gpio-npcm-sgpio.c | 10 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 drivers/gpu/drm/arm/malidp_mw.c | 5 drivers/gpu/drm/bridge/analogix/anx7625.c | 15 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 drivers/gpu/drm/bridge/chipone-icn6211.c | 6 drivers/gpu/drm/bridge/lontium-lt8912b.c | 6 drivers/gpu/drm/bridge/lontium-lt9611.c | 6 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/bridge/tc358775.c | 6 drivers/gpu/drm/bridge/ti-dlpc3433.c | 17 drivers/gpu/drm/ci/test.yml | 6 drivers/gpu/drm/drm_bridge.c | 10 drivers/gpu/drm/drm_edid.c | 2 drivers/gpu/drm/drm_mipi_dsi.c | 6 drivers/gpu/drm/imagination/pvr_vm_mips.c | 4 drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 8 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 drivers/gpu/drm/meson/meson_vclk.c | 6 drivers/gpu/drm/msm/dp/dp_aux.c | 25 - drivers/gpu/drm/msm/dp/dp_aux.h | 1 drivers/gpu/drm/msm/dp/dp_catalog.c | 7 drivers/gpu/drm/msm/dp/dp_catalog.h | 3 drivers/gpu/drm/msm/dp/dp_ctrl.c | 6 drivers/gpu/drm/msm/dp/dp_display.c | 4 drivers/gpu/drm/msm/dp/dp_link.c | 22 drivers/gpu/drm/msm/dp/dp_link.h | 14 drivers/gpu/drm/mxsfb/lcdif_drv.c | 6 drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c | 2 drivers/gpu/drm/omapdrm/Kconfig | 2 drivers/gpu/drm/omapdrm/omap_fbdev.c | 40 + drivers/gpu/drm/panel/panel-edp.c | 9 drivers/gpu/drm/panel/panel-leadtek-ltk050h3146w.c | 5 drivers/gpu/drm/panel/panel-novatek-nt35950.c | 6 drivers/gpu/drm/panel/panel-samsung-atna33xc20.c | 22 drivers/gpu/drm/panel/panel-simple.c | 3 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 22 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 10 drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 drivers/infiniband/core/cma.c | 4 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 drivers/infiniband/hw/hns/hns_roce_cq.c | 24 - drivers/infiniband/hw/hns/hns_roce_device.h | 3 drivers/infiniband/hw/hns/hns_roce_hem.c | 2 drivers/infiniband/hw/hns/hns_roce_hem.h | 12 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 9 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 drivers/infiniband/hw/hns/hns_roce_main.c | 8 drivers/infiniband/hw/hns/hns_roce_mr.c | 15 drivers/infiniband/hw/hns/hns_roce_srq.c | 6 drivers/infiniband/hw/mana/cq.c | 54 -- drivers/infiniband/hw/mana/main.c | 43 + drivers/infiniband/hw/mana/mana_ib.h | 14 drivers/infiniband/hw/mana/qp.c | 26 - drivers/infiniband/hw/mlx5/mem.c | 8 drivers/infiniband/hw/mlx5/mlx5_ib.h | 3 drivers/infiniband/hw/mlx5/mr.c | 35 + drivers/infiniband/sw/rxe/rxe_comp.c | 6 drivers/infiniband/sw/rxe/rxe_net.c | 12 drivers/infiniband/sw/rxe/rxe_verbs.c | 6 drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 drivers/input/input.c | 104 +++- drivers/iommu/amd/init.c | 4 drivers/iommu/intel/iommu.c | 19 drivers/iommu/iommu.c | 21 drivers/irqchip/irq-alpine-msi.c | 2 drivers/irqchip/irq-loongson-pch-msi.c | 2 drivers/macintosh/via-macii.c | 11 drivers/md/dm-delay.c | 14 drivers/md/md-bitmap.c | 6 drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 drivers/media/pci/intel/ipu3/ipu3-cio2.c | 10 drivers/media/pci/ngene/ngene-core.c | 4 drivers/media/platform/cadence/cdns-csi2rx.c | 26 - drivers/media/platform/renesas/rcar-vin/rcar-vin.h | 2 drivers/media/radio/radio-shark2.c | 2 drivers/media/usb/uvc/uvc_driver.c | 31 + drivers/media/usb/uvc/uvcvideo.h | 1 drivers/media/v4l2-core/v4l2-subdev.c | 2 drivers/misc/lkdtm/Makefile | 2 drivers/misc/lkdtm/perms.c | 2 drivers/mtd/mtdcore.c | 6 drivers/mtd/nand/raw/nand_hynix.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 50 +- drivers/net/dsa/mv88e6xxx/chip.h | 6 drivers/net/dsa/mv88e6xxx/global1.c | 89 +++ drivers/net/dsa/mv88e6xxx/global1.h | 2 drivers/net/ethernet/cortina/gemini.c | 12 drivers/net/ethernet/freescale/enetc/enetc.c | 2 drivers/net/ethernet/freescale/fec_main.c | 26 - drivers/net/ethernet/intel/ice/ice_ddp.c | 8 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 3 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 240 +++++----- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 29 - drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 44 + drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 drivers/net/ethernet/mellanox/mlx5/core/esw/bridge.c | 2 drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 4 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 28 - drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 6 drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c | 4 drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c | 19 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 6 drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 drivers/net/ethernet/qlogic/qed/qed_main.c | 9 drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/smsc/smc91x.h | 4 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 8 drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 18 drivers/net/ethernet/sun/sungem.c | 14 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 14 drivers/net/ethernet/wangxun/libwx/wx_hw.c | 2 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 56 ++ drivers/net/ethernet/wangxun/libwx/wx_lib.h | 2 drivers/net/ethernet/wangxun/libwx/wx_type.h | 22 drivers/net/ethernet/wangxun/ngbe/ngbe_ethtool.c | 18 drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 1 drivers/net/ethernet/wangxun/txgbe/txgbe_ethtool.c | 18 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 31 + drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 1 drivers/net/phy/micrel.c | 3 drivers/net/usb/aqc111.c | 8 drivers/net/usb/smsc95xx.c | 15 drivers/net/usb/sr9700.c | 10 drivers/net/wireless/ath/ar5523/ar5523.c | 14 drivers/net/wireless/ath/ath10k/core.c | 3 drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 drivers/net/wireless/ath/ath10k/hw.h | 1 drivers/net/wireless/ath/ath10k/targaddrs.h | 3 drivers/net/wireless/ath/ath10k/wmi.c | 26 - drivers/net/wireless/ath/ath11k/mac.c | 9 drivers/net/wireless/ath/ath12k/qmi.c | 3 drivers/net/wireless/ath/ath12k/wmi.c | 2 drivers/net/wireless/ath/carl9170/tx.c | 3 drivers/net/wireless/ath/carl9170/usb.c | 32 + drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 15 drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 42 - drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 43 + drivers/net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 159 ++++-- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 19 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 36 - drivers/net/wireless/intel/iwlwifi/mvm/rx.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 7 drivers/net/wireless/marvell/mwl8k.c | 2 drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 46 + drivers/net/wireless/mediatek/mt76/mt7603/mac.c | 1 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 3 drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 2 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 12 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 1 drivers/net/wireless/realtek/rtw89/ps.c | 3 drivers/net/wireless/realtek/rtw89/wow.c | 12 drivers/of/module.c | 7 drivers/perf/hisilicon/hisi_pcie_pmu.c | 14 drivers/perf/hisilicon/hns3_pmu.c | 16 drivers/perf/riscv_pmu_sbi.c | 2 drivers/platform/x86/xiaomi-wmi.c | 18 drivers/power/supply/power_supply_sysfs.c | 20 drivers/ptp/ptp_ocp.c | 6 drivers/pwm/pwm-meson.c | 15 drivers/pwm/pwm-sti.c | 39 - drivers/s390/cio/trace.h | 2 drivers/scsi/bfa/bfad_debugfs.c | 4 drivers/scsi/hpsa.c | 2 drivers/scsi/libsas/sas_expander.c | 3 drivers/scsi/qedf/qedf_debugfs.c | 2 drivers/scsi/qla2xxx/qla_dfs.c | 2 drivers/soc/mediatek/mtk-cmdq-helper.c | 5 drivers/soc/qcom/pmic_glink.c | 26 - drivers/staging/media/atomisp/pci/sh_css.c | 1 drivers/staging/media/starfive/camss/stf-camss.c | 6 drivers/thermal/mediatek/lvts_thermal.c | 4 drivers/thermal/qcom/tsens.c | 2 drivers/thermal/thermal_core.c | 12 drivers/thermal/thermal_debugfs.c | 27 - drivers/thermal/thermal_debugfs.h | 4 drivers/tty/n_gsm.c | 140 ++++- drivers/tty/serial/8250/8250_bcm7271.c | 101 ++-- drivers/tty/serial/8250/8250_mtk.c | 8 drivers/tty/serial/sc16is7xx.c | 23 drivers/ufs/core/ufs-mcq.c | 3 drivers/ufs/core/ufshcd.c | 6 drivers/ufs/host/cdns-pltfrm.c | 2 drivers/ufs/host/ufs-qcom.c | 7 drivers/ufs/host/ufs-qcom.h | 12 drivers/video/fbdev/Kconfig | 4 drivers/video/fbdev/core/Kconfig | 6 drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 drivers/video/fbdev/sis/init301.c | 3 drivers/virt/acrn/mm.c | 61 ++ fs/btrfs/extent_io.c | 10 fs/dlm/ast.c | 14 fs/dlm/dlm_internal.h | 1 fs/dlm/user.c | 15 fs/ecryptfs/keystore.c | 4 fs/exec.c | 11 fs/ext4/inode.c | 3 fs/ext4/mballoc.c | 1 fs/ext4/namei.c | 2 fs/f2fs/checkpoint.c | 9 fs/gfs2/glock.c | 91 ++- fs/gfs2/glock.h | 1 fs/gfs2/glops.c | 3 fs/gfs2/incore.h | 1 fs/gfs2/lock_dlm.c | 32 - fs/gfs2/ops_fstype.c | 1 fs/gfs2/super.c | 3 fs/gfs2/util.c | 1 fs/jffs2/xattr.c | 3 fs/libfs.c | 55 ++ fs/nfsd/nfsctl.c | 4 fs/nilfs2/ioctl.c | 2 fs/nilfs2/segment.c | 63 ++ fs/ntfs3/dir.c | 1 fs/ntfs3/index.c | 6 fs/ntfs3/inode.c | 7 fs/ntfs3/record.c | 11 fs/ntfs3/super.c | 2 fs/openpromfs/inode.c | 8 fs/smb/server/mgmt/share_config.c | 6 fs/smb/server/oplock.c | 21 include/drm/drm_displayid.h | 1 include/drm/drm_mipi_dsi.h | 6 include/linux/acpi.h | 6 include/linux/bitops.h | 1 include/linux/dev_printk.h | 25 - include/linux/fb.h | 4 include/linux/fortify-string.h | 3 include/linux/fs.h | 2 include/linux/ieee80211.h | 2 include/linux/ksm.h | 13 include/linux/mlx5/driver.h | 1 include/linux/numa.h | 7 include/linux/printk.h | 2 include/linux/stmmac.h | 1 include/net/ax25.h | 3 include/net/bluetooth/bluetooth.h | 2 include/net/bluetooth/hci.h | 122 ----- include/net/bluetooth/hci_core.h | 47 - include/net/bluetooth/l2cap.h | 11 include/net/tcp.h | 5 include/trace/events/asoc.h | 2 include/uapi/linux/bpf.h | 2 include/uapi/linux/virtio_bt.h | 1 io_uring/io-wq.c | 13 io_uring/io_uring.h | 2 io_uring/net.c | 1 io_uring/nop.c | 2 io_uring/sqpoll.c | 6 kernel/bpf/syscall.c | 5 kernel/bpf/verifier.c | 29 - kernel/cgroup/cpuset.c | 2 kernel/rcu/tasks.h | 2 kernel/rcu/tree_stall.h | 3 kernel/sched/core.c | 2 kernel/sched/fair.c | 53 +- kernel/sched/topology.c | 2 kernel/trace/ftrace.c | 39 - kernel/trace/ring_buffer.c | 9 kernel/trace/trace_events_user.c | 76 +++ lib/fortify_kunit.c | 22 lib/kunit/device.c | 2 lib/kunit/test.c | 3 lib/kunit/try-catch.c | 9 lib/slub_kunit.c | 2 lib/test_hmm.c | 8 mm/shmem.c | 3 mm/userfaultfd.c | 35 + net/ax25/ax25_dev.c | 48 -- net/bluetooth/hci_conn.c | 3 net/bluetooth/hci_core.c | 141 ----- net/bluetooth/hci_event.c | 150 ------ net/bluetooth/hci_sock.c | 5 net/bluetooth/hci_sync.c | 207 +------- net/bluetooth/iso.c | 75 +-- net/bluetooth/l2cap_core.c | 77 ++- net/bluetooth/l2cap_sock.c | 91 +++ net/bluetooth/mgmt.c | 84 +-- net/bridge/br_device.c | 6 net/bridge/br_mst.c | 16 net/core/dev.c | 3 net/ipv4/devinet.c | 13 net/ipv4/tcp_ipv4.c | 13 net/ipv4/udp.c | 21 net/ipv6/reassembly.c | 2 net/ipv6/seg6.c | 5 net/ipv6/udp.c | 20 net/l2tp/l2tp_core.c | 44 + net/mac80211/cfg.c | 12 net/mac80211/ieee80211_i.h | 3 net/mac80211/iface.c | 4 net/mac80211/mlme.c | 53 +- net/mac80211/scan.c | 16 net/mptcp/protocol.h | 3 net/mptcp/sockopt.c | 60 ++ net/netrom/nr_route.c | 19 net/openvswitch/flow.c | 3 net/packet/af_packet.c | 3 net/qrtr/ns.c | 27 + net/sunrpc/auth_gss/svcauth_gss.c | 10 net/sunrpc/svc.c | 2 net/unix/af_unix.c | 2 net/wireless/nl80211.c | 14 net/wireless/scan.c | 47 + samples/landlock/sandboxer.c | 5 scripts/module.lds.S | 1 sound/core/init.c | 11 sound/core/timer.c | 8 sound/pci/hda/cs35l41_hda_property.c | 4 sound/pci/hda/patch_realtek.c | 3 sound/soc/intel/avs/boards/ssm4567.c | 1 sound/soc/intel/avs/cldma.c | 2 sound/soc/intel/avs/icl.c | 5 sound/soc/intel/avs/path.c | 1 sound/soc/intel/avs/pcm.c | 4 sound/soc/intel/avs/probes.c | 14 sound/soc/intel/boards/bxt_da7219_max98357a.c | 1 sound/soc/intel/boards/bxt_rt298.c | 1 sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 sound/soc/intel/boards/kbl_da7219_max98357a.c | 1 sound/soc/intel/boards/kbl_da7219_max98927.c | 4 sound/soc/intel/boards/kbl_rt5660.c | 1 sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 sound/soc/intel/boards/kbl_rt5663_rt5514_max98927.c | 1 sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 sound/soc/intel/boards/skl_nau88l25_max98357a.c | 1 sound/soc/intel/boards/skl_rt286.c | 1 sound/soc/kirkwood/kirkwood-dma.c | 3 sound/soc/mediatek/common/mtk-soundcard-driver.c | 6 sound/soc/sof/intel/hda-dai.c | 31 + sound/soc/sof/intel/lnl.c | 3 sound/soc/sof/intel/lnl.h | 15 sound/soc/sof/intel/mtl.c | 42 + sound/soc/sof/intel/mtl.h | 4 tools/arch/x86/lib/x86-opcode-map.txt | 10 tools/bpf/bpftool/common.c | 96 +++- tools/bpf/bpftool/iter.c | 2 tools/bpf/bpftool/main.h | 3 tools/bpf/bpftool/prog.c | 5 tools/bpf/bpftool/skeleton/pid_iter.bpf.c | 4 tools/bpf/bpftool/struct_ops.c | 2 tools/include/nolibc/stdlib.h | 2 tools/include/uapi/linux/bpf.h | 2 tools/lib/bpf/bpf.c | 2 tools/lib/bpf/features.c | 2 tools/lib/bpf/libbpf.c | 9 tools/testing/selftests/bpf/cgroup_helpers.c | 3 tools/testing/selftests/bpf/network_helpers.c | 2 tools/testing/selftests/bpf/prog_tests/cgroup1_hierarchy.c | 7 tools/testing/selftests/bpf/prog_tests/xdp_do_redirect.c | 4 tools/testing/selftests/bpf/progs/bench_local_storage_create.c | 5 tools/testing/selftests/bpf/progs/local_storage.c | 20 tools/testing/selftests/bpf/progs/lsm_cgroup.c | 8 tools/testing/selftests/bpf/test_sockmap.c | 2 tools/testing/selftests/cgroup/cgroup_util.c | 8 tools/testing/selftests/cgroup/cgroup_util.h | 2 tools/testing/selftests/cgroup/test_core.c | 7 tools/testing/selftests/cgroup/test_cpu.c | 2 tools/testing/selftests/cgroup/test_cpuset.c | 2 tools/testing/selftests/cgroup/test_freezer.c | 2 tools/testing/selftests/cgroup/test_hugetlb_memcg.c | 2 tools/testing/selftests/cgroup/test_kill.c | 2 tools/testing/selftests/cgroup/test_kmem.c | 2 tools/testing/selftests/cgroup/test_memcontrol.c | 2 tools/testing/selftests/cgroup/test_zswap.c | 2 tools/testing/selftests/damon/_damon_sysfs.py | 2 tools/testing/selftests/filesystems/binderfs/Makefile | 2 tools/testing/selftests/ftrace/test.d/dynevent/add_remove_btfarg.tc | 2 tools/testing/selftests/ftrace/test.d/dynevent/fprobe_entry_arg.tc | 2 tools/testing/selftests/ftrace/test.d/kprobe/kretprobe_entry_arg.tc | 2 tools/testing/selftests/kcmp/kcmp_test.c | 2 tools/testing/selftests/kselftest/ktap_helpers.sh | 4 tools/testing/selftests/lib.mk | 12 tools/testing/selftests/net/amt.sh | 12 tools/testing/selftests/net/config | 1 tools/testing/selftests/net/forwarding/bridge_igmp.sh | 6 tools/testing/selftests/net/forwarding/bridge_mld.sh | 6 tools/testing/selftests/net/lib.sh | 6 tools/testing/selftests/power_supply/test_power_supply_properties.sh | 2 tools/testing/selftests/resctrl/Makefile | 4 tools/tracing/latency/latency-collector.c | 8 489 files changed, 4171 insertions(+), 2829 deletions(-) Aapo Vienamo (1): mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() Adam Guerin (2): crypto: qat - improve error message in adf_get_arbiter_mapping() crypto: qat - improve error logging to be consistent across features Adrian Hunter (2): x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS Akiva Goldberger (2): net/mlx5: Add a timeout to acquire the command queue semaphore net/mlx5: Discard command completions in internal error Al Viro (1): parisc: add missing export of __cmpxchg_u8() Aleksandr Aprelkov (1): sunrpc: removed redundant procp check Aleksandr Burakov (1): media: ngene: Add dvb_ca_en50221_init return value check Aleksandr Mishin (6): crypto: bcm - Fix pointer arithmetic cppc_cpufreq: Fix possible null pointer dereference thermal/drivers/tsens: Fix null pointer dereference ASoC: kirkwood: Fix potential NULL dereference drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference drm: vc4: Fix possible null pointer dereference Alexander Aring (1): dlm: fix user space lock decision to copy lvb Alexander Lobakin (1): bitops: add missing prototype check Alexandre Mergnat (1): clk: mediatek: mt8365-mm: fix DPI0 parent Alexei Starovoitov (1): bpf: Fix verifier assumptions about socket->sk Aloka Dixit (1): wifi: ath12k: use correct flag field for 320 MHz channels Amadeusz Sławiński (1): ASoC: Intel: avs: Restore stream decoupling on prepare Andreas Gruenbacher (6): gfs2: Don't forget to complete delayed withdraw gfs2: Fix "ignore unlock failures after withdraw" gfs2: Remove ill-placed consistency check gfs2: Fix potential glock use-after-free on unmount gfs2: finish_xmote cleanup gfs2: do_xmote fixes Andrew Halaney (8): scsi: ufs: qcom: Perform read back after writing reset bit scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US scsi: ufs: qcom: Perform read back after writing unipro mode scsi: ufs: qcom: Perform read back after writing CGC enable scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV scsi: ufs: core: Perform read back after writing UTP_TASK_REQ_LIST_BASE_H scsi: ufs: core: Perform read back after disabling interrupts scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andrii Nakryiko (2): bpf: prevent r10 register from being marked as precise libbpf: fix feature detectors when using token_fd Andy Chi (1): ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11. Andy Shevchenko (1): ACPI: LPSS: Advertise number of chip selects via property AngeloGioacchino Del Regno (1): ASoC: mediatek: Assign dummy when codec not specified for a DAI link Anton Protopopov (1): bpf: Pack struct bpf_fib_lookup Ard Biesheuvel (3): arm64/fpsimd: Avoid erroneous elide of user state reload x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57 x86/purgatory: Switch to the position-independent small code model Armin Wolf (6): ACPI: bus: Indicate support for _TFP thru _OSC ACPI: bus: Indicate support for more than 16 p-states thru _OSC ACPI: bus: Indicate support for the Generic Event Device thru _OSC ACPI: Fix Generic Initiator Affinity _OSC bit ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC platform/x86: xiaomi-wmi: Fix race condition when reporting key events Arnd Bergmann (14): nilfs2: fix out-of-range warning crypto: ccp - drop platform ifdef checks enetc: avoid truncating error message qed: avoid truncating work queue length mlx5: avoid truncating error message mlx5: stop warning for 64KB pages wifi: carl9170: re-fix fortified-memset warning x86/microcode/AMD: Avoid -Wformat warning with clang-15 ACPI: disable -Wstringop-truncation drm/imagination: avoid -Woverflow warning fbdev: shmobile: fix snprintf truncation powerpc/fsl-soc: hide unused const variable fbdev: sisfb: hide unused variables media: rcar-vin: work around -Wenum-compare-conditional warning Atish Patra (1): RISC-V: Fix the typo in Scountovf CSR name Ayala Beker (1): wifi: mac80211: don't select link ID if not provided in scan request Baochen Qiang (2): wifi: ath10k: poll service ready message before failing wifi: ath11k: don't force enable power save on non-running vdevs Bart Van Assche (1): scsi: ufs: core: mcq: Fix ufshcd_mcq_sqe_search() Basavaraj Natikar (1): HID: amd_sfh: Handle "no sensors" in PM operations Beau Belgrave (1): tracing/user_events: Fix non-spaced field matching Benjamin Berg (2): wifi: cfg80211: ignore non-TX BSSs in per-STA profile wifi: iwlwifi: mvm: fix active link counting during recovery Benjamin Marzinski (2): dm-delay: fix workqueue delay_timer race dm-delay: fix max_delay calculations Binbin Zhou (2): dt-bindings: thermal: loongson,ls2k-thermal: Add Loongson-2K0500 compatible dt-bindings: thermal: loongson,ls2k-thermal: Fix incorrect compatible definition Bjorn Andersson (1): soc: qcom: pmic_glink: Make client-lock non-sleeping Bob Pearson (3): RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt RDMA/rxe: Allow good work requests to be executed RDMA/rxe: Fix incorrect rxe_put in error path Brennan Xavier McManus (1): tools/nolibc/stdlib: fix memory error in realloc() Breno Leitao (1): af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Brian Kubisiak (1): ecryptfs: Fix buffer size for tag 66 packet Bui Quang Minh (2): scsi: bfa: Ensure the copied buf is NUL terminated scsi: qedf: Ensure the copied buf is NUL terminated Catalin Popescu (1): clk: rs9: fix wrong default value for clock amplitude Cezary Rojewski (6): ASoC: Intel: Disable route checks for Skylake boards ASoC: Intel: avs: ssm4567: Do not ignore route checks ASoC: Intel: avs: Fix debug-slot offset calculation ASoC: Intel: avs: Fix ASRC module initialization ASoC: Intel: avs: Fix potential integer overflow ASoC: Intel: avs: Test result of avs_get_module_entry() Chad Monroe (1): wifi: mt76: mt7996: fix size of txpower MCU command Changhuang Liang (1): staging: media: starfive: Remove links when unregistering devices Chen Ni (3): crypto: octeontx2 - add missing check for dma_map_single HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors dpll: fix return value check for kmemdup Cheng Yu (1): sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() Chengchang Tang (6): RDMA/hns: Add max_ah and cq moderation capacities in query_device() RDMA/hns: Fix deadlock on SRQ async events. RDMA/hns: Fix UAF for cq async event RDMA/hns: Fix GMV table pagesize RDMA/hns: Use complete parentheses in macros RDMA/hns: Modify the print level of CQE error Chih-Kang Chang (1): wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode Chris Lew (1): net: qrtr: ns: Fix module refcnt Christian Hewitt (1): drm/meson: vclk: fix calculation of 59.94 fractional rates Christoph Hellwig (2): block: refine the EOF check in blkdev_iomap_begin virt: acrn: stop using follow_pfn Chuck Lever (4): libfs: Fix simple_offset_rename_exchange() libfs: Add simple_offset_rename() API shmem: Fix shmem_rename2() SUNRPC: Fix gss_free_in_token_pages() Chun-Kuang Hu (1): soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE Dan Carpenter (4): speakup: Fix sizeof() vs ARRAY_SIZE() bug wifi: mwl8k: initialize cmd->addr[] properly Bluetooth: qca: Fix error code in qca_read_fw_build_info() ext4: fix potential unnitialized variable Dan Nowlin (1): ice: Fix package download algorithm Daniel Golle (1): net: ethernet: mediatek: use ADMAv1 instead of ADMAv2.0 on MT7981 and MT7986 Daniel J Blueman (1): x86/tsc: Trust initial offset in architectural TSC-adjust MSRs Daniel Starke (2): tty: n_gsm: fix possible out-of-bounds in gsm0_receive() tty: n_gsm: fix missing receive state reset after mode switch David Hildenbrand (3): mm/userfaultfd: Do not place zeropages when zeropages are disallowed s390/mm: Re-enable the shared zeropage for !PV and !skeys KVM guests drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() Detlev Casanova (1): drm/rockchip: vop2: Do not divide height twice for YUV Dmitry Baryshkov (9): soc: qcom: pmic_glink: don't traverse clients list without a lock soc: qcom: pmic_glink: notify clients about the current state wifi: ath10k: populate board data for WCN3990 drm/msm/dp: allow voltage swing / pre emphasis of 3 drm/mipi-dsi: use correct return type for the DSC functions clk: qcom: dispcc-sm8450: fix DisplayPort clocks clk: qcom: dispcc-sm6350: fix DisplayPort clocks clk: qcom: dispcc-sm8550: fix DisplayPort clocks clk: qcom: dispcc-sm8650: fix DisplayPort clocks Dmitry Torokhov (1): Input: try trimming too long modalias strings Doug Berger (1): serial: 8250_bcm7271: use default_mux_rate if possible Douglas Anderson (4): drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't assert drm/mediatek: Init `ddp_comp` with devm_kcalloc() drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected drm/msm/dp: Account for the timeout in wait_hpd_asserted() callback Duoming Zhou (5): wifi: brcmfmac: pcie: handle randbuf allocation failure ax25: Use kernel universal linked list to implement ax25_dev_list ax25: Fix reference count leak issues of ax25_dev ax25: Fix reference count leak issue of net_device lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure Edward Liaw (3): selftests: Compile kselftest headers with -D_GNU_SOURCE selftests/sgx: Include KHDR_INCLUDES in Makefile selftests/kcmp: remove unused open mode Emmanuel Grumbach (1): wifi: iwlwifi: mvm: introduce esr_disable_reason Eric Biggers (5): KEYS: asymmetric: Add missing dependency on CRYPTO_SIG KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST crypto: x86/nh-avx2 - add missing vzeroupper crypto: x86/sha256-avx2 - add missing vzeroupper crypto: x86/sha512-avx2 - add missing vzeroupper Eric Dumazet (8): tcp: avoid premature drops in tcp_add_backlog() net: give more chances to rcu in netdev_wait_allrefs_any() usb: aqc111: stop lying about skb->truesize net: usb: sr9700: stop lying about skb->truesize net: usb: smsc95xx: stop lying about skb->truesize inet: fix inet_fill_ifaddr() flags truncation netrom: fix possible dead-lock in nr_rt_ioctl() af_packet: do not call packet_read_pending() from tpacket_destruct_skb() Eric Sandeen (1): openpromfs: finish conversion to the new mount API Fabio Estevam (1): media: dt-bindings: ovti,ov2680: Fix the power supply names Felix Fietkau (3): wifi: mt76: mt7603: fix tx queue of loopback packets wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset wifi: mt76: connac: use muar idx 0xe for non-mt799x as well Finn Thain (2): macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" m68k: mac: Fix reboot hang on Mac IIci Gabor Juhos (2): clk: qcom: clk-alpha-pll: remove invalid Stromer register offset clk: qcom: apss-ipq-pll: fix PLL rate for IPQ5018 Gabriel Krisman Bertazi (2): io-wq: write next_work before dropping acct_lock udp: Avoid call to compute_score on multiple sites Geert Uytterhoeven (5): sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() m68k: Move ARCH_HAS_CPU_CACHE_ALIASING printk: Let no_printk() use _printk() dev_printk: Add and use dev_no_printk() clk: renesas: r8a779a0: Fix CANFD parent clock Geliang Tang (2): selftests/bpf: Fix umount cgroup2 error in test_sockmap selftests/bpf: Fix a fd leak in error paths in open_netns George Stark (2): pwm: meson: Add check for error from clk_round_rate() pwm: meson: Use mul_u64_u64_div_u64() for frequency calculating Giovanni Cabiddu (1): crypto: qat - specify firmware files for 402xx Greg Kroah-Hartman (1): Linux 6.9.3 Guenter Roeck (2): mm/slub, kunit: Use inverted data to corrupt kmem cache Revert "sh: Handle calling csum_partial with misaligned data" Guixiong Wei (1): x86/boot: Ignore relocations in .notes sections in walk_relocs() too Gustavo A. R. Silva (1): Bluetooth: hci_conn, hci_sync: Use __counted_by() to avoid -Wfamnae warnings Hangbin Liu (4): ipv6: sr: add missing seg6_local_exit ipv6: sr: fix incorrect unregister order ipv6: sr: fix invalid unregister error path selftests/net/lib: no need to record ns name if it already exist Hao Chen (1): drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() Hechao Li (1): tcp: increase the default TCP scaling ratio Heiko Stuebner (2): drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init Heiner Kallweit (1): Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already" Herve Codina (1): net: lan966x: remove debugfs directory in probe() error path Himanshu Madhani (1): scsi: qla2xxx: Fix debugfs output for fw_resource_count Horatiu Vultur (1): net: micrel: Fix receiving the timestamp in the frame for lan8841 Howard Hsu (1): wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Hsin-Te Yuan (2): thermal/drivers/mediatek/lvts_thermal: Add coeff for mt8192 drm/bridge: anx7625: Update audio status while detecting Huai-Yuan Liu (1): drm/arm/malidp: fix a possible null pointer dereference Hugo Villeneuve (1): serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler INAGAKI Hiroshi (1): block: fix and simplify blkdevparts= cmdline parsing Ilan Peer (1): wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete Ilya Denisyev (1): jffs2: prevent xattr node from overflowing the eraseblock Ilya Leoshkevich (1): s390/bpf: Emit a barrier for BPF_FETCH instructions Ilya Maximets (1): net: openvswitch: fix overwriting ct original tuple for ICMPv6 Iulia Tanasescu (1): Bluetooth: ISO: Make iso_get_sock_listen generic Ivanov Mikhail (1): samples/landlock: Fix incorrect free in populate_ruleset_net Jaegeuk Kim (1): f2fs: fix false alarm on invalid block address Jaewon Kim (1): clk: samsung: exynosautov9: fix wrong pll clock id value Jagan Teki (1): drm/bridge: Fix improper bridge init order with pre_enable_prev_first Jakub Kicinski (3): eth: sungem: remove .ndo_poll_controller to avoid deadlocks selftests: net: add missing config for amt.sh selftests: net: move amt to socat for better compatibility Jan Kara (1): ext4: avoid excessive credit estimate in ext4_tmpfile() Jason Gunthorpe (1): IB/mlx5: Use __iowrite64_copy() for write combining stores Jens Axboe (2): io_uring/sqpoll: ensure that normal task_work is also run timely io_uring: use the right type for work_llist empty check Jiawen Wu (3): net: wangxun: fix to change Rx features net: wangxun: match VLAN CTAG and STAG features net: txgbe: fix to control VLAN strip Jim Liu (1): gpio: nuvoton: Fix sgpio irq handle error Jinjiang Tu (1): mm/ksm: fix ksm exec support for prctl Jinjie Ruan (1): arm64: Remove unnecessary irqflags alternative.h include Jiri Olsa (1): libbpf: Fix error message in attach_kprobe_multi Joel Colledge (1): dm-delay: fix hung task introduced by kthread mode Johannes Berg (8): wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() wifi: iwlwifi: mvm: allocate STA links only for active links wifi: iwlwifi: mvm: set wider BW OFDMA ignore correctly wifi: iwlwifi: mvm: select STA mask only for active links wifi: iwlwifi: reconfigure TLC during HW restart wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask wifi: mac80211: transmit deauth only if link is available wifi: iwlwifi: mvm: init vif works only once John Hubbard (2): selftests/binderfs: use the Makefile's rules, not Make's implicit rules selftests/resctrl: fix clang build failure: use LOCAL_HDRS Josef Bacik (1): btrfs: set start on clone before calling copy_extent_buffer_full Juergen Gross (3): x86/pat: Introduce lookup_address_in_pgd_attr() x86/pat: Restructure _lookup_address_cpa() x86/pat: Fix W^X violation false-positives when running as Xen PV guest Junhao He (2): drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group Justin Green (1): drm/mediatek: Add 0 size check to mtk_drm_gem_obj Karthikeyan Kathirvel (1): wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Kees Cook (4): kunit/fortify: Fix mismatched kvalloc()/vfree() usage lkdtm: Disable CFI checking for perms functions kunit/fortify: Fix replaced failure path to unbreak __alloc_size wifi: nl80211: Avoid address calculations via out of bounds array indexing Ken Milmore (1): r8169: Fix possible ring buffer corruption on fragmented Tx packets. Konstantin Komarov (4): fs/ntfs3: Remove max link count info display during driver init fs/ntfs3: Taking DOS names into account during link counting fs/ntfs3: Fix case when index is reused during tree transformation fs/ntfs3: Break dir enumeration if directory contents error Konstantin Taranov (3): RDMA/mana_ib: Introduce helpers to create and destroy mana queues RDMA/mana_ib: Use struct mana_ib_queue for CQs RDMA/mana_ib: boundary check before installing cq callbacks Krzysztof Kozlowski (1): firmware: qcom: qcm: fix unused qcom_scm_qseecom_allowlist Lad Prabhakar (1): clk: renesas: r9a07g043: Add clock and reset entry for PLIC Laurent Pinchart (2): firmware: raspberrypi: Use correct device for DMA mappings media: v4l2-subdev: Fix stream handling for crop API Leon Romanovsky (1): RDMA/IPoIB: Fix format truncation compilation errors Linus Walleij (1): net: ethernet: cortina: Locking fixes Lorenzo Bianconi (3): wifi: mt76: mt7915: workaround too long expansion sparse warnings wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() net: ethernet: mediatek: split tx and rx fields in mtk_soc_data struct Lu Baolu (1): iommu/vt-d: Decouple igfx_off from graphic identity mapping Lucas Segarra Fernandez (1): crypto: qat - validate slices count returned by FW Luiz Augusto von Dentz (2): Bluetooth: HCI: Remove HCI_AMP support Bluetooth: hci_core: Fix not handling hdev->le_num_of_adv_sets=1 Lyude Paul (1): drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() Maher Sanalla (1): net/mlx5: Reload only IB representors upon lag disable/enable Marc Gonzalez (1): clk: qcom: mmcc-msm8998: fix venus clock issue Marek Vasut (5): hwrng: stm32 - use logical OR in conditional hwrng: stm32 - put IP into RPM suspend on failure hwrng: stm32 - repair clock handling drm/lcdif: Do not disable clocks on already suspended hardware drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Masami Hiramatsu (Google) (2): selftests/ftrace: Fix BTFARG testcase to check fprobe is enabled correctly selftests/ftrace: Fix checkbashisms errors Matthias Schiffer (2): net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches Matthieu Baerts (NGI0) (2): mptcp: SO_KEEPALIVE: fix getsockopt support mptcp: fix full TCP keep-alive support Maxim Korotkov (1): mtd: rawnand: hynix: fixed typo Maxime Ripard (1): ARM: configs: sunxi: Enable DRM_DW_HDMI Michael Schmitz (1): m68k: Fix spinlock race in kernel thread creation Michal Schmidt (3): selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq idpf: don't skip over ethtool tcp-data-split setting Mickaël Salaün (1): kunit: Fix kthread reference Ming Lei (1): io_uring: fail NOP if non-zero op flags is passed in Ming Yen Hsieh (1): wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command Miri Korenblit (2): wifi: iwlwifi: mvm: calculate EMLSR mode after connection wifi: iwlwifi: mvm: don't always disable EMLSR due to BT coex Muhammad Usama Anjum (1): wifi: mt76: connac: check for null before dereferencing Mukesh Ojha (1): firmware: qcom: scm: Fix __scm and waitq completion variable initialization Namjae Jeon (1): ksmbd: avoid to send duplicate oplock break notifications Nandor Kracser (1): ksmbd: ignore trailing slashes in share paths Nathan Chancellor (2): clk: qcom: Fix SC_CAMCC_8280XP dependencies clk: qcom: Fix SM_GPUCC_8650 dependencies NeilBrown (1): nfsd: don't create nfsv4recoverydir in nfsdfs when not used. Nikita Kiryushin (2): rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow rcu: Fix buffer overflow in print_cpu_stall_info() Nikita Zhandarovich (2): wifi: carl9170: add a proper sanity check for endpoints wifi: ar5523: enable proper endpoint verification Nikolay Aleksandrov (3): net: bridge: xmit: make sure we have at least eth header len bytes selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval net: bridge: mst: fix vlan use-after-free Nuno Sa (1): dt-bindings: adc: axi-adc: add clocks property Nícolas F. R. A. Prado (11): selftests: ktap_helpers: Make it POSIX-compliant selftests: power_supply: Make it POSIX-compliant drm/bridge: anx7625: Don't log an error when DSI host can't be found drm/bridge: icn6211: Don't log an error when DSI host can't be found drm/bridge: lt8912b: Don't log an error when DSI host can't be found drm/bridge: lt9611: Don't log an error when DSI host can't be found drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found drm/bridge: tc358775: Don't log an error when DSI host can't be found drm/bridge: dpc3433: Don't log an error when DSI host can't be found drm/panel: novatek-nt35950: Don't log an error when DSI host can't be found clk: mediatek: pllfh: Don't log error for missing fhctl node Or Har-Toov (3): RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent RDMA/mlx5: Change check for cacheable mkeys RDMA/mlx5: Adding remote atomic access flag to updatable flags Paul Menzel (1): x86/fred: Fix typo in Kconfig description Pavel Begunkov (1): io_uring/net: fix sendzc lazy wake polling Peter Oberparleiter (1): s390/cio: fix tracepoint subchannel type field Peter Ujfalusi (4): ASoC: SOF: Intel: mtl: Correct rom_status_reg ASoC: SOF: Intel: lnl: Correct rom_status_reg ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed ASoC: SOF: Intel: mtl: Implement firmware boot state check Petr Pavlu (1): ring-buffer: Fix a race between readers and resize checks Pierre-Louis Bossart (1): ASoC: SOF: Intel: hda-dai: fix channel map configuration for aggregated dailink Pin-yen Lin (1): serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup Portia Stephens (1): cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations Pratyush Yadav (1): media: cadence: csi2rx: configure DPHY before starting source stream Puranjay Mohan (1): riscv, bpf: make some atomic operations fully ordered Qiuxu Zhuo (1): EDAC/skx_common: Allow decoding of SGX addresses Quentin Monnet (1): libbpf: Prevent null-pointer dereference when prog to load has no BTF Rafael J. Wysocki (3): thermal/debugfs: Avoid excessive updates of trip point statistics thermal/debugfs: Create records for cdev states as they get used thermal/debugfs: Pass cooling device state to thermal_debug_cdev_add() Randy Dunlap (1): fbdev: sh7760fb: allow modular build Ricardo Ribalda (2): media: radio-shark2: Avoid led_names truncations media: uvcvideo: Add quirk for Logitech Rally Bar Robert Richter (1): x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() Romain Gantois (1): net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() Ryusuke Konishi (3): nilfs2: fix use-after-free of timer for log writer thread nilfs2: fix unexpected freezing of nilfs_segctor_sync() nilfs2: fix potential hang in nilfs_detach_log_writer() Sahil Siddiq (1): bpftool: Mount bpffs on provided dir instead of parent dir Sakari Ailus (1): media: ipu3-cio2: Request IRQ earlier Scott Mayhew (1): kunit: bail out early in __kunit_test_suites_init() if there are no suites to test Sebastian Urban (1): Bluetooth: compute LE flow credits based on recvbuf space SeongJae Park (1): selftests/damon/_damon_sysfs: check errors from nr_schemes file reads Sergey Shtylyov (1): of: module: add buffer overflow check in of_modalias() Shay Drory (2): net/mlx5e: Fix netif state handling net/mlx5: Fix peer devlink set for SF representor devlink port Shrikanth Hegde (1): sched/fair: Add EAS checks before updating root_domain::overutilized Shuah Khan (3): tools/latency-collector: Fix -Wformat-security compile warns Revert "selftests: Compile kselftest headers with -D_GNU_SOURCE" Revert "selftests/sgx: Include KHDR_INCLUDES in Makefile" Souradeep Chakrabarti (1): net: mana: Fix the extra HZ in mana_hwc_send_request Srinivasan Shanmugam (2): drm/amd/display: Fix potential index out of bounds in color transformation function drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() Stafford Horne (2): openrisc: Use do_kernel_power_off() openrisc: traps: Don't send signals to kernel mode threads Stanislav Fomichev (1): bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE Stefan Binding (1): ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 Steven Rostedt (1): ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Su Hui (1): wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Sumanth Korikkar (1): s390: vmlinux.lds.S: Drop .hash and .gnu.hash for !CONFIG_PIE_BUILD Takashi Iwai (3): ALSA: core: Fix NULL module pointer assignment at card init ALSA: timer: Set lower bound of start tick time ALSA: Fix deadlocks with kctl removals at disconnection Thomas Weißschuh (1): power: supply: core: simplify charge_behaviour formatting Thorsten Blum (1): net: smc91x: Fix m68k kernel compilation for ColdFire CPU Tianchen Ding (1): selftests: cgroup: skip test_cgcore_lesser_ns_open when cgroup2 mounted without nsdelegate Tom Parkin (1): l2tp: fix ICMP error handling for UDP-encap sockets Tony Lindgren (2): drm/omapdrm: Fix console by implementing fb_dirty drm/omapdrm: Fix console with deferred ops Tudor Ambarus (2): clk: samsung: gs101: propagate PERIC0 USI SPI clock rate clk: samsung: gs101: propagate PERIC1 USI SPI clock rate Uros Bizjak (1): locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() Uwe Kleine-König (2): pwm: sti: Simplify probe function using devm functions media: i2c: et8ek8: Don't strip remove function when driver is builtin Vadim Fedorenko (1): ptp: ocp: fix DPLL functions Valentin Obst (1): selftests: default to host arch for LLVM builds Vasant Hegde (1): iommu/amd: Enable Guest Translation after reading IOMMU feature register Vignesh Raman (1): drm/ci: update device type for volteer devices Viktor Malik (1): selftests/bpf: Run cgroup1_hierarchy test in own mount namespace Ville Syrjälä (1): drm/edid: Parse topology block for all DispID structure v1.x Viresh Kumar (1): cpufreq: exit() callback is optional Vishal Verma (4): dax/bus.c: replace WARN_ON_ONCE() with lockdep asserts dax/bus.c: fix locking for unregister_dax_dev / unregister_dax_mapping paths dax/bus.c: don't use down_write_killable for non-user processes dax/bus.c: use the right locking mode (read vs write) in size_show Vitalii Bursov (1): sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Wander Lairson Costa (1): kunit: unregister the device on error Wang Yao (1): modules: Drop the .export_symbol section from the final modules Wei Fang (1): net: fec: remove .ndo_poll_controller to avoid deadlocks Will Deacon (2): Revert "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Reapply "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Xiaolei Wang (1): net: stmmac: move the EST lock to struct stmmac_priv Xingui Yang (1): scsi: libsas: Fix the failure of adding phy with zero-address to port Yi Liu (1): iommu: Undo pasid attachment only for the devices that have succeeded Yonghong Song (1): bpftool: Fix missing pids during link show Yu Kuai (2): md: fix resync softlockup when bitmap size is less than array size block: support to account io_ticks precisely Yuri Karpov (1): scsi: hpsa: Fix allocation size for Scsi_Host private data Zenghui Yu (2): irqchip/alpine-msi: Fix off-by-one in allocation error path irqchip/loongson-pch-msi: Fix off-by-one on allocation error path Zhang Yi (1): ext4: remove the redundant folio_wait_stable() Zheng Yejian (1): ftrace: Fix possible use-after-free issue in ftrace_location() Zhengchao Shao (1): RDMA/hns: Fix return value in hns_roce_map_mr_sg Zhengqiao Xia (1): drm/panel-edp: Add prepare_to_enable to 200ms for MNC207QS1-1 Zhipeng Lu (1): media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Zhu Yanjun (2): null_blk: Fix missing mutex_destroy() at module removal RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw gaoxingwang (1): net: ipv6: fix wrong start position when receive hop-by-hop fragment wenglianfa (1): RDMA/hns: Fix mismatch exception rollback

11 months, 1 week

1
1
0 0

[PATCH v2] hwmon: (nzxt-smart2) Add support for device 1e71:2020

by Aleksandr Mezin

Add support for device with USB ID 1e71:2020. Fan speed control reported to be working with existing userspace (hidraw) software, so I assume it's compatible. Fan channel count is the same. No known differences from already supported devices, at least regarding fan speed control and initialization. Discovered in liquidctl project: https://github.com/liquidctl/liquidctl/pull/702 Signed-off-by: Aleksandr Mezin <mezin.alexander(a)gmail.com> Cc: stable(a)vger.kernel.org # v6.1+ --- v2: Improved the description, changed the subject to include device id (previous subject was "hwmon: (nzxt-smart2) add another USB ID"). drivers/hwmon/nzxt-smart2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/hwmon/nzxt-smart2.c b/drivers/hwmon/nzxt-smart2.c index 7aa586eb74be..df6fa72a6b59 100644 --- a/drivers/hwmon/nzxt-smart2.c +++ b/drivers/hwmon/nzxt-smart2.c @@ -799,6 +799,7 @@ static const struct hid_device_id nzxt_smart2_hid_id_table[] = { { HID_USB_DEVICE(0x1e71, 0x2010) }, /* NZXT RGB & Fan Controller */ { HID_USB_DEVICE(0x1e71, 0x2011) }, /* NZXT RGB & Fan Controller (6 RGB) */ { HID_USB_DEVICE(0x1e71, 0x2019) }, /* NZXT RGB & Fan Controller (6 RGB) */ + { HID_USB_DEVICE(0x1e71, 0x2020) }, /* NZXT RGB & Fan Controller (6 RGB) */ {}, }; -- 2.45.1

11 months, 1 week

2
1
0 0

[PATCH v2 0/3] device property: introduce fwnode_for_each_available_child_node_scoped()

by Javier Carrasco

The _scoped() version of the fwnode_for_each_available_child_node() follows the approach recently taken for other loops that handle child nodes like for_each_child_of_node_scoped() or device_for_each_child_node_scoped(), which are based on the __free() auto cleanup handler to remove the need for fwnode_handle_put() on early loop exits. This new variant has been tested with the LTC2992, which currently uses the non-scoped variant. There is one error path that does not decrement the refcount of the child node, which can be fixed by using the new macro. The bug was introduced in a later modification of the loop, which shows how useful an automatic cleanup solution can be in many uses of the non-scoped version. In order to provide a backportable patch, the conversion in the LTC2992 driver is carried out in two steps: first the missing fwnode_handle_put() is added, and then the code is refactored to adopt the new, safer approach. @Andy Shevchenko: I kept your Reviewed-by in 3/3, that now also removes the new fwnode_handle_put() and braces added with 1/3. Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Changes in v2: - Fix the memory leak in a backportable patch and tag it for stable. - Refactor 1/3 with 3/3 as well. - Link to v1: https://lore.kernel.org/r/20240522-fwnode_for_each_available_child_node_sco… --- Javier Carrasco (3): hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() device property: introduce fwnode_for_each_available_child_node_scoped() hwmon: (ltc2992) Use fwnode_for_each_available_child_node_scoped() drivers/hwmon/ltc2992.c | 11 +++-------- include/linux/property.h | 5 +++++ 2 files changed, 8 insertions(+), 8 deletions(-) --- base-commit: 124cfbcd6d185d4f50be02d5f5afe61578916773 change-id: 20240521-fwnode_for_each_available_child_node_scoped-8f1f09d3a10c Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

11 months, 1 week

2
2
0 0

[PATCH 6.10] ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension

by Peter Ujfalusi

If a process module does not have base config extension then the same format applies to all of it's inputs and the process->base_config_ext is NULL, causing NULL dereference when specifically crafted topology and sequences used. Fixes: 648fea128476 ("ASoC: SOF: ipc4-topology: set copier output format for process module") Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Reviewed-by: Seppo Ingalsuo <seppo.ingalsuo(a)linux.intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- Hi Mark, Can you please pick this patch for 6.10 as it can fix a potential NULL pointer dereference bug. Thank you, Peter sound/soc/sof/ipc4-topology.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c index beff10989324..33e8c5f7d9ca 100644 --- a/sound/soc/sof/ipc4-topology.c +++ b/sound/soc/sof/ipc4-topology.c @@ -217,6 +217,14 @@ sof_ipc4_get_input_pin_audio_fmt(struct snd_sof_widget *swidget, int pin_index) } process = swidget->private; + + /* + * For process modules without base config extension, base module config + * format is used for all input pins + */ + if (process->init_config != SOF_IPC4_MODULE_INIT_CONFIG_TYPE_BASE_CFG_WITH_EXT) + return &process->base_config.audio_fmt; + base_cfg_ext = process->base_config_ext; /* -- 2.45.1

11 months, 1 week

2
1
0 0

[PATCH 1/1] cxl/pci: Convert PCIBIOS_* return codes to errnos

by Ilpo Järvinen

pci_{read,write}_config_*word() and pcie_capability_read_word() return PCIBIOS_* codes, not usual errnos. Fix return value checks to handle PCIBIOS_* return codes correctly by dropping < 0 from the check and convert the PCIBIOS_* return codes into errnos using pcibios_err_to_errno() before returning them. Fixes: ce17ad0d5498 ("cxl: Wait Memory_Info_Valid before access memory related info") Fixes: 34e37b4c432c ("cxl/port: Enable HDM Capability after validating DVSEC Ranges") Fixes: 14d788740774 ("cxl/mem: Consolidate CXL DVSEC Range enumeration in the core") Fixes: 560f78559006 ("cxl/pci: Retrieve CXL DVSEC memory info") Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/cxl/core/pci.c | 30 +++++++++++++++--------------- drivers/cxl/pci.c | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/cxl/core/pci.c b/drivers/cxl/core/pci.c index 8567dd11eaac..9ca67d4e0a89 100644 --- a/drivers/cxl/core/pci.c +++ b/drivers/cxl/core/pci.c @@ -121,7 +121,7 @@ static int cxl_dvsec_mem_range_valid(struct cxl_dev_state *cxlds, int id) d + CXL_DVSEC_RANGE_SIZE_LOW(id), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); valid = FIELD_GET(CXL_DVSEC_MEM_INFO_VALID, temp); if (valid) @@ -155,7 +155,7 @@ static int cxl_dvsec_mem_range_active(struct cxl_dev_state *cxlds, int id) rc = pci_read_config_dword( pdev, d + CXL_DVSEC_RANGE_SIZE_LOW(id), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); active = FIELD_GET(CXL_DVSEC_MEM_ACTIVE, temp); if (active) @@ -188,7 +188,7 @@ int cxl_await_media_ready(struct cxl_dev_state *cxlds) rc = pci_read_config_word(pdev, d + CXL_DVSEC_CAP_OFFSET, &cap); if (rc) - return rc; + return pcibios_err_to_errno(rc); hdm_count = FIELD_GET(CXL_DVSEC_HDM_COUNT_MASK, cap); for (i = 0; i < hdm_count; i++) { @@ -225,7 +225,7 @@ static int wait_for_valid(struct pci_dev *pdev, int d) */ rc = pci_read_config_dword(pdev, d + CXL_DVSEC_RANGE_SIZE_LOW(0), &val); if (rc) - return rc; + return pcibios_err_to_errno(rc); if (val & CXL_DVSEC_MEM_INFO_VALID) return 0; @@ -234,7 +234,7 @@ static int wait_for_valid(struct pci_dev *pdev, int d) rc = pci_read_config_dword(pdev, d + CXL_DVSEC_RANGE_SIZE_LOW(0), &val); if (rc) - return rc; + return pcibios_err_to_errno(rc); if (val & CXL_DVSEC_MEM_INFO_VALID) return 0; @@ -250,8 +250,8 @@ static int cxl_set_mem_enable(struct cxl_dev_state *cxlds, u16 val) int rc; rc = pci_read_config_word(pdev, d + CXL_DVSEC_CTRL_OFFSET, &ctrl); - if (rc < 0) - return rc; + if (rc) + return pcibios_err_to_errno(rc); if ((ctrl & CXL_DVSEC_MEM_ENABLE) == val) return 1; @@ -259,8 +259,8 @@ static int cxl_set_mem_enable(struct cxl_dev_state *cxlds, u16 val) ctrl |= val; rc = pci_write_config_word(pdev, d + CXL_DVSEC_CTRL_OFFSET, ctrl); - if (rc < 0) - return rc; + if (rc) + return pcibios_err_to_errno(rc); return 0; } @@ -336,11 +336,11 @@ int cxl_dvsec_rr_decode(struct device *dev, int d, rc = pci_read_config_word(pdev, d + CXL_DVSEC_CAP_OFFSET, &cap); if (rc) - return rc; + return pcibios_err_to_errno(rc); rc = pci_read_config_word(pdev, d + CXL_DVSEC_CTRL_OFFSET, &ctrl); if (rc) - return rc; + return pcibios_err_to_errno(rc); if (!(cap & CXL_DVSEC_MEM_CAPABLE)) { dev_dbg(dev, "Not MEM Capable\n"); @@ -379,14 +379,14 @@ int cxl_dvsec_rr_decode(struct device *dev, int d, rc = pci_read_config_dword( pdev, d + CXL_DVSEC_RANGE_SIZE_HIGH(i), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); size = (u64)temp << 32; rc = pci_read_config_dword( pdev, d + CXL_DVSEC_RANGE_SIZE_LOW(i), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); size |= temp & CXL_DVSEC_MEM_SIZE_LOW_MASK; if (!size) { @@ -400,14 +400,14 @@ int cxl_dvsec_rr_decode(struct device *dev, int d, rc = pci_read_config_dword( pdev, d + CXL_DVSEC_RANGE_BASE_HIGH(i), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); base = (u64)temp << 32; rc = pci_read_config_dword( pdev, d + CXL_DVSEC_RANGE_BASE_LOW(i), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); base |= temp & CXL_DVSEC_MEM_BASE_LOW_MASK; diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c index e53646e9f2fb..0ec9cbc64896 100644 --- a/drivers/cxl/pci.c +++ b/drivers/cxl/pci.c @@ -540,7 +540,7 @@ static int cxl_pci_ras_unmask(struct pci_dev *pdev) rc = pcie_capability_read_word(pdev, PCI_EXP_DEVCTL, &cap); if (rc) - return rc; + return pcibios_err_to_errno(rc); if (cap & PCI_EXP_DEVCTL_URRE) { addr = cxlds->regs.ras + CXL_RAS_UNCORRECTABLE_MASK_OFFSET; -- 2.39.2

11 months, 1 week

3
4
0 0

[PATCH 09/13] pinctrl: qcom: spmi-gpio: drop broken pm8008 support

by Johan Hovold

The SPMI GPIO driver assumes that the parent device is an SPMI device and accesses random data when backcasting the parent struct device pointer for non-SPMI devices. Fortunately this does not seem to cause any issues currently when the parent device is an I2C client like the PM8008, but this could change if the structures are reorganised (e.g. using structure randomisation). Notably the interrupt implementation is also broken for non-SPMI devices. Also note that the two GPIO pins on PM8008 are used for interrupts and reset so their practical use should be limited. Drop the broken GPIO support for PM8008 for now. Fixes: ea119e5a482a ("pinctrl: qcom-pmic-gpio: Add support for pm8008") Cc: stable(a)vger.kernel.org # 5.13 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/pinctrl/qcom/pinctrl-spmi-gpio.c b/drivers/pinctrl/qcom/pinctrl-spmi-gpio.c index f4e2c88a7c82..e61be7d05494 100644 --- a/drivers/pinctrl/qcom/pinctrl-spmi-gpio.c +++ b/drivers/pinctrl/qcom/pinctrl-spmi-gpio.c @@ -1206,7 +1206,6 @@ static const struct of_device_id pmic_gpio_of_match[] = { { .compatible = "qcom,pm7325-gpio", .data = (void *) 10 }, { .compatible = "qcom,pm7550ba-gpio", .data = (void *) 8}, { .compatible = "qcom,pm8005-gpio", .data = (void *) 4 }, - { .compatible = "qcom,pm8008-gpio", .data = (void *) 2 }, { .compatible = "qcom,pm8019-gpio", .data = (void *) 6 }, /* pm8150 has 10 GPIOs with holes on 2, 5, 7 and 8 */ { .compatible = "qcom,pm8150-gpio", .data = (void *) 10 }, -- 2.43.2

11 months, 1 week

5
4
0 0

[PATCH 6.1] wifi: mac80211: apply mcast rate only if interface is up

by Alexander Ofitserov

From: Johannes Berg <johannes.berg(a)intel.com> If the interface isn't enabled, don't apply multicast rate changes immediately. Reported-by: syzbot+de87c09cc7b964ea2e23(a)syzkaller.appspotmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> --- net/mac80211/cfg.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 1e57027da2913..2c60fc165801c 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2838,8 +2838,9 @@ static int ieee80211_set_mcast_rate(struct wiphy *wiphy, struct net_device *dev, memcpy(sdata->vif.bss_conf.mcast_rate, rate, sizeof(int) * NUM_NL80211_BANDS); - ieee80211_link_info_change_notify(sdata, &sdata->deflink, - BSS_CHANGED_MCAST_RATE); + if (ieee80211_sdata_running(sdata)) + ieee80211_link_info_change_notify(sdata, &sdata->deflink, + BSS_CHANGED_MCAST_RATE); return 0; } -- 2.42.1

11 months, 1 week

2
1
0 0

[RESEND PATCH] perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The perf stat errors out with UNC_CHA_TOR_INSERTS.IA_HIT_CXL_ACC_LOCAL event. $perf stat -e uncore_cha_55/event=0x35,umask=0x10c0008101/ -a -- ls event syntax error: '..0x35,umask=0x10c0008101/' \___ Bad event or PMU The definition of the CHA umask is config:8-15,32-55, which is 32bit. However, the umask of the event is bigger than 32bit. This is an error in the original uncore spec. Add a new umask_ext5 for the new CHA umask range. Fixes: 949b11381f81 ("perf/x86/intel/uncore: Add Sapphire Rapids server CHA support") Closes: https://lore.kernel.org/linux-perf-users/alpine.LRH.2.20.2401300733310.1135… Reviewed-by: Ian Rogers <irogers(a)google.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/uncore_snbep.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c index a96496bef678..7924f315269a 100644 --- a/arch/x86/events/intel/uncore_snbep.c +++ b/arch/x86/events/intel/uncore_snbep.c @@ -461,6 +461,7 @@ #define SPR_UBOX_DID 0x3250 /* SPR CHA */ +#define SPR_CHA_EVENT_MASK_EXT 0xffffffff #define SPR_CHA_PMON_CTL_TID_EN (1 << 16) #define SPR_CHA_PMON_EVENT_MASK (SNBEP_PMON_RAW_EVENT_MASK | \ SPR_CHA_PMON_CTL_TID_EN) @@ -477,6 +478,7 @@ DEFINE_UNCORE_FORMAT_ATTR(umask_ext, umask, "config:8-15,32-43,45-55"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext2, umask, "config:8-15,32-57"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext3, umask, "config:8-15,32-39"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext4, umask, "config:8-15,32-55"); +DEFINE_UNCORE_FORMAT_ATTR(umask_ext5, umask, "config:8-15,32-63"); DEFINE_UNCORE_FORMAT_ATTR(qor, qor, "config:16"); DEFINE_UNCORE_FORMAT_ATTR(edge, edge, "config:18"); DEFINE_UNCORE_FORMAT_ATTR(tid_en, tid_en, "config:19"); @@ -5957,7 +5959,7 @@ static struct intel_uncore_ops spr_uncore_chabox_ops = { static struct attribute *spr_uncore_cha_formats_attr[] = { &format_attr_event.attr, - &format_attr_umask_ext4.attr, + &format_attr_umask_ext5.attr, &format_attr_tid_en2.attr, &format_attr_edge.attr, &format_attr_inv.attr, @@ -5993,7 +5995,7 @@ ATTRIBUTE_GROUPS(uncore_alias); static struct intel_uncore_type spr_uncore_chabox = { .name = "cha", .event_mask = SPR_CHA_PMON_EVENT_MASK, - .event_mask_ext = SPR_RAW_EVENT_MASK_EXT, + .event_mask_ext = SPR_CHA_EVENT_MASK_EXT, .num_shared_regs = 1, .constraints = skx_uncore_chabox_constraints, .ops = &spr_uncore_chabox_ops, -- 2.35.1

11 months, 1 week

2
1
0 0

[PATCH 5.10 5.15] wifi: mac80211: apply mcast rate only if interface is up

by Alexander Ofitserov

From: Johannes Berg <johannes.berg(a)intel.com> If the interface isn't enabled, don't apply multicast rate changes immediately. Reported-by: syzbot+de87c09cc7b964ea2e23(a)syzkaller.appspotmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Backported to 5.10 and 5.15 Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> --- net/mac80211/cfg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 45bb6f2755987..ccd60c59b3d87 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2561,7 +2561,8 @@ static int ieee80211_set_mcast_rate(struct wiphy *wiphy, struct net_device *dev, memcpy(sdata->vif.bss_conf.mcast_rate, rate, sizeof(int) * NUM_NL80211_BANDS); - ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_MCAST_RATE); + if (ieee80211_sdata_running(sdata)) + ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_MCAST_RATE); return 0; } -- 2.42.1

11 months, 1 week

1
0
0 0

[PATCH v2] kobject_uevent: Fix OOB access within zap_modalias_env()

by Zijun Hu

zap_modalias_env() wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed by correcting size to memmove. Fixes: 9b3fa47d4a76 ("kobject: fix suppressing modalias in uevents delivered over netlink") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- V1 -> V2: Correct commit messages and add inline comments V1 discussion link: https://lore.kernel.org/lkml/0b916393-eb39-4467-9c99-ac1bc9746512@quicinc.c… lib/kobject_uevent.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c index 03b427e2707e..f22366be020c 100644 --- a/lib/kobject_uevent.c +++ b/lib/kobject_uevent.c @@ -433,8 +433,23 @@ static void zap_modalias_env(struct kobj_uevent_env *env) len = strlen(env->envp[i]) + 1; if (i != env->envp_idx - 1) { + /* @env->envp[] contains pointers to @env->buf[] + * with @env->buflen elements, and we want to + * remove variable MODALIAS pointed by + * @env->envp[i] with length @len as shown below: + * + * 0 @env->buf[] @env->buflen + * ---------------------------------------- + * ^ ^ ^ + * |-> @len <-| target block | + * @env->envp[i] @env->envp[i+1] + * + * so the "target block" indicated above is moved + * backward by @len, and its right size is + * (@env->buf + @env->buflen - @env->envp[i + 1]). + */ memmove(env->envp[i], env->envp[i + 1], - env->buflen - len); + env->buf + env->buflen - env->envp[i + 1]); for (j = i; j < env->envp_idx - 1; j++) env->envp[j] = env->envp[j + 1] - len; -- 2.7.4

11 months, 1 week

4
4
0 0

[PATCH stable,5.15 0/2] Revert the patchset for fix CVE-2024-26865

by Zhengchao Shao

There's no "pernet" variable in the struct hashinfo. The "pernet" variable is introduced from v6.1-rc1. Revert pre-patch and post-patch. Zhengchao Shao (2): Revert "tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()" Revert "tcp: Clean up kernel listener's reqsk in inet_twsk_purge()" net/ipv4/inet_timewait_sock.c | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) -- 2.34.1

11 months, 1 week

3
10
0 0

[PATCH 5.15.y] mptcp: fix full TCP keep-alive support

by Matthieu Baerts (NGI0)

commit bd11dc4fb969ec148e50cd87f88a78246dbc4d0b upstream. SO_KEEPALIVE support has been added a while ago, as part of a series "adding SOL_SOCKET" support. To have a full control of this keep-alive feature, it is important to also support TCP_KEEP* socket options at the SOL_TCP level. Supporting them on the setsockopt() part is easy, it is just a matter of remembering each value in the MPTCP sock structure, and calling tcp_sock_set_keep*() helpers on each subflow. If the value is not modified (0), calling these helpers will not do anything. For the getsockopt() part, the corresponding value from the MPTCP sock structure or the default one is simply returned. All of this is very similar to other TCP_* socket options supported by MPTCP. It looks important for kernels supporting SO_KEEPALIVE, to also support TCP_KEEP* options as well: some apps seem to (wrongly) consider that if the former is supported, the latter ones will be supported as well. But also, not having this simple and isolated change is preventing MPTCP support in some apps, and libraries like GoLang [1]. This is why this patch is seen as a fix. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/383 Fixes: 1b3e7ede1365 ("mptcp: setsockopt: handle SO_KEEPALIVE and SO_PRIORITY") Link: https://github.com/golang/go/issues/56539 [1] Acked-by: Paolo Abeni <pabeni(a)redhat.com> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Mat Martineau <martineau(a)kernel.org> Link: https://lore.kernel.org/r/20240514011335.176158-3-martineau@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ Conflicts in the same context, because commit 29b5e5ef8739 ("mptcp: implement TCP_NOTSENT_LOWAT support") (new feature), commit 013e3179dbd2 ("mptcp: fix rcv space initialization") (not backported because of the various conflicts, and because the race fixed by this commit "does not produce ill effects in practice"), and commit 4f6e14bd19d6 ("mptcp: support TCP_CORK and TCP_NODELAY") are not in this version. The adaptations done by 7f71a337b515 ("mptcp: cleanup SOL_TCP handling") have been adapted to this case here. Also, TCP_KEEPINTVL and TCP_KEEPCNT value had to be set without lock, the same way it was done on TCP side prior commit 6fd70a6b4e6f ("tcp: set TCP_KEEPINTVL locklessly") and commit 84485080cbc1 ("tcp: set TCP_KEEPCNT locklessly"). ] Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- net/mptcp/protocol.h | 3 ++ net/mptcp/sockopt.c | 115 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 78aa6125eafb..b4ccae4f6849 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -250,6 +250,9 @@ struct mptcp_sock { bool use_64bit_ack; /* Set when we received a 64-bit DSN */ bool csum_enabled; spinlock_t join_list_lock; + int keepalive_cnt; + int keepalive_idle; + int keepalive_intvl; struct work_struct work; struct sk_buff *ooo_last_skb; struct rb_root out_of_order_queue; diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index bd797d8f72ab..36d85af12e76 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -593,6 +593,60 @@ static int mptcp_setsockopt_sol_tcp_congestion(struct mptcp_sock *msk, sockptr_t return ret; } +static int __tcp_sock_set_keepintvl(struct sock *sk, int val) +{ + if (val < 1 || val > MAX_TCP_KEEPINTVL) + return -EINVAL; + + WRITE_ONCE(tcp_sk(sk)->keepalive_intvl, val * HZ); + + return 0; +} + +static int __tcp_sock_set_keepcnt(struct sock *sk, int val) +{ + if (val < 1 || val > MAX_TCP_KEEPCNT) + return -EINVAL; + + /* Paired with READ_ONCE() in keepalive_probes() */ + WRITE_ONCE(tcp_sk(sk)->keepalive_probes, val); + + return 0; +} + +static int mptcp_setsockopt_set_val(struct mptcp_sock *msk, int max, + int (*set_val)(struct sock *, int), + int *msk_val, sockptr_t optval, + unsigned int optlen) +{ + struct mptcp_subflow_context *subflow; + struct sock *sk = (struct sock *)msk; + int val, err; + + err = mptcp_get_int_option(msk, optval, optlen, &val); + if (err) + return err; + + lock_sock(sk); + mptcp_for_each_subflow(msk, subflow) { + struct sock *ssk = mptcp_subflow_tcp_sock(subflow); + int ret; + + lock_sock(ssk); + ret = set_val(ssk, val); + err = err ? : ret; + release_sock(ssk); + } + + if (!err) { + *msk_val = val; + sockopt_seq_inc(msk); + } + release_sock(sk); + + return err; +} + static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname, sockptr_t optval, unsigned int optlen) { @@ -601,6 +655,21 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname, return -EOPNOTSUPP; case TCP_CONGESTION: return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen); + case TCP_KEEPIDLE: + return mptcp_setsockopt_set_val(msk, MAX_TCP_KEEPIDLE, + &tcp_sock_set_keepidle_locked, + &msk->keepalive_idle, + optval, optlen); + case TCP_KEEPINTVL: + return mptcp_setsockopt_set_val(msk, MAX_TCP_KEEPINTVL, + &__tcp_sock_set_keepintvl, + &msk->keepalive_intvl, + optval, optlen); + case TCP_KEEPCNT: + return mptcp_setsockopt_set_val(msk, MAX_TCP_KEEPCNT, + &__tcp_sock_set_keepcnt, + &msk->keepalive_cnt, + optval, optlen); } return -EOPNOTSUPP; @@ -667,9 +736,40 @@ static int mptcp_getsockopt_first_sf_only(struct mptcp_sock *msk, int level, int return ret; } +static int mptcp_put_int_option(struct mptcp_sock *msk, char __user *optval, + int __user *optlen, int val) +{ + int len; + + if (get_user(len, optlen)) + return -EFAULT; + if (len < 0) + return -EINVAL; + + if (len < sizeof(int) && len > 0 && val >= 0 && val <= 255) { + unsigned char ucval = (unsigned char)val; + + len = 1; + if (put_user(len, optlen)) + return -EFAULT; + if (copy_to_user(optval, &ucval, 1)) + return -EFAULT; + } else { + len = min_t(unsigned int, len, sizeof(int)); + if (put_user(len, optlen)) + return -EFAULT; + if (copy_to_user(optval, &val, len)) + return -EFAULT; + } + + return 0; +} + static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname, char __user *optval, int __user *optlen) { + struct sock *sk = (void *)msk; + switch (optname) { case TCP_ULP: case TCP_CONGESTION: @@ -677,6 +777,18 @@ static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname, case TCP_CC_INFO: return mptcp_getsockopt_first_sf_only(msk, SOL_TCP, optname, optval, optlen); + case TCP_KEEPIDLE: + return mptcp_put_int_option(msk, optval, optlen, + msk->keepalive_idle ? : + READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_keepalive_time) / HZ); + case TCP_KEEPINTVL: + return mptcp_put_int_option(msk, optval, optlen, + msk->keepalive_intvl ? : + READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_keepalive_intvl) / HZ); + case TCP_KEEPCNT: + return mptcp_put_int_option(msk, optval, optlen, + msk->keepalive_cnt ? : + READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_keepalive_probes)); } return -EOPNOTSUPP; } @@ -746,6 +858,9 @@ static void sync_socket_options(struct mptcp_sock *msk, struct sock *ssk) if (inet_csk(sk)->icsk_ca_ops != inet_csk(ssk)->icsk_ca_ops) tcp_set_congestion_control(ssk, msk->ca_name, false, true); + tcp_sock_set_keepidle_locked(ssk, msk->keepalive_idle); + __tcp_sock_set_keepintvl(ssk, msk->keepalive_intvl); + __tcp_sock_set_keepcnt(ssk, msk->keepalive_cnt); } static void __mptcp_sockopt_sync(struct mptcp_sock *msk, struct sock *ssk) -- 2.43.0

11 months, 1 week

1
0
0 0

[PATCH 6.1.y 0/3] Backport of "mptcp: fix full TCP keep-alive support"

by Matthieu Baerts (NGI0)

It looks like the patch "mptcp: fix full TCP keep-alive support" has been backported up to v6.8 recently (thanks!), but not before due to conflicts. I had to adapt a bit the code not to backport new features, but the modifications were simple, and isolated from the rest. Conflicts have been described in each patch. MPTCP sockopts tests have been executed, and no issues have been reported. Matthieu Baerts (NGI0) (1): mptcp: fix full TCP keep-alive support Paolo Abeni (2): mptcp: avoid some duplicate code in socket option handling mptcp: cleanup SOL_TCP handling net/mptcp/protocol.h | 3 + net/mptcp/sockopt.c | 144 +++++++++++++++++++++++++++++++------------ 2 files changed, 108 insertions(+), 39 deletions(-) -- 2.43.0

11 months, 1 week

1
3
0 0

Proposition for linux-stable-mirror@lists.linaro.org.

by ND

11 months, 1 week

1
0
0 0

[PATCH 2/2] fs/ntfs3: Rename the label end_reply to end_replay

by Huacai Chen

The label end_reply is obviously a typo. It should be "replay" in this context. So rename end_reply to end_replay. Cc: stable(a)vger.kernel.org Fixes: b46acd6a6a627d876898e ("fs/ntfs3: Add NTFS journal") Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- fs/ntfs3/fslog.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ntfs3/fslog.c b/fs/ntfs3/fslog.c index 19c448093df7..87c0e2b52954 100644 --- a/fs/ntfs3/fslog.c +++ b/fs/ntfs3/fslog.c @@ -4661,7 +4661,7 @@ int log_replay(struct ntfs_inode *ni, bool *initialized) * table are not empty. */ if ((!dptbl || !dptbl->total) && (!trtbl || !trtbl->total)) - goto end_reply; + goto end_replay; sbi->flags |= NTFS_FLAGS_NEED_REPLAY; if (is_ro) @@ -5090,7 +5090,7 @@ int log_replay(struct ntfs_inode *ni, bool *initialized) sbi->flags &= ~NTFS_FLAGS_NEED_REPLAY; -end_reply: +end_replay: err = 0; if (is_ro) -- 2.43.0

11 months, 1 week

1
0
0 0

[PATCH 1/2] fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed

by Huacai Chen

If an NTFS file system is mounted to another system with different PAGE_SIZE from the original system, log->page_size will change in log_replay(), but log->page_{mask,bits} don't change correspondingly. This will cause a panic because "u32 bytes = log->page_size - page_off" will get a negative value in the later read_log_page(). Cc: stable(a)vger.kernel.org Fixes: b46acd6a6a627d876898e ("fs/ntfs3: Add NTFS journal") Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- fs/ntfs3/fslog.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/ntfs3/fslog.c b/fs/ntfs3/fslog.c index 855519713bf7..19c448093df7 100644 --- a/fs/ntfs3/fslog.c +++ b/fs/ntfs3/fslog.c @@ -3914,6 +3914,9 @@ int log_replay(struct ntfs_inode *ni, bool *initialized) goto out; } + log->page_mask = log->page_size - 1; + log->page_bits = blksize_bits(log->page_size); + /* If the file size has shrunk then we won't mount it. */ if (log->l_size < le64_to_cpu(ra2->l_size)) { err = -EINVAL; -- 2.43.0

11 months, 1 week

1
0
0 0

[PATCH 6.9 000/427] 6.9.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.3 release. There are 427 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 May 2024 18:53:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.3-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.3-rc1 Shuah Khan <skhan(a)linuxfoundation.org> Revert "selftests/sgx: Include KHDR_INCLUDES in Makefile" Shuah Khan <skhan(a)linuxfoundation.org> Revert "selftests: Compile kselftest headers with -D_GNU_SOURCE" Tom Parkin <tparkin(a)katalix.com> l2tp: fix ICMP error handling for UDP-encap sockets Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: fix to control VLAN strip Jiawen Wu <jiawenwu(a)trustnetic.com> net: wangxun: match VLAN CTAG and STAG features Jiawen Wu <jiawenwu(a)trustnetic.com> net: wangxun: fix to change Rx features Cheng Yu <serein.chengyu(a)huawei.com> sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() Vitalii Bursov <vitaly(a)bursov.com> sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Eric Dumazet <edumazet(a)google.com> af_packet: do not call packet_read_pending() from tpacket_destruct_skb() Eric Dumazet <edumazet(a)google.com> netrom: fix possible dead-lock in nr_rt_ioctl() Michal Schmidt <mschmidt(a)redhat.com> idpf: don't skip over ethtool tcp-data-split setting Hangbin Liu <liuhangbin(a)gmail.com> selftests/net/lib: no need to record ns name if it already exist Chris Lew <quic_clew(a)quicinc.com> net: qrtr: ns: Fix module refcnt Andrii Nakryiko <andrii(a)kernel.org> libbpf: fix feature detectors when using token_fd Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: mst: fix vlan use-after-free Nikolay Aleksandrov <razor(a)blackwall.org> selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: xmit: make sure we have at least eth header len bytes Wang Yao <wangyao(a)lemote.com> modules: Drop the .export_symbol section from the final modules Beau Belgrave <beaub(a)linux.microsoft.com> tracing/user_events: Fix non-spaced field matching Ivanov Mikhail <ivanov.mikhail1(a)huawei-partners.com> samples/landlock: Fix incorrect free in populate_ruleset_net Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw Leon Romanovsky <leon(a)kernel.org> RDMA/IPoIB: Fix format truncation compilation errors Edward Liaw <edliaw(a)google.com> selftests/kcmp: remove unused open mode SeongJae Park <sj(a)kernel.org> selftests/damon/_damon_sysfs: check errors from nr_schemes file reads Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix gss_free_in_token_pages() Michal Schmidt <mschmidt(a)redhat.com> bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: add buffer overflow check in of_modalias() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: apss-ipq-pll: fix PLL rate for IPQ5018 Nathan Chancellor <nathan(a)kernel.org> clk: qcom: Fix SM_GPUCC_8650 dependencies Nathan Chancellor <nathan(a)kernel.org> clk: qcom: Fix SC_CAMCC_8280XP dependencies Zhang Yi <yi.zhang(a)huawei.com> ext4: remove the redundant folio_wait_stable() Dan Carpenter <dan.carpenter(a)linaro.org> ext4: fix potential unnitialized variable Vishal Verma <vishal.l.verma(a)intel.com> dax/bus.c: use the right locking mode (read vs write) in size_show Vishal Verma <vishal.l.verma(a)intel.com> dax/bus.c: don't use down_write_killable for non-user processes Vishal Verma <vishal.l.verma(a)intel.com> dax/bus.c: fix locking for unregister_dax_dev / unregister_dax_mapping paths Vishal Verma <vishal.l.verma(a)intel.com> dax/bus.c: replace WARN_ON_ONCE() with lockdep asserts NeilBrown <neilb(a)suse.de> nfsd: don't create nfsv4recoverydir in nfsdfs when not used. Aleksandr Aprelkov <aaprelkov(a)usergate.com> sunrpc: removed redundant procp check Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Enable Guest Translation after reading IOMMU feature register Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Decouple igfx_off from graphic identity mapping David Hildenbrand <david(a)redhat.com> drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() Christoph Hellwig <hch(a)lst.de> virt: acrn: stop using follow_pfn Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: boundary check before installing cq callbacks Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Use struct mana_ib_queue for CQs Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Introduce helpers to create and destroy mana queues Jan Kara <jack(a)suse.cz> ext4: avoid excessive credit estimate in ext4_tmpfile() Adrian Hunter <adrian.hunter(a)intel.com> x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS Adrian Hunter <adrian.hunter(a)intel.com> x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map Marc Gonzalez <mgonzalez(a)freebox.fr> clk: qcom: mmcc-msm8998: fix venus clock issue Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8650: fix DisplayPort clocks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: fix DisplayPort clocks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm6350: fix DisplayPort clocks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8450: fix DisplayPort clocks Jinjiang Tu <tujinjiang(a)huawei.com> mm/ksm: fix ksm exec support for prctl Duoming Zhou <duoming(a)zju.edu.cn> lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a07g043: Add clock and reset entry for PLIC Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: r8a779a0: Fix CANFD parent clock Jason Gunthorpe <jgg(a)ziepe.ca> IB/mlx5: Use __iowrite64_copy() for write combining stores Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Fix incorrect rxe_put in error path Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Allow good work requests to be executed Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt Tudor Ambarus <tudor.ambarus(a)linaro.org> clk: samsung: gs101: propagate PERIC1 USI SPI clock rate Tudor Ambarus <tudor.ambarus(a)linaro.org> clk: samsung: gs101: propagate PERIC0 USI SPI clock rate Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: remove invalid Stromer register offset Catalin Popescu <catalin.popescu(a)leica-geosystems.com> clk: rs9: fix wrong default value for clock amplitude Alexandre Mergnat <amergnat(a)baylibre.com> clk: mediatek: mt8365-mm: fix DPI0 parent Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Modify the print level of CQE error Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Use complete parentheses in macros Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix GMV table pagesize wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix mismatch exception rollback Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix UAF for cq async event Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix deadlock on SRQ async events. Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Add max_ah and cq moderation capacities in query_device() Zhengchao Shao <shaozhengchao(a)huawei.com> RDMA/hns: Fix return value in hns_roce_map_mr_sg Yi Liu <yi.l.liu(a)intel.com> iommu: Undo pasid attachment only for the devices that have succeeded Nícolas F. R. A. Prado <nfraprado(a)collabora.com> clk: mediatek: pllfh: Don't log error for missing fhctl node Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Adding remote atomic access flag to updatable flags Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Change check for cacheable mkeys Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent Jaewon Kim <jaewon02.kim(a)samsung.com> clk: samsung: exynosautov9: fix wrong pll clock id value Thomas Weißschuh <linux(a)weissschuh.net> power: supply: core: simplify charge_behaviour formatting Pratyush Yadav <p.yadav(a)ti.com> media: cadence: csi2rx: configure DPHY before starting source stream Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/edid: Parse topology block for all DispID structure v1.x Atish Patra <atishp(a)rivosinc.com> RISC-V: Fix the typo in Scountovf CSR name Detlev Casanova <detlev.casanova(a)collabora.com> drm/rockchip: vop2: Do not divide height twice for YUV Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for Logitech Rally Bar Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/mipi-dsi: use correct return type for the DSC functions Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 Marek Vasut <marex(a)denx.de> drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Hsin-Te Yuan <yuanhsinte(a)chromium.org> drm/bridge: anx7625: Update audio status while detecting Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/panel: novatek-nt35950: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: dpc3433: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: tc358775: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt9611: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt8912b: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: icn6211: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: anx7625: Don't log an error when DSI host can't be found Steven Rostedt <rostedt(a)goodmis.org> ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Aleksandr Mishin <amishin(a)t-argos.ru> drm: vc4: Fix possible null pointer dereference Huai-Yuan Liu <qq810974084(a)gmail.com> drm/arm/malidp: fix a possible null pointer dereference Zhipeng Lu <alexious(a)zju.edu.cn> media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Randy Dunlap <rdunlap(a)infradead.org> fbdev: sh7760fb: allow modular build Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: v4l2-subdev: Fix stream handling for crop API Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> media: i2c: et8ek8: Don't strip remove function when driver is builtin Fabio Estevam <festevam(a)denx.de> media: dt-bindings: ovti,ov2680: Fix the power supply names Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ipu3-cio2: Request IRQ earlier Douglas Anderson <dianders(a)chromium.org> drm/msm/dp: Account for the timeout in wait_hpd_asserted() callback Douglas Anderson <dianders(a)chromium.org> drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: allow voltage swing / pre emphasis of 3 Armin Wolf <W_Armin(a)gmx.de> platform/x86: xiaomi-wmi: Fix race condition when reporting key events Aleksandr Mishin <amishin(a)t-argos.ru> drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference Ricardo Ribalda <ribalda(a)chromium.org> media: radio-shark2: Avoid led_names truncations Arnd Bergmann <arnd(a)arndb.de> media: rcar-vin: work around -Wenum-compare-conditional warning Changhuang Liang <changhuang.liang(a)starfivetech.com> staging: media: starfive: Remove links when unregistering devices Aleksandr Burakov <a.burakov(a)rosalinux.ru> media: ngene: Add dvb_ca_en50221_init return value check Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Test result of avs_get_module_entry() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix potential integer overflow Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix ASRC module initialization Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix debug-slot offset calculation Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Restore stream decoupling on prepare Tianchen Ding <dtcccc(a)linux.alibaba.com> selftests: cgroup: skip test_cgcore_lesser_ns_open when cgroup2 mounted without nsdelegate Arnd Bergmann <arnd(a)arndb.de> fbdev: sisfb: hide unused variables Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl: Implement firmware boot state check Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: lnl: Correct rom_status_reg Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl: Correct rom_status_reg Arnd Bergmann <arnd(a)arndb.de> powerpc/fsl-soc: hide unused const variable Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: fix channel map configuration for aggregated dailink Douglas Anderson <dianders(a)chromium.org> drm/mediatek: Init `ddp_comp` with devm_kcalloc() Justin Green <greenjustin(a)chromium.org> drm/mediatek: Add 0 size check to mtk_drm_gem_obj Christian Hewitt <christianshewitt(a)gmail.com> drm/meson: vclk: fix calculation of 59.94 fractional rates Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: kirkwood: Fix potential NULL dereference Arnd Bergmann <arnd(a)arndb.de> fbdev: shmobile: fix snprintf truncation Heiko Stuebner <heiko.stuebner(a)cherry.de> drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init Heiko Stuebner <heiko.stuebner(a)cherry.de> drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> ASoC: mediatek: Assign dummy when codec not specified for a DAI link Arnd Bergmann <arnd(a)arndb.de> drm/imagination: avoid -Woverflow warning Maxim Korotkov <korotkov.maxim.s(a)gmail.com> mtd: rawnand: hynix: fixed typo Aapo Vienamo <aapo.vienamo(a)linux.intel.com> mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: ssm4567: Do not ignore route checks Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: Disable route checks for Skylake boards Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix potential index out of bounds in color transformation function Douglas Anderson <dianders(a)chromium.org> drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't assert Marek Vasut <marex(a)denx.de> drm/lcdif: Do not disable clocks on already suspended hardware Geert Uytterhoeven <geert+renesas(a)glider.be> dev_printk: Add and use dev_no_printk() Geert Uytterhoeven <geert+renesas(a)glider.be> printk: Let no_printk() use _printk() Tony Lindgren <tony(a)atomide.com> drm/omapdrm: Fix console with deferred ops Tony Lindgren <tony(a)atomide.com> drm/omapdrm: Fix console by implementing fb_dirty Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() Vignesh Raman <vignesh.raman(a)collabora.com> drm/ci: update device type for volteer devices Jagan Teki <jagan(a)amarulasolutions.com> drm/bridge: Fix improper bridge init order with pre_enable_prev_first Zhengqiao Xia <xiazhengqiao(a)huaqin.corp-partner.google.com> drm/panel-edp: Add prepare_to_enable to 200ms for MNC207QS1-1 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not handling hdev->le_num_of_adv_sets=1 Gustavo A. R. Silva <gustavoars(a)kernel.org> Bluetooth: hci_conn, hci_sync: Use __counted_by() to avoid -Wfamnae warnings Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: HCI: Remove HCI_AMP support Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Make iso_get_sock_listen generic Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: qca: Fix error code in qca_read_fw_build_info() Sebastian Urban <surban(a)surban.net> Bluetooth: compute LE flow credits based on recvbuf space Horatiu Vultur <horatiu.vultur(a)microchip.com> net: micrel: Fix receiving the timestamp in the frame for lan8841 Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: move the EST lock to struct stmmac_priv Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fix full TCP keep-alive support Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: SO_KEEPALIVE: fix getsockopt support Wei Fang <wei.fang(a)nxp.com> net: fec: remove .ndo_poll_controller to avoid deadlocks Chen Ni <nichen(a)iscas.ac.cn> dpll: fix return value check for kmemdup Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix reference count leak issue of net_device Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix reference count leak issues of ax25_dev Duoming Zhou <duoming(a)zju.edu.cn> ax25: Use kernel universal linked list to implement ax25_dev_list Eric Dumazet <edumazet(a)google.com> inet: fix inet_fill_ifaddr() flags truncation Puranjay Mohan <puranjay(a)kernel.org> riscv, bpf: make some atomic operations fully ordered Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Emit a barrier for BPF_FETCH instructions Akiva Goldberger <agoldberger(a)nvidia.com> net/mlx5: Discard command completions in internal error Akiva Goldberger <agoldberger(a)nvidia.com> net/mlx5: Add a timeout to acquire the command queue semaphore Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Reload only IB representors upon lag disable/enable Shay Drory <shayd(a)nvidia.com> net/mlx5: Fix peer devlink set for SF representor devlink port Shay Drory <shayd(a)nvidia.com> net/mlx5e: Fix netif state handling Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix invalid unregister error path Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix incorrect unregister order Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: add missing seg6_local_exit Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix overwriting ct original tuple for ICMPv6 Eric Dumazet <edumazet(a)google.com> net: usb: smsc95xx: stop lying about skb->truesize Breno Leitao <leitao(a)debian.org> af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Locking fixes Dan Nowlin <dan.nowlin(a)intel.com> ice: Fix package download algorithm Daniel Golle <daniel(a)makrotopia.org> net: ethernet: mediatek: use ADMAv1 instead of ADMAv2.0 on MT7981 and MT7986 Lorenzo Bianconi <lorenzo(a)kernel.org> net: ethernet: mediatek: split tx and rx fields in mtk_soc_data struct Jakub Kicinski <kuba(a)kernel.org> selftests: net: move amt to socat for better compatibility Jakub Kicinski <kuba(a)kernel.org> selftests: net: add missing config for amt.sh Jakub Kicinski <kuba(a)kernel.org> eth: sungem: remove .ndo_poll_controller to avoid deadlocks gaoxingwang <gaoxingwang1(a)huawei.com> net: ipv6: fix wrong start position when receive hop-by-hop fragment Vadim Fedorenko <vadim.fedorenko(a)linux.dev> ptp: ocp: fix DPLL functions Benjamin Marzinski <bmarzins(a)redhat.com> dm-delay: fix max_delay calculations Joel Colledge <joel.colledge(a)linbit.com> dm-delay: fix hung task introduced by kthread mode Benjamin Marzinski <bmarzins(a)redhat.com> dm-delay: fix workqueue delay_timer race Edward Liaw <edliaw(a)google.com> selftests/sgx: Include KHDR_INCLUDES in Makefile Edward Liaw <edliaw(a)google.com> selftests: Compile kselftest headers with -D_GNU_SOURCE Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: Move ARCH_HAS_CPU_CACHE_ALIASING Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix reboot hang on Mac IIci Michael Schmitz <schmitzmic(a)gmail.com> m68k: Fix spinlock race in kernel thread creation Eric Dumazet <edumazet(a)google.com> net: usb: sr9700: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> usb: aqc111: stop lying about skb->truesize Josef Bacik <josef(a)toxicpanda.com> btrfs: set start on clone before calling copy_extent_buffer_full Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> HID: amd_sfh: Handle "no sensors" in PM operations Dan Carpenter <dan.carpenter(a)linaro.org> wifi: mwl8k: initialize cmd->addr[] properly Robert Richter <rrichter(a)amd.com> x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() Jim Liu <jim.t90615(a)gmail.com> gpio: nuvoton: Fix sgpio irq handle error Himanshu Madhani <himanshu.madhani(a)oracle.com> scsi: qla2xxx: Fix debugfs output for fw_resource_count Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: qedf: Ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: bfa: Ensure the copied buf is NUL terminated Chen Ni <nichen(a)iscas.ac.cn> HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors Michal Schmidt <mschmidt(a)redhat.com> selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect Scott Mayhew <smayhew(a)redhat.com> kunit: bail out early in __kunit_test_suites_init() if there are no suites to test Wander Lairson Costa <wander(a)redhat.com> kunit: unregister the device on error Mickaël Salaün <mic(a)digikod.net> kunit: Fix kthread reference Valentin Obst <kernel(a)valentinobst.de> selftests: default to host arch for LLVM builds John Hubbard <jhubbard(a)nvidia.com> selftests/resctrl: fix clang build failure: use LOCAL_HDRS John Hubbard <jhubbard(a)nvidia.com> selftests/binderfs: use the Makefile's rules, not Make's implicit rules Nícolas F. R. A. Prado <nfraprado(a)collabora.com> selftests: power_supply: Make it POSIX-compliant Nícolas F. R. A. Prado <nfraprado(a)collabora.com> selftests: ktap_helpers: Make it POSIX-compliant Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode Kees Cook <keescook(a)chromium.org> wifi: nl80211: Avoid address calculations via out of bounds array indexing Jiri Olsa <jolsa(a)kernel.org> libbpf: Fix error message in attach_kprobe_multi Felix Fietkau <nbd(a)nbd.name> wifi: mt76: connac: use muar idx 0xe for non-mt799x as well Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command Chad Monroe <chad(a)monroe.io> wifi: mt76: mt7996: fix size of txpower MCU command Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: mt76: connac: check for null before dereferencing Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7603: fix tx queue of loopback packets Guenter Roeck <linux(a)roeck-us.net> Revert "sh: Handle calling csum_partial with misaligned data" Geert Uytterhoeven <geert+renesas(a)glider.be> sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() Stanislav Fomichev <sdf(a)google.com> bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE George Stark <gnstark(a)salutedevices.com> pwm: meson: Use mul_u64_u64_div_u64() for frequency calculating George Stark <gnstark(a)salutedevices.com> pwm: meson: Add check for error from clk_round_rate() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: ar5523: enable proper endpoint verification Viktor Malik <vmalik(a)redhat.com> selftests/bpf: Run cgroup1_hierarchy test in own mount namespace Alexei Starovoitov <ast(a)kernel.org> bpf: Fix verifier assumptions about socket->sk Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: carl9170: add a proper sanity check for endpoints Finn Thain <fthain(a)linux-m68k.org> macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" Eric Dumazet <edumazet(a)google.com> net: give more chances to rcu in netdev_wait_allrefs_any() Hao Chen <chenhao418(a)huawei.com> drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: sti: Simplify probe function using devm functions Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Pass cooling device state to thermal_debug_cdev_add() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Create records for cdev states as they get used Eric Dumazet <edumazet(a)google.com> tcp: avoid premature drops in tcp_add_backlog() Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> wifi: ath10k: populate board data for WCN3990 Portia Stephens <portia.stephens(a)canonical.com> cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: mcq: Fix ufshcd_mcq_sqe_search() Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix a fd leak in error paths in open_netns Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Avoid excessive updates of trip point statistics Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: do_xmote fixes Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: finish_xmote cleanup Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix potential glock use-after-free on unmount Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Remove ill-placed consistency check Su Hui <suhui(a)nfschina.com> wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Binbin Zhou <zhoubinbin(a)loongson.cn> dt-bindings: thermal: loongson,ls2k-thermal: Fix incorrect compatible definition Binbin Zhou <zhoubinbin(a)loongson.cn> dt-bindings: thermal: loongson,ls2k-thermal: Add Loongson-2K0500 compatible Aleksandr Mishin <amishin(a)t-argos.ru> thermal/drivers/tsens: Fix null pointer dereference Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal/drivers/mediatek/lvts_thermal: Add coeff for mt8192 Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Ard Biesheuvel <ardb(a)kernel.org> x86/purgatory: Switch to the position-independent small code model Yuri Karpov <YKarpov(a)ispras.ru> scsi: hpsa: Fix allocation size for Scsi_Host private data Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix the failure of adding phy with zero-address to port Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: init vif works only once Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: don't always disable EMLSR due to BT coex Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: calculate EMLSR mode after connection Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: introduce esr_disable_reason Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: transmit deauth only if link is available Aleksandr Mishin <amishin(a)t-argos.ru> cppc_cpufreq: Fix possible null pointer dereference Stafford Horne <shorne(a)gmail.com> openrisc: traps: Don't send signals to kernel mode threads Stafford Horne <shorne(a)gmail.com> openrisc: Use do_kernel_power_off() Gabriel Krisman Bertazi <krisman(a)suse.de> udp: Avoid call to compute_score on multiple sites Juergen Gross <jgross(a)suse.com> x86/pat: Fix W^X violation false-positives when running as Xen PV guest Juergen Gross <jgross(a)suse.com> x86/pat: Restructure _lookup_address_cpa() Juergen Gross <jgross(a)suse.com> x86/pat: Introduce lookup_address_in_pgd_attr() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: exit() callback is optional Hechao Li <hli(a)netflix.com> tcp: increase the default TCP scaling ratio Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix umount cgroup2 error in test_sockmap Ard Biesheuvel <ardb(a)kernel.org> x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57 Jinjie Ruan <ruanjinjie(a)huawei.com> arm64: Remove unnecessary irqflags alternative.h include Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix "ignore unlock failures after withdraw" Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Don't forget to complete delayed withdraw Arnd Bergmann <arnd(a)arndb.de> ACPI: disable -Wstringop-truncation Zenghui Yu <yuzenghui(a)huawei.com> irqchip/loongson-pch-msi: Fix off-by-one on allocation error path Zenghui Yu <yuzenghui(a)huawei.com> irqchip/alpine-msi: Fix off-by-one in allocation error path Uros Bizjak <ubizjak(a)gmail.com> locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Allow decoding of SGX addresses Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: LPSS: Advertise number of chip selects via property Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling interrupts Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after writing UTP_TASK_REQ_LIST_BASE_H Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing CGC enable Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing unipro mode Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing reset bit Arnd Bergmann <arnd(a)arndb.de> x86/microcode/AMD: Avoid -Wformat warning with clang-15 Andrii Nakryiko <andrii(a)kernel.org> bpf: prevent r10 register from being marked as precise Anton Protopopov <aspsk(a)isovalent.com> bpf: Pack struct bpf_fib_lookup Sahil Siddiq <icegambit91(a)gmail.com> bpftool: Mount bpffs on provided dir instead of parent dir Arnd Bergmann <arnd(a)arndb.de> wifi: carl9170: re-fix fortified-memset warning Alexander Aring <aahringo(a)redhat.com> dlm: fix user space lock decision to copy lvb Alexander Lobakin <aleksander.lobakin(a)intel.com> bitops: add missing prototype check Arnd Bergmann <arnd(a)arndb.de> mlx5: stop warning for 64KB pages Arnd Bergmann <arnd(a)arndb.de> mlx5: avoid truncating error message Arnd Bergmann <arnd(a)arndb.de> qed: avoid truncating work queue length Arnd Bergmann <arnd(a)arndb.de> enetc: avoid truncating error message Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC Armin Wolf <W_Armin(a)gmx.de> ACPI: Fix Generic Initiator Affinity _OSC bit Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for the Generic Event Device thru _OSC Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for more than 16 p-states thru _OSC Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for _TFP thru _OSC Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/fair: Add EAS checks before updating root_domain::overutilized Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: reconfigure TLC during HW restart Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: select STA mask only for active links Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: set wider BW OFDMA ignore correctly Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: fix active link counting during recovery Ayala Beker <ayala.beker(a)intel.com> wifi: mac80211: don't select link ID if not provided in scan request Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: allocate STA links only for active links Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: ignore non-TX BSSs in per-STA profile Johannes Berg <johannes.berg(a)intel.com> wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() Paul Menzel <pmenzel(a)molgen.mpg.de> x86/fred: Fix typo in Kconfig description Guixiong Wei <weiguixiong(a)bytedance.com> x86/boot: Ignore relocations in .notes sections in walk_relocs() too Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7915: workaround too long expansion sparse warnings Aloka Dixit <quic_alokad(a)quicinc.com> wifi: ath12k: use correct flag field for 320 MHz channels Quentin Monnet <qmo(a)kernel.org> libbpf: Prevent null-pointer dereference when prog to load has no BTF Yonghong Song <yonghong.song(a)linux.dev> bpftool: Fix missing pids during link show Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't force enable power save on non-running vdevs Duoming Zhou <duoming(a)zju.edu.cn> wifi: brcmfmac: pcie: handle randbuf allocation failure Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: poll service ready message before failing Yu Kuai <yukuai3(a)huawei.com> block: support to account io_ticks precisely INAGAKI Hiroshi <musashino.open(a)gmail.com> block: fix and simplify blkdevparts= cmdline parsing Christoph Hellwig <hch(a)lst.de> block: refine the EOF check in blkdev_iomap_begin Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - specify firmware files for 402xx Yu Kuai <yukuai3(a)huawei.com> md: fix resync softlockup when bitmap size is less than array size Kees Cook <keescook(a)chromium.org> kunit/fortify: Fix replaced failure path to unbreak __alloc_size Kees Cook <keescook(a)chromium.org> lkdtm: Disable CFI checking for perms functions Bjorn Andersson <quic_bjorande(a)quicinc.com> soc: qcom: pmic_glink: Make client-lock non-sleeping Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix sendzc lazy wake polling Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390: vmlinux.lds.S: Drop .hash and .gnu.hash for !CONFIG_PIE_BUILD Kees Cook <keescook(a)chromium.org> kunit/fortify: Fix mismatched kvalloc()/vfree() usage Marek Vasut <marex(a)denx.de> hwrng: stm32 - repair clock handling Marek Vasut <marex(a)denx.de> hwrng: stm32 - put IP into RPM suspend on failure Marek Vasut <marex(a)denx.de> hwrng: stm32 - use logical OR in conditional Lucas Segarra Fernandez <lucas.segarra.fernandez(a)intel.com> crypto: qat - validate slices count returned by FW Zhu Yanjun <yanjun.zhu(a)linux.dev> null_blk: Fix missing mutex_destroy() at module removal Chun-Kuang Hu <chunkuang.hu(a)kernel.org> soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE Mukesh Ojha <quic_mojha(a)quicinc.com> firmware: qcom: scm: Fix __scm and waitq completion variable initialization Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pmic_glink: notify clients about the current state Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pmic_glink: don't traverse clients list without a lock Adam Guerin <adam.guerin(a)intel.com> crypto: qat - improve error logging to be consistent across features Adam Guerin <adam.guerin(a)intel.com> crypto: qat - improve error message in adf_get_arbiter_mapping() Chen Ni <nichen(a)iscas.ac.cn> crypto: octeontx2 - add missing check for dma_map_single David Hildenbrand <david(a)redhat.com> s390/mm: Re-enable the shared zeropage for !PV and !skeys KVM guests David Hildenbrand <david(a)redhat.com> mm/userfaultfd: Do not place zeropages when zeropages are disallowed Gabriel Krisman Bertazi <krisman(a)suse.de> io-wq: write next_work before dropping acct_lock Chuck Lever <chuck.lever(a)oracle.com> shmem: Fix shmem_rename2() Chuck Lever <chuck.lever(a)oracle.com> libfs: Add simple_offset_rename() API Chuck Lever <chuck.lever(a)oracle.com> libfs: Fix simple_offset_rename_exchange() Ilya Denisyev <dev(a)elkcl.ru> jffs2: prevent xattr node from overflowing the eraseblock Maxime Ripard <mripard(a)kernel.org> ARM: configs: sunxi: Enable DRM_DW_HDMI Nikita Kiryushin <kiryushin(a)ancud.ru> rcu: Fix buffer overflow in print_cpu_stall_info() Nikita Kiryushin <kiryushin(a)ancud.ru> rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow Jens Axboe <axboe(a)kernel.dk> io_uring: use the right type for work_llist empty check Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix tracepoint subchannel type field Eric Biggers <ebiggers(a)google.com> crypto: x86/sha512-avx2 - add missing vzeroupper Eric Biggers <ebiggers(a)google.com> crypto: x86/sha256-avx2 - add missing vzeroupper Eric Biggers <ebiggers(a)google.com> crypto: x86/nh-avx2 - add missing vzeroupper Arnd Bergmann <arnd(a)arndb.de> crypto: ccp - drop platform ifdef checks Al Viro <viro(a)zeniv.linux.org.uk> parisc: add missing export of __cmpxchg_u8() Arnd Bergmann <arnd(a)arndb.de> nilfs2: fix out-of-range warning Brian Kubisiak <brian(a)kubisiak.com> ecryptfs: Fix buffer size for tag 66 packet Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> firmware: raspberrypi: Use correct device for DMA mappings Guenter Roeck <linux(a)roeck-us.net> mm/slub, kunit: Use inverted data to corrupt kmem cache Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: qcm: fix unused qcom_scm_qseecom_allowlist Aleksandr Mishin <amishin(a)t-argos.ru> crypto: bcm - Fix pointer arithmetic Eric Sandeen <sandeen(a)redhat.com> openpromfs: finish conversion to the new mount API Eric Biggers <ebiggers(a)google.com> KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST Eric Biggers <ebiggers(a)google.com> KEYS: asymmetric: Add missing dependency on CRYPTO_SIG Takashi Iwai <tiwai(a)suse.de> ALSA: Fix deadlocks with kctl removals at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Set lower bound of start tick time Takashi Iwai <tiwai(a)suse.de> ALSA: core: Fix NULL module pointer assignment at card init Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11. Nandor Kracser <bonifaido(a)gmail.com> ksmbd: ignore trailing slashes in share paths Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate oplock break notifications Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Break dir enumeration if directory contents error Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix case when index is reused during tree transformation Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Taking DOS names into account during link counting Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Remove max link count info display during driver init Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential hang in nilfs_detach_log_writer() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix unexpected freezing of nilfs_segctor_sync() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix use-after-free of timer for log writer thread Nuno Sa <nuno.sa(a)analog.com> dt-bindings: adc: axi-adc: add clocks property Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix false alarm on invalid block address Thorsten Blum <thorsten.blum(a)toblux.com> net: smc91x: Fix m68k kernel compilation for ColdFire CPU Herve Codina <herve.codina(a)bootlin.com> net: lan966x: remove debugfs directory in probe() error path Romain Gantois <romain.gantois(a)bootlin.com> net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() Brennan Xavier McManus <bxmcmanus(a)gmail.com> tools/nolibc/stdlib: fix memory error in realloc() Shuah Khan <skhan(a)linuxfoundation.org> tools/latency-collector: Fix -Wformat-security compile warns Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> net: mana: Fix the extra HZ in mana_hwc_send_request Petr Pavlu <petr.pavlu(a)suse.com> ring-buffer: Fix a race between readers and resize checks Ken Milmore <ken.milmore(a)gmail.com> r8169: Fix possible ring buffer corruption on fragmented Tx packets. Heiner Kallweit <hkallweit1(a)gmail.com> Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already" Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: ensure that normal task_work is also run timely Ming Lei <ming.lei(a)redhat.com> io_uring: fail NOP if non-zero op flags is passed in Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: try trimming too long modalias strings Pin-yen Lin <treapking(a)chromium.org> serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup Doug Berger <opendmb(a)gmail.com> serial: 8250_bcm7271: use default_mux_rate if possible Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Dan Carpenter <dan.carpenter(a)linaro.org> speakup: Fix sizeof() vs ARRAY_SIZE() bug Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix missing receive state reset after mode switch Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Will Deacon <will(a)kernel.org> Reapply "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Ard Biesheuvel <ardb(a)kernel.org> arm64/fpsimd: Avoid erroneous elide of user state reload Will Deacon <will(a)kernel.org> Revert "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Zheng Yejian <zhengyejian1(a)huawei.com> ftrace: Fix possible use-after-free issue in ftrace_location() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix checkbashisms errors Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix BTFARG testcase to check fprobe is enabled correctly Daniel J Blueman <daniel(a)quora.org> x86/tsc: Trust initial offset in architectural TSC-adjust MSRs ------------- Diffstat: .../devicetree/bindings/iio/adc/adi,axi-adc.yaml | 5 + .../devicetree/bindings/media/i2c/ovti,ov2680.yaml | 18 +- .../bindings/thermal/loongson,ls2k-thermal.yaml | 24 ++- Makefile | 4 +- arch/arm/configs/sunxi_defconfig | 1 + arch/arm64/include/asm/irqflags.h | 1 - arch/arm64/kernel/fpsimd.c | 44 ++-- arch/m68k/Kconfig | 2 +- arch/m68k/kernel/entry.S | 4 +- arch/m68k/mac/misc.c | 36 ++-- arch/openrisc/kernel/process.c | 8 +- arch/openrisc/kernel/traps.c | 42 ++-- arch/parisc/kernel/parisc_ksyms.c | 1 + arch/powerpc/sysdev/fsl_msi.c | 2 + arch/riscv/include/asm/csr.h | 2 +- arch/riscv/net/bpf_jit_comp64.c | 20 +- arch/s390/include/asm/gmap.h | 2 +- arch/s390/include/asm/mmu.h | 5 + arch/s390/include/asm/mmu_context.h | 1 + arch/s390/include/asm/pgtable.h | 16 +- arch/s390/kernel/vmlinux.lds.S | 2 +- arch/s390/kvm/kvm-s390.c | 4 +- arch/s390/mm/gmap.c | 165 ++++++++++---- arch/s390/net/bpf_jit_comp.c | 8 +- arch/sh/kernel/kprobes.c | 7 +- arch/sh/lib/checksum.S | 67 ++---- arch/x86/Kconfig | 2 +- arch/x86/boot/compressed/head_64.S | 5 + arch/x86/crypto/nh-avx2-x86_64.S | 1 + arch/x86/crypto/sha256-avx2-asm.S | 1 + arch/x86/crypto/sha512-avx2-asm.S | 1 + arch/x86/include/asm/cmpxchg_64.h | 2 +- arch/x86/include/asm/pgtable_types.h | 2 + arch/x86/include/asm/sparsemem.h | 2 - arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/tsc_sync.c | 6 +- arch/x86/lib/x86-opcode-map.txt | 10 +- arch/x86/mm/numa.c | 4 +- arch/x86/mm/pat/set_memory.c | 68 ++++-- arch/x86/purgatory/Makefile | 3 +- arch/x86/tools/relocs.c | 9 + block/blk-core.c | 9 +- block/blk-merge.c | 2 + block/blk-mq.c | 4 + block/blk.h | 1 + block/fops.c | 2 +- block/genhd.c | 2 +- block/partitions/cmdline.c | 49 ++--- crypto/asymmetric_keys/Kconfig | 3 + drivers/accessibility/speakup/main.c | 2 +- drivers/acpi/acpi_lpss.c | 1 + drivers/acpi/acpica/Makefile | 1 + drivers/acpi/bus.c | 5 + drivers/acpi/numa/srat.c | 5 + drivers/block/null_blk/main.c | 2 + drivers/bluetooth/btmrvl_main.c | 9 - drivers/bluetooth/btqca.c | 4 +- drivers/bluetooth/btrsi.c | 1 - drivers/bluetooth/btsdio.c | 8 - drivers/bluetooth/btusb.c | 5 - drivers/bluetooth/hci_bcm4377.c | 1 - drivers/bluetooth/hci_ldisc.c | 6 - drivers/bluetooth/hci_serdev.c | 5 - drivers/bluetooth/hci_uart.h | 1 - drivers/bluetooth/hci_vhci.c | 10 +- drivers/bluetooth/virtio_bt.c | 2 - drivers/char/hw_random/stm32-rng.c | 18 +- drivers/clk/clk-renesas-pcie.c | 10 +- drivers/clk/mediatek/clk-mt8365-mm.c | 2 +- drivers/clk/mediatek/clk-pllfh.c | 2 +- drivers/clk/qcom/Kconfig | 2 + drivers/clk/qcom/apss-ipq-pll.c | 3 +- drivers/clk/qcom/clk-alpha-pll.c | 1 - drivers/clk/qcom/dispcc-sm6350.c | 11 +- drivers/clk/qcom/dispcc-sm8450.c | 20 +- drivers/clk/qcom/dispcc-sm8550.c | 20 +- drivers/clk/qcom/dispcc-sm8650.c | 20 +- drivers/clk/qcom/mmcc-msm8998.c | 8 + drivers/clk/renesas/r8a779a0-cpg-mssr.c | 2 +- drivers/clk/renesas/r9a07g043-cpg.c | 9 + drivers/clk/samsung/clk-exynosautov9.c | 8 +- drivers/clk/samsung/clk-gs101.c | 225 ++++++++++--------- drivers/clk/samsung/clk.h | 11 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/cpufreq/cpufreq.c | 11 +- drivers/crypto/bcm/spu2.c | 2 +- drivers/crypto/ccp/sp-platform.c | 14 +- .../crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 +- .../crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 +- drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 2 + drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c | 1 + drivers/crypto/intel/qat/qat_common/adf_rl.c | 2 +- .../crypto/intel/qat/qat_common/adf_telemetry.c | 21 ++ .../crypto/intel/qat/qat_common/adf_telemetry.h | 1 + drivers/crypto/marvell/octeontx2/cn10k_cpt.c | 4 + drivers/dax/bus.c | 66 ++---- drivers/dpll/dpll_core.c | 2 +- drivers/edac/skx_common.c | 2 +- drivers/firmware/qcom/qcom_scm.c | 12 +- drivers/firmware/raspberrypi.c | 7 +- drivers/gpio/gpio-npcm-sgpio.c | 10 +- .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- drivers/gpu/drm/arm/malidp_mw.c | 5 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 15 +- .../gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 + drivers/gpu/drm/bridge/chipone-icn6211.c | 6 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 6 +- drivers/gpu/drm/bridge/lontium-lt9611.c | 6 +- drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 +- drivers/gpu/drm/bridge/tc358775.c | 6 +- drivers/gpu/drm/bridge/ti-dlpc3433.c | 17 +- drivers/gpu/drm/ci/test.yml | 6 +- drivers/gpu/drm/drm_bridge.c | 10 +- drivers/gpu/drm/drm_edid.c | 2 +- drivers/gpu/drm/drm_mipi_dsi.c | 6 +- drivers/gpu/drm/imagination/pvr_vm_mips.c | 4 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 8 +- drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 + drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/msm/dp/dp_aux.c | 25 ++- drivers/gpu/drm/msm/dp/dp_aux.h | 1 + drivers/gpu/drm/msm/dp/dp_catalog.c | 7 +- drivers/gpu/drm/msm/dp/dp_catalog.h | 3 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 6 +- drivers/gpu/drm/msm/dp/dp_display.c | 4 + drivers/gpu/drm/msm/dp/dp_link.c | 22 +- drivers/gpu/drm/msm/dp/dp_link.h | 14 +- drivers/gpu/drm/mxsfb/lcdif_drv.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c | 2 +- drivers/gpu/drm/omapdrm/Kconfig | 2 +- drivers/gpu/drm/omapdrm/omap_fbdev.c | 40 +++- drivers/gpu/drm/panel/panel-edp.c | 9 +- drivers/gpu/drm/panel/panel-leadtek-ltk050h3146w.c | 5 +- drivers/gpu/drm/panel/panel-novatek-nt35950.c | 6 +- drivers/gpu/drm/panel/panel-samsung-atna33xc20.c | 22 +- drivers/gpu/drm/panel/panel-simple.c | 3 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 22 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 + drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 10 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 + drivers/infiniband/core/cma.c | 4 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/infiniband/hw/hns/hns_roce_cq.c | 24 ++- drivers/infiniband/hw/hns/hns_roce_device.h | 3 + drivers/infiniband/hw/hns/hns_roce_hem.c | 2 +- drivers/infiniband/hw/hns/hns_roce_hem.h | 12 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 9 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 +- drivers/infiniband/hw/hns/hns_roce_main.c | 8 + drivers/infiniband/hw/hns/hns_roce_mr.c | 15 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 6 +- drivers/infiniband/hw/mana/cq.c | 54 ++--- drivers/infiniband/hw/mana/main.c | 43 ++++ drivers/infiniband/hw/mana/mana_ib.h | 14 +- drivers/infiniband/hw/mana/qp.c | 26 +-- drivers/infiniband/hw/mlx5/mem.c | 8 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 3 +- drivers/infiniband/hw/mlx5/mr.c | 35 ++- drivers/infiniband/sw/rxe/rxe_comp.c | 6 +- drivers/infiniband/sw/rxe/rxe_net.c | 12 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 6 +- drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 +- drivers/input/input.c | 104 +++++++-- drivers/iommu/amd/init.c | 4 +- drivers/iommu/intel/iommu.c | 19 +- drivers/iommu/iommu.c | 21 +- drivers/irqchip/irq-alpine-msi.c | 2 +- drivers/irqchip/irq-loongson-pch-msi.c | 2 +- drivers/macintosh/via-macii.c | 11 +- drivers/md/dm-delay.c | 14 +- drivers/md/md-bitmap.c | 6 +- drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 +- drivers/media/pci/intel/ipu3/ipu3-cio2.c | 10 +- drivers/media/pci/ngene/ngene-core.c | 4 +- drivers/media/platform/cadence/cdns-csi2rx.c | 26 +-- drivers/media/platform/renesas/rcar-vin/rcar-vin.h | 2 +- drivers/media/radio/radio-shark2.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 31 +++ drivers/media/usb/uvc/uvcvideo.h | 1 + drivers/media/v4l2-core/v4l2-subdev.c | 2 + drivers/misc/lkdtm/Makefile | 2 +- drivers/misc/lkdtm/perms.c | 2 +- drivers/mtd/mtdcore.c | 6 +- drivers/mtd/nand/raw/nand_hynix.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 50 ++++- drivers/net/dsa/mv88e6xxx/chip.h | 6 + drivers/net/dsa/mv88e6xxx/global1.c | 89 ++++++++ drivers/net/dsa/mv88e6xxx/global1.h | 2 + drivers/net/ethernet/cortina/gemini.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 26 --- drivers/net/ethernet/intel/ice/ice_ddp.c | 10 +- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 3 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 240 ++++++++++++--------- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 29 +-- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 46 +++- .../net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 +- .../net/ethernet/mellanox/mlx5/core/esw/bridge.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 4 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 28 ++- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 6 +- .../net/ethernet/mellanox/mlx5/core/lag/mpesw.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 +- .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 19 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 6 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 9 +- drivers/net/ethernet/realtek/r8169_main.c | 9 +- drivers/net/ethernet/smsc/smc91x.h | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 8 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 18 +- drivers/net/ethernet/sun/sungem.c | 14 -- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 14 +- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 2 + drivers/net/ethernet/wangxun/libwx/wx_lib.c | 56 ++++- drivers/net/ethernet/wangxun/libwx/wx_lib.h | 2 + drivers/net/ethernet/wangxun/libwx/wx_type.h | 22 ++ drivers/net/ethernet/wangxun/ngbe/ngbe_ethtool.c | 18 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 1 + drivers/net/ethernet/wangxun/txgbe/txgbe_ethtool.c | 18 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 31 +++ drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 1 + drivers/net/phy/micrel.c | 3 +- drivers/net/usb/aqc111.c | 8 +- drivers/net/usb/smsc95xx.c | 15 +- drivers/net/usb/sr9700.c | 10 +- drivers/net/wireless/ath/ar5523/ar5523.c | 14 ++ drivers/net/wireless/ath/ath10k/core.c | 3 + drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 +- drivers/net/wireless/ath/ath10k/hw.h | 1 + drivers/net/wireless/ath/ath10k/targaddrs.h | 3 + drivers/net/wireless/ath/ath10k/wmi.c | 26 ++- drivers/net/wireless/ath/ath11k/mac.c | 9 +- drivers/net/wireless/ath/ath12k/qmi.c | 3 + drivers/net/wireless/ath/ath12k/wmi.c | 2 +- drivers/net/wireless/ath/carl9170/tx.c | 3 +- drivers/net/wireless/ath/carl9170/usb.c | 32 +++ .../wireless/broadcom/brcm80211/brcmfmac/pcie.c | 15 +- drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 42 ++-- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 43 +++- .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 159 ++++++++------ drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 19 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 36 ++-- drivers/net/wireless/intel/iwlwifi/mvm/rx.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 7 +- drivers/net/wireless/marvell/mwl8k.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 46 ++-- drivers/net/wireless/mediatek/mt76/mt7603/mac.c | 1 + .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 3 +- .../net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 12 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 1 + drivers/net/wireless/realtek/rtw89/ps.c | 3 +- drivers/net/wireless/realtek/rtw89/wow.c | 12 +- drivers/of/module.c | 7 +- drivers/perf/hisilicon/hisi_pcie_pmu.c | 14 +- drivers/perf/hisilicon/hns3_pmu.c | 16 +- drivers/perf/riscv_pmu_sbi.c | 2 +- drivers/platform/x86/xiaomi-wmi.c | 18 ++ drivers/power/supply/power_supply_sysfs.c | 20 +- drivers/ptp/ptp_ocp.c | 6 +- drivers/pwm/pwm-meson.c | 15 +- drivers/pwm/pwm-sti.c | 39 +--- drivers/s390/cio/trace.h | 2 +- drivers/scsi/bfa/bfad_debugfs.c | 4 +- drivers/scsi/hpsa.c | 2 +- drivers/scsi/libsas/sas_expander.c | 3 +- drivers/scsi/qedf/qedf_debugfs.c | 2 +- drivers/scsi/qla2xxx/qla_dfs.c | 2 +- drivers/soc/mediatek/mtk-cmdq-helper.c | 5 +- drivers/soc/qcom/pmic_glink.c | 26 ++- drivers/staging/media/atomisp/pci/sh_css.c | 1 + drivers/staging/media/starfive/camss/stf-camss.c | 6 + drivers/thermal/mediatek/lvts_thermal.c | 4 + drivers/thermal/qcom/tsens.c | 2 +- drivers/thermal/thermal_core.c | 12 +- drivers/thermal/thermal_debugfs.c | 27 ++- drivers/thermal/thermal_debugfs.h | 4 +- drivers/tty/n_gsm.c | 140 ++++++++---- drivers/tty/serial/8250/8250_bcm7271.c | 99 +++++---- drivers/tty/serial/8250/8250_mtk.c | 8 +- drivers/tty/serial/sc16is7xx.c | 23 +- drivers/ufs/core/ufs-mcq.c | 3 +- drivers/ufs/core/ufshcd.c | 6 +- drivers/ufs/host/cdns-pltfrm.c | 2 +- drivers/ufs/host/ufs-qcom.c | 7 +- drivers/ufs/host/ufs-qcom.h | 12 +- drivers/video/fbdev/Kconfig | 4 +- drivers/video/fbdev/core/Kconfig | 6 + drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 +- drivers/video/fbdev/sis/init301.c | 3 +- drivers/virt/acrn/mm.c | 61 ++++-- fs/btrfs/extent_io.c | 10 +- fs/dlm/ast.c | 14 ++ fs/dlm/dlm_internal.h | 1 + fs/dlm/user.c | 15 +- fs/ecryptfs/keystore.c | 4 +- fs/exec.c | 11 + fs/ext4/inode.c | 3 - fs/ext4/mballoc.c | 1 + fs/ext4/namei.c | 2 +- fs/f2fs/checkpoint.c | 9 +- fs/gfs2/glock.c | 91 +++++--- fs/gfs2/glock.h | 1 + fs/gfs2/glops.c | 3 + fs/gfs2/incore.h | 1 + fs/gfs2/lock_dlm.c | 32 ++- fs/gfs2/ops_fstype.c | 1 + fs/gfs2/super.c | 3 - fs/gfs2/util.c | 1 - fs/jffs2/xattr.c | 3 + fs/libfs.c | 55 ++++- fs/nfsd/nfsctl.c | 4 +- fs/nilfs2/ioctl.c | 2 +- fs/nilfs2/segment.c | 63 ++++-- fs/ntfs3/dir.c | 1 + fs/ntfs3/index.c | 6 + fs/ntfs3/inode.c | 7 +- fs/ntfs3/record.c | 11 +- fs/ntfs3/super.c | 2 - fs/openpromfs/inode.c | 8 +- fs/smb/server/mgmt/share_config.c | 6 +- fs/smb/server/oplock.c | 21 +- include/drm/drm_displayid.h | 1 - include/drm/drm_mipi_dsi.h | 6 +- include/linux/acpi.h | 6 +- include/linux/bitops.h | 1 + include/linux/dev_printk.h | 25 +-- include/linux/fb.h | 4 + include/linux/fortify-string.h | 3 +- include/linux/fs.h | 2 + include/linux/ieee80211.h | 2 +- include/linux/ksm.h | 13 ++ include/linux/mlx5/driver.h | 1 + include/linux/numa.h | 7 +- include/linux/printk.h | 2 +- include/linux/stmmac.h | 1 - include/net/ax25.h | 3 +- include/net/bluetooth/bluetooth.h | 2 +- include/net/bluetooth/hci.h | 122 +---------- include/net/bluetooth/hci_core.h | 47 +--- include/net/bluetooth/l2cap.h | 11 +- include/net/tcp.h | 5 +- include/trace/events/asoc.h | 2 + include/uapi/linux/bpf.h | 2 +- include/uapi/linux/virtio_bt.h | 1 - io_uring/io-wq.c | 13 +- io_uring/io_uring.h | 2 +- io_uring/net.c | 1 + io_uring/nop.c | 2 + io_uring/sqpoll.c | 6 +- kernel/bpf/syscall.c | 5 + kernel/bpf/verifier.c | 29 ++- kernel/cgroup/cpuset.c | 2 +- kernel/rcu/tasks.h | 2 +- kernel/rcu/tree_stall.h | 3 +- kernel/sched/core.c | 2 +- kernel/sched/fair.c | 53 +++-- kernel/sched/topology.c | 2 +- kernel/trace/ftrace.c | 39 ++-- kernel/trace/ring_buffer.c | 9 + kernel/trace/trace_events_user.c | 76 ++++++- lib/fortify_kunit.c | 22 +- lib/kunit/device.c | 2 +- lib/kunit/test.c | 3 + lib/kunit/try-catch.c | 9 +- lib/slub_kunit.c | 2 +- lib/test_hmm.c | 8 +- mm/shmem.c | 3 +- mm/userfaultfd.c | 35 +++ net/ax25/ax25_dev.c | 48 ++--- net/bluetooth/hci_conn.c | 3 +- net/bluetooth/hci_core.c | 141 ++---------- net/bluetooth/hci_event.c | 150 +------------ net/bluetooth/hci_sock.c | 5 +- net/bluetooth/hci_sync.c | 207 ++++-------------- net/bluetooth/iso.c | 75 ++++--- net/bluetooth/l2cap_core.c | 77 ++++--- net/bluetooth/l2cap_sock.c | 91 ++++++-- net/bluetooth/mgmt.c | 84 +++----- net/bridge/br_device.c | 6 + net/bridge/br_mst.c | 16 +- net/core/dev.c | 3 +- net/ipv4/devinet.c | 13 +- net/ipv4/tcp_ipv4.c | 13 +- net/ipv4/udp.c | 21 +- net/ipv6/reassembly.c | 2 +- net/ipv6/seg6.c | 5 +- net/ipv6/udp.c | 20 +- net/l2tp/l2tp_core.c | 44 +++- net/mac80211/cfg.c | 12 +- net/mac80211/ieee80211_i.h | 3 +- net/mac80211/iface.c | 4 +- net/mac80211/mlme.c | 53 +++-- net/mac80211/scan.c | 16 +- net/mptcp/protocol.h | 3 + net/mptcp/sockopt.c | 60 +++++- net/netrom/nr_route.c | 19 +- net/openvswitch/flow.c | 3 +- net/packet/af_packet.c | 3 +- net/qrtr/ns.c | 27 +++ net/sunrpc/auth_gss/svcauth_gss.c | 10 +- net/sunrpc/svc.c | 2 - net/unix/af_unix.c | 2 +- net/wireless/nl80211.c | 14 +- net/wireless/scan.c | 47 +++- samples/landlock/sandboxer.c | 5 +- scripts/module.lds.S | 1 + sound/core/init.c | 11 +- sound/core/timer.c | 8 + sound/pci/hda/cs35l41_hda_property.c | 4 +- sound/pci/hda/patch_realtek.c | 3 + sound/soc/intel/avs/boards/ssm4567.c | 1 - sound/soc/intel/avs/cldma.c | 2 +- sound/soc/intel/avs/icl.c | 5 +- sound/soc/intel/avs/path.c | 1 + sound/soc/intel/avs/pcm.c | 4 + sound/soc/intel/avs/probes.c | 14 +- sound/soc/intel/boards/bxt_da7219_max98357a.c | 1 + sound/soc/intel/boards/bxt_rt298.c | 1 + sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 + sound/soc/intel/boards/kbl_da7219_max98357a.c | 1 + sound/soc/intel/boards/kbl_da7219_max98927.c | 4 + sound/soc/intel/boards/kbl_rt5660.c | 1 + sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 + .../soc/intel/boards/kbl_rt5663_rt5514_max98927.c | 1 + sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 + sound/soc/intel/boards/skl_nau88l25_max98357a.c | 1 + sound/soc/intel/boards/skl_rt286.c | 1 + sound/soc/kirkwood/kirkwood-dma.c | 3 + sound/soc/mediatek/common/mtk-soundcard-driver.c | 6 +- sound/soc/sof/intel/hda-dai.c | 31 ++- sound/soc/sof/intel/lnl.c | 3 +- sound/soc/sof/intel/lnl.h | 15 ++ sound/soc/sof/intel/mtl.c | 46 +++- sound/soc/sof/intel/mtl.h | 4 +- tools/arch/x86/lib/x86-opcode-map.txt | 10 +- tools/bpf/bpftool/common.c | 96 +++++++-- tools/bpf/bpftool/iter.c | 2 +- tools/bpf/bpftool/main.h | 3 +- tools/bpf/bpftool/prog.c | 5 +- tools/bpf/bpftool/skeleton/pid_iter.bpf.c | 4 +- tools/bpf/bpftool/struct_ops.c | 2 +- tools/include/nolibc/stdlib.h | 2 +- tools/include/uapi/linux/bpf.h | 2 +- tools/lib/bpf/bpf.c | 2 +- tools/lib/bpf/features.c | 2 +- tools/lib/bpf/libbpf.c | 9 +- tools/testing/selftests/bpf/cgroup_helpers.c | 3 + tools/testing/selftests/bpf/network_helpers.c | 2 + .../selftests/bpf/prog_tests/cgroup1_hierarchy.c | 7 +- .../selftests/bpf/prog_tests/xdp_do_redirect.c | 4 +- .../bpf/progs/bench_local_storage_create.c | 5 +- tools/testing/selftests/bpf/progs/local_storage.c | 20 +- tools/testing/selftests/bpf/progs/lsm_cgroup.c | 8 +- tools/testing/selftests/bpf/test_sockmap.c | 2 +- tools/testing/selftests/cgroup/cgroup_util.c | 8 +- tools/testing/selftests/cgroup/cgroup_util.h | 2 +- tools/testing/selftests/cgroup/test_core.c | 7 +- tools/testing/selftests/cgroup/test_cpu.c | 2 +- tools/testing/selftests/cgroup/test_cpuset.c | 2 +- tools/testing/selftests/cgroup/test_freezer.c | 2 +- .../testing/selftests/cgroup/test_hugetlb_memcg.c | 2 +- tools/testing/selftests/cgroup/test_kill.c | 2 +- tools/testing/selftests/cgroup/test_kmem.c | 2 +- tools/testing/selftests/cgroup/test_memcontrol.c | 2 +- tools/testing/selftests/cgroup/test_zswap.c | 2 +- tools/testing/selftests/damon/_damon_sysfs.py | 2 + .../selftests/filesystems/binderfs/Makefile | 2 - .../ftrace/test.d/dynevent/add_remove_btfarg.tc | 2 +- .../ftrace/test.d/dynevent/fprobe_entry_arg.tc | 2 +- .../ftrace/test.d/kprobe/kretprobe_entry_arg.tc | 2 +- tools/testing/selftests/kcmp/kcmp_test.c | 2 +- tools/testing/selftests/kselftest/ktap_helpers.sh | 4 +- tools/testing/selftests/lib.mk | 12 +- tools/testing/selftests/net/amt.sh | 12 +- tools/testing/selftests/net/config | 1 + .../selftests/net/forwarding/bridge_igmp.sh | 6 +- .../testing/selftests/net/forwarding/bridge_mld.sh | 6 +- tools/testing/selftests/net/lib.sh | 6 +- .../power_supply/test_power_supply_properties.sh | 2 +- tools/testing/selftests/resctrl/Makefile | 4 +- tools/tracing/latency/latency-collector.c | 8 +- 489 files changed, 4172 insertions(+), 2830 deletions(-)

11 months, 1 week

11
437
0 0

Seeking Explanation on an Unknown Transaction from Your Store

by linda＠thomadevelopment.com

Hello, I hope this note finds you well. I recently checked my account statement and observed a expense from your shop that I do not remember. The expense appears strange to me, and I would value your assistance in clarifying it. Could you please offer clarification on this charge? Any information you can give would be greatly valued. Thank you for your prompt response to this concern. Best regards, Linda Smith

11 months, 1 week

1
0
0 0

[PATCH v3 2/2] xhci: Apply broken streams quirk to Etron EJ188 xHCI host

by Kuangyi Chiang

As described in commit 8f873c1ff4ca ("xhci: Blacklist using streams on the Etron EJ168 controller"), EJ188 have the same issue as EJ168, where Streams do not work reliable on EJ188. So apply XHCI_BROKEN_STREAMS quirk to EJ188 as well. Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuangyi Chiang <ki.chiang65(a)gmail.com> --- Changes in v3: - Fix coding style Changes in v2: - Porting to latest release drivers/usb/host/xhci-pci.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index dd8256e4e02a..05881153883e 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -397,8 +397,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_BROKEN_STREAMS; } if (pdev->vendor == PCI_VENDOR_ID_ETRON && - pdev->device == PCI_DEVICE_ID_EJ188) + pdev->device == PCI_DEVICE_ID_EJ188) { xhci->quirks |= XHCI_RESET_ON_RESUME; + xhci->quirks |= XHCI_BROKEN_STREAMS; + } if (pdev->vendor == PCI_VENDOR_ID_RENESAS && pdev->device == 0x0014) { -- 2.25.1

11 months, 1 week

1
1
0 0

[PATCH v3] clk: qcom: gcc-ipq9574: Add BRANCH_HALT_VOTED flag

by Md Sadre Alam

The crypto_ahb and crypto_axi clks are hardware voteable. This means that the halt bit isn't reliable because some other voter in the system, e.g. TrustZone, could be keeping the clk enabled when the kernel turns it off from clk_disable(). Make these clks use voting mode by changing the halt check to BRANCH_HALT_VOTED and toggle the voting bit in the voting register instead of directly controlling the branch by writing to the branch register. This fixes stuck clk warnings seen on ipq9574 and saves power by actually turning the clk off. Also changes the CRYPTO_AHB_CLK_ENA & CRYPTO_AXI_CLK_ENA offset to 0xb004 from 0x16014. Cc: stable(a)vger.kernel.org Fixes: f6b2bd9cb29a ("clk: qcom: gcc-ipq9574: Enable crypto clocks") Signed-off-by: Md Sadre Alam <quic_mdalam(a)quicinc.com> --- Change in [v3] * Updated commit message Change in [v2] * Added Fixes tag and stable kernel tag * updated commit message about offset change drivers/clk/qcom/gcc-ipq9574.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/clk/qcom/gcc-ipq9574.c b/drivers/clk/qcom/gcc-ipq9574.c index 0a3f846695b8..f8b9a1e93bef 100644 --- a/drivers/clk/qcom/gcc-ipq9574.c +++ b/drivers/clk/qcom/gcc-ipq9574.c @@ -2140,9 +2140,10 @@ static struct clk_rcg2 pcnoc_bfdcd_clk_src = { static struct clk_branch gcc_crypto_axi_clk = { .halt_reg = 0x16010, + .halt_check = BRANCH_HALT_VOTED, .clkr = { - .enable_reg = 0x16010, - .enable_mask = BIT(0), + .enable_reg = 0xb004, + .enable_mask = BIT(15), .hw.init = &(const struct clk_init_data) { .name = "gcc_crypto_axi_clk", .parent_hws = (const struct clk_hw *[]) { @@ -2156,9 +2157,10 @@ static struct clk_branch gcc_crypto_axi_clk = { static struct clk_branch gcc_crypto_ahb_clk = { .halt_reg = 0x16014, + .halt_check = BRANCH_HALT_VOTED, .clkr = { - .enable_reg = 0x16014, - .enable_mask = BIT(0), + .enable_reg = 0xb004, + .enable_mask = BIT(16), .hw.init = &(const struct clk_init_data) { .name = "gcc_crypto_ahb_clk", .parent_hws = (const struct clk_hw *[]) { -- 2.34.1

11 months, 1 week

2
1
0 0

+ mm-hugetlb-do-not-call-vma_add_reservation-upon-enomem.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: do not call vma_add_reservation upon ENOMEM has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-do-not-call-vma_add_reservation-upon-enomem.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Oscar Salvador <osalvador(a)suse.de> Subject: mm/hugetlb: do not call vma_add_reservation upon ENOMEM Date: Tue, 28 May 2024 22:53:23 +0200 sysbot reported a splat [1] on __unmap_hugepage_range(). This is because vma_needs_reservation() can return -ENOMEM if allocate_file_region_entries() fails to allocate the file_region struct for the reservation. Check for that and do not call vma_add_reservation() if that is the case, otherwise region_abort() and region_del() will see that we do not have any file_regions. If we detect that vma_needs_reservation() returned -ENOMEM, we clear the hugetlb_restore_reserve flag as if this reservation was still consumed, so free_huge_folio() will not increment the resv count. [1] https://lore.kernel.org/linux-mm/0000000000004096100617c58d54@google.com/T/… Link: https://lkml.kernel.org/r/20240528205323.20439-1-osalvador@suse.de Fixes: df7a6d1f6405 ("mm/hugetlb: restore the reservation if needed") Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Reported-and-tested-by: syzbot+d3fe2dc5ffe9380b714b(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/0000000000004096100617c58d54@google.com/ Cc: Breno Leitao <leitao(a)debian.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-do-not-call-vma_add_reservation-upon-enomem +++ a/mm/hugetlb.c @@ -5768,8 +5768,20 @@ void __unmap_hugepage_range(struct mmu_g * do_exit() will not see it, and will keep the reservation * forever. */ - if (adjust_reservation && vma_needs_reservation(h, vma, address)) - vma_add_reservation(h, vma, address); + if (adjust_reservation) { + int rc = vma_needs_reservation(h, vma, address); + + if (rc < 0) + /* Pressumably allocate_file_region_entries failed + * to allocate a file_region struct. Clear + * hugetlb_restore_reserve so that global reserve + * count will not be incremented by free_huge_folio. + * Act as if we consumed the reservation. + */ + folio_clear_hugetlb_restore_reserve(page_folio(page)); + else if (rc) + vma_add_reservation(h, vma, address); + } tlb_remove_page_size(tlb, page, huge_page_size(h)); /* _ Patches currently in -mm which might be from osalvador(a)suse.de are mm-hugetlb-do-not-call-vma_add_reservation-upon-enomem.patch mm-hugetlb-drop-node_alloc_noretry-from-alloc_fresh_hugetlb_folio.patch

11 months, 1 week

1
0
0 0

+ mm-ksm-fix-ksm_zero_pages-accounting.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/ksm: fix ksm_zero_pages accounting has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-ksm-fix-ksm_zero_pages-accounting.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Chengming Zhou <chengming.zhou(a)linux.dev> Subject: mm/ksm: fix ksm_zero_pages accounting Date: Tue, 28 May 2024 13:15:22 +0800 We normally ksm_zero_pages++ in ksmd when page is merged with zero page, but ksm_zero_pages-- is done from page tables side, where there is no any accessing protection of ksm_zero_pages. So we can read very exceptional value of ksm_zero_pages in rare cases, such as -1, which is very confusing to users. Fix it by changing to use atomic_long_t, and the same case with the mm->ksm_zero_pages. Link: https://lkml.kernel.org/r/20240528-b4-ksm-counters-v3-2-34bb358fdc13@linux.… Fixes: e2942062e01d ("ksm: count all zero pages placed by KSM") Fixes: 6080d19f0704 ("ksm: add ksm zero pages for each process") Signed-off-by: Chengming Zhou <chengming.zhou(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Ran Xiaokai <ran.xiaokai(a)zte.com.cn> Cc: Stefan Roesch <shr(a)devkernel.io> Cc: xu xin <xu.xin16(a)zte.com.cn> Cc: Yang Yang <yang.yang29(a)zte.com.cn> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/base.c | 2 +- include/linux/ksm.h | 17 ++++++++++++++--- include/linux/mm_types.h | 2 +- mm/ksm.c | 11 +++++------ 4 files changed, 21 insertions(+), 11 deletions(-) --- a/fs/proc/base.c~mm-ksm-fix-ksm_zero_pages-accounting +++ a/fs/proc/base.c @@ -3214,7 +3214,7 @@ static int proc_pid_ksm_stat(struct seq_ mm = get_task_mm(task); if (mm) { seq_printf(m, "ksm_rmap_items %lu\n", mm->ksm_rmap_items); - seq_printf(m, "ksm_zero_pages %lu\n", mm->ksm_zero_pages); + seq_printf(m, "ksm_zero_pages %ld\n", mm_ksm_zero_pages(mm)); seq_printf(m, "ksm_merging_pages %lu\n", mm->ksm_merging_pages); seq_printf(m, "ksm_process_profit %ld\n", ksm_process_profit(mm)); mmput(mm); --- a/include/linux/ksm.h~mm-ksm-fix-ksm_zero_pages-accounting +++ a/include/linux/ksm.h @@ -33,16 +33,27 @@ void __ksm_exit(struct mm_struct *mm); */ #define is_ksm_zero_pte(pte) (is_zero_pfn(pte_pfn(pte)) && pte_dirty(pte)) -extern unsigned long ksm_zero_pages; +extern atomic_long_t ksm_zero_pages; + +static inline void ksm_map_zero_page(struct mm_struct *mm) +{ + atomic_long_inc(&ksm_zero_pages); + atomic_long_inc(&mm->ksm_zero_pages); +} static inline void ksm_might_unmap_zero_page(struct mm_struct *mm, pte_t pte) { if (is_ksm_zero_pte(pte)) { - ksm_zero_pages--; - mm->ksm_zero_pages--; + atomic_long_dec(&ksm_zero_pages); + atomic_long_dec(&mm->ksm_zero_pages); } } +static inline long mm_ksm_zero_pages(struct mm_struct *mm) +{ + return atomic_long_read(&mm->ksm_zero_pages); +} + static inline int ksm_fork(struct mm_struct *mm, struct mm_struct *oldmm) { if (test_bit(MMF_VM_MERGEABLE, &oldmm->flags)) --- a/include/linux/mm_types.h~mm-ksm-fix-ksm_zero_pages-accounting +++ a/include/linux/mm_types.h @@ -985,7 +985,7 @@ struct mm_struct { * Represent how many empty pages are merged with kernel zero * pages when enabling KSM use_zero_pages. */ - unsigned long ksm_zero_pages; + atomic_long_t ksm_zero_pages; #endif /* CONFIG_KSM */ #ifdef CONFIG_LRU_GEN_WALKS_MMU struct { --- a/mm/ksm.c~mm-ksm-fix-ksm_zero_pages-accounting +++ a/mm/ksm.c @@ -296,7 +296,7 @@ static bool ksm_use_zero_pages __read_mo static bool ksm_smart_scan = true; /* The number of zero pages which is placed by KSM */ -unsigned long ksm_zero_pages; +atomic_long_t ksm_zero_pages = ATOMIC_LONG_INIT(0); /* The number of pages that have been skipped due to "smart scanning" */ static unsigned long ksm_pages_skipped; @@ -1429,8 +1429,7 @@ static int replace_page(struct vm_area_s * the dirty bit in zero page's PTE is set. */ newpte = pte_mkdirty(pte_mkspecial(pfn_pte(page_to_pfn(kpage), vma->vm_page_prot))); - ksm_zero_pages++; - mm->ksm_zero_pages++; + ksm_map_zero_page(mm); /* * We're replacing an anonymous page with a zero page, which is * not anonymous. We need to do proper accounting otherwise we @@ -3373,7 +3372,7 @@ static void wait_while_offlining(void) #ifdef CONFIG_PROC_FS long ksm_process_profit(struct mm_struct *mm) { - return (long)(mm->ksm_merging_pages + mm->ksm_zero_pages) * PAGE_SIZE - + return (long)(mm->ksm_merging_pages + mm_ksm_zero_pages(mm)) * PAGE_SIZE - mm->ksm_rmap_items * sizeof(struct ksm_rmap_item); } #endif /* CONFIG_PROC_FS */ @@ -3662,7 +3661,7 @@ KSM_ATTR_RO(pages_skipped); static ssize_t ksm_zero_pages_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { - return sysfs_emit(buf, "%ld\n", ksm_zero_pages); + return sysfs_emit(buf, "%ld\n", atomic_long_read(&ksm_zero_pages)); } KSM_ATTR_RO(ksm_zero_pages); @@ -3671,7 +3670,7 @@ static ssize_t general_profit_show(struc { long general_profit; - general_profit = (ksm_pages_sharing + ksm_zero_pages) * PAGE_SIZE - + general_profit = (ksm_pages_sharing + atomic_long_read(&ksm_zero_pages)) * PAGE_SIZE - ksm_rmap_items * sizeof(struct ksm_rmap_item); return sysfs_emit(buf, "%ld\n", general_profit); _ Patches currently in -mm which might be from chengming.zhou(a)linux.dev are mm-ksm-fix-ksm_pages_scanned-accounting.patch mm-ksm-fix-ksm_zero_pages-accounting.patch

11 months, 1 week

1
0
0 0

+ mm-ksm-fix-ksm_pages_scanned-accounting.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/ksm: fix ksm_pages_scanned accounting has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-ksm-fix-ksm_pages_scanned-accounting.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Chengming Zhou <chengming.zhou(a)linux.dev> Subject: mm/ksm: fix ksm_pages_scanned accounting Date: Tue, 28 May 2024 13:15:21 +0800 Patch series "mm/ksm: fix some accounting problems", v3. We encountered some abnormal ksm_pages_scanned and ksm_zero_pages during some random tests. 1. ksm_pages_scanned unchanged even ksmd scanning has progress. 2. ksm_zero_pages maybe -1 in some rare cases. This patch (of 2): During testing, I found ksm_pages_scanned is unchanged although the scan_get_next_rmap_item() did return valid rmap_item that is not NULL. The reason is the scan_get_next_rmap_item() will return NULL after a full scan, so ksm_do_scan() just return without accounting of the ksm_pages_scanned. Fix it by just putting ksm_pages_scanned accounting in that loop, and it will be accounted more timely if that loop would last for a long time. Link: https://lkml.kernel.org/r/20240528-b4-ksm-counters-v3-0-34bb358fdc13@linux.… Link: https://lkml.kernel.org/r/20240528-b4-ksm-counters-v3-1-34bb358fdc13@linux.… Fixes: b348b5fe2b5f ("mm/ksm: add pages scanned metric") Signed-off-by: Chengming Zhou <chengming.zhou(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: xu xin <xu.xin16(a)zte.com.cn> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Ran Xiaokai <ran.xiaokai(a)zte.com.cn> Cc: Stefan Roesch <shr(a)devkernel.io> Cc: Yang Yang <yang.yang29(a)zte.com.cn> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/ksm.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/mm/ksm.c~mm-ksm-fix-ksm_pages_scanned-accounting +++ a/mm/ksm.c @@ -2753,18 +2753,16 @@ static void ksm_do_scan(unsigned int sca { struct ksm_rmap_item *rmap_item; struct page *page; - unsigned int npages = scan_npages; - while (npages-- && likely(!freezing(current))) { + while (scan_npages-- && likely(!freezing(current))) { cond_resched(); rmap_item = scan_get_next_rmap_item(&page); if (!rmap_item) return; cmp_and_merge_page(page, rmap_item); put_page(page); + ksm_pages_scanned++; } - - ksm_pages_scanned += scan_npages - npages; } static int ksmd_should_run(void) _ Patches currently in -mm which might be from chengming.zhou(a)linux.dev are mm-ksm-fix-ksm_pages_scanned-accounting.patch mm-ksm-fix-ksm_zero_pages-accounting.patch

11 months, 1 week

1
0
0 0

[PATCH net v2] sock_map: avoid race between sock_map_close and sk_psock_put

by Thadeu Lima de Souza Cascardo

sk_psock_get will return NULL if the refcount of psock has gone to 0, which will happen when the last call of sk_psock_put is done. However, sk_psock_drop may not have finished yet, so the close callback will still point to sock_map_close despite psock being NULL. This can be reproduced with a thread deleting an element from the sock map, while the second one creates a socket, adds it to the map and closes it. That will trigger the WARN_ON_ONCE: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7220 at net/core/sock_map.c:1701 sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701 Modules linked in: CPU: 1 PID: 7220 Comm: syz-executor380 Not tainted 6.9.0-syzkaller-07726-g3c999d1ae3c7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701 Code: df e8 92 29 88 f8 48 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 79 29 88 f8 4c 8b 23 eb 89 e8 4f 15 23 f8 90 <0f> 0b 90 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 13 26 3d 02 RSP: 0018:ffffc9000441fda8 EFLAGS: 00010293 RAX: ffffffff89731ae1 RBX: ffffffff94b87540 RCX: ffff888029470000 RDX: 0000000000000000 RSI: ffffffff8bcab5c0 RDI: ffffffff8c1faba0 RBP: 0000000000000000 R08: ffffffff92f9b61f R09: 1ffffffff25f36c3 R10: dffffc0000000000 R11: fffffbfff25f36c4 R12: ffffffff89731840 R13: ffff88804b587000 R14: ffff88804b587000 R15: ffffffff89731870 FS: 000055555e080380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000207d4000 CR4: 0000000000350ef0 Call Trace: <TASK> unix_release+0x87/0xc0 net/unix/af_unix.c:1048 __sock_release net/socket.c:659 [inline] sock_close+0xbe/0x240 net/socket.c:1421 __fput+0x42b/0x8a0 fs/file_table.c:422 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1541 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb37d618070 Code: 00 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d4 e8 10 2c 00 00 80 3d 31 f0 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c RSP: 002b:00007ffcd4a525d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fb37d618070 RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000100000000 R09: 0000000100000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Use sk_psock, which will only check that the pointer is not been set to NULL yet, which should only happen after the callbacks are restored. If, then, a reference can still be gotten, we may call sk_psock_stop and cancel psock->work. As suggested by Paolo Abeni, reorder the condition so the control flow is less convoluted. After that change, the reproducer does not trigger the WARN_ON_ONCE anymore. Suggested-by: Paolo Abeni <pabeni(a)redhat.com> Reported-by: syzbot+07a2e4a1a57118ef7355(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=07a2e4a1a57118ef7355 Fixes: aadb2bb83ff7 ("sock_map: Fix a potential use-after-free in sock_map_close()") Fixes: 5b4a79ba65a1 ("bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself") Cc: stable(a)vger.kernel.org Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> --- v2: change control flow as suggested by Paolo Abeni v1: https://lore.kernel.org/netdev/20240520214153.847619-1-cascardo@igalia.com/ --- net/core/sock_map.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 9402889840bf..c3179567a99a 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -1680,19 +1680,23 @@ void sock_map_close(struct sock *sk, long timeout) lock_sock(sk); rcu_read_lock(); - psock = sk_psock_get(sk); - if (unlikely(!psock)) { - rcu_read_unlock(); - release_sock(sk); - saved_close = READ_ONCE(sk->sk_prot)->close; - } else { + psock = sk_psock(sk); + if (likely(psock)) { saved_close = psock->saved_close; sock_map_remove_links(sk, psock); + psock = sk_psock_get(sk); + if (unlikely(!psock)) + goto no_psock; rcu_read_unlock(); sk_psock_stop(psock); release_sock(sk); cancel_delayed_work_sync(&psock->work); sk_psock_put(sk, psock); + } else { + saved_close = READ_ONCE(sk->sk_prot)->close; +no_psock: + rcu_read_unlock(); + release_sock(sk); } /* Make sure we do not recurse. This is a bug. -- 2.34.1

11 months, 1 week

4
3
0 0

+ kmsan-do-not-wipe-out-origin-when-doing-partial-unpoisoning.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kmsan: do not wipe out origin when doing partial unpoisoning has been added to the -mm mm-hotfixes-unstable branch. Its filename is kmsan-do-not-wipe-out-origin-when-doing-partial-unpoisoning.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Potapenko <glider(a)google.com> Subject: kmsan: do not wipe out origin when doing partial unpoisoning Date: Tue, 28 May 2024 12:48:06 +0200 As noticed by Brian, KMSAN should not be zeroing the origin when unpoisoning parts of a four-byte uninitialized value, e.g.: char a[4]; kmsan_unpoison_memory(a, 1); This led to false negatives, as certain poisoned values could receive zero origins, preventing those values from being reported. To fix the problem, check that kmsan_internal_set_shadow_origin() writes zero origins only to slots which have zero shadow. Link: https://lkml.kernel.org/r/20240528104807.738758-1-glider@google.com Fixes: f80be4571b19 ("kmsan: add KMSAN runtime core") Signed-off-by: Alexander Potapenko <glider(a)google.com> Reported-by: Brian Johannesmeyer <bjohannesmeyer(a)gmail.com> Link: https://lore.kernel.org/lkml/20240524232804.1984355-1-bjohannesmeyer@gmail.… Reviewed-by: Marco Elver <elver(a)google.com> Tested-by: Brian Johannesmeyer <bjohannesmeyer(a)gmail.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kmsan/core.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) --- a/mm/kmsan/core.c~kmsan-do-not-wipe-out-origin-when-doing-partial-unpoisoning +++ a/mm/kmsan/core.c @@ -196,8 +196,7 @@ void kmsan_internal_set_shadow_origin(vo u32 origin, bool checked) { u64 address = (u64)addr; - void *shadow_start; - u32 *origin_start; + u32 *shadow_start, *origin_start; size_t pad = 0; KMSAN_WARN_ON(!kmsan_metadata_is_contiguous(addr, size)); @@ -225,8 +224,16 @@ void kmsan_internal_set_shadow_origin(vo origin_start = (u32 *)kmsan_get_metadata((void *)address, KMSAN_META_ORIGIN); - for (int i = 0; i < size / KMSAN_ORIGIN_SIZE; i++) - origin_start[i] = origin; + /* + * If the new origin is non-zero, assume that the shadow byte is also non-zero, + * and unconditionally overwrite the old origin slot. + * If the new origin is zero, overwrite the old origin slot iff the + * corresponding shadow slot is zero. + */ + for (int i = 0; i < size / KMSAN_ORIGIN_SIZE; i++) { + if (origin || !shadow_start[i]) + origin_start[i] = origin; + } } struct page *kmsan_vmalloc_to_page_or_null(void *vaddr) _ Patches currently in -mm which might be from glider(a)google.com are kmsan-do-not-wipe-out-origin-when-doing-partial-unpoisoning.patch

11 months, 1 week

1
0
0 0

[PATCH] fs/netfs/fscache_cookie: add missing "n_accesses" check

by Max Kellermann

This fixes a NULL pointer dereference bug due to a data race which looks like this: BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018 Workqueue: events_unbound netfs_rreq_write_to_cache_work RIP: 0010:cachefiles_prepare_write+0x30/0xa0 Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10 RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286 RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000 RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438 RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001 R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68 R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00 FS: 0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x70 ? page_fault_oops+0x15d/0x440 ? search_module_extables+0xe/0x40 ? fixup_exception+0x22/0x2f0 ? exc_page_fault+0x5f/0x100 ? asm_exc_page_fault+0x22/0x30 ? cachefiles_prepare_write+0x30/0xa0 netfs_rreq_write_to_cache_work+0x135/0x2e0 process_one_work+0x137/0x2c0 worker_thread+0x2e9/0x400 ? __pfx_worker_thread+0x10/0x10 kthread+0xcc/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Modules linked in: CR2: 0000000000000008 ---[ end trace 0000000000000000 ]--- This happened because fscache_cookie_state_machine() was slow and was still running while another process invoked fscache_unuse_cookie(); this led to a fscache_cookie_lru_do_one() call, setting the FSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by fscache_cookie_state_machine(), withdrawing the cookie via cachefiles_withdraw_cookie(), clearing cookie->cache_priv. At the same time, yet another process invoked cachefiles_prepare_write(), which found a NULL pointer in this code line: struct cachefiles_object *object = cachefiles_cres_object(cres); The next line crashes, obviously: struct cachefiles_cache *cache = object->volume->cache; During cachefiles_prepare_write(), the "n_accesses" counter is non-zero (via fscache_begin_operation()). The cookie must not be withdrawn until it drops to zero. The counter is checked by fscache_cookie_state_machine() before switching to FSCACHE_COOKIE_STATE_RELINQUISHING and FSCACHE_COOKIE_STATE_WITHDRAWING (in "case FSCACHE_COOKIE_STATE_FAILED"), but not for FSCACHE_COOKIES_TATE_LRU_DISCARDING ("case FSCACHE_COOKIE_STATE_ACTIVE"). This patch adds the missing check. With a non-zero access counter, the function returns and the next fscache_end_cookie_access() call will queue another fscache_cookie_state_machine() call to handle the still-pending FSCACHE_COOKIE_DO_LRU_DISCARD. Cc: <stable(a)vger.kernel.org> Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/netfs/fscache_cookie.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/netfs/fscache_cookie.c b/fs/netfs/fscache_cookie.c index bce2492186d0..d4d4b3a8b106 100644 --- a/fs/netfs/fscache_cookie.c +++ b/fs/netfs/fscache_cookie.c @@ -741,6 +741,10 @@ static void fscache_cookie_state_machine(struct fscache_cookie *cookie) spin_lock(&cookie->lock); } if (test_bit(FSCACHE_COOKIE_DO_LRU_DISCARD, &cookie->flags)) { + if (atomic_read(&cookie->n_accesses) != 0) + /* still being accessed: postpone it */ + break; + __fscache_set_cookie_state(cookie, FSCACHE_COOKIE_STATE_LRU_DISCARDING); wake = true; -- 2.39.2

11 months, 1 week

1
0
0 0

Re: [PATCH v3] af_packet: Handle outgoing VLAN packets without hardware offloading

by Willem de Bruijn

On Mon, May 27, 2024 at 11:40 PM Chengen Du <chengen.du(a)canonical.com> wrote: > > Hi Willem, > > Thank you for your suggestions on the patch. > However, there are some parts I am not familiar with, and I would appreciate more detailed information from your side. Please respond with plain-text email. This message did not make it to the list. Also no top posting. https://docs.kernel.org/process/submitting-patches.html https://subspace.kernel.org/etiquette.html > > > @@ -2457,7 +2465,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, > > > sll->sll_halen = dev_parse_header(skb, sll->sll_addr); > > > sll->sll_family = AF_PACKET; > > > sll->sll_hatype = dev->type; > > > - sll->sll_protocol = skb->protocol; > > > + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? > > > + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; > > > > In SOCK_RAW mode, the VLAN tag will be present, so should be returned. > > Based on libpcap's handling, the SLL may not be used in SOCK_RAW mode. The kernel fills in the sockaddr_ll fields in tpacket_rcv for both SOCK_RAW and SOCK_DGRAM. Libpcap already can use both SOCK_RAW and SOCK_DGRAM. And constructs the sll2_header pseudo header that tcpdump sees itself, in pcap_handle_packet_mmap. > Do you recommend evaluating the mode and maintaining the original logic in SOCK_RAW mode, > or should we use the same logic for both SOCK_DGRAM and SOCK_RAW modes? I suggest keeping as is for SOCK_RAW, as returning data that starts at a VLAN header together with skb->protocol of ETH_P_IPV6 would be just as confusing as the inverse that we do today on SOCK_DGRAM. > > > > I'm concerned about returning a different value between SOCK_RAW and > > SOCK_DGRAM. But don't immediately see a better option. And for > > SOCK_DGRAM this approach is indistinguishable from the result on a > > device with hardware offload, so is acceptable. > > > > This test for ETH_P_8021Q ignores the QinQ stacked VLAN case. When > > fixing VLAN encap, both variants should be addressed at the same time. > > Note that ETH_P_8021AD is included in the eth_type_vlan test you call > > above. > > In patch 1, the eth_type_vlan() function is used to determine if we need to set the sll_protocol to the VLAN-encapsulated protocol, which includes both ETH_P_8021Q and ETH_P_8021AD. > You mentioned previously that we might want the true network protocol instead of the inner VLAN tag in the QinQ case (which means 802.1ad?). > I believe I may have misunderstood your point. I mean that if SOCK_DGRAM strips all VLAN headers to return the data from the start of the true network header, then skb->protocol should return that network protocol. With vlan stacking, your patch currently returns ETH_P_8021Q. See the packet formats in https://en.wikipedia.org/wiki/IEEE_802.1ad#Frame_format if you're confused about how stacking works. > Could you please confirm if both ETH_P_8021Q and ETH_P_8021AD should use the VLAN-encapsulated protocol when VLAN hardware offloading is unavailable? > Or are there other aspects that this judgment does not handle correctly?

11 months, 1 week

1
0
0 0

[PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591

by WangYuli

Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 79aefdb3324d..7b9421423ebc 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, /* Realtek 8852BT/8852BE-VT Bluetooth devices */ { USB_DEVICE(0x0bda, 0x8520), .driver_info = BTUSB_REALTEK | -- 2.45.1

11 months, 1 week

1
0
0 0

[PATCH 1/1] j1939: recover socket queue on CAN bus error during BAM transmission

by Oleksij Rempel

Addresses an issue where a CAN bus error during a BAM transmission could stall the socket queue, preventing further transmissions even after the bus error is resolved. The fix activates the next queued session after the error recovery, allowing communication to continue. Fixes: 9d71dd0c70099 ("can: add support of SAE J1939 protocol") Cc: stable(a)vger.kernel.org Reported-by: Alexander Hölzl <alexander.hoelzl(a)gmx.net> Tested-by: Alexander Hölzl <alexander.hoelzl(a)gmx.net> Signed-off-by: Oleksij Rempel <o.rempel(a)pengutronix.de> --- net/can/j1939/transport.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/can/j1939/transport.c b/net/can/j1939/transport.c index fe3df23a25957..9805124d16763 100644 --- a/net/can/j1939/transport.c +++ b/net/can/j1939/transport.c @@ -1681,6 +1681,8 @@ static int j1939_xtp_rx_rts_session_active(struct j1939_session *session, j1939_session_timers_cancel(session); j1939_session_cancel(session, J1939_XTP_ABORT_BUSY); + if (session->transmission) + j1939_session_deactivate_activate_next(session); return -EBUSY; } -- 2.39.2

11 months, 1 week

2
1
0 0

Quick note, current 6.1 q successful test

by Eddie Chapman

Just a quick note to say I've just booted 6.1.92, plus the 274 patches in the current stable queue applied, on an x86-64 workstation and no problems or issues to report, no unexpected errors in dmesg. (AMD Ryzen, 3 x AMD gpu, sata, nvme, lots of USB, Gentoo, SELinux, KDE) Eddie

11 months, 1 week

1
0
0 0

[PATCH V3 1/8] clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL

by Ajit Pandey

In LUCID EVO PLL CAL_L_VAL and L_VAL bitfields are part of single PLL_L_VAL register. Update for L_VAL bitfield values in PLL_L_VAL register using regmap_write() API in __alpha_pll_trion_set_rate callback will override LUCID EVO PLL initial configuration related to PLL_CAL_L_VAL bit fields in PLL_L_VAL register. Observed random PLL lock failures during PLL enable due to such override in PLL calibration value. Use regmap_update_bits() with L_VAL bitfield mask instead of regmap_write() API to update only PLL_L_VAL bitfields in __alpha_pll_trion_set_rate callback. Fixes: 260e36606a03 ("clk: qcom: clk-alpha-pll: add Lucid EVO PLL configuration interfaces") Cc: stable(a)vger.kernel.org Signed-off-by: Ajit Pandey <quic_ajipan(a)quicinc.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- drivers/clk/qcom/clk-alpha-pll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/qcom/clk-alpha-pll.c b/drivers/clk/qcom/clk-alpha-pll.c index d4227909d1fe..62138ed3df88 100644 --- a/drivers/clk/qcom/clk-alpha-pll.c +++ b/drivers/clk/qcom/clk-alpha-pll.c @@ -1665,7 +1665,7 @@ static int __alpha_pll_trion_set_rate(struct clk_hw *hw, unsigned long rate, if (ret < 0) return ret; - regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + regmap_update_bits(pll->clkr.regmap, PLL_L_VAL(pll), LUCID_EVO_PLL_L_VAL_MASK, l); regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); /* Latch the PLL input */ -- 2.25.1

11 months, 1 week

1
0
0 0

[PATCH v2 2/2] xhci: Apply broken streams quirk to Etron EJ188 xHCI host

by Kuangyi Chiang

As described in commit 8f873c1ff4ca ("xhci: Blacklist using streams on the Etron EJ168 controller"), EJ188 have the same issue as EJ168, where Streams do not work reliable on EJ188. So apply XHCI_BROKEN_STREAMS quirk to EJ188 as well. Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuangyi Chiang <ki.chiang65(a)gmail.com> --- Changes in v2: - Porting to latest release drivers/usb/host/xhci-pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index b47d57d80b96..effeec5cf1fa 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -399,6 +399,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->vendor == PCI_VENDOR_ID_ETRON && pdev->device == PCI_DEVICE_ID_EJ188) { xhci->quirks |= XHCI_RESET_ON_RESUME; + xhci->quirks |= XHCI_BROKEN_STREAMS; } if (pdev->vendor == PCI_VENDOR_ID_RENESAS && pdev->device == 0x0014) { -- 2.25.1

11 months, 1 week

3
3
0 0

[PATCH 0/2] cpufreq: qcom-nvmem: fix memory leaks and add auto device node cleanup

by Javier Carrasco

There are a number of error paths in the probe function that do not call of_node_put() to decrement the np device node refcount, leading to memory leaks if those errors occur. In order to ease backporting, the fix has been divided into two patches: the first one simply adds the missing calls to of_node_put(), and the second one adds the __free() macro to the existing device nodes to remove the need for of_node_put(), ensuring that the same bug will not arise in the future. The issue was found by chance while analyzing the code, and I do not have the hardware to test it beyond compiling and static analysis tools. Although the issue is clear and the fix too, if someone wants to volunteer to test the series with real hardware, it would be great. Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Javier Carrasco (2): cpufreq: qcom-nvmem: fix memory leaks in probe error paths cpufreq: qcom-nvmem: eliminate uses of of_node_put() drivers/cpufreq/qcom-cpufreq-nvmem.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) --- base-commit: 3689b0ef08b70e4e03b82ebd37730a03a672853a change-id: 20240523-qcom-cpufreq-nvmem_memleak-6b6821db52b1 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

11 months, 1 week

2
2
0 0

[PATCH v2 2/2] xhci: Apply broken streams quirk to Etron EJ188 xHCI host

by Kuangyi Chiang

As described in commit 8f873c1ff4ca ("xhci: Blacklist using streams on the Etron EJ168 controller"), EJ188 have the same issue as EJ168, where Streams do not work reliable on EJ188. So apply XHCI_BROKEN_STREAMS quirk to EJ188 as well. Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuangyi Chiang <ki.chiang65(a)gmail.com> --- Changes in v2: - Porting to latest release drivers/usb/host/xhci-pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index b47d57d80b96..effeec5cf1fa 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -399,6 +399,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->vendor == PCI_VENDOR_ID_ETRON && pdev->device == PCI_DEVICE_ID_EJ188) { xhci->quirks |= XHCI_RESET_ON_RESUME; + xhci->quirks |= XHCI_BROKEN_STREAMS; } if (pdev->vendor == PCI_VENDOR_ID_RENESAS && pdev->device == 0x0014) { -- 2.25.1

11 months, 1 week

1
1
0 0

[PATCH AUTOSEL 4.19] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index 74b5914abbf7e..123a5572fe5b1 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/mfd/cros_ec.h> #include <linux/mfd/cros_ec_commands.h> @@ -530,16 +531,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

11 months, 1 week

1
0
0 0

[PATCH AUTOSEL 5.10 1/2] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index 0a4f02e4ae7ba..d7ee1eb9ca880 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

11 months, 1 week

1
1
0 0

[PATCH AUTOSEL 5.15 1/2] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index 0a4f02e4ae7ba..d7ee1eb9ca880 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

11 months, 1 week

1
1
0 0

[PATCH AUTOSEL 6.1 1/2] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index b6c96376776a9..8008e31c0c098 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

11 months, 1 week

1
1
0 0

[PATCH AUTOSEL 6.6 1/4] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index b6c96376776a9..8008e31c0c098 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

11 months, 1 week

1
3
0 0

[PATCH AUTOSEL 6.8 1/4] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index b6c96376776a9..8008e31c0c098 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

11 months, 1 week

1
3
0 0

[PATCH AUTOSEL 6.9 1/5] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index b6c96376776a9..8008e31c0c098 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

11 months, 1 week

1
4
0 0

Linux 6.9.2

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.2 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/stable/sysfs-block | 10 ++ Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 Documentation/admin-guide/mm/damon/usage.rst | 6 - Documentation/sphinx/kernel_include.py | 1 Makefile | 2 arch/x86/include/asm/percpu.h | 6 - block/genhd.c | 15 ++- block/partitions/core.c | 5 - drivers/android/binder.c | 2 drivers/android/binder_internal.h | 2 drivers/bluetooth/btusb.c | 1 drivers/cpufreq/amd-pstate.c | 22 ++++- drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 + drivers/media/v4l2-core/v4l2-ctrls-core.c | 18 +--- drivers/net/ethernet/micrel/ks8851_common.c | 18 ---- drivers/net/usb/ax88179_178a.c | 37 ++++++-- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 10 -- drivers/remoteproc/mtk_scp.c | 10 ++ drivers/tty/serial/kgdboc.c | 30 ++++++- drivers/usb/dwc3/gadget.c | 4 drivers/usb/typec/tipd/core.c | 51 ++++++++---- drivers/usb/typec/tipd/tps6598x.h | 11 ++ drivers/usb/typec/ucsi/displayport.c | 4 include/linux/blkdev.h | 13 +++ include/net/bluetooth/hci.h | 9 ++ include/net/bluetooth/hci_core.h | 1 net/bluetooth/hci_conn.c | 75 ++++++++++++------ net/bluetooth/hci_event.c | 31 ++++--- net/bluetooth/iso.c | 2 net/bluetooth/l2cap_core.c | 17 ---- net/bluetooth/sco.c | 6 - security/keys/trusted-keys/trusted_tpm2.c | 25 ++++-- sound/soc/intel/boards/Makefile | 1 sound/soc/intel/boards/sof_sdw.c | 12 +- sound/soc/intel/boards/sof_sdw_common.h | 1 sound/soc/intel/boards/sof_sdw_rt_dmic.c | 52 ++++++++++++ 36 files changed, 356 insertions(+), 165 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 AngeloGioacchino Del Regno (1): remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Bard Liao (1): ASoC: Intel: sof_sdw: use generic rtd_init function for Realtek SDW DMICs Ben Greear (1): wifi: iwlwifi: Use request_module_nowait Carlos Llamas (1): binder: fix max_thread type inconsistency Christoph Hellwig (2): block: add a disk_has_partscan helper block: add a partscan sysfs attribute for disks Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Greg Kroah-Hartman (1): Linux 6.9.2 Hans Verkuil (1): Revert "media: v4l2-ctrls: show all owned controls in log_status" Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Jarkko Sakkinen (2): KEYS: trusted: Fix memory leak in tpm2_key_encode() KEYS: trusted: Do not use WARN when encode fails Javier Carrasco (2): usb: typec: tipd: fix event checking for tps25750 usb: typec: tipd: fix event checking for tps6598x Jose Fernandez (1): drm/amd/display: Fix division by zero in setup_dsc_config Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: fix link status when link is set to down/up Perry Yuan (1): cpufreq: amd-pstate: fix the highest frequency issue which limits performance Peter Tsao (1): Bluetooth: btusb: Fix the patch for MT7920 the affected to MT7921 Prashanth K (1): usb: dwc3: Wait unconditionally after issuing EndXfer command Ronald Wahl (1): net: ks8851: Fix another TX stall caused by wrong ISR flag handling SeongJae Park (2): Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Docs/admin-guide/mm/damon/usage: fix wrong schemes effective quota update command Sungwoo Kim (1): Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() Thomas Weißschuh (1): admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET Uros Bizjak (1): x86/percpu: Use __force to cast from __percpu address space

11 months, 1 week

3
3
0 0

[PATCH v3] mei: vsc: Don't stop/restart mei device during system suspend/resume

by Wentong Wu

The dynamically created mei client device (mei csi) is used as one V4L2 sub device of the whole video pipeline, and the V4L2 connection graph is built by software node. The mei_stop() and mei_restart() will delete the old mei csi client device and create a new mei client device, which will cause the software node information saved in old mei csi device lost and the whole video pipeline will be broken. Removing mei_stop()/mei_restart() during system suspend/resume can fix the issue above and won't impact hardware actual power saving logic. Fixes: f6085a96c973 ("mei: vsc: Unregister interrupt handler for system suspend") Cc: stable(a)vger.kernel.org # for 6.8+ Reported-by: Hao Yao <hao.yao(a)intel.com> Signed-off-by: Wentong Wu <wentong.wu(a)intel.com> Reviewed-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Tested-by: Jason Chen <jason.z.chen(a)intel.com> Tested-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> --- Changes since v2: - add change log which is not covered by v2, and no code change Changes since v1: - correct Fixes commit id in commit message, and no code change --- drivers/misc/mei/platform-vsc.c | 39 +++++++++++++-------------------- 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/drivers/misc/mei/platform-vsc.c b/drivers/misc/mei/platform-vsc.c index b543e6b9f3cf..1ec65d87488a 100644 --- a/drivers/misc/mei/platform-vsc.c +++ b/drivers/misc/mei/platform-vsc.c @@ -399,41 +399,32 @@ static void mei_vsc_remove(struct platform_device *pdev) static int mei_vsc_suspend(struct device *dev) { - struct mei_device *mei_dev = dev_get_drvdata(dev); - struct mei_vsc_hw *hw = mei_dev_to_vsc_hw(mei_dev); + struct mei_device *mei_dev; + int ret = 0; - mei_stop(mei_dev); + mei_dev = dev_get_drvdata(dev); + if (!mei_dev) + return -ENODEV; - mei_disable_interrupts(mei_dev); + mutex_lock(&mei_dev->device_lock); - vsc_tp_free_irq(hw->tp); + if (!mei_write_is_idle(mei_dev)) + ret = -EAGAIN; - return 0; + mutex_unlock(&mei_dev->device_lock); + + return ret; } static int mei_vsc_resume(struct device *dev) { - struct mei_device *mei_dev = dev_get_drvdata(dev); - struct mei_vsc_hw *hw = mei_dev_to_vsc_hw(mei_dev); - int ret; - - ret = vsc_tp_request_irq(hw->tp); - if (ret) - return ret; - - ret = mei_restart(mei_dev); - if (ret) - goto err_free; + struct mei_device *mei_dev; - /* start timer if stopped in suspend */ - schedule_delayed_work(&mei_dev->timer_work, HZ); + mei_dev = dev_get_drvdata(dev); + if (!mei_dev) + return -ENODEV; return 0; - -err_free: - vsc_tp_free_irq(hw->tp); - - return ret; } static DEFINE_SIMPLE_DEV_PM_OPS(mei_vsc_pm_ops, mei_vsc_suspend, mei_vsc_resume); -- 2.34.1

11 months, 1 week

3
2
0 0

[PATCH 1/2] drm/rockchip: vop: clear DMA stop bit on flush on RK3066

by Val Packett

On the RK3066, there is a bit that must be cleared on flush, otherwise we do not get display output (at least for RGB). Signed-off-by: Val Packett <val(a)packett.cool> Cc: stable(a)vger.kernel.org --- Hi! This was required to get display working on an old RK3066 tablet, along with the next tiny patch in the series enabling the RGB output. I have spent quite a lot of time banging my head against the wall debugging that display (especially since at the same time a scaler chip is used for LVDS encoding), but finally adding debug prints showed that RK3066_SYS_CTRL0 ended up being reset to all-zero after being written correctly upon init. Looking at the register definitions in the vendor driver revealed that the reason was pretty self-explanatory: "dma_stop". --- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 3 +++ drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 1 + drivers/gpu/drm/rockchip/rockchip_vop_reg.c | 1 + 3 files changed, 5 insertions(+) diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c index a13473b2d..d4daeba74 100644 --- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c +++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c @@ -1578,6 +1578,9 @@ static void vop_crtc_atomic_flush(struct drm_crtc *crtc, spin_lock(&vop->reg_lock); + /* If the chip has a DMA stop bit (RK3066), it must be cleared. */ + VOP_REG_SET(vop, common, dma_stop, 0); + /* Enable AFBC if there is some AFBC window, disable otherwise. */ s = to_rockchip_crtc_state(crtc->state); VOP_AFBC_SET(vop, enable, s->enable_afbc); diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.h b/drivers/gpu/drm/rockchip/rockchip_drm_vop.h index b33e5bdc2..0cf512cc1 100644 --- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.h +++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.h @@ -122,6 +122,7 @@ struct vop_common { struct vop_reg lut_buffer_index; struct vop_reg gate_en; struct vop_reg mmu_en; + struct vop_reg dma_stop; struct vop_reg out_mode; struct vop_reg standby; }; diff --git a/drivers/gpu/drm/rockchip/rockchip_vop_reg.c b/drivers/gpu/drm/rockchip/rockchip_vop_reg.c index b9ee02061..9bcb40a64 100644 --- a/drivers/gpu/drm/rockchip/rockchip_vop_reg.c +++ b/drivers/gpu/drm/rockchip/rockchip_vop_reg.c @@ -466,6 +466,7 @@ static const struct vop_output rk3066_output = { }; static const struct vop_common rk3066_common = { + .dma_stop = VOP_REG(RK3066_SYS_CTRL0, 0x1, 0), .standby = VOP_REG(RK3066_SYS_CTRL0, 0x1, 1), .out_mode = VOP_REG(RK3066_DSP_CTRL0, 0xf, 0), .cfg_done = VOP_REG(RK3066_REG_CFG_DONE, 0x1, 0), -- 2.45.0

11 months, 1 week

3
10
0 0

[PATCH] iio: imu: inv_icm42600: delete unneeded update watermark call

by inv.git-commit＠tdk.com

From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Update watermark will be done inside the hwfifo_set_watermark callback just after the update_scan_mode. It is useless to do it here. Fixes: 7f85e42a6c54 ("iio: imu: inv_icm42600: add buffer support in iio devices") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> --- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 4 ---- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 4 ---- 2 files changed, 8 deletions(-) diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c index 83d8504ebfff..4b2566693614 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c @@ -130,10 +130,6 @@ static int inv_icm42600_accel_update_scan_mode(struct iio_dev *indio_dev, /* update data FIFO write */ inv_sensors_timestamp_apply_odr(ts, 0, 0, 0); ret = inv_icm42600_buffer_set_fifo_en(st, fifo_en | st->fifo.en); - if (ret) - goto out_unlock; - - ret = inv_icm42600_buffer_update_watermark(st); out_unlock: mutex_unlock(&st->lock); diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c index e6f8de80128c..938af5b640b0 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c @@ -130,10 +130,6 @@ static int inv_icm42600_gyro_update_scan_mode(struct iio_dev *indio_dev, /* update data FIFO write */ inv_sensors_timestamp_apply_odr(ts, 0, 0, 0); ret = inv_icm42600_buffer_set_fifo_en(st, fifo_en | st->fifo.en); - if (ret) - goto out_unlock; - - ret = inv_icm42600_buffer_update_watermark(st); out_unlock: mutex_unlock(&st->lock); -- 2.34.1

11 months, 1 week

1
0
0 0

Re: [PATCH 6.9 000/427] 6.9.3-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

11 months, 1 week

1
0
0 0

Re: Patch "nilfs2: make superblock data array index computation sparse friendly" has been added to the 6.9-stable tree

by Ryusuke Konishi

On Mon, May 27, 2024 at 2:21 AM Sasha Levin wrote: > > This is a note to let you know that I've just added the patch titled > > nilfs2: make superblock data array index computation sparse friendly > > to the 6.9-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > nilfs2-make-superblock-data-array-index-computation-.patch > and it can be found in the queue-6.9 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 5017482ff3b29550015cce7f81279dc69aefd6fe > Author: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> > Date: Tue Apr 30 17:00:19 2024 +0900 > > nilfs2: make superblock data array index computation sparse friendly > > [ Upstream commit 91d743a9c8299de1fc1b47428d8bb4c85face00f ] > > Upon running sparse, "warning: dubious: x & !y" is output at an array > index calculation within nilfs_load_super_block(). > > The calculation is not wrong, but to eliminate the sparse warning, replace > it with an equivalent calculation. > > Also, add a comment to make it easier to understand what the unintuitive > array index calculation is doing and whether it's correct. > > Link: https://lkml.kernel.org/r/20240430080019.4242-3-konishi.ryusuke@gmail.com > Fixes: e339ad31f599 ("nilfs2: introduce secondary super block") > Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> > Cc: Bart Van Assche <bvanassche(a)acm.org> > Cc: Jens Axboe <axboe(a)kernel.dk> > Cc: kernel test robot <lkp(a)intel.com> > Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c > index 2ae2c1bbf6d17..adbc6e87471ab 100644 > --- a/fs/nilfs2/the_nilfs.c > +++ b/fs/nilfs2/the_nilfs.c > @@ -592,7 +592,7 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs, > struct nilfs_super_block **sbp = nilfs->ns_sbp; > struct buffer_head **sbh = nilfs->ns_sbh; > u64 sb2off, devsize = bdev_nr_bytes(nilfs->ns_bdev); > - int valid[2], swp = 0; > + int valid[2], swp = 0, older; > > if (devsize < NILFS_SEG_MIN_BLOCKS * NILFS_MIN_BLOCK_SIZE + 4096) { > nilfs_err(sb, "device size too small"); > @@ -648,9 +648,25 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs, > if (swp) > nilfs_swap_super_block(nilfs); > > + /* > + * Calculate the array index of the older superblock data. > + * If one has been dropped, set index 0 pointing to the remaining one, > + * otherwise set index 1 pointing to the old one (including if both > + * are the same). > + * > + * Divided case valid[0] valid[1] swp -> older > + * ------------------------------------------------------------- > + * Both SBs are invalid 0 0 N/A (Error) > + * SB1 is invalid 0 1 1 0 > + * SB2 is invalid 1 0 0 0 > + * SB2 is newer 1 1 1 0 > + * SB2 is older or the same 1 1 0 1 > + */ > + older = valid[1] ^ swp; > + > nilfs->ns_sbwcount = 0; > nilfs->ns_sbwtime = le64_to_cpu(sbp[0]->s_wtime); > - nilfs->ns_prot_seq = le64_to_cpu(sbp[valid[1] & !swp]->s_last_seq); > + nilfs->ns_prot_seq = le64_to_cpu(sbp[older]->s_last_seq); > *sbpp = sbp[0]; > return 0; > } This commit fixes the sparse warning output by build "make C=1" with the sparse check, but does not fix any operational bugs. Therefore, if fixing a harmless sparse warning does not meet the requirements for backporting to stable trees (I assume it does), please drop it as it is a false positive pickup. Sorry if the "Fixes:" tag is confusing. The same goes for the same patch queued to other stable-trees. Thanks, Ryusuke Konishi

11 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] ftrace: Fix possible use-after-free issue in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x e60b613df8b6253def41215402f72986fee3fc8d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052700-ferry-breeder-caa8@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e60b613df8b6253def41215402f72986fee3fc8d Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Fri, 10 May 2024 03:28:59 +0800 Subject: [PATCH] ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem(). Link: https://lore.kernel.org/linux-trace-kernel/20240509192859.1273558-1-zhengye… Cc: stable(a)vger.kernel.org Cc: <mhiramat(a)kernel.org> Cc: <mark.rutland(a)arm.com> Cc: <mathieu.desnoyers(a)efficios.com> Fixes: ae6aa16fdc16 ("kprobes: introduce ftrace based optimization") Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 5a01d72f66db..2308c0a2fd29 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1595,12 +1595,15 @@ static struct dyn_ftrace *lookup_rec(unsigned long start, unsigned long end) unsigned long ftrace_location_range(unsigned long start, unsigned long end) { struct dyn_ftrace *rec; + unsigned long ip = 0; + rcu_read_lock(); rec = lookup_rec(start, end); if (rec) - return rec->ip; + ip = rec->ip; + rcu_read_unlock(); - return 0; + return ip; } /** @@ -1614,25 +1617,22 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) */ unsigned long ftrace_location(unsigned long ip) { - struct dyn_ftrace *rec; + unsigned long loc; unsigned long offset; unsigned long size; - rec = lookup_rec(ip, ip); - if (!rec) { + loc = ftrace_location_range(ip, ip); + if (!loc) { if (!kallsyms_lookup_size_offset(ip, &size, &offset)) goto out; /* map sym+0 to __fentry__ */ if (!offset) - rec = lookup_rec(ip, ip + size - 1); + loc = ftrace_location_range(ip, ip + size - 1); } - if (rec) - return rec->ip; - out: - return 0; + return loc; } /** @@ -6591,6 +6591,8 @@ static int ftrace_process_locs(struct module *mod, /* We should have used all pages unless we skipped some */ if (pg_unuse) { WARN_ON(!skipped); + /* Need to synchronize with ftrace_location_range() */ + synchronize_rcu(); ftrace_free_pages(pg_unuse); } return ret; @@ -6804,6 +6806,9 @@ void ftrace_release_mod(struct module *mod) out_unlock: mutex_unlock(&ftrace_lock); + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) + synchronize_rcu(); for (pg = tmp_page; pg; pg = tmp_page) { /* Needs to be called outside of ftrace_lock */ @@ -7137,6 +7142,7 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) unsigned long start = (unsigned long)(start_ptr); unsigned long end = (unsigned long)(end_ptr); struct ftrace_page **last_pg = &ftrace_pages_start; + struct ftrace_page *tmp_page = NULL; struct ftrace_page *pg; struct dyn_ftrace *rec; struct dyn_ftrace key; @@ -7178,12 +7184,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) ftrace_update_tot_cnt--; if (!pg->index) { *last_pg = pg->next; - if (pg->records) { - free_pages((unsigned long)pg->records, pg->order); - ftrace_number_of_pages -= 1 << pg->order; - } - ftrace_number_of_groups--; - kfree(pg); + pg->next = tmp_page; + tmp_page = pg; pg = container_of(last_pg, struct ftrace_page, next); if (!(*last_pg)) ftrace_pages = pg; @@ -7200,6 +7202,11 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) clear_func_from_hashes(func); kfree(func); } + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) { + synchronize_rcu(); + ftrace_free_pages(tmp_page); + } } void __init ftrace_free_init_mem(void)

11 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ftrace: Fix possible use-after-free issue in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x e60b613df8b6253def41215402f72986fee3fc8d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052759-earmark-vagrantly-05cf@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e60b613df8b6253def41215402f72986fee3fc8d Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Fri, 10 May 2024 03:28:59 +0800 Subject: [PATCH] ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem(). Link: https://lore.kernel.org/linux-trace-kernel/20240509192859.1273558-1-zhengye… Cc: stable(a)vger.kernel.org Cc: <mhiramat(a)kernel.org> Cc: <mark.rutland(a)arm.com> Cc: <mathieu.desnoyers(a)efficios.com> Fixes: ae6aa16fdc16 ("kprobes: introduce ftrace based optimization") Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 5a01d72f66db..2308c0a2fd29 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1595,12 +1595,15 @@ static struct dyn_ftrace *lookup_rec(unsigned long start, unsigned long end) unsigned long ftrace_location_range(unsigned long start, unsigned long end) { struct dyn_ftrace *rec; + unsigned long ip = 0; + rcu_read_lock(); rec = lookup_rec(start, end); if (rec) - return rec->ip; + ip = rec->ip; + rcu_read_unlock(); - return 0; + return ip; } /** @@ -1614,25 +1617,22 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) */ unsigned long ftrace_location(unsigned long ip) { - struct dyn_ftrace *rec; + unsigned long loc; unsigned long offset; unsigned long size; - rec = lookup_rec(ip, ip); - if (!rec) { + loc = ftrace_location_range(ip, ip); + if (!loc) { if (!kallsyms_lookup_size_offset(ip, &size, &offset)) goto out; /* map sym+0 to __fentry__ */ if (!offset) - rec = lookup_rec(ip, ip + size - 1); + loc = ftrace_location_range(ip, ip + size - 1); } - if (rec) - return rec->ip; - out: - return 0; + return loc; } /** @@ -6591,6 +6591,8 @@ static int ftrace_process_locs(struct module *mod, /* We should have used all pages unless we skipped some */ if (pg_unuse) { WARN_ON(!skipped); + /* Need to synchronize with ftrace_location_range() */ + synchronize_rcu(); ftrace_free_pages(pg_unuse); } return ret; @@ -6804,6 +6806,9 @@ void ftrace_release_mod(struct module *mod) out_unlock: mutex_unlock(&ftrace_lock); + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) + synchronize_rcu(); for (pg = tmp_page; pg; pg = tmp_page) { /* Needs to be called outside of ftrace_lock */ @@ -7137,6 +7142,7 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) unsigned long start = (unsigned long)(start_ptr); unsigned long end = (unsigned long)(end_ptr); struct ftrace_page **last_pg = &ftrace_pages_start; + struct ftrace_page *tmp_page = NULL; struct ftrace_page *pg; struct dyn_ftrace *rec; struct dyn_ftrace key; @@ -7178,12 +7184,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) ftrace_update_tot_cnt--; if (!pg->index) { *last_pg = pg->next; - if (pg->records) { - free_pages((unsigned long)pg->records, pg->order); - ftrace_number_of_pages -= 1 << pg->order; - } - ftrace_number_of_groups--; - kfree(pg); + pg->next = tmp_page; + tmp_page = pg; pg = container_of(last_pg, struct ftrace_page, next); if (!(*last_pg)) ftrace_pages = pg; @@ -7200,6 +7202,11 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) clear_func_from_hashes(func); kfree(func); } + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) { + synchronize_rcu(); + ftrace_free_pages(tmp_page); + } } void __init ftrace_free_init_mem(void)

11 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ftrace: Fix possible use-after-free issue in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e60b613df8b6253def41215402f72986fee3fc8d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052758-tweezers-sassy-6775@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e60b613df8b6253def41215402f72986fee3fc8d Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Fri, 10 May 2024 03:28:59 +0800 Subject: [PATCH] ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem(). Link: https://lore.kernel.org/linux-trace-kernel/20240509192859.1273558-1-zhengye… Cc: stable(a)vger.kernel.org Cc: <mhiramat(a)kernel.org> Cc: <mark.rutland(a)arm.com> Cc: <mathieu.desnoyers(a)efficios.com> Fixes: ae6aa16fdc16 ("kprobes: introduce ftrace based optimization") Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 5a01d72f66db..2308c0a2fd29 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1595,12 +1595,15 @@ static struct dyn_ftrace *lookup_rec(unsigned long start, unsigned long end) unsigned long ftrace_location_range(unsigned long start, unsigned long end) { struct dyn_ftrace *rec; + unsigned long ip = 0; + rcu_read_lock(); rec = lookup_rec(start, end); if (rec) - return rec->ip; + ip = rec->ip; + rcu_read_unlock(); - return 0; + return ip; } /** @@ -1614,25 +1617,22 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) */ unsigned long ftrace_location(unsigned long ip) { - struct dyn_ftrace *rec; + unsigned long loc; unsigned long offset; unsigned long size; - rec = lookup_rec(ip, ip); - if (!rec) { + loc = ftrace_location_range(ip, ip); + if (!loc) { if (!kallsyms_lookup_size_offset(ip, &size, &offset)) goto out; /* map sym+0 to __fentry__ */ if (!offset) - rec = lookup_rec(ip, ip + size - 1); + loc = ftrace_location_range(ip, ip + size - 1); } - if (rec) - return rec->ip; - out: - return 0; + return loc; } /** @@ -6591,6 +6591,8 @@ static int ftrace_process_locs(struct module *mod, /* We should have used all pages unless we skipped some */ if (pg_unuse) { WARN_ON(!skipped); + /* Need to synchronize with ftrace_location_range() */ + synchronize_rcu(); ftrace_free_pages(pg_unuse); } return ret; @@ -6804,6 +6806,9 @@ void ftrace_release_mod(struct module *mod) out_unlock: mutex_unlock(&ftrace_lock); + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) + synchronize_rcu(); for (pg = tmp_page; pg; pg = tmp_page) { /* Needs to be called outside of ftrace_lock */ @@ -7137,6 +7142,7 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) unsigned long start = (unsigned long)(start_ptr); unsigned long end = (unsigned long)(end_ptr); struct ftrace_page **last_pg = &ftrace_pages_start; + struct ftrace_page *tmp_page = NULL; struct ftrace_page *pg; struct dyn_ftrace *rec; struct dyn_ftrace key; @@ -7178,12 +7184,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) ftrace_update_tot_cnt--; if (!pg->index) { *last_pg = pg->next; - if (pg->records) { - free_pages((unsigned long)pg->records, pg->order); - ftrace_number_of_pages -= 1 << pg->order; - } - ftrace_number_of_groups--; - kfree(pg); + pg->next = tmp_page; + tmp_page = pg; pg = container_of(last_pg, struct ftrace_page, next); if (!(*last_pg)) ftrace_pages = pg; @@ -7200,6 +7202,11 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) clear_func_from_hashes(func); kfree(func); } + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) { + synchronize_rcu(); + ftrace_free_pages(tmp_page); + } } void __init ftrace_free_init_mem(void)

11 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ftrace: Fix possible use-after-free issue in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e60b613df8b6253def41215402f72986fee3fc8d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052757-fantasy-resent-77c6@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e60b613df8b6253def41215402f72986fee3fc8d Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Fri, 10 May 2024 03:28:59 +0800 Subject: [PATCH] ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem(). Link: https://lore.kernel.org/linux-trace-kernel/20240509192859.1273558-1-zhengye… Cc: stable(a)vger.kernel.org Cc: <mhiramat(a)kernel.org> Cc: <mark.rutland(a)arm.com> Cc: <mathieu.desnoyers(a)efficios.com> Fixes: ae6aa16fdc16 ("kprobes: introduce ftrace based optimization") Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 5a01d72f66db..2308c0a2fd29 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1595,12 +1595,15 @@ static struct dyn_ftrace *lookup_rec(unsigned long start, unsigned long end) unsigned long ftrace_location_range(unsigned long start, unsigned long end) { struct dyn_ftrace *rec; + unsigned long ip = 0; + rcu_read_lock(); rec = lookup_rec(start, end); if (rec) - return rec->ip; + ip = rec->ip; + rcu_read_unlock(); - return 0; + return ip; } /** @@ -1614,25 +1617,22 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) */ unsigned long ftrace_location(unsigned long ip) { - struct dyn_ftrace *rec; + unsigned long loc; unsigned long offset; unsigned long size; - rec = lookup_rec(ip, ip); - if (!rec) { + loc = ftrace_location_range(ip, ip); + if (!loc) { if (!kallsyms_lookup_size_offset(ip, &size, &offset)) goto out; /* map sym+0 to __fentry__ */ if (!offset) - rec = lookup_rec(ip, ip + size - 1); + loc = ftrace_location_range(ip, ip + size - 1); } - if (rec) - return rec->ip; - out: - return 0; + return loc; } /** @@ -6591,6 +6591,8 @@ static int ftrace_process_locs(struct module *mod, /* We should have used all pages unless we skipped some */ if (pg_unuse) { WARN_ON(!skipped); + /* Need to synchronize with ftrace_location_range() */ + synchronize_rcu(); ftrace_free_pages(pg_unuse); } return ret; @@ -6804,6 +6806,9 @@ void ftrace_release_mod(struct module *mod) out_unlock: mutex_unlock(&ftrace_lock); + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) + synchronize_rcu(); for (pg = tmp_page; pg; pg = tmp_page) { /* Needs to be called outside of ftrace_lock */ @@ -7137,6 +7142,7 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) unsigned long start = (unsigned long)(start_ptr); unsigned long end = (unsigned long)(end_ptr); struct ftrace_page **last_pg = &ftrace_pages_start; + struct ftrace_page *tmp_page = NULL; struct ftrace_page *pg; struct dyn_ftrace *rec; struct dyn_ftrace key; @@ -7178,12 +7184,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) ftrace_update_tot_cnt--; if (!pg->index) { *last_pg = pg->next; - if (pg->records) { - free_pages((unsigned long)pg->records, pg->order); - ftrace_number_of_pages -= 1 << pg->order; - } - ftrace_number_of_groups--; - kfree(pg); + pg->next = tmp_page; + tmp_page = pg; pg = container_of(last_pg, struct ftrace_page, next); if (!(*last_pg)) ftrace_pages = pg; @@ -7200,6 +7202,11 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) clear_func_from_hashes(func); kfree(func); } + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) { + synchronize_rcu(); + ftrace_free_pages(tmp_page); + } } void __init ftrace_free_init_mem(void)

11 months, 1 week

1
0
0 0

[PATCH 6.8.y] sunrpc: use the struct net as the svc proc private

by cel＠kernel.org

From: Josef Bacik <josef(a)toxicpanda.com> [ Upstream commit 418b9687dece5bd763c09b5c27a801a7e3387be9 ] nfsd is the only thing using this helper, and it doesn't use the private currently. When we switch to per-network namespace stats we will need the struct net * in order to get to the nfsd_net. Use the net as the proc private so we can utilize this when we make the switch over. Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- net/sunrpc/stats.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) This pre-requisite is needed for upstream commit 4b14885411f7 ("nfsd: make all of the nfsd stats per-network namespace"). diff --git a/net/sunrpc/stats.c b/net/sunrpc/stats.c index 65fc1297c6df..383860cb1d5b 100644 --- a/net/sunrpc/stats.c +++ b/net/sunrpc/stats.c @@ -314,7 +314,7 @@ EXPORT_SYMBOL_GPL(rpc_proc_unregister); struct proc_dir_entry * svc_proc_register(struct net *net, struct svc_stat *statp, const struct proc_ops *proc_ops) { - return do_register(net, statp->program->pg_name, statp, proc_ops); + return do_register(net, statp->program->pg_name, net, proc_ops); } EXPORT_SYMBOL_GPL(svc_proc_register); -- 2.45.1

11 months, 1 week

2
1
0 0

x86/tsc: Trust initial offset in architectural TSC-adjust MSRs

by Daniel J Blueman

On present kernels, HPET fallback occurs on some 8-16 socket x86 systems due to the TSC adjust architectural MSR not being respected. This was fixed upstream in commit 455f9075f14484f358b3c1d6845b4a438de198a7. Please backport this fix to -stable for 6.9, 6.8, 6.6, 6.1, 5.15, 5.10, 5.4 and 4.19 branches to allow correct TSC operation on existing distros using these kernels. The patch cleanly applies to all of these latest -stable branches. Many thanks, Daniel -- Daniel J Blueman

11 months, 1 week

2
1
0 0

[PATCH v3] kcov, usb: disable interrupts in kcov_remote_start_usb_softirq

by andrey.konovalov＠linux.dev

From: Andrey Konovalov <andreyknvl(a)gmail.com> After commit 8fea0c8fda30 ("usb: core: hcd: Convert from tasklet to BH workqueue"), usb_giveback_urb_bh() runs in the BH workqueue with interrupts enabled. Thus, the remote coverage collection section in usb_giveback_urb_bh()-> __usb_hcd_giveback_urb() might be interrupted, and the interrupt handler might invoke __usb_hcd_giveback_urb() again. This breaks KCOV, as it does not support nested remote coverage collection sections within the same context (neither in task nor in softirq). Update kcov_remote_start/stop_usb_softirq() to disable interrupts for the duration of the coverage collection section to avoid nested sections in the softirq context (in addition to such in the task context, which are already handled). Reported-by: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> Closes: https://lore.kernel.org/linux-usb/0f4d1964-7397-485b-bc48-11c01e2fcbca@I-lo… Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2 Suggested-by: Alan Stern <stern(a)rowland.harvard.edu> Fixes: 8fea0c8fda30 ("usb: core: hcd: Convert from tasklet to BH workqueue") Cc: stable(a)vger.kernel.org Acked-by: Dmitry Vyukov <dvyukov(a)google.com> Signed-off-by: Andrey Konovalov <andreyknvl(a)gmail.com> --- Changes v2->v3: - Cc: stable(a)vger.kernel.org. --- drivers/usb/core/hcd.c | 12 ++++++----- include/linux/kcov.h | 47 ++++++++++++++++++++++++++++++++++-------- 2 files changed, 45 insertions(+), 14 deletions(-) diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c index c0e005670d67..fb1aa0d4fc28 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -1623,6 +1623,7 @@ static void __usb_hcd_giveback_urb(struct urb *urb) struct usb_hcd *hcd = bus_to_hcd(urb->dev->bus); struct usb_anchor *anchor = urb->anchor; int status = urb->unlinked; + unsigned long flags; urb->hcpriv = NULL; if (unlikely((urb->transfer_flags & URB_SHORT_NOT_OK) && @@ -1640,13 +1641,14 @@ static void __usb_hcd_giveback_urb(struct urb *urb) /* pass ownership to the completion handler */ urb->status = status; /* - * This function can be called in task context inside another remote - * coverage collection section, but kcov doesn't support that kind of - * recursion yet. Only collect coverage in softirq context for now. + * Only collect coverage in the softirq context and disable interrupts + * to avoid scenarios with nested remote coverage collection sections + * that KCOV does not support. + * See the comment next to kcov_remote_start_usb_softirq() for details. */ - kcov_remote_start_usb_softirq((u64)urb->dev->bus->busnum); + flags = kcov_remote_start_usb_softirq((u64)urb->dev->bus->busnum); urb->complete(urb); - kcov_remote_stop_softirq(); + kcov_remote_stop_softirq(flags); usb_anchor_resume_wakeups(anchor); atomic_dec(&urb->use_count); diff --git a/include/linux/kcov.h b/include/linux/kcov.h index b851ba415e03..1068a7318d89 100644 --- a/include/linux/kcov.h +++ b/include/linux/kcov.h @@ -55,21 +55,47 @@ static inline void kcov_remote_start_usb(u64 id) /* * The softirq flavor of kcov_remote_*() functions is introduced as a temporary - * work around for kcov's lack of nested remote coverage sections support in - * task context. Adding support for nested sections is tracked in: - * https://bugzilla.kernel.org/show_bug.cgi?id=210337 + * workaround for KCOV's lack of nested remote coverage sections support. + * + * Adding support is tracked in https://bugzilla.kernel.org/show_bug.cgi?id=210337. + * + * kcov_remote_start_usb_softirq(): + * + * 1. Only collects coverage when called in the softirq context. This allows + * avoiding nested remote coverage collection sections in the task context. + * For example, USB/IP calls usb_hcd_giveback_urb() in the task context + * within an existing remote coverage collection section. Thus, KCOV should + * not attempt to start collecting coverage within the coverage collection + * section in __usb_hcd_giveback_urb() in this case. + * + * 2. Disables interrupts for the duration of the coverage collection section. + * This allows avoiding nested remote coverage collection sections in the + * softirq context (a softirq might occur during the execution of a work in + * the BH workqueue, which runs with in_serving_softirq() > 0). + * For example, usb_giveback_urb_bh() runs in the BH workqueue with + * interrupts enabled, so __usb_hcd_giveback_urb() might be interrupted in + * the middle of its remote coverage collection section, and the interrupt + * handler might invoke __usb_hcd_giveback_urb() again. */ -static inline void kcov_remote_start_usb_softirq(u64 id) +static inline unsigned long kcov_remote_start_usb_softirq(u64 id) { - if (in_serving_softirq()) + unsigned long flags = 0; + + if (in_serving_softirq()) { + local_irq_save(flags); kcov_remote_start_usb(id); + } + + return flags; } -static inline void kcov_remote_stop_softirq(void) +static inline void kcov_remote_stop_softirq(unsigned long flags) { - if (in_serving_softirq()) + if (in_serving_softirq()) { kcov_remote_stop(); + local_irq_restore(flags); + } } #ifdef CONFIG_64BIT @@ -103,8 +129,11 @@ static inline u64 kcov_common_handle(void) } static inline void kcov_remote_start_common(u64 id) {} static inline void kcov_remote_start_usb(u64 id) {} -static inline void kcov_remote_start_usb_softirq(u64 id) {} -static inline void kcov_remote_stop_softirq(void) {} +static inline unsigned long kcov_remote_start_usb_softirq(u64 id) +{ + return 0; +} +static inline void kcov_remote_stop_softirq(unsigned long flags) {} #endif /* CONFIG_KCOV */ #endif /* _LINUX_KCOV_H */ -- 2.25.1

11 months, 1 week

1
0
0 0

Re: [regression] nfsstat/nfsd crash system "general protection fault, probably for non-canonical address ..." after 6.8.9->6.8.10 update

by Linux regression tracking (Thorsten Leemhuis)

[CCing Greg and stable and regressions list] Hi, Thorsten here, the Linux kernel's regression tracker. Top-posting for once, to make this easily accessible to everyone. Please correct me if I'm wrong, but since 6.8.10 we afaics have below regression report about a general protection fault as well as two reports about NFSd related NULL pointer dereferences[1] that got some attention[2]. From a quick look I saw no fixes for those queued for the next 6.8.y release. And the series might be EOL soon. Hmmm. That sounds not really good. Is there some easy way to fix this? Chuck, you earlier mentioned (see quote below) that Greg pulled in three changes as dep into 6.8.10 that might be unneeded. Might reverting all three be the best way forward? Ciao, Thorsten [1] https://lore.kernel.org/all/CAK2bqVJoT3yy2m0OmTnqH9EAKkj6O1iTk42EyyMtvvxKh6… and https://lore.kernel.org/all/A8DQDS.ZXN0FMYZ3DIM1@gmail.com/ [2] https://x.com/spendergrsec/status/1793489498443252143 On 24.05.24 20:21, Chuck Lever III wrote: >> On May 24, 2024, at 4:59 AM, Jaroslav Pulchart <jaroslav.pulchart(a)gooddata.com> wrote: >> >>> >>>> >>>> On Wed, May 22, 2024 at 04:36:57AM -0400, Jaroslav Pulchart wrote: >>>>> Hello, >>>>> >>>>> I would like to report some issue causing a "general protection fault" >>>>> crash (constantly) after we updated the kernel from 6.8.9 to 6.8.10. >>>>> This is triggered when monitoring is using nfsstat on a server where >>>>> nfsd is running. >>>>> >>>>> [ 3049.260633] general protection fault, probably for non-canonical >>>>> address 0x66fb103e19e9cc89: 0000 [#1] PREEMPT SMP NOPTI >>>>> [ 3049.261628] CPU: 22 PID: 74991 Comm: nfsstat Tainted: G >>>>> E 6.8.10-1.gdc.el9.x86_64 #1 >>>>> [ 3049.262336] Hardware name: RDO OpenStack Compute/RHEL, BIOS >>>>> edk2-20240214-2.el9 02/14/2024 >>>>> [ 3049.263003] RIP: 0010:_raw_spin_lock_irqsave+0x19/0x40 >>>>> [ 3049.263487] Code: cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 >>>>> 90 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 a6 92 f5 42 31 c0 ba 01 >>>>> 00 00 00 <f0> 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 d0 >>>>> 07 00 >>>>> [ 3049.264882] RSP: 0018:ffffb1bca6b9bd00 EFLAGS: 00010046 >>>>> [ 3049.265365] RAX: 0000000000000000 RBX: 66fb103e19e9c989 RCX: 0000000000000001 >>>>> [ 3049.265953] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 66fb103e19e9cc89 >>>>> [ 3049.266542] RBP: ffffffffc15df280 R08: 0000000000000001 R09: ffffa049a1785cb8 >>>>> [ 3049.267112] R10: ffffb1bca6b9bd70 R11: ffffa04964e49000 R12: 0000000000000246 >>>>> [ 3049.267702] R13: 66fb103e19e9cc89 R14: ffffa048445590a0 R15: 0000000000000001 >>>>> [ 3049.268278] FS: 00007fa3ddf03740(0000) GS:ffffa05703d00000(0000) >>>>> knlGS:0000000000000000 >>>>> [ 3049.268928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >>>>> [ 3049.269443] CR2: 00007fa3dddfca50 CR3: 0000000342d1e004 CR4: 0000000000770ef0 >>>>> [ 3049.270025] PKRU: 55555554 >>>>> [ 3049.270371] Call Trace: >>>>> [ 3049.270723] <TASK> >>>>> [ 3049.271035] ? die_addr+0x33/0x90 >>>>> [ 3049.271423] ? exc_general_protection+0x1ea/0x450 >>>>> [ 3049.271879] ? asm_exc_general_protection+0x22/0x30 >>>>> [ 3049.272344] ? _raw_spin_lock_irqsave+0x19/0x40 >>>>> [ 3049.272803] __percpu_counter_sum+0xd/0x70 >>>>> [ 3049.273219] nfsd_show+0x4f/0x1d0 [nfsd] >>>>> [ 3049.273666] seq_read_iter+0x11d/0x4d0 >>>>> [ 3049.274073] ? avc_has_perm+0x42/0xc0 >>>>> [ 3049.274489] seq_read+0xfe/0x140 >>>>> [ 3049.274866] proc_reg_read+0x56/0xa0 >>>>> [ 3049.275257] vfs_read+0xa7/0x340 >>>>> [ 3049.275647] ? __do_sys_newfstat+0x57/0x60 >>>>> [ 3049.276059] ksys_read+0x5f/0xe0 >>>>> [ 3049.276439] do_syscall_64+0x5e/0x170 >>>>> [ 3049.276836] entry_SYSCALL_64_after_hwframe+0x78/0x80 >>>>> [ 3049.277296] RIP: 0033:0x7fa3ddcfd9b2 >>>>> [ 3049.277719] Code: c0 e9 b2 fe ff ff 50 48 8d 3d ea 1d 0c 00 e8 c5 >>>>> fd 01 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 >>>>> 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 >>>>> 54 24 >>>>> [ 3049.279139] RSP: 002b:00007ffd930672e8 EFLAGS: 00000246 ORIG_RAX: >>>>> 0000000000000000 >>>>> [ 3049.279788] RAX: ffffffffffffffda RBX: 0000555ded47c2a0 RCX: 00007fa3ddcfd9b2 >>>>> [ 3049.280402] RDX: 0000000000000400 RSI: 0000555ded47c480 RDI: 0000000000000003 >>>>> [ 3049.281046] RBP: 00007fa3dddf75e0 R08: 0000000000000003 R09: 0000000000000077 >>>>> [ 3049.281673] R10: 000000000000005d R11: 0000000000000246 R12: 0000555ded47c2a0 >>>>> [ 3049.282307] R13: 0000000000000d68 R14: 00007fa3dddf69e0 R15: 0000000000000d68 >>>>> [ 3049.282928] </TASK> >>>>> [ 3049.283310] Modules linked in: mptcp_diag(E) xsk_diag(E) >>>>> raw_diag(E) unix_diag(E) af_packet_diag(E) netlink_diag(E) udp_diag(E) >>>>> tcp_diag(E) inet_diag(E) tun(E) br_netfilter(E) bridge(E) stp(E) >>>>> llc(E) nfsd(E) auth_rpcgss(E) nfs_acl(E) lockd(E) grace(E) sunrpc(E) >>>>> nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) binfmt_misc(E) >>>>> zram(E) tls(E) isofs(E) vfat(E) fat(E) intel_rapl_msr(E) >>>>> intel_rapl_common(E) kvm_amd(E) ccp(E) kvm(E) irqbypass(E) >>>>> virtio_net(E) i2c_i801(E) virtio_gpu(E) i2c_smbus(E) net_failover(E) >>>>> virtio_balloon(E) failover(E) virtio_dma_buf(E) fuse(E) ext4(E) >>>>> mbcache(E) jbd2(E) sr_mod(E) cdrom(E) sg(E) ahci(E) libahci(E) >>>>> crct10dif_pclmul(E) crc32_pclmul(Ea) polyval_clmulni(E) >>>>> polyval_generic(E) libata(E) ghash_clmulni_intel(E) sha512_ssse3(E) >>>>> virtio_blk(E) serio_raw(E) btrfs(E) xor(E) zstd_compress(E) >>>>> raid6_pq(E) libcrc32c(E) crc32c_intel(E) dm_mirror(E) >>>>> dm_region_hash(E) dm_log(E) dm_mod(E) >>>>> [ 3049.283345] Unloaded tainted modules: edac_mce_amd(E):1 padlock_aes(E) >>>>> >>>>> Any suggestion on how to fix it is appreciated. >>>> >>>> Bisect between v6.8.9 and v6.8.10 would give us the exact point >>>> where the failures were introduced. >>>> >>>> I see that GregKH pulled in: >>>> >>>> 26a0ddb04230 ("nfsd: rename NFSD_NET_* to NFSD_STATS_*") >>>> b7b05f98f3f0 ("nfsd: expose /proc/net/sunrpc/nfsd in net namespaces") >>>> abf5fb593c90 ("nfsd: make all of the nfsd stats per-network namespace") >>>> >>>> for v6.8.10 as a Stable-Dep-of: 18180a4550d0 ("NFSD: Fix nfsd4_encode_fattr4() crasher") >>>> >>>> Which is a little baffling, I don't see how those two change sets >>>> are mechanically related to each other. But I suspect the culprit is >>>> one of those three stat-related patches. >>>> >>>> >>>> -- >>>> Chuck Lever >>> >>> >>> Hello, >>> >>> I run bisecting. It was easy to reproduce, simple execution of >>> "nfsstat" from terminal stuck the server: >>> >>> abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566 is the first bad commit >>> >>> >>> $ git bisect bad >>> abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566 is the first bad commit >>> commit abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566 (HEAD) >>> Author: Josef Bacik <josef(a)toxicpanda.com> >>> Date: Fri Jan 26 10:39:47 2024 -0500 >>> >>> nfsd: make all of the nfsd stats per-network namespace >>> >>> [ Upstream commit 4b14885411f74b2b0ce0eb2b39d0fffe54e5ca0d ] >>> >>> We have a global set of counters that we modify for all of the nfsd >>> operations, but now that we're exposing these stats across all network >>> namespaces we need to make the stats also be per-network namespace. We >>> already have some caching stats that are per-network namespace, so move >>> these definitions into the same counter and then adjust all the helpers >>> and users of these stats to provide the appropriate nfsd_net struct so >>> that the stats are maintained for the per-network namespace objects. >>> >>> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> >>> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> >>> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> >>> Stable-dep-of: 18180a4550d0 ("NFSD: Fix nfsd4_encode_fattr4() crasher") >>> Signed-off-by: Sasha Levin <sashal(a)kernel.org> >>> >>> fs/nfsd/cache.h | 2 -- >>> fs/nfsd/netns.h | 17 +++++++++++++++-- >>> fs/nfsd/nfs4proc.c | 6 +++--- >>> fs/nfsd/nfs4state.c | 3 ++- >>> fs/nfsd/nfscache.c | 36 +++++++----------------------------- >>> fs/nfsd/nfsctl.c | 12 +++--------- >>> fs/nfsd/nfsfh.c | 3 ++- >>> fs/nfsd/stats.c | 26 ++++++++++++++------------ >>> fs/nfsd/stats.h | 54 +++++++++++++++++++----------------------------------- >>> fs/nfsd/vfs.c | 6 ++++-- >>> 10 files changed, 69 insertions(+), 96 deletions(-) >>> >>> $ git bisect log >>> git bisect start >>> # status: waiting for both good and bad commits >>> # good: [f3d61438b613b87afb63118bea6fb18c50ba7a6b] Linux 6.8.9 >>> git bisect good f3d61438b613b87afb63118bea6fb18c50ba7a6b >>> # status: waiting for bad commit, 1 good commit known >>> # bad: [a0c69a570e420e86c7569b8c052913213eef2b45] Linux 6.8.10 >>> git bisect bad a0c69a570e420e86c7569b8c052913213eef2b45 >>> # bad: [4aaed9dbe8acd2b6114458f0498a617283d6275b] hv_netvsc: Don't >>> free decrypted memory >>> git bisect bad 4aaed9dbe8acd2b6114458f0498a617283d6275b >>> # bad: [ee190d04c2f99c8e557b00e997621c04592baed1] net: gro: add flush >>> check in udp_gro_receive_segment >>> git bisect bad ee190d04c2f99c8e557b00e997621c04592baed1 >>> # bad: [781e34b736014188ba9e46a71535237313dcda81] efi/unaccepted: >>> touch soft lockup during memory accept >>> git bisect bad 781e34b736014188ba9e46a71535237313dcda81 >>> # bad: [6a7b07689af6e4e023404bf69b1230f43b2a15bc] NFSD: Fix >>> nfsd4_encode_fattr4() crasher >>> git bisect bad 6a7b07689af6e4e023404bf69b1230f43b2a15bc >>> # good: [e05194baae299f2148ab5f6bab659c6ce8d1f6d3] nfs: expose >>> /proc/net/sunrpc/nfs in net namespaces >>> git bisect good e05194baae299f2148ab5f6bab659c6ce8d1f6d3 >>> # good: [946ab150335d92f852288c1c6b0f0466b5d6e97f] power: supply: >>> mt6360_charger: Fix of_match for usb-otg-vbus regulator >>> git bisect good 946ab150335d92f852288c1c6b0f0466b5d6e97f >>> # good: [b7b05f98f3f06fea3986b46e5c7fe2928676b02d] nfsd: expose >>> /proc/net/sunrpc/nfsd in net namespaces >>> git bisect good b7b05f98f3f06fea3986b46e5c7fe2928676b02d >>> # bad: [0e8003af77879572dbc1df56860cbe2bfa8498f0] NFSD: add support >>> for CB_GETATTR callback >>> git bisect bad 0e8003af77879572dbc1df56860cbe2bfa8498f0 >>> # bad: [abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566] nfsd: make all of >>> the nfsd stats per-network namespace >>> git bisect bad abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566 >>> # first bad commit: [abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566] nfsd: >>> make all of the nfsd stats per-network namespace >> >> I built a full 6.8.10 with reverted single commit >> "abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566". The server does not get >> stuck when calling "nfsstat". > > Good to know, but I don't think it's entirely safe to revert > only that patch -- all three would have to come off. > > I can't seem to get nfsstat to trigger a problem on my > server. > > > -- > Chuck Lever > >

11 months, 1 week

2
2
0 0

[PATCH 1/1] Bluetooth: hci_bcm4377: Convert PCIBIOS_* return codes to errnos

by Ilpo Järvinen

bcm4377_init_cfg() uses pci_{read,write}_config_dword() that return PCIBIOS_* codes. The return codes are returned into the calling bcm4377_probe() which directly returns the error which is of incorrect type (a probe should return normal errnos). Convert PCIBIOS_* returns code using pcibios_err_to_errno() into normal errno before returning it from bcm4377_init_cfg. This conversion is the easiest by adding a label next to return and doing the conversion there once rather than adding pcibios_err_to_errno() into every single return statement. Fixes: 8a06127602de ("Bluetooth: hci_bcm4377: Add new driver for BCM4377 PCIe boards") Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/bluetooth/hci_bcm4377.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/drivers/bluetooth/hci_bcm4377.c b/drivers/bluetooth/hci_bcm4377.c index 0c2f15235b4c..b00240109dc3 100644 --- a/drivers/bluetooth/hci_bcm4377.c +++ b/drivers/bluetooth/hci_bcm4377.c @@ -2134,44 +2134,46 @@ static int bcm4377_init_cfg(struct bcm4377_data *bcm4377) BCM4377_PCIECFG_BAR0_WINDOW1, bcm4377->hw->bar0_window1); if (ret) - return ret; + goto fail; ret = pci_write_config_dword(bcm4377->pdev, BCM4377_PCIECFG_BAR0_WINDOW2, bcm4377->hw->bar0_window2); if (ret) - return ret; + goto fail; ret = pci_write_config_dword( bcm4377->pdev, BCM4377_PCIECFG_BAR0_CORE2_WINDOW1, BCM4377_PCIECFG_BAR0_CORE2_WINDOW1_DEFAULT); if (ret) - return ret; + goto fail; if (bcm4377->hw->has_bar0_core2_window2) { ret = pci_write_config_dword(bcm4377->pdev, BCM4377_PCIECFG_BAR0_CORE2_WINDOW2, bcm4377->hw->bar0_core2_window2); if (ret) - return ret; + goto fail; } ret = pci_write_config_dword(bcm4377->pdev, BCM4377_PCIECFG_BAR2_WINDOW, BCM4377_PCIECFG_BAR2_WINDOW_DEFAULT); if (ret) - return ret; + goto fail; ret = pci_read_config_dword(bcm4377->pdev, BCM4377_PCIECFG_SUBSYSTEM_CTRL, &ctrl); if (ret) - return ret; + goto fail; if (bcm4377->hw->clear_pciecfg_subsystem_ctrl_bit19) ctrl &= ~BIT(19); ctrl |= BIT(16); - return pci_write_config_dword(bcm4377->pdev, - BCM4377_PCIECFG_SUBSYSTEM_CTRL, ctrl); + ret = pci_write_config_dword(bcm4377->pdev, + BCM4377_PCIECFG_SUBSYSTEM_CTRL, ctrl); +fail: + return pcibios_err_to_errno(ret); } static int bcm4377_probe_dmi(struct bcm4377_data *bcm4377) -- 2.39.2

11 months, 1 week

2
1
0 0

[PATCH AUTOSEL 4.19 1/2] powerpc/pseries: Enforce hcall result buffer validity and size

by Sasha Levin

From: Nathan Lynch <nathanl(a)linux.ibm.com> [ Upstream commit ff2e185cf73df480ec69675936c4ee75a445c3e4 ] plpar_hcall(), plpar_hcall9(), and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through comments in the code and the compiler has no idea. For example, if I write a bug like this: long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...); This compiles with no diagnostics emitted, but likely results in stack corruption at runtime when plpar_hcall9() stores results past the end of the array. (To be clear this is a contrived example and I have not found a real instance yet.) To make this class of error less likely, we can use explicitly-sized array parameters instead of pointers in the declarations for the hcall APIs. When compiled with -Warray-bounds[1], the code above now provokes a diagnostic like this: error: array argument is too small; is of size 32, callee requires at least 72 [-Werror,-Warray-bounds] 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, | ^ ~~~~~~ [1] Enabled for LLVM builds but not GCC for now. See commit 0da6e5fd6c37 ("gcc: disable '-Warray-bounds' for gcc-13 too") and related changes. Signed-off-by: Nathan Lynch <nathanl(a)linux.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240408-pseries-hvcall-retbuf-v1-1-ebc73d7253cf@linux.i… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/powerpc/include/asm/hvcall.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h index a0b17f9f1ea4e..8347f57e1c6a3 100644 --- a/arch/powerpc/include/asm/hvcall.h +++ b/arch/powerpc/include/asm/hvcall.h @@ -383,7 +383,7 @@ long plpar_hcall_norets(unsigned long opcode, ...); * Used for all but the craziest of phyp interfaces (see plpar_hcall9) */ #define PLPAR_HCALL_BUFSIZE 4 -long plpar_hcall(unsigned long opcode, unsigned long *retbuf, ...); +long plpar_hcall(unsigned long opcode, unsigned long retbuf[static PLPAR_HCALL_BUFSIZE], ...); /** * plpar_hcall_raw: - Make a hypervisor call without calculating hcall stats @@ -397,7 +397,7 @@ long plpar_hcall(unsigned long opcode, unsigned long *retbuf, ...); * plpar_hcall, but plpar_hcall_raw works in real mode and does not * calculate hypervisor call statistics. */ -long plpar_hcall_raw(unsigned long opcode, unsigned long *retbuf, ...); +long plpar_hcall_raw(unsigned long opcode, unsigned long retbuf[static PLPAR_HCALL_BUFSIZE], ...); /** * plpar_hcall9: - Make a pseries hypervisor call with up to 9 return arguments @@ -408,8 +408,8 @@ long plpar_hcall_raw(unsigned long opcode, unsigned long *retbuf, ...); * PLPAR_HCALL9_BUFSIZE to size the return argument buffer. */ #define PLPAR_HCALL9_BUFSIZE 9 -long plpar_hcall9(unsigned long opcode, unsigned long *retbuf, ...); -long plpar_hcall9_raw(unsigned long opcode, unsigned long *retbuf, ...); +long plpar_hcall9(unsigned long opcode, unsigned long retbuf[static PLPAR_HCALL9_BUFSIZE], ...); +long plpar_hcall9_raw(unsigned long opcode, unsigned long retbuf[static PLPAR_HCALL9_BUFSIZE], ...); struct hvcall_mpp_data { unsigned long entitled_mem; -- 2.43.0

11 months, 1 week

1
1
0 0

[PATCH AUTOSEL 5.4 1/3] media: lgdt3306a: Add a check against null-pointer-def

by Sasha Levin

From: Zheyu Ma <zheyuma97(a)gmail.com> [ Upstream commit c1115ddbda9c930fba0fdd062e7a8873ebaf898d ] The driver should check whether the client provides the platform_data. The following log reveals it: [ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40 [ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414 [ 29.612820] Call Trace: [ 29.613030] <TASK> [ 29.613201] dump_stack_lvl+0x56/0x6f [ 29.613496] ? kmemdup+0x30/0x40 [ 29.613754] print_report.cold+0x494/0x6b7 [ 29.614082] ? kmemdup+0x30/0x40 [ 29.614340] kasan_report+0x8a/0x190 [ 29.614628] ? kmemdup+0x30/0x40 [ 29.614888] kasan_check_range+0x14d/0x1d0 [ 29.615213] memcpy+0x20/0x60 [ 29.615454] kmemdup+0x30/0x40 [ 29.615700] lgdt3306a_probe+0x52/0x310 [ 29.616339] i2c_device_probe+0x951/0xa90 Link: https://lore.kernel.org/linux-media/20220405095018.3993578-1-zheyuma97@gmai… Signed-off-by: Zheyu Ma <zheyuma97(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/media/dvb-frontends/lgdt3306a.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/media/dvb-frontends/lgdt3306a.c b/drivers/media/dvb-frontends/lgdt3306a.c index 0e7d97e7b0f50..a4d881c721b82 100644 --- a/drivers/media/dvb-frontends/lgdt3306a.c +++ b/drivers/media/dvb-frontends/lgdt3306a.c @@ -2199,6 +2199,11 @@ static int lgdt3306a_probe(struct i2c_client *client, struct dvb_frontend *fe; int ret; + if (!client->dev.platform_data) { + dev_err(&client->dev, "platform data is mandatory\n"); + return -EINVAL; + } + config = kmemdup(client->dev.platform_data, sizeof(struct lgdt3306a_config), GFP_KERNEL); if (config == NULL) { -- 2.43.0

11 months, 1 week

1
2
0 0

[PATCH AUTOSEL 5.15 1/6] drm/amd/display: Exit idle optimizations before HDCP execution

by Sasha Levin

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [ Upstream commit f30a3bea92bdab398531129d187629fb1d28f598 ] [WHY] PSP can access DCN registers during command submission and we need to ensure that DCN is not in PG before doing so. [HOW] Add a callback to DM to lock and notify DC for idle optimization exit. It can't be DC directly because of a potential race condition with the link protection thread and the rest of DM operation. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c | 10 ++++++++++ drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c index 3e81850a7ffe3..47bb973669d85 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c @@ -88,6 +88,14 @@ static uint8_t is_cp_desired_hdcp2(struct mod_hdcp *hdcp) !hdcp->connection.is_hdcp2_revoked; } +static void exit_idle_optimizations(struct mod_hdcp *hdcp) +{ + struct mod_hdcp_dm *dm = &hdcp->config.dm; + + if (dm->funcs.exit_idle_optimizations) + dm->funcs.exit_idle_optimizations(dm->handle); +} + static enum mod_hdcp_status execution(struct mod_hdcp *hdcp, struct mod_hdcp_event_context *event_ctx, union mod_hdcp_transition_input *input) @@ -507,6 +515,8 @@ enum mod_hdcp_status mod_hdcp_process_event(struct mod_hdcp *hdcp, memset(&event_ctx, 0, sizeof(struct mod_hdcp_event_context)); event_ctx.event = event; + exit_idle_optimizations(hdcp); + /* execute and transition */ exec_status = execution(hdcp, &event_ctx, &hdcp->auth.trans_input); trans_status = transition( diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h index f37101f5a7777..8a620c34396c7 100644 --- a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h +++ b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h @@ -154,6 +154,13 @@ struct mod_hdcp_ddc { } funcs; }; +struct mod_hdcp_dm { + void *handle; + struct { + void (*exit_idle_optimizations)(void *handle); + } funcs; +}; + struct mod_hdcp_psp { void *handle; void *funcs; @@ -269,6 +276,7 @@ struct mod_hdcp_display_query { struct mod_hdcp_config { struct mod_hdcp_psp psp; struct mod_hdcp_ddc ddc; + struct mod_hdcp_dm dm; uint8_t index; }; -- 2.43.0

11 months, 1 week

1
5
0 0

[PATCH AUTOSEL 6.1 01/11] drm/amd/display: Exit idle optimizations before HDCP execution

by Sasha Levin

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [ Upstream commit f30a3bea92bdab398531129d187629fb1d28f598 ] [WHY] PSP can access DCN registers during command submission and we need to ensure that DCN is not in PG before doing so. [HOW] Add a callback to DM to lock and notify DC for idle optimization exit. It can't be DC directly because of a potential race condition with the link protection thread and the rest of DM operation. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c | 10 ++++++++++ drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c index 5e01c6e24cbc8..9a5a1726acaf8 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c @@ -88,6 +88,14 @@ static uint8_t is_cp_desired_hdcp2(struct mod_hdcp *hdcp) !hdcp->connection.is_hdcp2_revoked; } +static void exit_idle_optimizations(struct mod_hdcp *hdcp) +{ + struct mod_hdcp_dm *dm = &hdcp->config.dm; + + if (dm->funcs.exit_idle_optimizations) + dm->funcs.exit_idle_optimizations(dm->handle); +} + static enum mod_hdcp_status execution(struct mod_hdcp *hdcp, struct mod_hdcp_event_context *event_ctx, union mod_hdcp_transition_input *input) @@ -543,6 +551,8 @@ enum mod_hdcp_status mod_hdcp_process_event(struct mod_hdcp *hdcp, memset(&event_ctx, 0, sizeof(struct mod_hdcp_event_context)); event_ctx.event = event; + exit_idle_optimizations(hdcp); + /* execute and transition */ exec_status = execution(hdcp, &event_ctx, &hdcp->auth.trans_input); trans_status = transition( diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h index 3348bb97ef81a..dfa8168e51890 100644 --- a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h +++ b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h @@ -155,6 +155,13 @@ struct mod_hdcp_ddc { } funcs; }; +struct mod_hdcp_dm { + void *handle; + struct { + void (*exit_idle_optimizations)(void *handle); + } funcs; +}; + struct mod_hdcp_psp { void *handle; void *funcs; @@ -271,6 +278,7 @@ struct mod_hdcp_display_query { struct mod_hdcp_config { struct mod_hdcp_psp psp; struct mod_hdcp_ddc ddc; + struct mod_hdcp_dm dm; uint8_t index; }; -- 2.43.0

11 months, 1 week

1
10
0 0

[PATCH AUTOSEL 6.6 01/16] drm/amd/display: Exit idle optimizations before HDCP execution

by Sasha Levin

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [ Upstream commit f30a3bea92bdab398531129d187629fb1d28f598 ] [WHY] PSP can access DCN registers during command submission and we need to ensure that DCN is not in PG before doing so. [HOW] Add a callback to DM to lock and notify DC for idle optimization exit. It can't be DC directly because of a potential race condition with the link protection thread and the rest of DM operation. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c | 10 ++++++++++ drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c index 5e01c6e24cbc8..9a5a1726acaf8 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c @@ -88,6 +88,14 @@ static uint8_t is_cp_desired_hdcp2(struct mod_hdcp *hdcp) !hdcp->connection.is_hdcp2_revoked; } +static void exit_idle_optimizations(struct mod_hdcp *hdcp) +{ + struct mod_hdcp_dm *dm = &hdcp->config.dm; + + if (dm->funcs.exit_idle_optimizations) + dm->funcs.exit_idle_optimizations(dm->handle); +} + static enum mod_hdcp_status execution(struct mod_hdcp *hdcp, struct mod_hdcp_event_context *event_ctx, union mod_hdcp_transition_input *input) @@ -543,6 +551,8 @@ enum mod_hdcp_status mod_hdcp_process_event(struct mod_hdcp *hdcp, memset(&event_ctx, 0, sizeof(struct mod_hdcp_event_context)); event_ctx.event = event; + exit_idle_optimizations(hdcp); + /* execute and transition */ exec_status = execution(hdcp, &event_ctx, &hdcp->auth.trans_input); trans_status = transition( diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h index a4d344a4db9e1..cdb17b093f2b8 100644 --- a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h +++ b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h @@ -156,6 +156,13 @@ struct mod_hdcp_ddc { } funcs; }; +struct mod_hdcp_dm { + void *handle; + struct { + void (*exit_idle_optimizations)(void *handle); + } funcs; +}; + struct mod_hdcp_psp { void *handle; void *funcs; @@ -272,6 +279,7 @@ struct mod_hdcp_display_query { struct mod_hdcp_config { struct mod_hdcp_psp psp; struct mod_hdcp_ddc ddc; + struct mod_hdcp_dm dm; uint8_t index; }; -- 2.43.0

11 months, 1 week

1
15
0 0

[PATCH AUTOSEL 6.8 01/20] drm/amd/display: Exit idle optimizations before HDCP execution

by Sasha Levin

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [ Upstream commit f30a3bea92bdab398531129d187629fb1d28f598 ] [WHY] PSP can access DCN registers during command submission and we need to ensure that DCN is not in PG before doing so. [HOW] Add a callback to DM to lock and notify DC for idle optimization exit. It can't be DC directly because of a potential race condition with the link protection thread and the rest of DM operation. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c | 10 ++++++++++ drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c index 5e01c6e24cbc8..9a5a1726acaf8 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c @@ -88,6 +88,14 @@ static uint8_t is_cp_desired_hdcp2(struct mod_hdcp *hdcp) !hdcp->connection.is_hdcp2_revoked; } +static void exit_idle_optimizations(struct mod_hdcp *hdcp) +{ + struct mod_hdcp_dm *dm = &hdcp->config.dm; + + if (dm->funcs.exit_idle_optimizations) + dm->funcs.exit_idle_optimizations(dm->handle); +} + static enum mod_hdcp_status execution(struct mod_hdcp *hdcp, struct mod_hdcp_event_context *event_ctx, union mod_hdcp_transition_input *input) @@ -543,6 +551,8 @@ enum mod_hdcp_status mod_hdcp_process_event(struct mod_hdcp *hdcp, memset(&event_ctx, 0, sizeof(struct mod_hdcp_event_context)); event_ctx.event = event; + exit_idle_optimizations(hdcp); + /* execute and transition */ exec_status = execution(hdcp, &event_ctx, &hdcp->auth.trans_input); trans_status = transition( diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h index a4d344a4db9e1..cdb17b093f2b8 100644 --- a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h +++ b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h @@ -156,6 +156,13 @@ struct mod_hdcp_ddc { } funcs; }; +struct mod_hdcp_dm { + void *handle; + struct { + void (*exit_idle_optimizations)(void *handle); + } funcs; +}; + struct mod_hdcp_psp { void *handle; void *funcs; @@ -272,6 +279,7 @@ struct mod_hdcp_display_query { struct mod_hdcp_config { struct mod_hdcp_psp psp; struct mod_hdcp_ddc ddc; + struct mod_hdcp_dm dm; uint8_t index; }; -- 2.43.0

11 months, 1 week

1
19
0 0

[PATCH v2] dma-buf: handle testing kthreads creation failure

by Fedor Pchelkin

kthread creation may possibly fail inside race_signal_callback(). In such a case stop the already started threads, put the already taken references to them and return with error code. Found by Linux Verification Center (linuxtesting.org). Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- v2: use kthread_stop_put() to actually put the last reference as T.J. Mercier noticed; link to v1: https://lore.kernel.org/lkml/20240522122326.696928-1-pchelkin@ispras.ru/ drivers/dma-buf/st-dma-fence.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c index b7c6f7ea9e0c..6a1bfcd0cc21 100644 --- a/drivers/dma-buf/st-dma-fence.c +++ b/drivers/dma-buf/st-dma-fence.c @@ -540,6 +540,12 @@ static int race_signal_callback(void *arg) t[i].before = pass; t[i].task = kthread_run(thread_signal_callback, &t[i], "dma-fence:%d", i); + if (IS_ERR(t[i].task)) { + ret = PTR_ERR(t[i].task); + while (--i >= 0) + kthread_stop_put(t[i].task); + return ret; + } get_task_struct(t[i].task); } -- 2.39.2

11 months, 1 week

3
2
0 0

[PATCH AUTOSEL 6.8 01/30] ssb: Fix potential NULL pointer dereference in ssb_device_uevent()

by Sasha Levin

From: Rand Deeb <rand.sec96(a)gmail.com> [ Upstream commit 789c17185fb0f39560496c2beab9b57ce1d0cbe7 ] The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before performing the NULL check, potentially leading to a NULL pointer dereference if 'dev' is NULL. To fix this issue, move the NULL check before dereferencing the 'dev' pointer, ensuring that the pointer is valid before attempting to use it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Rand Deeb <rand.sec96(a)gmail.com> Signed-off-by: Kalle Valo <kvalo(a)kernel.org> Link: https://msgid.link/20240306123028.164155-1-rand.sec96@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/ssb/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c index b9934b9c2d708..070a99a4180cc 100644 --- a/drivers/ssb/main.c +++ b/drivers/ssb/main.c @@ -341,11 +341,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) static int ssb_device_uevent(const struct device *dev, struct kobj_uevent_env *env) { - const struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); + const struct ssb_device *ssb_dev; if (!dev) return -ENODEV; + ssb_dev = dev_to_ssb_dev(dev); + return add_uevent_var(env, "MODALIAS=ssb:v%04Xid%04Xrev%02X", ssb_dev->id.vendor, ssb_dev->id.coreid, -- 2.43.0

11 months, 1 week

2
30
0 0

[PATCH AUTOSEL 6.6 01/21] ssb: Fix potential NULL pointer dereference in ssb_device_uevent()

by Sasha Levin

From: Rand Deeb <rand.sec96(a)gmail.com> [ Upstream commit 789c17185fb0f39560496c2beab9b57ce1d0cbe7 ] The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before performing the NULL check, potentially leading to a NULL pointer dereference if 'dev' is NULL. To fix this issue, move the NULL check before dereferencing the 'dev' pointer, ensuring that the pointer is valid before attempting to use it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Rand Deeb <rand.sec96(a)gmail.com> Signed-off-by: Kalle Valo <kvalo(a)kernel.org> Link: https://msgid.link/20240306123028.164155-1-rand.sec96@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/ssb/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c index ab080cf26c9ff..0c736d51566dc 100644 --- a/drivers/ssb/main.c +++ b/drivers/ssb/main.c @@ -341,11 +341,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) static int ssb_device_uevent(const struct device *dev, struct kobj_uevent_env *env) { - const struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); + const struct ssb_device *ssb_dev; if (!dev) return -ENODEV; + ssb_dev = dev_to_ssb_dev(dev); + return add_uevent_var(env, "MODALIAS=ssb:v%04Xid%04Xrev%02X", ssb_dev->id.vendor, ssb_dev->id.coreid, -- 2.43.0

11 months, 1 week

2
21
0 0

[PATCH AUTOSEL 6.1 01/17] selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh

by Sasha Levin

From: "Alessandro Carminati (Red Hat)" <alessandro.carminati(a)gmail.com> [ Upstream commit f803bcf9208a2540acb4c32bdc3616673169f490 ] In some systems, the netcat server can incur in delay to start listening. When this happens, the test can randomly fail in various points. This is an example error message: # ip gre none gso # encap 192.168.1.1 to 192.168.1.2, type gre, mac none len 2000 # test basic connectivity # Ncat: Connection refused. The issue stems from a race condition between the netcat client and server. The test author had addressed this problem by implementing a sleep, which I have removed in this patch. This patch introduces a function capable of sleeping for up to two seconds. However, it can terminate the waiting period early if the port is reported to be listening. Signed-off-by: Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240314105911.213411-1-alessandro.carminati@gm… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 334bdfeab9403..365a2c7a89bad 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -72,7 +72,6 @@ cleanup() { server_listen() { ip netns exec "${ns2}" nc "${netcat_opt}" -l "${port}" > "${outfile}" & server_pid=$! - sleep 0.2 } client_connect() { @@ -93,6 +92,16 @@ verify_data() { fi } +wait_for_port() { + for i in $(seq 20); do + if ip netns exec "${ns2}" ss ${2:--4}OHntl | grep -q "$1"; then + return 0 + fi + sleep 0.1 + done + return 1 +} + set -e # no arguments: automated test, run all @@ -190,6 +199,7 @@ setup # basic communication works echo "test basic connectivity" server_listen +wait_for_port ${port} ${netcat_opt} client_connect verify_data @@ -201,6 +211,7 @@ ip netns exec "${ns1}" tc filter add dev veth1 egress \ section "encap_${tuntype}_${mac}" echo "test bpf encap without decap (expect failure)" server_listen +wait_for_port ${port} ${netcat_opt} ! client_connect if [[ "$tuntype" =~ "udp" ]]; then -- 2.43.0

11 months, 1 week

2
17
0 0

[PATCH AUTOSEL 5.15 01/13] selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh

by Sasha Levin

From: "Alessandro Carminati (Red Hat)" <alessandro.carminati(a)gmail.com> [ Upstream commit f803bcf9208a2540acb4c32bdc3616673169f490 ] In some systems, the netcat server can incur in delay to start listening. When this happens, the test can randomly fail in various points. This is an example error message: # ip gre none gso # encap 192.168.1.1 to 192.168.1.2, type gre, mac none len 2000 # test basic connectivity # Ncat: Connection refused. The issue stems from a race condition between the netcat client and server. The test author had addressed this problem by implementing a sleep, which I have removed in this patch. This patch introduces a function capable of sleeping for up to two seconds. However, it can terminate the waiting period early if the port is reported to be listening. Signed-off-by: Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240314105911.213411-1-alessandro.carminati@gm… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 088fcad138c98..38c6e9f16f41e 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -71,7 +71,6 @@ cleanup() { server_listen() { ip netns exec "${ns2}" nc "${netcat_opt}" -l "${port}" > "${outfile}" & server_pid=$! - sleep 0.2 } client_connect() { @@ -92,6 +91,16 @@ verify_data() { fi } +wait_for_port() { + for i in $(seq 20); do + if ip netns exec "${ns2}" ss ${2:--4}OHntl | grep -q "$1"; then + return 0 + fi + sleep 0.1 + done + return 1 +} + set -e # no arguments: automated test, run all @@ -189,6 +198,7 @@ setup # basic communication works echo "test basic connectivity" server_listen +wait_for_port ${port} ${netcat_opt} client_connect verify_data @@ -200,6 +210,7 @@ ip netns exec "${ns1}" tc filter add dev veth1 egress \ section "encap_${tuntype}_${mac}" echo "test bpf encap without decap (expect failure)" server_listen +wait_for_port ${port} ${netcat_opt} ! client_connect if [[ "$tuntype" =~ "udp" ]]; then -- 2.43.0

11 months, 1 week

2
13
0 0

[PATCH AUTOSEL 5.10 01/13] selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh

by Sasha Levin

From: "Alessandro Carminati (Red Hat)" <alessandro.carminati(a)gmail.com> [ Upstream commit f803bcf9208a2540acb4c32bdc3616673169f490 ] In some systems, the netcat server can incur in delay to start listening. When this happens, the test can randomly fail in various points. This is an example error message: # ip gre none gso # encap 192.168.1.1 to 192.168.1.2, type gre, mac none len 2000 # test basic connectivity # Ncat: Connection refused. The issue stems from a race condition between the netcat client and server. The test author had addressed this problem by implementing a sleep, which I have removed in this patch. This patch introduces a function capable of sleeping for up to two seconds. However, it can terminate the waiting period early if the port is reported to be listening. Signed-off-by: Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240314105911.213411-1-alessandro.carminati@gm… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 7c76b841b17bb..21bde60c95230 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -71,7 +71,6 @@ cleanup() { server_listen() { ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" > "${outfile}" & server_pid=$! - sleep 0.2 } client_connect() { @@ -92,6 +91,16 @@ verify_data() { fi } +wait_for_port() { + for i in $(seq 20); do + if ip netns exec "${ns2}" ss ${2:--4}OHntl | grep -q "$1"; then + return 0 + fi + sleep 0.1 + done + return 1 +} + set -e # no arguments: automated test, run all @@ -183,6 +192,7 @@ setup # basic communication works echo "test basic connectivity" server_listen +wait_for_port ${port} ${netcat_opt} client_connect verify_data @@ -194,6 +204,7 @@ ip netns exec "${ns1}" tc filter add dev veth1 egress \ section "encap_${tuntype}_${mac}" echo "test bpf encap without decap (expect failure)" server_listen +wait_for_port ${port} ${netcat_opt} ! client_connect if [[ "$tuntype" =~ "udp" ]]; then -- 2.43.0

11 months, 1 week

2
13
0 0

[PATCH AUTOSEL 4.19 1/3] batman-adv: bypass empty buckets in batadv_purge_orig_ref()

by Sasha Levin

From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 40dc8ab605894acae1473e434944924a22cfaaa0 ] Many syzbot reports are pointing to soft lockups in batadv_purge_orig_ref() [1] Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting reports. [1] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621] Modules linked in: irq event stamp: 6182794 hardirqs last enabled at (6182793): [<ffff8000801dae10>] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 hardirqs last disabled at (6182794): [<ffff80008ad66a78>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (6182794): [<ffff80008ad66a78>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (6182792): [<ffff80008aab71c4>] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (6182792): [<ffff80008aab71c4>] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 softirqs last disabled at (6182790): [<ffff80008aab61dc>] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (6182790): [<ffff80008aab61dc>] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271 CPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_purge_orig pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline] pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388 lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 sp : ffff800099007970 x29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000 x26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001 x23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4 x20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0 x17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001 x14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline] __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300 process_one_work+0x694/0x1204 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51 lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103 sp : ffff800093a17d30 x29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4 x26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002 x23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000 x20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396 x17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001 x14: 1fffe00036805f10 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000001 x10: 0000000000000003 x9 : 0000000000000000 x8 : 00000000000ce8d1 x7 : ffff8000804609e4 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008ad6aac0 x2 : 0000000000000000 x1 : ffff80008aedea60 x0 : ffff800125436000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:49 cpuidle_idle_call kernel/sched/idle.c:170 [inline] do_idle+0x1f0/0x4e8 kernel/sched/idle.c:312 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:410 secondary_start_kernel+0x198/0x1c0 arch/arm64/kernel/smp.c:272 __secondary_switched+0xb8/0xbc arch/arm64/kernel/head.S:404 Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/batman-adv/originator.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c index 1d295da3e342b..c1ad1ae21eeac 100644 --- a/net/batman-adv/originator.c +++ b/net/batman-adv/originator.c @@ -1358,6 +1358,8 @@ void batadv_purge_orig_ref(struct batadv_priv *bat_priv) /* for all origins... */ for (i = 0; i < hash->size; i++) { head = &hash->table[i]; + if (hlist_empty(head)) + continue; list_lock = &hash->list_locks[i]; spin_lock_bh(list_lock); -- 2.43.0

11 months, 1 week

2
3
0 0

[PATCH v3] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap [1]. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. [1] https://github.com/the-tcpdump-group/libpcap/issues/1105 Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..82b36e90d73b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1011,6 +1011,10 @@ static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(pkc->skb->protocol)) { + ppd->hv1.tp_vlan_tci = ntohs(vlan_eth_hdr(pkc->skb)->h_vlan_TCI); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2432,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + h.h2->tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2465,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3491,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3549,10 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + aux.tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.40.1

11 months, 1 week

2
1
0 0

[PATCH AUTOSEL 5.4 1/6] selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh

by Sasha Levin

From: "Alessandro Carminati (Red Hat)" <alessandro.carminati(a)gmail.com> [ Upstream commit f803bcf9208a2540acb4c32bdc3616673169f490 ] In some systems, the netcat server can incur in delay to start listening. When this happens, the test can randomly fail in various points. This is an example error message: # ip gre none gso # encap 192.168.1.1 to 192.168.1.2, type gre, mac none len 2000 # test basic connectivity # Ncat: Connection refused. The issue stems from a race condition between the netcat client and server. The test author had addressed this problem by implementing a sleep, which I have removed in this patch. This patch introduces a function capable of sleeping for up to two seconds. However, it can terminate the waiting period early if the port is reported to be listening. Signed-off-by: Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240314105911.213411-1-alessandro.carminati@gm… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 7c76b841b17bb..21bde60c95230 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -71,7 +71,6 @@ cleanup() { server_listen() { ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" > "${outfile}" & server_pid=$! - sleep 0.2 } client_connect() { @@ -92,6 +91,16 @@ verify_data() { fi } +wait_for_port() { + for i in $(seq 20); do + if ip netns exec "${ns2}" ss ${2:--4}OHntl | grep -q "$1"; then + return 0 + fi + sleep 0.1 + done + return 1 +} + set -e # no arguments: automated test, run all @@ -183,6 +192,7 @@ setup # basic communication works echo "test basic connectivity" server_listen +wait_for_port ${port} ${netcat_opt} client_connect verify_data @@ -194,6 +204,7 @@ ip netns exec "${ns1}" tc filter add dev veth1 egress \ section "encap_${tuntype}_${mac}" echo "test bpf encap without decap (expect failure)" server_listen +wait_for_port ${port} ${netcat_opt} ! client_connect if [[ "$tuntype" =~ "udp" ]]; then -- 2.43.0

11 months, 1 week

2
6
0 0

[PATCH 1/1] intel_th: pci: Convert PCIBIOS_* return codes to errnos

by Ilpo Järvinen

intel_th_pci_activate() uses pci_{read,write}_config_dword() that return PCIBIOS_* codes. The value is returned as is to the caller. The non-errno return value is returned all the way to active_store() which then returns the value like it is an error. PCIBIOS_* return codes, however, are positive (0x8X) so the return value of the store function is treated as the length consumed from the write buffer which can confuse the userspace writer. Convert PCIBIOS_* returns code using pcibios_err_to_errno() into normal errno before returning it from intel_th_pci_activate(). Fixes: a0e7df335afd ("intel_th: Perform time resync on capture start") Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/hwtracing/intel_th/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hwtracing/intel_th/pci.c b/drivers/hwtracing/intel_th/pci.c index 147d338c191e..40e2c922fbe7 100644 --- a/drivers/hwtracing/intel_th/pci.c +++ b/drivers/hwtracing/intel_th/pci.c @@ -46,7 +46,7 @@ static int intel_th_pci_activate(struct intel_th *th) if (err) dev_err(&pdev->dev, "failed to read NPKDSC register\n"); - return err; + return pcibios_err_to_errno(err); } static void intel_th_pci_deactivate(struct intel_th *th) -- 2.39.2

11 months, 1 week

1
0
0 0

[PATCH] drm/dp_mst: Fix all mstb marked as not probed after suspend/resume

by Wayne Lin

[Why] After supend/resume, with topology unchanged, observe that link_address_sent of all mstb are marked as false even the topology probing is done without any error. It is caused by wrongly also include "ret == 0" case as a probing failure case. [How] Remove inappropriate checking conditions. Cc: Lyude Paul <lyude(a)redhat.com> Cc: Harry Wentland <hwentlan(a)amd.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 37dfdc55ffeb ("drm/dp_mst: Cleanup drm_dp_send_link_address() a bit") Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> --- drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c index 7f8e1cfbe19d..68831f4e502a 100644 --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c @@ -2929,7 +2929,7 @@ static int drm_dp_send_link_address(struct drm_dp_mst_topology_mgr *mgr, /* FIXME: Actually do some real error handling here */ ret = drm_dp_mst_wait_tx_reply(mstb, txmsg); - if (ret <= 0) { + if (ret < 0) { drm_err(mgr->dev, "Sending link address failed with %d\n", ret); goto out; } @@ -2981,7 +2981,7 @@ static int drm_dp_send_link_address(struct drm_dp_mst_topology_mgr *mgr, mutex_unlock(&mgr->lock); out: - if (ret <= 0) + if (ret < 0) mstb->link_address_sent = false; kfree(txmsg); return ret < 0 ? ret : changed; -- 2.37.3

11 months, 1 week

1
0
0 0

[PATCH] mtd: rawnand: Ensure ECC configuration is propagated to upper layers

by Miquel Raynal

Until recently the "upper layer" was MTD. But following incremental reworks to bring spi-nand support and more recently generic ECC support, there is now an intermediate "generic NAND" layer that also needs to get access to some values. When using "converted" ECC engines, like the software ones, these values are already propagated correctly. But otherwise when using good old raw NAND controller drivers, we need to manually set these values ourselves at the end of the "scan" operation, once these values have been negotiated. Without this propagation, later (generic) checks like the one warning users that the ECC strength is not high enough might simply no longer work. Fixes: 8c126720fe10 ("mtd: rawnand: Use the ECC framework nand_ecc_is_strong_enough() helper") Cc: stable(a)vger.kernel.org Reported-by: Sascha Hauer <s.hauer(a)pengutronix.de> Closes: https://lore.kernel.org/all/Zhe2JtvvN1M4Ompw@pengutronix.de/ Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- Hello Sascha, this is only compile tested, would you mind checking if that fixes your setup? Thanks, Miquèl drivers/mtd/nand/raw/nand_base.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index d7dbbd469b89..acd137dd0957 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -6301,6 +6301,7 @@ static const struct nand_ops rawnand_ops = { static int nand_scan_tail(struct nand_chip *chip) { struct mtd_info *mtd = nand_to_mtd(chip); + struct nand_device *base = &chip->base; struct nand_ecc_ctrl *ecc = &chip->ecc; int ret, i; @@ -6445,9 +6446,13 @@ static int nand_scan_tail(struct nand_chip *chip) if (!ecc->write_oob_raw) ecc->write_oob_raw = ecc->write_oob; - /* propagate ecc info to mtd_info */ + /* Propagate ECC info to the generic NAND and MTD layers */ mtd->ecc_strength = ecc->strength; + if (!base->ecc.ctx.conf.strength) + base->ecc.ctx.conf.strength = ecc->strength; mtd->ecc_step_size = ecc->size; + if (!base->ecc.ctx.conf.step_size) + base->ecc.ctx.conf.step_size = ecc->size; /* * Set the number of read / write steps for one page depending on ECC @@ -6455,6 +6460,8 @@ static int nand_scan_tail(struct nand_chip *chip) */ if (!ecc->steps) ecc->steps = mtd->writesize / ecc->size; + if (!base->ecc.ctx.nsteps) + base->ecc.ctx.nsteps = ecc->steps; if (ecc->steps * ecc->size != mtd->writesize) { WARN(1, "Invalid ECC parameters\n"); ret = -EINVAL; -- 2.40.1

11 months, 1 week

2
2
0 0

[PATCH v2 1/2] mtd: rawnand: Fix the nand_read_data_op() early check

by Miquel Raynal

The nand_read_data_op() operation, which only consists in DATA_IN cycles, is sadly not supported by all controllers despite being very basic. The core, for some time, supposed all drivers would support it. An improvement to this situation for supporting more constrained controller added a check to verify if the operation was supported before attempting it by running the function with the check_only boolean set first, and then possibly falling back to another (possibly slightly less optimized) alternative. An even newer addition moved that check very early and probe time, in order to perform the check only once. The content of the operation was not so important, as long as the controller driver would tell whether such operation on the NAND bus would be possible or not. In practice, no buffer was provided (no fake buffer or whatever) as it is anyway not relevant for the "check_only" condition. Unfortunately, early in the function, there is an if statement verifying that the input parameters are right for normal use, making the early check always unsuccessful. Fixes: 9f820fc0651c ("mtd: rawnand: Check the data only read pattern only once") Cc: stable(a)vger.kernel.org Reported-by: Alexander Dahl <ada(a)thorsis.com> Closes: https://lore.kernel.org/linux-mtd/20240306-shaky-bunion-d28b65ea97d7@thorsi… Reported-by: Steven Seeger <steven.seeger(a)flightsystems.net> Closes: https://lore.kernel.org/linux-mtd/DM6PR05MB4506554457CF95191A670BDEF7062@DM… Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Reviewed-by: Alexander Dahl <ada(a)thorsis.com> --- drivers/mtd/nand/raw/nand_base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index acd137dd0957..248e654ecefd 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -2173,7 +2173,7 @@ EXPORT_SYMBOL_GPL(nand_reset_op); int nand_read_data_op(struct nand_chip *chip, void *buf, unsigned int len, bool force_8bit, bool check_only) { - if (!len || !buf) + if (!len || (!check_only && !buf)) return -EINVAL; if (nand_has_exec_op(chip)) { -- 2.40.1

11 months, 1 week

1
1
0 0

[PATCH v2 2/2] mtd: rawnand: Bypass a couple of sanity checks during NAND identification

by Miquel Raynal

Early during NAND identification, mtd_info fields have not yet been initialized (namely, writesize and oobsize) and thus cannot be used for sanity checks yet. Of course if there is a misuse of nand_change_read_column_op() so early we won't be warned, but there is anyway no actual check to perform at this stage as we do not yet know the NAND geometry. So, if the fields are empty, especially mtd->writesize which is *always* set quite rapidly after identification, let's skip the sanity checks. nand_change_read_column_op() is subject to be used early for ONFI/JEDEC identification in the very unlikely case of: - bitflips appearing in the parameter page, - the controller driver not supporting simple DATA_IN cycles. As nand_change_read_column_op() uses nand_fill_column_cycles() the logic explaind above also applies in this secondary helper. Fixes: c27842e7e11f ("mtd: rawnand: onfi: Adapt the parameter page read to constraint controllers") Fixes: daca31765e8b ("mtd: rawnand: jedec: Adapt the parameter page read to constraint controllers") Cc: stable(a)vger.kernel.org Reported-by: Alexander Dahl <ada(a)thorsis.com> Closes: https://lore.kernel.org/linux-mtd/20240306-shaky-bunion-d28b65ea97d7@thorsi… Reported-by: Steven Seeger <steven.seeger(a)flightsystems.net> Closes: https://lore.kernel.org/linux-mtd/DM6PR05MB4506554457CF95191A670BDEF7062@DM… Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- Changes in v2: * Dropped the double (( )) * Fixed nand_fill_column_cycles() as well. --- drivers/mtd/nand/raw/nand_base.c | 57 ++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 25 deletions(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index 248e654ecefd..53e16d39af4b 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -1093,28 +1093,32 @@ static int nand_fill_column_cycles(struct nand_chip *chip, u8 *addrs, unsigned int offset_in_page) { struct mtd_info *mtd = nand_to_mtd(chip); + bool ident_stage = !mtd->writesize; - /* Make sure the offset is less than the actual page size. */ - if (offset_in_page > mtd->writesize + mtd->oobsize) - return -EINVAL; - - /* - * On small page NANDs, there's a dedicated command to access the OOB - * area, and the column address is relative to the start of the OOB - * area, not the start of the page. Asjust the address accordingly. - */ - if (mtd->writesize <= 512 && offset_in_page >= mtd->writesize) - offset_in_page -= mtd->writesize; - - /* - * The offset in page is expressed in bytes, if the NAND bus is 16-bit - * wide, then it must be divided by 2. - */ - if (chip->options & NAND_BUSWIDTH_16) { - if (WARN_ON(offset_in_page % 2)) + /* Bypass all checks during NAND identification */ + if (likely(!ident_stage)) { + /* Make sure the offset is less than the actual page size. */ + if (offset_in_page > mtd->writesize + mtd->oobsize) return -EINVAL; - offset_in_page /= 2; + /* + * On small page NANDs, there's a dedicated command to access the OOB + * area, and the column address is relative to the start of the OOB + * area, not the start of the page. Asjust the address accordingly. + */ + if (mtd->writesize <= 512 && offset_in_page >= mtd->writesize) + offset_in_page -= mtd->writesize; + + /* + * The offset in page is expressed in bytes, if the NAND bus is 16-bit + * wide, then it must be divided by 2. + */ + if (chip->options & NAND_BUSWIDTH_16) { + if (WARN_ON(offset_in_page % 2)) + return -EINVAL; + + offset_in_page /= 2; + } } addrs[0] = offset_in_page; @@ -1123,7 +1127,7 @@ static int nand_fill_column_cycles(struct nand_chip *chip, u8 *addrs, * Small page NANDs use 1 cycle for the columns, while large page NANDs * need 2 */ - if (mtd->writesize <= 512) + if (!ident_stage && mtd->writesize <= 512) return 1; addrs[1] = offset_in_page >> 8; @@ -1436,16 +1440,19 @@ int nand_change_read_column_op(struct nand_chip *chip, unsigned int len, bool force_8bit) { struct mtd_info *mtd = nand_to_mtd(chip); + bool ident_stage = !mtd->writesize; if (len && !buf) return -EINVAL; - if (offset_in_page + len > mtd->writesize + mtd->oobsize) - return -EINVAL; + if (!ident_stage) { + if (offset_in_page + len > mtd->writesize + mtd->oobsize) + return -EINVAL; - /* Small page NANDs do not support column change. */ - if (mtd->writesize <= 512) - return -ENOTSUPP; + /* Small page NANDs do not support column change. */ + if (mtd->writesize <= 512) + return -ENOTSUPP; + } if (nand_has_exec_op(chip)) { const struct nand_interface_config *conf = -- 2.40.1

11 months, 1 week

2
3
0 0

[PATCH v2] mtd: rawnand: rockchip: ensure NVDDR timings are rejected

by Val Packett

.setup_interface first gets called with a "target" value of NAND_DATA_IFACE_CHECK_ONLY, in which case an error is expected if the controller driver does not support the timing mode (NVDDR). Fixes: a9ecc8c814e9 ("mtd: rawnand: Choose the best timings, NV-DDR included") Signed-off-by: Val Packett <val(a)packett.cool> Cc: stable(a)vger.kernel.org --- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/nand/raw/rockchip-nand-controller.c b/drivers/mtd/nand/raw/rockchip-nand-controller.c index 7baaef69d..555804476 100644 --- a/drivers/mtd/nand/raw/rockchip-nand-controller.c +++ b/drivers/mtd/nand/raw/rockchip-nand-controller.c @@ -420,13 +420,13 @@ static int rk_nfc_setup_interface(struct nand_chip *chip, int target, u32 rate, tc2rw, trwpw, trw2c; u32 temp; - if (target < 0) - return 0; - timings = nand_get_sdr_timings(conf); if (IS_ERR(timings)) return -EOPNOTSUPP; + if (target < 0) + return 0; + if (IS_ERR(nfc->nfc_clk)) rate = clk_get_rate(nfc->ahb_clk); else -- 2.45.0

11 months, 1 week

2
1
0 0

[PATCH] ACPI: APEI: EINJ: Fix einj_dev release leak

by Dan Williams

The platform driver conversion of EINJ mistakenly used platform_device_del() to unwind platform_device_register_full() at module exit. This leads to a small leak of one 'struct platform_device' instance per module load/unload cycle. Switch to platform_device_unregister() which performs both device_del() and final put_device(). Fixes: 5621fafaac00 ("EINJ: Migrate to a platform driver") Cc: <stable(a)vger.kernel.org> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: Ben Cheatham <Benjamin.Cheatham(a)amd.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/acpi/apei/einj-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/acpi/apei/einj-core.c b/drivers/acpi/apei/einj-core.c index 01faca3a238a..bb9f8475ce59 100644 --- a/drivers/acpi/apei/einj-core.c +++ b/drivers/acpi/apei/einj-core.c @@ -903,7 +903,7 @@ static void __exit einj_exit(void) if (einj_initialized) platform_driver_unregister(&einj_driver); - platform_device_del(einj_dev); + platform_device_unregister(einj_dev); } module_init(einj_init);

11 months, 1 week

3
2
0 0

[git:media_stage/fixes] media: mgb4: Fix double debugfs remove

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: mgb4: Fix double debugfs remove Author: Martin Tůma <martin.tuma(a)digiteqautomotive.com> Date: Tue May 21 18:22:54 2024 +0200 Fixes an error where debugfs_remove_recursive() is called first on a parent directory and then again on a child which causes a kernel panic. Signed-off-by: Martin Tůma <martin.tuma(a)digiteqautomotive.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Fixes: 0ab13674a9bd ("media: pci: mgb4: Added Digiteq Automotive MGB4 driver") Cc: <stable(a)vger.kernel.org> [hverkuil: added Fixes/Cc tags] drivers/media/pci/mgb4/mgb4_core.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- diff --git a/drivers/media/pci/mgb4/mgb4_core.c b/drivers/media/pci/mgb4/mgb4_core.c index 60498a5abebf..ab4f07e2e560 100644 --- a/drivers/media/pci/mgb4/mgb4_core.c +++ b/drivers/media/pci/mgb4/mgb4_core.c @@ -642,9 +642,6 @@ static void mgb4_remove(struct pci_dev *pdev) struct mgb4_dev *mgbdev = pci_get_drvdata(pdev); int i; -#ifdef CONFIG_DEBUG_FS - debugfs_remove_recursive(mgbdev->debugfs); -#endif #if IS_REACHABLE(CONFIG_HWMON) hwmon_device_unregister(mgbdev->hwmon_dev); #endif @@ -659,6 +656,10 @@ static void mgb4_remove(struct pci_dev *pdev) if (mgbdev->vin[i]) mgb4_vin_free(mgbdev->vin[i]); +#ifdef CONFIG_DEBUG_FS + debugfs_remove_recursive(mgbdev->debugfs); +#endif + device_remove_groups(&mgbdev->pdev->dev, mgb4_pci_groups); free_spi(mgbdev); free_i2c(mgbdev);

11 months, 1 week

1
0
0 0

[PATCH] xhci: Handle TD clearing for multiple streams case

by Hector Martin

When multiple streams are in use, multiple TDs might be in flight when an endpoint is stopped. We need to issue a Set TR Dequeue Pointer for each, to ensure everything is reset properly and the caches cleared. Change the logic so that any N>1 TDs found active for different streams are deferred until after the first one is processed, calling xhci_invalidate_cancelled_tds() again from xhci_handle_cmd_set_deq() to queue another command until we are done with all of them. Also change the error/"should never happen" paths to ensure we at least clear any affected TDs, even if we can't issue a command to clear the hardware cache, and complain loudly with an xhci_warn() if this ever happens. This problem case dates back to commit e9df17eb1408 ("USB: xhci: Correct assumptions about number of rings per endpoint.") early on in the XHCI driver's life, when stream support was first added. At that point, this condition would cause TDs to not be given back at all, causing hanging transfers - but no security bug. It was then identified but not fixed nor made into a warning in commit 674f8438c121 ("xhci: split handling halted endpoints into two steps"), which added a FIXME comment for the problem case (without materially changing the behavior as far as I can tell, though the new logic made the problem more obvious). Then later, in commit 94f339147fc3 ("xhci: Fix failure to give back some cached cancelled URBs."), it was acknowledged again. This commit was unfortunately not reviewed at all, as it was authored by the maintainer directly. Had it been, perhaps a second set of eyes would've noticed that it does not fix the bug, but rather just makes it (much) worse. It turns the "transfers hang" bug into a "random memory corruption" bug, by blindly marking TDs as complete without actually clearing them at all nor moving the dequeue pointer past them, which means they aren't actually complete, and the xHC will try to transfer data to/from them when the endpoint resumes, now to freed memory buffers. This could have been a legitimate oversight, but apparently the commit author was aware of the problem (yet still chose to submit it): It was still mentioned as a FIXME, an xhci_dbg() was added to log the problem condition, and the remaining issue was mentioned in the commit description. The choice of making the log type xhci_dbg() for what is, at this point, a completely unhandled and known broken condition is puzzling and unfortunate, as it guarantees that no actual users would see the log in production, thereby making it nigh undebuggable (indeed, even if you turn on DEBUG, the message doesn't really hint at there being a problem at all). It took me *months* of random xHC crashes to finally find a reliable repro and be able to do a deep dive debug session, which could all have been avoided had this unhandled, broken condition been actually reported with a warning, as it should have been as a bug intentionally left in unfixed (never mind that it shouldn't have been left in at all). > Another fix to solve clearing the caches of all stream rings with > cancelled TDs is needed, but not as urgent. 3 years after that statement and 14 years after the original bug was introduced, I think it's finally time to fix it. And maybe next time let's not leave bugs unfixed (that are actually worse than the original bug), and let's actually get people to review kernel commits please. Fixes xHC crashes and IOMMU faults with UAS devices when handling errors/faults. Easiest repro is to use `hdparm` to mark an early sector (e.g. 1024) on a disk as bad, then `cat /dev/sdX > /dev/null` in a loop. At least in the case of JMicron controllers, the read errors end up having to cancel two TDs (for two queued requests to different streams) and the one that didn't get cleared properly ends up faulting the xHC entirely when it tries to access DMA pages that have since been unmapped, referred to by the stale TDs. This normally happens quickly (after two or three loops). After this fix, I left the `cat` in a loop running overnight and experienced no xHC failures, with all read errors recovered properly. Repro'd and tested on an Apple M1 Mac Mini (dwc3 host). On systems without an IOMMU, this bug would instead silently corrupt freed memory, making this a security bug (even on systems with IOMMUs this could silently corrupt memory belonging to other USB devices on the same controller, so it's still a security bug). Given that the kernel autoprobes partition tables, I'm pretty sure a malicious USB device pretending to be a UAS device and reporting an error with the right timing could deliberately trigger a UAF and write to freed memory, with no user action. Fixes: e9df17eb1408 ("USB: xhci: Correct assumptions about number of rings per endpoint.") Fixes: 94f339147fc3 ("xhci: Fix failure to give back some cached cancelled URBs.") Fixes: 674f8438c121 ("xhci: split handling halted endpoints into two steps") Cc: stable(a)vger.kernel.org Cc: security(a)kernel.org Signed-off-by: Hector Martin <marcan(a)marcan.st> --- drivers/usb/host/xhci-ring.c | 54 +++++++++++++++++++++++++++++++++++--------- drivers/usb/host/xhci.h | 1 + 2 files changed, 44 insertions(+), 11 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 575f0fd9c9f1..9c06502be098 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1034,13 +1034,27 @@ static int xhci_invalidate_cancelled_tds(struct xhci_virt_ep *ep) break; case TD_DIRTY: /* TD is cached, clear it */ case TD_HALTED: + case TD_CLEARING_CACHE_DEFERRED: + if (cached_td) { + if (cached_td->urb->stream_id != td->urb->stream_id) { + /* Multiple streams case, defer move dq */ + xhci_dbg(xhci, + "Move dq deferred: stream %u URB %p\n", + td->urb->stream_id, td->urb); + td->cancel_status = TD_CLEARING_CACHE_DEFERRED; + break; + } + + /* Should never happen, at least try to clear the TD if it does */ + xhci_warn(xhci, + "Found multiple active URBs %p and %p in stream %u?\n", + td->urb, cached_td->urb, + td->urb->stream_id); + td_to_noop(xhci, ring, cached_td, false); + cached_td->cancel_status = TD_CLEARED; + } + td->cancel_status = TD_CLEARING_CACHE; - if (cached_td) - /* FIXME stream case, several stopped rings */ - xhci_dbg(xhci, - "Move dq past stream %u URB %p instead of stream %u URB %p\n", - td->urb->stream_id, td->urb, - cached_td->urb->stream_id, cached_td->urb); cached_td = td; break; } @@ -1060,10 +1074,16 @@ static int xhci_invalidate_cancelled_tds(struct xhci_virt_ep *ep) if (err) { /* Failed to move past cached td, just set cached TDs to no-op */ list_for_each_entry_safe(td, tmp_td, &ep->cancelled_td_list, cancelled_td_list) { - if (td->cancel_status != TD_CLEARING_CACHE) + /* + * Deferred TDs need to have the deq pointer set after the above command + * completes, so if that failed we just give up on all of them (and + * complain loudly since this could cause issues due to caching). + */ + if (td->cancel_status != TD_CLEARING_CACHE && + td->cancel_status != TD_CLEARING_CACHE_DEFERRED) continue; - xhci_dbg(xhci, "Failed to clear cancelled cached URB %p, mark clear anyway\n", - td->urb); + xhci_warn(xhci, "Failed to clear cancelled cached URB %p, mark clear anyway\n", + td->urb); td_to_noop(xhci, ring, td, false); td->cancel_status = TD_CLEARED; } @@ -1350,6 +1370,7 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, struct xhci_ep_ctx *ep_ctx; struct xhci_slot_ctx *slot_ctx; struct xhci_td *td, *tmp_td; + bool deferred = false; ep_index = TRB_TO_EP_INDEX(le32_to_cpu(trb->generic.field[3])); stream_id = TRB_TO_STREAM_ID(le32_to_cpu(trb->generic.field[2])); @@ -1436,6 +1457,8 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, xhci_dbg(ep->xhci, "%s: Giveback cancelled URB %p TD\n", __func__, td->urb); xhci_td_cleanup(ep->xhci, td, ep_ring, td->status); + } else if (td->cancel_status == TD_CLEARING_CACHE_DEFERRED) { + deferred = true; } else { xhci_dbg(ep->xhci, "%s: Keep cancelled URB %p TD as cancel_status is %d\n", __func__, td->urb, td->cancel_status); @@ -1445,8 +1468,17 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, ep->ep_state &= ~SET_DEQ_PENDING; ep->queued_deq_seg = NULL; ep->queued_deq_ptr = NULL; - /* Restart any rings with pending URBs */ - ring_doorbell_for_active_rings(xhci, slot_id, ep_index); + + if (deferred) { + /* We have more streams to clear */ + xhci_dbg(ep->xhci, "%s: Pending TDs to clear, continuing with invalidation\n", + __func__); + xhci_invalidate_cancelled_tds(ep); + } else { + /* Restart any rings with pending URBs */ + xhci_dbg(ep->xhci, "%s: All TDs cleared, ring doorbell\n", __func__); + ring_doorbell_for_active_rings(xhci, slot_id, ep_index); + } } static void xhci_handle_cmd_reset_ep(struct xhci_hcd *xhci, int slot_id, diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 6f4bf98a6282..aa4379bdb90c 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1276,6 +1276,7 @@ enum xhci_cancelled_td_status { TD_DIRTY = 0, TD_HALTED, TD_CLEARING_CACHE, + TD_CLEARING_CACHE_DEFERRED, TD_CLEARED, }; --- base-commit: a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 change-id: 20240524-xhci-streams-124e88db52e6 Best regards, -- Hector Martin <marcan(a)marcan.st>

11 months, 1 week

3
2
0 0

[PATCH v3] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap [1]. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. [1] https://github.com/the-tcpdump-group/libpcap/issues/1105 Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..82b36e90d73b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1011,6 +1011,10 @@ static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(pkc->skb->protocol)) { + ppd->hv1.tp_vlan_tci = ntohs(vlan_eth_hdr(pkc->skb)->h_vlan_TCI); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2432,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + h.h2->tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2465,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3491,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3549,10 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + aux.tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.40.1

11 months, 1 week

1
0
0 0

[PATCH v2] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap [1]. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. [1] https://github.com/the-tcpdump-group/libpcap/issues/1105 Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.") Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..82b36e90d73b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1011,6 +1011,10 @@ static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(pkc->skb->protocol)) { + ppd->hv1.tp_vlan_tci = ntohs(vlan_eth_hdr(pkc->skb)->h_vlan_TCI); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2432,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + h.h2->tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2465,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3491,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3549,10 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + aux.tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.40.1

11 months, 1 week

2
2
0 0

RE: [PATCH] Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading

by Bough Chen

> -----Original Message----- > From: Luke Wang <ziniu.wang_1(a)nxp.com> > Sent: 2024年5月17日 19:16 > To: marcel(a)holtmann.org; luiz.dentz(a)gmail.com > Cc: linux-bluetooth(a)vger.kernel.org; linux-kernel(a)vger.kernel.org; Amitkumar > Karwar <amitkumar.karwar(a)nxp.com>; Rohit Fule <rohit.fule(a)nxp.com>; > Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>; Sherry Sun > <sherry.sun(a)nxp.com>; Bough Chen <haibo.chen(a)nxp.com>; Jun Li > <jun.li(a)nxp.com>; Guillaume Legoupil <guillaume.legoupil(a)nxp.com>; Salim > Chebbo <salim.chebbo(a)nxp.com>; imx(a)lists.linux.dev > Subject: [PATCH] Bluetooth: btnxpuart: Shutdown timer and prevent rearming > when driver unloading > > From: Luke Wang <ziniu.wang_1(a)nxp.com> > > When unload the btnxpuart driver, its associated timer will be deleted. > If the timer happens to be modified at this moment, it leads to the kernel call > this timer even after the driver unloaded, resulting in kernel panic. > Use timer_shutdown_sync() instead of del_timer_sync() to prevent rearming. > > panic log: > Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP > Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) > crct10dif_ce polyval_ce polyval_generic snd_soc_imx_card > snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg > snd_soc_wm8962 snd_soc_fsl_micfil snd_soc_fsl_sai flexcan snd_soc_fsl_utils > ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last > unloaded: btnxpuart] > CPU: 5 PID: 723 Comm: memtester Tainted: G O > 6.6.23-lts-next-06207-g4aef2658ac28 #1 > Hardware name: NXP i.MX95 19X19 board (DT) > pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : 0xffff80007a2cf464 > lr : call_timer_fn.isra.0+0x24/0x80 > ... > Call trace: > 0xffff80007a2cf464 > __run_timers+0x234/0x280 > run_timer_softirq+0x20/0x40 > __do_softirq+0x100/0x26c > ____do_softirq+0x10/0x1c > call_on_irq_stack+0x24/0x4c > do_softirq_own_stack+0x1c/0x2c > irq_exit_rcu+0xc0/0xdc > el0_interrupt+0x54/0xd8 > __el0_irq_handler_common+0x18/0x24 > el0t_64_irq_handler+0x10/0x1c > el0t_64_irq+0x190/0x194 > Code: ???????? ???????? ???????? ???????? (????????) > ---[ end trace 0000000000000000 ]--- > Kernel panic - not syncing: Oops: Fatal exception in interrupt > SMP: stopping secondary CPUs > Kernel Offset: disabled > CPU features: 0x0,c0000000,40028143,1000721b > Memory Limit: none > ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- Hi all, This patch is already accepted, but I notice it lack fix tag, can anyone help add the following fix tag? Fixes: 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP Bluetooth chipsets") Cc: stable(a)vger.kernel.org This patch should also put into stable tree. I add the stable tree mail list here. Best Regards Haibo Chen > > Signed-off-by: Luke Wang <ziniu.wang_1(a)nxp.com> > --- > drivers/bluetooth/btnxpuart.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c index > 7f88b6f52f26..77f974a5251b 100644 > --- a/drivers/bluetooth/btnxpuart.c > +++ b/drivers/bluetooth/btnxpuart.c > @@ -328,7 +328,7 @@ static void ps_cancel_timer(struct btnxpuart_dev > *nxpdev) > struct ps_data *psdata = &nxpdev->psdata; > > flush_work(&psdata->work); > - del_timer_sync(&psdata->ps_timer); > + timer_shutdown_sync(&psdata->ps_timer); > } > > static void ps_control(struct hci_dev *hdev, u8 ps_state) > -- > 2.34.1

11 months, 1 week

1
0
0 0

Re: Patch "platform/x86: xiaomi-wmi: Fix race condition when reporting key events" has been added to the 5.4-stable tree

by Armin Wolf

Am 26.05.24 um 22:19 schrieb Sasha Levin: > This is a note to let you know that I've just added the patch titled > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > to the 5.4-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > platform-x86-xiaomi-wmi-fix-race-condition-when-repo.patch > and it can be found in the queue-5.4 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Hi, the underlying race condition can only be triggered since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on all CPUs"), which afaik was introduced with kernel 6.8. Because of this, i do not think that we have to backport this commit to kernels before 6.8. Thanks, Armin Wolf > > commit 7217162b48f60edc29afbeff641b7de02076bb86 > Author: Armin Wolf <W_Armin(a)gmx.de> > Date: Tue Apr 2 16:30:57 2024 +0200 > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > [ Upstream commit 290680c2da8061e410bcaec4b21584ed951479af ] > > Multiple WMI events can be received concurrently, so multiple instances > of xiaomi_wmi_notify() can be active at the same time. Since the input > device is shared between those handlers, the key input sequence can be > disturbed. > > Fix this by protecting the key input sequence with a mutex. > > Compile-tested only. > > Fixes: edb73f4f0247 ("platform/x86: wmi: add Xiaomi WMI key driver") > Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> > Link: https://lore.kernel.org/r/20240402143059.8456-2-W_Armin@gmx.de > Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> > Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/platform/x86/xiaomi-wmi.c b/drivers/platform/x86/xiaomi-wmi.c > index 54a2546bb93bf..be80f0bda9484 100644 > --- a/drivers/platform/x86/xiaomi-wmi.c > +++ b/drivers/platform/x86/xiaomi-wmi.c > @@ -2,8 +2,10 @@ > /* WMI driver for Xiaomi Laptops */ > > #include <linux/acpi.h> > +#include <linux/device.h> > #include <linux/input.h> > #include <linux/module.h> > +#include <linux/mutex.h> > #include <linux/wmi.h> > > #include <uapi/linux/input-event-codes.h> > @@ -20,12 +22,21 @@ > > struct xiaomi_wmi { > struct input_dev *input_dev; > + struct mutex key_lock; /* Protects the key event sequence */ > unsigned int key_code; > }; > > +static void xiaomi_mutex_destroy(void *data) > +{ > + struct mutex *lock = data; > + > + mutex_destroy(lock); > +} > + > static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > { > struct xiaomi_wmi *data; > + int ret; > > if (wdev == NULL || context == NULL) > return -EINVAL; > @@ -35,6 +46,11 @@ static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > return -ENOMEM; > dev_set_drvdata(&wdev->dev, data); > > + mutex_init(&data->key_lock); > + ret = devm_add_action_or_reset(&wdev->dev, xiaomi_mutex_destroy, &data->key_lock); > + if (ret < 0) > + return ret; > + > data->input_dev = devm_input_allocate_device(&wdev->dev); > if (data->input_dev == NULL) > return -ENOMEM; > @@ -59,10 +75,12 @@ static void xiaomi_wmi_notify(struct wmi_device *wdev, union acpi_object *dummy) > if (data == NULL) > return; > > + mutex_lock(&data->key_lock); > input_report_key(data->input_dev, data->key_code, 1); > input_sync(data->input_dev); > input_report_key(data->input_dev, data->key_code, 0); > input_sync(data->input_dev); > + mutex_unlock(&data->key_lock); > } > > static const struct wmi_device_id xiaomi_wmi_id_table[] = {

11 months, 1 week

1
0
0 0

Re: Patch "platform/x86: xiaomi-wmi: Fix race condition when reporting key events" has been added to the 5.10-stable tree

by Armin Wolf

Am 26.05.24 um 22:14 schrieb Sasha Levin: > This is a note to let you know that I've just added the patch titled > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > to the 5.10-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > platform-x86-xiaomi-wmi-fix-race-condition-when-repo.patch > and it can be found in the queue-5.10 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Hi, the underlying race condition can only be triggered since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on all CPUs"), which afaik was introduced with kernel 6.8. Because of this, i do not think that we have to backport this commit to kernels before 6.8. Thanks, Armin Wolf > > commit 6f4e7901c3ed3c0bd3da7af5854dbb765fad2e00 > Author: Armin Wolf <W_Armin(a)gmx.de> > Date: Tue Apr 2 16:30:57 2024 +0200 > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > [ Upstream commit 290680c2da8061e410bcaec4b21584ed951479af ] > > Multiple WMI events can be received concurrently, so multiple instances > of xiaomi_wmi_notify() can be active at the same time. Since the input > device is shared between those handlers, the key input sequence can be > disturbed. > > Fix this by protecting the key input sequence with a mutex. > > Compile-tested only. > > Fixes: edb73f4f0247 ("platform/x86: wmi: add Xiaomi WMI key driver") > Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> > Link: https://lore.kernel.org/r/20240402143059.8456-2-W_Armin@gmx.de > Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> > Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/platform/x86/xiaomi-wmi.c b/drivers/platform/x86/xiaomi-wmi.c > index 54a2546bb93bf..be80f0bda9484 100644 > --- a/drivers/platform/x86/xiaomi-wmi.c > +++ b/drivers/platform/x86/xiaomi-wmi.c > @@ -2,8 +2,10 @@ > /* WMI driver for Xiaomi Laptops */ > > #include <linux/acpi.h> > +#include <linux/device.h> > #include <linux/input.h> > #include <linux/module.h> > +#include <linux/mutex.h> > #include <linux/wmi.h> > > #include <uapi/linux/input-event-codes.h> > @@ -20,12 +22,21 @@ > > struct xiaomi_wmi { > struct input_dev *input_dev; > + struct mutex key_lock; /* Protects the key event sequence */ > unsigned int key_code; > }; > > +static void xiaomi_mutex_destroy(void *data) > +{ > + struct mutex *lock = data; > + > + mutex_destroy(lock); > +} > + > static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > { > struct xiaomi_wmi *data; > + int ret; > > if (wdev == NULL || context == NULL) > return -EINVAL; > @@ -35,6 +46,11 @@ static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > return -ENOMEM; > dev_set_drvdata(&wdev->dev, data); > > + mutex_init(&data->key_lock); > + ret = devm_add_action_or_reset(&wdev->dev, xiaomi_mutex_destroy, &data->key_lock); > + if (ret < 0) > + return ret; > + > data->input_dev = devm_input_allocate_device(&wdev->dev); > if (data->input_dev == NULL) > return -ENOMEM; > @@ -59,10 +75,12 @@ static void xiaomi_wmi_notify(struct wmi_device *wdev, union acpi_object *dummy) > if (data == NULL) > return; > > + mutex_lock(&data->key_lock); > input_report_key(data->input_dev, data->key_code, 1); > input_sync(data->input_dev); > input_report_key(data->input_dev, data->key_code, 0); > input_sync(data->input_dev); > + mutex_unlock(&data->key_lock); > } > > static const struct wmi_device_id xiaomi_wmi_id_table[] = {

11 months, 1 week

1
0
0 0

Re: Patch "platform/x86: xiaomi-wmi: Fix race condition when reporting key events" has been added to the 5.15-stable tree

by Armin Wolf

Am 26.05.24 um 22:07 schrieb Sasha Levin: > This is a note to let you know that I've just added the patch titled > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > to the 5.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > platform-x86-xiaomi-wmi-fix-race-condition-when-repo.patch > and it can be found in the queue-5.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Hi, the underlying race condition can only be triggered since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on all CPUs"), which afaik was introduced with kernel 6.8. Because of this, i do not think that we have to backport this commit to kernels before 6.8. Thanks, Armin Wolf > > commit 1f436551dd453c28c23f800e7273136e526197cb > Author: Armin Wolf <W_Armin(a)gmx.de> > Date: Tue Apr 2 16:30:57 2024 +0200 > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > [ Upstream commit 290680c2da8061e410bcaec4b21584ed951479af ] > > Multiple WMI events can be received concurrently, so multiple instances > of xiaomi_wmi_notify() can be active at the same time. Since the input > device is shared between those handlers, the key input sequence can be > disturbed. > > Fix this by protecting the key input sequence with a mutex. > > Compile-tested only. > > Fixes: edb73f4f0247 ("platform/x86: wmi: add Xiaomi WMI key driver") > Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> > Link: https://lore.kernel.org/r/20240402143059.8456-2-W_Armin@gmx.de > Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> > Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/platform/x86/xiaomi-wmi.c b/drivers/platform/x86/xiaomi-wmi.c > index 54a2546bb93bf..be80f0bda9484 100644 > --- a/drivers/platform/x86/xiaomi-wmi.c > +++ b/drivers/platform/x86/xiaomi-wmi.c > @@ -2,8 +2,10 @@ > /* WMI driver for Xiaomi Laptops */ > > #include <linux/acpi.h> > +#include <linux/device.h> > #include <linux/input.h> > #include <linux/module.h> > +#include <linux/mutex.h> > #include <linux/wmi.h> > > #include <uapi/linux/input-event-codes.h> > @@ -20,12 +22,21 @@ > > struct xiaomi_wmi { > struct input_dev *input_dev; > + struct mutex key_lock; /* Protects the key event sequence */ > unsigned int key_code; > }; > > +static void xiaomi_mutex_destroy(void *data) > +{ > + struct mutex *lock = data; > + > + mutex_destroy(lock); > +} > + > static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > { > struct xiaomi_wmi *data; > + int ret; > > if (wdev == NULL || context == NULL) > return -EINVAL; > @@ -35,6 +46,11 @@ static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > return -ENOMEM; > dev_set_drvdata(&wdev->dev, data); > > + mutex_init(&data->key_lock); > + ret = devm_add_action_or_reset(&wdev->dev, xiaomi_mutex_destroy, &data->key_lock); > + if (ret < 0) > + return ret; > + > data->input_dev = devm_input_allocate_device(&wdev->dev); > if (data->input_dev == NULL) > return -ENOMEM; > @@ -59,10 +75,12 @@ static void xiaomi_wmi_notify(struct wmi_device *wdev, union acpi_object *dummy) > if (data == NULL) > return; > > + mutex_lock(&data->key_lock); > input_report_key(data->input_dev, data->key_code, 1); > input_sync(data->input_dev); > input_report_key(data->input_dev, data->key_code, 0); > input_sync(data->input_dev); > + mutex_unlock(&data->key_lock); > } > > static const struct wmi_device_id xiaomi_wmi_id_table[] = {

11 months, 1 week

1
0
0 0

Re: Patch "platform/x86: xiaomi-wmi: Fix race condition when reporting key events" has been added to the 6.1-stable tree

by Armin Wolf

Am 26.05.24 um 21:57 schrieb Sasha Levin: > This is a note to let you know that I've just added the patch titled > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > platform-x86-xiaomi-wmi-fix-race-condition-when-repo.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Hi, the underlying race condition can only be triggered since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on all CPUs"), which afaik was introduced with kernel 6.8. Because of this, i do not think that we have to backport this commit to kernels before 6.8. Thanks, Armin Wolf > > commit 1abdef69265133db29772ed5cefea2338f8ce173 > Author: Armin Wolf <W_Armin(a)gmx.de> > Date: Tue Apr 2 16:30:57 2024 +0200 > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > [ Upstream commit 290680c2da8061e410bcaec4b21584ed951479af ] > > Multiple WMI events can be received concurrently, so multiple instances > of xiaomi_wmi_notify() can be active at the same time. Since the input > device is shared between those handlers, the key input sequence can be > disturbed. > > Fix this by protecting the key input sequence with a mutex. > > Compile-tested only. > > Fixes: edb73f4f0247 ("platform/x86: wmi: add Xiaomi WMI key driver") > Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> > Link: https://lore.kernel.org/r/20240402143059.8456-2-W_Armin@gmx.de > Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> > Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/platform/x86/xiaomi-wmi.c b/drivers/platform/x86/xiaomi-wmi.c > index 54a2546bb93bf..be80f0bda9484 100644 > --- a/drivers/platform/x86/xiaomi-wmi.c > +++ b/drivers/platform/x86/xiaomi-wmi.c > @@ -2,8 +2,10 @@ > /* WMI driver for Xiaomi Laptops */ > > #include <linux/acpi.h> > +#include <linux/device.h> > #include <linux/input.h> > #include <linux/module.h> > +#include <linux/mutex.h> > #include <linux/wmi.h> > > #include <uapi/linux/input-event-codes.h> > @@ -20,12 +22,21 @@ > > struct xiaomi_wmi { > struct input_dev *input_dev; > + struct mutex key_lock; /* Protects the key event sequence */ > unsigned int key_code; > }; > > +static void xiaomi_mutex_destroy(void *data) > +{ > + struct mutex *lock = data; > + > + mutex_destroy(lock); > +} > + > static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > { > struct xiaomi_wmi *data; > + int ret; > > if (wdev == NULL || context == NULL) > return -EINVAL; > @@ -35,6 +46,11 @@ static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > return -ENOMEM; > dev_set_drvdata(&wdev->dev, data); > > + mutex_init(&data->key_lock); > + ret = devm_add_action_or_reset(&wdev->dev, xiaomi_mutex_destroy, &data->key_lock); > + if (ret < 0) > + return ret; > + > data->input_dev = devm_input_allocate_device(&wdev->dev); > if (data->input_dev == NULL) > return -ENOMEM; > @@ -59,10 +75,12 @@ static void xiaomi_wmi_notify(struct wmi_device *wdev, union acpi_object *dummy) > if (data == NULL) > return; > > + mutex_lock(&data->key_lock); > input_report_key(data->input_dev, data->key_code, 1); > input_sync(data->input_dev); > input_report_key(data->input_dev, data->key_code, 0); > input_sync(data->input_dev); > + mutex_unlock(&data->key_lock); > } > > static const struct wmi_device_id xiaomi_wmi_id_table[] = {

11 months, 1 week

1
0
0 0

"ata: libata: move ata_{port,link,dev}_dbg to standard pr_XXX() macros" - 742bef476ca5352b16063161fb73a56629a6d995 changed logging behavior and disabled a number of messages

by Krzysztof Olędzki

Hi, I noticed that since https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… (which also got backported to -stable kernels) several of messages from dmesg regarding the ATA subsystem are no longer logged. For example, on my Dell PowerEdge 840 which has only one PATA port I used to get: scsi host1: ata_piix ata1: PATA max UDMA/100 cmd 0x1f0 ctl 0x3f6 bmdma 0xfc00 irq 14 ata2: PATA max UDMA/100 cmd 0x170 ctl 0x376 bmdma 0xfc08 irq 15 ata_piix 0000:00:1f.2: MAP [ P0 P2 P1 P3 ] ata2: port disabled--ignoring ata1.01: NODEV after polling detection ata1.00: ATAPI: SAMSUNG CD-R/RW SW-248F, R602, max UDMA/33 After that commit, the following two log entries are missing: ata2: port disabled--ignoring ata1.01: NODEV after polling detection Note that these are just examples, there are many more messages impacted by that. Looking at the code, these messages are logged via ata_link_dbg / ata_dev_dbg: ata_link_dbg(link, "port disabled--ignoring\n"); [in drivers/ata/libata-eh.c] ata_dev_dbg(dev, "NODEV after polling detection\n"); [in drivers/ata/libata-core.c] The commit change how the logging is called - ata_dev_printk function which was calling printk() directly got replaced with the following macro: +#define ata_dev_printk(level, dev, fmt, ...) \ + pr_ ## level("ata%u.%02u: " fmt, \ + (dev)->link->ap->print_id, \ + (dev)->link->pmp + (dev)->devno, \ + ##__VA_ARGS__) (...) #define ata_link_dbg(link, fmt, ...) \ - ata_link_printk(link, KERN_DEBUG, fmt, ##__VA_ARGS__) + ata_link_printk(debug, link, fmt, ##__VA_ARGS__) (...) #define ata_dev_dbg(dev, fmt, ...) \ - ata_dev_printk(dev, KERN_DEBUG, fmt, ##__VA_ARGS__) + ata_dev_printk(debug, dev, fmt, ##__VA_ARGS__ So, instead of printk(..., level == KERN_DEBUG, ) we now call pr_debug(...). This is a problem as printk(msg, KERN_DEBUG) != pr_debug(msg). pr_debug is defined as: /* If you are writing a driver, please use dev_dbg instead */ #if defined(CONFIG_DYNAMIC_DEBUG) || \ (defined(CONFIG_DYNAMIC_DEBUG_CORE) && defined(DYNAMIC_DEBUG_MODULE)) #include <linux/dynamic_debug.h> /** * pr_debug - Print a debug-level message conditionally * @fmt: format string * @...: arguments for the format string * * This macro expands to dynamic_pr_debug() if CONFIG_DYNAMIC_DEBUG is * set. Otherwise, if DEBUG is defined, it's equivalent to a printk with * KERN_DEBUG loglevel. If DEBUG is not defined it does nothing. * * It uses pr_fmt() to generate the format string (dynamic_pr_debug() uses * pr_fmt() internally). */ #define pr_debug(fmt, ...) \ dynamic_pr_debug(fmt, ##__VA_ARGS__) #elif defined(DEBUG) #define pr_debug(fmt, ...) \ printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__) #else #define pr_debug(fmt, ...) \ no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__) #endif Without CONFIG_DYNAMIC_DEBUG and if no CONFIG_DEBUG is enabled, the end result is calling no_printk which means nothing gets logged. Looking at the code, there are more impacted calls, like for example ata_dev_dbg(dev, "disabling queued TRIM support\n") for ATA_HORKAGE_NO_NCQ_TRIM, which also seems like an important information to log, and there are more. Was this change done intentionally? Note that most of the "debug" printks in libata code seem to be guarded by ata_msg_info / ata_msg_probe / ATA_DEBUG which was sufficient to prevent excess debug information logging. One of the cases like this was covered in the patch: -#ifdef ATA_DEBUG if (status != 0xff && (status & (ATA_BUSY | ATA_DRQ))) - ata_port_printk(ap, KERN_DEBUG, "abnormal Status 0x%X\n", - status); -#endif + ata_port_dbg(ap, "abnormal Status 0x%X\n", status); Assuming this is the intended direction, would it make sense for now to at promote "unconditionally" logged messages from ata_link_dbg/ata_dev_dbg to ata_link_info/ata_dev_info? Longer term, perhaps we want to revisit ata_msg_info/ata_msg_probe/ATA_DEBUG/ATA_VERBOSE_DEBUG vs ata_dev_printk/ata_link_printk/pr_debug (and maybe also pr_devel), especially that DYNAMIC_DEBUG is available these days... Best regards, Krzysztof Olędzki

11 months, 1 week

4
7
0 0

FAILED: patch "[PATCH] nilfs2: fix use-after-free of timer for log writer thread" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052609-speckled-elusive-2d6c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Mon, 20 May 2024 22:26:19 +0900 Subject: [PATCH] nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported regarding the timer sc_timer on the nilfs_sc_info structure. The problem is that even though it is used to wake up a sleeping log writer thread, sc_timer is not shut down until the nilfs_sc_info structure is about to be freed, and is used regardless of the thread's lifetime. Fix this issue by limiting the use of sc_timer only while the log writer thread is alive. Link: https://lkml.kernel.org/r/20240520132621.4054-1-konishi.ryusuke@gmail.com Link: https://lkml.kernel.org/r/20240520132621.4054-2-konishi.ryusuke@gmail.com Fixes: fdce895ea5dd ("nilfs2: change sc_timer from a pointer to an embedded one in struct nilfs_sc_info") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: "Bai, Shuangpeng" <sjb7183(a)psu.edu> Closes: https://groups.google.com/g/syzkaller/c/MK_LYqtt8ko/m/8rgdWeseAwAJ Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 6be7dd423fbd..7cb34e1c9206 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -2118,8 +2118,10 @@ static void nilfs_segctor_start_timer(struct nilfs_sc_info *sci) { spin_lock(&sci->sc_state_lock); if (!(sci->sc_state & NILFS_SEGCTOR_COMMIT)) { - sci->sc_timer.expires = jiffies + sci->sc_interval; - add_timer(&sci->sc_timer); + if (sci->sc_task) { + sci->sc_timer.expires = jiffies + sci->sc_interval; + add_timer(&sci->sc_timer); + } sci->sc_state |= NILFS_SEGCTOR_COMMIT; } spin_unlock(&sci->sc_state_lock); @@ -2320,10 +2322,21 @@ int nilfs_construct_dsync_segment(struct super_block *sb, struct inode *inode, */ static void nilfs_segctor_accept(struct nilfs_sc_info *sci) { + bool thread_is_alive; + spin_lock(&sci->sc_state_lock); sci->sc_seq_accepted = sci->sc_seq_request; + thread_is_alive = (bool)sci->sc_task; spin_unlock(&sci->sc_state_lock); - del_timer_sync(&sci->sc_timer); + + /* + * This function does not race with the log writer thread's + * termination. Therefore, deleting sc_timer, which should not be + * done after the log writer thread exits, can be done safely outside + * the area protected by sc_state_lock. + */ + if (thread_is_alive) + del_timer_sync(&sci->sc_timer); } /** @@ -2349,7 +2362,7 @@ static void nilfs_segctor_notify(struct nilfs_sc_info *sci, int mode, int err) sci->sc_flush_request &= ~FLUSH_DAT_BIT; /* re-enable timer if checkpoint creation was not done */ - if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && + if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && sci->sc_task && time_before(jiffies, sci->sc_timer.expires)) add_timer(&sci->sc_timer); } @@ -2539,6 +2552,7 @@ static int nilfs_segctor_thread(void *arg) int timeout = 0; sci->sc_timer_task = current; + timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); /* start sync. */ sci->sc_task = current; @@ -2606,6 +2620,7 @@ static int nilfs_segctor_thread(void *arg) end_thread: /* end sync. */ sci->sc_task = NULL; + timer_shutdown_sync(&sci->sc_timer); wake_up(&sci->sc_wait_task); /* for nilfs_segctor_kill_thread() */ spin_unlock(&sci->sc_state_lock); return 0; @@ -2669,7 +2684,6 @@ static struct nilfs_sc_info *nilfs_segctor_new(struct super_block *sb, INIT_LIST_HEAD(&sci->sc_gc_inodes); INIT_LIST_HEAD(&sci->sc_iput_queue); INIT_WORK(&sci->sc_iput_work, nilfs_iput_work_func); - timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); sci->sc_interval = HZ * NILFS_SC_DEFAULT_TIMEOUT; sci->sc_mjcp_freq = HZ * NILFS_SC_DEFAULT_SR_FREQ; @@ -2748,7 +2762,6 @@ static void nilfs_segctor_destroy(struct nilfs_sc_info *sci) down_write(&nilfs->ns_segctor_sem); - timer_shutdown_sync(&sci->sc_timer); kfree(sci); }

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix use-after-free of timer for log writer thread" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052606-skater-friction-3021@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Mon, 20 May 2024 22:26:19 +0900 Subject: [PATCH] nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported regarding the timer sc_timer on the nilfs_sc_info structure. The problem is that even though it is used to wake up a sleeping log writer thread, sc_timer is not shut down until the nilfs_sc_info structure is about to be freed, and is used regardless of the thread's lifetime. Fix this issue by limiting the use of sc_timer only while the log writer thread is alive. Link: https://lkml.kernel.org/r/20240520132621.4054-1-konishi.ryusuke@gmail.com Link: https://lkml.kernel.org/r/20240520132621.4054-2-konishi.ryusuke@gmail.com Fixes: fdce895ea5dd ("nilfs2: change sc_timer from a pointer to an embedded one in struct nilfs_sc_info") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: "Bai, Shuangpeng" <sjb7183(a)psu.edu> Closes: https://groups.google.com/g/syzkaller/c/MK_LYqtt8ko/m/8rgdWeseAwAJ Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 6be7dd423fbd..7cb34e1c9206 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -2118,8 +2118,10 @@ static void nilfs_segctor_start_timer(struct nilfs_sc_info *sci) { spin_lock(&sci->sc_state_lock); if (!(sci->sc_state & NILFS_SEGCTOR_COMMIT)) { - sci->sc_timer.expires = jiffies + sci->sc_interval; - add_timer(&sci->sc_timer); + if (sci->sc_task) { + sci->sc_timer.expires = jiffies + sci->sc_interval; + add_timer(&sci->sc_timer); + } sci->sc_state |= NILFS_SEGCTOR_COMMIT; } spin_unlock(&sci->sc_state_lock); @@ -2320,10 +2322,21 @@ int nilfs_construct_dsync_segment(struct super_block *sb, struct inode *inode, */ static void nilfs_segctor_accept(struct nilfs_sc_info *sci) { + bool thread_is_alive; + spin_lock(&sci->sc_state_lock); sci->sc_seq_accepted = sci->sc_seq_request; + thread_is_alive = (bool)sci->sc_task; spin_unlock(&sci->sc_state_lock); - del_timer_sync(&sci->sc_timer); + + /* + * This function does not race with the log writer thread's + * termination. Therefore, deleting sc_timer, which should not be + * done after the log writer thread exits, can be done safely outside + * the area protected by sc_state_lock. + */ + if (thread_is_alive) + del_timer_sync(&sci->sc_timer); } /** @@ -2349,7 +2362,7 @@ static void nilfs_segctor_notify(struct nilfs_sc_info *sci, int mode, int err) sci->sc_flush_request &= ~FLUSH_DAT_BIT; /* re-enable timer if checkpoint creation was not done */ - if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && + if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && sci->sc_task && time_before(jiffies, sci->sc_timer.expires)) add_timer(&sci->sc_timer); } @@ -2539,6 +2552,7 @@ static int nilfs_segctor_thread(void *arg) int timeout = 0; sci->sc_timer_task = current; + timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); /* start sync. */ sci->sc_task = current; @@ -2606,6 +2620,7 @@ static int nilfs_segctor_thread(void *arg) end_thread: /* end sync. */ sci->sc_task = NULL; + timer_shutdown_sync(&sci->sc_timer); wake_up(&sci->sc_wait_task); /* for nilfs_segctor_kill_thread() */ spin_unlock(&sci->sc_state_lock); return 0; @@ -2669,7 +2684,6 @@ static struct nilfs_sc_info *nilfs_segctor_new(struct super_block *sb, INIT_LIST_HEAD(&sci->sc_gc_inodes); INIT_LIST_HEAD(&sci->sc_iput_queue); INIT_WORK(&sci->sc_iput_work, nilfs_iput_work_func); - timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); sci->sc_interval = HZ * NILFS_SC_DEFAULT_TIMEOUT; sci->sc_mjcp_freq = HZ * NILFS_SC_DEFAULT_SR_FREQ; @@ -2748,7 +2762,6 @@ static void nilfs_segctor_destroy(struct nilfs_sc_info *sci) down_write(&nilfs->ns_segctor_sem); - timer_shutdown_sync(&sci->sc_timer); kfree(sci); }

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix use-after-free of timer for log writer thread" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052605-pretext-jugular-5085@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Mon, 20 May 2024 22:26:19 +0900 Subject: [PATCH] nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported regarding the timer sc_timer on the nilfs_sc_info structure. The problem is that even though it is used to wake up a sleeping log writer thread, sc_timer is not shut down until the nilfs_sc_info structure is about to be freed, and is used regardless of the thread's lifetime. Fix this issue by limiting the use of sc_timer only while the log writer thread is alive. Link: https://lkml.kernel.org/r/20240520132621.4054-1-konishi.ryusuke@gmail.com Link: https://lkml.kernel.org/r/20240520132621.4054-2-konishi.ryusuke@gmail.com Fixes: fdce895ea5dd ("nilfs2: change sc_timer from a pointer to an embedded one in struct nilfs_sc_info") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: "Bai, Shuangpeng" <sjb7183(a)psu.edu> Closes: https://groups.google.com/g/syzkaller/c/MK_LYqtt8ko/m/8rgdWeseAwAJ Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 6be7dd423fbd..7cb34e1c9206 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -2118,8 +2118,10 @@ static void nilfs_segctor_start_timer(struct nilfs_sc_info *sci) { spin_lock(&sci->sc_state_lock); if (!(sci->sc_state & NILFS_SEGCTOR_COMMIT)) { - sci->sc_timer.expires = jiffies + sci->sc_interval; - add_timer(&sci->sc_timer); + if (sci->sc_task) { + sci->sc_timer.expires = jiffies + sci->sc_interval; + add_timer(&sci->sc_timer); + } sci->sc_state |= NILFS_SEGCTOR_COMMIT; } spin_unlock(&sci->sc_state_lock); @@ -2320,10 +2322,21 @@ int nilfs_construct_dsync_segment(struct super_block *sb, struct inode *inode, */ static void nilfs_segctor_accept(struct nilfs_sc_info *sci) { + bool thread_is_alive; + spin_lock(&sci->sc_state_lock); sci->sc_seq_accepted = sci->sc_seq_request; + thread_is_alive = (bool)sci->sc_task; spin_unlock(&sci->sc_state_lock); - del_timer_sync(&sci->sc_timer); + + /* + * This function does not race with the log writer thread's + * termination. Therefore, deleting sc_timer, which should not be + * done after the log writer thread exits, can be done safely outside + * the area protected by sc_state_lock. + */ + if (thread_is_alive) + del_timer_sync(&sci->sc_timer); } /** @@ -2349,7 +2362,7 @@ static void nilfs_segctor_notify(struct nilfs_sc_info *sci, int mode, int err) sci->sc_flush_request &= ~FLUSH_DAT_BIT; /* re-enable timer if checkpoint creation was not done */ - if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && + if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && sci->sc_task && time_before(jiffies, sci->sc_timer.expires)) add_timer(&sci->sc_timer); } @@ -2539,6 +2552,7 @@ static int nilfs_segctor_thread(void *arg) int timeout = 0; sci->sc_timer_task = current; + timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); /* start sync. */ sci->sc_task = current; @@ -2606,6 +2620,7 @@ static int nilfs_segctor_thread(void *arg) end_thread: /* end sync. */ sci->sc_task = NULL; + timer_shutdown_sync(&sci->sc_timer); wake_up(&sci->sc_wait_task); /* for nilfs_segctor_kill_thread() */ spin_unlock(&sci->sc_state_lock); return 0; @@ -2669,7 +2684,6 @@ static struct nilfs_sc_info *nilfs_segctor_new(struct super_block *sb, INIT_LIST_HEAD(&sci->sc_gc_inodes); INIT_LIST_HEAD(&sci->sc_iput_queue); INIT_WORK(&sci->sc_iput_work, nilfs_iput_work_func); - timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); sci->sc_interval = HZ * NILFS_SC_DEFAULT_TIMEOUT; sci->sc_mjcp_freq = HZ * NILFS_SC_DEFAULT_SR_FREQ; @@ -2748,7 +2762,6 @@ static void nilfs_segctor_destroy(struct nilfs_sc_info *sci) down_write(&nilfs->ns_segctor_sem); - timer_shutdown_sync(&sci->sc_timer); kfree(sci); }

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix use-after-free of timer for log writer thread" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052603-probing-percolate-6265@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Mon, 20 May 2024 22:26:19 +0900 Subject: [PATCH] nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported regarding the timer sc_timer on the nilfs_sc_info structure. The problem is that even though it is used to wake up a sleeping log writer thread, sc_timer is not shut down until the nilfs_sc_info structure is about to be freed, and is used regardless of the thread's lifetime. Fix this issue by limiting the use of sc_timer only while the log writer thread is alive. Link: https://lkml.kernel.org/r/20240520132621.4054-1-konishi.ryusuke@gmail.com Link: https://lkml.kernel.org/r/20240520132621.4054-2-konishi.ryusuke@gmail.com Fixes: fdce895ea5dd ("nilfs2: change sc_timer from a pointer to an embedded one in struct nilfs_sc_info") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: "Bai, Shuangpeng" <sjb7183(a)psu.edu> Closes: https://groups.google.com/g/syzkaller/c/MK_LYqtt8ko/m/8rgdWeseAwAJ Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 6be7dd423fbd..7cb34e1c9206 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -2118,8 +2118,10 @@ static void nilfs_segctor_start_timer(struct nilfs_sc_info *sci) { spin_lock(&sci->sc_state_lock); if (!(sci->sc_state & NILFS_SEGCTOR_COMMIT)) { - sci->sc_timer.expires = jiffies + sci->sc_interval; - add_timer(&sci->sc_timer); + if (sci->sc_task) { + sci->sc_timer.expires = jiffies + sci->sc_interval; + add_timer(&sci->sc_timer); + } sci->sc_state |= NILFS_SEGCTOR_COMMIT; } spin_unlock(&sci->sc_state_lock); @@ -2320,10 +2322,21 @@ int nilfs_construct_dsync_segment(struct super_block *sb, struct inode *inode, */ static void nilfs_segctor_accept(struct nilfs_sc_info *sci) { + bool thread_is_alive; + spin_lock(&sci->sc_state_lock); sci->sc_seq_accepted = sci->sc_seq_request; + thread_is_alive = (bool)sci->sc_task; spin_unlock(&sci->sc_state_lock); - del_timer_sync(&sci->sc_timer); + + /* + * This function does not race with the log writer thread's + * termination. Therefore, deleting sc_timer, which should not be + * done after the log writer thread exits, can be done safely outside + * the area protected by sc_state_lock. + */ + if (thread_is_alive) + del_timer_sync(&sci->sc_timer); } /** @@ -2349,7 +2362,7 @@ static void nilfs_segctor_notify(struct nilfs_sc_info *sci, int mode, int err) sci->sc_flush_request &= ~FLUSH_DAT_BIT; /* re-enable timer if checkpoint creation was not done */ - if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && + if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && sci->sc_task && time_before(jiffies, sci->sc_timer.expires)) add_timer(&sci->sc_timer); } @@ -2539,6 +2552,7 @@ static int nilfs_segctor_thread(void *arg) int timeout = 0; sci->sc_timer_task = current; + timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); /* start sync. */ sci->sc_task = current; @@ -2606,6 +2620,7 @@ static int nilfs_segctor_thread(void *arg) end_thread: /* end sync. */ sci->sc_task = NULL; + timer_shutdown_sync(&sci->sc_timer); wake_up(&sci->sc_wait_task); /* for nilfs_segctor_kill_thread() */ spin_unlock(&sci->sc_state_lock); return 0; @@ -2669,7 +2684,6 @@ static struct nilfs_sc_info *nilfs_segctor_new(struct super_block *sb, INIT_LIST_HEAD(&sci->sc_gc_inodes); INIT_LIST_HEAD(&sci->sc_iput_queue); INIT_WORK(&sci->sc_iput_work, nilfs_iput_work_func); - timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); sci->sc_interval = HZ * NILFS_SC_DEFAULT_TIMEOUT; sci->sc_mjcp_freq = HZ * NILFS_SC_DEFAULT_SR_FREQ; @@ -2748,7 +2762,6 @@ static void nilfs_segctor_destroy(struct nilfs_sc_info *sci) down_write(&nilfs->ns_segctor_sem); - timer_shutdown_sync(&sci->sc_timer); kfree(sci); }

11 months, 2 weeks

1
0
0 0

[PATCH] drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms

by Mario Limonciello

commit cd94d1b182d2 ("dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users") attempted to fix shutdown issues that were reported since commit 31729e8c21ec ("drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11") but caused issues for some people. Adjust the workaround flow to properly only apply in the S4 case: -> For shutdown go through SMU_MSG_PrepareMp1ForUnload -> For S4 go through SMU_MSG_GfxDeviceDriverReset and SMU_MSG_PrepareMp1ForUnload Reported-and-tested-by: lectrode <electrodexsnet(a)gmail.com> Closes: https://github.com/void-linux/void-packages/issues/50417 Cc: stable(a)vger.kernel.org Fixes: cd94d1b182d2 ("dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users") Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- Cc: regressions(a)lists.linux.dev --- .../drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c index 4abfcd32747d..c7ab0d7027d9 100644 --- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c +++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c @@ -226,15 +226,17 @@ static int smu_v13_0_4_system_features_control(struct smu_context *smu, bool en) struct amdgpu_device *adev = smu->adev; int ret = 0; - if (!en && adev->in_s4) { - /* Adds a GFX reset as workaround just before sending the - * MP1_UNLOAD message to prevent GC/RLC/PMFW from entering - * an invalid state. - */ - ret = smu_cmn_send_smc_msg_with_param(smu, SMU_MSG_GfxDeviceDriverReset, - SMU_RESET_MODE_2, NULL); - if (ret) - return ret; + if (!en && !adev->in_s0ix) { + if (adev->in_s4) { + /* Adds a GFX reset as workaround just before sending the + * MP1_UNLOAD message to prevent GC/RLC/PMFW from entering + * an invalid state. + */ + ret = smu_cmn_send_smc_msg_with_param(smu, SMU_MSG_GfxDeviceDriverReset, + SMU_RESET_MODE_2, NULL); + if (ret) + return ret; + } ret = smu_cmn_send_smc_msg(smu, SMU_MSG_PrepareMp1ForUnload, NULL); } -- 2.43.0

11 months, 2 weeks

2
1
0 0

RE: [BUG] NPE with Linux 6.8.10 and Linux 6.8.11 SCSI optical drive.

by Chris Rankin

FWW this is the output from faddr2line for Linux 6.8.11: $ scripts/faddr2line --list vmlinux blk_try_enter_queue+0xc/0x75 blk_try_enter_queue+0xc/0x75: __ref_is_percpu at include/linux/percpu-refcount.h:174 (discriminator 2) 169 * READ_ONCE() is required when fetching it. 170 * 171 * The dependency ordering from the READ_ONCE() pairs 172 * with smp_store_release() in __percpu_ref_switch_to_percpu(). 173 */ >174< percpu_ptr = READ_ONCE(ref->percpu_count_ptr); 175 176 /* 177 * Theoretically, the following could test just ATOMIC; however, 178 * then we'd have to mask off DEAD separately as DEAD may be 179 * visible without ATOMIC if we race with percpu_ref_kill(). DEAD (inlined by) percpu_ref_tryget_live_rcu at include/linux/percpu-refcount.h:282 (discriminator 2) 277 unsigned long __percpu *percpu_count; 278 bool ret = false; 279 280 WARN_ON_ONCE(!rcu_read_lock_held()); 281 >282< if (likely(__ref_is_percpu(ref, &percpu_count))) { 283 this_cpu_inc(*percpu_count); 284 ret = true; 285 } else if (!(ref->percpu_count_ptr & __PERCPU_REF_DEAD)) { 286 ret = atomic_long_inc_not_zero(&ref->data->count); 287 } (inlined by) blk_try_enter_queue at block/blk.h:43 (discriminator 2) 38 void submit_bio_noacct_nocheck(struct bio *bio); 39 40 static inline bool blk_try_enter_queue(struct request_queue *q, bool pm) 41 { 42 rcu_read_lock(); >43< if (!percpu_ref_tryget_live_rcu(&q->q_usage_counter)) 44 goto fail; 45 46 /* 47 * The code that increments the pm_only counter must ensure that the 48 * counter is globally visible before the queue is unfrozen.

11 months, 2 weeks

1
0
0 0

[BUG] NPE with Linux 6.8.10 and Linux 6.8.11 SCSI optical drive.

by Chris Rankin

Hi, I have recently purchased a new UHD optical disc which is proving so difficult to read that both the 6.8.10 and 6.8.11 kernels throw NPE errors: With vanilla 6.8.11: [ 173.866492] BUG: kernel NULL pointer dereference, address: 0000000000000048 [ 173.872158] #PF: supervisor read access in kernel mode [ 173.875995] #PF: error_code(0x0000) - not-present page [ 173.879836] PGD 0 P4D 0 [ 173.881075] Oops: 0000 [#1] PREEMPT SMP PTI [ 173.883960] CPU: 0 PID: 4183 Comm: umount Tainted: G I E 6.8.10 #2 [ 173.890052] Hardware name: Gigabyte Technology Co., Ltd. EX58-UD3R/EX58-UD3R, BIOS FB 05/04/2009 [ 173.897619] RIP: 0010:blk_try_enter_queue+0xc/0x75 [ 173.901120] Code: 41 00 eb 04 65 48 ff 08 58 e9 05 90 d6 ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 89 f5 53 48 89 fb e8 04 54 d6 ff <48> 8b 43 48 a8 03 74 0f f6 43 48 02 75 4d 48 8b 53 50 48 8b 02 eb [ 173.918568] RSP: 0018:ffffc90002e87b60 EFLAGS: 00010202 [ 173.922493] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 173.928324] RDX: ffff88810c434740 RSI: 0000000000000000 RDI: 0000000000000000 [ 173.934156] RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000001b58 [ 173.939991] R10: 0000000000000020 R11: 0000000000000223 R12: 0000000000000000 [ 173.945824] R13: 0000000000000000 R14: ffffc90002e87d20 R15: 0000000000001b58 [ 173.951656] FS: 00007fc145466800(0000) GS:ffff888343c00000(0000) knlGS:0000000000000000 [ 173.958442] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 173.962887] CR2: 0000000000000048 CR3: 00000001413be000 CR4: 00000000000006f0 [ 173.968720] Call Trace: [ 173.969867] <TASK> [ 173.970671] ? __die_body+0x1a/0x5c [ 173.972862] ? page_fault_oops+0x321/0x36e [ 173.975664] ? exc_page_fault+0x105/0x117 [ 173.978374] ? asm_exc_page_fault+0x22/0x30 [ 173.981263] ? blk_try_enter_queue+0xc/0x75 [ 173.984147] blk_queue_enter+0x37/0x10b [ 173.986688] blk_mq_alloc_request+0x154/0x1b7 [ 173.989750] scsi_alloc_request+0xa/0x57 [scsi_mod] [ 173.993351] scsi_execute_cmd+0x5d/0x174 [scsi_mod] [ 173.996948] sr_do_ioctl+0x8d/0x1ac [sr_mod] [ 173.999930] sr_packet+0x39/0x42 [sr_mod] [ 174.002653] cdrom_get_disc_info+0x60/0xc9 [cdrom] [ 174.006156] cdrom_mrw_exit+0x25/0xe6 [cdrom] [ 174.009220] ? xa_destroy+0x7e/0xb8 [ 174.011413] ? preempt_latency_start+0x2b/0x46 [ 174.014560] sr_free_disk+0x40/0x56 [sr_mod] [ 174.017542] disk_release+0xb6/0xc4 [ 174.019735] device_release+0x5a/0x80 [ 174.022098] kobject_put+0x84/0xa4 [ 174.024204] bdev_release+0x153/0x165 [ 174.026573] deactivate_locked_super+0x2f/0x68 [ 174.029726] cleanup_mnt+0xab/0xd3 [ 174.031832] task_work_run+0x6b/0x80 [ 174.034110] resume_user_mode_work+0x22/0x55 [ 174.037082] syscall_exit_to_user_mode+0x5d/0x7b [ 174.040404] do_syscall_64+0x86/0xdc [ 174.042681] entry_SYSCALL_64_after_hwframe+0x60/0x68 [ 174.046434] RIP: 0033:0x7fc14568715b [ 174.048739] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 89 9c 0c 00 f7 d8 [ 174.066185] RSP: 002b:00007ffddee09a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 174.072450] RAX: 0000000000000000 RBX: 000055607dd37e60 RCX: 00007fc14568715b [ 174.078283] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055607dd38270 [ 174.084117] RBP: 00007ffddee09b60 R08: 000055607dd3a350 R09: 00007fc145751b20 [ 174.089947] R10: 0000000000000008 R11: 0000000000000246 R12: 000055607dd37f68 [ 174.095773] R13: 0000000000000000 R14: 000055607dd38270 R15: 000055607dd393d0 [ 174.101608] </TASK> [ 174.102500] Modules linked in: udf snd_seq_dummy rpcrdma rdma_cm iw_cm ib_cm ib_core nf_nat_ftp nf_conntrack_ftp cfg80211 af_packet nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables it87 hwmon_vid bnep binfmt_misc snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic snd_hda_intel uvcvideo intel_powerclamp coretemp snd_intel_dspcfg btusb kvm_intel uvc videobuf2_vmalloc videobuf2_memops btintel snd_hda_codec snd_usb_audio btbcm videobuf2_v4l2 kvm bluetooth snd_virtuoso snd_hda_core videodev snd_usbmidi_lib snd_oxygen_lib snd_mpu401_uart snd_hwdep usb_storage snd_seq videobuf2_common snd_rawmidi [ 174.102617] input_leds ecdh_generic mc joydev snd_seq_device led_class rfkill snd_pcm ecc iTCO_wdt r8169 gpio_ich irqbypass pktcdvd snd_hrtimer realtek intel_cstate snd_timer intel_uncore mdio_devres psmouse libphy snd i2c_i801 mxm_wmi acpi_cpufreq i2c_smbus tiny_power_button pcspkr lpc_ich soundcore i7core_edac button nfsd(E) auth_rpcgss nfs_acl lockd grace sunrpc fuse dm_mod loop configfs dax nfnetlink zram zsmalloc amdgpu ext4 crc32c_generic crc16 mbcache jbd2 video amdxcp i2c_algo_bit mfd_core drm_ttm_helper ttm drm_exec gpu_sched sr_mod drm_suballoc_helper drm_buddy drm_display_helper cdrom sd_mod hid_microsoft usbhid drm_kms_helper ahci libahci pata_jmicron drm uhci_hcd xhci_pci libata ehci_pci ehci_hcd xhci_hcd scsi_mod usbcore firewire_ohci crc32c_intel sha512_ssse3 firewire_core sha256_ssse3 drm_panel_orientation_quirks cec sha1_ssse3 serio_raw bsg rc_core crc_itu_t usb_common scsi_common wmi msr [ 174.269914] CR2: 0000000000000048 [ 174.271981] ---[ end trace 0000000000000000 ]--- [ 174.275308] RIP: 0010:blk_try_enter_queue+0xc/0x75 [ 174.278892] Code: 41 00 eb 04 65 48 ff 08 58 e9 05 90 d6 ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 89 f5 53 48 89 fb e8 04 54 d6 ff <48> 8b 43 48 a8 03 74 0f f6 43 48 02 75 4d 48 8b 53 50 48 8b 02 eb [ 174.296345] RSP: 0018:ffffc90002e87b60 EFLAGS: 00010202 [ 174.300320] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 174.306156] RDX: ffff88810c434740 RSI: 0000000000000000 RDI: 0000000000000000 [ 174.312035] RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000001b58 [ 174.317946] R10: 0000000000000020 R11: 0000000000000223 R12: 0000000000000000 [ 174.323860] R13: 0000000000000000 R14: ffffc90002e87d20 R15: 0000000000001b58 [ 174.329743] FS: 00007fc145466800(0000) GS:ffff888343c00000(0000) knlGS:0000000000000000 [ 174.336601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 174.341136] CR2: 0000000000000048 CR3: 00000001413be000 CR4: 00000000000006f0 And with vanilla 6.8.10: [ 4426.333116] BUG: kernel NULL pointer dereference, address: 0000000000000048 [ 4426.338778] #PF: supervisor read access in kernel mode [ 4426.342617] #PF: error_code(0x0000) - not-present page [ 4426.346455] PGD 0 P4D 0 [ 4426.347696] Oops: 0000 [#1] PREEMPT SMP PTI [ 4426.350581] CPU: 4 PID: 9349 Comm: umount Tainted: G I 6.8.11 #1 [ 4426.356674] Hardware name: Gigabyte Technology Co., Ltd. EX58-UD3R/EX58-UD3R, BIOS FB 05/04/2009 [ 4426.364242] RIP: 0010:blk_try_enter_queue+0xc/0x75 [ 4426.367744] Code: 41 00 eb 04 65 48 ff 08 58 e9 05 90 d6 ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 89 f5 53 48 89 fb e8 04 54 d6 ff <48> 8b 43 48 a8 03 74 0f f6 43 48 02 75 4d 48 8b 53 50 48 8b 02 eb [ 4426.385189] RSP: 0018:ffffc9000186bb60 EFLAGS: 00010202 [ 4426.389114] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 4426.394946] RDX: ffff8881852b3900 RSI: 0000000000000000 RDI: 0000000000000000 [ 4426.400780] RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000001b58 [ 4426.406611] R10: 0000000000000020 R11: 0000000000000235 R12: 0000000000000000 [ 4426.412445] R13: 0000000000000000 R14: ffffc9000186bd20 R15: 0000000000001b58 [ 4426.418279] FS: 00007f2d5041e800(0000) GS:ffff888343d00000(0000) knlGS:0000000000000000 [ 4426.425063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4426.429510] CR2: 0000000000000048 CR3: 000000021d394000 CR4: 00000000000006f0 [ 4426.435350] Call Trace: [ 4426.436505] <TASK> [ 4426.437311] ? __die_body+0x1a/0x5c [ 4426.439511] ? page_fault_oops+0x321/0x36e [ 4426.442320] ? exc_page_fault+0x105/0x117 [ 4426.445031] ? asm_exc_page_fault+0x22/0x30 [ 4426.447924] ? blk_try_enter_queue+0xc/0x75 [ 4426.450812] blk_queue_enter+0x37/0x10b [ 4426.453354] blk_mq_alloc_request+0x154/0x1b7 [ 4426.456421] scsi_alloc_request+0xa/0x57 [scsi_mod] [ 4426.460026] scsi_execute_cmd+0x5d/0x174 [scsi_mod] [ 4426.463633] sr_do_ioctl+0x8d/0x1ac [sr_mod] [ 4426.466613] sr_packet+0x39/0x42 [sr_mod] [ 4426.469335] cdrom_get_disc_info+0x60/0xc9 [cdrom] [ 4426.472837] cdrom_mrw_exit+0x25/0xe6 [cdrom] [ 4426.475904] ? xa_destroy+0x7e/0xb8 [ 4426.478104] ? preempt_latency_start+0x2b/0x46 [ 4426.481251] sr_free_disk+0x40/0x56 [sr_mod] [ 4426.484232] disk_release+0xb6/0xc4 [ 4426.486424] device_release+0x5a/0x80 [ 4426.488790] kobject_put+0x84/0xa4 [ 4426.490895] bdev_release+0x153/0x165 [ 4426.493263] deactivate_locked_super+0x2f/0x68 [ 4426.496408] cleanup_mnt+0xab/0xd3 [ 4426.498514] task_work_run+0x6b/0x80 [ 4426.500811] resume_user_mode_work+0x22/0x55 [ 4426.503784] syscall_exit_to_user_mode+0x5d/0x7b [ 4426.507102] do_syscall_64+0x86/0xdc [ 4426.509383] entry_SYSCALL_64_after_hwframe+0x60/0x68 [ 4426.513143] RIP: 0033:0x7f2d5063f15b [ 4426.515456] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 89 9c 0c 00 f7 d8 [ 4426.532903] RSP: 002b:00007fff2878dcb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 4426.539167] RAX: 0000000000000000 RBX: 000055cd5ee85e60 RCX: 00007f2d5063f15b [ 4426.545002] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055cd5ee86270 [ 4426.550891] RBP: 00007fff2878dd90 R08: 000055cd5ee88350 R09: 00007f2d50709b20 [ 4426.556719] R10: 0000000000000008 R11: 0000000000000246 R12: 000055cd5ee85f68 [ 4426.562550] R13: 0000000000000000 R14: 000055cd5ee86270 R15: 000055cd5ee873d0 [ 4426.568386] </TASK> [ 4426.569277] Modules linked in: sg udf usb_storage uinput snd_seq_dummy rpcrdma rdma_cm iw_cm ib_cm ib_core nf_nat_ftp nf_conntrack_ftp cfg80211 af_packet nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables it87 hwmon_vid bnep rc_pinnacle_pctv_hd em28xx_rc binfmt_misc tda18271 snd_hda_codec_realtek snd_hda_codec_hdmi cxd2820r snd_hda_codec_generic snd_hda_intel regmap_i2c em28xx_dvb dvb_core uvcvideo btusb btintel uvc intel_powerclamp videobuf2_vmalloc coretemp btbcm snd_usb_audio videobuf2_memops em28xx kvm_intel videobuf2_v4l2 bluetooth tveeprom snd_intel_dspcfg videodev snd_hda_codec snd_virtuoso kvm [ 4426.569392] videobuf2_common [ 4426.583929] usb 2-4: new high-speed USB device number 6 using ehci-pci [ 4426.657557] snd_oxygen_lib snd_usbmidi_lib snd_hda_core snd_mpu401_uart snd_hwdep snd_rawmidi mc snd_seq input_leds led_class joydev ecdh_generic rfkill snd_seq_device ecc iTCO_wdt gpio_ich r8169 snd_pcm irqbypass snd_hrtimer pktcdvd realtek snd_timer intel_cstate mdio_devres snd libphy psmouse intel_uncore i2c_i801 pcspkr acpi_cpufreq i2c_smbus mxm_wmi soundcore lpc_ich i7core_edac tiny_power_button button nfsd auth_rpcgss nfs_acl lockd grace dm_mod sunrpc fuse loop configfs dax nfnetlink zram zsmalloc amdgpu ext4 crc32c_generic crc16 mbcache jbd2 video amdxcp i2c_algo_bit mfd_core drm_ttm_helper ttm drm_exec gpu_sched drm_suballoc_helper drm_buddy drm_display_helper drm_kms_helper sr_mod hid_microsoft sd_mod cdrom usbhid drm xhci_pci uhci_hcd ehci_pci ahci ehci_hcd pata_jmicron libahci xhci_hcd libata drm_panel_orientation_quirks cec usbcore crc32c_intel scsi_mod sha512_ssse3 rc_core firewire_ohci firewire_core bsg serio_raw sha256_ssse3 sha1_ssse3 usb_common crc_itu_t scsi_common wmi msr [ 4426.750898] CR2: 0000000000000048 [ 4426.752950] ---[ end trace 0000000000000000 ]--- [ 4426.756276] RIP: 0010:blk_try_enter_queue+0xc/0x75 [ 4426.759776] Code: 41 00 eb 04 65 48 ff 08 58 e9 05 90 d6 ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 89 f5 53 48 89 fb e8 04 54 d6 ff <48> 8b 43 48 a8 03 74 0f f6 43 48 02 75 4d 48 8b 53 50 48 8b 02 eb [ 4426.777232] RSP: 0018:ffffc9000186bb60 EFLAGS: 00010202 [ 4426.781165] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 4426.786998] RDX: ffff8881852b3900 RSI: 0000000000000000 RDI: 0000000000000000 [ 4426.790807] usb-storage 2-4:1.0: USB Mass Storage device detected [ 4426.792867] RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000001b58 [ 4426.797877] scsi host10: usb-storage 2-4:1.0 [ 4426.803501] R10: 0000000000000020 R11: 0000000000000235 R12: 0000000000000000 [ 4426.812322] R13: 0000000000000000 R14: ffffc9000186bd20 R15: 0000000000001b58 [ 4426.818165] FS: 00007f2d5041e800(0000) GS:ffff888343d00000(0000) knlGS:0000000000000000 [ 4426.824958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4426.829402] CR2: 0000000000000048 CR3: 000000021d394000 CR4: 00000000000006f0 [ 4427.835567] scsi 10:0:0:0: CD-ROM HL-DT-ST BD-RE BU40N 1.00 PQ: 0 ANSI: 0 Cheers, Chris

11 months, 2 weeks

1
0
0 0

[PATCH AUTOSEL 4.19] rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment

by Sasha Levin

From: "Paul E. McKenney" <paulmck(a)kernel.org> [ Upstream commit 8b9b443fa860276822b25057cb3ff3b28734dec0 ] The "pipe_count > RCU_TORTURE_PIPE_LEN" check has a comment saying "Should not happen, but...". This is only true when testing an RCU whose grace periods are always long enough. This commit therefore fixes this comment. Reported-by: Linus Torvalds <torvalds(a)linux-foundation.org> Closes: https://lore.kernel.org/lkml/CAHk-=wi7rJ-eGq+xaxVfzFEgbL9tdf6Kc8Z89rCpfcQOK… Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/rcu/rcutorture.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c index 0b7af7e2bcbb1..8986ef3a95888 100644 --- a/kernel/rcu/rcutorture.c +++ b/kernel/rcu/rcutorture.c @@ -1334,7 +1334,8 @@ static bool rcu_torture_one_read(struct torture_random_state *trsp) preempt_disable(); pipe_count = p->rtort_pipe_count; if (pipe_count > RCU_TORTURE_PIPE_LEN) { - /* Should not happen, but... */ + // Should not happen in a correct RCU implementation, + // happens quite often for torture_type=busted. pipe_count = RCU_TORTURE_PIPE_LEN; } completed = cur_ops->get_gp_seq(); -- 2.43.0

11 months, 2 weeks

1
0
0 0

[PATCH AUTOSEL 5.4] rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment

by Sasha Levin

From: "Paul E. McKenney" <paulmck(a)kernel.org> [ Upstream commit 8b9b443fa860276822b25057cb3ff3b28734dec0 ] The "pipe_count > RCU_TORTURE_PIPE_LEN" check has a comment saying "Should not happen, but...". This is only true when testing an RCU whose grace periods are always long enough. This commit therefore fixes this comment. Reported-by: Linus Torvalds <torvalds(a)linux-foundation.org> Closes: https://lore.kernel.org/lkml/CAHk-=wi7rJ-eGq+xaxVfzFEgbL9tdf6Kc8Z89rCpfcQOK… Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/rcu/rcutorture.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c index 3c9feca1eab17..aef4d01c4f61e 100644 --- a/kernel/rcu/rcutorture.c +++ b/kernel/rcu/rcutorture.c @@ -1291,7 +1291,8 @@ static bool rcu_torture_one_read(struct torture_random_state *trsp) preempt_disable(); pipe_count = p->rtort_pipe_count; if (pipe_count > RCU_TORTURE_PIPE_LEN) { - /* Should not happen, but... */ + // Should not happen in a correct RCU implementation, + // happens quite often for torture_type=busted. pipe_count = RCU_TORTURE_PIPE_LEN; } completed = cur_ops->get_gp_seq(); -- 2.43.0

11 months, 2 weeks

1
0
0 0

[PATCH AUTOSEL 5.10 1/5] padata: Disable BH when taking works lock on MT path

by Sasha Levin

From: Herbert Xu <herbert(a)gondor.apana.org.au> [ Upstream commit 58329c4312031603bb1786b44265c26d5065fe72 ] As the old padata code can execute in softirq context, disable softirqs for the new padata_do_mutithreaded code too as otherwise lockdep will get antsy. Reported-by: syzbot+0cb5bb0f4bf9e79db3b3(a)syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Acked-by: Daniel Jordan <daniel.m.jordan(a)oracle.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/padata.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/padata.c b/kernel/padata.c index fdcd78302cd72..471ccbc44541d 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -111,7 +111,7 @@ static int __init padata_work_alloc_mt(int nworks, void *data, { int i; - spin_lock(&padata_works_lock); + spin_lock_bh(&padata_works_lock); /* Start at 1 because the current task participates in the job. */ for (i = 1; i < nworks; ++i) { struct padata_work *pw = padata_work_alloc(); @@ -121,7 +121,7 @@ static int __init padata_work_alloc_mt(int nworks, void *data, padata_work_init(pw, padata_mt_helper, data, 0); list_add(&pw->pw_list, head); } - spin_unlock(&padata_works_lock); + spin_unlock_bh(&padata_works_lock); return i; } @@ -139,12 +139,12 @@ static void __init padata_works_free(struct list_head *works) if (list_empty(works)) return; - spin_lock(&padata_works_lock); + spin_lock_bh(&padata_works_lock); list_for_each_entry_safe(cur, next, works, pw_list) { list_del(&cur->pw_list); padata_work_free(cur); } - spin_unlock(&padata_works_lock); + spin_unlock_bh(&padata_works_lock); } static void padata_parallel_worker(struct work_struct *parallel_work) -- 2.43.0

11 months, 2 weeks

1
4
0 0

[PATCH AUTOSEL 5.15 1/7] padata: Disable BH when taking works lock on MT path

by Sasha Levin

From: Herbert Xu <herbert(a)gondor.apana.org.au> [ Upstream commit 58329c4312031603bb1786b44265c26d5065fe72 ] As the old padata code can execute in softirq context, disable softirqs for the new padata_do_mutithreaded code too as otherwise lockdep will get antsy. Reported-by: syzbot+0cb5bb0f4bf9e79db3b3(a)syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Acked-by: Daniel Jordan <daniel.m.jordan(a)oracle.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/padata.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/padata.c b/kernel/padata.c index 47f146f061fb1..809978bb249c2 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -98,7 +98,7 @@ static int __init padata_work_alloc_mt(int nworks, void *data, { int i; - spin_lock(&padata_works_lock); + spin_lock_bh(&padata_works_lock); /* Start at 1 because the current task participates in the job. */ for (i = 1; i < nworks; ++i) { struct padata_work *pw = padata_work_alloc(); @@ -108,7 +108,7 @@ static int __init padata_work_alloc_mt(int nworks, void *data, padata_work_init(pw, padata_mt_helper, data, 0); list_add(&pw->pw_list, head); } - spin_unlock(&padata_works_lock); + spin_unlock_bh(&padata_works_lock); return i; } @@ -126,12 +126,12 @@ static void __init padata_works_free(struct list_head *works) if (list_empty(works)) return; - spin_lock(&padata_works_lock); + spin_lock_bh(&padata_works_lock); list_for_each_entry_safe(cur, next, works, pw_list) { list_del(&cur->pw_list); padata_work_free(cur); } - spin_unlock(&padata_works_lock); + spin_unlock_bh(&padata_works_lock); } static void padata_parallel_worker(struct work_struct *parallel_work) -- 2.43.0

11 months, 2 weeks

1
6
0 0

[PATCH AUTOSEL 6.1 1/9] md: Fix overflow in is_mddev_idle

by Sasha Levin

From: Li Nan <linan122(a)huawei.com> [ Upstream commit 3f9f231236ce7e48780d8a4f1f8cb9fae2df1e4e ] UBSAN reports this problem: UBSAN: Undefined behaviour in drivers/md/md.c:8175:15 signed integer overflow: -2147483291 - 2072033152 cannot be represented in type 'int' Call trace: dump_backtrace+0x0/0x310 show_stack+0x28/0x38 dump_stack+0xec/0x15c ubsan_epilogue+0x18/0x84 handle_overflow+0x14c/0x19c __ubsan_handle_sub_overflow+0x34/0x44 is_mddev_idle+0x338/0x3d8 md_do_sync+0x1bb8/0x1cf8 md_thread+0x220/0x288 kthread+0x1d8/0x1e0 ret_from_fork+0x10/0x18 'curr_events' will overflow when stat accum or 'sync_io' is greater than INT_MAX. Fix it by changing sync_io, last_events and curr_events to 64bit. Signed-off-by: Li Nan <linan122(a)huawei.com> Reviewed-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240117031946.2324519-2-linan666@huaweicloud.com Signed-off-by: Song Liu <song(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/md/md.c | 7 ++++--- drivers/md/md.h | 4 ++-- include/linux/blkdev.h | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/md/md.c b/drivers/md/md.c index 788acc81e7a84..7b7c048e2670a 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -8541,14 +8541,15 @@ static int is_mddev_idle(struct mddev *mddev, int init) { struct md_rdev *rdev; int idle; - int curr_events; + long long curr_events; idle = 1; rcu_read_lock(); rdev_for_each_rcu(rdev, mddev) { struct gendisk *disk = rdev->bdev->bd_disk; - curr_events = (int)part_stat_read_accum(disk->part0, sectors) - - atomic_read(&disk->sync_io); + curr_events = + (long long)part_stat_read_accum(disk->part0, sectors) - + atomic64_read(&disk->sync_io); /* sync IO will cause sync_io to increase before the disk_stats * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h index 4f0b480974552..5910527514db2 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h @@ -50,7 +50,7 @@ struct md_rdev { sector_t sectors; /* Device size (in 512bytes sectors) */ struct mddev *mddev; /* RAID array if running */ - int last_events; /* IO event timestamp */ + long long last_events; /* IO event timestamp */ /* * If meta_bdev is non-NULL, it means that a separate device is @@ -576,7 +576,7 @@ extern void mddev_unlock(struct mddev *mddev); static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors) { - atomic_add(nr_sectors, &bdev->bd_disk->sync_io); + atomic64_add(nr_sectors, &bdev->bd_disk->sync_io); } static inline void md_sync_acct_bio(struct bio *bio, unsigned long nr_sectors) diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index e255674a9ee72..02e55676e0283 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -161,7 +161,7 @@ struct gendisk { struct list_head slave_bdevs; #endif struct timer_rand_state *random; - atomic_t sync_io; /* RAID */ + atomic64_t sync_io; /* RAID */ struct disk_events *ev; #ifdef CONFIG_BLK_DEV_INTEGRITY struct kobject integrity_kobj; -- 2.43.0

11 months, 2 weeks

1
8
0 0

[PATCH AUTOSEL 6.6 01/11] fs/writeback: bail out if there is no more inodes for IO and queued once

by Sasha Levin

From: Kemeng Shi <shikemeng(a)huaweicloud.com> [ Upstream commit d92109891f21cf367caa2cc6dff11a4411d917f4 ] For case there is no more inodes for IO in io list from last wb_writeback, We may bail out early even there is inode in dirty list should be written back. Only bail out when we queued once to avoid missing dirtied inode. This is from code reading... Signed-off-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Link: https://lore.kernel.org/r/20240228091958.288260-3-shikemeng@huaweicloud.com Reviewed-by: Jan Kara <jack(a)suse.cz> [brauner(a)kernel.org: fold in memory corruption fix from Jan in [1]] Link: https://lore.kernel.org/r/20240405132346.bid7gibby3lxxhez@quack3 [1] Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/fs-writeback.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 1767493dffda7..0a498bc60f557 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -2044,6 +2044,7 @@ static long wb_writeback(struct bdi_writeback *wb, struct inode *inode; long progress; struct blk_plug plug; + bool queued = false; blk_start_plug(&plug); for (;;) { @@ -2086,8 +2087,10 @@ static long wb_writeback(struct bdi_writeback *wb, dirtied_before = jiffies; trace_writeback_start(wb, work); - if (list_empty(&wb->b_io)) + if (list_empty(&wb->b_io)) { queue_io(wb, work, dirtied_before); + queued = true; + } if (work->sb) progress = writeback_sb_inodes(work->sb, wb, work); else @@ -2102,7 +2105,7 @@ static long wb_writeback(struct bdi_writeback *wb, * mean the overall work is done. So we keep looping as long * as made some progress on cleaning pages or inodes. */ - if (progress) { + if (progress || !queued) { spin_unlock(&wb->list_lock); continue; } -- 2.43.0

11 months, 2 weeks

1
10
0 0

[PATCH AUTOSEL 6.8 01/14] fs/writeback: bail out if there is no more inodes for IO and queued once

by Sasha Levin

From: Kemeng Shi <shikemeng(a)huaweicloud.com> [ Upstream commit d92109891f21cf367caa2cc6dff11a4411d917f4 ] For case there is no more inodes for IO in io list from last wb_writeback, We may bail out early even there is inode in dirty list should be written back. Only bail out when we queued once to avoid missing dirtied inode. This is from code reading... Signed-off-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Link: https://lore.kernel.org/r/20240228091958.288260-3-shikemeng@huaweicloud.com Reviewed-by: Jan Kara <jack(a)suse.cz> [brauner(a)kernel.org: fold in memory corruption fix from Jan in [1]] Link: https://lore.kernel.org/r/20240405132346.bid7gibby3lxxhez@quack3 [1] Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/fs-writeback.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 3d84fcc471c60..e89222ae285e9 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -2044,6 +2044,7 @@ static long wb_writeback(struct bdi_writeback *wb, struct inode *inode; long progress; struct blk_plug plug; + bool queued = false; blk_start_plug(&plug); for (;;) { @@ -2086,8 +2087,10 @@ static long wb_writeback(struct bdi_writeback *wb, dirtied_before = jiffies; trace_writeback_start(wb, work); - if (list_empty(&wb->b_io)) + if (list_empty(&wb->b_io)) { queue_io(wb, work, dirtied_before); + queued = true; + } if (work->sb) progress = writeback_sb_inodes(work->sb, wb, work); else @@ -2102,7 +2105,7 @@ static long wb_writeback(struct bdi_writeback *wb, * mean the overall work is done. So we keep looping as long * as made some progress on cleaning pages or inodes. */ - if (progress) { + if (progress || !queued) { spin_unlock(&wb->list_lock); continue; } -- 2.43.0

11 months, 2 weeks

1
13
0 0

[PATCH] iio: invensense: fix odr switching to same value

by inv.git-commit＠tdk.com

From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> ODR switching happens in 2 steps, update to store the new value and then apply when the ODR change flag is received in the data. When switching to the same ODR value, the ODR change flag is never happening, and frequency switching is blocked waiting for the never coming apply. Fix the issue by preventing update to happen when switching to same ODR value. Fixes: 0ecc363ccea7 ("iio: make invensense timestamp module generic") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> --- drivers/iio/common/inv_sensors/inv_sensors_timestamp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c index fa205f17bd90..f44458c380d9 100644 --- a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c +++ b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c @@ -60,11 +60,15 @@ EXPORT_SYMBOL_NS_GPL(inv_sensors_timestamp_init, IIO_INV_SENSORS_TIMESTAMP); int inv_sensors_timestamp_update_odr(struct inv_sensors_timestamp *ts, uint32_t period, bool fifo) { + uint32_t mult; + /* when FIFO is on, prevent odr change if one is already pending */ if (fifo && ts->new_mult != 0) return -EAGAIN; - ts->new_mult = period / ts->chip.clock_period; + mult = period / ts->chip.clock_period; + if (mult != ts->mult) + ts->new_mult = mult; return 0; } -- 2.34.1

11 months, 2 weeks

2
1
0 0

[PATCH 6.9 00/25] 6.9.2-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.2 release. There are 25 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.2-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.2-rc1 Christoph Hellwig <hch(a)lst.de> block: add a partscan sysfs attribute for disks Christoph Hellwig <hch(a)lst.de> block: add a disk_has_partscan helper SeongJae Park <sj(a)kernel.org> Docs/admin-guide/mm/damon/usage: fix wrong schemes effective quota update command SeongJae Park <sj(a)kernel.org> Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Akira Yokosawa <akiyks(a)gmail.com> docs: kernel_include.py: Cope with docutils 0.21 Thomas Weißschuh <linux(a)weissschuh.net> admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Do not use WARN when encode fails Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Revert "media: v4l2-ctrls: show all owned controls in log_status" AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Daniel Thompson <daniel.thompson(a)linaro.org> serial: kgdboc: Fix NMI-safety problems from keyboard reset code Javier Carrasco <javier.carrasco(a)wolfvision.net> usb: typec: tipd: fix event checking for tps6598x Javier Carrasco <javier.carrasco(a)wolfvision.net> usb: typec: tipd: fix event checking for tps25750 Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: displayport: Fix potential deadlock Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: fix link status when link is set to down/up Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: Wait unconditionally after issuing EndXfer command Carlos Llamas <cmllamas(a)google.com> binder: fix max_thread type inconsistency Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: sof_sdw: use generic rtd_init function for Realtek SDW DMICs Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Fix memory leak in tpm2_key_encode() Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() Uros Bizjak <ubizjak(a)gmail.com> x86/percpu: Use __force to cast from __percpu address space Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix another TX stall caused by wrong ISR flag handling Jose Fernandez <josef(a)netflix.com> drm/amd/display: Fix division by zero in setup_dsc_config Perry Yuan <perry.yuan(a)amd.com> cpufreq: amd-pstate: fix the highest frequency issue which limits performance Ben Greear <greearb(a)candelatech.com> wifi: iwlwifi: Use request_module_nowait Peter Tsao <peter.tsao(a)mediatek.com> Bluetooth: btusb: Fix the patch for MT7920 the affected to MT7921 ------------- Diffstat: Documentation/ABI/stable/sysfs-block | 10 +++ .../admin-guide/hw-vuln/core-scheduling.rst | 4 +- Documentation/admin-guide/mm/damon/usage.rst | 6 +- Documentation/sphinx/kernel_include.py | 1 - Makefile | 4 +- arch/x86/include/asm/percpu.h | 6 +- block/genhd.c | 15 +++-- block/partitions/core.c | 5 +- drivers/android/binder.c | 2 +- drivers/android/binder_internal.h | 2 +- drivers/bluetooth/btusb.c | 1 + drivers/cpufreq/amd-pstate.c | 22 ++++++- drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 +- drivers/media/v4l2-core/v4l2-ctrls-core.c | 18 ++---- drivers/net/ethernet/micrel/ks8851_common.c | 18 +----- drivers/net/usb/ax88179_178a.c | 37 +++++++---- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 10 +-- drivers/remoteproc/mtk_scp.c | 10 ++- drivers/tty/serial/kgdboc.c | 30 ++++++++- drivers/usb/dwc3/gadget.c | 4 +- drivers/usb/typec/tipd/core.c | 51 ++++++++++----- drivers/usb/typec/tipd/tps6598x.h | 11 ++++ drivers/usb/typec/ucsi/displayport.c | 4 -- include/linux/blkdev.h | 13 ++++ include/net/bluetooth/hci.h | 9 +++ include/net/bluetooth/hci_core.h | 1 + net/bluetooth/hci_conn.c | 75 +++++++++++++++------- net/bluetooth/hci_event.c | 31 +++++---- net/bluetooth/iso.c | 2 +- net/bluetooth/l2cap_core.c | 17 +---- net/bluetooth/sco.c | 6 +- security/keys/trusted-keys/trusted_tpm2.c | 25 ++++++-- sound/soc/intel/boards/Makefile | 1 + sound/soc/intel/boards/sof_sdw.c | 12 ++-- sound/soc/intel/boards/sof_sdw_common.h | 1 + sound/soc/intel/boards/sof_sdw_rt_dmic.c | 52 +++++++++++++++ 36 files changed, 357 insertions(+), 166 deletions(-)

11 months, 2 weeks

13
39
0 0

[PATCH 6.6 000/102] 6.6.32-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.32 release. There are 102 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.32-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.32-rc1 Christoph Hellwig <hch(a)lst.de> block: add a partscan sysfs attribute for disks Christoph Hellwig <hch(a)lst.de> block: add a disk_has_partscan helper SeongJae Park <sj(a)kernel.org> Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Akira Yokosawa <akiyks(a)gmail.com> docs: kernel_include.py: Cope with docutils 0.21 Thomas Weißschuh <linux(a)weissschuh.net> admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Do not use WARN when encode fails AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Daniel Thompson <daniel.thompson(a)linaro.org> serial: kgdboc: Fix NMI-safety problems from keyboard reset code Javier Carrasco <javier.carrasco(a)wolfvision.net> usb: typec: tipd: fix event checking for tps6598x Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: displayport: Fix potential deadlock Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: fix link status when link is set to down/up Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: Wait unconditionally after issuing EndXfer command Carlos Llamas <cmllamas(a)google.com> binder: fix max_thread type inconsistency Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Christian Brauner <brauner(a)kernel.org> erofs: reliably distinguish block based and fscache mode Baokun Li <libaokun1(a)huawei.com> erofs: get rid of erofs_fs_context Jiri Olsa <jolsa(a)kernel.org> bpf: Add missing BPF_LINK_TYPE invocations Mark Brown <broonie(a)kernel.org> kselftest: Add a ksft_perror() helper Mengqi Zhang <mengqi.zhang(a)mediatek.com> mmc: core: Add HS400 tuning in HS400es initialization Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Fix memory leak in tpm2_key_encode() Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Jacob Keller <jacob.e.keller(a)intel.com> ice: remove unnecessary duplicate checks for VF VSI ID Jacob Keller <jacob.e.keller(a)intel.com> ice: pass VSI pointer into ice_vc_isvalid_q_id Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix another TX stall caused by wrong ISR flag handling Jose Fernandez <josef(a)netflix.com> drm/amd/display: Fix division by zero in setup_dsc_config Gustavo A. R. Silva <gustavoars(a)kernel.org> smb: smb2pdu.h: Avoid -Wflex-array-member-not-at-end warnings Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add continuous availability share parameter David Howells <dhowells(a)redhat.com> cifs: Add tracing for the cifs_tcon struct refcounting Paulo Alcantara <pc(a)manguebit.com> smb: client: instantiate when creating SFU files Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file() Steve French <stfrench(a)microsoft.com> smb3: add trace event for mknod Steve French <stfrench(a)microsoft.com> smb311: additional compression flag defined in updated protocol spec Steve French <stfrench(a)microsoft.com> smb311: correct incorrect offset field in compression header Steve French <stfrench(a)microsoft.com> cifs: Move some extern decls from .c files to .h Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potencial out-of-bounds when buffer offset is invalid Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() Colin Ian King <colin.i.king(a)gmail.com> ksmbd: Fix spelling mistake "connction" -> "connection" Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: fix possible null-deref in smb_lazy_parent_lease_break_close Bharath SM <bharathsm(a)microsoft.com> cifs: remove redundant variable assignment Meetakshi Setiya <msetiya(a)microsoft.com> cifs: fixes for get_inode_info Bharath SM <bharathsm(a)microsoft.com> cifs: defer close file handles having RH lease Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add support for durable handles v1/v2 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session Enzo Matsumiya <ematsumiya(a)suse.de> smb: common: simplify compression headers Enzo Matsumiya <ematsumiya(a)suse.de> smb: common: fix fields sizes in compression_pattern_payload_v1 Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: negotiate compression algorithms Steve French <stfrench(a)microsoft.com> smb3: add dynamic trace point for ioctls Paulo Alcantara <pc(a)manguebit.com> smb: client: return reparse type in /proc/mounts Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct d_type for reparse DFS/DFSR and mount point Paulo Alcantara <pc(a)manguebit.com> smb: client: parse uid, gid, mode and dev from WSL reparse points Steve French <stfrench(a)microsoft.com> smb: client: introduce SMB2_OP_QUERY_WSL_EA Dan Carpenter <dan.carpenter(a)linaro.org> smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() Paulo Alcantara <pc(a)manguebit.com> smb: client: add support for WSL reparse points Paulo Alcantara <pc(a)manguebit.com> smb: client: reduce number of parameters in smb2_compound_op() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential broken compound request Paulo Alcantara <pc(a)manguebit.com> smb: client: move most of reparse point handling code to common file Paulo Alcantara <pc(a)manguebit.com> smb: client: introduce reparse mount option Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: retry compound request without reusing lease Steve French <stfrench(a)microsoft.com> smb: client: do not defer close open handles to deleted files Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: reuse file lease key in compound operations Paulo Alcantara <pc(a)manguebit.com> smb: client: get rid of smb311_posix_query_path_info() Steve French <stfrench(a)microsoft.com> smb: client: parse owner/group when creating reparse points Steve French <stfrench(a)microsoft.com> smb3: update allocation size more accurately on write completion Paulo Alcantara <pc(a)manguebit.com> smb: client: handle path separator of created SMB symlinks Steve French <stfrench(a)microsoft.com> cifs: update the same create_guid on replay Yang Li <yang.lee(a)linux.alibaba.com> ksmbd: Add kernel-doc for ksmbd_extract_sharename() function Shyam Prasad N <sprasad(a)microsoft.com> cifs: set replay flag for retries of write command Shyam Prasad N <sprasad(a)microsoft.com> cifs: commands that are retried should have replay flag set Alexey Dobriyan <adobriyan(a)gmail.com> smb: client: delete "true", "false" defines Yang Li <yang.lee(a)linux.alibaba.com> smb: Fix some kernel-doc comments Shyam Prasad N <sprasad(a)microsoft.com> cifs: new mount option called retrans Paulo Alcantara <pc(a)manguebit.com> smb: client: don't clobber ->i_rdev from cached reparse points Shyam Prasad N <sprasad(a)microsoft.com> cifs: new nt status codes from MS-SMB2 Shyam Prasad N <sprasad(a)microsoft.com> cifs: pick channel for tcon and tdis Steve French <stfrench(a)microsoft.com> cifs: minor comment cleanup Colin Ian King <colin.i.king(a)gmail.com> cifs: remove redundant variable tcon_exist Randy Dunlap <rdunlap(a)infradead.org> ksmbd: vfs: fix all kernel-doc warnings Randy Dunlap <rdunlap(a)infradead.org> ksmbd: auth: fix most kernel-doc warnings Steve French <stfrench(a)microsoft.com> cifs: remove unneeded return statement Paulo Alcantara <pc(a)manguebit.com> cifs: get rid of dup length check in parse_reparse_point() David Howells <dhowells(a)redhat.com> cifs: Pass unbyteswapped eof value into SMB2_set_eof() Markus Elfring <elfring(a)users.sourceforge.net> smb3: Improve exception handling in allocate_mr_list() Steve French <stfrench(a)microsoft.com> cifs: fix in logging in cifs_chan_update_iface Paulo Alcantara <pc(a)manguebit.com> smb: client: handle special files and symlinks in SMB3 POSIX Paulo Alcantara <pc(a)manguebit.com> smb: client: cleanup smb2_query_reparse_point() Paulo Alcantara <pc(a)manguebit.com> smb: client: allow creating symlinks via reparse points Steve French <stfrench(a)microsoft.com> smb: client: optimise reparse point querying Steve French <stfrench(a)microsoft.com> smb: client: allow creating special files via reparse points Steve French <stfrench(a)microsoft.com> smb: client: extend smb2_compound_op() to accept more commands Pierre Mariani <pierre.mariani(a)gmail.com> smb: client: Fix minor whitespace errors and warnings Steve French <stfrench(a)microsoft.com> smb: client: introduce cifs_sfu_make_node() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> cifs: fix use after free for iface while disabling secondary channels Steve French <stfrench(a)microsoft.com> Missing field not being returned in ioctl CIFS_IOC_GET_MNT_INFO Steve French <stfrench(a)microsoft.com> smb3: minor cleanup of session handling code Steve French <stfrench(a)microsoft.com> smb3: more minor cleanups for session handling routines Steve French <stfrench(a)microsoft.com> smb3: minor RDMA cleanup Shyam Prasad N <sprasad(a)microsoft.com> cifs: print server capabilities in DebugData Eric Biggers <ebiggers(a)google.com> smb: use crypto_shash_digest() in symlink_hash() Steve French <stfrench(a)microsoft.com> Add definition for new smb3.1.1 command type Steve French <stfrench(a)microsoft.com> SMB3: clarify some of the unused CreateOption flags Meetakshi Setiya <msetiya(a)microsoft.com> cifs: Add client version details to NTLM authenticate message ------------- Diffstat: Documentation/ABI/stable/sysfs-block | 10 + .../admin-guide/hw-vuln/core-scheduling.rst | 4 +- Documentation/admin-guide/mm/damon/usage.rst | 2 +- Documentation/sphinx/kernel_include.py | 1 - Makefile | 4 +- block/genhd.c | 15 +- block/partitions/core.c | 5 +- drivers/android/binder.c | 2 +- drivers/android/binder_internal.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 + drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 +- drivers/mmc/core/mmc.c | 9 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 22 +- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 3 - drivers/net/ethernet/micrel/ks8851_common.c | 18 +- drivers/net/usb/ax88179_178a.c | 37 +- drivers/remoteproc/mtk_scp.c | 10 +- drivers/tty/serial/kgdboc.c | 30 +- drivers/usb/dwc3/gadget.c | 4 +- drivers/usb/typec/tipd/core.c | 45 +- drivers/usb/typec/tipd/tps6598x.h | 11 + drivers/usb/typec/ucsi/displayport.c | 4 - fs/erofs/internal.h | 7 - fs/erofs/super.c | 124 +- fs/smb/client/Makefile | 2 +- fs/smb/client/cached_dir.c | 24 +- fs/smb/client/cifs_debug.c | 38 +- fs/smb/client/cifsfs.c | 10 +- fs/smb/client/cifsglob.h | 93 +- fs/smb/client/cifsproto.h | 39 +- fs/smb/client/cifssmb.c | 18 +- fs/smb/client/connect.c | 57 +- fs/smb/client/dir.c | 14 +- fs/smb/client/file.c | 39 +- fs/smb/client/fs_context.c | 43 +- fs/smb/client/fs_context.h | 13 +- fs/smb/client/fscache.c | 7 + fs/smb/client/inode.c | 235 ++-- fs/smb/client/ioctl.c | 6 + fs/smb/client/link.c | 41 +- fs/smb/client/misc.c | 47 +- fs/smb/client/ntlmssp.h | 4 +- fs/smb/client/readdir.c | 32 +- fs/smb/client/reparse.c | 532 ++++++++ fs/smb/client/reparse.h | 113 ++ fs/smb/client/sess.c | 73 +- fs/smb/client/smb1ops.c | 80 +- fs/smb/client/smb2glob.h | 27 +- fs/smb/client/smb2inode.c | 1402 +++++++++++++------- fs/smb/client/smb2maperror.c | 2 + fs/smb/client/smb2misc.c | 10 +- fs/smb/client/smb2ops.c | 603 ++++----- fs/smb/client/smb2pdu.c | 340 ++++- fs/smb/client/smb2pdu.h | 46 +- fs/smb/client/smb2proto.h | 37 +- fs/smb/client/smb2status.h | 2 + fs/smb/client/smb2transport.c | 2 + fs/smb/client/smbdirect.c | 4 +- fs/smb/client/smbencrypt.c | 7 - fs/smb/client/trace.h | 137 +- fs/smb/common/smb2pdu.h | 122 +- fs/smb/common/smbfsctl.h | 6 - fs/smb/server/auth.c | 14 +- fs/smb/server/ksmbd_netlink.h | 36 +- fs/smb/server/mgmt/user_session.c | 28 +- fs/smb/server/mgmt/user_session.h | 3 + fs/smb/server/misc.c | 1 + fs/smb/server/oplock.c | 96 +- fs/smb/server/oplock.h | 7 +- fs/smb/server/smb2misc.c | 26 +- fs/smb/server/smb2ops.c | 6 + fs/smb/server/smb2pdu.c | 338 ++++- fs/smb/server/smb2pdu.h | 31 +- fs/smb/server/transport_tcp.c | 2 + fs/smb/server/vfs.c | 28 +- fs/smb/server/vfs_cache.c | 137 +- fs/smb/server/vfs_cache.h | 9 + include/linux/blkdev.h | 13 + include/linux/bpf_types.h | 3 + include/net/bluetooth/hci.h | 9 + include/net/bluetooth/hci_core.h | 1 + net/bluetooth/hci_conn.c | 71 +- net/bluetooth/hci_event.c | 31 +- net/bluetooth/iso.c | 2 +- net/bluetooth/l2cap_core.c | 38 +- net/bluetooth/sco.c | 6 +- security/keys/trusted-keys/trusted_tpm2.c | 25 +- tools/testing/selftests/kselftest.h | 14 + 88 files changed, 3923 insertions(+), 1738 deletions(-)

11 months, 2 weeks

12
113
0 0

[PATCH 6.1 00/45] 6.1.92-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.92 release. There are 45 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.92-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.92-rc1 Akira Yokosawa <akiyks(a)gmail.com> docs: kernel_include.py: Cope with docutils 0.21 Thomas Weißschuh <linux(a)weissschuh.net> admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Do not use WARN when encode fails AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Daniel Thompson <daniel.thompson(a)linaro.org> serial: kgdboc: Fix NMI-safety problems from keyboard reset code Javier Carrasco <javier.carrasco(a)wolfvision.net> usb: typec: tipd: fix event checking for tps6598x Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: displayport: Fix potential deadlock Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: fix link status when link is set to down/up Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: Wait unconditionally after issuing EndXfer command Carlos Llamas <cmllamas(a)google.com> binder: fix max_thread type inconsistency Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Mark Rutland <mark.rutland(a)arm.com> arm64: atomics: lse: remove stale dependency on JUMP_LABEL Eric Sandeen <sandeen(a)redhat.com> xfs: short circuit xfs_growfs_data_private() if delta is zero Hironori Shiina <shiina.hironori(a)gmail.com> xfs: get root inode correctly at bulkstat Darrick J. Wong <djwong(a)kernel.org> xfs: fix log recovery when unknown rocompat bits are set Darrick J. Wong <djwong(a)kernel.org> xfs: allow inode inactivation during a ro mount log recovery Darrick J. Wong <djwong(a)kernel.org> xfs: invalidate xfs_bufs when allocating cow extents Darrick J. Wong <djwong(a)kernel.org> xfs: estimate post-merge refcounts correctly Darrick J. Wong <djwong(a)kernel.org> xfs: hoist refcount record merge predicates Guo Xuenan <guoxuenan(a)huawei.com> xfs: fix super block buf log item UAF during force shutdown Guo Xuenan <guoxuenan(a)huawei.com> xfs: wait iclog complete before tearing down AIL Darrick J. Wong <djwong(a)kernel.org> xfs: attach dquots to inode before reading data/cow fork mappings Darrick J. Wong <djwong(a)kernel.org> xfs: invalidate block device page cache during unmount Long Li <leo.lilong(a)huawei.com> xfs: fix incorrect i_nlink caused by inode racing Long Li <leo.lilong(a)huawei.com> xfs: fix sb write verify for lazysbcount Darrick J. Wong <djwong(a)kernel.org> xfs: fix incorrect error-out in xfs_remove Dave Chinner <dchinner(a)redhat.com> xfs: fix off-by-one-block in xfs_discard_folio() Dave Chinner <dchinner(a)redhat.com> xfs: drop write error injection is unfixable, remove it Dave Chinner <dchinner(a)redhat.com> xfs: use iomap_valid method to detect stale cached iomaps Dave Chinner <dchinner(a)redhat.com> iomap: write iomap validity checks Dave Chinner <dchinner(a)redhat.com> xfs: xfs_bmap_punch_delalloc_range() should take a byte range Dave Chinner <dchinner(a)redhat.com> iomap: buffered write failure should not truncate the page cache Dave Chinner <dchinner(a)redhat.com> xfs,iomap: move delalloc punching to iomap Dave Chinner <dchinner(a)redhat.com> xfs: use byte ranges for write cleanup ranges Dave Chinner <dchinner(a)redhat.com> xfs: punching delalloc extents on write failure is racy Dave Chinner <dchinner(a)redhat.com> xfs: write page faults in iomap are not buffered writes Mengqi Zhang <mengqi.zhang(a)mediatek.com> mmc: core: Add HS400 tuning in HS400es initialization Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Fix memory leak in tpm2_key_encode() NeilBrown <neilb(a)suse.de> nfsd: don't allow nfsd threads to be signalled. Aidan MacDonald <aidanmacdonald.0x0(a)gmail.com> mfd: stpmic1: Fix swapped mask/unmask in irq chip Sergey Shtylyov <s.shtylyov(a)omp.ru> pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Jacob Keller <jacob.e.keller(a)intel.com> ice: remove unnecessary duplicate checks for VF VSI ID Jacob Keller <jacob.e.keller(a)intel.com> ice: pass VSI pointer into ice_vc_isvalid_q_id Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix another TX stall caused by wrong ISR flag handling Jose Fernandez <josef(a)netflix.com> drm/amd/display: Fix division by zero in setup_dsc_config ------------- Diffstat: .../admin-guide/hw-vuln/core-scheduling.rst | 4 +- Documentation/sphinx/kernel_include.py | 1 - Makefile | 4 +- arch/arm64/Kconfig | 1 - arch/arm64/include/asm/lse.h | 1 - drivers/android/binder.c | 2 +- drivers/android/binder_internal.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 + drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 +- drivers/mfd/stpmic1.c | 5 +- drivers/mmc/core/mmc.c | 9 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 22 +- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 3 - drivers/net/ethernet/micrel/ks8851_common.c | 18 +- drivers/net/usb/ax88179_178a.c | 37 ++- drivers/pinctrl/core.c | 14 +- drivers/remoteproc/mtk_scp.c | 10 +- drivers/tty/serial/kgdboc.c | 30 ++- drivers/usb/dwc3/gadget.c | 4 +- drivers/usb/typec/tipd/core.c | 45 ++-- drivers/usb/typec/tipd/tps6598x.h | 11 + drivers/usb/typec/ucsi/displayport.c | 4 - fs/iomap/buffered-io.c | 254 ++++++++++++++++++++- fs/iomap/iter.c | 19 +- fs/nfs/callback.c | 9 +- fs/nfsd/nfs4proc.c | 5 +- fs/nfsd/nfssvc.c | 12 - fs/xfs/libxfs/xfs_bmap.c | 8 +- fs/xfs/libxfs/xfs_errortag.h | 12 +- fs/xfs/libxfs/xfs_refcount.c | 146 ++++++++++-- fs/xfs/libxfs/xfs_sb.c | 7 +- fs/xfs/xfs_aops.c | 37 +-- fs/xfs/xfs_bmap_util.c | 10 +- fs/xfs/xfs_bmap_util.h | 2 +- fs/xfs/xfs_buf.c | 1 + fs/xfs/xfs_buf_item.c | 2 + fs/xfs/xfs_error.c | 27 ++- fs/xfs/xfs_file.c | 2 +- fs/xfs/xfs_fsops.c | 4 + fs/xfs/xfs_icache.c | 6 + fs/xfs/xfs_inode.c | 16 +- fs/xfs/xfs_ioctl.c | 4 +- fs/xfs/xfs_iomap.c | 177 ++++++++------ fs/xfs/xfs_iomap.h | 6 +- fs/xfs/xfs_log.c | 53 ++--- fs/xfs/xfs_mount.c | 15 ++ fs/xfs/xfs_pnfs.c | 6 +- include/linux/iomap.h | 47 +++- net/sunrpc/svc_xprt.c | 16 +- security/keys/trusted-keys/trusted_tpm2.c | 25 +- 50 files changed, 866 insertions(+), 299 deletions(-)

11 months, 2 weeks

12
56
0 0

[PATCH 6.8 00/23] 6.8.11-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.11 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.11-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.11-rc1 Christoph Hellwig <hch(a)lst.de> block: add a partscan sysfs attribute for disks Christoph Hellwig <hch(a)lst.de> block: add a disk_has_partscan helper SeongJae Park <sj(a)kernel.org> Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Akira Yokosawa <akiyks(a)gmail.com> docs: kernel_include.py: Cope with docutils 0.21 Thomas Weißschuh <linux(a)weissschuh.net> admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Do not use WARN when encode fails AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Daniel Thompson <daniel.thompson(a)linaro.org> serial: kgdboc: Fix NMI-safety problems from keyboard reset code Javier Carrasco <javier.carrasco(a)wolfvision.net> usb: typec: tipd: fix event checking for tps6598x Javier Carrasco <javier.carrasco(a)wolfvision.net> usb: typec: tipd: fix event checking for tps25750 Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: displayport: Fix potential deadlock Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: fix link status when link is set to down/up Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: Wait unconditionally after issuing EndXfer command Carlos Llamas <cmllamas(a)google.com> binder: fix max_thread type inconsistency Christian Brauner <brauner(a)kernel.org> erofs: reliably distinguish block based and fscache mode Baokun Li <libaokun1(a)huawei.com> erofs: get rid of erofs_fs_context Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Fix memory leak in tpm2_key_encode() Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Jacob Keller <jacob.e.keller(a)intel.com> ice: remove unnecessary duplicate checks for VF VSI ID Jacob Keller <jacob.e.keller(a)intel.com> ice: pass VSI pointer into ice_vc_isvalid_q_id Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix another TX stall caused by wrong ISR flag handling Jose Fernandez <josef(a)netflix.com> drm/amd/display: Fix division by zero in setup_dsc_config ------------- Diffstat: Documentation/ABI/stable/sysfs-block | 10 ++ .../admin-guide/hw-vuln/core-scheduling.rst | 4 +- Documentation/admin-guide/mm/damon/usage.rst | 2 +- Documentation/sphinx/kernel_include.py | 1 - Makefile | 4 +- block/genhd.c | 15 ++- block/partitions/core.c | 5 +- drivers/android/binder.c | 2 +- drivers/android/binder_internal.h | 2 +- drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 22 ++-- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 3 - drivers/net/ethernet/micrel/ks8851_common.c | 18 +-- drivers/net/usb/ax88179_178a.c | 37 ++++-- drivers/remoteproc/mtk_scp.c | 10 +- drivers/tty/serial/kgdboc.c | 30 ++++- drivers/usb/dwc3/gadget.c | 4 +- drivers/usb/typec/tipd/core.c | 51 ++++++--- drivers/usb/typec/tipd/tps6598x.h | 11 ++ drivers/usb/typec/ucsi/displayport.c | 4 - fs/erofs/internal.h | 7 -- fs/erofs/super.c | 124 +++++++++------------ include/linux/blkdev.h | 13 +++ include/net/bluetooth/hci.h | 9 ++ include/net/bluetooth/hci_core.h | 1 + net/bluetooth/hci_conn.c | 71 ++++++++---- net/bluetooth/hci_event.c | 31 ++++-- net/bluetooth/iso.c | 2 +- net/bluetooth/l2cap_core.c | 38 +++---- net/bluetooth/sco.c | 6 +- security/keys/trusted-keys/trusted_tpm2.c | 25 ++++- 31 files changed, 339 insertions(+), 230 deletions(-)

11 months, 2 weeks

11
33
0 0

[PATCH] selftest: mm: Test if hugepage does not get leaked during __bio_release_pages()

by Donet Tom

Commit 1b151e2435fc ("block: Remove special-casing of compound pages") caused a change in behaviour when releasing the pages if the buffer does not start at the beginning of the page. This was because the calculation of the number of pages to release was incorrect. This was fixed by commit 38b43539d64b ("block: Fix page refcounts for unaligned buffers in __bio_release_pages()"). We pin the user buffer during direct I/O writes. If this buffer is a hugepage, bio_release_page() will unpin it and decrement all references and pin counts at ->bi_end_io. However, if any references to the hugepage remain post-I/O, the hugepage will not be freed upon unmap, leading to a memory leak. This patch verifies that a hugepage, used as a user buffer for DIO operations, is correctly freed upon unmapping, regardless of whether the offsets are aligned or unaligned w.r.t page boundary. Test Result Fail Scenario (Without the fix) -------------------------------------------------------- []# ./hugetlb_dio TAP version 13 1..4 No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 1 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 2 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 3 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 6 not ok 4 : Huge pages not freed! Totals: pass:3 fail:1 xfail:0 xpass:0 skip:0 error:0 Test Result PASS Scenario (With the fix) --------------------------------------------------------- []#./hugetlb_dio TAP version 13 1..4 No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 1 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 2 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 3 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 4 : Huge pages freed successfully ! Totals: pass:4 fail:0 xfail:0 xpass:0 skip:0 error:0 Signed-off-by: Donet Tom <donettom(a)linux.ibm.com> Signed-off-by: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> --- tools/testing/selftests/mm/Makefile | 1 + tools/testing/selftests/mm/hugetlb_dio.c | 118 +++++++++++++++++++++++ 2 files changed, 119 insertions(+) create mode 100644 tools/testing/selftests/mm/hugetlb_dio.c diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile index eb5f39a2668b..87d8130b3376 100644 --- a/tools/testing/selftests/mm/Makefile +++ b/tools/testing/selftests/mm/Makefile @@ -71,6 +71,7 @@ TEST_GEN_FILES += ksm_functional_tests TEST_GEN_FILES += mdwe_test TEST_GEN_FILES += hugetlb_fault_after_madv TEST_GEN_FILES += hugetlb_madv_vs_map +TEST_GEN_FILES += hugetlb_dio ifneq ($(ARCH),arm64) TEST_GEN_FILES += soft-dirty diff --git a/tools/testing/selftests/mm/hugetlb_dio.c b/tools/testing/selftests/mm/hugetlb_dio.c new file mode 100644 index 000000000000..6f6587c7913c --- /dev/null +++ b/tools/testing/selftests/mm/hugetlb_dio.c @@ -0,0 +1,118 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * This program tests for hugepage leaks after DIO writes to a file using a + * hugepage as the user buffer. During DIO, the user buffer is pinned and + * should be properly unpinned upon completion. This patch verifies that the + * kernel correctly unpins the buffer at DIO completion for both aligned and + * unaligned user buffer offsets (w.r.t page boundary), ensuring the hugepage + * is freed upon unmapping. + */ + +#define _GNU_SOURCE +#include <stdio.h> +#include <sys/stat.h> +#include <stdlib.h> +#include <fcntl.h> +#include <stdint.h> +#include <unistd.h> +#include <string.h> +#include <sys/mman.h> +#include "vm_util.h" +#include "../kselftest.h" + +void run_dio_using_hugetlb(unsigned int start_off, unsigned int end_off) +{ + int fd; + char *buffer = NULL; + char *orig_buffer = NULL; + size_t h_pagesize = 0; + size_t writesize; + int free_hpage_b = 0; + int free_hpage_a = 0; + + writesize = end_off - start_off; + + /* Get the default huge page size */ + h_pagesize = default_huge_page_size(); + if (!h_pagesize) + ksft_exit_fail_msg("Unable to determine huge page size\n"); + + /* Open the file to DIO */ + fd = open("/tmp", O_TMPFILE | O_RDWR | O_DIRECT); + if (fd < 0) + ksft_exit_fail_msg("Error opening file"); + + /* Get the free huge pages before allocation */ + free_hpage_b = get_free_hugepages(); + if (free_hpage_b == 0) { + close(fd); + ksft_exit_skip("No free hugepage, exiting!\n"); + } + + /* Allocate a hugetlb page */ + orig_buffer = mmap(NULL, h_pagesize, PROT_READ | PROT_WRITE, MAP_PRIVATE + | MAP_ANONYMOUS | MAP_HUGETLB, -1, 0); + if (orig_buffer == MAP_FAILED) { + close(fd); + ksft_exit_fail_msg("Error mapping memory"); + } + buffer = orig_buffer; + buffer += start_off; + + memset(buffer, 'A', writesize); + + /* Write the buffer to the file */ + if (write(fd, buffer, writesize) != (writesize)) { + munmap(orig_buffer, h_pagesize); + close(fd); + ksft_exit_fail_msg("Error writing to file"); + } + + /* unmap the huge page */ + munmap(orig_buffer, h_pagesize); + close(fd); + + /* Get the free huge pages after unmap*/ + free_hpage_a = get_free_hugepages(); + + /* + * If the no. of free hugepages before allocation and after unmap does + * not match - that means there could still be a page which is pinned. + */ + if (free_hpage_a != free_hpage_b) { + printf("No. Free pages before allocation : %d\n", free_hpage_b); + printf("No. Free pages after munmap : %d\n", free_hpage_a); + ksft_test_result_fail(": Huge pages not freed!\n"); + } else { + printf("No. Free pages before allocation : %d\n", free_hpage_b); + printf("No. Free pages after munmap : %d\n", free_hpage_a); + ksft_test_result_pass(": Huge pages freed successfully !\n"); + } +} + +int main(void) +{ + size_t pagesize = 0; + + ksft_print_header(); + ksft_set_plan(4); + + /* Get base page size */ + pagesize = psize(); + + /* start and end is aligned to pagesize */ + run_dio_using_hugetlb(0, (pagesize * 3)); + + /* start is aligned but end is not aligned */ + run_dio_using_hugetlb(0, (pagesize * 3) - (pagesize / 2)); + + /* start is unaligned and end is aligned */ + run_dio_using_hugetlb(pagesize / 2, (pagesize * 3)); + + /* both start and end are unaligned */ + run_dio_using_hugetlb(pagesize / 2, (pagesize * 3) + (pagesize / 2)); + + ksft_finished(); + return 0; +} + -- 2.39.3

11 months, 2 weeks

5
7
0 0

FAILED: patch "[PATCH] io_uring: fail NOP if non-zero op flags is passed in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3d8f874bd620ce03f75a5512847586828ab86544 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052548-prance-gliding-4f31@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d8f874bd620ce03f75a5512847586828ab86544 Mon Sep 17 00:00:00 2001 From: Ming Lei <ming.lei(a)redhat.com> Date: Fri, 10 May 2024 11:50:27 +0800 Subject: [PATCH] io_uring: fail NOP if non-zero op flags is passed in The NOP op flags should have been checked from beginning like any other opcode, otherwise NOP may not be extended with the op flags. Given both liburing and Rust io-uring crate always zeros SQE op flags, just ignore users which play raw NOP uring interface without zeroing SQE, because NOP is just for test purpose. Then we can save one NOP2 opcode. Suggested-by: Jens Axboe <axboe(a)kernel.dk> Fixes: 2b188cc1bb85 ("Add io_uring IO interface") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20240510035031.78874-2-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/nop.c b/io_uring/nop.c index d956599a3c1b..1a4e312dfe51 100644 --- a/io_uring/nop.c +++ b/io_uring/nop.c @@ -12,6 +12,8 @@ int io_nop_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { + if (READ_ONCE(sqe->rw_flags)) + return -EINVAL; return 0; }

11 months, 2 weeks

2
1
0 0

[PATCH] KEYS: trusted_tpm2: Only check options->keyhandle for ASN.1

by Jarkko Sakkinen

tpm2_load_cmd incorrectly checks options->keyhandle also for the legacy format, as also implied by the inline comment. Check options->keyhandle when ASN.1 is loaded. Cc: James Bottomey <James.Bottomley(a)HansenPartnership.com> Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index 8b7dd73d94c1..4f8207bf52a7 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -400,12 +400,11 @@ static int tpm2_load_cmd(struct tpm_chip *chip, /* old form */ blob = payload->blob; payload->old_format = 1; + } else { + if (!options->keyhandle) + return -EINVAL; } - /* new format carries keyhandle but old format doesn't */ - if (!options->keyhandle) - return -EINVAL; - /* must be big enough for at least the two be16 size counts */ if (payload->blob_len < 4) return -EINVAL; -- 2.45.1

11 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] dt-bindings: adc: axi-adc: add clocks property" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 19fb11d7220b8abc016aa254dc7e6d9f2d49b178 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052522-mud-contempt-f78d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 19fb11d7220b8abc016aa254dc7e6d9f2d49b178 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Fri, 26 Apr 2024 17:42:12 +0200 Subject: [PATCH] dt-bindings: adc: axi-adc: add clocks property Add a required clock property as we can't access the device registers if the AXI bus clock is not properly enabled. Note this clock is a very fundamental one that is typically enabled pretty early during boot. Independently of that, we should really rely on it to be enabled. Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Fixes: 96553a44e96d ("dt-bindings: iio: adc: add bindings doc for AXI ADC driver") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240426-ad9467-new-features-v2-3-6361fc3ba1cc@an… Cc: <Stable(a)ver.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml b/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml index 3d49d21ad33d..e1f450b80db2 100644 --- a/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml +++ b/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml @@ -28,6 +28,9 @@ properties: reg: maxItems: 1 + clocks: + maxItems: 1 + dmas: maxItems: 1 @@ -48,6 +51,7 @@ required: - compatible - dmas - reg + - clocks additionalProperties: false @@ -58,6 +62,7 @@ examples: reg = <0x44a00000 0x10000>; dmas = <&rx_dma 0>; dma-names = "rx"; + clocks = <&axi_clk>; #io-backend-cells = <0>; }; ...

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] dt-bindings: adc: axi-adc: add clocks property" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 19fb11d7220b8abc016aa254dc7e6d9f2d49b178 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052521-audacious-renewably-220c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 19fb11d7220b8abc016aa254dc7e6d9f2d49b178 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Fri, 26 Apr 2024 17:42:12 +0200 Subject: [PATCH] dt-bindings: adc: axi-adc: add clocks property Add a required clock property as we can't access the device registers if the AXI bus clock is not properly enabled. Note this clock is a very fundamental one that is typically enabled pretty early during boot. Independently of that, we should really rely on it to be enabled. Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Fixes: 96553a44e96d ("dt-bindings: iio: adc: add bindings doc for AXI ADC driver") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240426-ad9467-new-features-v2-3-6361fc3ba1cc@an… Cc: <Stable(a)ver.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml b/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml index 3d49d21ad33d..e1f450b80db2 100644 --- a/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml +++ b/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml @@ -28,6 +28,9 @@ properties: reg: maxItems: 1 + clocks: + maxItems: 1 + dmas: maxItems: 1 @@ -48,6 +51,7 @@ required: - compatible - dmas - reg + - clocks additionalProperties: false @@ -58,6 +62,7 @@ examples: reg = <0x44a00000 0x10000>; dmas = <&rx_dma 0>; dma-names = "rx"; + clocks = <&axi_clk>; #io-backend-cells = <0>; }; ...

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] dt-bindings: adc: axi-adc: add clocks property" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 19fb11d7220b8abc016aa254dc7e6d9f2d49b178 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052520-dainty-reflected-ff22@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 19fb11d7220b8abc016aa254dc7e6d9f2d49b178 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Fri, 26 Apr 2024 17:42:12 +0200 Subject: [PATCH] dt-bindings: adc: axi-adc: add clocks property Add a required clock property as we can't access the device registers if the AXI bus clock is not properly enabled. Note this clock is a very fundamental one that is typically enabled pretty early during boot. Independently of that, we should really rely on it to be enabled. Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Fixes: 96553a44e96d ("dt-bindings: iio: adc: add bindings doc for AXI ADC driver") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240426-ad9467-new-features-v2-3-6361fc3ba1cc@an… Cc: <Stable(a)ver.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml b/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml index 3d49d21ad33d..e1f450b80db2 100644 --- a/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml +++ b/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml @@ -28,6 +28,9 @@ properties: reg: maxItems: 1 + clocks: + maxItems: 1 + dmas: maxItems: 1 @@ -48,6 +51,7 @@ required: - compatible - dmas - reg + - clocks additionalProperties: false @@ -58,6 +62,7 @@ examples: reg = <0x44a00000 0x10000>; dmas = <&rx_dma 0>; dma-names = "rx"; + clocks = <&axi_clk>; #io-backend-cells = <0>; }; ...

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] dt-bindings: adc: axi-adc: add clocks property" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 19fb11d7220b8abc016aa254dc7e6d9f2d49b178 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052520-enroll-deftly-8f54@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 19fb11d7220b8abc016aa254dc7e6d9f2d49b178 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Fri, 26 Apr 2024 17:42:12 +0200 Subject: [PATCH] dt-bindings: adc: axi-adc: add clocks property Add a required clock property as we can't access the device registers if the AXI bus clock is not properly enabled. Note this clock is a very fundamental one that is typically enabled pretty early during boot. Independently of that, we should really rely on it to be enabled. Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Fixes: 96553a44e96d ("dt-bindings: iio: adc: add bindings doc for AXI ADC driver") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240426-ad9467-new-features-v2-3-6361fc3ba1cc@an… Cc: <Stable(a)ver.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml b/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml index 3d49d21ad33d..e1f450b80db2 100644 --- a/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml +++ b/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml @@ -28,6 +28,9 @@ properties: reg: maxItems: 1 + clocks: + maxItems: 1 + dmas: maxItems: 1 @@ -48,6 +51,7 @@ required: - compatible - dmas - reg + - clocks additionalProperties: false @@ -58,6 +62,7 @@ examples: reg = <0x44a00000 0x10000>; dmas = <&rx_dma 0>; dma-names = "rx"; + clocks = <&axi_clk>; #io-backend-cells = <0>; }; ...

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] dt-bindings: adc: axi-adc: add clocks property" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 19fb11d7220b8abc016aa254dc7e6d9f2d49b178 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052519-estrogen-babble-023a@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 19fb11d7220b8abc016aa254dc7e6d9f2d49b178 Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Fri, 26 Apr 2024 17:42:12 +0200 Subject: [PATCH] dt-bindings: adc: axi-adc: add clocks property Add a required clock property as we can't access the device registers if the AXI bus clock is not properly enabled. Note this clock is a very fundamental one that is typically enabled pretty early during boot. Independently of that, we should really rely on it to be enabled. Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Fixes: 96553a44e96d ("dt-bindings: iio: adc: add bindings doc for AXI ADC driver") Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://lore.kernel.org/r/20240426-ad9467-new-features-v2-3-6361fc3ba1cc@an… Cc: <Stable(a)ver.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml b/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml index 3d49d21ad33d..e1f450b80db2 100644 --- a/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml +++ b/Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml @@ -28,6 +28,9 @@ properties: reg: maxItems: 1 + clocks: + maxItems: 1 + dmas: maxItems: 1 @@ -48,6 +51,7 @@ required: - compatible - dmas - reg + - clocks additionalProperties: false @@ -58,6 +62,7 @@ examples: reg = <0x44a00000 0x10000>; dmas = <&rx_dma 0>; dma-names = "rx"; + clocks = <&axi_clk>; #io-backend-cells = <0>; }; ...

11 months, 2 weeks

1
0
0 0

Re: [PATCH] f2fs: fix false alarm on invalid block address

by Jaegeuk Kim

Fixed the stable mailing list. On 05/23, Jaegeuk Kim wrote: > Hi Greg, > > Could you please consider to cherry-pick this patch in stable-6.9, since > there are many users suffering from unnecessary fsck runs during boot? > > You can get this from Linus's tree by > (b864ddb57eb0 "f2fs: fix false alarm on invalid block address") > > Thanks, > > On 05/20, Jaegeuk Kim wrote: > > f2fs_ra_meta_pages can try to read ahead on invalid block address which is > > not the corruption case. > > > > Cc: <stable(a)kernel.org> # v6.9+ > > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=218770 > > Fixes: 31f85ccc84b8 ("f2fs: unify the error handling of f2fs_is_valid_blkaddr") > > Reviewed-by: Chao Yu <chao(a)kernel.org> > > Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> > > --- > > fs/f2fs/checkpoint.c | 9 +++++---- > > 1 file changed, 5 insertions(+), 4 deletions(-) > > > > diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c > > index 5d05a413f451..55d444bec5c0 100644 > > --- a/fs/f2fs/checkpoint.c > > +++ b/fs/f2fs/checkpoint.c > > @@ -179,22 +179,22 @@ static bool __f2fs_is_valid_blkaddr(struct f2fs_sb_info *sbi, > > break; > > case META_SIT: > > if (unlikely(blkaddr >= SIT_BLK_CNT(sbi))) > > - goto err; > > + goto check_only; > > break; > > case META_SSA: > > if (unlikely(blkaddr >= MAIN_BLKADDR(sbi) || > > blkaddr < SM_I(sbi)->ssa_blkaddr)) > > - goto err; > > + goto check_only; > > break; > > case META_CP: > > if (unlikely(blkaddr >= SIT_I(sbi)->sit_base_addr || > > blkaddr < __start_cp_addr(sbi))) > > - goto err; > > + goto check_only; > > break; > > case META_POR: > > if (unlikely(blkaddr >= MAX_BLKADDR(sbi) || > > blkaddr < MAIN_BLKADDR(sbi))) > > - goto err; > > + goto check_only; > > break; > > case DATA_GENERIC: > > case DATA_GENERIC_ENHANCE: > > @@ -228,6 +228,7 @@ static bool __f2fs_is_valid_blkaddr(struct f2fs_sb_info *sbi, > > return true; > > err: > > f2fs_handle_error(sbi, ERROR_INVALID_BLKADDR); > > +check_only: > > return false; > > } > > > > -- > > 2.45.0.rc1.225.g2a3ae87e7f-goog

11 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 317a215d493230da361028ea8a4675de334bfa1a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052509-upswing-sloping-5ca5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 317a215d493230da361028ea8a4675de334bfa1a Mon Sep 17 00:00:00 2001 From: Ronald Wahl <ronald.wahl(a)raritan.com> Date: Mon, 13 May 2024 16:39:22 +0200 Subject: [PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag handling Under some circumstances it may happen that the ks8851 Ethernet driver stops sending data. Currently the interrupt handler resets the interrupt status flags in the hardware after handling TX. With this approach we may lose interrupts in the time window between handling the TX interrupt and resetting the TX interrupt status bit. When all of the three following conditions are true then transmitting data stops: - TX queue is stopped to wait for room in the hardware TX buffer - no queued SKBs in the driver (txq) that wait for being written to hw - hardware TX buffer is empty and the last TX interrupt was lost This is because reenabling the TX queue happens when handling the TX interrupt status but if the TX status bit has already been cleared then this interrupt will never come. With this commit the interrupt status flags will be cleared before they are handled. That way we stop losing interrupts. The wrong handling of the ISR flags was there from the beginning but with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") the issue becomes apparent. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 502518cdb461..6453c92f0fa7 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -328,7 +328,6 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) { struct ks8851_net *ks = _ks; struct sk_buff_head rxq; - unsigned handled = 0; unsigned long flags; unsigned int status; struct sk_buff *skb; @@ -336,24 +335,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) ks8851_lock(ks, &flags); status = ks8851_rdreg16(ks, KS_ISR); + ks8851_wrreg16(ks, KS_ISR, status); netif_dbg(ks, intr, ks->netdev, "%s: status 0x%04x\n", __func__, status); - if (status & IRQ_LCI) - handled |= IRQ_LCI; - if (status & IRQ_LDI) { u16 pmecr = ks8851_rdreg16(ks, KS_PMECR); pmecr &= ~PMECR_WKEVT_MASK; ks8851_wrreg16(ks, KS_PMECR, pmecr | PMECR_WKEVT_LINK); - - handled |= IRQ_LDI; } - if (status & IRQ_RXPSI) - handled |= IRQ_RXPSI; - if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); @@ -365,20 +357,12 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); spin_unlock(&ks->statelock); - - handled |= IRQ_TXI; } - if (status & IRQ_RXI) - handled |= IRQ_RXI; - if (status & IRQ_SPIBEI) { netdev_err(ks->netdev, "%s: spi bus error\n", __func__); - handled |= IRQ_SPIBEI; } - ks8851_wrreg16(ks, KS_ISR, handled); - if (status & IRQ_RXI) { /* the datasheet says to disable the rx interrupt during * packet read-out, however we're masking the interrupt

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 317a215d493230da361028ea8a4675de334bfa1a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052508-overlap-uncured-11bd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 317a215d493230da361028ea8a4675de334bfa1a Mon Sep 17 00:00:00 2001 From: Ronald Wahl <ronald.wahl(a)raritan.com> Date: Mon, 13 May 2024 16:39:22 +0200 Subject: [PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag handling Under some circumstances it may happen that the ks8851 Ethernet driver stops sending data. Currently the interrupt handler resets the interrupt status flags in the hardware after handling TX. With this approach we may lose interrupts in the time window between handling the TX interrupt and resetting the TX interrupt status bit. When all of the three following conditions are true then transmitting data stops: - TX queue is stopped to wait for room in the hardware TX buffer - no queued SKBs in the driver (txq) that wait for being written to hw - hardware TX buffer is empty and the last TX interrupt was lost This is because reenabling the TX queue happens when handling the TX interrupt status but if the TX status bit has already been cleared then this interrupt will never come. With this commit the interrupt status flags will be cleared before they are handled. That way we stop losing interrupts. The wrong handling of the ISR flags was there from the beginning but with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") the issue becomes apparent. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 502518cdb461..6453c92f0fa7 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -328,7 +328,6 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) { struct ks8851_net *ks = _ks; struct sk_buff_head rxq; - unsigned handled = 0; unsigned long flags; unsigned int status; struct sk_buff *skb; @@ -336,24 +335,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) ks8851_lock(ks, &flags); status = ks8851_rdreg16(ks, KS_ISR); + ks8851_wrreg16(ks, KS_ISR, status); netif_dbg(ks, intr, ks->netdev, "%s: status 0x%04x\n", __func__, status); - if (status & IRQ_LCI) - handled |= IRQ_LCI; - if (status & IRQ_LDI) { u16 pmecr = ks8851_rdreg16(ks, KS_PMECR); pmecr &= ~PMECR_WKEVT_MASK; ks8851_wrreg16(ks, KS_PMECR, pmecr | PMECR_WKEVT_LINK); - - handled |= IRQ_LDI; } - if (status & IRQ_RXPSI) - handled |= IRQ_RXPSI; - if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); @@ -365,20 +357,12 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); spin_unlock(&ks->statelock); - - handled |= IRQ_TXI; } - if (status & IRQ_RXI) - handled |= IRQ_RXI; - if (status & IRQ_SPIBEI) { netdev_err(ks->netdev, "%s: spi bus error\n", __func__); - handled |= IRQ_SPIBEI; } - ks8851_wrreg16(ks, KS_ISR, handled); - if (status & IRQ_RXI) { /* the datasheet says to disable the rx interrupt during * packet read-out, however we're masking the interrupt

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 317a215d493230da361028ea8a4675de334bfa1a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052506-refining-rehab-7774@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 317a215d493230da361028ea8a4675de334bfa1a Mon Sep 17 00:00:00 2001 From: Ronald Wahl <ronald.wahl(a)raritan.com> Date: Mon, 13 May 2024 16:39:22 +0200 Subject: [PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag handling Under some circumstances it may happen that the ks8851 Ethernet driver stops sending data. Currently the interrupt handler resets the interrupt status flags in the hardware after handling TX. With this approach we may lose interrupts in the time window between handling the TX interrupt and resetting the TX interrupt status bit. When all of the three following conditions are true then transmitting data stops: - TX queue is stopped to wait for room in the hardware TX buffer - no queued SKBs in the driver (txq) that wait for being written to hw - hardware TX buffer is empty and the last TX interrupt was lost This is because reenabling the TX queue happens when handling the TX interrupt status but if the TX status bit has already been cleared then this interrupt will never come. With this commit the interrupt status flags will be cleared before they are handled. That way we stop losing interrupts. The wrong handling of the ISR flags was there from the beginning but with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") the issue becomes apparent. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 502518cdb461..6453c92f0fa7 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -328,7 +328,6 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) { struct ks8851_net *ks = _ks; struct sk_buff_head rxq; - unsigned handled = 0; unsigned long flags; unsigned int status; struct sk_buff *skb; @@ -336,24 +335,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) ks8851_lock(ks, &flags); status = ks8851_rdreg16(ks, KS_ISR); + ks8851_wrreg16(ks, KS_ISR, status); netif_dbg(ks, intr, ks->netdev, "%s: status 0x%04x\n", __func__, status); - if (status & IRQ_LCI) - handled |= IRQ_LCI; - if (status & IRQ_LDI) { u16 pmecr = ks8851_rdreg16(ks, KS_PMECR); pmecr &= ~PMECR_WKEVT_MASK; ks8851_wrreg16(ks, KS_PMECR, pmecr | PMECR_WKEVT_LINK); - - handled |= IRQ_LDI; } - if (status & IRQ_RXPSI) - handled |= IRQ_RXPSI; - if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); @@ -365,20 +357,12 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); spin_unlock(&ks->statelock); - - handled |= IRQ_TXI; } - if (status & IRQ_RXI) - handled |= IRQ_RXI; - if (status & IRQ_SPIBEI) { netdev_err(ks->netdev, "%s: spi bus error\n", __func__); - handled |= IRQ_SPIBEI; } - ks8851_wrreg16(ks, KS_ISR, handled); - if (status & IRQ_RXI) { /* the datasheet says to disable the rx interrupt during * packet read-out, however we're masking the interrupt

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 317a215d493230da361028ea8a4675de334bfa1a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052505-confiding-stegosaur-016d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 317a215d493230da361028ea8a4675de334bfa1a Mon Sep 17 00:00:00 2001 From: Ronald Wahl <ronald.wahl(a)raritan.com> Date: Mon, 13 May 2024 16:39:22 +0200 Subject: [PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag handling Under some circumstances it may happen that the ks8851 Ethernet driver stops sending data. Currently the interrupt handler resets the interrupt status flags in the hardware after handling TX. With this approach we may lose interrupts in the time window between handling the TX interrupt and resetting the TX interrupt status bit. When all of the three following conditions are true then transmitting data stops: - TX queue is stopped to wait for room in the hardware TX buffer - no queued SKBs in the driver (txq) that wait for being written to hw - hardware TX buffer is empty and the last TX interrupt was lost This is because reenabling the TX queue happens when handling the TX interrupt status but if the TX status bit has already been cleared then this interrupt will never come. With this commit the interrupt status flags will be cleared before they are handled. That way we stop losing interrupts. The wrong handling of the ISR flags was there from the beginning but with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") the issue becomes apparent. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 502518cdb461..6453c92f0fa7 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -328,7 +328,6 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) { struct ks8851_net *ks = _ks; struct sk_buff_head rxq; - unsigned handled = 0; unsigned long flags; unsigned int status; struct sk_buff *skb; @@ -336,24 +335,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) ks8851_lock(ks, &flags); status = ks8851_rdreg16(ks, KS_ISR); + ks8851_wrreg16(ks, KS_ISR, status); netif_dbg(ks, intr, ks->netdev, "%s: status 0x%04x\n", __func__, status); - if (status & IRQ_LCI) - handled |= IRQ_LCI; - if (status & IRQ_LDI) { u16 pmecr = ks8851_rdreg16(ks, KS_PMECR); pmecr &= ~PMECR_WKEVT_MASK; ks8851_wrreg16(ks, KS_PMECR, pmecr | PMECR_WKEVT_LINK); - - handled |= IRQ_LDI; } - if (status & IRQ_RXPSI) - handled |= IRQ_RXPSI; - if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); @@ -365,20 +357,12 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); spin_unlock(&ks->statelock); - - handled |= IRQ_TXI; } - if (status & IRQ_RXI) - handled |= IRQ_RXI; - if (status & IRQ_SPIBEI) { netdev_err(ks->netdev, "%s: spi bus error\n", __func__); - handled |= IRQ_SPIBEI; } - ks8851_wrreg16(ks, KS_ISR, handled); - if (status & IRQ_RXI) { /* the datasheet says to disable the rx interrupt during * packet read-out, however we're masking the interrupt

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 317a215d493230da361028ea8a4675de334bfa1a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052504-same-handiness-8e6b@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 317a215d493230da361028ea8a4675de334bfa1a Mon Sep 17 00:00:00 2001 From: Ronald Wahl <ronald.wahl(a)raritan.com> Date: Mon, 13 May 2024 16:39:22 +0200 Subject: [PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag handling Under some circumstances it may happen that the ks8851 Ethernet driver stops sending data. Currently the interrupt handler resets the interrupt status flags in the hardware after handling TX. With this approach we may lose interrupts in the time window between handling the TX interrupt and resetting the TX interrupt status bit. When all of the three following conditions are true then transmitting data stops: - TX queue is stopped to wait for room in the hardware TX buffer - no queued SKBs in the driver (txq) that wait for being written to hw - hardware TX buffer is empty and the last TX interrupt was lost This is because reenabling the TX queue happens when handling the TX interrupt status but if the TX status bit has already been cleared then this interrupt will never come. With this commit the interrupt status flags will be cleared before they are handled. That way we stop losing interrupts. The wrong handling of the ISR flags was there from the beginning but with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") the issue becomes apparent. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 502518cdb461..6453c92f0fa7 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -328,7 +328,6 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) { struct ks8851_net *ks = _ks; struct sk_buff_head rxq; - unsigned handled = 0; unsigned long flags; unsigned int status; struct sk_buff *skb; @@ -336,24 +335,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) ks8851_lock(ks, &flags); status = ks8851_rdreg16(ks, KS_ISR); + ks8851_wrreg16(ks, KS_ISR, status); netif_dbg(ks, intr, ks->netdev, "%s: status 0x%04x\n", __func__, status); - if (status & IRQ_LCI) - handled |= IRQ_LCI; - if (status & IRQ_LDI) { u16 pmecr = ks8851_rdreg16(ks, KS_PMECR); pmecr &= ~PMECR_WKEVT_MASK; ks8851_wrreg16(ks, KS_PMECR, pmecr | PMECR_WKEVT_LINK); - - handled |= IRQ_LDI; } - if (status & IRQ_RXPSI) - handled |= IRQ_RXPSI; - if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); @@ -365,20 +357,12 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); spin_unlock(&ks->statelock); - - handled |= IRQ_TXI; } - if (status & IRQ_RXI) - handled |= IRQ_RXI; - if (status & IRQ_SPIBEI) { netdev_err(ks->netdev, "%s: spi bus error\n", __func__); - handled |= IRQ_SPIBEI; } - ks8851_wrreg16(ks, KS_ISR, handled); - if (status & IRQ_RXI) { /* the datasheet says to disable the rx interrupt during * packet read-out, however we're masking the interrupt

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 317a215d493230da361028ea8a4675de334bfa1a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052503-purchase-hardcore-0032@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 317a215d493230da361028ea8a4675de334bfa1a Mon Sep 17 00:00:00 2001 From: Ronald Wahl <ronald.wahl(a)raritan.com> Date: Mon, 13 May 2024 16:39:22 +0200 Subject: [PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag handling Under some circumstances it may happen that the ks8851 Ethernet driver stops sending data. Currently the interrupt handler resets the interrupt status flags in the hardware after handling TX. With this approach we may lose interrupts in the time window between handling the TX interrupt and resetting the TX interrupt status bit. When all of the three following conditions are true then transmitting data stops: - TX queue is stopped to wait for room in the hardware TX buffer - no queued SKBs in the driver (txq) that wait for being written to hw - hardware TX buffer is empty and the last TX interrupt was lost This is because reenabling the TX queue happens when handling the TX interrupt status but if the TX status bit has already been cleared then this interrupt will never come. With this commit the interrupt status flags will be cleared before they are handled. That way we stop losing interrupts. The wrong handling of the ISR flags was there from the beginning but with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") the issue becomes apparent. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 502518cdb461..6453c92f0fa7 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -328,7 +328,6 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) { struct ks8851_net *ks = _ks; struct sk_buff_head rxq; - unsigned handled = 0; unsigned long flags; unsigned int status; struct sk_buff *skb; @@ -336,24 +335,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) ks8851_lock(ks, &flags); status = ks8851_rdreg16(ks, KS_ISR); + ks8851_wrreg16(ks, KS_ISR, status); netif_dbg(ks, intr, ks->netdev, "%s: status 0x%04x\n", __func__, status); - if (status & IRQ_LCI) - handled |= IRQ_LCI; - if (status & IRQ_LDI) { u16 pmecr = ks8851_rdreg16(ks, KS_PMECR); pmecr &= ~PMECR_WKEVT_MASK; ks8851_wrreg16(ks, KS_PMECR, pmecr | PMECR_WKEVT_LINK); - - handled |= IRQ_LDI; } - if (status & IRQ_RXPSI) - handled |= IRQ_RXPSI; - if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); @@ -365,20 +357,12 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); spin_unlock(&ks->statelock); - - handled |= IRQ_TXI; } - if (status & IRQ_RXI) - handled |= IRQ_RXI; - if (status & IRQ_SPIBEI) { netdev_err(ks->netdev, "%s: spi bus error\n", __func__); - handled |= IRQ_SPIBEI; } - ks8851_wrreg16(ks, KS_ISR, handled); - if (status & IRQ_RXI) { /* the datasheet says to disable the rx interrupt during * packet read-out, however we're masking the interrupt

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] io_uring: fail NOP if non-zero op flags is passed in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3d8f874bd620ce03f75a5512847586828ab86544 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052547-overdraft-murmuring-02fd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d8f874bd620ce03f75a5512847586828ab86544 Mon Sep 17 00:00:00 2001 From: Ming Lei <ming.lei(a)redhat.com> Date: Fri, 10 May 2024 11:50:27 +0800 Subject: [PATCH] io_uring: fail NOP if non-zero op flags is passed in The NOP op flags should have been checked from beginning like any other opcode, otherwise NOP may not be extended with the op flags. Given both liburing and Rust io-uring crate always zeros SQE op flags, just ignore users which play raw NOP uring interface without zeroing SQE, because NOP is just for test purpose. Then we can save one NOP2 opcode. Suggested-by: Jens Axboe <axboe(a)kernel.dk> Fixes: 2b188cc1bb85 ("Add io_uring IO interface") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20240510035031.78874-2-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/nop.c b/io_uring/nop.c index d956599a3c1b..1a4e312dfe51 100644 --- a/io_uring/nop.c +++ b/io_uring/nop.c @@ -12,6 +12,8 @@ int io_nop_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { + if (READ_ONCE(sqe->rw_flags)) + return -EINVAL; return 0; }

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Input: try trimming too long modalias strings" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 0774d19038c496f0c3602fb505c43e1b2d8eed85 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052513-reason-faceplate-ef1a@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0774d19038c496f0c3602fb505c43e1b2d8eed85 Mon Sep 17 00:00:00 2001 From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Date: Mon, 29 Apr 2024 14:50:41 -0700 Subject: [PATCH] Input: try trimming too long modalias strings If an input device declares too many capability bits then modalias string for such device may become too long and not fit into uevent buffer, resulting in failure of sending said uevent. This, in turn, may prevent userspace from recognizing existence of such devices. This is typically not a concern for real hardware devices as they have limited number of keys, but happen with synthetic devices such as ones created by xen-kbdfront driver, which creates devices as being capable of delivering all possible keys, since it doesn't know what keys the backend may produce. To deal with such devices input core will attempt to trim key data, in the hope that the rest of modalias string will fit in the given buffer. When trimming key data it will indicate that it is not complete by placing "+," sign, resulting in conversions like this: old: k71,72,73,74,78,7A,7B,7C,7D,8E,9E,A4,AD,E0,E1,E4,F8,174, new: k71,72,73,74,78,7A,7B,7C,+, This should allow existing udev rules continue to work with existing devices, and will also allow writing more complex rules that would recognize trimmed modalias and check input device characteristics by other means (for example by parsing KEY= data in uevent or parsing input device sysfs attributes). Note that the driver core may try adding more uevent environment variables once input core is done adding its own, so when forming modalias we can not use the entire available buffer, so we reduce it by somewhat an arbitrary amount (96 bytes). Reported-by: Jason Andryuk <jandryuk(a)gmail.com> Reviewed-by: Peter Hutterer <peter.hutterer(a)who-t.net> Tested-by: Jason Andryuk <jandryuk(a)gmail.com> Link: https://lore.kernel.org/r/ZjAWMQCJdrxZkvkB@google.com Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/input.c b/drivers/input/input.c index 711485437567..fd4997ba263c 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1378,19 +1378,19 @@ static int input_print_modalias_bits(char *buf, int size, char name, const unsigned long *bm, unsigned int min_bit, unsigned int max_bit) { - int len = 0, i; + int bit = min_bit; + int len = 0; len += snprintf(buf, max(size, 0), "%c", name); - for (i = min_bit; i < max_bit; i++) - if (bm[BIT_WORD(i)] & BIT_MASK(i)) - len += snprintf(buf + len, max(size - len, 0), "%X,", i); + for_each_set_bit_from(bit, bm, max_bit) + len += snprintf(buf + len, max(size - len, 0), "%X,", bit); return len; } -static int input_print_modalias(char *buf, int size, const struct input_dev *id, - int add_cr) +static int input_print_modalias_parts(char *buf, int size, int full_len, + const struct input_dev *id) { - int len; + int len, klen, remainder, space; len = snprintf(buf, max(size, 0), "input:b%04Xv%04Xp%04Xe%04X-", @@ -1399,8 +1399,48 @@ static int input_print_modalias(char *buf, int size, const struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'e', id->evbit, 0, EV_MAX); - len += input_print_modalias_bits(buf + len, size - len, + + /* + * Calculate the remaining space in the buffer making sure we + * have place for the terminating 0. + */ + space = max(size - (len + 1), 0); + + klen = input_print_modalias_bits(buf + len, size - len, 'k', id->keybit, KEY_MIN_INTERESTING, KEY_MAX); + len += klen; + + /* + * If we have more data than we can fit in the buffer, check + * if we can trim key data to fit in the rest. We will indicate + * that key data is incomplete by adding "+" sign at the end, like + * this: * "k1,2,3,45,+,". + * + * Note that we shortest key info (if present) is "k+," so we + * can only try to trim if key data is longer than that. + */ + if (full_len && size < full_len + 1 && klen > 3) { + remainder = full_len - len; + /* + * We can only trim if we have space for the remainder + * and also for at least "k+," which is 3 more characters. + */ + if (remainder <= space - 3) { + /* + * We are guaranteed to have 'k' in the buffer, so + * we need at least 3 additional bytes for storing + * "+," in addition to the remainder. + */ + for (int i = size - 1 - remainder - 3; i >= 0; i--) { + if (buf[i] == 'k' || buf[i] == ',') { + strcpy(buf + i + 1, "+,"); + len = i + 3; /* Not counting '\0' */ + break; + } + } + } + } + len += input_print_modalias_bits(buf + len, size - len, 'r', id->relbit, 0, REL_MAX); len += input_print_modalias_bits(buf + len, size - len, @@ -1416,12 +1456,25 @@ static int input_print_modalias(char *buf, int size, const struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'w', id->swbit, 0, SW_MAX); - if (add_cr) - len += snprintf(buf + len, max(size - len, 0), "\n"); - return len; } +static int input_print_modalias(char *buf, int size, const struct input_dev *id) +{ + int full_len; + + /* + * Printing is done in 2 passes: first one figures out total length + * needed for the modalias string, second one will try to trim key + * data in case when buffer is too small for the entire modalias. + * If the buffer is too small regardless, it will fill as much as it + * can (without trimming key data) into the buffer and leave it to + * the caller to figure out what to do with the result. + */ + full_len = input_print_modalias_parts(NULL, 0, 0, id); + return input_print_modalias_parts(buf, size, full_len, id); +} + static ssize_t input_dev_show_modalias(struct device *dev, struct device_attribute *attr, char *buf) @@ -1429,7 +1482,9 @@ static ssize_t input_dev_show_modalias(struct device *dev, struct input_dev *id = to_input_dev(dev); ssize_t len; - len = input_print_modalias(buf, PAGE_SIZE, id, 1); + len = input_print_modalias(buf, PAGE_SIZE, id); + if (len < PAGE_SIZE - 2) + len += snprintf(buf + len, PAGE_SIZE - len, "\n"); return min_t(int, len, PAGE_SIZE); } @@ -1641,6 +1696,23 @@ static int input_add_uevent_bm_var(struct kobj_uevent_env *env, return 0; } +/* + * This is a pretty gross hack. When building uevent data the driver core + * may try adding more environment variables to kobj_uevent_env without + * telling us, so we have no idea how much of the buffer we can use to + * avoid overflows/-ENOMEM elsewhere. To work around this let's artificially + * reduce amount of memory we will use for the modalias environment variable. + * + * The potential additions are: + * + * SEQNUM=18446744073709551615 - (%llu - 28 bytes) + * HOME=/ (6 bytes) + * PATH=/sbin:/bin:/usr/sbin:/usr/bin (34 bytes) + * + * 68 bytes total. Allow extra buffer - 96 bytes + */ +#define UEVENT_ENV_EXTRA_LEN 96 + static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, const struct input_dev *dev) { @@ -1650,9 +1722,11 @@ static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, return -ENOMEM; len = input_print_modalias(&env->buf[env->buflen - 1], - sizeof(env->buf) - env->buflen, - dev, 0); - if (len >= (sizeof(env->buf) - env->buflen)) + (int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN, + dev); + if (len >= ((int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN)) return -ENOMEM; env->buflen += len;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Input: try trimming too long modalias strings" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0774d19038c496f0c3602fb505c43e1b2d8eed85 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052512-grunt-open-ce9d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0774d19038c496f0c3602fb505c43e1b2d8eed85 Mon Sep 17 00:00:00 2001 From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Date: Mon, 29 Apr 2024 14:50:41 -0700 Subject: [PATCH] Input: try trimming too long modalias strings If an input device declares too many capability bits then modalias string for such device may become too long and not fit into uevent buffer, resulting in failure of sending said uevent. This, in turn, may prevent userspace from recognizing existence of such devices. This is typically not a concern for real hardware devices as they have limited number of keys, but happen with synthetic devices such as ones created by xen-kbdfront driver, which creates devices as being capable of delivering all possible keys, since it doesn't know what keys the backend may produce. To deal with such devices input core will attempt to trim key data, in the hope that the rest of modalias string will fit in the given buffer. When trimming key data it will indicate that it is not complete by placing "+," sign, resulting in conversions like this: old: k71,72,73,74,78,7A,7B,7C,7D,8E,9E,A4,AD,E0,E1,E4,F8,174, new: k71,72,73,74,78,7A,7B,7C,+, This should allow existing udev rules continue to work with existing devices, and will also allow writing more complex rules that would recognize trimmed modalias and check input device characteristics by other means (for example by parsing KEY= data in uevent or parsing input device sysfs attributes). Note that the driver core may try adding more uevent environment variables once input core is done adding its own, so when forming modalias we can not use the entire available buffer, so we reduce it by somewhat an arbitrary amount (96 bytes). Reported-by: Jason Andryuk <jandryuk(a)gmail.com> Reviewed-by: Peter Hutterer <peter.hutterer(a)who-t.net> Tested-by: Jason Andryuk <jandryuk(a)gmail.com> Link: https://lore.kernel.org/r/ZjAWMQCJdrxZkvkB@google.com Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/input.c b/drivers/input/input.c index 711485437567..fd4997ba263c 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1378,19 +1378,19 @@ static int input_print_modalias_bits(char *buf, int size, char name, const unsigned long *bm, unsigned int min_bit, unsigned int max_bit) { - int len = 0, i; + int bit = min_bit; + int len = 0; len += snprintf(buf, max(size, 0), "%c", name); - for (i = min_bit; i < max_bit; i++) - if (bm[BIT_WORD(i)] & BIT_MASK(i)) - len += snprintf(buf + len, max(size - len, 0), "%X,", i); + for_each_set_bit_from(bit, bm, max_bit) + len += snprintf(buf + len, max(size - len, 0), "%X,", bit); return len; } -static int input_print_modalias(char *buf, int size, const struct input_dev *id, - int add_cr) +static int input_print_modalias_parts(char *buf, int size, int full_len, + const struct input_dev *id) { - int len; + int len, klen, remainder, space; len = snprintf(buf, max(size, 0), "input:b%04Xv%04Xp%04Xe%04X-", @@ -1399,8 +1399,48 @@ static int input_print_modalias(char *buf, int size, const struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'e', id->evbit, 0, EV_MAX); - len += input_print_modalias_bits(buf + len, size - len, + + /* + * Calculate the remaining space in the buffer making sure we + * have place for the terminating 0. + */ + space = max(size - (len + 1), 0); + + klen = input_print_modalias_bits(buf + len, size - len, 'k', id->keybit, KEY_MIN_INTERESTING, KEY_MAX); + len += klen; + + /* + * If we have more data than we can fit in the buffer, check + * if we can trim key data to fit in the rest. We will indicate + * that key data is incomplete by adding "+" sign at the end, like + * this: * "k1,2,3,45,+,". + * + * Note that we shortest key info (if present) is "k+," so we + * can only try to trim if key data is longer than that. + */ + if (full_len && size < full_len + 1 && klen > 3) { + remainder = full_len - len; + /* + * We can only trim if we have space for the remainder + * and also for at least "k+," which is 3 more characters. + */ + if (remainder <= space - 3) { + /* + * We are guaranteed to have 'k' in the buffer, so + * we need at least 3 additional bytes for storing + * "+," in addition to the remainder. + */ + for (int i = size - 1 - remainder - 3; i >= 0; i--) { + if (buf[i] == 'k' || buf[i] == ',') { + strcpy(buf + i + 1, "+,"); + len = i + 3; /* Not counting '\0' */ + break; + } + } + } + } + len += input_print_modalias_bits(buf + len, size - len, 'r', id->relbit, 0, REL_MAX); len += input_print_modalias_bits(buf + len, size - len, @@ -1416,12 +1456,25 @@ static int input_print_modalias(char *buf, int size, const struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'w', id->swbit, 0, SW_MAX); - if (add_cr) - len += snprintf(buf + len, max(size - len, 0), "\n"); - return len; } +static int input_print_modalias(char *buf, int size, const struct input_dev *id) +{ + int full_len; + + /* + * Printing is done in 2 passes: first one figures out total length + * needed for the modalias string, second one will try to trim key + * data in case when buffer is too small for the entire modalias. + * If the buffer is too small regardless, it will fill as much as it + * can (without trimming key data) into the buffer and leave it to + * the caller to figure out what to do with the result. + */ + full_len = input_print_modalias_parts(NULL, 0, 0, id); + return input_print_modalias_parts(buf, size, full_len, id); +} + static ssize_t input_dev_show_modalias(struct device *dev, struct device_attribute *attr, char *buf) @@ -1429,7 +1482,9 @@ static ssize_t input_dev_show_modalias(struct device *dev, struct input_dev *id = to_input_dev(dev); ssize_t len; - len = input_print_modalias(buf, PAGE_SIZE, id, 1); + len = input_print_modalias(buf, PAGE_SIZE, id); + if (len < PAGE_SIZE - 2) + len += snprintf(buf + len, PAGE_SIZE - len, "\n"); return min_t(int, len, PAGE_SIZE); } @@ -1641,6 +1696,23 @@ static int input_add_uevent_bm_var(struct kobj_uevent_env *env, return 0; } +/* + * This is a pretty gross hack. When building uevent data the driver core + * may try adding more environment variables to kobj_uevent_env without + * telling us, so we have no idea how much of the buffer we can use to + * avoid overflows/-ENOMEM elsewhere. To work around this let's artificially + * reduce amount of memory we will use for the modalias environment variable. + * + * The potential additions are: + * + * SEQNUM=18446744073709551615 - (%llu - 28 bytes) + * HOME=/ (6 bytes) + * PATH=/sbin:/bin:/usr/sbin:/usr/bin (34 bytes) + * + * 68 bytes total. Allow extra buffer - 96 bytes + */ +#define UEVENT_ENV_EXTRA_LEN 96 + static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, const struct input_dev *dev) { @@ -1650,9 +1722,11 @@ static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, return -ENOMEM; len = input_print_modalias(&env->buf[env->buflen - 1], - sizeof(env->buf) - env->buflen, - dev, 0); - if (len >= (sizeof(env->buf) - env->buflen)) + (int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN, + dev); + if (len >= ((int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN)) return -ENOMEM; env->buflen += len;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Input: try trimming too long modalias strings" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0774d19038c496f0c3602fb505c43e1b2d8eed85 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052511-greedless-jukebox-5abd@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0774d19038c496f0c3602fb505c43e1b2d8eed85 Mon Sep 17 00:00:00 2001 From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Date: Mon, 29 Apr 2024 14:50:41 -0700 Subject: [PATCH] Input: try trimming too long modalias strings If an input device declares too many capability bits then modalias string for such device may become too long and not fit into uevent buffer, resulting in failure of sending said uevent. This, in turn, may prevent userspace from recognizing existence of such devices. This is typically not a concern for real hardware devices as they have limited number of keys, but happen with synthetic devices such as ones created by xen-kbdfront driver, which creates devices as being capable of delivering all possible keys, since it doesn't know what keys the backend may produce. To deal with such devices input core will attempt to trim key data, in the hope that the rest of modalias string will fit in the given buffer. When trimming key data it will indicate that it is not complete by placing "+," sign, resulting in conversions like this: old: k71,72,73,74,78,7A,7B,7C,7D,8E,9E,A4,AD,E0,E1,E4,F8,174, new: k71,72,73,74,78,7A,7B,7C,+, This should allow existing udev rules continue to work with existing devices, and will also allow writing more complex rules that would recognize trimmed modalias and check input device characteristics by other means (for example by parsing KEY= data in uevent or parsing input device sysfs attributes). Note that the driver core may try adding more uevent environment variables once input core is done adding its own, so when forming modalias we can not use the entire available buffer, so we reduce it by somewhat an arbitrary amount (96 bytes). Reported-by: Jason Andryuk <jandryuk(a)gmail.com> Reviewed-by: Peter Hutterer <peter.hutterer(a)who-t.net> Tested-by: Jason Andryuk <jandryuk(a)gmail.com> Link: https://lore.kernel.org/r/ZjAWMQCJdrxZkvkB@google.com Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/input.c b/drivers/input/input.c index 711485437567..fd4997ba263c 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1378,19 +1378,19 @@ static int input_print_modalias_bits(char *buf, int size, char name, const unsigned long *bm, unsigned int min_bit, unsigned int max_bit) { - int len = 0, i; + int bit = min_bit; + int len = 0; len += snprintf(buf, max(size, 0), "%c", name); - for (i = min_bit; i < max_bit; i++) - if (bm[BIT_WORD(i)] & BIT_MASK(i)) - len += snprintf(buf + len, max(size - len, 0), "%X,", i); + for_each_set_bit_from(bit, bm, max_bit) + len += snprintf(buf + len, max(size - len, 0), "%X,", bit); return len; } -static int input_print_modalias(char *buf, int size, const struct input_dev *id, - int add_cr) +static int input_print_modalias_parts(char *buf, int size, int full_len, + const struct input_dev *id) { - int len; + int len, klen, remainder, space; len = snprintf(buf, max(size, 0), "input:b%04Xv%04Xp%04Xe%04X-", @@ -1399,8 +1399,48 @@ static int input_print_modalias(char *buf, int size, const struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'e', id->evbit, 0, EV_MAX); - len += input_print_modalias_bits(buf + len, size - len, + + /* + * Calculate the remaining space in the buffer making sure we + * have place for the terminating 0. + */ + space = max(size - (len + 1), 0); + + klen = input_print_modalias_bits(buf + len, size - len, 'k', id->keybit, KEY_MIN_INTERESTING, KEY_MAX); + len += klen; + + /* + * If we have more data than we can fit in the buffer, check + * if we can trim key data to fit in the rest. We will indicate + * that key data is incomplete by adding "+" sign at the end, like + * this: * "k1,2,3,45,+,". + * + * Note that we shortest key info (if present) is "k+," so we + * can only try to trim if key data is longer than that. + */ + if (full_len && size < full_len + 1 && klen > 3) { + remainder = full_len - len; + /* + * We can only trim if we have space for the remainder + * and also for at least "k+," which is 3 more characters. + */ + if (remainder <= space - 3) { + /* + * We are guaranteed to have 'k' in the buffer, so + * we need at least 3 additional bytes for storing + * "+," in addition to the remainder. + */ + for (int i = size - 1 - remainder - 3; i >= 0; i--) { + if (buf[i] == 'k' || buf[i] == ',') { + strcpy(buf + i + 1, "+,"); + len = i + 3; /* Not counting '\0' */ + break; + } + } + } + } + len += input_print_modalias_bits(buf + len, size - len, 'r', id->relbit, 0, REL_MAX); len += input_print_modalias_bits(buf + len, size - len, @@ -1416,12 +1456,25 @@ static int input_print_modalias(char *buf, int size, const struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'w', id->swbit, 0, SW_MAX); - if (add_cr) - len += snprintf(buf + len, max(size - len, 0), "\n"); - return len; } +static int input_print_modalias(char *buf, int size, const struct input_dev *id) +{ + int full_len; + + /* + * Printing is done in 2 passes: first one figures out total length + * needed for the modalias string, second one will try to trim key + * data in case when buffer is too small for the entire modalias. + * If the buffer is too small regardless, it will fill as much as it + * can (without trimming key data) into the buffer and leave it to + * the caller to figure out what to do with the result. + */ + full_len = input_print_modalias_parts(NULL, 0, 0, id); + return input_print_modalias_parts(buf, size, full_len, id); +} + static ssize_t input_dev_show_modalias(struct device *dev, struct device_attribute *attr, char *buf) @@ -1429,7 +1482,9 @@ static ssize_t input_dev_show_modalias(struct device *dev, struct input_dev *id = to_input_dev(dev); ssize_t len; - len = input_print_modalias(buf, PAGE_SIZE, id, 1); + len = input_print_modalias(buf, PAGE_SIZE, id); + if (len < PAGE_SIZE - 2) + len += snprintf(buf + len, PAGE_SIZE - len, "\n"); return min_t(int, len, PAGE_SIZE); } @@ -1641,6 +1696,23 @@ static int input_add_uevent_bm_var(struct kobj_uevent_env *env, return 0; } +/* + * This is a pretty gross hack. When building uevent data the driver core + * may try adding more environment variables to kobj_uevent_env without + * telling us, so we have no idea how much of the buffer we can use to + * avoid overflows/-ENOMEM elsewhere. To work around this let's artificially + * reduce amount of memory we will use for the modalias environment variable. + * + * The potential additions are: + * + * SEQNUM=18446744073709551615 - (%llu - 28 bytes) + * HOME=/ (6 bytes) + * PATH=/sbin:/bin:/usr/sbin:/usr/bin (34 bytes) + * + * 68 bytes total. Allow extra buffer - 96 bytes + */ +#define UEVENT_ENV_EXTRA_LEN 96 + static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, const struct input_dev *dev) { @@ -1650,9 +1722,11 @@ static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, return -ENOMEM; len = input_print_modalias(&env->buf[env->buflen - 1], - sizeof(env->buf) - env->buflen, - dev, 0); - if (len >= (sizeof(env->buf) - env->buflen)) + (int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN, + dev); + if (len >= ((int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN)) return -ENOMEM; env->buflen += len;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Input: try trimming too long modalias strings" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0774d19038c496f0c3602fb505c43e1b2d8eed85 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052509-curvature-profane-0ac3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0774d19038c496f0c3602fb505c43e1b2d8eed85 Mon Sep 17 00:00:00 2001 From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Date: Mon, 29 Apr 2024 14:50:41 -0700 Subject: [PATCH] Input: try trimming too long modalias strings If an input device declares too many capability bits then modalias string for such device may become too long and not fit into uevent buffer, resulting in failure of sending said uevent. This, in turn, may prevent userspace from recognizing existence of such devices. This is typically not a concern for real hardware devices as they have limited number of keys, but happen with synthetic devices such as ones created by xen-kbdfront driver, which creates devices as being capable of delivering all possible keys, since it doesn't know what keys the backend may produce. To deal with such devices input core will attempt to trim key data, in the hope that the rest of modalias string will fit in the given buffer. When trimming key data it will indicate that it is not complete by placing "+," sign, resulting in conversions like this: old: k71,72,73,74,78,7A,7B,7C,7D,8E,9E,A4,AD,E0,E1,E4,F8,174, new: k71,72,73,74,78,7A,7B,7C,+, This should allow existing udev rules continue to work with existing devices, and will also allow writing more complex rules that would recognize trimmed modalias and check input device characteristics by other means (for example by parsing KEY= data in uevent or parsing input device sysfs attributes). Note that the driver core may try adding more uevent environment variables once input core is done adding its own, so when forming modalias we can not use the entire available buffer, so we reduce it by somewhat an arbitrary amount (96 bytes). Reported-by: Jason Andryuk <jandryuk(a)gmail.com> Reviewed-by: Peter Hutterer <peter.hutterer(a)who-t.net> Tested-by: Jason Andryuk <jandryuk(a)gmail.com> Link: https://lore.kernel.org/r/ZjAWMQCJdrxZkvkB@google.com Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/input.c b/drivers/input/input.c index 711485437567..fd4997ba263c 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1378,19 +1378,19 @@ static int input_print_modalias_bits(char *buf, int size, char name, const unsigned long *bm, unsigned int min_bit, unsigned int max_bit) { - int len = 0, i; + int bit = min_bit; + int len = 0; len += snprintf(buf, max(size, 0), "%c", name); - for (i = min_bit; i < max_bit; i++) - if (bm[BIT_WORD(i)] & BIT_MASK(i)) - len += snprintf(buf + len, max(size - len, 0), "%X,", i); + for_each_set_bit_from(bit, bm, max_bit) + len += snprintf(buf + len, max(size - len, 0), "%X,", bit); return len; } -static int input_print_modalias(char *buf, int size, const struct input_dev *id, - int add_cr) +static int input_print_modalias_parts(char *buf, int size, int full_len, + const struct input_dev *id) { - int len; + int len, klen, remainder, space; len = snprintf(buf, max(size, 0), "input:b%04Xv%04Xp%04Xe%04X-", @@ -1399,8 +1399,48 @@ static int input_print_modalias(char *buf, int size, const struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'e', id->evbit, 0, EV_MAX); - len += input_print_modalias_bits(buf + len, size - len, + + /* + * Calculate the remaining space in the buffer making sure we + * have place for the terminating 0. + */ + space = max(size - (len + 1), 0); + + klen = input_print_modalias_bits(buf + len, size - len, 'k', id->keybit, KEY_MIN_INTERESTING, KEY_MAX); + len += klen; + + /* + * If we have more data than we can fit in the buffer, check + * if we can trim key data to fit in the rest. We will indicate + * that key data is incomplete by adding "+" sign at the end, like + * this: * "k1,2,3,45,+,". + * + * Note that we shortest key info (if present) is "k+," so we + * can only try to trim if key data is longer than that. + */ + if (full_len && size < full_len + 1 && klen > 3) { + remainder = full_len - len; + /* + * We can only trim if we have space for the remainder + * and also for at least "k+," which is 3 more characters. + */ + if (remainder <= space - 3) { + /* + * We are guaranteed to have 'k' in the buffer, so + * we need at least 3 additional bytes for storing + * "+," in addition to the remainder. + */ + for (int i = size - 1 - remainder - 3; i >= 0; i--) { + if (buf[i] == 'k' || buf[i] == ',') { + strcpy(buf + i + 1, "+,"); + len = i + 3; /* Not counting '\0' */ + break; + } + } + } + } + len += input_print_modalias_bits(buf + len, size - len, 'r', id->relbit, 0, REL_MAX); len += input_print_modalias_bits(buf + len, size - len, @@ -1416,12 +1456,25 @@ static int input_print_modalias(char *buf, int size, const struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'w', id->swbit, 0, SW_MAX); - if (add_cr) - len += snprintf(buf + len, max(size - len, 0), "\n"); - return len; } +static int input_print_modalias(char *buf, int size, const struct input_dev *id) +{ + int full_len; + + /* + * Printing is done in 2 passes: first one figures out total length + * needed for the modalias string, second one will try to trim key + * data in case when buffer is too small for the entire modalias. + * If the buffer is too small regardless, it will fill as much as it + * can (without trimming key data) into the buffer and leave it to + * the caller to figure out what to do with the result. + */ + full_len = input_print_modalias_parts(NULL, 0, 0, id); + return input_print_modalias_parts(buf, size, full_len, id); +} + static ssize_t input_dev_show_modalias(struct device *dev, struct device_attribute *attr, char *buf) @@ -1429,7 +1482,9 @@ static ssize_t input_dev_show_modalias(struct device *dev, struct input_dev *id = to_input_dev(dev); ssize_t len; - len = input_print_modalias(buf, PAGE_SIZE, id, 1); + len = input_print_modalias(buf, PAGE_SIZE, id); + if (len < PAGE_SIZE - 2) + len += snprintf(buf + len, PAGE_SIZE - len, "\n"); return min_t(int, len, PAGE_SIZE); } @@ -1641,6 +1696,23 @@ static int input_add_uevent_bm_var(struct kobj_uevent_env *env, return 0; } +/* + * This is a pretty gross hack. When building uevent data the driver core + * may try adding more environment variables to kobj_uevent_env without + * telling us, so we have no idea how much of the buffer we can use to + * avoid overflows/-ENOMEM elsewhere. To work around this let's artificially + * reduce amount of memory we will use for the modalias environment variable. + * + * The potential additions are: + * + * SEQNUM=18446744073709551615 - (%llu - 28 bytes) + * HOME=/ (6 bytes) + * PATH=/sbin:/bin:/usr/sbin:/usr/bin (34 bytes) + * + * 68 bytes total. Allow extra buffer - 96 bytes + */ +#define UEVENT_ENV_EXTRA_LEN 96 + static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, const struct input_dev *dev) { @@ -1650,9 +1722,11 @@ static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, return -ENOMEM; len = input_print_modalias(&env->buf[env->buflen - 1], - sizeof(env->buf) - env->buflen, - dev, 0); - if (len >= (sizeof(env->buf) - env->buflen)) + (int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN, + dev); + if (len >= ((int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN)) return -ENOMEM; env->buflen += len;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Input: try trimming too long modalias strings" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0774d19038c496f0c3602fb505c43e1b2d8eed85 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052508-stoke-gibberish-c092@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0774d19038c496f0c3602fb505c43e1b2d8eed85 Mon Sep 17 00:00:00 2001 From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Date: Mon, 29 Apr 2024 14:50:41 -0700 Subject: [PATCH] Input: try trimming too long modalias strings If an input device declares too many capability bits then modalias string for such device may become too long and not fit into uevent buffer, resulting in failure of sending said uevent. This, in turn, may prevent userspace from recognizing existence of such devices. This is typically not a concern for real hardware devices as they have limited number of keys, but happen with synthetic devices such as ones created by xen-kbdfront driver, which creates devices as being capable of delivering all possible keys, since it doesn't know what keys the backend may produce. To deal with such devices input core will attempt to trim key data, in the hope that the rest of modalias string will fit in the given buffer. When trimming key data it will indicate that it is not complete by placing "+," sign, resulting in conversions like this: old: k71,72,73,74,78,7A,7B,7C,7D,8E,9E,A4,AD,E0,E1,E4,F8,174, new: k71,72,73,74,78,7A,7B,7C,+, This should allow existing udev rules continue to work with existing devices, and will also allow writing more complex rules that would recognize trimmed modalias and check input device characteristics by other means (for example by parsing KEY= data in uevent or parsing input device sysfs attributes). Note that the driver core may try adding more uevent environment variables once input core is done adding its own, so when forming modalias we can not use the entire available buffer, so we reduce it by somewhat an arbitrary amount (96 bytes). Reported-by: Jason Andryuk <jandryuk(a)gmail.com> Reviewed-by: Peter Hutterer <peter.hutterer(a)who-t.net> Tested-by: Jason Andryuk <jandryuk(a)gmail.com> Link: https://lore.kernel.org/r/ZjAWMQCJdrxZkvkB@google.com Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> diff --git a/drivers/input/input.c b/drivers/input/input.c index 711485437567..fd4997ba263c 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1378,19 +1378,19 @@ static int input_print_modalias_bits(char *buf, int size, char name, const unsigned long *bm, unsigned int min_bit, unsigned int max_bit) { - int len = 0, i; + int bit = min_bit; + int len = 0; len += snprintf(buf, max(size, 0), "%c", name); - for (i = min_bit; i < max_bit; i++) - if (bm[BIT_WORD(i)] & BIT_MASK(i)) - len += snprintf(buf + len, max(size - len, 0), "%X,", i); + for_each_set_bit_from(bit, bm, max_bit) + len += snprintf(buf + len, max(size - len, 0), "%X,", bit); return len; } -static int input_print_modalias(char *buf, int size, const struct input_dev *id, - int add_cr) +static int input_print_modalias_parts(char *buf, int size, int full_len, + const struct input_dev *id) { - int len; + int len, klen, remainder, space; len = snprintf(buf, max(size, 0), "input:b%04Xv%04Xp%04Xe%04X-", @@ -1399,8 +1399,48 @@ static int input_print_modalias(char *buf, int size, const struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'e', id->evbit, 0, EV_MAX); - len += input_print_modalias_bits(buf + len, size - len, + + /* + * Calculate the remaining space in the buffer making sure we + * have place for the terminating 0. + */ + space = max(size - (len + 1), 0); + + klen = input_print_modalias_bits(buf + len, size - len, 'k', id->keybit, KEY_MIN_INTERESTING, KEY_MAX); + len += klen; + + /* + * If we have more data than we can fit in the buffer, check + * if we can trim key data to fit in the rest. We will indicate + * that key data is incomplete by adding "+" sign at the end, like + * this: * "k1,2,3,45,+,". + * + * Note that we shortest key info (if present) is "k+," so we + * can only try to trim if key data is longer than that. + */ + if (full_len && size < full_len + 1 && klen > 3) { + remainder = full_len - len; + /* + * We can only trim if we have space for the remainder + * and also for at least "k+," which is 3 more characters. + */ + if (remainder <= space - 3) { + /* + * We are guaranteed to have 'k' in the buffer, so + * we need at least 3 additional bytes for storing + * "+," in addition to the remainder. + */ + for (int i = size - 1 - remainder - 3; i >= 0; i--) { + if (buf[i] == 'k' || buf[i] == ',') { + strcpy(buf + i + 1, "+,"); + len = i + 3; /* Not counting '\0' */ + break; + } + } + } + } + len += input_print_modalias_bits(buf + len, size - len, 'r', id->relbit, 0, REL_MAX); len += input_print_modalias_bits(buf + len, size - len, @@ -1416,12 +1456,25 @@ static int input_print_modalias(char *buf, int size, const struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'w', id->swbit, 0, SW_MAX); - if (add_cr) - len += snprintf(buf + len, max(size - len, 0), "\n"); - return len; } +static int input_print_modalias(char *buf, int size, const struct input_dev *id) +{ + int full_len; + + /* + * Printing is done in 2 passes: first one figures out total length + * needed for the modalias string, second one will try to trim key + * data in case when buffer is too small for the entire modalias. + * If the buffer is too small regardless, it will fill as much as it + * can (without trimming key data) into the buffer and leave it to + * the caller to figure out what to do with the result. + */ + full_len = input_print_modalias_parts(NULL, 0, 0, id); + return input_print_modalias_parts(buf, size, full_len, id); +} + static ssize_t input_dev_show_modalias(struct device *dev, struct device_attribute *attr, char *buf) @@ -1429,7 +1482,9 @@ static ssize_t input_dev_show_modalias(struct device *dev, struct input_dev *id = to_input_dev(dev); ssize_t len; - len = input_print_modalias(buf, PAGE_SIZE, id, 1); + len = input_print_modalias(buf, PAGE_SIZE, id); + if (len < PAGE_SIZE - 2) + len += snprintf(buf + len, PAGE_SIZE - len, "\n"); return min_t(int, len, PAGE_SIZE); } @@ -1641,6 +1696,23 @@ static int input_add_uevent_bm_var(struct kobj_uevent_env *env, return 0; } +/* + * This is a pretty gross hack. When building uevent data the driver core + * may try adding more environment variables to kobj_uevent_env without + * telling us, so we have no idea how much of the buffer we can use to + * avoid overflows/-ENOMEM elsewhere. To work around this let's artificially + * reduce amount of memory we will use for the modalias environment variable. + * + * The potential additions are: + * + * SEQNUM=18446744073709551615 - (%llu - 28 bytes) + * HOME=/ (6 bytes) + * PATH=/sbin:/bin:/usr/sbin:/usr/bin (34 bytes) + * + * 68 bytes total. Allow extra buffer - 96 bytes + */ +#define UEVENT_ENV_EXTRA_LEN 96 + static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, const struct input_dev *dev) { @@ -1650,9 +1722,11 @@ static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, return -ENOMEM; len = input_print_modalias(&env->buf[env->buflen - 1], - sizeof(env->buf) - env->buflen, - dev, 0); - if (len >= (sizeof(env->buf) - env->buflen)) + (int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN, + dev); + if (len >= ((int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN)) return -ENOMEM; env->buflen += len;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8492bd91aa055907c67ef04f2b56f6dadd1f44bf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052509-agreement-quilt-f251@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8492bd91aa055907c67ef04f2b56f6dadd1f44bf Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 30 Apr 2024 16:04:30 -0400 Subject: [PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler When using a high speed clock with a low baud rate, the 4x prescaler is automatically selected if required. In that case, sc16is7xx_set_baud() properly configures the chip registers, but returns an incorrect baud rate by not taking into account the prescaler value. This incorrect baud rate is then fed to uart_update_timeout(). For example, with an input clock of 80MHz, and a selected baud rate of 50, sc16is7xx_set_baud() will return 200 instead of 50. Fix this by first changing the prescaler variable to hold the selected prescaler value instead of the MCR bitfield. Then properly take into account the selected prescaler value in the return value computation. Also add better documentation about the divisor value computation. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Jiri Slaby <jirislaby(a)kernel.org> Link: https://lore.kernel.org/r/20240430200431.4102923-1-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 929206a9a6e1..12915fffac27 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -554,16 +554,28 @@ static bool sc16is7xx_regmap_noinc(struct device *dev, unsigned int reg) return reg == SC16IS7XX_RHR_REG; } +/* + * Configure programmable baud rate generator (divisor) according to the + * desired baud rate. + * + * From the datasheet, the divisor is computed according to: + * + * XTAL1 input frequency + * ----------------------- + * prescaler + * divisor = --------------------------- + * baud-rate x sampling-rate + */ static int sc16is7xx_set_baud(struct uart_port *port, int baud) { struct sc16is7xx_one *one = to_sc16is7xx_one(port, port); u8 lcr; - u8 prescaler = 0; + unsigned int prescaler = 1; unsigned long clk = port->uartclk, div = clk / 16 / baud; if (div >= BIT(16)) { - prescaler = SC16IS7XX_MCR_CLKSEL_BIT; - div /= 4; + prescaler = 4; + div /= prescaler; } /* Enable enhanced features */ @@ -573,9 +585,10 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_EFR_ENABLE_BIT); sc16is7xx_efr_unlock(port); + /* If bit MCR_CLKSEL is set, the divide by 4 prescaler is activated. */ sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, SC16IS7XX_MCR_CLKSEL_BIT, - prescaler); + prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); /* Backup LCR and access special register set (DLL/DLH) */ lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); @@ -591,7 +604,7 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Restore LCR and access to general register set */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); - return DIV_ROUND_CLOSEST(clk / 16, div); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8492bd91aa055907c67ef04f2b56f6dadd1f44bf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052508-corporate-mayday-15b7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8492bd91aa055907c67ef04f2b56f6dadd1f44bf Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 30 Apr 2024 16:04:30 -0400 Subject: [PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler When using a high speed clock with a low baud rate, the 4x prescaler is automatically selected if required. In that case, sc16is7xx_set_baud() properly configures the chip registers, but returns an incorrect baud rate by not taking into account the prescaler value. This incorrect baud rate is then fed to uart_update_timeout(). For example, with an input clock of 80MHz, and a selected baud rate of 50, sc16is7xx_set_baud() will return 200 instead of 50. Fix this by first changing the prescaler variable to hold the selected prescaler value instead of the MCR bitfield. Then properly take into account the selected prescaler value in the return value computation. Also add better documentation about the divisor value computation. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Jiri Slaby <jirislaby(a)kernel.org> Link: https://lore.kernel.org/r/20240430200431.4102923-1-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 929206a9a6e1..12915fffac27 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -554,16 +554,28 @@ static bool sc16is7xx_regmap_noinc(struct device *dev, unsigned int reg) return reg == SC16IS7XX_RHR_REG; } +/* + * Configure programmable baud rate generator (divisor) according to the + * desired baud rate. + * + * From the datasheet, the divisor is computed according to: + * + * XTAL1 input frequency + * ----------------------- + * prescaler + * divisor = --------------------------- + * baud-rate x sampling-rate + */ static int sc16is7xx_set_baud(struct uart_port *port, int baud) { struct sc16is7xx_one *one = to_sc16is7xx_one(port, port); u8 lcr; - u8 prescaler = 0; + unsigned int prescaler = 1; unsigned long clk = port->uartclk, div = clk / 16 / baud; if (div >= BIT(16)) { - prescaler = SC16IS7XX_MCR_CLKSEL_BIT; - div /= 4; + prescaler = 4; + div /= prescaler; } /* Enable enhanced features */ @@ -573,9 +585,10 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_EFR_ENABLE_BIT); sc16is7xx_efr_unlock(port); + /* If bit MCR_CLKSEL is set, the divide by 4 prescaler is activated. */ sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, SC16IS7XX_MCR_CLKSEL_BIT, - prescaler); + prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); /* Backup LCR and access special register set (DLL/DLH) */ lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); @@ -591,7 +604,7 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Restore LCR and access to general register set */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); - return DIV_ROUND_CLOSEST(clk / 16, div); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8492bd91aa055907c67ef04f2b56f6dadd1f44bf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052507-catty-penniless-a423@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8492bd91aa055907c67ef04f2b56f6dadd1f44bf Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 30 Apr 2024 16:04:30 -0400 Subject: [PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler When using a high speed clock with a low baud rate, the 4x prescaler is automatically selected if required. In that case, sc16is7xx_set_baud() properly configures the chip registers, but returns an incorrect baud rate by not taking into account the prescaler value. This incorrect baud rate is then fed to uart_update_timeout(). For example, with an input clock of 80MHz, and a selected baud rate of 50, sc16is7xx_set_baud() will return 200 instead of 50. Fix this by first changing the prescaler variable to hold the selected prescaler value instead of the MCR bitfield. Then properly take into account the selected prescaler value in the return value computation. Also add better documentation about the divisor value computation. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Jiri Slaby <jirislaby(a)kernel.org> Link: https://lore.kernel.org/r/20240430200431.4102923-1-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 929206a9a6e1..12915fffac27 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -554,16 +554,28 @@ static bool sc16is7xx_regmap_noinc(struct device *dev, unsigned int reg) return reg == SC16IS7XX_RHR_REG; } +/* + * Configure programmable baud rate generator (divisor) according to the + * desired baud rate. + * + * From the datasheet, the divisor is computed according to: + * + * XTAL1 input frequency + * ----------------------- + * prescaler + * divisor = --------------------------- + * baud-rate x sampling-rate + */ static int sc16is7xx_set_baud(struct uart_port *port, int baud) { struct sc16is7xx_one *one = to_sc16is7xx_one(port, port); u8 lcr; - u8 prescaler = 0; + unsigned int prescaler = 1; unsigned long clk = port->uartclk, div = clk / 16 / baud; if (div >= BIT(16)) { - prescaler = SC16IS7XX_MCR_CLKSEL_BIT; - div /= 4; + prescaler = 4; + div /= prescaler; } /* Enable enhanced features */ @@ -573,9 +585,10 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_EFR_ENABLE_BIT); sc16is7xx_efr_unlock(port); + /* If bit MCR_CLKSEL is set, the divide by 4 prescaler is activated. */ sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, SC16IS7XX_MCR_CLKSEL_BIT, - prescaler); + prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); /* Backup LCR and access special register set (DLL/DLH) */ lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); @@ -591,7 +604,7 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Restore LCR and access to general register set */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); - return DIV_ROUND_CLOSEST(clk / 16, div); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8492bd91aa055907c67ef04f2b56f6dadd1f44bf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052506-afternoon-exponent-b101@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8492bd91aa055907c67ef04f2b56f6dadd1f44bf Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 30 Apr 2024 16:04:30 -0400 Subject: [PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler When using a high speed clock with a low baud rate, the 4x prescaler is automatically selected if required. In that case, sc16is7xx_set_baud() properly configures the chip registers, but returns an incorrect baud rate by not taking into account the prescaler value. This incorrect baud rate is then fed to uart_update_timeout(). For example, with an input clock of 80MHz, and a selected baud rate of 50, sc16is7xx_set_baud() will return 200 instead of 50. Fix this by first changing the prescaler variable to hold the selected prescaler value instead of the MCR bitfield. Then properly take into account the selected prescaler value in the return value computation. Also add better documentation about the divisor value computation. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Jiri Slaby <jirislaby(a)kernel.org> Link: https://lore.kernel.org/r/20240430200431.4102923-1-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 929206a9a6e1..12915fffac27 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -554,16 +554,28 @@ static bool sc16is7xx_regmap_noinc(struct device *dev, unsigned int reg) return reg == SC16IS7XX_RHR_REG; } +/* + * Configure programmable baud rate generator (divisor) according to the + * desired baud rate. + * + * From the datasheet, the divisor is computed according to: + * + * XTAL1 input frequency + * ----------------------- + * prescaler + * divisor = --------------------------- + * baud-rate x sampling-rate + */ static int sc16is7xx_set_baud(struct uart_port *port, int baud) { struct sc16is7xx_one *one = to_sc16is7xx_one(port, port); u8 lcr; - u8 prescaler = 0; + unsigned int prescaler = 1; unsigned long clk = port->uartclk, div = clk / 16 / baud; if (div >= BIT(16)) { - prescaler = SC16IS7XX_MCR_CLKSEL_BIT; - div /= 4; + prescaler = 4; + div /= prescaler; } /* Enable enhanced features */ @@ -573,9 +585,10 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_EFR_ENABLE_BIT); sc16is7xx_efr_unlock(port); + /* If bit MCR_CLKSEL is set, the divide by 4 prescaler is activated. */ sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, SC16IS7XX_MCR_CLKSEL_BIT, - prescaler); + prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); /* Backup LCR and access special register set (DLL/DLH) */ lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); @@ -591,7 +604,7 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Restore LCR and access to general register set */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); - return DIV_ROUND_CLOSEST(clk / 16, div); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8492bd91aa055907c67ef04f2b56f6dadd1f44bf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052505-conceded-backstage-2637@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8492bd91aa055907c67ef04f2b56f6dadd1f44bf Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 30 Apr 2024 16:04:30 -0400 Subject: [PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler When using a high speed clock with a low baud rate, the 4x prescaler is automatically selected if required. In that case, sc16is7xx_set_baud() properly configures the chip registers, but returns an incorrect baud rate by not taking into account the prescaler value. This incorrect baud rate is then fed to uart_update_timeout(). For example, with an input clock of 80MHz, and a selected baud rate of 50, sc16is7xx_set_baud() will return 200 instead of 50. Fix this by first changing the prescaler variable to hold the selected prescaler value instead of the MCR bitfield. Then properly take into account the selected prescaler value in the return value computation. Also add better documentation about the divisor value computation. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Jiri Slaby <jirislaby(a)kernel.org> Link: https://lore.kernel.org/r/20240430200431.4102923-1-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 929206a9a6e1..12915fffac27 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -554,16 +554,28 @@ static bool sc16is7xx_regmap_noinc(struct device *dev, unsigned int reg) return reg == SC16IS7XX_RHR_REG; } +/* + * Configure programmable baud rate generator (divisor) according to the + * desired baud rate. + * + * From the datasheet, the divisor is computed according to: + * + * XTAL1 input frequency + * ----------------------- + * prescaler + * divisor = --------------------------- + * baud-rate x sampling-rate + */ static int sc16is7xx_set_baud(struct uart_port *port, int baud) { struct sc16is7xx_one *one = to_sc16is7xx_one(port, port); u8 lcr; - u8 prescaler = 0; + unsigned int prescaler = 1; unsigned long clk = port->uartclk, div = clk / 16 / baud; if (div >= BIT(16)) { - prescaler = SC16IS7XX_MCR_CLKSEL_BIT; - div /= 4; + prescaler = 4; + div /= prescaler; } /* Enable enhanced features */ @@ -573,9 +585,10 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_EFR_ENABLE_BIT); sc16is7xx_efr_unlock(port); + /* If bit MCR_CLKSEL is set, the divide by 4 prescaler is activated. */ sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, SC16IS7XX_MCR_CLKSEL_BIT, - prescaler); + prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); /* Backup LCR and access special register set (DLL/DLH) */ lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); @@ -591,7 +604,7 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Restore LCR and access to general register set */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); - return DIV_ROUND_CLOSEST(clk / 16, div); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 8492bd91aa055907c67ef04f2b56f6dadd1f44bf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052504-hungrily-verdict-1471@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8492bd91aa055907c67ef04f2b56f6dadd1f44bf Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Tue, 30 Apr 2024 16:04:30 -0400 Subject: [PATCH] serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler When using a high speed clock with a low baud rate, the 4x prescaler is automatically selected if required. In that case, sc16is7xx_set_baud() properly configures the chip registers, but returns an incorrect baud rate by not taking into account the prescaler value. This incorrect baud rate is then fed to uart_update_timeout(). For example, with an input clock of 80MHz, and a selected baud rate of 50, sc16is7xx_set_baud() will return 200 instead of 50. Fix this by first changing the prescaler variable to hold the selected prescaler value instead of the MCR bitfield. Then properly take into account the selected prescaler value in the return value computation. Also add better documentation about the divisor value computation. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: stable(a)vger.kernel.org Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Reviewed-by: Jiri Slaby <jirislaby(a)kernel.org> Link: https://lore.kernel.org/r/20240430200431.4102923-1-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 929206a9a6e1..12915fffac27 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -554,16 +554,28 @@ static bool sc16is7xx_regmap_noinc(struct device *dev, unsigned int reg) return reg == SC16IS7XX_RHR_REG; } +/* + * Configure programmable baud rate generator (divisor) according to the + * desired baud rate. + * + * From the datasheet, the divisor is computed according to: + * + * XTAL1 input frequency + * ----------------------- + * prescaler + * divisor = --------------------------- + * baud-rate x sampling-rate + */ static int sc16is7xx_set_baud(struct uart_port *port, int baud) { struct sc16is7xx_one *one = to_sc16is7xx_one(port, port); u8 lcr; - u8 prescaler = 0; + unsigned int prescaler = 1; unsigned long clk = port->uartclk, div = clk / 16 / baud; if (div >= BIT(16)) { - prescaler = SC16IS7XX_MCR_CLKSEL_BIT; - div /= 4; + prescaler = 4; + div /= prescaler; } /* Enable enhanced features */ @@ -573,9 +585,10 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_EFR_ENABLE_BIT); sc16is7xx_efr_unlock(port); + /* If bit MCR_CLKSEL is set, the divide by 4 prescaler is activated. */ sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, SC16IS7XX_MCR_CLKSEL_BIT, - prescaler); + prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); /* Backup LCR and access special register set (DLL/DLH) */ lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); @@ -591,7 +604,7 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Restore LCR and access to general register set */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); - return DIV_ROUND_CLOSEST(clk / 16, div); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 47388e807f85948eefc403a8a5fdc5b406a65d5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052539-pacific-rejoin-8bca@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47388e807f85948eefc403a8a5fdc5b406a65d5a Mon Sep 17 00:00:00 2001 From: Daniel Starke <daniel.starke(a)siemens.com> Date: Wed, 24 Apr 2024 07:48:41 +0200 Subject: [PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size. Reported-by: j51569436(a)gmail.com Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218708 Tested-by: j51569436(a)gmail.com Fixes: e1eaea46bb40 ("tty: n_gsm line discipline") Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Starke <daniel.starke(a)siemens.com> Link: https://lore.kernel.org/r/20240424054842.7741-1-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 4036566febcb..72b82bf1c280 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -2913,7 +2913,10 @@ static void gsm0_receive(struct gsm_mux *gsm, u8 c) break; case GSM_DATA: /* Data */ gsm->buf[gsm->count++] = c; - if (gsm->count == gsm->len) { + if (gsm->count >= MAX_MRU) { + gsm->bad_size++; + gsm->state = GSM_SEARCH; + } else if (gsm->count >= gsm->len) { /* Calculate final FCS for UI frames over all data */ if ((gsm->control & ~PF) != UIH) { gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, @@ -3026,7 +3029,7 @@ static void gsm1_receive(struct gsm_mux *gsm, u8 c) gsm->state = GSM_DATA; break; case GSM_DATA: /* Data */ - if (gsm->count > gsm->mru) { /* Allow one for the FCS */ + if (gsm->count > gsm->mru || gsm->count > MAX_MRU) { /* Allow one for the FCS */ gsm->state = GSM_OVERRUN; gsm->bad_size++; } else

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 47388e807f85948eefc403a8a5fdc5b406a65d5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052538-octagon-unleash-663f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47388e807f85948eefc403a8a5fdc5b406a65d5a Mon Sep 17 00:00:00 2001 From: Daniel Starke <daniel.starke(a)siemens.com> Date: Wed, 24 Apr 2024 07:48:41 +0200 Subject: [PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size. Reported-by: j51569436(a)gmail.com Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218708 Tested-by: j51569436(a)gmail.com Fixes: e1eaea46bb40 ("tty: n_gsm line discipline") Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Starke <daniel.starke(a)siemens.com> Link: https://lore.kernel.org/r/20240424054842.7741-1-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 4036566febcb..72b82bf1c280 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -2913,7 +2913,10 @@ static void gsm0_receive(struct gsm_mux *gsm, u8 c) break; case GSM_DATA: /* Data */ gsm->buf[gsm->count++] = c; - if (gsm->count == gsm->len) { + if (gsm->count >= MAX_MRU) { + gsm->bad_size++; + gsm->state = GSM_SEARCH; + } else if (gsm->count >= gsm->len) { /* Calculate final FCS for UI frames over all data */ if ((gsm->control & ~PF) != UIH) { gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, @@ -3026,7 +3029,7 @@ static void gsm1_receive(struct gsm_mux *gsm, u8 c) gsm->state = GSM_DATA; break; case GSM_DATA: /* Data */ - if (gsm->count > gsm->mru) { /* Allow one for the FCS */ + if (gsm->count > gsm->mru || gsm->count > MAX_MRU) { /* Allow one for the FCS */ gsm->state = GSM_OVERRUN; gsm->bad_size++; } else

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 47388e807f85948eefc403a8a5fdc5b406a65d5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052537-payday-enjoyably-a5a8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47388e807f85948eefc403a8a5fdc5b406a65d5a Mon Sep 17 00:00:00 2001 From: Daniel Starke <daniel.starke(a)siemens.com> Date: Wed, 24 Apr 2024 07:48:41 +0200 Subject: [PATCH] tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size. Reported-by: j51569436(a)gmail.com Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218708 Tested-by: j51569436(a)gmail.com Fixes: e1eaea46bb40 ("tty: n_gsm line discipline") Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Starke <daniel.starke(a)siemens.com> Link: https://lore.kernel.org/r/20240424054842.7741-1-daniel.starke@siemens.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c index 4036566febcb..72b82bf1c280 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -2913,7 +2913,10 @@ static void gsm0_receive(struct gsm_mux *gsm, u8 c) break; case GSM_DATA: /* Data */ gsm->buf[gsm->count++] = c; - if (gsm->count == gsm->len) { + if (gsm->count >= MAX_MRU) { + gsm->bad_size++; + gsm->state = GSM_SEARCH; + } else if (gsm->count >= gsm->len) { /* Calculate final FCS for UI frames over all data */ if ((gsm->control & ~PF) != UIH) { gsm->fcs = gsm_fcs_add_block(gsm->fcs, gsm->buf, @@ -3026,7 +3029,7 @@ static void gsm1_receive(struct gsm_mux *gsm, u8 c) gsm->state = GSM_DATA; break; case GSM_DATA: /* Data */ - if (gsm->count > gsm->mru) { /* Allow one for the FCS */ + if (gsm->count > gsm->mru || gsm->count > MAX_MRU) { /* Allow one for the FCS */ gsm->state = GSM_OVERRUN; gsm->bad_size++; } else

11 months, 2 weeks

1
0
0 0

Linux 6.8.11

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.11 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/stable/sysfs-block | 10 + Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 Documentation/admin-guide/mm/damon/usage.rst | 2 Documentation/sphinx/kernel_include.py | 1 Makefile | 2 block/genhd.c | 15 +- block/partitions/core.c | 5 drivers/android/binder.c | 2 drivers/android/binder_internal.h | 2 drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 - drivers/net/ethernet/intel/ice/ice_virtchnl.c | 22 +-- drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 3 drivers/net/ethernet/micrel/ks8851_common.c | 18 -- drivers/net/usb/ax88179_178a.c | 37 +++-- drivers/remoteproc/mtk_scp.c | 10 + drivers/tty/serial/kgdboc.c | 30 ++++ drivers/usb/dwc3/gadget.c | 4 drivers/usb/typec/tipd/core.c | 51 +++++-- drivers/usb/typec/tipd/tps6598x.h | 11 + drivers/usb/typec/ucsi/displayport.c | 4 fs/erofs/internal.h | 7 - fs/erofs/super.c | 124 +++++++----------- include/linux/blkdev.h | 13 + include/net/bluetooth/hci.h | 9 + include/net/bluetooth/hci_core.h | 1 net/bluetooth/hci_conn.c | 71 +++++++--- net/bluetooth/hci_event.c | 31 ++-- net/bluetooth/iso.c | 2 net/bluetooth/l2cap_core.c | 38 +---- net/bluetooth/sco.c | 6 security/keys/trusted-keys/trusted_tpm2.c | 25 ++- 31 files changed, 338 insertions(+), 229 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 AngeloGioacchino Del Regno (1): remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Baokun Li (1): erofs: get rid of erofs_fs_context Carlos Llamas (1): binder: fix max_thread type inconsistency Christian Brauner (1): erofs: reliably distinguish block based and fscache mode Christoph Hellwig (2): block: add a disk_has_partscan helper block: add a partscan sysfs attribute for disks Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Greg Kroah-Hartman (1): Linux 6.8.11 Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Jacob Keller (2): ice: pass VSI pointer into ice_vc_isvalid_q_id ice: remove unnecessary duplicate checks for VF VSI ID Jarkko Sakkinen (2): KEYS: trusted: Fix memory leak in tpm2_key_encode() KEYS: trusted: Do not use WARN when encode fails Javier Carrasco (2): usb: typec: tipd: fix event checking for tps25750 usb: typec: tipd: fix event checking for tps6598x Jose Fernandez (1): drm/amd/display: Fix division by zero in setup_dsc_config Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: fix link status when link is set to down/up Prashanth K (1): usb: dwc3: Wait unconditionally after issuing EndXfer command Ronald Wahl (1): net: ks8851: Fix another TX stall caused by wrong ISR flag handling SeongJae Park (1): Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Sungwoo Kim (2): Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() Thomas Weißschuh (1): admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET

11 months, 2 weeks

1
1
0 0

Linux 6.6.32

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.32 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/stable/sysfs-block | 10 Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 Documentation/admin-guide/mm/damon/usage.rst | 2 Documentation/sphinx/kernel_include.py | 1 Makefile | 2 block/genhd.c | 15 block/partitions/core.c | 5 drivers/android/binder.c | 2 drivers/android/binder_internal.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 drivers/mmc/core/mmc.c | 9 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 22 drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 3 drivers/net/ethernet/micrel/ks8851_common.c | 18 drivers/net/usb/ax88179_178a.c | 37 drivers/remoteproc/mtk_scp.c | 10 drivers/tty/serial/kgdboc.c | 30 drivers/usb/dwc3/gadget.c | 4 drivers/usb/typec/tipd/core.c | 45 drivers/usb/typec/tipd/tps6598x.h | 11 drivers/usb/typec/ucsi/displayport.c | 4 fs/erofs/internal.h | 7 fs/erofs/super.c | 124 - fs/smb/client/Makefile | 2 fs/smb/client/cached_dir.c | 24 fs/smb/client/cifs_debug.c | 38 fs/smb/client/cifsfs.c | 10 fs/smb/client/cifsglob.h | 93 - fs/smb/client/cifsproto.h | 39 fs/smb/client/cifssmb.c | 18 fs/smb/client/connect.c | 57 fs/smb/client/dir.c | 14 fs/smb/client/file.c | 39 fs/smb/client/fs_context.c | 43 fs/smb/client/fs_context.h | 13 fs/smb/client/fscache.c | 7 fs/smb/client/inode.c | 235 +-- fs/smb/client/ioctl.c | 6 fs/smb/client/link.c | 41 fs/smb/client/misc.c | 47 fs/smb/client/ntlmssp.h | 4 fs/smb/client/readdir.c | 32 fs/smb/client/reparse.c | 532 ++++++ fs/smb/client/reparse.h | 113 + fs/smb/client/sess.c | 73 fs/smb/client/smb1ops.c | 80 - fs/smb/client/smb2glob.h | 27 fs/smb/client/smb2inode.c | 1396 +++++++++++------- fs/smb/client/smb2maperror.c | 2 fs/smb/client/smb2misc.c | 10 fs/smb/client/smb2ops.c | 589 ++----- fs/smb/client/smb2pdu.c | 336 +++- fs/smb/client/smb2pdu.h | 46 fs/smb/client/smb2proto.h | 37 fs/smb/client/smb2status.h | 2 fs/smb/client/smb2transport.c | 2 fs/smb/client/smbdirect.c | 4 fs/smb/client/smbencrypt.c | 7 fs/smb/client/trace.h | 137 + fs/smb/common/smb2pdu.h | 116 - fs/smb/common/smbfsctl.h | 6 fs/smb/server/auth.c | 14 fs/smb/server/ksmbd_netlink.h | 36 fs/smb/server/mgmt/user_session.c | 28 fs/smb/server/mgmt/user_session.h | 3 fs/smb/server/misc.c | 1 fs/smb/server/oplock.c | 96 + fs/smb/server/oplock.h | 7 fs/smb/server/smb2misc.c | 26 fs/smb/server/smb2ops.c | 6 fs/smb/server/smb2pdu.c | 338 +++- fs/smb/server/smb2pdu.h | 31 fs/smb/server/transport_tcp.c | 2 fs/smb/server/vfs.c | 28 fs/smb/server/vfs_cache.c | 137 + fs/smb/server/vfs_cache.h | 9 include/linux/blkdev.h | 13 include/linux/bpf_types.h | 3 include/net/bluetooth/hci.h | 9 include/net/bluetooth/hci_core.h | 1 net/bluetooth/hci_conn.c | 71 net/bluetooth/hci_event.c | 31 net/bluetooth/iso.c | 2 net/bluetooth/l2cap_core.c | 38 net/bluetooth/sco.c | 6 security/keys/trusted-keys/trusted_tpm2.c | 25 tools/testing/selftests/kselftest.h | 14 88 files changed, 3907 insertions(+), 1722 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 Alexey Dobriyan (1): smb: client: delete "true", "false" defines AngeloGioacchino Del Regno (1): remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Baokun Li (1): erofs: get rid of erofs_fs_context Bharath SM (2): cifs: defer close file handles having RH lease cifs: remove redundant variable assignment Carlos Llamas (1): binder: fix max_thread type inconsistency Christian Brauner (1): erofs: reliably distinguish block based and fscache mode Christoph Hellwig (2): block: add a disk_has_partscan helper block: add a partscan sysfs attribute for disks Colin Ian King (2): cifs: remove redundant variable tcon_exist ksmbd: Fix spelling mistake "connction" -> "connection" Dan Carpenter (1): smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code David Howells (2): cifs: Pass unbyteswapped eof value into SMB2_set_eof() cifs: Add tracing for the cifs_tcon struct refcounting Enzo Matsumiya (3): smb: client: negotiate compression algorithms smb: common: fix fields sizes in compression_pattern_payload_v1 smb: common: simplify compression headers Eric Biggers (1): smb: use crypto_shash_digest() in symlink_hash() Greg Kroah-Hartman (1): Linux 6.6.32 Gustavo A. R. Silva (1): smb: smb2pdu.h: Avoid -Wflex-array-member-not-at-end warnings Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Jacob Keller (2): ice: pass VSI pointer into ice_vc_isvalid_q_id ice: remove unnecessary duplicate checks for VF VSI ID Jarkko Sakkinen (2): KEYS: trusted: Fix memory leak in tpm2_key_encode() KEYS: trusted: Do not use WARN when encode fails Javier Carrasco (1): usb: typec: tipd: fix event checking for tps6598x Jiri Olsa (1): bpf: Add missing BPF_LINK_TYPE invocations Jose Fernandez (1): drm/amd/display: Fix division by zero in setup_dsc_config Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: fix link status when link is set to down/up Marios Makassikis (1): ksmbd: fix possible null-deref in smb_lazy_parent_lease_break_close Mark Brown (1): kselftest: Add a ksft_perror() helper Markus Elfring (1): smb3: Improve exception handling in allocate_mr_list() Meetakshi Setiya (4): cifs: Add client version details to NTLM authenticate message smb: client: reuse file lease key in compound operations smb: client: retry compound request without reusing lease cifs: fixes for get_inode_info Mengqi Zhang (1): mmc: core: Add HS400 tuning in HS400es initialization Namjae Jeon (5): ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session ksmbd: add support for durable handles v1/v2 ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() ksmbd: fix potencial out-of-bounds when buffer offset is invalid ksmbd: add continuous availability share parameter Paulo Alcantara (17): smb: client: allow creating symlinks via reparse points smb: client: cleanup smb2_query_reparse_point() smb: client: handle special files and symlinks in SMB3 POSIX cifs: get rid of dup length check in parse_reparse_point() smb: client: don't clobber ->i_rdev from cached reparse points smb: client: handle path separator of created SMB symlinks smb: client: get rid of smb311_posix_query_path_info() smb: client: introduce reparse mount option smb: client: move most of reparse point handling code to common file smb: client: fix potential broken compound request smb: client: reduce number of parameters in smb2_compound_op() smb: client: add support for WSL reparse points smb: client: parse uid, gid, mode and dev from WSL reparse points smb: client: set correct d_type for reparse DFS/DFSR and mount point smb: client: return reparse type in /proc/mounts smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file() smb: client: instantiate when creating SFU files Pierre Mariani (1): smb: client: Fix minor whitespace errors and warnings Prashanth K (1): usb: dwc3: Wait unconditionally after issuing EndXfer command Randy Dunlap (2): ksmbd: auth: fix most kernel-doc warnings ksmbd: vfs: fix all kernel-doc warnings Ritvik Budhiraja (1): cifs: fix use after free for iface while disabling secondary channels Ronald Wahl (1): net: ks8851: Fix another TX stall caused by wrong ISR flag handling SeongJae Park (1): Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Shyam Prasad N (6): cifs: print server capabilities in DebugData cifs: pick channel for tcon and tdis cifs: new nt status codes from MS-SMB2 cifs: new mount option called retrans cifs: commands that are retried should have replay flag set cifs: set replay flag for retries of write command Srinivasan Shanmugam (1): drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Steve French (23): SMB3: clarify some of the unused CreateOption flags Add definition for new smb3.1.1 command type smb3: minor RDMA cleanup smb3: more minor cleanups for session handling routines smb3: minor cleanup of session handling code Missing field not being returned in ioctl CIFS_IOC_GET_MNT_INFO smb: client: introduce cifs_sfu_make_node() smb: client: extend smb2_compound_op() to accept more commands smb: client: allow creating special files via reparse points smb: client: optimise reparse point querying cifs: fix in logging in cifs_chan_update_iface cifs: remove unneeded return statement cifs: minor comment cleanup cifs: update the same create_guid on replay smb3: update allocation size more accurately on write completion smb: client: parse owner/group when creating reparse points smb: client: do not defer close open handles to deleted files smb: client: introduce SMB2_OP_QUERY_WSL_EA smb3: add dynamic trace point for ioctls cifs: Move some extern decls from .c files to .h smb311: correct incorrect offset field in compression header smb311: additional compression flag defined in updated protocol spec smb3: add trace event for mknod Sungwoo Kim (2): Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() Thomas Weißschuh (1): admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET Yang Li (2): smb: Fix some kernel-doc comments ksmbd: Add kernel-doc for ksmbd_extract_sharename() function

11 months, 2 weeks

1
1
0 0

Linux 6.1.92

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.92 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 Documentation/sphinx/kernel_include.py | 1 Makefile | 2 arch/arm64/Kconfig | 1 arch/arm64/include/asm/lse.h | 1 drivers/android/binder.c | 2 drivers/android/binder_internal.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 drivers/mfd/stpmic1.c | 5 drivers/mmc/core/mmc.c | 9 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 22 - drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 3 drivers/net/ethernet/micrel/ks8851_common.c | 18 - drivers/net/usb/ax88179_178a.c | 37 +- drivers/pinctrl/core.c | 14 drivers/remoteproc/mtk_scp.c | 10 drivers/tty/serial/kgdboc.c | 30 ++ drivers/usb/dwc3/gadget.c | 4 drivers/usb/typec/tipd/core.c | 45 ++- drivers/usb/typec/tipd/tps6598x.h | 11 drivers/usb/typec/ucsi/displayport.c | 4 fs/iomap/buffered-io.c | 254 +++++++++++++++++- fs/iomap/iter.c | 19 + fs/nfs/callback.c | 9 fs/nfsd/nfs4proc.c | 5 fs/nfsd/nfssvc.c | 12 fs/xfs/libxfs/xfs_bmap.c | 8 fs/xfs/libxfs/xfs_errortag.h | 12 fs/xfs/libxfs/xfs_refcount.c | 146 +++++++++- fs/xfs/libxfs/xfs_sb.c | 7 fs/xfs/xfs_aops.c | 37 +- fs/xfs/xfs_bmap_util.c | 10 fs/xfs/xfs_bmap_util.h | 2 fs/xfs/xfs_buf.c | 1 fs/xfs/xfs_buf_item.c | 2 fs/xfs/xfs_error.c | 27 + fs/xfs/xfs_file.c | 2 fs/xfs/xfs_fsops.c | 4 fs/xfs/xfs_icache.c | 6 fs/xfs/xfs_inode.c | 16 - fs/xfs/xfs_ioctl.c | 4 fs/xfs/xfs_iomap.c | 177 +++++++----- fs/xfs/xfs_iomap.h | 6 fs/xfs/xfs_log.c | 53 +-- fs/xfs/xfs_mount.c | 15 + fs/xfs/xfs_pnfs.c | 6 include/linux/iomap.h | 47 ++- net/sunrpc/svc_xprt.c | 16 - security/keys/trusted-keys/trusted_tpm2.c | 25 + 50 files changed, 865 insertions(+), 298 deletions(-) Aidan MacDonald (1): mfd: stpmic1: Fix swapped mask/unmask in irq chip Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 AngeloGioacchino Del Regno (1): remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Carlos Llamas (1): binder: fix max_thread type inconsistency Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Darrick J. Wong (8): xfs: fix incorrect error-out in xfs_remove xfs: invalidate block device page cache during unmount xfs: attach dquots to inode before reading data/cow fork mappings xfs: hoist refcount record merge predicates xfs: estimate post-merge refcounts correctly xfs: invalidate xfs_bufs when allocating cow extents xfs: allow inode inactivation during a ro mount log recovery xfs: fix log recovery when unknown rocompat bits are set Dave Chinner (10): xfs: write page faults in iomap are not buffered writes xfs: punching delalloc extents on write failure is racy xfs: use byte ranges for write cleanup ranges xfs,iomap: move delalloc punching to iomap iomap: buffered write failure should not truncate the page cache xfs: xfs_bmap_punch_delalloc_range() should take a byte range iomap: write iomap validity checks xfs: use iomap_valid method to detect stale cached iomaps xfs: drop write error injection is unfixable, remove it xfs: fix off-by-one-block in xfs_discard_folio() Eric Sandeen (1): xfs: short circuit xfs_growfs_data_private() if delta is zero Greg Kroah-Hartman (1): Linux 6.1.92 Guo Xuenan (2): xfs: wait iclog complete before tearing down AIL xfs: fix super block buf log item UAF during force shutdown Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Hironori Shiina (1): xfs: get root inode correctly at bulkstat Jacob Keller (2): ice: pass VSI pointer into ice_vc_isvalid_q_id ice: remove unnecessary duplicate checks for VF VSI ID Jarkko Sakkinen (2): KEYS: trusted: Fix memory leak in tpm2_key_encode() KEYS: trusted: Do not use WARN when encode fails Javier Carrasco (1): usb: typec: tipd: fix event checking for tps6598x Jose Fernandez (1): drm/amd/display: Fix division by zero in setup_dsc_config Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: fix link status when link is set to down/up Long Li (2): xfs: fix sb write verify for lazysbcount xfs: fix incorrect i_nlink caused by inode racing Mark Rutland (1): arm64: atomics: lse: remove stale dependency on JUMP_LABEL Mengqi Zhang (1): mmc: core: Add HS400 tuning in HS400es initialization NeilBrown (1): nfsd: don't allow nfsd threads to be signalled. Prashanth K (1): usb: dwc3: Wait unconditionally after issuing EndXfer command Ronald Wahl (1): net: ks8851: Fix another TX stall caused by wrong ISR flag handling Sergey Shtylyov (1): pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Srinivasan Shanmugam (1): drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Thomas Weißschuh (1): admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET

11 months, 2 weeks

1
1
0 0

Linux 5.15.160

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.160 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 Documentation/sphinx/kernel_include.py | 1 Makefile | 2 arch/x86/kvm/x86.c | 11 drivers/android/binder.c | 2 drivers/android/binder_internal.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 - drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 6 drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 drivers/pinctrl/core.c | 14 - drivers/remoteproc/mtk_scp.c | 10 drivers/tty/serial/kgdboc.c | 30 ++ drivers/usb/typec/ucsi/displayport.c | 4 fs/nfs/callback.c | 9 fs/nfsd/nfs4proc.c | 5 fs/nfsd/nfssvc.c | 12 - include/net/tls.h | 6 net/netlink/af_netlink.c | 23 +- net/sunrpc/svc_xprt.c | 16 - net/tls/tls_sw.c | 199 +++++++++--------- security/keys/trusted-keys/trusted_tpm2.c | 25 +- tools/testing/selftests/vm/map_hugetlb.c | 7 25 files changed, 242 insertions(+), 174 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 AngeloGioacchino Del Regno (1): remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Carlos Llamas (1): binder: fix max_thread type inconsistency Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Doug Berger (2): net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize UMAC_CMD access Eric Dumazet (2): netlink: annotate lockless accesses to nlk->max_recvmsg_len netlink: annotate data-races around sk->sk_err Greg Kroah-Hartman (1): Linux 5.15.160 Harshit Mogalapalli (1): Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Jakub Kicinski (4): tls: rx: simplify async wait net: tls: factor out tls_*crypt_async_wait() tls: fix race between async notify and socket close net: tls: handle backlogging of crypto requests Jarkko Sakkinen (2): KEYS: trusted: Fix memory leak in tpm2_key_encode() KEYS: trusted: Do not use WARN when encode fails Jose Fernandez (1): drm/amd/display: Fix division by zero in setup_dsc_config NeilBrown (1): nfsd: don't allow nfsd threads to be signalled. Sabrina Dubroca (1): tls: extract context alloc/initialization out of tls_set_sw_offload Sean Christopherson (1): KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection Sergey Shtylyov (1): pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Srinivasan Shanmugam (1): drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Thomas Weißschuh (1): admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET

11 months, 2 weeks

1
1
0 0

Linux 5.10.218

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.218 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/sphinx/kernel_include.py | 1 Makefile | 2 - arch/x86/entry/entry_64.S | 17 +++++------ arch/x86/include/asm/irqflags.h | 7 ---- arch/x86/include/asm/paravirt.h | 5 --- arch/x86/include/asm/paravirt_types.h | 8 ----- arch/x86/kernel/asm-offsets_64.c | 2 - arch/x86/kernel/paravirt.c | 5 --- arch/x86/kernel/paravirt_patch.c | 4 -- arch/x86/kvm/x86.c | 11 ++++++- arch/x86/xen/enlighten_pv.c | 1 arch/x86/xen/xen-asm.S | 21 -------------- arch/x86/xen/xen-ops.h | 2 - drivers/firmware/arm_scmi/reset.c | 6 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 ++ drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 + drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 6 ++++ drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 ++ drivers/pinctrl/core.c | 14 +++++++-- drivers/tty/serial/kgdboc.c | 30 ++++++++++++++++++++- drivers/usb/typec/ucsi/displayport.c | 4 -- fs/btrfs/volumes.c | 1 net/mptcp/protocol.c | 2 + net/netlink/af_netlink.c | 15 ++++++---- security/integrity/ima/ima_policy.c | 29 ++++++++++++++------ tools/testing/selftests/vm/map_hugetlb.c | 7 ---- 27 files changed, 122 insertions(+), 99 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 Cristian Marussi (1): firmware: arm_scmi: Harden accesses to the reset domains Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Doug Berger (2): net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize UMAC_CMD access Eric Dumazet (1): netlink: annotate lockless accesses to nlk->max_recvmsg_len Greg Kroah-Hartman (1): Linux 5.10.218 Harshit Mogalapalli (1): Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Juergen Gross (1): x86/xen: Drop USERGS_SYSRET64 paravirt call Paolo Abeni (1): mptcp: ensure snd_nxt is properly initialized on connect Sean Christopherson (1): KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection Sergey Shtylyov (1): pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Srinivasan Shanmugam (1): drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() liqiong (1): ima: fix deadlock when traversing "ima_default_rules".

11 months, 2 weeks

1
1
0 0

Linux 5.4.277

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.277 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/sphinx/kernel_include.py | 1 Makefile | 2 arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 +- drivers/firmware/arm_scmi/reset.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 22 ++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 12 ++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 43 ++--------- drivers/pinctrl/core.c | 14 ++- drivers/tty/serial/kgdboc.c | 30 +++++++ drivers/usb/typec/ucsi/displayport.c | 4 - fs/btrfs/volumes.c | 1 fs/cifs/smb2ops.c | 4 - fs/cifs/smb2pdu.c | 81 +++++++++++++-------- fs/cifs/smb2proto.h | 10 +- fs/ext4/extents.c | 10 +- tools/testing/selftests/vm/map_hugetlb.c | 7 - 18 files changed, 161 insertions(+), 99 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 Baokun Li (1): ext4: fix bug_on in __es_tree_search Cristian Marussi (1): firmware: arm_scmi: Harden accesses to the reset domains Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Doug Berger (5): Revert "net: bcmgenet: use RGMII loopback for MAC reset" net: bcmgenet: keep MAC in reset until PHY is up net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() net: bcmgenet: synchronize UMAC_CMD access Greg Kroah-Hartman (1): Linux 5.4.277 Harshit Mogalapalli (1): Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Paulo Alcantara (1): smb: client: fix potential OOBs in smb2_parse_contexts() Rob Herring (1): arm64: dts: qcom: Fix 'interrupt-map' parent address cells Sergey Shtylyov (1): pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Srinivasan Shanmugam (1): drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()

11 months, 2 weeks

1
1
0 0

Linux 4.19.315

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.315 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/sphinx/kernel_include.py | 1 Makefile | 2 drivers/md/dm-core.h | 2 drivers/md/dm-ioctl.c | 3 drivers/md/dm-table.c | 9 drivers/tty/serial/kgdboc.c | 30 fs/btrfs/volumes.c | 1 include/linux/string.h | 20 include/linux/trace_events.h | 2 kernel/trace/Kconfig | 4 kernel/trace/Makefile | 1 kernel/trace/trace.c | 26 kernel/trace/trace_dynevent.c | 210 ++++++ kernel/trace/trace_dynevent.h | 119 +++ kernel/trace/trace_events.c | 32 kernel/trace/trace_events_hist.c | 1048 ++++++++++++++++++------------- kernel/trace/trace_probe.c | 2 kernel/trace/trace_stack.c | 2 tools/testing/selftests/vm/map_hugetlb.c | 7 19 files changed, 1050 insertions(+), 471 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Greg Kroah-Hartman (1): Linux 4.19.315 Harshit Mogalapalli (1): Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Masami Hiramatsu (4): tracing: Simplify creation and deletion of synthetic events tracing: Add unified dynamic event framework tracing: Use dyn_event framework for synthetic events tracing: Remove unneeded synth_event_mutex Mikulas Patocka (1): dm: limit the number of targets and parameter size area Steven Rostedt (VMware) (5): tracing: Consolidate trace_add/remove_event_call back to the nolock functions string.h: Add str_has_prefix() helper function tracing: Use str_has_prefix() helper for histogram code tracing: Use str_has_prefix() instead of using fixed sizes tracing: Have the historgram use the result of str_has_prefix() for len of prefix Tom Zanussi (4): tracing: Refactor hist trigger action code tracing: Split up onmatch action data tracing: Generalize hist trigger onmax and save action tracing: Remove unnecessary var_ref destroy in track_data_destroy()

11 months, 2 weeks

1
1
0 0

cherry-pick request for "arm64/fpsimd: Avoid erroneous elide of user state reload"

by Florian Klink

Hey, I got encouraged to send another email here from https://github.com/tpwrules/nixos-apple-silicon/issues/200. "arm64/fpsimd: Avoid erroneous elide of user state reload" / https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… fixes a data corruption issue with dm-crypt on aarch64, reproducible on the mainline Linux kernel (not just asahi specific!). This list has been included as Cc on this commit, but it'd be very nice to make sure this already lands in 6.9.2, due to its data corruption nature. Thanks, Florian

11 months, 2 weeks

2
1
0 0

[tip: irq/urgent] genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()

by tip-bot2 for dicken.ding

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: b84a8aba806261d2f759ccedf4a2a6a80a5e55ba Gitweb: https://git.kernel.org/tip/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba Author: dicken.ding <dicken.ding(a)mediatek.com> AuthorDate: Fri, 24 May 2024 17:17:39 +08:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 24 May 2024 12:49:35 +02:00 genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which is returned by mt_find() while neither holding sparse_irq_lock nor RCU read lock, which means the descriptor can be freed between mt_find() and the dereference: CPU0 CPU1 desc = mt_find() delayed_free_desc(desc) irq_desc_get_irq(desc) The use-after-free is reported by KASAN: Call trace: irq_get_next_irq+0x58/0x84 show_stat+0x638/0x824 seq_read_iter+0x158/0x4ec proc_reg_read_iter+0x94/0x12c vfs_read+0x1e0/0x2c8 Freed by task 4471: slab_free_freelist_hook+0x174/0x1e0 __kmem_cache_free+0xa4/0x1dc kfree+0x64/0x128 irq_kobj_release+0x28/0x3c kobject_put+0xcc/0x1e0 delayed_free_desc+0x14/0x2c rcu_do_batch+0x214/0x720 Guard the access with a RCU read lock section. Fixes: 721255b9826b ("genirq: Use a maple tree for interrupt descriptor management") Signed-off-by: dicken.ding <dicken.ding(a)mediatek.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240524091739.31611-1-dicken.ding@mediatek.com --- kernel/irq/irqdesc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/irq/irqdesc.c b/kernel/irq/irqdesc.c index 88ac365..07e99c9 100644 --- a/kernel/irq/irqdesc.c +++ b/kernel/irq/irqdesc.c @@ -160,7 +160,10 @@ static int irq_find_free_area(unsigned int from, unsigned int cnt) static unsigned int irq_find_at_or_after(unsigned int offset) { unsigned long index = offset; - struct irq_desc *desc = mt_find(&sparse_irqs, &index, nr_irqs); + struct irq_desc *desc; + + guard(rcu)(); + desc = mt_find(&sparse_irqs, &index, nr_irqs); return desc ? irq_desc_get_irq(desc) : nr_irqs; }

11 months, 2 weeks

2
1
0 0

[PATCH 2/3] KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode

by Marc Zyngier

It appears that we don't allowed a vcpu to be restored in AArch32 System mode, as we *never* included it in the list of valid modes. Just add it to the list of allowed modes. Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu") Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kvm/guest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index d9617b11f7a8..11098eb7eb44 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -251,6 +251,7 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) case PSR_AA32_MODE_SVC: case PSR_AA32_MODE_ABT: case PSR_AA32_MODE_UND: + case PSR_AA32_MODE_SYS: if (!vcpu_el1_is_32bit(vcpu)) return -EINVAL; break; -- 2.39.2

11 months, 2 weeks

2
1
0 0

[PATCH 1/3] KVM: arm64: Fix AArch32 register narrowing on userspace write

by Marc Zyngier

When userspace writes to once of the core registers, we make sure to narrow the corresponding GPRs if PSTATE indicates an AArch32 context. The code tries to check whether the context is EL0 or EL1 so that it narrows the correct registers. But it does so by checking the full PSTATE instead of PSTATE.M. As a consequence, and if we are restoring an AArch32 EL0 context in a 64bit guest, and that PSTATE has *any* bit set outside of PSTATE.M, we narrow *all* registers instead of only the first 15, destroying the 64bit state. Obviously, this is not something the guest is likely to enjoy. Correctly masking PSTATE to only evaluate PSTATE.M fixes it. Fixes: 90c1f934ed71 ("KVM: arm64: Get rid of the AArch32 register mapping code") Reported-by: Nina Schoetterl-Glausch <nsg(a)linux.ibm.com> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kvm/guest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index e2f762d959bb..d9617b11f7a8 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -276,7 +276,7 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) if (*vcpu_cpsr(vcpu) & PSR_MODE32_BIT) { int i, nr_reg; - switch (*vcpu_cpsr(vcpu)) { + switch (*vcpu_cpsr(vcpu) & PSR_AA32_MODE_MASK) { /* * Either we are dealing with user mode, and only the * first 15 registers (+ PC) must be narrowed to 32bit. -- 2.39.2

11 months, 2 weeks

3
2
0 0

[merged mm-hotfixes-stable] mm-memory-failure-fix-handling-of-dissolved-but-not-taken-off-from-buddy-pages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages has been removed from the -mm tree. Its filename was mm-memory-failure-fix-handling-of-dissolved-but-not-taken-off-from-buddy-pages.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages Date: Thu, 23 May 2024 15:12:17 +0800 When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff) raw: 06fffe0000000000 dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000009 00000000ffffffff 0000000000000000 page dumped because: VM_BUG_ON_PAGE(!PageBuddy(page)) ------------[ cut here ]------------ kernel BUG at include/linux/page-flags.h:1009! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:__del_page_from_free_list+0x151/0x180 RSP: 0018:ffffa49c90437998 EFLAGS: 00000046 RAX: 0000000000000035 RBX: 0000000000000009 RCX: ffff8dd8dfd1c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8dd8dfd1c9c0 RBP: ffffd901233b8000 R08: ffffffffab5511f8 R09: 0000000000008c69 R10: 0000000000003c15 R11: ffffffffab5511f8 R12: ffff8dd8fffc0c80 R13: 0000000000000001 R14: ffff8dd8fffc0c80 R15: 0000000000000009 FS: 00007ff916304740(0000) GS:ffff8dd8dfd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055eae50124c8 CR3: 00000008479e0000 CR4: 00000000000006f0 Call Trace: <TASK> __rmqueue_pcplist+0x23b/0x520 get_page_from_freelist+0x26b/0xe40 __alloc_pages_noprof+0x113/0x1120 __folio_alloc_noprof+0x11/0xb0 alloc_buddy_hugetlb_folio.isra.0+0x5a/0x130 __alloc_fresh_hugetlb_folio+0xe7/0x140 alloc_pool_huge_folio+0x68/0x100 set_max_huge_pages+0x13d/0x340 hugetlb_sysctl_handler_common+0xe8/0x110 proc_sys_call_handler+0x194/0x280 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xc2/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff916114887 RSP: 002b:00007ffec8a2fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000055eae500e350 RCX: 00007ff916114887 RDX: 0000000000000004 RSI: 000055eae500e390 RDI: 0000000000000003 RBP: 000055eae50104c0 R08: 0000000000000000 R09: 000055eae50104c0 R10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000004 R13: 0000000000000004 R14: 00007ff916216b80 R15: 00007ff916216a00 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- And before the panic, there had an warning about bad page state: BUG: Bad page state in process page-types pfn:8cee00 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff) page_type: 0xffffff7f(buddy) raw: 06fffe0000000000 ffffd901241c0008 ffffd901240f8008 0000000000000000 raw: 0000000000000000 0000000000000009 00000000ffffff7f 0000000000000000 page dumped because: nonzero mapcount Modules linked in: mce_inject hwpoison_inject CPU: 8 PID: 154211 Comm: page-types Not tainted 6.9.0-rc4-00499-g5544ec3178e2-dirty #22 Call Trace: <TASK> dump_stack_lvl+0x83/0xa0 bad_page+0x63/0xf0 free_unref_page+0x36e/0x5c0 unpoison_memory+0x50b/0x630 simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110 debugfs_attr_write+0x42/0x60 full_proxy_write+0x5b/0x80 vfs_write+0xcd/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xc2/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f189a514887 RSP: 002b:00007ffdcd899718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f189a514887 RDX: 0000000000000009 RSI: 00007ffdcd899730 RDI: 0000000000000003 RBP: 00007ffdcd8997a0 R08: 0000000000000000 R09: 00007ffdcd8994b2 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcda199a8 R13: 0000000000404af1 R14: 000000000040ad78 R15: 00007f189a7a5040 </TASK> The root cause should be the below race: memory_failure try_memory_failure_hugetlb me_huge_page __page_handle_poison dissolve_free_hugetlb_folio drain_all_pages -- Buddy page can be isolated e.g. for compaction. take_page_off_buddy -- Failed as page is not in the buddy list. -- Page can be putback into buddy after compaction. page_ref_inc -- Leads to buddy page with refcnt = 1. Then unpoison_memory() can unpoison the page and send the buddy page back into buddy list again leading to the above bad page state warning. And bad_page() will call page_mapcount_reset() to remove PageBuddy from buddy page leading to later VM_BUG_ON_PAGE(!PageBuddy(page)) when trying to allocate this page. Fix this issue by only treating __page_handle_poison() as successful when it returns 1. Link: https://lkml.kernel.org/r/20240523071217.1696196-1-linmiaohe@huawei.com Fixes: ceaf8fbea79a ("mm, hwpoison: skip raw hwpoison page in freeing 1GB hugepage") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-fix-handling-of-dissolved-but-not-taken-off-from-buddy-pages +++ a/mm/memory-failure.c @@ -1221,7 +1221,7 @@ static int me_huge_page(struct page_stat * subpages. */ folio_put(folio); - if (__page_handle_poison(p) >= 0) { + if (__page_handle_poison(p) > 0) { page_ref_inc(p); res = MF_RECOVERED; } else { @@ -2091,7 +2091,7 @@ retry: */ if (res == 0) { folio_unlock(folio); - if (__page_handle_poison(p) >= 0) { + if (__page_handle_poison(p) > 0) { page_ref_inc(p); res = MF_RECOVERED; } else { _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are

11 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-proc-pid-smaps_rollup-avoid-skipping-vma-after-getting-mmap_lock-again.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: /proc/pid/smaps_rollup: avoid skipping vma after getting mmap_lock again has been removed from the -mm tree. Its filename was mm-proc-pid-smaps_rollup-avoid-skipping-vma-after-getting-mmap_lock-again.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yuanyuan Zhong <yzhong(a)purestorage.com> Subject: mm: /proc/pid/smaps_rollup: avoid skipping vma after getting mmap_lock again Date: Thu, 23 May 2024 12:35:31 -0600 After switching smaps_rollup to use VMA iterator, searching for next entry is part of the condition expression of the do-while loop. So the current VMA needs to be addressed before the continue statement. Otherwise, with some VMAs skipped, userspace observed memory consumption from /proc/pid/smaps_rollup will be smaller than the sum of the corresponding fields from /proc/pid/smaps. Link: https://lkml.kernel.org/r/20240523183531.2535436-1-yzhong@purestorage.com Fixes: c4c84f06285e ("fs/proc/task_mmu: stop using linked list and highest_vm_end") Signed-off-by: Yuanyuan Zhong <yzhong(a)purestorage.com> Reviewed-by: Mohamed Khalfella <mkhalfella(a)purestorage.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/fs/proc/task_mmu.c~mm-proc-pid-smaps_rollup-avoid-skipping-vma-after-getting-mmap_lock-again +++ a/fs/proc/task_mmu.c @@ -970,12 +970,17 @@ static int show_smaps_rollup(struct seq_ break; /* Case 1 and 2 above */ - if (vma->vm_start >= last_vma_end) + if (vma->vm_start >= last_vma_end) { + smap_gather_stats(vma, &mss, 0); + last_vma_end = vma->vm_end; continue; + } /* Case 4 above */ - if (vma->vm_end > last_vma_end) + if (vma->vm_end > last_vma_end) { smap_gather_stats(vma, &mss, last_vma_end); + last_vma_end = vma->vm_end; + } } } for_each_vma(vmi, vma); _ Patches currently in -mm which might be from yzhong(a)purestorage.com are

11 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix potential hang in nilfs_detach_log_writer() has been removed from the -mm tree. Its filename was nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix potential hang in nilfs_detach_log_writer() Date: Mon, 20 May 2024 22:26:21 +0900 Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount. Analysis revealed that this is because nilfs_segctor_sync(), which synchronizes with the log writer thread, can be called after nilfs_segctor_destroy() terminates that thread, as shown in the call trace below: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --> Shut down log writer thread flush_work nilfs_iput_work_func nilfs_dispose_list iput nilfs_evict_inode nilfs_transaction_commit nilfs_construct_segment (if inode needs sync) nilfs_segctor_sync --> Attempt to synchronize with log writer thread *** DEADLOCK *** Fix this issue by changing nilfs_segctor_sync() so that the log writer thread returns normally without synchronizing after it terminates, and by forcing tasks that are already waiting to complete once after the thread terminates. The skipped inode metadata flushout will then be processed together in the subsequent cleanup work in nilfs_segctor_destroy(). Link: https://lkml.kernel.org/r/20240520132621.4054-4-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+e3973c409251e136fdd0(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=e3973c409251e136fdd0 Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Cc: "Bai, Shuangpeng" <sjb7183(a)psu.edu> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/segment.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) --- a/fs/nilfs2/segment.c~nilfs2-fix-potential-hang-in-nilfs_detach_log_writer +++ a/fs/nilfs2/segment.c @@ -2190,6 +2190,14 @@ static int nilfs_segctor_sync(struct nil for (;;) { set_current_state(TASK_INTERRUPTIBLE); + /* + * Synchronize only while the log writer thread is alive. + * Leave flushing out after the log writer thread exits to + * the cleanup work in nilfs_segctor_destroy(). + */ + if (!sci->sc_task) + break; + if (atomic_read(&wait_req.done)) { err = wait_req.err; break; @@ -2205,7 +2213,7 @@ static int nilfs_segctor_sync(struct nil return err; } -static void nilfs_segctor_wakeup(struct nilfs_sc_info *sci, int err) +static void nilfs_segctor_wakeup(struct nilfs_sc_info *sci, int err, bool force) { struct nilfs_segctor_wait_request *wrq, *n; unsigned long flags; @@ -2213,7 +2221,7 @@ static void nilfs_segctor_wakeup(struct spin_lock_irqsave(&sci->sc_wait_request.lock, flags); list_for_each_entry_safe(wrq, n, &sci->sc_wait_request.head, wq.entry) { if (!atomic_read(&wrq->done) && - nilfs_cnt32_ge(sci->sc_seq_done, wrq->seq)) { + (force || nilfs_cnt32_ge(sci->sc_seq_done, wrq->seq))) { wrq->err = err; atomic_set(&wrq->done, 1); } @@ -2362,7 +2370,7 @@ static void nilfs_segctor_notify(struct if (mode == SC_LSEG_SR) { sci->sc_state &= ~NILFS_SEGCTOR_COMMIT; sci->sc_seq_done = sci->sc_seq_accepted; - nilfs_segctor_wakeup(sci, err); + nilfs_segctor_wakeup(sci, err, false); sci->sc_flush_request = 0; } else { if (mode == SC_FLUSH_FILE) @@ -2746,6 +2754,13 @@ static void nilfs_segctor_destroy(struct || sci->sc_seq_request != sci->sc_seq_done); spin_unlock(&sci->sc_state_lock); + /* + * Forcibly wake up tasks waiting in nilfs_segctor_sync(), which can + * be called from delayed iput() via nilfs_evict_inode() and can race + * with the above log writer thread termination. + */ + nilfs_segctor_wakeup(sci, 0, true); + if (flush_work(&sci->sc_iput_work)) flag = true; _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are

11 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix unexpected freezing of nilfs_segctor_sync() has been removed from the -mm tree. Its filename was nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix unexpected freezing of nilfs_segctor_sync() Date: Mon, 20 May 2024 22:26:20 +0900 A potential and reproducible race issue has been identified where nilfs_segctor_sync() would block even after the log writer thread writes a checkpoint, unless there is an interrupt or other trigger to resume log writing. This turned out to be because, depending on the execution timing of the log writer thread running in parallel, the log writer thread may skip responding to nilfs_segctor_sync(), which causes a call to schedule() waiting for completion within nilfs_segctor_sync() to lose the opportunity to wake up. The reason why waking up the task waiting in nilfs_segctor_sync() may be skipped is that updating the request generation issued using a shared sequence counter and adding an wait queue entry to the request wait queue to the log writer, are not done atomically. There is a possibility that log writing and request completion notification by nilfs_segctor_wakeup() may occur between the two operations, and in that case, the wait queue entry is not yet visible to nilfs_segctor_wakeup() and the wake-up of nilfs_segctor_sync() will be carried over until the next request occurs. Fix this issue by performing these two operations simultaneously within the lock section of sc_state_lock. Also, following the memory barrier guidelines for event waiting loops, move the call to set_current_state() in the same location into the event waiting loop to ensure that a memory barrier is inserted just before the event condition determination. Link: https://lkml.kernel.org/r/20240520132621.4054-3-konishi.ryusuke@gmail.com Fixes: 9ff05123e3bf ("nilfs2: segment constructor") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Cc: "Bai, Shuangpeng" <sjb7183(a)psu.edu> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/segment.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) --- a/fs/nilfs2/segment.c~nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync +++ a/fs/nilfs2/segment.c @@ -2168,19 +2168,28 @@ static int nilfs_segctor_sync(struct nil struct nilfs_segctor_wait_request wait_req; int err = 0; - spin_lock(&sci->sc_state_lock); init_wait(&wait_req.wq); wait_req.err = 0; atomic_set(&wait_req.done, 0); + init_waitqueue_entry(&wait_req.wq, current); + + /* + * To prevent a race issue where completion notifications from the + * log writer thread are missed, increment the request sequence count + * "sc_seq_request" and insert a wait queue entry using the current + * sequence number into the "sc_wait_request" queue at the same time + * within the lock section of "sc_state_lock". + */ + spin_lock(&sci->sc_state_lock); wait_req.seq = ++sci->sc_seq_request; + add_wait_queue(&sci->sc_wait_request, &wait_req.wq); spin_unlock(&sci->sc_state_lock); - init_waitqueue_entry(&wait_req.wq, current); - add_wait_queue(&sci->sc_wait_request, &wait_req.wq); - set_current_state(TASK_INTERRUPTIBLE); wake_up(&sci->sc_wait_daemon); for (;;) { + set_current_state(TASK_INTERRUPTIBLE); + if (atomic_read(&wait_req.done)) { err = wait_req.err; break; _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are

11 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix use-after-free of timer for log writer thread has been removed from the -mm tree. Its filename was nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix use-after-free of timer for log writer thread Date: Mon, 20 May 2024 22:26:19 +0900 Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported regarding the timer sc_timer on the nilfs_sc_info structure. The problem is that even though it is used to wake up a sleeping log writer thread, sc_timer is not shut down until the nilfs_sc_info structure is about to be freed, and is used regardless of the thread's lifetime. Fix this issue by limiting the use of sc_timer only while the log writer thread is alive. Link: https://lkml.kernel.org/r/20240520132621.4054-1-konishi.ryusuke@gmail.com Link: https://lkml.kernel.org/r/20240520132621.4054-2-konishi.ryusuke@gmail.com Fixes: fdce895ea5dd ("nilfs2: change sc_timer from a pointer to an embedded one in struct nilfs_sc_info") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: "Bai, Shuangpeng" <sjb7183(a)psu.edu> Closes: https://groups.google.com/g/syzkaller/c/MK_LYqtt8ko/m/8rgdWeseAwAJ Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/segment.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) --- a/fs/nilfs2/segment.c~nilfs2-fix-use-after-free-of-timer-for-log-writer-thread +++ a/fs/nilfs2/segment.c @@ -2118,8 +2118,10 @@ static void nilfs_segctor_start_timer(st { spin_lock(&sci->sc_state_lock); if (!(sci->sc_state & NILFS_SEGCTOR_COMMIT)) { - sci->sc_timer.expires = jiffies + sci->sc_interval; - add_timer(&sci->sc_timer); + if (sci->sc_task) { + sci->sc_timer.expires = jiffies + sci->sc_interval; + add_timer(&sci->sc_timer); + } sci->sc_state |= NILFS_SEGCTOR_COMMIT; } spin_unlock(&sci->sc_state_lock); @@ -2320,10 +2322,21 @@ int nilfs_construct_dsync_segment(struct */ static void nilfs_segctor_accept(struct nilfs_sc_info *sci) { + bool thread_is_alive; + spin_lock(&sci->sc_state_lock); sci->sc_seq_accepted = sci->sc_seq_request; + thread_is_alive = (bool)sci->sc_task; spin_unlock(&sci->sc_state_lock); - del_timer_sync(&sci->sc_timer); + + /* + * This function does not race with the log writer thread's + * termination. Therefore, deleting sc_timer, which should not be + * done after the log writer thread exits, can be done safely outside + * the area protected by sc_state_lock. + */ + if (thread_is_alive) + del_timer_sync(&sci->sc_timer); } /** @@ -2349,7 +2362,7 @@ static void nilfs_segctor_notify(struct sci->sc_flush_request &= ~FLUSH_DAT_BIT; /* re-enable timer if checkpoint creation was not done */ - if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && + if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && sci->sc_task && time_before(jiffies, sci->sc_timer.expires)) add_timer(&sci->sc_timer); } @@ -2539,6 +2552,7 @@ static int nilfs_segctor_thread(void *ar int timeout = 0; sci->sc_timer_task = current; + timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); /* start sync. */ sci->sc_task = current; @@ -2606,6 +2620,7 @@ static int nilfs_segctor_thread(void *ar end_thread: /* end sync. */ sci->sc_task = NULL; + timer_shutdown_sync(&sci->sc_timer); wake_up(&sci->sc_wait_task); /* for nilfs_segctor_kill_thread() */ spin_unlock(&sci->sc_state_lock); return 0; @@ -2669,7 +2684,6 @@ static struct nilfs_sc_info *nilfs_segct INIT_LIST_HEAD(&sci->sc_gc_inodes); INIT_LIST_HEAD(&sci->sc_iput_queue); INIT_WORK(&sci->sc_iput_work, nilfs_iput_work_func); - timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); sci->sc_interval = HZ * NILFS_SC_DEFAULT_TIMEOUT; sci->sc_mjcp_freq = HZ * NILFS_SC_DEFAULT_SR_FREQ; @@ -2748,7 +2762,6 @@ static void nilfs_segctor_destroy(struct down_write(&nilfs->ns_segctor_sem); - timer_shutdown_sync(&sci->sc_timer); kfree(sci); } _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are

11 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-fix-build-warnings-on-ppc64.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: fix build warnings on ppc64 has been removed from the -mm tree. Its filename was selftests-mm-fix-build-warnings-on-ppc64.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Michael Ellerman <mpe(a)ellerman.id.au> Subject: selftests/mm: fix build warnings on ppc64 Date: Tue, 21 May 2024 13:02:19 +1000 Fix warnings like: In file included from uffd-unit-tests.c:8: uffd-unit-tests.c: In function `uffd_poison_handle_fault': uffd-common.h:45:33: warning: format `%llu' expects argument of type `long long unsigned int', but argument 3 has type `__u64' {aka `long unsigned int'} [-Wformat=] By switching to unsigned long long for u64 for ppc64 builds. Link: https://lkml.kernel.org/r/20240521030219.57439-1-mpe@ellerman.id.au Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Shuah Khan <skhan(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/gup_test.c | 1 + tools/testing/selftests/mm/uffd-common.h | 1 + 2 files changed, 2 insertions(+) --- a/tools/testing/selftests/mm/gup_test.c~selftests-mm-fix-build-warnings-on-ppc64 +++ a/tools/testing/selftests/mm/gup_test.c @@ -1,3 +1,4 @@ +#define __SANE_USERSPACE_TYPES__ // Use ll64 #include <fcntl.h> #include <errno.h> #include <stdio.h> --- a/tools/testing/selftests/mm/uffd-common.h~selftests-mm-fix-build-warnings-on-ppc64 +++ a/tools/testing/selftests/mm/uffd-common.h @@ -8,6 +8,7 @@ #define __UFFD_COMMON_H__ #define _GNU_SOURCE +#define __SANE_USERSPACE_TYPES__ // Use ll64 #include <stdio.h> #include <errno.h> #include <unistd.h> _ Patches currently in -mm which might be from mpe(a)ellerman.id.au are

11 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-compaction_test-fix-bogus-test-success-and-reduce-probability-of-oom-killer-invocation.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: compaction_test: fix bogus test success and reduce probability of OOM-killer invocation has been removed from the -mm tree. Its filename was selftests-mm-compaction_test-fix-bogus-test-success-and-reduce-probability-of-oom-killer-invocation.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Dev Jain <dev.jain(a)arm.com> Subject: selftests/mm: compaction_test: fix bogus test success and reduce probability of OOM-killer invocation Date: Tue, 21 May 2024 13:13:58 +0530 Reset nr_hugepages to zero before the start of the test. If a non-zero number of hugepages is already set before the start of the test, the following problems arise: - The probability of the test getting OOM-killed increases. Proof: The test wants to run on 80% of available memory to prevent OOM-killing (see original code comments). Let the value of mem_free at the start of the test, when nr_hugepages = 0, be x. In the other case, when nr_hugepages > 0, let the memory consumed by hugepages be y. In the former case, the test operates on 0.8 * x of memory. In the latter, the test operates on 0.8 * (x - y) of memory, with y already filled, hence, memory consumed is y + 0.8 * (x - y) = 0.8 * x + 0.2 * y > 0.8 * x. Q.E.D - The probability of a bogus test success increases. Proof: Let the memory consumed by hugepages be greater than 25% of x, with x and y defined as above. The definition of compaction_index is c_index = (x - y)/z where z is the memory consumed by hugepages after trying to increase them again. In check_compaction(), we set the number of hugepages to zero, and then increase them back; the probability that they will be set back to consume at least y amount of memory again is very high (since there is not much delay between the two attempts of changing nr_hugepages). Hence, z >= y > (x/4) (by the 25% assumption). Therefore, c_index = (x - y)/z <= (x - y)/y = x/y - 1 < 4 - 1 = 3 hence, c_index can always be forced to be less than 3, thereby the test succeeding always. Q.E.D Link: https://lkml.kernel.org/r/20240521074358.675031-4-dev.jain@arm.com Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Signed-off-by: Dev Jain <dev.jain(a)arm.com> Cc: <stable(a)vger.kernel.org> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Sri Jayaramappa <sjayaram(a)akamai.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/compaction_test.c | 71 +++++++++++------ 1 file changed, 49 insertions(+), 22 deletions(-) --- a/tools/testing/selftests/mm/compaction_test.c~selftests-mm-compaction_test-fix-bogus-test-success-and-reduce-probability-of-oom-killer-invocation +++ a/tools/testing/selftests/mm/compaction_test.c @@ -82,13 +82,16 @@ int prereq(void) return -1; } -int check_compaction(unsigned long mem_free, unsigned long hugepage_size) +int check_compaction(unsigned long mem_free, unsigned long hugepage_size, + unsigned long initial_nr_hugepages) { unsigned long nr_hugepages_ul; int fd, ret = -1; int compaction_index = 0; - char initial_nr_hugepages[20] = {0}; char nr_hugepages[20] = {0}; + char init_nr_hugepages[20] = {0}; + + sprintf(init_nr_hugepages, "%lu", initial_nr_hugepages); /* We want to test with 80% of available memory. Else, OOM killer comes in to play */ @@ -102,23 +105,6 @@ int check_compaction(unsigned long mem_f goto out; } - if (read(fd, initial_nr_hugepages, sizeof(initial_nr_hugepages)) <= 0) { - ksft_print_msg("Failed to read from /proc/sys/vm/nr_hugepages: %s\n", - strerror(errno)); - goto close_fd; - } - - lseek(fd, 0, SEEK_SET); - - /* Start with the initial condition of 0 huge pages*/ - if (write(fd, "0", sizeof(char)) != sizeof(char)) { - ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", - strerror(errno)); - goto close_fd; - } - - lseek(fd, 0, SEEK_SET); - /* Request a large number of huge pages. The Kernel will allocate as much as it can */ if (write(fd, "100000", (6*sizeof(char))) != (6*sizeof(char))) { @@ -146,8 +132,8 @@ int check_compaction(unsigned long mem_f lseek(fd, 0, SEEK_SET); - if (write(fd, initial_nr_hugepages, strlen(initial_nr_hugepages)) - != strlen(initial_nr_hugepages)) { + if (write(fd, init_nr_hugepages, strlen(init_nr_hugepages)) + != strlen(init_nr_hugepages)) { ksft_print_msg("Failed to write value to /proc/sys/vm/nr_hugepages: %s\n", strerror(errno)); goto close_fd; @@ -171,6 +157,41 @@ int check_compaction(unsigned long mem_f return ret; } +int set_zero_hugepages(unsigned long *initial_nr_hugepages) +{ + int fd, ret = -1; + char nr_hugepages[20] = {0}; + + fd = open("/proc/sys/vm/nr_hugepages", O_RDWR | O_NONBLOCK); + if (fd < 0) { + ksft_print_msg("Failed to open /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto out; + } + if (read(fd, nr_hugepages, sizeof(nr_hugepages)) <= 0) { + ksft_print_msg("Failed to read from /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto close_fd; + } + + lseek(fd, 0, SEEK_SET); + + /* Start with the initial condition of 0 huge pages */ + if (write(fd, "0", sizeof(char)) != sizeof(char)) { + ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto close_fd; + } + + *initial_nr_hugepages = strtoul(nr_hugepages, NULL, 10); + ret = 0; + + close_fd: + close(fd); + + out: + return ret; +} int main(int argc, char **argv) { @@ -181,6 +202,7 @@ int main(int argc, char **argv) unsigned long mem_free = 0; unsigned long hugepage_size = 0; long mem_fragmentable_MB = 0; + unsigned long initial_nr_hugepages; ksft_print_header(); @@ -189,6 +211,10 @@ int main(int argc, char **argv) ksft_set_plan(1); + /* Start the test without hugepages reducing mem_free */ + if (set_zero_hugepages(&initial_nr_hugepages)) + ksft_exit_fail(); + lim.rlim_cur = RLIM_INFINITY; lim.rlim_max = RLIM_INFINITY; if (setrlimit(RLIMIT_MEMLOCK, &lim)) @@ -232,7 +258,8 @@ int main(int argc, char **argv) entry = entry->next; } - if (check_compaction(mem_free, hugepage_size) == 0) + if (check_compaction(mem_free, hugepage_size, + initial_nr_hugepages) == 0) ksft_exit_pass(); ksft_exit_fail(); _ Patches currently in -mm which might be from dev.jain(a)arm.com are selftests-mm-va_high_addr_switch-reduce-test-noise.patch selftests-mm-va_high_addr_switch-dynamically-initialize-testcases-to-enable-lpa2-testing.patch

11 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-compaction_test-fix-incorrect-write-of-zero-to-nr_hugepages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages has been removed from the -mm tree. Its filename was selftests-mm-compaction_test-fix-incorrect-write-of-zero-to-nr_hugepages.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Dev Jain <dev.jain(a)arm.com> Subject: selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Date: Tue, 21 May 2024 13:13:57 +0530 Currently, the test tries to set nr_hugepages to zero, but that is not actually done because the file offset is not reset after read(). Fix that using lseek(). Link: https://lkml.kernel.org/r/20240521074358.675031-3-dev.jain@arm.com Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Signed-off-by: Dev Jain <dev.jain(a)arm.com> Cc: <stable(a)vger.kernel.org> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Sri Jayaramappa <sjayaram(a)akamai.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/compaction_test.c | 2 ++ 1 file changed, 2 insertions(+) --- a/tools/testing/selftests/mm/compaction_test.c~selftests-mm-compaction_test-fix-incorrect-write-of-zero-to-nr_hugepages +++ a/tools/testing/selftests/mm/compaction_test.c @@ -108,6 +108,8 @@ int check_compaction(unsigned long mem_f goto close_fd; } + lseek(fd, 0, SEEK_SET); + /* Start with the initial condition of 0 huge pages*/ if (write(fd, "0", sizeof(char)) != sizeof(char)) { ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", _ Patches currently in -mm which might be from dev.jain(a)arm.com are selftests-mm-va_high_addr_switch-reduce-test-noise.patch selftests-mm-va_high_addr_switch-dynamically-initialize-testcases-to-enable-lpa2-testing.patch

11 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-compaction_test-fix-bogus-test-success-on-aarch64.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: compaction_test: fix bogus test success on Aarch64 has been removed from the -mm tree. Its filename was selftests-mm-compaction_test-fix-bogus-test-success-on-aarch64.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Dev Jain <dev.jain(a)arm.com> Subject: selftests/mm: compaction_test: fix bogus test success on Aarch64 Date: Tue, 21 May 2024 13:13:56 +0530 Patch series "Fixes for compaction_test", v2. The compaction_test memory selftest introduces fragmentation in memory and then tries to allocate as many hugepages as possible. This series addresses some problems. On Aarch64, if nr_hugepages == 0, then the test trivially succeeds since compaction_index becomes 0, which is less than 3, due to no division by zero exception being raised. We fix that by checking for division by zero. Secondly, correctly set the number of hugepages to zero before trying to set a large number of them. Now, consider a situation in which, at the start of the test, a non-zero number of hugepages have been already set (while running the entire selftests/mm suite, or manually by the admin). The test operates on 80% of memory to avoid OOM-killer invocation, and because some memory is already blocked by hugepages, it would increase the chance of OOM-killing. Also, since mem_free used in check_compaction() is the value before we set nr_hugepages to zero, the chance that the compaction_index will be small is very high if the preset nr_hugepages was high, leading to a bogus test success. This patch (of 3): Currently, if at runtime we are not able to allocate a huge page, the test will trivially pass on Aarch64 due to no exception being raised on division by zero while computing compaction_index. Fix that by checking for nr_hugepages == 0. Anyways, in general, avoid a division by zero by exiting the program beforehand. While at it, fix a typo, and handle the case where the number of hugepages may overflow an integer. Link: https://lkml.kernel.org/r/20240521074358.675031-1-dev.jain@arm.com Link: https://lkml.kernel.org/r/20240521074358.675031-2-dev.jain@arm.com Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Signed-off-by: Dev Jain <dev.jain(a)arm.com> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Sri Jayaramappa <sjayaram(a)akamai.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/compaction_test.c | 20 +++++++++++------ 1 file changed, 13 insertions(+), 7 deletions(-) --- a/tools/testing/selftests/mm/compaction_test.c~selftests-mm-compaction_test-fix-bogus-test-success-on-aarch64 +++ a/tools/testing/selftests/mm/compaction_test.c @@ -82,12 +82,13 @@ int prereq(void) return -1; } -int check_compaction(unsigned long mem_free, unsigned int hugepage_size) +int check_compaction(unsigned long mem_free, unsigned long hugepage_size) { + unsigned long nr_hugepages_ul; int fd, ret = -1; int compaction_index = 0; - char initial_nr_hugepages[10] = {0}; - char nr_hugepages[10] = {0}; + char initial_nr_hugepages[20] = {0}; + char nr_hugepages[20] = {0}; /* We want to test with 80% of available memory. Else, OOM killer comes in to play */ @@ -134,7 +135,12 @@ int check_compaction(unsigned long mem_f /* We should have been able to request at least 1/3 rd of the memory in huge pages */ - compaction_index = mem_free/(atoi(nr_hugepages) * hugepage_size); + nr_hugepages_ul = strtoul(nr_hugepages, NULL, 10); + if (!nr_hugepages_ul) { + ksft_print_msg("ERROR: No memory is available as huge pages\n"); + goto close_fd; + } + compaction_index = mem_free/(nr_hugepages_ul * hugepage_size); lseek(fd, 0, SEEK_SET); @@ -145,11 +151,11 @@ int check_compaction(unsigned long mem_f goto close_fd; } - ksft_print_msg("Number of huge pages allocated = %d\n", - atoi(nr_hugepages)); + ksft_print_msg("Number of huge pages allocated = %lu\n", + nr_hugepages_ul); if (compaction_index > 3) { - ksft_print_msg("ERROR: Less that 1/%d of memory is available\n" + ksft_print_msg("ERROR: Less than 1/%d of memory is available\n" "as huge pages\n", compaction_index); goto close_fd; } _ Patches currently in -mm which might be from dev.jain(a)arm.com are selftests-mm-va_high_addr_switch-reduce-test-noise.patch selftests-mm-va_high_addr_switch-dynamically-initialize-testcases-to-enable-lpa2-testing.patch

11 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-huge_memory-dont-unpoison-huge_zero_folio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/huge_memory: don't unpoison huge_zero_folio has been removed from the -mm tree. Its filename was mm-huge_memory-dont-unpoison-huge_zero_folio.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/huge_memory: don't unpoison huge_zero_folio Date: Thu, 16 May 2024 20:26:08 +0800 When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_folio without increasing the folio refcnt. But then unpoison_memory() will decrease the folio refcnt unexpectedly as it appears like a successfully hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_folio. Skip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. We're not prepared to unpoison huge_zero_folio yet. Link: https://lkml.kernel.org/r/20240516122608.22610-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Yang Shi <shy828301(a)gmail.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/mm/memory-failure.c~mm-huge_memory-dont-unpoison-huge_zero_folio +++ a/mm/memory-failure.c @@ -2546,6 +2546,13 @@ int unpoison_memory(unsigned long pfn) goto unlock_mutex; } + if (is_huge_zero_folio(folio)) { + unpoison_pr_info("Unpoison: huge zero page is not supported %#lx\n", + pfn, &unpoison_rs); + ret = -EOPNOTSUPP; + goto unlock_mutex; + } + if (!PageHWPoison(p)) { unpoison_pr_info("Unpoison: Page was already unpoisoned %#lx\n", pfn, &unpoison_rs); _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are

11 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with-__gfp_nofail.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL has been removed from the -mm tree. Its filename was mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with-__gfp_nofail.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Hailong.Liu" <hailong.liu(a)oppo.com> Subject: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL Date: Fri, 10 May 2024 18:01:31 +0800 commit a421ef303008 ("mm: allow !GFP_KERNEL allocations for kvmalloc") includes support for __GFP_NOFAIL, but it presents a conflict with commit dd544141b9eb ("vmalloc: back off when the current task is OOM-killed"). A possible scenario is as follows: process-a __vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer send SIGKILL to process-a if (fatal_signal_pending(current)) break; --> return NULL; To fix this, do not check fatal_signal_pending() in vm_area_alloc_pages() if __GFP_NOFAIL set. This issue occurred during OPLUS KASAN TEST. Below is part of the log -> oom-killer sends signal to process [65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198 [65731.259685] [T32454] Call trace: [65731.259698] [T32454] dump_backtrace+0xf4/0x118 [65731.259734] [T32454] show_stack+0x18/0x24 [65731.259756] [T32454] dump_stack_lvl+0x60/0x7c [65731.259781] [T32454] dump_stack+0x18/0x38 [65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump] [65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump] [65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc [65731.260047] [T32454] notify_die+0x114/0x198 [65731.260073] [T32454] die+0xf4/0x5b4 [65731.260098] [T32454] die_kernel_fault+0x80/0x98 [65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8 [65731.260146] [T32454] do_bad_area+0x68/0x148 [65731.260174] [T32454] do_mem_abort+0x151c/0x1b34 [65731.260204] [T32454] el1_abort+0x3c/0x5c [65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90 [65731.260248] [T32454] el1h_64_sync+0x68/0x6c [65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258 --> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL); kernel panic by NULL pointer dereference. erofs assume kvmalloc with __GFP_NOFAIL never return NULL. [65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c [65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968 [65731.260339] [T32454] read_pages+0x170/0xadc [65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30 [65731.260388] [T32454] page_cache_ra_order+0x24c/0x714 [65731.260411] [T32454] filemap_fault+0xbf0/0x1a74 [65731.260437] [T32454] __do_fault+0xd0/0x33c [65731.260462] [T32454] handle_mm_fault+0xf74/0x3fe0 [65731.260486] [T32454] do_mem_abort+0x54c/0x1b34 [65731.260509] [T32454] el0_da+0x44/0x94 [65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4 [65731.260553] [T32454] el0t_64_sync+0x198/0x19c Link: https://lkml.kernel.org/r/20240510100131.1865-1-hailong.liu@oppo.com Fixes: 9376130c390a ("mm/vmalloc: add support for __GFP_NOFAIL") Signed-off-by: Hailong.Liu <hailong.liu(a)oppo.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Suggested-by: Barry Song <21cnbao(a)gmail.com> Reported-by: Oven <liyangouwen1(a)oppo.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Chao Yu <chao(a)kernel.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Gao Xiang <xiang(a)kernel.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) --- a/mm/vmalloc.c~mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with-__gfp_nofail +++ a/mm/vmalloc.c @@ -3498,7 +3498,7 @@ vm_area_alloc_pages(gfp_t gfp, int nid, { unsigned int nr_allocated = 0; gfp_t alloc_gfp = gfp; - bool nofail = false; + bool nofail = gfp & __GFP_NOFAIL; struct page *page; int i; @@ -3555,12 +3555,11 @@ vm_area_alloc_pages(gfp_t gfp, int nid, * and compaction etc. */ alloc_gfp &= ~__GFP_NOFAIL; - nofail = true; } /* High-order pages or fallback path if "bulk" fails. */ while (nr_allocated < nr_pages) { - if (fatal_signal_pending(current)) + if (!nofail && fatal_signal_pending(current)) break; if (nid == NUMA_NO_NODE) _ Patches currently in -mm which might be from hailong.liu(a)oppo.com are

11 months, 2 weeks

1
0
0 0

[PATCH 4.19 00/18] 4.19.315-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.315 release. There are 18 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.315-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.315-rc1 Akira Yokosawa <akiyks(a)gmail.com> docs: kernel_include.py: Cope with docutils 0.21 Daniel Thompson <daniel.thompson(a)linaro.org> serial: kgdboc: Fix NMI-safety problems from keyboard reset code Tom Zanussi <tom.zanussi(a)linux.intel.com> tracing: Remove unnecessary var_ref destroy in track_data_destroy() Tom Zanussi <tom.zanussi(a)linux.intel.com> tracing: Generalize hist trigger onmax and save action Tom Zanussi <tom.zanussi(a)linux.intel.com> tracing: Split up onmatch action data Tom Zanussi <tom.zanussi(a)linux.intel.com> tracing: Refactor hist trigger action code Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Have the historgram use the result of str_has_prefix() for len of prefix Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Use str_has_prefix() instead of using fixed sizes Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Use str_has_prefix() helper for histogram code Steven Rostedt (VMware) <rostedt(a)goodmis.org> string.h: Add str_has_prefix() helper function Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Consolidate trace_add/remove_event_call back to the nolock functions Masami Hiramatsu <mhiramat(a)kernel.org> tracing: Remove unneeded synth_event_mutex Masami Hiramatsu <mhiramat(a)kernel.org> tracing: Use dyn_event framework for synthetic events Masami Hiramatsu <mhiramat(a)kernel.org> tracing: Add unified dynamic event framework Masami Hiramatsu <mhiramat(a)kernel.org> tracing: Simplify creation and deletion of synthetic events Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Mikulas Patocka <mpatocka(a)redhat.com> dm: limit the number of targets and parameter size area Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" ------------- Diffstat: Documentation/sphinx/kernel_include.py | 1 - Makefile | 4 +- drivers/md/dm-core.h | 2 + drivers/md/dm-ioctl.c | 3 +- drivers/md/dm-table.c | 9 +- drivers/tty/serial/kgdboc.c | 30 +- fs/btrfs/volumes.c | 1 + include/linux/string.h | 20 + include/linux/trace_events.h | 2 - kernel/trace/Kconfig | 4 + kernel/trace/Makefile | 1 + kernel/trace/trace.c | 26 +- kernel/trace/trace_dynevent.c | 210 ++++++ kernel/trace/trace_dynevent.h | 119 ++++ kernel/trace/trace_events.c | 32 +- kernel/trace/trace_events_hist.c | 1082 ++++++++++++++++++------------ kernel/trace/trace_probe.c | 2 +- kernel/trace/trace_stack.c | 2 +- tools/testing/selftests/vm/map_hugetlb.c | 7 - 19 files changed, 1068 insertions(+), 489 deletions(-)

11 months, 2 weeks

6
23
0 0

[PATCH 5.4 00/16] 5.4.277-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.277 release. There are 16 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.277-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.277-rc1 Akira Yokosawa <akiyks(a)gmail.com> docs: kernel_include.py: Cope with docutils 0.21 Daniel Thompson <daniel.thompson(a)linaro.org> serial: kgdboc: Fix NMI-safety problems from keyboard reset code Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: displayport: Fix potential deadlock Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Rob Herring <robh(a)kernel.org> arm64: dts: qcom: Fix 'interrupt-map' parent address cells Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Harden accesses to the reset domains Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential OOBs in smb2_parse_contexts() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: keep MAC in reset until PHY is up Doug Berger <opendmb(a)gmail.com> Revert "net: bcmgenet: use RGMII loopback for MAC reset" Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Baokun Li <libaokun1(a)huawei.com> ext4: fix bug_on in __es_tree_search Sergey Shtylyov <s.shtylyov(a)omp.ru> pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() ------------- Diffstat: Documentation/sphinx/kernel_include.py | 1 - Makefile | 4 +- arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 +-- drivers/firmware/arm_scmi/reset.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 22 ++++-- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 + drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 12 +++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 43 +++--------- drivers/pinctrl/core.c | 14 +++- drivers/tty/serial/kgdboc.c | 30 +++++++- drivers/usb/typec/ucsi/displayport.c | 4 -- fs/btrfs/volumes.c | 1 + fs/cifs/smb2ops.c | 4 +- fs/cifs/smb2pdu.c | 79 ++++++++++++++-------- fs/cifs/smb2proto.h | 10 +-- fs/ext4/extents.c | 10 +-- tools/testing/selftests/vm/map_hugetlb.c | 7 -- 18 files changed, 161 insertions(+), 99 deletions(-)

11 months, 2 weeks

7
22
0 0

[PATCH 5.10 00/15] 5.10.218-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.218 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.218-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.218-rc1 Akira Yokosawa <akiyks(a)gmail.com> docs: kernel_include.py: Cope with docutils 0.21 Daniel Thompson <daniel.thompson(a)linaro.org> serial: kgdboc: Fix NMI-safety problems from keyboard reset code Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: displayport: Fix potential deadlock Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Harden accesses to the reset domains Sean Christopherson <seanjc(a)google.com> KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection Eric Dumazet <edumazet(a)google.com> netlink: annotate lockless accesses to nlk->max_recvmsg_len liqiong <liqiong(a)nfschina.com> ima: fix deadlock when traversing "ima_default_rules". Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Juergen Gross <jgross(a)suse.com> x86/xen: Drop USERGS_SYSRET64 paravirt call Sergey Shtylyov <s.shtylyov(a)omp.ru> pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() ------------- Diffstat: Documentation/sphinx/kernel_include.py | 1 - Makefile | 4 +-- arch/x86/entry/entry_64.S | 17 ++++++------ arch/x86/include/asm/irqflags.h | 7 ----- arch/x86/include/asm/paravirt.h | 5 ---- arch/x86/include/asm/paravirt_types.h | 8 ------ arch/x86/kernel/asm-offsets_64.c | 2 -- arch/x86/kernel/paravirt.c | 5 +--- arch/x86/kernel/paravirt_patch.c | 4 --- arch/x86/kvm/x86.c | 11 ++++++-- arch/x86/xen/enlighten_pv.c | 1 - arch/x86/xen/xen-asm.S | 21 --------------- arch/x86/xen/xen-ops.h | 2 -- drivers/firmware/arm_scmi/reset.c | 6 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 +++ drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 ++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 ++ drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 6 +++++ drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++ drivers/pinctrl/core.c | 14 +++++++--- drivers/tty/serial/kgdboc.c | 30 +++++++++++++++++++++- drivers/usb/typec/ucsi/displayport.c | 4 --- fs/btrfs/volumes.c | 1 + net/mptcp/protocol.c | 2 ++ net/netlink/af_netlink.c | 15 ++++++----- security/integrity/ima/ima_policy.c | 29 ++++++++++++++------- tools/testing/selftests/vm/map_hugetlb.c | 7 ----- 27 files changed, 123 insertions(+), 100 deletions(-)

11 months, 2 weeks

7
21
0 0

[PATCH v3 2/7] PCI: xilinx-nwl: Fix off-by-one in IRQ handler

by Sean Anderson

MSGF_LEG_MASK is laid out with INTA in bit 0, INTB in bit 1, INTC in bit 2, and INTD in bit 3. Hardware IRQ numbers start at 0, and we register PCI_NUM_INTX irqs. So to enable INTA (aka hwirq 0) we should set bit 0. Remove the subtraction of one. This fixes the following UBSAN error: [ 5.037483] ================================================================================ [ 5.046260] UBSAN: shift-out-of-bounds in ../drivers/pci/controller/pcie-xilinx-nwl.c:389:11 [ 5.054983] shift exponent 18446744073709551615 is too large for 32-bit type 'int' [ 5.062813] CPU: 1 PID: 61 Comm: kworker/u10:1 Not tainted 6.6.20+ #268 [ 5.070008] Hardware name: xlnx,zynqmp (DT) [ 5.074348] Workqueue: events_unbound deferred_probe_work_func [ 5.080410] Call trace: [ 5.082958] dump_backtrace (arch/arm64/kernel/stacktrace.c:235) [ 5.086850] show_stack (arch/arm64/kernel/stacktrace.c:242) [ 5.090292] dump_stack_lvl (lib/dump_stack.c:107) [ 5.094095] dump_stack (lib/dump_stack.c:114) [ 5.097540] __ubsan_handle_shift_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:387) [ 5.103227] nwl_unmask_leg_irq (drivers/pci/controller/pcie-xilinx-nwl.c:389 (discriminator 1)) [ 5.107386] irq_enable (kernel/irq/internals.h:234 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345) [ 5.110838] __irq_startup (kernel/irq/internals.h:239 kernel/irq/chip.c:180 kernel/irq/chip.c:250) [ 5.114552] irq_startup (kernel/irq/chip.c:270) [ 5.118266] __setup_irq (kernel/irq/manage.c:1800) [ 5.121982] request_threaded_irq (kernel/irq/manage.c:2206) [ 5.126412] pcie_pme_probe (include/linux/interrupt.h:168 drivers/pci/pcie/pme.c:348) [ 5.130303] pcie_port_probe_service (drivers/pci/pcie/portdrv.c:528) [ 5.134915] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:658) [ 5.138720] __driver_probe_device (drivers/base/dd.c:800) [ 5.143236] driver_probe_device (drivers/base/dd.c:830) [ 5.147571] __device_attach_driver (drivers/base/dd.c:959) [ 5.152179] bus_for_each_drv (drivers/base/bus.c:457) [ 5.156163] __device_attach (drivers/base/dd.c:1032) [ 5.160147] device_initial_probe (drivers/base/dd.c:1080) [ 5.164488] bus_probe_device (drivers/base/bus.c:532) [ 5.168471] device_add (drivers/base/core.c:3638) [ 5.172098] device_register (drivers/base/core.c:3714) [ 5.175994] pcie_portdrv_probe (drivers/pci/pcie/portdrv.c:309 drivers/pci/pcie/portdrv.c:363 drivers/pci/pcie/portdrv.c:695) [ 5.180338] pci_device_probe (drivers/pci/pci-driver.c:324 drivers/pci/pci-driver.c:392 drivers/pci/pci-driver.c:417 drivers/pci/pci-driver.c:460) [ 5.184410] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:658) [ 5.188213] __driver_probe_device (drivers/base/dd.c:800) [ 5.192729] driver_probe_device (drivers/base/dd.c:830) [ 5.197064] __device_attach_driver (drivers/base/dd.c:959) [ 5.201672] bus_for_each_drv (drivers/base/bus.c:457) [ 5.205657] __device_attach (drivers/base/dd.c:1032) [ 5.209641] device_attach (drivers/base/dd.c:1074) [ 5.213357] pci_bus_add_device (drivers/pci/bus.c:352) [ 5.217518] pci_bus_add_devices (drivers/pci/bus.c:371 (discriminator 2)) [ 5.221774] pci_host_probe (drivers/pci/probe.c:3099) [ 5.225581] nwl_pcie_probe (drivers/pci/controller/pcie-xilinx-nwl.c:938) [ 5.229562] platform_probe (drivers/base/platform.c:1404) [ 5.233367] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:658) [ 5.237169] __driver_probe_device (drivers/base/dd.c:800) [ 5.241685] driver_probe_device (drivers/base/dd.c:830) [ 5.246020] __device_attach_driver (drivers/base/dd.c:959) [ 5.250628] bus_for_each_drv (drivers/base/bus.c:457) [ 5.254612] __device_attach (drivers/base/dd.c:1032) [ 5.258596] device_initial_probe (drivers/base/dd.c:1080) [ 5.262938] bus_probe_device (drivers/base/bus.c:532) [ 5.266920] deferred_probe_work_func (drivers/base/dd.c:124) [ 5.271619] process_one_work (arch/arm64/include/asm/jump_label.h:21 include/linux/jump_label.h:207 include/trace/events/workqueue.h:108 kernel/workqueue.c:2632) [ 5.275788] worker_thread (kernel/workqueue.c:2694 (discriminator 2) kernel/workqueue.c:2781 (discriminator 2)) [ 5.279686] kthread (kernel/kthread.c:388) [ 5.283048] ret_from_fork (arch/arm64/kernel/entry.S:862) [ 5.286765] ================================================================================ Fixes: 9a181e1093af ("PCI: xilinx-nwl: Modify IRQ chip for legacy interrupts") Cc: <stable(a)vger.kernel.org> Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> --- Changes in v3: - Expand commit message drivers/pci/controller/pcie-xilinx-nwl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/pcie-xilinx-nwl.c b/drivers/pci/controller/pcie-xilinx-nwl.c index 0408f4d612b5..437927e3bcca 100644 --- a/drivers/pci/controller/pcie-xilinx-nwl.c +++ b/drivers/pci/controller/pcie-xilinx-nwl.c @@ -371,7 +371,7 @@ static void nwl_mask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val & (~mask)), MSGF_LEG_MASK); @@ -385,7 +385,7 @@ static void nwl_unmask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val | mask), MSGF_LEG_MASK); -- 2.35.1.1320.gc452695387.dirty

11 months, 2 weeks

3
4
0 0

[PATCH 3/3] KVM: arm64: AArch32: Fix spurious trapping of conditional instructions

by Marc Zyngier

We recently upgraded the view of ESR_EL2 to 64bit, in keeping with the requirements of the architecture. However, the AArch32 emulation code was left unaudited, and the (already dodgy) code that triages whether a trap is spurious or not (because the condition code failed) broke in a subtle way: If ESR_EL2.ISS2 is ever non-zero (unlikely, but hey, this is the ARM architecture we're talking about), the hack that tests the top bits of ESR_EL2.EC will break in an interesting way. Instead, use kvm_vcpu_trap_get_class() to obtain the EC, and list all the possible ECs that can fail a condition code check. While we're at it, add SMC32 to the list, as it is explicitly listed as being allowed to trap despite failing a condition code check (as described in the HCR_EL2.TSC documentation). Fixes: 0b12620fddb8 ("KVM: arm64: Treat ESR_EL2 as a 64-bit register") Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kvm/hyp/aarch32.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kvm/hyp/aarch32.c b/arch/arm64/kvm/hyp/aarch32.c index 8d9670e6615d..449fa58cf3b6 100644 --- a/arch/arm64/kvm/hyp/aarch32.c +++ b/arch/arm64/kvm/hyp/aarch32.c @@ -50,9 +50,23 @@ bool kvm_condition_valid32(const struct kvm_vcpu *vcpu) u32 cpsr_cond; int cond; - /* Top two bits non-zero? Unconditional. */ - if (kvm_vcpu_get_esr(vcpu) >> 30) + /* + * These are the exception classes that could fire with a + * conditional instruction. + */ + switch (kvm_vcpu_trap_get_class(vcpu)) { + case ESR_ELx_EC_CP15_32: + case ESR_ELx_EC_CP15_64: + case ESR_ELx_EC_CP14_MR: + case ESR_ELx_EC_CP14_LS: + case ESR_ELx_EC_FP_ASIMD: + case ESR_ELx_EC_CP10_ID: + case ESR_ELx_EC_CP14_64: + case ESR_ELx_EC_SVC32: + break; + default: return true; + } /* Is condition field valid? */ cond = kvm_vcpu_get_condition(vcpu); -- 2.39.2

11 months, 2 weeks

1
0
0 0

Re: [BUG] Linux 6.8.10 NPE

by Paul Grandperrin

> I am using vanilla Linux 6.8.10, and I've just noticed this BUG in my dmesg log. I have no idea what triggered it, and especially since I have not even mounted any NFS filesystems?! Hi all, I have the exact same bug. I'm using the NixOS kernel but as soon as it was updated to 6.8.10 my server has gone in a crash-reboot-loop. The server is hosting an NFS deamon and it crashes about 10 seconds after the tty login prompt is displayed. Dowgrading to 6.8.9 fixes the issue. Regards, Paul Grandperrin

11 months, 2 weeks

3
3
0 0

Kernel 6.8.4 regression: aacraid controller not initialized any more, system boot hangs

by Peter Schneider

Hi all, I am running a dual Xeon machine as my personal virtualization server at home, using Proxmox VE, and with their latest update 8.2 which brings kernel 6.8.4-2-pve, I am seeing a serious regression which breaks my setup because it does not boot any more. The last message I see displayed during boot is: "Timed out for waiting the udev queue being empty.", and then it hangs indefinitely. Previous kernel 6.5.13-5-pve worked fine, with the following caveat: I had similar problems initially with earlier kernels too, so from the very beginning with this machine using PVE, I had to set grub parameter rootdelay=60. With that, everything was fine, the busses settled and RAID controller and root device was found and system booted. With the newer 6.8.4 kernel, not any more, although I even tried to increase rootdelay parameter to 120. I was able to reproduce and bisect this regression also with mainline kernels (also with stable 6.8.8 and 6.9-rc), so I thought it would be a good idea to report it upstream to you guys. This is an older server machine: 2-socket Ivy Bridge Xeon E5-2697 v2 (24C/48T) in an Asus Z9PE-D16/2L motherboard (Intel C-602A chipset); BIOS patched to the latest available from Asus. All memory slots occupied, so 256 GB RAM in total. It also has Asus ASMB6 iKVM BMC, which supplies virtual storage devices (seel below dmesg) to which ISO images can be attached via network to boot/install OS from. Storage config: I have two single M4 256 GiB SATA SSD drives attached to internal mainboard SATA ports; one of them is my root device and PVE installation drive. The other one I use for storing ISO images. My main VM storage is attached to a battery backed-up Adaptec 5805 SATA/SAS RAID controller (w/ latest FW build 18948) attached to SATA/SAS enclosure of my Supermicro server casing, having eight disk drives in total: I have one RAID1 Array, consisting of two Samsung 1 TiB SATA SSDs for VM root disk images, and one RAID5 Array, consisting of 6 Hitachi 1 TiB HDDs which I use for storing VM data disk images. On both arrays, I use a LVM thin pool as PVE storage location. When everything boots up, the system is running just fine and smoothly with ~15 VMs at the same time (and has for years!). Although this is "only" a homelab server, I love it dearly and use it for many private projects VMs, among them runing Windows Server VM with MS SQL Server, and Linux server VMs running Oracle Database Server (I'm a database guy). I attach dmesg output of previous working kernel 6.5.13-5-pve, my git bisect log and output of lspci -v. The last successful kernel messages I see from the failing kernels version is this: ... [ 5.540424] usb-storage 1-1.3.4:1.0: USB Mass Storage device detected [ 5.540670] scsi host10: usb-storage 1-1.3.4:1.0 [ 5.947794] scsi 8:0:0:0: CD-ROM AMI Virtual CDROM0 1.00 PQ: 0 ANSI: 0 CCS [ 6.267830] scsi 9:0:0:0: Direct-Access AMI Virtual Floppy0 1.00 PQ: 0 ANSI: 0 CCS [ 6.555845] scsi 10:0:0:0: Direct-Access AMI Virtual HDISK0 1.00 PQ: 0 ANSI: 0 CCS and then the error message "Timed out for waiting the udev queue being empty." and the system hangs. In case of working kernels, the boot process would continue with this: ... [ 5.947794] scsi 8:0:0:0: CD-ROM AMI Virtual CDROM0 1.00 PQ: 0 ANSI: 0 CCS [ 6.267830] scsi 9:0:0:0: Direct-Access AMI Virtual Floppy0 1.00 PQ: 0 ANSI: 0 CCS [ 6.555845] scsi 10:0:0:0: Direct-Access AMI Virtual HDISK0 1.00 PQ: 0 ANSI: 0 CCS [ 32.592054] scsi 0:3:1:0: Enclosure ADAPTEC Virtual SGPIO 1 0001 PQ: 0 ANSI: 5 [ 61.536097] sd 0:0:0:0: Attached scsi generic sg0 type 0 [ 61.536215] sd 0:0:0:0: [sda] 1998565376 512-byte logical blocks: (1.02 TB/953 GiB) [ 61.536236] sd 0:0:1:0: Attached scsi generic sg1 type 0 [ 61.536239] sd 0:0:0:0: [sda] Write Protect is off [ 61.536246] sd 0:0:0:0: [sda] Mode Sense: 12 00 10 08 [ 61.536283] sd 0:0:0:0: [sda] Write cache: disabled, read cache: enabled, supports DPO and FUA [ 61.536340] scsi 0:1:0:0: Attached scsi generic sg2 type 0 [ 61.536383] sd 0:0:1:0: [sdb] Very big device. Trying to use READ CAPACITY(16). [ 61.536400] sd 0:0:1:0: [sdb] 9762222080 512-byte logical blocks: (5.00 TB/4.54 TiB) [ 61.536414] sd 0:0:1:0: [sdb] Write Protect is off [ 61.536418] sd 0:0:1:0: [sdb] Mode Sense: 12 00 10 08 [ 61.536439] sd 0:0:1:0: [sdb] Write cache: disabled, read cache: enabled, supports DPO and FUA [ 61.536455] scsi 0:1:1:0: Attached scsi generic sg3 type 0 [ 61.536616] scsi 0:1:2:0: Attached scsi generic sg4 type 0 [ 61.536750] scsi 0:1:3:0: Attached scsi generic sg5 type 0 [ 61.536840] scsi 0:1:4:0: Attached scsi generic sg6 type 0 [ 61.536930] scsi 0:1:5:0: Attached scsi generic sg7 type 0 [ 61.537027] scsi 0:1:6:0: Attached scsi generic sg8 type 0 [ 61.537122] scsi 0:1:7:0: Attached scsi generic sg9 type 0 [ 61.537248] sd 0:0:1:0: [sdb] Very big device. Trying to use READ CAPACITY(16). [ 61.537274] scsi 0:3:0:0: Attached scsi generic sg10 type 13 [ 61.537390] scsi 0:3:1:0: Attached scsi generic sg11 type 13 [ 61.537558] scsi 1:0:0:0: Direct-Access ATA M4-CT256M4SSD2 0309 PQ: 0 ANSI: 5 [ 61.537851] sd 1:0:0:0: Attached scsi generic sg12 type 0 [ 61.537919] scsi: waiting for bus probes to complete ... [ 61.537973] sd 1:0:0:0: [sdc] 500118192 512-byte logical blocks: (256 GB/238 GiB) [ 61.537986] sd 1:0:0:0: [sdc] Write Protect is off [ 61.537989] sd 1:0:0:0: [sdc] Mode Sense: 00 3a 00 00 [ 61.538002] sd 1:0:0:0: [sdc] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 61.538022] sd 1:0:0:0: [sdc] Preferred minimum I/O size 512 bytes [ 61.538924] sdc: sdc1 sdc2 < sdc5 > ... so it seems to me the initialiation of the the Adaptec controller is the culprit. I have tested and reproduced the regression with mainline kernels according to the following list (please excuse me if it's too long ;-) See at the very bottom for first bad commit I found this way. I always built as "make olddefconfig" using the 6.5.13-5-pve config as starting point. ------------------------------------------------------------------- Proxmox Virtual Environmet (PVE) Kernels ======================================== 6.5.13-5-pve WORKS last working PVE (8.1) kernel; 5.15-pve and 6.2-pve work too 6.8.4-2-pve NOPE PVE release 8.2 Mainline Kernels ================ 6.9.0-rc6+ NOPE Most recent (2024-05-01) 6.9.0-rc5+ NOPE Most recent (2024-04-27) 6.8.8 NOPE Most recent released (2024-04-29) 6.8.7 NOPE Most recent released (2024-04-27) 6.8.4 NOPE Same version as most recent released PVE 8.2 Kernel 6.5.13 WORKS My tests, reverts on top of 6.8.8 ================================= 6.8.8+ WORKS Revert "Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi" - This reverts commit 6d20acbf3e3a32d331947dbc3802cf2d1a399e7d, reversing changes made to fef85269a19d277f23fc5ff08a3c356beeb54cb3 6.8.8+ WORKS Revert "scsi: core: Consult supported VPD page list prior to fetching page" - This reverts commit b5fc07a5fb56216a49e6c1d0b172d5464d99a89b (this is the first bad commit of my bisect session, see below, and a single patch as part of the above merged tag 'scsi-fixes') Bisecting, starting from 6.9.0-rc5 (bad) and 6.5.13 (good) ========================================================== root@linus:/usr/src/linux# git checkout master Bereits auf 'master' Ihr Branch ist auf demselben Stand wie 'origin/master'. root@linus:/usr/src/linux# git log commit 9d1ddab261f3e2af7c384dc02238784ce0cf9f98 (HEAD -> master, origin/master, origin/HEAD) Merge: 71b1543c83d6 77d8aa79ecfb Author: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Tue Apr 23 09:37:32 2024 -0700 Merge tag '6.9-rc5-smb-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 root@linus:/usr/src/linux# cp /boot/config-6.5.13-5-pve .config root@linus:/usr/src/linux# git bisect start Status: warte auf guten und schlechten Commit root@linus:/usr/src/linux# git bisect bad Status: warte auf gute(n) Commit(s), schlechter Commit bekannt root@linus:/usr/src/linux# git bisect good v6.5.13 Binäre Suche: eine Merge-Basis muss geprüft werden [2dde18cd1d8fac735875f2e4987f11817cc0bc2c] Linux 6.5 root@linus:/usr/src/linux# make olddefconfig .config:10571:warning: symbol value 'm' invalid for ANDROID_BINDER_IPC .config:10572:warning: symbol value 'm' invalid for ANDROID_BINDERFS # # configuration written to .config # root@linus:/usr/src/linux# make -j 48 => 6.5.0 (Merge Base) WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 32111 Commits zum Testen übrig (ungefähr 15 Schritte) [0f5cc96c367f2e780eb492cc9cab84e3b2ca88da] Merge tag 's390-6.7-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux root@linus:/usr/src/linux# make -j 48 => 6.7.0-rc2+ WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 16056 Commits zum Testen übrig (ungefähr 14 Schritte) [ee138217c32ccbfa75d5ea6b766158148e98f6fa] Merge tag 'btree-remove-btnum-6.9_2024-02-23' of https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux into xfs-6.9-mergeC => 6.8.0-rc4+ WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 8214 Commits zum Testen übrig (ungefähr 13 Schritte) [e5e038b7ae9da96b93974bf072ca1876899a01a3] Merge tag 'fs_for_v6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs => 6.8.0+ NOPE => does not find root device, does not boot; message: "BUG: arch topology borken the CPU domain not a subset of > the NUMA domain" message: "Timed out for waiting the udev queue being empty." root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 3954 Commits zum Testen übrig (ungefähr 12 Schritte) [f153fbe1ea11939e2514ba4b3b62bbd946e2892c] Merge tag 'erofs-for-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs => 6.8.0+ (HEAD losgelöst bei f153fbe1ea11) NOPE => same as above root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 1945 Commits zum Testen übrig (ungefähr 11 Schritte) [1ddeeb2a058d7b2a58ed9e820396b4ceb715d529] Merge tag 'for-6.9/block-20240310' of git://git.kernel.dk/linux => 6.8.0+ (HEAD losgelöst bei 1ddeeb2a058d) NOPE => same as above root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 970 Commits zum Testen übrig (ungefähr 10 Schritte) [2652b99e43403dc464f3648483ffb38e48872fe4] ice: virtchnl: stop pretending to support RSS over AQ or registers => 6.8.0-rc6+ (2652b99e4340) NOPE => same root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 506 Commits zum Testen übrig (ungefähr 9 Schritte) [efa80dcbb7a3ecc4a1b2f54624c49b5a612f92b3] Merge tag 'trace-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace => 6.8.0-rc5+ (efa80dcbb7a3) WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 251 Commits zum Testen übrig (ungefähr 8 Schritte) [c6a597fcc7ad7335a3ecf8f5287a0459f793a257] Merge tag 'loongarch-fixes-6.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson => 6.8.0-rc5+ (c6a597fcc7ad) WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 126 Commits zum Testen übrig (ungefähr 7 Schritte) [cf1182944c7cc9f1c21a8a44e0d29abe12527412] Merge tag 'lsm-pr-20240227' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm => 6.8.0-rc6+ (cf1182944c7c) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 62 Commits zum Testen übrig (ungefähr 6 Schritte) [4ca0d9894fd517a2f2c0c10d26ebe99ab4396fe3] Merge tag 'erofs-for-6.8-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs => 6.8.0-rc5+ (4ca0d9894fd5) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 36 Commits zum Testen übrig (ungefähr 5 Schritte) [ac389bc0ca56e1a2f92b2a17e58298390a3879a8] Merge tag 'cxl-fixes-6.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl => 6.8.0-rc5+ (ac389bc0ca56) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 12 Commits zum Testen übrig (ungefähr 4 Schritte) [40de53fd002c6ba087a623722915e8006ed68a02] Merge branch 'for-6.8/cxl-cper' into for-6.8/cxl => 6.8.0-rc5+ (40de53fd002c) WORKS root@linus:/usr/src/linux# git bisect good Binäre Suche: danach noch 6 Commits zum Testen übrig (ungefähr 3 Schritte) [9ddf190a7df77b77817f955fdb9c2ae9d1c9c9a3] scsi: jazz_esp: Only build if SCSI core is builtin => 6.8.0-rc1+ (9ddf190a7df7) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 2 Commits zum Testen übrig (ungefähr 2 Schritte) [de959094eb2197636f7c803af0943cb9d3b35804] scsi: target: pscsi: Fix bio_put() for error case => 6.8.0-rc1+ (de959094eb21) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 0 Commits zum Testen übrig (ungefähr 1 Schritt) [b5fc07a5fb56216a49e6c1d0b172d5464d99a89b] scsi: core: Consult supported VPD page list prior to fetching page => 6.8.0-rc1+ (b5fc07a5fb56) NOPE root@linus:/usr/src/linux# git bisect bad Binäre Suche: danach noch 0 Commits zum Testen übrig (ungefähr 0 Schritte) [321da3dc1f3c92a12e3c5da934090d2992a8814c] scsi: sd: usb_storage: uas: Access media prior to querying device properties => 6.8.0-rc1+ (321da3dc1f3c) WORKS root@linus:/usr/src/linux# git bisect good b5fc07a5fb56216a49e6c1d0b172d5464d99a89b is the first bad commit commit b5fc07a5fb56216a49e6c1d0b172d5464d99a89b Author: Martin K. Petersen <martin.petersen(a)oracle.com> Date: Wed Feb 14 17:14:11 2024 -0500 scsi: core: Consult supported VPD page list prior to fetching page Commit c92a6b5d6335 ("scsi: core: Query VPD size before getting full page") removed the logic which checks whether a VPD page is present on the supported pages list before asking for the page itself. That was done because SPC helpfully states "The Supported VPD Pages VPD page list may or may not include all the VPD pages that are able to be returned by the device server". Testing had revealed a few devices that supported some of the 0xBn pages but didn't actually list them in page 0. Julian Sikorski bisected a problem with his drive resetting during discovery to the commit above. As it turns out, this particular drive firmware will crash if we attempt to fetch page 0xB9. Various approaches were attempted to work around this. In the end, reinstating the logic that consults VPD page 0 before fetching any other page was the path of least resistance. A firmware update for the devices which originally compelled us to remove the check has since been released. Link: https://lore.kernel.org/r/20240214221411.2888112-1-martin.petersen@oracle.c… Fixes: c92a6b5d6335 ("scsi: core: Query VPD size before getting full page") Cc: stable(a)vger.kernel.org Cc: Bart Van Assche <bvanassche(a)acm.org> Reported-by: Julian Sikorski <belegdol(a)gmail.com> Tested-by: Julian Sikorski <belegdol(a)gmail.com> Reviewed-by: Lee Duncan <lee.duncan(a)suse.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> drivers/scsi/scsi.c | 22 ++++++++++++++++++++-- include/scsi/scsi_device.h | 4 ---- 2 files changed, 20 insertions(+), 6 deletions(-) root@linus:/usr/src/linux# ------------------------------------------------------------------- Beste Grüße, Peter Schneider -- Climb the mountain not to plant your flag, but to embrace the challenge, enjoy the air and behold the view. Climb it so you can see the world, not so the world can see you. -- David McCullough Jr. OpenPGP: 0xA3828BD796CCE11A8CADE8866E3A92C92C3FF244 Download: https://www.peters-netzplatz.de/download/pschneider1968_pub.asc https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@googlem… https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@gmail.c…

11 months, 2 weeks

4
10
0 0

Re: 回复: 回复: 回复: backport a patch for Linux kernel-5.15 kernel-6.1 kenrel-6.6 stable tree

by Greg KH

On Fri, May 24, 2024 at 01:07:18AM +0000, Lin Gui (桂林) wrote: > Dear @Greg KH<mailto:gregkh@linuxfoundation.org>, > > Base : kernel-5.15.159 > > diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c > index a569066..d656964 100644 > --- a/drivers/mmc/core/mmc.c > +++ b/drivers/mmc/core/mmc.c > @@ -1800,7 +1800,13 @@ static int mmc_init_card(struct mmc_host *host, u32 ocr, > if (err) > goto free_card; > > - } else if (!mmc_card_hs400es(card)) { > + } else if (mmc_card_hs400es(card)){ > + if (host->ops->execute_hs400_tuning) { > + err = host->ops->execute_hs400_tuning(host, card); > + if (err) > + goto free_card; > + } > + } else { > /* Select the desired bus width optionally */ > err = mmc_select_bus_width(card); > if (err > 0 && mmc_card_hs(card)) { > The patch is corrupted, and sent in html format. But most importantly, you did not test this to verify it works at all, which means that you don't really need it? confused, greg k-h

11 months, 2 weeks

1
0
0 0

[PATCH v2 2/2] memfd:add MEMFD_NOEXEC_SEAL documentation

by jeffxu＠chromium.org

From: Jeff Xu <jeffxu(a)google.com> Add documentation for MFD_NOEXEC_SEAL and MFD_EXEC Cc: stable(a)vger.kernel.org Signed-off-by: Jeff Xu <jeffxu(a)google.com> --- Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/mfd_noexec.rst | 90 ++++++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 Documentation/userspace-api/mfd_noexec.rst diff --git a/Documentation/userspace-api/index.rst b/Documentation/userspace-api/index.rst index 5926115ec0ed..8a251d71fa6e 100644 --- a/Documentation/userspace-api/index.rst +++ b/Documentation/userspace-api/index.rst @@ -32,6 +32,7 @@ Security-related interfaces seccomp_filter landlock lsm + mfd_noexec spec_ctrl tee diff --git a/Documentation/userspace-api/mfd_noexec.rst b/Documentation/userspace-api/mfd_noexec.rst new file mode 100644 index 000000000000..6f11ad86b076 --- /dev/null +++ b/Documentation/userspace-api/mfd_noexec.rst @@ -0,0 +1,90 @@ +.. SPDX-License-Identifier: GPL-2.0 + +================================== +Introduction of non executable mfd +================================== +:Author: + Daniel Verkamp <dverkamp(a)chromium.org> + Jeff Xu <jeffxu(a)google.com> + +:Contributor: + Aleksa Sarai <cyphar(a)cyphar.com> + Barnabás Pőcze <pobrn(a)protonmail.com> + David Rheinsberg <david(a)readahead.eu> + +Since Linux introduced the memfd feature, memfd have always had their +execute bit set, and the memfd_create() syscall doesn't allow setting +it differently. + +However, in a secure by default system, such as ChromeOS, (where all +executables should come from the rootfs, which is protected by Verified +boot), this executable nature of memfd opens a door for NoExec bypass +and enables “confused deputy attack”. E.g, in VRP bug [1]: cros_vm +process created a memfd to share the content with an external process, +however the memfd is overwritten and used for executing arbitrary code +and root escalation. [2] lists more VRP in this kind. + +On the other hand, executable memfd has its legit use, runc uses memfd’s +seal and executable feature to copy the contents of the binary then +execute them, for such system, we need a solution to differentiate runc's +use of executable memfds and an attacker's [3]. + +To address those above. + - Let memfd_create() set X bit at creation time. + - Let memfd be sealed for modifying X bit when NX is set. + - A new pid namespace sysctl: vm.memfd_noexec to help applications to + migrating and enforcing non-executable MFD. + +User API +======== +``int memfd_create(const char *name, unsigned int flags)`` + +``MFD_NOEXEC_SEAL`` + When MFD_NOEXEC_SEAL bit is set in the ``flags``, memfd is created + with NX. F_SEAL_EXEC is set and the memfd can't be modified to + add X later. + This is the most common case for the application to use memfd. + +``MFD_EXEC`` + When MFD_EXEC bit is set in the ``flags``, memfd is created with X. + +Note: + ``MFD_NOEXEC_SEAL`` and ``MFD_EXEC`` doesn't change the sealable + characteristic of memfd, which is controlled by ``MFD_ALLOW_SEALING``. + + +Sysctl: +======== +``pid namespaced sysctl vm.memfd_noexec`` + +The new pid namespaced sysctl vm.memfd_noexec has 3 values: + + - 0: MEMFD_NOEXEC_SCOPE_EXEC + memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like + MFD_EXEC was set. + + - 1: MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL + memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like + MFD_NOEXEC_SEAL was set. + + - 2: MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED + memfd_create() without MFD_NOEXEC_SEAL will be rejected. + +The sysctl allows finer control of memfd_create for old-software that +doesn't set the executable bit, for example, a container with +vm.memfd_noexec=1 means the old-software will create non-executable memfd +by default while new-software can create executable memfd by setting +MFD_EXEC. + +The value of memfd_noexec is passed to child namespace at creation time, +in addition, the setting is hierarchical, i.e. during memfd_create, +we will search from current ns to root ns and use the most restrictive +setting. + +Reference: +========== +[1] https://crbug.com/1305267 + +[2] https://bugs.chromium.org/p/chromium/issues/list?q=type%3Dbug-security%20me… + +[3] https://lwn.net/Articles/781013/ -- 2.45.1.288.g0e0cd299f1-goog

11 months, 2 weeks

2
1
0 0

Re: [PATCH v2] net: usb: ax88179_178a: avoid writing the mac address before first reading

by Jeffery Miller

Hello José, I'm testing on the 6.6 kernel with a "0b95:1790 ASIX Electronics Corp. AX88179 Gigabit Ethernet" device. after applying commit 56f78615bcb1 ("net: usb: ax88179_178a: avoid writing the mac address before first reading") the network will no longer work after brining the device down. After plugging in the device, it generally will work with ifconfig: $ ifconfig eth0 <ip address> However, if I then try bringing the devcie down and back up, it no longer works. $ ifconfig eth0 down $ ifconfig eth0 <ip address> $ ethtool eth0 | grep detected Link detected: no The link will continue to report as undetected. If I revert 56f78615bcb1 the device will work after bringing it down and back up. If I build at commit d7a319889498 ("net: usb: ax88179_178a: avoid two consecutive device resets") and its parent d7a319889498^ these also work. Is this something you have seen before with your test devices? Regards, Jeff

11 months, 2 weeks

2
2
0 0

[PATCH 0/4] LoongArch: Bootloader interface fixes

by Jiaxun Yang

Hi all, This series fixed some issues on bootloader - kernel interface. The first two fixed booting with devicetree, the last two enhanced kernel's tolerance on different bootloader implementation. Please review. Thanks Signed-off-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> --- Jiaxun Yang (4): LoongArch: Fix built-in DTB detection LoongArch: smp: Add all CPUs enabled by fdt to NUMA node 0 LoongArch: Fix entry point in image header LoongArch: Clear higher address bits in JUMP_VIRT_ADDR arch/loongarch/include/asm/stackframe.h | 4 +++- arch/loongarch/kernel/head.S | 2 +- arch/loongarch/kernel/setup.c | 6 ++++-- arch/loongarch/kernel/smp.c | 5 ++++- 4 files changed, 12 insertions(+), 5 deletions(-) --- base-commit: 124cfbcd6d185d4f50be02d5f5afe61578916773 change-id: 20240521-loongarch-booting-fixes-366e13e7ca55 Best regards, -- Jiaxun Yang <jiaxun.yang(a)flygoat.com>

11 months, 2 weeks

2
5
0 0

[PATCH stable 4.19] mmc: core: Do not force a retune before RPMB switch

by Florian Fainelli

From: Jorge Ramirez-Ortiz <jorge(a)foundries.io> commit 67380251e8bbd3302c64fea07f95c31971b91c22 upstream Requesting a retune before switching to the RPMB partition has been observed to cause CRC errors on the RPMB reads (-EILSEQ). Since RPMB reads can not be retried, the clients would be directly affected by the errors. This commit disables the retune request prior to switching to the RPMB partition: mmc_retune_pause() no longer triggers a retune before the pause period begins. This was verified with the sdhci-of-arasan driver (ZynqMP) configured for HS200 using two separate eMMC cards (DG4064 and 064GB2). In both cases, the error was easy to reproduce triggering every few tenths of reads. With this commit, systems that were utilizing OP-TEE to access RPMB variables will experience an enhanced performance. Specifically, when OP-TEE is configured to employ RPMB as a secure storage solution, it not only writes the data but also the secure filesystem within the partition. As a result, retrieving any variable involves multiple RPMB reads, typically around five. For context, on ZynqMP, each retune request consumed approximately 8ms. Consequently, reading any RPMB variable used to take at the very minimum 40ms. After droping the need to retune before switching to the RPMB partition, this is no longer the case. Signed-off-by: Jorge Ramirez-Ortiz <jorge(a)foundries.io> Acked-by: Avri Altman <avri.altman(a)wdc.com> Acked-by: Adrian Hunter <adrian.hunter(a)intel.com> Link: https://lore.kernel.org/r/20240103112911.2954632-1-jorge@foundries.io Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> --- drivers/mmc/core/host.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/mmc/core/host.c b/drivers/mmc/core/host.c index 3e94401c0eb3..23d95d2bdf05 100644 --- a/drivers/mmc/core/host.c +++ b/drivers/mmc/core/host.c @@ -68,13 +68,12 @@ void mmc_retune_enable(struct mmc_host *host) /* * Pause re-tuning for a small set of operations. The pause begins after the - * next command and after first doing re-tuning. + * next command. */ void mmc_retune_pause(struct mmc_host *host) { if (!host->retune_paused) { host->retune_paused = 1; - mmc_retune_needed(host); mmc_retune_hold(host); } } -- 2.34.1

11 months, 2 weeks

1
5
0 0

[for-linus][PATCH 4/8] tracefs: Clear EVENT_INODE flag in tracefs_drop_inode()

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> When the inode is being dropped from the dentry, the TRACEFS_EVENT_INODE flag needs to be cleared to prevent a remount from calling eventfs_remount() on the tracefs_inode private data. There's a race between the inode is dropped (and the dentry freed) to where the inode is actually freed. If a remount happens between the two, the eventfs_inode could be accessed after it is freed (only the dentry keeps a ref count on it). Currently the TRACEFS_EVENT_INODE flag is cleared from the dentry iput() function. But this is incorrect, as it is possible that the inode has another reference to it. The flag should only be cleared when the inode is really being dropped and has no more references. That happens in the drop_inode callback of the inode, as that gets called when the last reference of the inode is released. Remove the tracefs_d_iput() function and move its logic to the more appropriate tracefs_drop_inode() callback function. Link: https://lore.kernel.org/linux-trace-kernel/20240523051539.908205106@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Fixes: baa23a8d4360d ("tracefs: Reset permissions on remount if permissions are options") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/inode.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 9252e0d78ea2..7c29f4afc23d 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -426,10 +426,26 @@ static int tracefs_show_options(struct seq_file *m, struct dentry *root) return 0; } +static int tracefs_drop_inode(struct inode *inode) +{ + struct tracefs_inode *ti = get_tracefs(inode); + + /* + * This inode is being freed and cannot be used for + * eventfs. Clear the flag so that it doesn't call into + * eventfs during the remount flag updates. The eventfs_inode + * gets freed after an RCU cycle, so the content will still + * be safe if the iteration is going on now. + */ + ti->flags &= ~TRACEFS_EVENT_INODE; + + return 1; +} + static const struct super_operations tracefs_super_operations = { .alloc_inode = tracefs_alloc_inode, .free_inode = tracefs_free_inode, - .drop_inode = generic_delete_inode, + .drop_inode = tracefs_drop_inode, .statfs = simple_statfs, .show_options = tracefs_show_options, }; @@ -455,22 +471,7 @@ static int tracefs_d_revalidate(struct dentry *dentry, unsigned int flags) return !(ei && ei->is_freed); } -static void tracefs_d_iput(struct dentry *dentry, struct inode *inode) -{ - struct tracefs_inode *ti = get_tracefs(inode); - - /* - * This inode is being freed and cannot be used for - * eventfs. Clear the flag so that it doesn't call into - * eventfs during the remount flag updates. The eventfs_inode - * gets freed after an RCU cycle, so the content will still - * be safe if the iteration is going on now. - */ - ti->flags &= ~TRACEFS_EVENT_INODE; -} - static const struct dentry_operations tracefs_dentry_operations = { - .d_iput = tracefs_d_iput, .d_revalidate = tracefs_d_revalidate, .d_release = tracefs_d_release, }; -- 2.43.0

11 months, 2 weeks

1
0
0 0

[for-linus][PATCH 3/8] eventfs: Update all the eventfs_inodes from the events descriptor

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The change to update the permissions of the eventfs_inode had the misconception that using the tracefs_inode would find all the eventfs_inodes that have been updated and reset them on remount. The problem with this approach is that the eventfs_inodes are freed when they are no longer used (basically the reason the eventfs system exists). When they are freed, the updated eventfs_inodes are not reset on a remount because their tracefs_inodes have been freed. Instead, since the events directory eventfs_inode always has a tracefs_inode pointing to it (it is not freed when finished), and the events directory has a link to all its children, have the eventfs_remount() function only operate on the events eventfs_inode and have it descend into its children updating their uid and gids. Link: https://lore.kernel.org/all/CAK7LNARXgaWw3kH9JgrnH4vK6fr8LDkNKf3wq8NhMWJrVw… Link: https://lore.kernel.org/linux-trace-kernel/20240523051539.754424703@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: baa23a8d4360d ("tracefs: Reset permissions on remount if permissions are options") Reported-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 44 ++++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 5dfb1ccd56ea..129d0f54ba62 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -305,27 +305,27 @@ static const struct file_operations eventfs_file_operations = { .llseek = generic_file_llseek, }; -/* - * On a remount of tracefs, if UID or GID options are set, then - * the mount point inode permissions should be used. - * Reset the saved permission flags appropriately. - */ -void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) +static void eventfs_set_attrs(struct eventfs_inode *ei, bool update_uid, kuid_t uid, + bool update_gid, kgid_t gid, int level) { - struct eventfs_inode *ei = ti->private; + struct eventfs_inode *ei_child; - if (!ei) + /* Update events/<system>/<event> */ + if (WARN_ON_ONCE(level > 3)) return; if (update_uid) { ei->attr.mode &= ~EVENTFS_SAVE_UID; - ei->attr.uid = ti->vfs_inode.i_uid; + ei->attr.uid = uid; } - if (update_gid) { ei->attr.mode &= ~EVENTFS_SAVE_GID; - ei->attr.gid = ti->vfs_inode.i_gid; + ei->attr.gid = gid; + } + + list_for_each_entry(ei_child, &ei->children, list) { + eventfs_set_attrs(ei_child, update_uid, uid, update_gid, gid, level + 1); } if (!ei->entry_attrs) @@ -334,13 +334,31 @@ void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) for (int i = 0; i < ei->nr_entries; i++) { if (update_uid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; - ei->entry_attrs[i].uid = ti->vfs_inode.i_uid; + ei->entry_attrs[i].uid = uid; } if (update_gid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; - ei->entry_attrs[i].gid = ti->vfs_inode.i_gid; + ei->entry_attrs[i].gid = gid; } } + +} + +/* + * On a remount of tracefs, if UID or GID options are set, then + * the mount point inode permissions should be used. + * Reset the saved permission flags appropriately. + */ +void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) +{ + struct eventfs_inode *ei = ti->private; + + /* Only the events directory does the updates */ + if (!ei || !ei->is_events || ei->is_freed) + return; + + eventfs_set_attrs(ei, update_uid, ti->vfs_inode.i_uid, + update_gid, ti->vfs_inode.i_gid, 0); } /* Return the evenfs_inode of the "events" directory */ -- 2.43.0

11 months, 2 weeks

1
0
0 0

[for-linus][PATCH 2/8] tracefs: Update inode permissions on remount

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> When a remount happens, if a gid or uid is specified update the inodes to have the same gid and uid. This will allow the simplification of the permissions logic for the dynamically created files and directories. Link: https://lore.kernel.org/linux-trace-kernel/20240523051539.592429986@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Fixes: baa23a8d4360d ("tracefs: Reset permissions on remount if permissions are options") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 17 +++++++++++++---- fs/tracefs/inode.c | 15 ++++++++++++--- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 55a40a730b10..5dfb1ccd56ea 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -317,20 +317,29 @@ void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) if (!ei) return; - if (update_uid) + if (update_uid) { ei->attr.mode &= ~EVENTFS_SAVE_UID; + ei->attr.uid = ti->vfs_inode.i_uid; + } + - if (update_gid) + if (update_gid) { ei->attr.mode &= ~EVENTFS_SAVE_GID; + ei->attr.gid = ti->vfs_inode.i_gid; + } if (!ei->entry_attrs) return; for (int i = 0; i < ei->nr_entries; i++) { - if (update_uid) + if (update_uid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; - if (update_gid) + ei->entry_attrs[i].uid = ti->vfs_inode.i_uid; + } + if (update_gid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; + ei->entry_attrs[i].gid = ti->vfs_inode.i_gid; + } } } diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index a827f6a716c4..9252e0d78ea2 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -373,12 +373,21 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) rcu_read_lock(); list_for_each_entry_rcu(ti, &tracefs_inodes, list) { - if (update_uid) + if (update_uid) { ti->flags &= ~TRACEFS_UID_PERM_SET; + ti->vfs_inode.i_uid = fsi->uid; + } - if (update_gid) + if (update_gid) { ti->flags &= ~TRACEFS_GID_PERM_SET; - + ti->vfs_inode.i_gid = fsi->gid; + } + + /* + * Note, the above ti->vfs_inode updates are + * used in eventfs_remount() so they must come + * before calling it. + */ if (ti->flags & TRACEFS_EVENT_INODE) eventfs_remount(ti, update_uid, update_gid); } -- 2.43.0

11 months, 2 weeks

1
0
0 0

[for-linus][PATCH 1/8] eventfs: Keep the directories from having the same inode number as files

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The directories require unique inode numbers but all the eventfs files have the same inode number. Prevent the directories from having the same inode numbers as the files as that can confuse some tooling. Link: https://lore.kernel.org/linux-trace-kernel/20240523051539.428826685@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Fixes: 834bf76add3e6 ("eventfs: Save directory inodes in the eventfs_inode structure") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 0256afdd4acf..55a40a730b10 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -50,8 +50,12 @@ static struct eventfs_root_inode *get_root_inode(struct eventfs_inode *ei) /* Just try to make something consistent and unique */ static int eventfs_dir_ino(struct eventfs_inode *ei) { - if (!ei->ino) + if (!ei->ino) { ei->ino = get_next_ino(); + /* Must not have the file inode number */ + if (ei->ino == EVENTFS_FILE_INODE_INO) + ei->ino = get_next_ino(); + } return ei->ino; } -- 2.43.0

11 months, 2 weeks

1
0
0 0

[PATCH] hwmon: (nzxt-smart2) add another USB ID

by Aleksandr Mezin

Fan speed control reported to be working with existing userspace (hidraw) software, so I assume it's compatible. Fan channel count is the same. No known differences from already supported devices, at least regarding fan speed control and initialization. Discovered in liquidctl project: https://github.com/liquidctl/liquidctl/pull/702 Signed-off-by: Aleksandr Mezin <mezin.alexander(a)gmail.com> Cc: stable(a)vger.kernel.org # v6.1+ --- drivers/hwmon/nzxt-smart2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/hwmon/nzxt-smart2.c b/drivers/hwmon/nzxt-smart2.c index 7aa586eb74be..df6fa72a6b59 100644 --- a/drivers/hwmon/nzxt-smart2.c +++ b/drivers/hwmon/nzxt-smart2.c @@ -799,6 +799,7 @@ static const struct hid_device_id nzxt_smart2_hid_id_table[] = { { HID_USB_DEVICE(0x1e71, 0x2010) }, /* NZXT RGB & Fan Controller */ { HID_USB_DEVICE(0x1e71, 0x2011) }, /* NZXT RGB & Fan Controller (6 RGB) */ { HID_USB_DEVICE(0x1e71, 0x2019) }, /* NZXT RGB & Fan Controller (6 RGB) */ + { HID_USB_DEVICE(0x1e71, 0x2020) }, /* NZXT RGB & Fan Controller (6 RGB) */ {}, }; -- 2.45.1

11 months, 2 weeks

1
0
0 0

[tip: irq/urgent] genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline

by tip-bot2 for Dongli Zhang

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32 Gitweb: https://git.kernel.org/tip/a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32 Author: Dongli Zhang <dongli.zhang(a)oracle.com> AuthorDate: Wed, 22 May 2024 15:02:18 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 23 May 2024 21:51:50 +02:00 genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the next instance of the interrupt being triggered on the original CPU. When the interrupt next triggers on the original CPU, the new affinity is enforced within __irq_move_irq(). A vector is allocated from the new CPU, but the old vector on the original CPU remains and is not immediately reclaimed. Instead, apicd->move_in_progress is flagged, and the reclaiming process is delayed until the next trigger of the interrupt on the new CPU. Upon the subsequent triggering of the interrupt on the new CPU, irq_complete_move() adds a task to the old CPU's vector_cleanup list if it remains online. Subsequently, the timer on the old CPU iterates over its vector_cleanup list, reclaiming old vectors. However, a rare scenario arises if the old CPU is outgoing before the interrupt triggers again on the new CPU. In that case irq_force_complete_move() is not invoked on the outgoing CPU to reclaim the old apicd->prev_vector because the interrupt isn't currently affine to the outgoing CPU, and irq_needs_fixup() returns false. Even though __vector_schedule_cleanup() is later called on the new CPU, it doesn't reclaim apicd->prev_vector; instead, it simply resets both apicd->move_in_progress and apicd->prev_vector to 0. As a result, the vector remains unreclaimed in vector_matrix, leading to a CPU vector leak. To address this issue, move the invocation of irq_force_complete_move() before the irq_needs_fixup() call to reclaim apicd->prev_vector, if the interrupt is currently or used to be affine to the outgoing CPU. Additionally, reclaim the vector in __vector_schedule_cleanup() as well, following a warning message, although theoretically it should never see apicd->move_in_progress with apicd->prev_cpu pointing to an offline CPU. Fixes: f0383c24b485 ("genirq/cpuhotplug: Add support for cleaning up move in progress") Signed-off-by: Dongli Zhang <dongli.zhang(a)oracle.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240522220218.162423-1-dongli.zhang@oracle.com --- arch/x86/kernel/apic/vector.c | 9 ++++++--- kernel/irq/cpuhotplug.c | 16 ++++++++-------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c index 9eec529..5573181 100644 --- a/arch/x86/kernel/apic/vector.c +++ b/arch/x86/kernel/apic/vector.c @@ -1035,7 +1035,8 @@ static void __vector_schedule_cleanup(struct apic_chip_data *apicd) add_timer_on(&cl->timer, cpu); } } else { - apicd->prev_vector = 0; + pr_warn("IRQ %u schedule cleanup for offline CPU %u\n", apicd->irq, cpu); + free_moved_vector(apicd); } raw_spin_unlock(&vector_lock); } @@ -1072,6 +1073,7 @@ void irq_complete_move(struct irq_cfg *cfg) */ void irq_force_complete_move(struct irq_desc *desc) { + unsigned int cpu = smp_processor_id(); struct apic_chip_data *apicd; struct irq_data *irqd; unsigned int vector; @@ -1096,10 +1098,11 @@ void irq_force_complete_move(struct irq_desc *desc) goto unlock; /* - * If prev_vector is empty, no action required. + * If prev_vector is empty or the descriptor is neither currently + * nor previously on the outgoing CPU no action required. */ vector = apicd->prev_vector; - if (!vector) + if (!vector || (apicd->cpu != cpu && apicd->prev_cpu != cpu)) goto unlock; /* diff --git a/kernel/irq/cpuhotplug.c b/kernel/irq/cpuhotplug.c index 75cadbc..eb86283 100644 --- a/kernel/irq/cpuhotplug.c +++ b/kernel/irq/cpuhotplug.c @@ -70,6 +70,14 @@ static bool migrate_one_irq(struct irq_desc *desc) } /* + * Complete an eventually pending irq move cleanup. If this + * interrupt was moved in hard irq context, then the vectors need + * to be cleaned up. It can't wait until this interrupt actually + * happens and this CPU was involved. + */ + irq_force_complete_move(desc); + + /* * No move required, if: * - Interrupt is per cpu * - Interrupt is not started @@ -88,14 +96,6 @@ static bool migrate_one_irq(struct irq_desc *desc) } /* - * Complete an eventually pending irq move cleanup. If this - * interrupt was moved in hard irq context, then the vectors need - * to be cleaned up. It can't wait until this interrupt actually - * happens and this CPU was involved. - */ - irq_force_complete_move(desc); - - /* * If there is a setaffinity pending, then try to reuse the pending * mask, so the last change of the affinity does not get lost. If * there is no move pending or the pending mask does not contain

11 months, 2 weeks

1
0
0 0

+ selftest-mm-test-if-hugepage-does-not-get-leaked-during-__bio_release_pages.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() has been added to the -mm mm-unstable branch. Its filename is selftest-mm-test-if-hugepage-does-not-get-leaked-during-__bio_release_pages.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Donet Tom <donettom(a)linux.ibm.com> Subject: selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() Date: Thu, 23 May 2024 01:39:05 -0500 Commit 1b151e2435fc ("block: Remove special-casing of compound pages") caused a change in behaviour when releasing the pages if the buffer does not start at the beginning of the page. This was because the calculation of the number of pages to release was incorrect. This was fixed by commit 38b43539d64b ("block: Fix page refcounts for unaligned buffers in __bio_release_pages()"). We pin the user buffer during direct I/O writes. If this buffer is a hugepage, bio_release_page() will unpin it and decrement all references and pin counts at ->bi_end_io. However, if any references to the hugepage remain post-I/O, the hugepage will not be freed upon unmap, leading to a memory leak. This patch verifies that a hugepage, used as a user buffer for DIO operations, is correctly freed upon unmapping, regardless of whether the offsets are aligned or unaligned w.r.t page boundary. Test Result Fail Scenario (Without the fix) -------------------------------------------------------- []# ./hugetlb_dio TAP version 13 1..4 No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 1 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 2 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 3 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 6 not ok 4 : Huge pages not freed! Totals: pass:3 fail:1 xfail:0 xpass:0 skip:0 error:0 Test Result PASS Scenario (With the fix) --------------------------------------------------------- []#./hugetlb_dio TAP version 13 1..4 No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 1 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 2 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 3 : Huge pages freed successfully ! No. Free pages before allocation : 7 No. Free pages after munmap : 7 ok 4 : Huge pages freed successfully ! Totals: pass:4 fail:0 xfail:0 xpass:0 skip:0 error:0 Link: https://lkml.kernel.org/r/20240523063905.3173-1-donettom@linux.ibm.com Fixes: 38b43539d64b ("block: Fix page refcounts for unaligned buffers in __bio_release_pages()") Signed-off-by: Donet Tom <donettom(a)linux.ibm.com> Signed-off-by: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Muchun Song <songmuchun(a)bytedance.com> Cc: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Tony Battersby <tonyb(a)cybernetics.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/Makefile | 1 tools/testing/selftests/mm/hugetlb_dio.c | 118 +++++++++++++++++++++ 2 files changed, 119 insertions(+) --- /dev/null +++ a/tools/testing/selftests/mm/hugetlb_dio.c @@ -0,0 +1,118 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * This program tests for hugepage leaks after DIO writes to a file using a + * hugepage as the user buffer. During DIO, the user buffer is pinned and + * should be properly unpinned upon completion. This patch verifies that the + * kernel correctly unpins the buffer at DIO completion for both aligned and + * unaligned user buffer offsets (w.r.t page boundary), ensuring the hugepage + * is freed upon unmapping. + */ + +#define _GNU_SOURCE +#include <stdio.h> +#include <sys/stat.h> +#include <stdlib.h> +#include <fcntl.h> +#include <stdint.h> +#include <unistd.h> +#include <string.h> +#include <sys/mman.h> +#include "vm_util.h" +#include "../kselftest.h" + +void run_dio_using_hugetlb(unsigned int start_off, unsigned int end_off) +{ + int fd; + char *buffer = NULL; + char *orig_buffer = NULL; + size_t h_pagesize = 0; + size_t writesize; + int free_hpage_b = 0; + int free_hpage_a = 0; + + writesize = end_off - start_off; + + /* Get the default huge page size */ + h_pagesize = default_huge_page_size(); + if (!h_pagesize) + ksft_exit_fail_msg("Unable to determine huge page size\n"); + + /* Open the file to DIO */ + fd = open("/tmp", O_TMPFILE | O_RDWR | O_DIRECT); + if (fd < 0) + ksft_exit_fail_msg("Error opening file"); + + /* Get the free huge pages before allocation */ + free_hpage_b = get_free_hugepages(); + if (free_hpage_b == 0) { + close(fd); + ksft_exit_skip("No free hugepage, exiting!\n"); + } + + /* Allocate a hugetlb page */ + orig_buffer = mmap(NULL, h_pagesize, PROT_READ | PROT_WRITE, MAP_PRIVATE + | MAP_ANONYMOUS | MAP_HUGETLB, -1, 0); + if (orig_buffer == MAP_FAILED) { + close(fd); + ksft_exit_fail_msg("Error mapping memory"); + } + buffer = orig_buffer; + buffer += start_off; + + memset(buffer, 'A', writesize); + + /* Write the buffer to the file */ + if (write(fd, buffer, writesize) != (writesize)) { + munmap(orig_buffer, h_pagesize); + close(fd); + ksft_exit_fail_msg("Error writing to file"); + } + + /* unmap the huge page */ + munmap(orig_buffer, h_pagesize); + close(fd); + + /* Get the free huge pages after unmap*/ + free_hpage_a = get_free_hugepages(); + + /* + * If the no. of free hugepages before allocation and after unmap does + * not match - that means there could still be a page which is pinned. + */ + if (free_hpage_a != free_hpage_b) { + printf("No. Free pages before allocation : %d\n", free_hpage_b); + printf("No. Free pages after munmap : %d\n", free_hpage_a); + ksft_test_result_fail(": Huge pages not freed!\n"); + } else { + printf("No. Free pages before allocation : %d\n", free_hpage_b); + printf("No. Free pages after munmap : %d\n", free_hpage_a); + ksft_test_result_pass(": Huge pages freed successfully !\n"); + } +} + +int main(void) +{ + size_t pagesize = 0; + + ksft_print_header(); + ksft_set_plan(4); + + /* Get base page size */ + pagesize = psize(); + + /* start and end is aligned to pagesize */ + run_dio_using_hugetlb(0, (pagesize * 3)); + + /* start is aligned but end is not aligned */ + run_dio_using_hugetlb(0, (pagesize * 3) - (pagesize / 2)); + + /* start is unaligned and end is aligned */ + run_dio_using_hugetlb(pagesize / 2, (pagesize * 3)); + + /* both start and end are unaligned */ + run_dio_using_hugetlb(pagesize / 2, (pagesize * 3) + (pagesize / 2)); + + ksft_finished(); + return 0; +} + --- a/tools/testing/selftests/mm/Makefile~selftest-mm-test-if-hugepage-does-not-get-leaked-during-__bio_release_pages +++ a/tools/testing/selftests/mm/Makefile @@ -71,6 +71,7 @@ TEST_GEN_FILES += ksm_functional_tests TEST_GEN_FILES += mdwe_test TEST_GEN_FILES += hugetlb_fault_after_madv TEST_GEN_FILES += hugetlb_madv_vs_map +TEST_GEN_FILES += hugetlb_dio ifneq ($(ARCH),arm64) TEST_GEN_FILES += soft-dirty _ Patches currently in -mm which might be from donettom(a)linux.ibm.com are selftest-mm-test-if-hugepage-does-not-get-leaked-during-__bio_release_pages.patch

11 months, 2 weeks

1
0
0 0

+ mm-memory-failure-fix-handling-of-dissolved-but-not-taken-off-from-buddy-pages.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-fix-handling-of-dissolved-but-not-taken-off-from-buddy-pages.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages Date: Thu, 23 May 2024 15:12:17 +0800 When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff) raw: 06fffe0000000000 dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000009 00000000ffffffff 0000000000000000 page dumped because: VM_BUG_ON_PAGE(!PageBuddy(page)) ------------[ cut here ]------------ kernel BUG at include/linux/page-flags.h:1009! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:__del_page_from_free_list+0x151/0x180 RSP: 0018:ffffa49c90437998 EFLAGS: 00000046 RAX: 0000000000000035 RBX: 0000000000000009 RCX: ffff8dd8dfd1c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8dd8dfd1c9c0 RBP: ffffd901233b8000 R08: ffffffffab5511f8 R09: 0000000000008c69 R10: 0000000000003c15 R11: ffffffffab5511f8 R12: ffff8dd8fffc0c80 R13: 0000000000000001 R14: ffff8dd8fffc0c80 R15: 0000000000000009 FS: 00007ff916304740(0000) GS:ffff8dd8dfd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055eae50124c8 CR3: 00000008479e0000 CR4: 00000000000006f0 Call Trace: <TASK> __rmqueue_pcplist+0x23b/0x520 get_page_from_freelist+0x26b/0xe40 __alloc_pages_noprof+0x113/0x1120 __folio_alloc_noprof+0x11/0xb0 alloc_buddy_hugetlb_folio.isra.0+0x5a/0x130 __alloc_fresh_hugetlb_folio+0xe7/0x140 alloc_pool_huge_folio+0x68/0x100 set_max_huge_pages+0x13d/0x340 hugetlb_sysctl_handler_common+0xe8/0x110 proc_sys_call_handler+0x194/0x280 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xc2/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff916114887 RSP: 002b:00007ffec8a2fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000055eae500e350 RCX: 00007ff916114887 RDX: 0000000000000004 RSI: 000055eae500e390 RDI: 0000000000000003 RBP: 000055eae50104c0 R08: 0000000000000000 R09: 000055eae50104c0 R10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000004 R13: 0000000000000004 R14: 00007ff916216b80 R15: 00007ff916216a00 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- And before the panic, there had an warning about bad page state: BUG: Bad page state in process page-types pfn:8cee00 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff) page_type: 0xffffff7f(buddy) raw: 06fffe0000000000 ffffd901241c0008 ffffd901240f8008 0000000000000000 raw: 0000000000000000 0000000000000009 00000000ffffff7f 0000000000000000 page dumped because: nonzero mapcount Modules linked in: mce_inject hwpoison_inject CPU: 8 PID: 154211 Comm: page-types Not tainted 6.9.0-rc4-00499-g5544ec3178e2-dirty #22 Call Trace: <TASK> dump_stack_lvl+0x83/0xa0 bad_page+0x63/0xf0 free_unref_page+0x36e/0x5c0 unpoison_memory+0x50b/0x630 simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110 debugfs_attr_write+0x42/0x60 full_proxy_write+0x5b/0x80 vfs_write+0xcd/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xc2/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f189a514887 RSP: 002b:00007ffdcd899718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f189a514887 RDX: 0000000000000009 RSI: 00007ffdcd899730 RDI: 0000000000000003 RBP: 00007ffdcd8997a0 R08: 0000000000000000 R09: 00007ffdcd8994b2 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcda199a8 R13: 0000000000404af1 R14: 000000000040ad78 R15: 00007f189a7a5040 </TASK> The root cause should be the below race: memory_failure try_memory_failure_hugetlb me_huge_page __page_handle_poison dissolve_free_hugetlb_folio drain_all_pages -- Buddy page can be isolated e.g. for compaction. take_page_off_buddy -- Failed as page is not in the buddy list. -- Page can be putback into buddy after compaction. page_ref_inc -- Leads to buddy page with refcnt = 1. Then unpoison_memory() can unpoison the page and send the buddy page back into buddy list again leading to the above bad page state warning. And bad_page() will call page_mapcount_reset() to remove PageBuddy from buddy page leading to later VM_BUG_ON_PAGE(!PageBuddy(page)) when trying to allocate this page. Fix this issue by only treating __page_handle_poison() as successful when it returns 1. Link: https://lkml.kernel.org/r/20240523071217.1696196-1-linmiaohe@huawei.com Fixes: ceaf8fbea79a ("mm, hwpoison: skip raw hwpoison page in freeing 1GB hugepage") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-fix-handling-of-dissolved-but-not-taken-off-from-buddy-pages +++ a/mm/memory-failure.c @@ -1221,7 +1221,7 @@ static int me_huge_page(struct page_stat * subpages. */ folio_put(folio); - if (__page_handle_poison(p) >= 0) { + if (__page_handle_poison(p) > 0) { page_ref_inc(p); res = MF_RECOVERED; } else { @@ -2091,7 +2091,7 @@ retry: */ if (res == 0) { folio_unlock(folio); - if (__page_handle_poison(p) >= 0) { + if (__page_handle_poison(p) > 0) { page_ref_inc(p); res = MF_RECOVERED; } else { _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-huge_memory-dont-unpoison-huge_zero_folio.patch mm-memory-failure-fix-handling-of-dissolved-but-not-taken-off-from-buddy-pages.patch

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] binder: fix max_thread type inconsistency" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 42316941335644a98335f209daafa4c122f28983 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052314-demeanor-mushy-46bb@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42316941335644a98335f209daafa4c122f28983 Mon Sep 17 00:00:00 2001 From: Carlos Llamas <cmllamas(a)google.com> Date: Sun, 21 Apr 2024 17:37:49 +0000 Subject: [PATCH] binder: fix max_thread type inconsistency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from size_t to __u32 in order to avoid incompatibility issues between 32 and 64-bit kernels. However, the internal types used to copy from user and store the value were never updated. Use u32 to fix the inconsistency. Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration") Reported-by: Arve Hjønnevåg <arve(a)android.com> Cc: stable(a)vger.kernel.org Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Link: https://lore.kernel.org/r/20240421173750.3117808-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/android/binder.c b/drivers/android/binder.c index dd6923d37931..b21a7b246a0d 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -5367,7 +5367,7 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) goto err; break; case BINDER_SET_MAX_THREADS: { - int max_threads; + u32 max_threads; if (copy_from_user(&max_threads, ubuf, sizeof(max_threads))) { diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h index 7270d4d22207..5b7c80b99ae8 100644 --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -421,7 +421,7 @@ struct binder_proc { struct list_head todo; struct binder_stats stats; struct list_head delivered_death; - int max_threads; + u32 max_threads; int requested_threads; int requested_threads_started; int tmp_ref;

11 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] binder: fix max_thread type inconsistency" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 42316941335644a98335f209daafa4c122f28983 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052314-pardon-confider-6160@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42316941335644a98335f209daafa4c122f28983 Mon Sep 17 00:00:00 2001 From: Carlos Llamas <cmllamas(a)google.com> Date: Sun, 21 Apr 2024 17:37:49 +0000 Subject: [PATCH] binder: fix max_thread type inconsistency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from size_t to __u32 in order to avoid incompatibility issues between 32 and 64-bit kernels. However, the internal types used to copy from user and store the value were never updated. Use u32 to fix the inconsistency. Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration") Reported-by: Arve Hjønnevåg <arve(a)android.com> Cc: stable(a)vger.kernel.org Signed-off-by: Carlos Llamas <cmllamas(a)google.com> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Link: https://lore.kernel.org/r/20240421173750.3117808-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/android/binder.c b/drivers/android/binder.c index dd6923d37931..b21a7b246a0d 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -5367,7 +5367,7 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) goto err; break; case BINDER_SET_MAX_THREADS: { - int max_threads; + u32 max_threads; if (copy_from_user(&max_threads, ubuf, sizeof(max_threads))) { diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h index 7270d4d22207..5b7c80b99ae8 100644 --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -421,7 +421,7 @@ struct binder_proc { struct list_head todo; struct binder_stats stats; struct list_head delivered_death; - int max_threads; + u32 max_threads; int requested_threads; int requested_threads_started; int tmp_ref;

11 months, 2 weeks

2
1
0 0

Re: [PATCH 6.9 00/25] 6.9.2-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

11 months, 2 weeks

1
0
0 0

[PATCH v2] mei: vsc: Don't stop/restart mei device during system suspend/resume

by Wentong Wu

The dynamically created mei client device (mei csi) is used as one V4L2 sub device of the whole video pipeline, and the V4L2 connection graph is built by software node. The mei_stop() and mei_restart() will delete the old mei csi client device and create a new mei client device, which will cause the software node information saved in old mei csi device lost and the whole video pipeline will be broken. Removing mei_stop()/mei_restart() during system suspend/resume can fix the issue above and won't impact hardware actual power saving logic. Fixes: f6085a96c973 ("mei: vsc: Unregister interrupt handler for system suspend") Cc: stable(a)vger.kernel.org # for 6.8+ Reported-by: Hao Yao <hao.yao(a)intel.com> Signed-off-by: Wentong Wu <wentong.wu(a)intel.com> Reviewed-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Tested-by: Jason Chen <jason.z.chen(a)intel.com> Tested-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> --- drivers/misc/mei/platform-vsc.c | 39 +++++++++++++-------------------- 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/drivers/misc/mei/platform-vsc.c b/drivers/misc/mei/platform-vsc.c index b543e6b9f3cf..1ec65d87488a 100644 --- a/drivers/misc/mei/platform-vsc.c +++ b/drivers/misc/mei/platform-vsc.c @@ -399,41 +399,32 @@ static void mei_vsc_remove(struct platform_device *pdev) static int mei_vsc_suspend(struct device *dev) { - struct mei_device *mei_dev = dev_get_drvdata(dev); - struct mei_vsc_hw *hw = mei_dev_to_vsc_hw(mei_dev); + struct mei_device *mei_dev; + int ret = 0; - mei_stop(mei_dev); + mei_dev = dev_get_drvdata(dev); + if (!mei_dev) + return -ENODEV; - mei_disable_interrupts(mei_dev); + mutex_lock(&mei_dev->device_lock); - vsc_tp_free_irq(hw->tp); + if (!mei_write_is_idle(mei_dev)) + ret = -EAGAIN; - return 0; + mutex_unlock(&mei_dev->device_lock); + + return ret; } static int mei_vsc_resume(struct device *dev) { - struct mei_device *mei_dev = dev_get_drvdata(dev); - struct mei_vsc_hw *hw = mei_dev_to_vsc_hw(mei_dev); - int ret; - - ret = vsc_tp_request_irq(hw->tp); - if (ret) - return ret; - - ret = mei_restart(mei_dev); - if (ret) - goto err_free; + struct mei_device *mei_dev; - /* start timer if stopped in suspend */ - schedule_delayed_work(&mei_dev->timer_work, HZ); + mei_dev = dev_get_drvdata(dev); + if (!mei_dev) + return -ENODEV; return 0; - -err_free: - vsc_tp_free_irq(hw->tp); - - return ret; } static DEFINE_SIMPLE_DEV_PM_OPS(mei_vsc_pm_ops, mei_vsc_suspend, mei_vsc_resume); -- 2.34.1

11 months, 2 weeks

1
0
0 0

[PATCH] drm/i915/dpt: Make DPT object unshrinkable

by Vidya Srinivas

In some scenarios, the DPT object gets shrunk but the actual framebuffer did not and thus its still there on the DPT's vm->bound_list. Then it tries to rewrite the PTEs via a stale CPU mapping. This causes panic. Credits-to: Ville Syrjala <ville.syrjala(a)linux.intel.com> Shawn Lee <shawn.c.lee(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 0dc987b699ce ("drm/i915/display: Add smem fallback allocation for dpt") Signed-off-by: Vidya Srinivas <vidya.srinivas(a)intel.com> --- drivers/gpu/drm/i915/gem/i915_gem_object.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gem/i915_gem_object.h b/drivers/gpu/drm/i915/gem/i915_gem_object.h index 3560a062d287..e6b485fc54d4 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_object.h +++ b/drivers/gpu/drm/i915/gem/i915_gem_object.h @@ -284,7 +284,8 @@ bool i915_gem_object_has_iomem(const struct drm_i915_gem_object *obj); static inline bool i915_gem_object_is_shrinkable(const struct drm_i915_gem_object *obj) { - return i915_gem_object_type_has(obj, I915_GEM_OBJECT_IS_SHRINKABLE); + return i915_gem_object_type_has(obj, I915_GEM_OBJECT_IS_SHRINKABLE) && + !obj->is_dpt; } static inline bool -- 2.34.1

11 months, 2 weeks

3
7
0 0

[PATCH] mei: vsc: Don't stop/restart mei device during system suspend/resume

by Wentong Wu

The dynamically created mei client device (mei csi) is used as one V4L2 sub device of the whole video pipeline, and the V4L2 connection graph is built by software node. The mei_stop() and mei_restart() will delete the old mei csi client device and create a new mei client device, which will cause the software node information saved in old mei csi device lost and the whole video pipeline will be broken. Removing mei_stop()/mei_restart() during system suspend/resume can fix the issue above and won't impact hardware actual power saving logic. Fixes: 386a766c4169 ("mei: Add MEI hardware support for IVSC device") Cc: stable(a)vger.kernel.org # for 6.8+ Reported-by: Hao Yao <hao.yao(a)intel.com> Signed-off-by: Wentong Wu <wentong.wu(a)intel.com> Tested-by: Jason Chen <jason.z.chen(a)intel.com> --- drivers/misc/mei/platform-vsc.c | 39 +++++++++++++-------------------- 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/drivers/misc/mei/platform-vsc.c b/drivers/misc/mei/platform-vsc.c index b543e6b9f3cf..1ec65d87488a 100644 --- a/drivers/misc/mei/platform-vsc.c +++ b/drivers/misc/mei/platform-vsc.c @@ -399,41 +399,32 @@ static void mei_vsc_remove(struct platform_device *pdev) static int mei_vsc_suspend(struct device *dev) { - struct mei_device *mei_dev = dev_get_drvdata(dev); - struct mei_vsc_hw *hw = mei_dev_to_vsc_hw(mei_dev); + struct mei_device *mei_dev; + int ret = 0; - mei_stop(mei_dev); + mei_dev = dev_get_drvdata(dev); + if (!mei_dev) + return -ENODEV; - mei_disable_interrupts(mei_dev); + mutex_lock(&mei_dev->device_lock); - vsc_tp_free_irq(hw->tp); + if (!mei_write_is_idle(mei_dev)) + ret = -EAGAIN; - return 0; + mutex_unlock(&mei_dev->device_lock); + + return ret; } static int mei_vsc_resume(struct device *dev) { - struct mei_device *mei_dev = dev_get_drvdata(dev); - struct mei_vsc_hw *hw = mei_dev_to_vsc_hw(mei_dev); - int ret; - - ret = vsc_tp_request_irq(hw->tp); - if (ret) - return ret; - - ret = mei_restart(mei_dev); - if (ret) - goto err_free; + struct mei_device *mei_dev; - /* start timer if stopped in suspend */ - schedule_delayed_work(&mei_dev->timer_work, HZ); + mei_dev = dev_get_drvdata(dev); + if (!mei_dev) + return -ENODEV; return 0; - -err_free: - vsc_tp_free_irq(hw->tp); - - return ret; } static DEFINE_SIMPLE_DEV_PM_OPS(mei_vsc_pm_ops, mei_vsc_suspend, mei_vsc_resume); -- 2.34.1

11 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] usb: typec: tipd: fix event checking for tps6598x" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 409c1cfb5a803f3cf2d17aeaf75c25c4be951b07 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052357-thong-expensive-7cdd@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 409c1cfb5a803f3cf2d17aeaf75c25c4be951b07 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco(a)wolfvision.net> Date: Mon, 29 Apr 2024 15:35:58 +0200 Subject: [PATCH] usb: typec: tipd: fix event checking for tps6598x The current interrupt service routine of the tps6598x only reads the first 64 bits of the INT_EVENT1 and INT_EVENT2 registers, which means that any event above that range will be ignored, leaving interrupts unattended. Moreover, those events will not be cleared, and the device will keep the interrupt enabled. This issue has been observed while attempting to load patches, and the 'ReadyForPatch' field (bit 81) of INT_EVENT1 was set. Given that older versions of the tps6598x (1, 2 and 6) provide 8-byte registers, a mechanism based on the upper byte of the version register (0x0F) has been included. The manufacturer has confirmed [1] that this byte is always 0 for older versions, and either 0xF7 (DH parts) or 0xF9 (DK parts) is returned in newer versions (7 and 8). Read the complete INT_EVENT registers to handle all interrupts generated by the device and account for the hardware version to select the register size. Link: https://e2e.ti.com/support/power-management-group/power-management/f/power-… [1] Fixes: 0a4c005bd171 ("usb: typec: driver for TI TPS6598x USB Power Delivery controllers") Cc: stable(a)vger.kernel.org Signed-off-by: Javier Carrasco <javier.carrasco(a)wolfvision.net> Link: https://lore.kernel.org/r/20240429-tps6598x_fix_event_handling-v3-2-4e8e58d… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tipd/core.c b/drivers/usb/typec/tipd/core.c index 7c2f01344860..191f86da283d 100644 --- a/drivers/usb/typec/tipd/core.c +++ b/drivers/usb/typec/tipd/core.c @@ -28,6 +28,7 @@ #define TPS_REG_MODE 0x03 #define TPS_REG_CMD1 0x08 #define TPS_REG_DATA1 0x09 +#define TPS_REG_VERSION 0x0F #define TPS_REG_INT_EVENT1 0x14 #define TPS_REG_INT_EVENT2 0x15 #define TPS_REG_INT_MASK1 0x16 @@ -636,49 +637,67 @@ static irqreturn_t tps25750_interrupt(int irq, void *data) static irqreturn_t tps6598x_interrupt(int irq, void *data) { + int intev_len = TPS_65981_2_6_INTEVENT_LEN; struct tps6598x *tps = data; - u64 event1 = 0; - u64 event2 = 0; + u64 event1[2] = { }; + u64 event2[2] = { }; + u32 version; u32 status; int ret; mutex_lock(&tps->lock); - ret = tps6598x_read64(tps, TPS_REG_INT_EVENT1, &event1); - ret |= tps6598x_read64(tps, TPS_REG_INT_EVENT2, &event2); + ret = tps6598x_read32(tps, TPS_REG_VERSION, &version); + if (ret) + dev_warn(tps->dev, "%s: failed to read version (%d)\n", + __func__, ret); + + if (TPS_VERSION_HW_VERSION(version) == TPS_VERSION_HW_65987_8_DH || + TPS_VERSION_HW_VERSION(version) == TPS_VERSION_HW_65987_8_DK) + intev_len = TPS_65987_8_INTEVENT_LEN; + + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT1, event1, intev_len); + + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT1, event1, intev_len); if (ret) { - dev_err(tps->dev, "%s: failed to read events\n", __func__); + dev_err(tps->dev, "%s: failed to read event1\n", __func__); goto err_unlock; } - trace_tps6598x_irq(event1, event2); + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT2, event2, intev_len); + if (ret) { + dev_err(tps->dev, "%s: failed to read event2\n", __func__); + goto err_unlock; + } + trace_tps6598x_irq(event1[0], event2[0]); - if (!(event1 | event2)) + if (!(event1[0] | event1[1] | event2[0] | event2[1])) goto err_unlock; if (!tps6598x_read_status(tps, &status)) goto err_clear_ints; - if ((event1 | event2) & TPS_REG_INT_POWER_STATUS_UPDATE) + if ((event1[0] | event2[0]) & TPS_REG_INT_POWER_STATUS_UPDATE) if (!tps6598x_read_power_status(tps)) goto err_clear_ints; - if ((event1 | event2) & TPS_REG_INT_DATA_STATUS_UPDATE) + if ((event1[0] | event2[0]) & TPS_REG_INT_DATA_STATUS_UPDATE) if (!tps6598x_read_data_status(tps)) goto err_clear_ints; /* Handle plug insert or removal */ - if ((event1 | event2) & TPS_REG_INT_PLUG_EVENT) + if ((event1[0] | event2[0]) & TPS_REG_INT_PLUG_EVENT) tps6598x_handle_plug_event(tps, status); err_clear_ints: - tps6598x_write64(tps, TPS_REG_INT_CLEAR1, event1); - tps6598x_write64(tps, TPS_REG_INT_CLEAR2, event2); + tps6598x_block_write(tps, TPS_REG_INT_CLEAR1, event1, intev_len); + tps6598x_block_write(tps, TPS_REG_INT_CLEAR2, event2, intev_len); err_unlock: mutex_unlock(&tps->lock); - if (event1 | event2) + if (event1[0] | event1[1] | event2[0] | event2[1]) return IRQ_HANDLED; + return IRQ_NONE; } diff --git a/drivers/usb/typec/tipd/tps6598x.h b/drivers/usb/typec/tipd/tps6598x.h index 89b24519463a..9b23e9017452 100644 --- a/drivers/usb/typec/tipd/tps6598x.h +++ b/drivers/usb/typec/tipd/tps6598x.h @@ -253,4 +253,15 @@ #define TPS_PTCC_DEV 2 #define TPS_PTCC_APP 3 +/* Version Register */ +#define TPS_VERSION_HW_VERSION_MASK GENMASK(31, 24) +#define TPS_VERSION_HW_VERSION(x) TPS_FIELD_GET(TPS_VERSION_HW_VERSION_MASK, (x)) +#define TPS_VERSION_HW_65981_2_6 0x00 +#define TPS_VERSION_HW_65987_8_DH 0xF7 +#define TPS_VERSION_HW_65987_8_DK 0xF9 + +/* Int Event Register length */ +#define TPS_65981_2_6_INTEVENT_LEN 8 +#define TPS_65987_8_INTEVENT_LEN 11 + #endif /* __TPS6598X_H__ */

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tipd: fix event checking for tps6598x" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 409c1cfb5a803f3cf2d17aeaf75c25c4be951b07 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052354-lustrous-corrode-977e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 409c1cfb5a803f3cf2d17aeaf75c25c4be951b07 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco(a)wolfvision.net> Date: Mon, 29 Apr 2024 15:35:58 +0200 Subject: [PATCH] usb: typec: tipd: fix event checking for tps6598x The current interrupt service routine of the tps6598x only reads the first 64 bits of the INT_EVENT1 and INT_EVENT2 registers, which means that any event above that range will be ignored, leaving interrupts unattended. Moreover, those events will not be cleared, and the device will keep the interrupt enabled. This issue has been observed while attempting to load patches, and the 'ReadyForPatch' field (bit 81) of INT_EVENT1 was set. Given that older versions of the tps6598x (1, 2 and 6) provide 8-byte registers, a mechanism based on the upper byte of the version register (0x0F) has been included. The manufacturer has confirmed [1] that this byte is always 0 for older versions, and either 0xF7 (DH parts) or 0xF9 (DK parts) is returned in newer versions (7 and 8). Read the complete INT_EVENT registers to handle all interrupts generated by the device and account for the hardware version to select the register size. Link: https://e2e.ti.com/support/power-management-group/power-management/f/power-… [1] Fixes: 0a4c005bd171 ("usb: typec: driver for TI TPS6598x USB Power Delivery controllers") Cc: stable(a)vger.kernel.org Signed-off-by: Javier Carrasco <javier.carrasco(a)wolfvision.net> Link: https://lore.kernel.org/r/20240429-tps6598x_fix_event_handling-v3-2-4e8e58d… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tipd/core.c b/drivers/usb/typec/tipd/core.c index 7c2f01344860..191f86da283d 100644 --- a/drivers/usb/typec/tipd/core.c +++ b/drivers/usb/typec/tipd/core.c @@ -28,6 +28,7 @@ #define TPS_REG_MODE 0x03 #define TPS_REG_CMD1 0x08 #define TPS_REG_DATA1 0x09 +#define TPS_REG_VERSION 0x0F #define TPS_REG_INT_EVENT1 0x14 #define TPS_REG_INT_EVENT2 0x15 #define TPS_REG_INT_MASK1 0x16 @@ -636,49 +637,67 @@ static irqreturn_t tps25750_interrupt(int irq, void *data) static irqreturn_t tps6598x_interrupt(int irq, void *data) { + int intev_len = TPS_65981_2_6_INTEVENT_LEN; struct tps6598x *tps = data; - u64 event1 = 0; - u64 event2 = 0; + u64 event1[2] = { }; + u64 event2[2] = { }; + u32 version; u32 status; int ret; mutex_lock(&tps->lock); - ret = tps6598x_read64(tps, TPS_REG_INT_EVENT1, &event1); - ret |= tps6598x_read64(tps, TPS_REG_INT_EVENT2, &event2); + ret = tps6598x_read32(tps, TPS_REG_VERSION, &version); + if (ret) + dev_warn(tps->dev, "%s: failed to read version (%d)\n", + __func__, ret); + + if (TPS_VERSION_HW_VERSION(version) == TPS_VERSION_HW_65987_8_DH || + TPS_VERSION_HW_VERSION(version) == TPS_VERSION_HW_65987_8_DK) + intev_len = TPS_65987_8_INTEVENT_LEN; + + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT1, event1, intev_len); + + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT1, event1, intev_len); if (ret) { - dev_err(tps->dev, "%s: failed to read events\n", __func__); + dev_err(tps->dev, "%s: failed to read event1\n", __func__); goto err_unlock; } - trace_tps6598x_irq(event1, event2); + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT2, event2, intev_len); + if (ret) { + dev_err(tps->dev, "%s: failed to read event2\n", __func__); + goto err_unlock; + } + trace_tps6598x_irq(event1[0], event2[0]); - if (!(event1 | event2)) + if (!(event1[0] | event1[1] | event2[0] | event2[1])) goto err_unlock; if (!tps6598x_read_status(tps, &status)) goto err_clear_ints; - if ((event1 | event2) & TPS_REG_INT_POWER_STATUS_UPDATE) + if ((event1[0] | event2[0]) & TPS_REG_INT_POWER_STATUS_UPDATE) if (!tps6598x_read_power_status(tps)) goto err_clear_ints; - if ((event1 | event2) & TPS_REG_INT_DATA_STATUS_UPDATE) + if ((event1[0] | event2[0]) & TPS_REG_INT_DATA_STATUS_UPDATE) if (!tps6598x_read_data_status(tps)) goto err_clear_ints; /* Handle plug insert or removal */ - if ((event1 | event2) & TPS_REG_INT_PLUG_EVENT) + if ((event1[0] | event2[0]) & TPS_REG_INT_PLUG_EVENT) tps6598x_handle_plug_event(tps, status); err_clear_ints: - tps6598x_write64(tps, TPS_REG_INT_CLEAR1, event1); - tps6598x_write64(tps, TPS_REG_INT_CLEAR2, event2); + tps6598x_block_write(tps, TPS_REG_INT_CLEAR1, event1, intev_len); + tps6598x_block_write(tps, TPS_REG_INT_CLEAR2, event2, intev_len); err_unlock: mutex_unlock(&tps->lock); - if (event1 | event2) + if (event1[0] | event1[1] | event2[0] | event2[1]) return IRQ_HANDLED; + return IRQ_NONE; } diff --git a/drivers/usb/typec/tipd/tps6598x.h b/drivers/usb/typec/tipd/tps6598x.h index 89b24519463a..9b23e9017452 100644 --- a/drivers/usb/typec/tipd/tps6598x.h +++ b/drivers/usb/typec/tipd/tps6598x.h @@ -253,4 +253,15 @@ #define TPS_PTCC_DEV 2 #define TPS_PTCC_APP 3 +/* Version Register */ +#define TPS_VERSION_HW_VERSION_MASK GENMASK(31, 24) +#define TPS_VERSION_HW_VERSION(x) TPS_FIELD_GET(TPS_VERSION_HW_VERSION_MASK, (x)) +#define TPS_VERSION_HW_65981_2_6 0x00 +#define TPS_VERSION_HW_65987_8_DH 0xF7 +#define TPS_VERSION_HW_65987_8_DK 0xF9 + +/* Int Event Register length */ +#define TPS_65981_2_6_INTEVENT_LEN 8 +#define TPS_65987_8_INTEVENT_LEN 11 + #endif /* __TPS6598X_H__ */

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tipd: fix event checking for tps6598x" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 409c1cfb5a803f3cf2d17aeaf75c25c4be951b07 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052353-bless-encrypt-6938@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 409c1cfb5a803f3cf2d17aeaf75c25c4be951b07 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco(a)wolfvision.net> Date: Mon, 29 Apr 2024 15:35:58 +0200 Subject: [PATCH] usb: typec: tipd: fix event checking for tps6598x The current interrupt service routine of the tps6598x only reads the first 64 bits of the INT_EVENT1 and INT_EVENT2 registers, which means that any event above that range will be ignored, leaving interrupts unattended. Moreover, those events will not be cleared, and the device will keep the interrupt enabled. This issue has been observed while attempting to load patches, and the 'ReadyForPatch' field (bit 81) of INT_EVENT1 was set. Given that older versions of the tps6598x (1, 2 and 6) provide 8-byte registers, a mechanism based on the upper byte of the version register (0x0F) has been included. The manufacturer has confirmed [1] that this byte is always 0 for older versions, and either 0xF7 (DH parts) or 0xF9 (DK parts) is returned in newer versions (7 and 8). Read the complete INT_EVENT registers to handle all interrupts generated by the device and account for the hardware version to select the register size. Link: https://e2e.ti.com/support/power-management-group/power-management/f/power-… [1] Fixes: 0a4c005bd171 ("usb: typec: driver for TI TPS6598x USB Power Delivery controllers") Cc: stable(a)vger.kernel.org Signed-off-by: Javier Carrasco <javier.carrasco(a)wolfvision.net> Link: https://lore.kernel.org/r/20240429-tps6598x_fix_event_handling-v3-2-4e8e58d… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tipd/core.c b/drivers/usb/typec/tipd/core.c index 7c2f01344860..191f86da283d 100644 --- a/drivers/usb/typec/tipd/core.c +++ b/drivers/usb/typec/tipd/core.c @@ -28,6 +28,7 @@ #define TPS_REG_MODE 0x03 #define TPS_REG_CMD1 0x08 #define TPS_REG_DATA1 0x09 +#define TPS_REG_VERSION 0x0F #define TPS_REG_INT_EVENT1 0x14 #define TPS_REG_INT_EVENT2 0x15 #define TPS_REG_INT_MASK1 0x16 @@ -636,49 +637,67 @@ static irqreturn_t tps25750_interrupt(int irq, void *data) static irqreturn_t tps6598x_interrupt(int irq, void *data) { + int intev_len = TPS_65981_2_6_INTEVENT_LEN; struct tps6598x *tps = data; - u64 event1 = 0; - u64 event2 = 0; + u64 event1[2] = { }; + u64 event2[2] = { }; + u32 version; u32 status; int ret; mutex_lock(&tps->lock); - ret = tps6598x_read64(tps, TPS_REG_INT_EVENT1, &event1); - ret |= tps6598x_read64(tps, TPS_REG_INT_EVENT2, &event2); + ret = tps6598x_read32(tps, TPS_REG_VERSION, &version); + if (ret) + dev_warn(tps->dev, "%s: failed to read version (%d)\n", + __func__, ret); + + if (TPS_VERSION_HW_VERSION(version) == TPS_VERSION_HW_65987_8_DH || + TPS_VERSION_HW_VERSION(version) == TPS_VERSION_HW_65987_8_DK) + intev_len = TPS_65987_8_INTEVENT_LEN; + + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT1, event1, intev_len); + + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT1, event1, intev_len); if (ret) { - dev_err(tps->dev, "%s: failed to read events\n", __func__); + dev_err(tps->dev, "%s: failed to read event1\n", __func__); goto err_unlock; } - trace_tps6598x_irq(event1, event2); + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT2, event2, intev_len); + if (ret) { + dev_err(tps->dev, "%s: failed to read event2\n", __func__); + goto err_unlock; + } + trace_tps6598x_irq(event1[0], event2[0]); - if (!(event1 | event2)) + if (!(event1[0] | event1[1] | event2[0] | event2[1])) goto err_unlock; if (!tps6598x_read_status(tps, &status)) goto err_clear_ints; - if ((event1 | event2) & TPS_REG_INT_POWER_STATUS_UPDATE) + if ((event1[0] | event2[0]) & TPS_REG_INT_POWER_STATUS_UPDATE) if (!tps6598x_read_power_status(tps)) goto err_clear_ints; - if ((event1 | event2) & TPS_REG_INT_DATA_STATUS_UPDATE) + if ((event1[0] | event2[0]) & TPS_REG_INT_DATA_STATUS_UPDATE) if (!tps6598x_read_data_status(tps)) goto err_clear_ints; /* Handle plug insert or removal */ - if ((event1 | event2) & TPS_REG_INT_PLUG_EVENT) + if ((event1[0] | event2[0]) & TPS_REG_INT_PLUG_EVENT) tps6598x_handle_plug_event(tps, status); err_clear_ints: - tps6598x_write64(tps, TPS_REG_INT_CLEAR1, event1); - tps6598x_write64(tps, TPS_REG_INT_CLEAR2, event2); + tps6598x_block_write(tps, TPS_REG_INT_CLEAR1, event1, intev_len); + tps6598x_block_write(tps, TPS_REG_INT_CLEAR2, event2, intev_len); err_unlock: mutex_unlock(&tps->lock); - if (event1 | event2) + if (event1[0] | event1[1] | event2[0] | event2[1]) return IRQ_HANDLED; + return IRQ_NONE; } diff --git a/drivers/usb/typec/tipd/tps6598x.h b/drivers/usb/typec/tipd/tps6598x.h index 89b24519463a..9b23e9017452 100644 --- a/drivers/usb/typec/tipd/tps6598x.h +++ b/drivers/usb/typec/tipd/tps6598x.h @@ -253,4 +253,15 @@ #define TPS_PTCC_DEV 2 #define TPS_PTCC_APP 3 +/* Version Register */ +#define TPS_VERSION_HW_VERSION_MASK GENMASK(31, 24) +#define TPS_VERSION_HW_VERSION(x) TPS_FIELD_GET(TPS_VERSION_HW_VERSION_MASK, (x)) +#define TPS_VERSION_HW_65981_2_6 0x00 +#define TPS_VERSION_HW_65987_8_DH 0xF7 +#define TPS_VERSION_HW_65987_8_DK 0xF9 + +/* Int Event Register length */ +#define TPS_65981_2_6_INTEVENT_LEN 8 +#define TPS_65987_8_INTEVENT_LEN 11 + #endif /* __TPS6598X_H__ */

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tipd: fix event checking for tps6598x" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 409c1cfb5a803f3cf2d17aeaf75c25c4be951b07 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052352-liberty-uneven-ef8a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 409c1cfb5a803f3cf2d17aeaf75c25c4be951b07 Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco(a)wolfvision.net> Date: Mon, 29 Apr 2024 15:35:58 +0200 Subject: [PATCH] usb: typec: tipd: fix event checking for tps6598x The current interrupt service routine of the tps6598x only reads the first 64 bits of the INT_EVENT1 and INT_EVENT2 registers, which means that any event above that range will be ignored, leaving interrupts unattended. Moreover, those events will not be cleared, and the device will keep the interrupt enabled. This issue has been observed while attempting to load patches, and the 'ReadyForPatch' field (bit 81) of INT_EVENT1 was set. Given that older versions of the tps6598x (1, 2 and 6) provide 8-byte registers, a mechanism based on the upper byte of the version register (0x0F) has been included. The manufacturer has confirmed [1] that this byte is always 0 for older versions, and either 0xF7 (DH parts) or 0xF9 (DK parts) is returned in newer versions (7 and 8). Read the complete INT_EVENT registers to handle all interrupts generated by the device and account for the hardware version to select the register size. Link: https://e2e.ti.com/support/power-management-group/power-management/f/power-… [1] Fixes: 0a4c005bd171 ("usb: typec: driver for TI TPS6598x USB Power Delivery controllers") Cc: stable(a)vger.kernel.org Signed-off-by: Javier Carrasco <javier.carrasco(a)wolfvision.net> Link: https://lore.kernel.org/r/20240429-tps6598x_fix_event_handling-v3-2-4e8e58d… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tipd/core.c b/drivers/usb/typec/tipd/core.c index 7c2f01344860..191f86da283d 100644 --- a/drivers/usb/typec/tipd/core.c +++ b/drivers/usb/typec/tipd/core.c @@ -28,6 +28,7 @@ #define TPS_REG_MODE 0x03 #define TPS_REG_CMD1 0x08 #define TPS_REG_DATA1 0x09 +#define TPS_REG_VERSION 0x0F #define TPS_REG_INT_EVENT1 0x14 #define TPS_REG_INT_EVENT2 0x15 #define TPS_REG_INT_MASK1 0x16 @@ -636,49 +637,67 @@ static irqreturn_t tps25750_interrupt(int irq, void *data) static irqreturn_t tps6598x_interrupt(int irq, void *data) { + int intev_len = TPS_65981_2_6_INTEVENT_LEN; struct tps6598x *tps = data; - u64 event1 = 0; - u64 event2 = 0; + u64 event1[2] = { }; + u64 event2[2] = { }; + u32 version; u32 status; int ret; mutex_lock(&tps->lock); - ret = tps6598x_read64(tps, TPS_REG_INT_EVENT1, &event1); - ret |= tps6598x_read64(tps, TPS_REG_INT_EVENT2, &event2); + ret = tps6598x_read32(tps, TPS_REG_VERSION, &version); + if (ret) + dev_warn(tps->dev, "%s: failed to read version (%d)\n", + __func__, ret); + + if (TPS_VERSION_HW_VERSION(version) == TPS_VERSION_HW_65987_8_DH || + TPS_VERSION_HW_VERSION(version) == TPS_VERSION_HW_65987_8_DK) + intev_len = TPS_65987_8_INTEVENT_LEN; + + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT1, event1, intev_len); + + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT1, event1, intev_len); if (ret) { - dev_err(tps->dev, "%s: failed to read events\n", __func__); + dev_err(tps->dev, "%s: failed to read event1\n", __func__); goto err_unlock; } - trace_tps6598x_irq(event1, event2); + ret = tps6598x_block_read(tps, TPS_REG_INT_EVENT2, event2, intev_len); + if (ret) { + dev_err(tps->dev, "%s: failed to read event2\n", __func__); + goto err_unlock; + } + trace_tps6598x_irq(event1[0], event2[0]); - if (!(event1 | event2)) + if (!(event1[0] | event1[1] | event2[0] | event2[1])) goto err_unlock; if (!tps6598x_read_status(tps, &status)) goto err_clear_ints; - if ((event1 | event2) & TPS_REG_INT_POWER_STATUS_UPDATE) + if ((event1[0] | event2[0]) & TPS_REG_INT_POWER_STATUS_UPDATE) if (!tps6598x_read_power_status(tps)) goto err_clear_ints; - if ((event1 | event2) & TPS_REG_INT_DATA_STATUS_UPDATE) + if ((event1[0] | event2[0]) & TPS_REG_INT_DATA_STATUS_UPDATE) if (!tps6598x_read_data_status(tps)) goto err_clear_ints; /* Handle plug insert or removal */ - if ((event1 | event2) & TPS_REG_INT_PLUG_EVENT) + if ((event1[0] | event2[0]) & TPS_REG_INT_PLUG_EVENT) tps6598x_handle_plug_event(tps, status); err_clear_ints: - tps6598x_write64(tps, TPS_REG_INT_CLEAR1, event1); - tps6598x_write64(tps, TPS_REG_INT_CLEAR2, event2); + tps6598x_block_write(tps, TPS_REG_INT_CLEAR1, event1, intev_len); + tps6598x_block_write(tps, TPS_REG_INT_CLEAR2, event2, intev_len); err_unlock: mutex_unlock(&tps->lock); - if (event1 | event2) + if (event1[0] | event1[1] | event2[0] | event2[1]) return IRQ_HANDLED; + return IRQ_NONE; } diff --git a/drivers/usb/typec/tipd/tps6598x.h b/drivers/usb/typec/tipd/tps6598x.h index 89b24519463a..9b23e9017452 100644 --- a/drivers/usb/typec/tipd/tps6598x.h +++ b/drivers/usb/typec/tipd/tps6598x.h @@ -253,4 +253,15 @@ #define TPS_PTCC_DEV 2 #define TPS_PTCC_APP 3 +/* Version Register */ +#define TPS_VERSION_HW_VERSION_MASK GENMASK(31, 24) +#define TPS_VERSION_HW_VERSION(x) TPS_FIELD_GET(TPS_VERSION_HW_VERSION_MASK, (x)) +#define TPS_VERSION_HW_65981_2_6 0x00 +#define TPS_VERSION_HW_65987_8_DH 0xF7 +#define TPS_VERSION_HW_65987_8_DK 0xF9 + +/* Int Event Register length */ +#define TPS_65981_2_6_INTEVENT_LEN 8 +#define TPS_65987_8_INTEVENT_LEN 11 + #endif /* __TPS6598X_H__ */

11 months, 2 weeks

1
0
0 0

[PATCH stable-6.9.y] ASoC: Intel: sof_sdw: use generic rtd_init function for Realtek SDW DMICs

by Peter Ujfalusi

From: Bard Liao <yung-chuan.liao(a)linux.intel.com> commit bee2fe44679f1e6a5332d7f78587ccca4109919f upstream. The only thing that the rt_xxx_rtd_init() functions do is to set card->components. And we can set card->components with name_prefix as rt712_sdca_dmic_rtd_init() does. And sof_sdw_rtd_init() will always select the first dai with the given dai->name from codec_info_list[]. Unfortunately, we have different codecs with the same dai name. For example, dai name of rt715 and rt715-sdca are both "rt715-aif2". Using a generic rtd_init allow sof_sdw_rtd_init() run the rtd_init() callback from a similar codec dai. Fixes: 8266c73126b7 ("ASoC: Intel: sof_sdw: add common sdw dai link init") Reviewed-by: Chao Song <chao.song(a)linux.intel.com> Reviewed-by: Péter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Signed-off-by: Bard Liao <yung-chuan.liao(a)linux.intel.com> Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Link: https://msgid.link/r/20240326160429.13560-25-pierre-louis.bossart@linux.int… Link: https://github.com/thesofproject/linux/issues/4999 # 6.9.y stable report Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org # 6.9 Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> --- Hi, Regression reported in 6.9 by a user: https://github.com/thesofproject/linux/issues/4999 The fix for the issue somehow dodged the 6.9 cycle and only landed mainline for 6.10, before -rc1 tag. Our trust in machines shaken a bit, so just to make sure that this patch is picked for stable 6.9, I have cherry-picked it and tested on a device that it is working without any side-effect. Regards, Peter sound/soc/intel/boards/Makefile | 1 + sound/soc/intel/boards/sof_sdw.c | 12 +++--- sound/soc/intel/boards/sof_sdw_common.h | 1 + sound/soc/intel/boards/sof_sdw_rt_dmic.c | 52 ++++++++++++++++++++++++ 4 files changed, 60 insertions(+), 6 deletions(-) create mode 100644 sound/soc/intel/boards/sof_sdw_rt_dmic.c diff --git a/sound/soc/intel/boards/Makefile b/sound/soc/intel/boards/Makefile index bbf796a5f7ba..08cfd4baecdd 100644 --- a/sound/soc/intel/boards/Makefile +++ b/sound/soc/intel/boards/Makefile @@ -42,6 +42,7 @@ snd-soc-sof-sdw-objs += sof_sdw.o \ sof_sdw_rt711.o sof_sdw_rt_sdca_jack_common.o \ sof_sdw_rt712_sdca.o sof_sdw_rt715.o \ sof_sdw_rt715_sdca.o sof_sdw_rt722_sdca.o \ + sof_sdw_rt_dmic.o \ sof_sdw_cs42l42.o sof_sdw_cs42l43.o \ sof_sdw_cs_amp.o \ sof_sdw_dmic.o \ diff --git a/sound/soc/intel/boards/sof_sdw.c b/sound/soc/intel/boards/sof_sdw.c index 08f330ed5c2e..a90b43162a54 100644 --- a/sound/soc/intel/boards/sof_sdw.c +++ b/sound/soc/intel/boards/sof_sdw.c @@ -730,7 +730,7 @@ static struct sof_sdw_codec_info codec_info_list[] = { .dai_name = "rt712-sdca-dmic-aif1", .dai_type = SOF_SDW_DAI_TYPE_MIC, .dailink = {SDW_UNUSED_DAI_ID, SDW_DMIC_DAI_ID}, - .rtd_init = rt712_sdca_dmic_rtd_init, + .rtd_init = rt_dmic_rtd_init, }, }, .dai_num = 1, @@ -760,7 +760,7 @@ static struct sof_sdw_codec_info codec_info_list[] = { .dai_name = "rt712-sdca-dmic-aif1", .dai_type = SOF_SDW_DAI_TYPE_MIC, .dailink = {SDW_UNUSED_DAI_ID, SDW_DMIC_DAI_ID}, - .rtd_init = rt712_sdca_dmic_rtd_init, + .rtd_init = rt_dmic_rtd_init, }, }, .dai_num = 1, @@ -822,7 +822,7 @@ static struct sof_sdw_codec_info codec_info_list[] = { .dai_name = "rt715-aif2", .dai_type = SOF_SDW_DAI_TYPE_MIC, .dailink = {SDW_UNUSED_DAI_ID, SDW_DMIC_DAI_ID}, - .rtd_init = rt715_sdca_rtd_init, + .rtd_init = rt_dmic_rtd_init, }, }, .dai_num = 1, @@ -837,7 +837,7 @@ static struct sof_sdw_codec_info codec_info_list[] = { .dai_name = "rt715-aif2", .dai_type = SOF_SDW_DAI_TYPE_MIC, .dailink = {SDW_UNUSED_DAI_ID, SDW_DMIC_DAI_ID}, - .rtd_init = rt715_sdca_rtd_init, + .rtd_init = rt_dmic_rtd_init, }, }, .dai_num = 1, @@ -852,7 +852,7 @@ static struct sof_sdw_codec_info codec_info_list[] = { .dai_name = "rt715-aif2", .dai_type = SOF_SDW_DAI_TYPE_MIC, .dailink = {SDW_UNUSED_DAI_ID, SDW_DMIC_DAI_ID}, - .rtd_init = rt715_rtd_init, + .rtd_init = rt_dmic_rtd_init, }, }, .dai_num = 1, @@ -867,7 +867,7 @@ static struct sof_sdw_codec_info codec_info_list[] = { .dai_name = "rt715-aif2", .dai_type = SOF_SDW_DAI_TYPE_MIC, .dailink = {SDW_UNUSED_DAI_ID, SDW_DMIC_DAI_ID}, - .rtd_init = rt715_rtd_init, + .rtd_init = rt_dmic_rtd_init, }, }, .dai_num = 1, diff --git a/sound/soc/intel/boards/sof_sdw_common.h b/sound/soc/intel/boards/sof_sdw_common.h index b1d57034361c..8a541b6bb0ac 100644 --- a/sound/soc/intel/boards/sof_sdw_common.h +++ b/sound/soc/intel/boards/sof_sdw_common.h @@ -190,6 +190,7 @@ int rt712_sdca_dmic_rtd_init(struct snd_soc_pcm_runtime *rtd); int rt712_spk_rtd_init(struct snd_soc_pcm_runtime *rtd); int rt715_rtd_init(struct snd_soc_pcm_runtime *rtd); int rt715_sdca_rtd_init(struct snd_soc_pcm_runtime *rtd); +int rt_dmic_rtd_init(struct snd_soc_pcm_runtime *rtd); int rt_amp_spk_rtd_init(struct snd_soc_pcm_runtime *rtd); int rt_sdca_jack_rtd_init(struct snd_soc_pcm_runtime *rtd); diff --git a/sound/soc/intel/boards/sof_sdw_rt_dmic.c b/sound/soc/intel/boards/sof_sdw_rt_dmic.c new file mode 100644 index 000000000000..9091f5b5c648 --- /dev/null +++ b/sound/soc/intel/boards/sof_sdw_rt_dmic.c @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: GPL-2.0-only +// Copyright (c) 2024 Intel Corporation + +/* + * sof_sdw_rt_dmic - Helpers to handle Realtek SDW DMIC from generic machine driver + */ + +#include <linux/device.h> +#include <linux/errno.h> +#include <sound/soc.h> +#include <sound/soc-acpi.h> +#include "sof_board_helpers.h" +#include "sof_sdw_common.h" + +static const char * const dmics[] = { + "rt715", + "rt712-sdca-dmic", +}; + +int rt_dmic_rtd_init(struct snd_soc_pcm_runtime *rtd) +{ + struct snd_soc_card *card = rtd->card; + struct snd_soc_component *component; + struct snd_soc_dai *codec_dai; + char *mic_name; + + codec_dai = get_codec_dai_by_name(rtd, dmics, ARRAY_SIZE(dmics)); + if (!codec_dai) + return -EINVAL; + + component = codec_dai->component; + + /* + * rt715-sdca (aka rt714) is a special case that uses different name in card->components + * and component->name_prefix. + */ + if (!strcmp(component->name_prefix, "rt714")) + mic_name = devm_kasprintf(card->dev, GFP_KERNEL, "rt715-sdca"); + else + mic_name = devm_kasprintf(card->dev, GFP_KERNEL, "%s", component->name_prefix); + + card->components = devm_kasprintf(card->dev, GFP_KERNEL, + "%s mic:%s", card->components, + mic_name); + if (!card->components) + return -ENOMEM; + + dev_dbg(card->dev, "card->components: %s\n", card->components); + + return 0; +} +MODULE_IMPORT_NS(SND_SOC_INTEL_SOF_BOARD_HELPERS); -- 2.45.1

11 months, 2 weeks

3
2
0 0

[PATCH 4.19.y 00/13] fix double-free bug causing by destroy_hist_field(data->onmax.var, 0)

by George Guo

Hi, There are 3 points about this bug: 1) The onmax_destroy() destroyed the onmax var, casusing a double-free error flagged by KASAN. This is tested via "./ftracetest test.d/trigger/inter-event/trigger-onmatch-onmax-action-hist.tc". ================================================================== BUG: KASAN: use-after-free in destroy_hist_field+0x1c2/0x200 Read of size 8 at addr ffff88800a4ad100 by task ftracetest/4731 CPU: 0 PID: 4731 Comm: ftracetest Kdump: loaded Tainted: GE 4.19.90-89 #77 Source Version: Unknown Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0 Call Trace: dump_stack+0xcb/0x10b print_address_description.cold+0x54/0x249 kasan_report_error.cold+0x63/0xab ? destroy_hist_field+0x1c2/0x200 ? hist_trigger_elt_data_alloc+0x5a0/0x5a0 __asan_report_load8_noabort+0x8d/0xa0 ? destroy_hist_field+0x1c2/0x200 destroy_hist_field+0x1c2/0x200 onmax_destroy+0x72/0x1e0 ? hist_trigger_elt_data_alloc+0x5a0/0x5a0 destroy_hist_data+0x236/0xa40 event_hist_trigger_free+0x212/0x2f0 ? update_cond_flag+0x128/0x170 ? event_hist_trigger_func+0x2880/0x2880 hist_unregister_trigger+0x2f2/0x4f0 event_hist_trigger_func+0x168c/0x2880 ? tracing_map_cmp_u64+0xa0/0xa0 ? onmatch_create.constprop.0+0xf50/0xf50 ? __mutex_lock_slowpath+0x10/0x10 event_trigger_write+0x2f4/0x490 ? trigger_start+0x180/0x180 ? __fget_light+0x369/0x5d0 ? count_memcg_event_mm+0x104/0x2b0 ? trigger_start+0x180/0x180 __vfs_write+0x81/0x100 vfs_write+0x1e1/0x540 ksys_write+0x12a/0x290 ? __ia32_sys_read+0xb0/0xb0 ? __close_fd+0x1d3/0x280 do_syscall_64+0xe3/0x2d0 entry_SYSCALL_64_after_hwframe+0x5c/0xc1 RIP: 0033:0x7fd7f4c44e04 Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 48 8d 05 39 34 0c 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 41 54 55 49 89 d4 53 48 89 f5 RSP: 002b:00007fff10370df8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000010f RCX: 00007fd7f4c44e04 RDX: 000000000000010f RSI: 000055fa765df650 RDI: 0000000000000001 RBP: 000055fa765df650 R08: 000000000000000a R09: 0000000000000000 R10: 000000000000000a R11: 0000000000000246 R12: 00007fd7f4d035c0 R13: 000000000000010f R14: 00007fd7f4d037c0 R15: 000000000000010f ================================================================== 2) So remove the onmax_destroy() destroy_hist_field() call for that var. just like this demo patch: diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 7dcb96305e56..58b8a2575b8c 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -3489,7 +3488,6 @@ static void onmax_destroy(struct action_data *data) unsigned int i; destroy_hist_field(data->onmax.max_var, 0); - destroy_hist_field(data->onmax.var, 0); kfree(data->onmax.var_str); kfree(data->onmax.fn_name); -- 3) And I found it has been fixed by upstream commit ff9d31d0d466. So I am backporting these patches to linux-4.19.y. Masami Hiramatsu (4): tracing: Simplify creation and deletion of synthetic events tracing: Add unified dynamic event framework tracing: Use dyn_event framework for synthetic events tracing: Remove unneeded synth_event_mutex Steven Rostedt (VMware) (5): tracing: Consolidate trace_add/remove_event_call back to the nolock functions string.h: Add str_has_prefix() helper function tracing: Use str_has_prefix() helper for histogram code tracing: Use str_has_prefix() instead of using fixed sizes tracing: Have the historgram use the result of str_has_prefix() for len of prefix Tom Zanussi (4): tracing: Refactor hist trigger action code tracing: Split up onmatch action data tracing: Generalize hist trigger onmax and save action tracing: Remove unnecessary var_ref destroy in track_data_destroy() include/linux/string.h | 20 + include/linux/trace_events.h | 2 - kernel/trace/Kconfig | 4 + kernel/trace/Makefile | 1 + kernel/trace/trace.c | 26 +- kernel/trace/trace_dynevent.c | 210 ++++++ kernel/trace/trace_dynevent.h | 119 ++++ kernel/trace/trace_events.c | 32 +- kernel/trace/trace_events_hist.c | 1048 ++++++++++++++++++------------ kernel/trace/trace_probe.c | 2 +- kernel/trace/trace_stack.c | 2 +- 11 files changed, 1008 insertions(+), 458 deletions(-) create mode 100644 kernel/trace/trace_dynevent.c create mode 100644 kernel/trace/trace_dynevent.h -- 2.34.1

11 months, 2 weeks

2
14
0 0

[PATCH v5.10, v5.4] drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()

by Ajay Kaher

From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> [ Upstream commit b8d55a90fd55b767c25687747e2b24abd1ef8680 ] Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176) Suggested-by: Hawking Zhang <Hawking.Zhang(a)amd.com> Cc: Tao Zhou <tao.zhou1(a)amd.com> Cc: Hawking Zhang <Hawking.Zhang(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> Reviewed-by: Hawking Zhang <Hawking.Zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [Ajay: applied AMDGPU_RAS_BLOCK_COUNT condition to amdgpu_ras_error_query() as amdgpu_ras_query_error_status_helper() not present in v5.10, v5.4 amdgpu_ras_query_error_status_helper() was introduced in 8cc0f5669eb6] Signed-off-by: Ajay Kaher <ajay.kaher(a)broadcom.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c index a8f1c49..e971d2b 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c @@ -765,6 +765,9 @@ int amdgpu_ras_error_query(struct amdgpu_device *adev, if (!obj) return -EINVAL; + if (!info || info->head.block == AMDGPU_RAS_BLOCK_COUNT) + return -EINVAL; + switch (info->head.block) { case AMDGPU_RAS_BLOCK__UMC: if (adev->umc.funcs->query_ras_error_count) -- 2.7.4

11 months, 2 weeks

2
3
0 0

FAILED: patch "[PATCH] btrfs: add missing mutex_unlock in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9af503d91298c3f2945e73703f0e00995be08c30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051346-unvocal-magnetism-4ae1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 9af503d91298 ("btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()") 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9af503d91298c3f2945e73703f0e00995be08c30 Mon Sep 17 00:00:00 2001 From: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Date: Fri, 19 Apr 2024 11:22:48 +0900 Subject: [PATCH] btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() The previous patch that replaced BUG_ON by error handling forgot to unlock the mutex in the error path. Link: https://lore.kernel.org/all/Zh%2fHpAGFqa7YAFuM@duo.ucw.cz Reported-by: Pavel Machek <pavel(a)denx.de> Fixes: 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") CC: stable(a)vger.kernel.org Reviewed-by: Pavel Machek <pavel(a)denx.de> Signed-off-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index dedec3d9b111..c72c351fe7eb 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -3419,6 +3419,7 @@ static int btrfs_relocate_sys_chunks(struct btrfs_fs_info *fs_info) * alignment and size). */ ret = -EUCLEAN; + mutex_unlock(&fs_info->reclaim_bgs_lock); goto error; }

11 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] mptcp: ensure snd_nxt is properly initialized on connect" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x fb7a0d334894206ae35f023a82cad5a290fd7386 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051325-dreamt-freebee-5563@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: fb7a0d334894 ("mptcp: ensure snd_nxt is properly initialized on connect") 54f1944ed6d2 ("mptcp: factor out mptcp_connect()") a42cf9d18278 ("mptcp: poll allow write call before actual connect") d98a82a6afc7 ("mptcp: handle defer connect in mptcp_sendmsg") 3e5014909b56 ("mptcp: cleanup MPJ subflow list handling") 3d1d6d66e156 ("mptcp: implement support for user-space disconnect") b29fcfb54cd7 ("mptcp: full disconnect implementation") 3ce0852c86b9 ("mptcp: enforce HoL-blocking estimation") 7cd2802d7496 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fb7a0d334894206ae35f023a82cad5a290fd7386 Mon Sep 17 00:00:00 2001 From: Paolo Abeni <pabeni(a)redhat.com> Date: Mon, 29 Apr 2024 20:00:31 +0200 Subject: [PATCH] mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules linked in: CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 Workqueue: events mptcp_worker RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8 8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe <0f> 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9 RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4 RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000 R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000 FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0 Call Trace: <TASK> __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline] mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline] __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615 mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767 process_one_work+0x1e0/0x560 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x3c7/0x640 kernel/workqueue.c:3416 kthread+0x121/0x170 kernel/kthread.c:388 ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 </TASK> When fallback to TCP happens early on a client socket, snd_nxt is not yet initialized and any incoming ack will copy such value into snd_una. If the mptcp worker (dumbly) tries mptcp-level re-injection after such ack, that would unconditionally trigger a send buffer cleanup using 'bad' snd_una values. We could easily disable re-injection for fallback sockets, but such dumb behavior already helped catching a few subtle issues and a very low to zero impact in practice. Instead address the issue always initializing snd_nxt (and write_seq, for consistency) at connect time. Fixes: 8fd738049ac3 ("mptcp: fallback in case of simultaneous connect") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/485 Tested-by: Christoph Paasch <cpaasch(a)apple.com> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240429-upstream-net-20240429-mptcp-snd_nxt-init… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 7e74b812e366..965eb69dc5de 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3723,6 +3723,9 @@ static int mptcp_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_TOKENFALLBACKINIT); mptcp_subflow_early_fallback(msk, subflow); } + + WRITE_ONCE(msk->write_seq, subflow->idsn); + WRITE_ONCE(msk->snd_nxt, subflow->idsn); if (likely(!__mptcp_check_fallback(msk))) MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_MPCAPABLEACTIVE);

11 months, 2 weeks

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror