- Linux-stable-mirror - lists.linaro.org

[PATCH 6.8.y 1/2] erofs: get rid of erofs_fs_context

by Gao Xiang

From: Baokun Li <libaokun1(a)huawei.com> commit 07abe43a28b2c660f726d66f5470f7f114f9643a upstream. Instead of allocating the erofs_sb_info in fill_super() allocate it during erofs_init_fs_context() and ensure that erofs can always have the info available during erofs_kill_sb(). After this erofs_fs_context is no longer needed, replace ctx with sbi, no functional changes. Suggested-by: Jingbo Xu <jefflexu(a)linux.alibaba.com> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jingbo Xu <jefflexu(a)linux.alibaba.com> Reviewed-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Link: https://lore.kernel.org/r/20240419123611.947084-2-libaokun1@huawei.com [ Gao Xiang: trivial conflict due to a warning message. ] Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- fs/erofs/internal.h | 7 --- fs/erofs/super.c | 116 ++++++++++++++++++++------------------------ 2 files changed, 53 insertions(+), 70 deletions(-) diff --git a/fs/erofs/internal.h b/fs/erofs/internal.h index 410f5af62354..c69174675caf 100644 --- a/fs/erofs/internal.h +++ b/fs/erofs/internal.h @@ -84,13 +84,6 @@ struct erofs_dev_context { bool flatdev; }; -struct erofs_fs_context { - struct erofs_mount_opts opt; - struct erofs_dev_context *devs; - char *fsid; - char *domain_id; -}; - /* all filesystem-wide lz4 configurations */ struct erofs_sb_lz4_info { /* # of pages needed for EROFS lz4 rolling decompression */ diff --git a/fs/erofs/super.c b/fs/erofs/super.c index 24788c230b49..8d7a3abb9c1b 100644 --- a/fs/erofs/super.c +++ b/fs/erofs/super.c @@ -370,18 +370,18 @@ static int erofs_read_superblock(struct super_block *sb) return ret; } -static void erofs_default_options(struct erofs_fs_context *ctx) +static void erofs_default_options(struct erofs_sb_info *sbi) { #ifdef CONFIG_EROFS_FS_ZIP - ctx->opt.cache_strategy = EROFS_ZIP_CACHE_READAROUND; - ctx->opt.max_sync_decompress_pages = 3; - ctx->opt.sync_decompress = EROFS_SYNC_DECOMPRESS_AUTO; + sbi->opt.cache_strategy = EROFS_ZIP_CACHE_READAROUND; + sbi->opt.max_sync_decompress_pages = 3; + sbi->opt.sync_decompress = EROFS_SYNC_DECOMPRESS_AUTO; #endif #ifdef CONFIG_EROFS_FS_XATTR - set_opt(&ctx->opt, XATTR_USER); + set_opt(&sbi->opt, XATTR_USER); #endif #ifdef CONFIG_EROFS_FS_POSIX_ACL - set_opt(&ctx->opt, POSIX_ACL); + set_opt(&sbi->opt, POSIX_ACL); #endif } @@ -426,17 +426,17 @@ static const struct fs_parameter_spec erofs_fs_parameters[] = { static bool erofs_fc_set_dax_mode(struct fs_context *fc, unsigned int mode) { #ifdef CONFIG_FS_DAX - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *sbi = fc->s_fs_info; switch (mode) { case EROFS_MOUNT_DAX_ALWAYS: warnfc(fc, "DAX enabled. Warning: EXPERIMENTAL, use at your own risk"); - set_opt(&ctx->opt, DAX_ALWAYS); - clear_opt(&ctx->opt, DAX_NEVER); + set_opt(&sbi->opt, DAX_ALWAYS); + clear_opt(&sbi->opt, DAX_NEVER); return true; case EROFS_MOUNT_DAX_NEVER: - set_opt(&ctx->opt, DAX_NEVER); - clear_opt(&ctx->opt, DAX_ALWAYS); + set_opt(&sbi->opt, DAX_NEVER); + clear_opt(&sbi->opt, DAX_ALWAYS); return true; default: DBG_BUGON(1); @@ -451,7 +451,7 @@ static bool erofs_fc_set_dax_mode(struct fs_context *fc, unsigned int mode) static int erofs_fc_parse_param(struct fs_context *fc, struct fs_parameter *param) { - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *sbi = fc->s_fs_info; struct fs_parse_result result; struct erofs_device_info *dif; int opt, ret; @@ -464,9 +464,9 @@ static int erofs_fc_parse_param(struct fs_context *fc, case Opt_user_xattr: #ifdef CONFIG_EROFS_FS_XATTR if (result.boolean) - set_opt(&ctx->opt, XATTR_USER); + set_opt(&sbi->opt, XATTR_USER); else - clear_opt(&ctx->opt, XATTR_USER); + clear_opt(&sbi->opt, XATTR_USER); #else errorfc(fc, "{,no}user_xattr options not supported"); #endif @@ -474,16 +474,16 @@ static int erofs_fc_parse_param(struct fs_context *fc, case Opt_acl: #ifdef CONFIG_EROFS_FS_POSIX_ACL if (result.boolean) - set_opt(&ctx->opt, POSIX_ACL); + set_opt(&sbi->opt, POSIX_ACL); else - clear_opt(&ctx->opt, POSIX_ACL); + clear_opt(&sbi->opt, POSIX_ACL); #else errorfc(fc, "{,no}acl options not supported"); #endif break; case Opt_cache_strategy: #ifdef CONFIG_EROFS_FS_ZIP - ctx->opt.cache_strategy = result.uint_32; + sbi->opt.cache_strategy = result.uint_32; #else errorfc(fc, "compression not supported, cache_strategy ignored"); #endif @@ -505,27 +505,27 @@ static int erofs_fc_parse_param(struct fs_context *fc, kfree(dif); return -ENOMEM; } - down_write(&ctx->devs->rwsem); - ret = idr_alloc(&ctx->devs->tree, dif, 0, 0, GFP_KERNEL); - up_write(&ctx->devs->rwsem); + down_write(&sbi->devs->rwsem); + ret = idr_alloc(&sbi->devs->tree, dif, 0, 0, GFP_KERNEL); + up_write(&sbi->devs->rwsem); if (ret < 0) { kfree(dif->path); kfree(dif); return ret; } - ++ctx->devs->extra_devices; + ++sbi->devs->extra_devices; break; #ifdef CONFIG_EROFS_FS_ONDEMAND case Opt_fsid: - kfree(ctx->fsid); - ctx->fsid = kstrdup(param->string, GFP_KERNEL); - if (!ctx->fsid) + kfree(sbi->fsid); + sbi->fsid = kstrdup(param->string, GFP_KERNEL); + if (!sbi->fsid) return -ENOMEM; break; case Opt_domain_id: - kfree(ctx->domain_id); - ctx->domain_id = kstrdup(param->string, GFP_KERNEL); - if (!ctx->domain_id) + kfree(sbi->domain_id); + sbi->domain_id = kstrdup(param->string, GFP_KERNEL); + if (!sbi->domain_id) return -ENOMEM; break; #else @@ -582,8 +582,7 @@ static const struct export_operations erofs_export_ops = { static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc) { struct inode *inode; - struct erofs_sb_info *sbi; - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *sbi = EROFS_SB(sb); int err; sb->s_magic = EROFS_SUPER_MAGIC; @@ -591,19 +590,6 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc) sb->s_maxbytes = MAX_LFS_FILESIZE; sb->s_op = &erofs_sops; - sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); - if (!sbi) - return -ENOMEM; - - sb->s_fs_info = sbi; - sbi->opt = ctx->opt; - sbi->devs = ctx->devs; - ctx->devs = NULL; - sbi->fsid = ctx->fsid; - ctx->fsid = NULL; - sbi->domain_id = ctx->domain_id; - ctx->domain_id = NULL; - sbi->blkszbits = PAGE_SHIFT; if (erofs_is_fscache_mode(sb)) { sb->s_blocksize = PAGE_SIZE; @@ -707,9 +693,9 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc) static int erofs_fc_get_tree(struct fs_context *fc) { - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *sbi = fc->s_fs_info; - if (IS_ENABLED(CONFIG_EROFS_FS_ONDEMAND) && ctx->fsid) + if (IS_ENABLED(CONFIG_EROFS_FS_ONDEMAND) && sbi->fsid) return get_tree_nodev(fc, erofs_fc_fill_super); return get_tree_bdev(fc, erofs_fc_fill_super); @@ -719,19 +705,19 @@ static int erofs_fc_reconfigure(struct fs_context *fc) { struct super_block *sb = fc->root->d_sb; struct erofs_sb_info *sbi = EROFS_SB(sb); - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *new_sbi = fc->s_fs_info; DBG_BUGON(!sb_rdonly(sb)); - if (ctx->fsid || ctx->domain_id) + if (new_sbi->fsid || new_sbi->domain_id) erofs_info(sb, "ignoring reconfiguration for fsid|domain_id."); - if (test_opt(&ctx->opt, POSIX_ACL)) + if (test_opt(&new_sbi->opt, POSIX_ACL)) fc->sb_flags |= SB_POSIXACL; else fc->sb_flags &= ~SB_POSIXACL; - sbi->opt = ctx->opt; + sbi->opt = new_sbi->opt; fc->sb_flags |= SB_RDONLY; return 0; @@ -762,12 +748,15 @@ static void erofs_free_dev_context(struct erofs_dev_context *devs) static void erofs_fc_free(struct fs_context *fc) { - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *sbi = fc->s_fs_info; + + if (!sbi) + return; - erofs_free_dev_context(ctx->devs); - kfree(ctx->fsid); - kfree(ctx->domain_id); - kfree(ctx); + erofs_free_dev_context(sbi->devs); + kfree(sbi->fsid); + kfree(sbi->domain_id); + kfree(sbi); } static const struct fs_context_operations erofs_context_ops = { @@ -779,21 +768,22 @@ static const struct fs_context_operations erofs_context_ops = { static int erofs_init_fs_context(struct fs_context *fc) { - struct erofs_fs_context *ctx; + struct erofs_sb_info *sbi; - ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); - if (!ctx) + sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); + if (!sbi) return -ENOMEM; - ctx->devs = kzalloc(sizeof(struct erofs_dev_context), GFP_KERNEL); - if (!ctx->devs) { - kfree(ctx); + + sbi->devs = kzalloc(sizeof(struct erofs_dev_context), GFP_KERNEL); + if (!sbi->devs) { + kfree(sbi); return -ENOMEM; } - fc->fs_private = ctx; + fc->s_fs_info = sbi; - idr_init(&ctx->devs->tree); - init_rwsem(&ctx->devs->rwsem); - erofs_default_options(ctx); + idr_init(&sbi->devs->tree); + init_rwsem(&sbi->devs->rwsem); + erofs_default_options(sbi); fc->ops = &erofs_context_ops; return 0; } -- 2.39.3

11 months, 2 weeks

2
2
0 0

[PATCH 5.4.x] arm64: dts: qcom: Fix 'interrupt-map' parent address cells

by Alex Elder

From: Rob Herring <robh(a)kernel.org> commit 0ac10b291bee84b00bf9fb2afda444e77e7f88f4 upstream. The 'interrupt-map' in several QCom SoCs is malformed. The '#address-cells' size of the parent interrupt controller (the GIC) is not accounted for. Cc: <stable(a)vger.kernel.org> # v5.4 Cc: Andy Gross <agross(a)kernel.org> Cc: Bjorn Andersson <bjorn.andersson(a)linaro.org> Cc: linux-arm-msm(a)vger.kernel.org Signed-off-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> Link: https://lore.kernel.org/r/20210928192210.1842377-1-robh@kernel.org Signed-off-by: Alex Elder <elder(a)linaro.org> --- arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/msm8998.dtsi b/arch/arm64/boot/dts/qcom/msm8998.dtsi index 9cb7163c5714c..5c653ab907463 100644 --- a/arch/arm64/boot/dts/qcom/msm8998.dtsi +++ b/arch/arm64/boot/dts/qcom/msm8998.dtsi @@ -872,10 +872,10 @@ interrupts = <GIC_SPI 405 IRQ_TYPE_LEVEL_HIGH>; interrupt-names = "msi"; interrupt-map-mask = <0 0 0 0x7>; - interrupt-map = <0 0 0 1 &intc 0 135 IRQ_TYPE_LEVEL_HIGH>, - <0 0 0 2 &intc 0 136 IRQ_TYPE_LEVEL_HIGH>, - <0 0 0 3 &intc 0 138 IRQ_TYPE_LEVEL_HIGH>, - <0 0 0 4 &intc 0 139 IRQ_TYPE_LEVEL_HIGH>; + interrupt-map = <0 0 0 1 &intc 0 0 135 IRQ_TYPE_LEVEL_HIGH>, + <0 0 0 2 &intc 0 0 136 IRQ_TYPE_LEVEL_HIGH>, + <0 0 0 3 &intc 0 0 138 IRQ_TYPE_LEVEL_HIGH>, + <0 0 0 4 &intc 0 0 139 IRQ_TYPE_LEVEL_HIGH>; clocks = <&gcc GCC_PCIE_0_PIPE_CLK>, <&gcc GCC_PCIE_0_MSTR_AXI_CLK>, -- 2.39.2

11 months, 2 weeks

2
1
0 0

[PATCH 5.4 / 5.10] firmware: arm_scmi: Harden accesses to the reset domains

by Dominique Martinet

From: Cristian Marussi <cristian.marussi(a)arm.com> [ Upstream commit e9076ffbcaed5da6c182b144ef9f6e24554af268 ] Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consistency check before any such domains descriptors accesses. Link: https://lore.kernel.org/r/20220817172731.1185305-5-cristian.marussi@arm.com Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com> Signed-off-by: Sudeep Holla <sudeep.holla(a)arm.com> Signed-off-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> --- This is the backport I promised for CVE-2022-48655[1] [1] https://lkml.kernel.org/r/Zj4t4q_w6gqzdvhz@codewreck.org The 'pi' variable declaration context just changed a bit (handle->reset_priv -> ph->get_priv(ph)) but the patch is otherwise fine as is. (I've also checked that num_domains is properly initialized at module init time and this part of the code hasn't changed until 5.15, so it should be safe to use this previously unused field) This same patch applies cleanly to both 5.4.275 and 5.10.216. Thanks! drivers/firmware/arm_scmi/reset.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/firmware/arm_scmi/reset.c b/drivers/firmware/arm_scmi/reset.c index a981a22cfe89..b8388a3b9c06 100644 --- a/drivers/firmware/arm_scmi/reset.c +++ b/drivers/firmware/arm_scmi/reset.c @@ -149,8 +149,12 @@ static int scmi_domain_reset(const struct scmi_handle *handle, u32 domain, struct scmi_xfer *t; struct scmi_msg_reset_domain_reset *dom; struct scmi_reset_info *pi = handle->reset_priv; - struct reset_dom_info *rdom = pi->dom_info + domain; + struct reset_dom_info *rdom; + if (domain >= pi->num_domains) + return -EINVAL; + + rdom = pi->dom_info + domain; if (rdom->async_reset) flags |= ASYNCHRONOUS_RESET; -- 2.39.2

11 months, 2 weeks

3
2
0 0

[PATCH 6.6.y] bpf: Add missing BPF_LINK_TYPE invocations

by Ignat Korchagin

From: Jiri Olsa <jolsa(a)kernel.org> commit 117211aa739a926e6555cfea883be84bee6f1695 upstream. Pengfei Xu reported [1] Syzkaller/KASAN issue found in bpf_link_show_fdinfo. The reason is missing BPF_LINK_TYPE invocation for uprobe multi link and for several other links, adding that. [1] https://lore.kernel.org/bpf/ZXptoKRSLspnk2ie@xpf.sh.intel.com/ Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link") Fixes: e420bed02507 ("bpf: Add fd-based tcx multi-prog infra with link support") Fixes: 84601d6ee68a ("bpf: add bpf_link support for BPF_NETFILTER programs") Fixes: 35dfaad7188c ("netkit, bpf: Add bpf programmable net device") Reported-by: Pengfei Xu <pengfei.xu(a)intel.com> Signed-off-by: Jiri Olsa <jolsa(a)kernel.org> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Tested-by: Pengfei Xu <pengfei.xu(a)intel.com> Acked-by: Hou Tao <houtao1(a)huawei.com> Link: https://lore.kernel.org/bpf/20231215230502.2769743-1-jolsa@kernel.org Cc: stable(a)vger.kernel.org # 6.6 Signed-off-by: Ignat Korchagin <ignat(a)cloudflare.com> --- Hi, We have experienced a KASAN warning in production on a 6.6 kernel, similar to [1]. This backported patch was adjusted to apply onto 6.6 stable branch: the only change is dropping the BPF_LINK_TYPE(BPF_LINK_TYPE_NETKIT, netkit) definition from the header as netkit was only introduced in 6.7 and 6.7 has the backport already. I was not able to run the syzkaller reproducer from [1], but we have not seen the KASAN warning in production since applying this patch internally. Regards, Ignat include/linux/bpf_types.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h index fc0d6f32c687..dfaae3e3ec15 100644 --- a/include/linux/bpf_types.h +++ b/include/linux/bpf_types.h @@ -142,9 +142,12 @@ BPF_LINK_TYPE(BPF_LINK_TYPE_ITER, iter) #ifdef CONFIG_NET BPF_LINK_TYPE(BPF_LINK_TYPE_NETNS, netns) BPF_LINK_TYPE(BPF_LINK_TYPE_XDP, xdp) +BPF_LINK_TYPE(BPF_LINK_TYPE_NETFILTER, netfilter) +BPF_LINK_TYPE(BPF_LINK_TYPE_TCX, tcx) #endif #ifdef CONFIG_PERF_EVENTS BPF_LINK_TYPE(BPF_LINK_TYPE_PERF_EVENT, perf) #endif BPF_LINK_TYPE(BPF_LINK_TYPE_KPROBE_MULTI, kprobe_multi) BPF_LINK_TYPE(BPF_LINK_TYPE_STRUCT_OPS, struct_ops) +BPF_LINK_TYPE(BPF_LINK_TYPE_UPROBE_MULTI, uprobe_multi) -- 2.39.2

11 months, 2 weeks

2
1
0 0

[PATCH 6.1] arm64: atomics: lse: remove stale dependency on JUMP_LABEL

by Oleksandr Tymoshenko

From: Mark Rutland <mark.rutland(a)arm.com> [ Upstream commit 657eef0a5420a02c02945ed8c87f2ddcbd255772 ] Currently CONFIG_ARM64_USE_LSE_ATOMICS depends upon CONFIG_JUMP_LABEL, as the inline atomics were indirected with a static branch. However, since commit: 21fb26bfb01ffe0d ("arm64: alternatives: add alternative_has_feature_*()") ... we use an alternative_branch (which is always available) rather than a static branch, and hence the dependency is unnecessary. Remove the stale dependency, along with the stale include. This will allow the use of LSE atomics in kernels built with CONFIG_JUMP_LABEL=n, and reduces the risk of circular header dependencies via <asm/lse.h>. Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Link: https://lore.kernel.org/r/20221114125424.2998268-1-mark.rutland@arm.com Signed-off-by: Will Deacon <will(a)kernel.org> Signed-off-by: Oleksandr Tymoshenko <ovt(a)google.com> --- arch/arm64/Kconfig | 1 - arch/arm64/include/asm/lse.h | 1 - 2 files changed, 2 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index c15f71501c6c..044b98a62f7b 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1752,7 +1752,6 @@ config ARM64_LSE_ATOMICS config ARM64_USE_LSE_ATOMICS bool "Atomic instructions" - depends on JUMP_LABEL default y help As part of the Large System Extensions, ARMv8.1 introduces new diff --git a/arch/arm64/include/asm/lse.h b/arch/arm64/include/asm/lse.h index c503db8e73b0..f99d74826a7e 100644 --- a/arch/arm64/include/asm/lse.h +++ b/arch/arm64/include/asm/lse.h @@ -10,7 +10,6 @@ #include <linux/compiler_types.h> #include <linux/export.h> -#include <linux/jump_label.h> #include <linux/stringify.h> #include <asm/alternative.h> #include <asm/alternative-macros.h> --- base-commit: 4078fa637fcd80c8487680ec2e4ef7c58308e9aa change-id: 20240521-lse-atomics-6-1-b0960e206035 Best regards, -- Oleksandr Tymoshenko <ovt(a)google.com>

11 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] KVM: x86: Clear "has_error_code", not "error_code", for RM" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6c41468c7c12d74843bb414fc00307ea8a6318c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023041135-yippee-shabby-b9ad@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 6c41468c7c12 ("KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection") d4963e319f1f ("KVM: x86: Make kvm_queued_exception a properly named, visible struct") 6ad75c5c99f7 ("KVM: x86: Rename kvm_x86_ops.queue_exception to inject_exception") 5623f751bd9c ("KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)") 8d178f460772 ("KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like") eba9799b5a6e ("KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS") a61d7c5432ac ("KVM: x86: Trace re-injected exceptions") 6ef88d6e36c2 ("KVM: SVM: Re-inject INT3/INTO instead of retrying the instruction") 3741aec4c38f ("KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported") cd9e6da8048c ("KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails"") 00f08d99dd7d ("KVM: nSVM: Sync next_rip field from vmcb12 to vmcb02") 9bd1f0efa859 ("KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault") c3634d25fbee ("KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry") 1d5a1b5860ed ("KVM: x86: nSVM: correctly virtualize LBR msrs when L2 is running") db663af4a001 ("kvm: x86: SVM: use vmcb* instead of svm->vmcb where it makes sense") b9f3973ab3a8 ("KVM: x86: nSVM: implement nested VMLOAD/VMSAVE") 23e5092b6e2a ("KVM: SVM: Rename hook implementations to conform to kvm_x86_ops' names") e27bc0440ebd ("KVM: x86: Rename kvm_x86_ops pointers to align w/ preferred vendor names") 068f7ea61895 ("KVM: SVM: improve split between svm_prepare_guest_switch and sev_es_prepare_guest_switch") e1779c2714c3 ("KVM: x86: nSVM: fix potential NULL derefernce on nested migration") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6c41468c7c12d74843bb414fc00307ea8a6318c3 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Wed, 22 Mar 2023 07:32:59 -0700 Subject: [PATCH] KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection When injecting an exception into a vCPU in Real Mode, suppress the error code by clearing the flag that tracks whether the error code is valid, not by clearing the error code itself. The "typo" was introduced by recent fix for SVM's funky Paged Real Mode. Opportunistically hoist the logic above the tracepoint so that the trace is coherent with respect to what is actually injected (this was also the behavior prior to the buggy commit). Fixes: b97f07458373 ("KVM: x86: determine if an exception has an error code only when injecting it.") Cc: stable(a)vger.kernel.org Cc: Maxim Levitsky <mlevitsk(a)redhat.com> Signed-off-by: Sean Christopherson <seanjc(a)google.com> Message-Id: <20230322143300.2209476-2-seanjc(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 45017576ad5e..7d6f98b7635f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9908,13 +9908,20 @@ int kvm_check_nested_events(struct kvm_vcpu *vcpu) static void kvm_inject_exception(struct kvm_vcpu *vcpu) { + /* + * Suppress the error code if the vCPU is in Real Mode, as Real Mode + * exceptions don't report error codes. The presence of an error code + * is carried with the exception and only stripped when the exception + * is injected as intercepted #PF VM-Exits for AMD's Paged Real Mode do + * report an error code despite the CPU being in Real Mode. + */ + vcpu->arch.exception.has_error_code &= is_protmode(vcpu); + trace_kvm_inj_exception(vcpu->arch.exception.vector, vcpu->arch.exception.has_error_code, vcpu->arch.exception.error_code, vcpu->arch.exception.injected); - if (vcpu->arch.exception.error_code && !is_protmode(vcpu)) - vcpu->arch.exception.error_code = false; static_call(kvm_x86_inject_exception)(vcpu); }

11 months, 2 weeks

4
3
0 0

[PATCH 5.4] smb: client: fix potential OOBs in smb2_parse_contexts()

by Shaoying Xu

From: Paulo Alcantara <pc(a)manguebit.com> [ Upstream commit af1689a9b7701d9907dfc84d2a4b57c4bc907144 ] Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create contexts from server: BUG: unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP: 0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90 RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000 RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000 R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000 R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22 FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x181/0x480 ? search_module_extables+0x19/0x60 ? srso_alias_return_thunk+0x5/0xfbef5 ? exc_page_fault+0x1b6/0x1c0 ? asm_exc_page_fault+0x26/0x30 ? smb2_parse_contexts+0xa0/0x3a0 [cifs] SMB2_open+0x38d/0x5f0 [cifs] ? smb2_is_path_accessible+0x138/0x260 [cifs] smb2_is_path_accessible+0x138/0x260 [cifs] cifs_is_path_remote+0x8d/0x230 [cifs] cifs_mount+0x7e/0x350 [cifs] cifs_smb3_do_mount+0x128/0x780 [cifs] smb3_get_tree+0xd9/0x290 [cifs] vfs_get_tree+0x2c/0x100 ? capable+0x37/0x70 path_mount+0x2d7/0xb80 ? srso_alias_return_thunk+0x5/0xfbef5 ? _raw_spin_unlock_irqrestore+0x44/0x60 __x64_sys_mount+0x11a/0x150 do_syscall_64+0x47/0xf0 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f8737657b1e Reported-by: Robert Morris <rtm(a)csail.mit.edu> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> [Guru: Removed changes to cached_dir.c and checking return value of smb2_parse_contexts in smb2ops.c] Signed-off-by: Guruswamy Basavaiah <guruswamy.basavaiah(a)broadcom.com> [v5.4: Fixed merge-conflicts in smb2_parse_contexts for missing parameter POSIX response] Signed-off-by: Shaoying Xu <shaoyi(a)amazon.com> --- fs/cifs/smb2ops.c | 4 ++- fs/cifs/smb2pdu.c | 81 +++++++++++++++++++++++++++++---------------- fs/cifs/smb2proto.h | 10 +++--- 3 files changed, 62 insertions(+), 33 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index d9cdbae93608..17599294eecd 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -787,9 +787,11 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, /* BB TBD check to see if oplock level check can be removed below */ if (o_rsp->OplockLevel == SMB2_OPLOCK_LEVEL_LEASE) { kref_get(&tcon->crfid.refcount); - smb2_parse_contexts(server, o_rsp, + rc = smb2_parse_contexts(server, rsp_iov, &oparms.fid->epoch, oparms.fid->lease_key, &oplock, NULL); + if (rc) + goto oshr_exit; } else goto oshr_exit; diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 5545d5991bc2..af1d24caf906 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1929,48 +1929,73 @@ parse_query_id_ctxt(struct create_context *cc, struct smb2_file_all_info *buf) buf->IndexNumber = pdisk_id->DiskFileId; } -void -smb2_parse_contexts(struct TCP_Server_Info *server, - struct smb2_create_rsp *rsp, - unsigned int *epoch, char *lease_key, __u8 *oplock, - struct smb2_file_all_info *buf) +int smb2_parse_contexts(struct TCP_Server_Info *server, + struct kvec *rsp_iov, + unsigned int *epoch, + char *lease_key, __u8 *oplock, + struct smb2_file_all_info *buf) { - char *data_offset; + struct smb2_create_rsp *rsp = rsp_iov->iov_base; struct create_context *cc; - unsigned int next; - unsigned int remaining; + size_t rem, off, len; + size_t doff, dlen; + size_t noff, nlen; char *name; *oplock = 0; - data_offset = (char *)rsp + le32_to_cpu(rsp->CreateContextsOffset); - remaining = le32_to_cpu(rsp->CreateContextsLength); - cc = (struct create_context *)data_offset; + + off = le32_to_cpu(rsp->CreateContextsOffset); + rem = le32_to_cpu(rsp->CreateContextsLength); + if (check_add_overflow(off, rem, &len) || len > rsp_iov->iov_len) + return -EINVAL; + cc = (struct create_context *)((u8 *)rsp + off); /* Initialize inode number to 0 in case no valid data in qfid context */ if (buf) buf->IndexNumber = 0; - while (remaining >= sizeof(struct create_context)) { - name = le16_to_cpu(cc->NameOffset) + (char *)cc; - if (le16_to_cpu(cc->NameLength) == 4 && - strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4) == 0) - *oplock = server->ops->parse_lease_buf(cc, epoch, - lease_key); - else if (buf && (le16_to_cpu(cc->NameLength) == 4) && - strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4) == 0) - parse_query_id_ctxt(cc, buf); - - next = le32_to_cpu(cc->Next); - if (!next) + while (rem >= sizeof(*cc)) { + doff = le16_to_cpu(cc->DataOffset); + dlen = le32_to_cpu(cc->DataLength); + if (check_add_overflow(doff, dlen, &len) || len > rem) + return -EINVAL; + + noff = le16_to_cpu(cc->NameOffset); + nlen = le16_to_cpu(cc->NameLength); + if (noff + nlen >= doff) + return -EINVAL; + + name = (char *)cc + noff; + switch (nlen) { + case 4: + if (!strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) { + *oplock = server->ops->parse_lease_buf(cc, epoch, + lease_key); + } else if (buf && + !strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4)) { + parse_query_id_ctxt(cc, buf); + } + break; + default: + cifs_dbg(FYI, "%s: unhandled context (nlen=%zu dlen=%zu)\n", + __func__, nlen, dlen); + if (IS_ENABLED(CONFIG_CIFS_DEBUG2)) + cifs_dump_mem("context data: ", cc, dlen); + break; + } + + off = le32_to_cpu(cc->Next); + if (!off) break; - remaining -= next; - cc = (struct create_context *)((char *)cc + next); + if (check_sub_overflow(rem, off, &rem)) + return -EINVAL; + cc = (struct create_context *)((u8 *)cc + off); } if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE) *oplock = rsp->OplockLevel; - return; + return 0; } static int @@ -2680,8 +2705,8 @@ SMB2_open(const unsigned int xid, struct cifs_open_parms *oparms, __le16 *path, } - smb2_parse_contexts(server, rsp, &oparms->fid->epoch, - oparms->fid->lease_key, oplock, buf); + rc = smb2_parse_contexts(server, &rsp_iov, &oparms->fid->epoch, + oparms->fid->lease_key, oplock, buf); creat_exit: SMB2_open_free(&rqst); free_rsp_buf(resp_buftype, rsp); diff --git a/fs/cifs/smb2proto.h b/fs/cifs/smb2proto.h index 7fb4fdd814f5..0c3480be7b8f 100644 --- a/fs/cifs/smb2proto.h +++ b/fs/cifs/smb2proto.h @@ -238,10 +238,12 @@ extern int smb3_validate_negotiate(const unsigned int, struct cifs_tcon *); extern enum securityEnum smb2_select_sectype(struct TCP_Server_Info *, enum securityEnum); -extern void smb2_parse_contexts(struct TCP_Server_Info *server, - struct smb2_create_rsp *rsp, - unsigned int *epoch, char *lease_key, - __u8 *oplock, struct smb2_file_all_info *buf); +int smb2_parse_contexts(struct TCP_Server_Info *server, + struct kvec *rsp_iov, + unsigned int *epoch, + char *lease_key, __u8 *oplock, + struct smb2_file_all_info *buf); + extern int smb3_encryption_required(const struct cifs_tcon *tcon); extern int smb2_validate_iov(unsigned int offset, unsigned int buffer_length, struct kvec *iov, unsigned int min_buf_size); -- 2.40.1

11 months, 2 weeks

2
1
0 0

[PATCH 5.15 0/2] netlink, fix issues caught by syzbot

by Yenchia Chen

From: "yenchia.chen" <yenchia.chen(a)mediatek.com> Hi, We think 5.15.y could pick these commits. Below is the mainline commit: netlink: annotate lockless accesses to nlk->max_recvmsg_len [ Upstream commit a1865f2e7d10dde00d35a2122b38d2e469ae67ed ] netlink: annotate data-races around sk->sk_err [ Upstream commit d0f95894fda7d4f895b29c1097f92d7fee278cb2 ] Eric Dumazet (2): netlink: annotate lockless accesses to nlk->max_recvmsg_len netlink: annotate data-races around sk->sk_err net/netlink/af_netlink.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) -- 2.18.0

11 months, 2 weeks

4
6
0 0

[PATCH] ima: fix deadlock when traversing "ima_default_rules".

by GUO Zihua

From: liqiong <liqiong(a)nfschina.com> [ Upstream commit eb0782bbdfd0d7c4786216659277c3fd585afc0e ] The current IMA ruleset is identified by the variable "ima_rules" that default to "&ima_default_rules". When loading a custom policy for the first time, the variable is updated to "&ima_policy_rules" instead. That update isn't RCU-safe, and deadlocks are possible. Indeed, some functions like ima_match_policy() may loop indefinitely when traversing "ima_default_rules" with list_for_each_entry_rcu(). When iterating over the default ruleset back to head, if the list head is "ima_default_rules", and "ima_rules" have been updated to "&ima_policy_rules", the loop condition (&entry->list != ima_rules) stays always true, traversing won't terminate, causing a soft lockup and RCU stalls. Introduce a temporary value for "ima_rules" when iterating over the ruleset to avoid the deadlocks. Addition: A rcu_read_lock pair is added within ima_update_policy_flag to avoid suspicious RCU usage warning. This pair of RCU lock was added with commit 4f2946aa0c45 ("IMA: introduce a new policy option func=SETXATTR_CHECK") on mainstream. Signed-off-by: liqiong <liqiong(a)nfschina.com> Reviewed-by: THOBY Simon <Simon.THOBY(a)viveris.fr> Fixes: 38d859f991f3 ("IMA: policy can now be updated multiple times") Reported-by: kernel test robot <lkp(a)intel.com> (Fix sparse: incompatible types in comparison expression.) Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> Signed-off-by: GUO Zihua <guozihua(a)huawei.com> --- security/integrity/ima/ima_policy.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 1c403e8a8044..4f5d44037081 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -210,7 +210,7 @@ static struct ima_rule_entry *arch_policy_entry __ro_after_init; static LIST_HEAD(ima_default_rules); static LIST_HEAD(ima_policy_rules); static LIST_HEAD(ima_temp_rules); -static struct list_head *ima_rules = &ima_default_rules; +static struct list_head __rcu *ima_rules = (struct list_head __rcu *)(&ima_default_rules); static int ima_policy __initdata; @@ -648,12 +648,14 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, { struct ima_rule_entry *entry; int action = 0, actmask = flags | (flags << 1); + struct list_head *ima_rules_tmp; if (template_desc) *template_desc = ima_template_desc_current(); rcu_read_lock(); - list_for_each_entry_rcu(entry, ima_rules, list) { + ima_rules_tmp = rcu_dereference(ima_rules); + list_for_each_entry_rcu(entry, ima_rules_tmp, list) { if (!(entry->action & actmask)) continue; @@ -701,11 +703,15 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, void ima_update_policy_flag(void) { struct ima_rule_entry *entry; + struct list_head *ima_rules_tmp; - list_for_each_entry(entry, ima_rules, list) { + rcu_read_lock(); + ima_rules_tmp = rcu_dereference(ima_rules); + list_for_each_entry_rcu(entry, ima_rules_tmp, list) { if (entry->action & IMA_DO_MASK) ima_policy_flag |= entry->action; } + rcu_read_unlock(); ima_appraise |= (build_ima_appraise | temp_ima_appraise); if (!ima_appraise) @@ -898,10 +904,10 @@ void ima_update_policy(void) list_splice_tail_init_rcu(&ima_temp_rules, policy, synchronize_rcu); - if (ima_rules != policy) { + if (ima_rules != (struct list_head __rcu *)policy) { ima_policy_flag = 0; - ima_rules = policy; + rcu_assign_pointer(ima_rules, policy); /* * IMA architecture specific policy rules are specified * as strings and converted to an array of ima_entry_rules @@ -989,7 +995,7 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); - if (ima_rules == &ima_default_rules) { + if (ima_rules == (struct list_head __rcu *)(&ima_default_rules)) { kfree(entry->lsm[lsm_rule].args_p); entry->lsm[lsm_rule].args_p = NULL; result = -EINVAL; @@ -1598,9 +1604,11 @@ void *ima_policy_start(struct seq_file *m, loff_t *pos) { loff_t l = *pos; struct ima_rule_entry *entry; + struct list_head *ima_rules_tmp; rcu_read_lock(); - list_for_each_entry_rcu(entry, ima_rules, list) { + ima_rules_tmp = rcu_dereference(ima_rules); + list_for_each_entry_rcu(entry, ima_rules_tmp, list) { if (!l--) { rcu_read_unlock(); return entry; @@ -1619,7 +1627,8 @@ void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos) rcu_read_unlock(); (*pos)++; - return (&entry->list == ima_rules) ? NULL : entry; + return (&entry->list == &ima_default_rules || + &entry->list == &ima_policy_rules) ? NULL : entry; } void ima_policy_stop(struct seq_file *m, void *v) @@ -1823,6 +1832,7 @@ bool ima_appraise_signature(enum kernel_read_file_id id) struct ima_rule_entry *entry; bool found = false; enum ima_hooks func; + struct list_head *ima_rules_tmp; if (id >= READING_MAX_ID) return false; @@ -1834,7 +1844,8 @@ bool ima_appraise_signature(enum kernel_read_file_id id) func = read_idmap[id] ?: FILE_CHECK; rcu_read_lock(); - list_for_each_entry_rcu(entry, ima_rules, list) { + ima_rules_tmp = rcu_dereference(ima_rules); + list_for_each_entry_rcu(entry, ima_rules_tmp, list) { if (entry->action != APPRAISE) continue; -- 2.34.1

11 months, 2 weeks

4
4
0 0

[PATCH 5.15 0/5] Backport CVE-2024-26583 and CVE-2024-26584 fixes

by Shaoying Xu

Backport fix commit ("tls: fix race between async notify and socket close") for CVE-2024-26583 [1]. It's dependent on three tls commits being used to simplify and factor out async waiting. They also benefit backporting fix commit ("net: tls: handle backlogging of crypto requests") for CVE-2024-26584 [2]. Therefore, add them for clean backport: Jakub Kicinski (4): tls: rx: simplify async wait net: tls: factor out tls_*crypt_async_wait() tls: fix race between async notify and socket close net: tls: handle backlogging of crypto requests Sabrina Dubroca (1): tls: extract context alloc/initialization out of tls_set_sw_offload Please review and consider applying these patches. [1] https://lore.kernel.org/all/2024022146-traction-unjustly-f451@gregkh/ [2] https://lore.kernel.org/all/2024022148-showpiece-yanking-107c@gregkh/ include/net/tls.h | 6 -- net/tls/tls_sw.c | 199 ++++++++++++++++++++++++---------------------- 2 files changed, 106 insertions(+), 99 deletions(-) -- 2.40.1

11 months, 2 weeks

2
6
0 0

[PATCH v4.19] dm: limit the number of targets and parameter size area

by Srish Srinivasan

From: Mikulas Patocka <mpatocka(a)redhat.com> commit bd504bcfec41a503b32054da5472904b404341a4 upstream. The kvmalloc function fails with a warning if the size is larger than INT_MAX. The warning was triggered by a syscall testing robot. In order to avoid the warning, this commit limits the number of targets to 1048576 and the size of the parameter area to 1073741824. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)kernel.org> Signed-off-by: He Gao <hegao(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [srish: Apply to stable branch linux-4.19.y] Signed-off-by: Srish Srinivasan <srish.srinivasan(a)broadcom.com> --- drivers/md/dm-core.h | 2 ++ drivers/md/dm-ioctl.c | 3 ++- drivers/md/dm-table.c | 9 +++++++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h index 8cda3f7dd..2542f0881 100644 --- a/drivers/md/dm-core.h +++ b/drivers/md/dm-core.h @@ -18,6 +18,8 @@ #include "dm.h" #define DM_RESERVED_MAX_IOS 1024 +#define DM_MAX_TARGETS 1048576 +#define DM_MAX_TARGET_PARAMS 1024 struct dm_kobject_holder { struct kobject kobj; diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 88e89796c..70929ff79 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1734,7 +1734,8 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern if (copy_from_user(param_kernel, user, minimum_data_size)) return -EFAULT; - if (param_kernel->data_size < minimum_data_size) + if (unlikely(param_kernel->data_size < minimum_data_size) || + unlikely(param_kernel->data_size > DM_MAX_TARGETS * DM_MAX_TARGET_PARAMS)) return -EINVAL; secure_data = param_kernel->flags & DM_SECURE_DATA_FLAG; diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c index 3faaf21be..4822f66b0 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -187,7 +187,12 @@ static int alloc_targets(struct dm_table *t, unsigned int num) int dm_table_create(struct dm_table **result, fmode_t mode, unsigned num_targets, struct mapped_device *md) { - struct dm_table *t = kzalloc(sizeof(*t), GFP_KERNEL); + struct dm_table *t; + + if (num_targets > DM_MAX_TARGETS) + return -EOVERFLOW; + + t = kzalloc(sizeof(*t), GFP_KERNEL); if (!t) return -ENOMEM; @@ -202,7 +207,7 @@ int dm_table_create(struct dm_table **result, fmode_t mode, if (!num_targets) { kfree(t); - return -ENOMEM; + return -EOVERFLOW; } if (alloc_targets(t, num_targets)) { -- 2.35.6

11 months, 2 weeks

2
1
0 0

[PATCH] 9p: add missing locking around taking dentry fid list

by Dominique Martinet

Fix a use-after-free on dentry's d_fsdata fid list when a thread lookups a fid through dentry while another thread unlinks it: UAF thread: refcount_t: addition on 0; use-after-free. p9_fid_get linux/./include/net/9p/client.h:262 v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129 v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181 v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314 v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400 vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248 Freed by: p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456 p9_fid_put linux/./include/net/9p/client.h:278 v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55 v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518 vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335 The problem is that d_fsdata was not accessed under d_lock, because d_release() normally is only called once the dentry is otherwise no longer accessible but since we also call it explicitly in v9fs_remove that lock is required: move the hlist out of the dentry under lock then unref its fids once they are no longer accessible. Fixes: 154372e67d40 ("fs/9p: fix create-unlink-getattr idiom") Cc: stable(a)vger.kernel.org Reported-by: Meysam Firouzi Reported-by: Amirmohammad Eftekhar Signed-off-by: Dominique Martinet <asmadeus(a)codewreck.org> --- fs/9p/vfs_dentry.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/9p/vfs_dentry.c b/fs/9p/vfs_dentry.c index f16f73581634..01338d4c2d9e 100644 --- a/fs/9p/vfs_dentry.c +++ b/fs/9p/vfs_dentry.c @@ -48,12 +48,17 @@ static int v9fs_cached_dentry_delete(const struct dentry *dentry) static void v9fs_dentry_release(struct dentry *dentry) { struct hlist_node *p, *n; + struct hlist_head head; p9_debug(P9_DEBUG_VFS, " dentry: %pd (%p)\n", dentry, dentry); - hlist_for_each_safe(p, n, (struct hlist_head *)&dentry->d_fsdata) + + spin_lock(&dentry->d_lock); + hlist_move_list((struct hlist_head *)&dentry->d_fsdata, &head); + spin_unlock(&dentry->d_lock); + + hlist_for_each_safe(p, n, &head) p9_fid_put(hlist_entry(p, struct p9_fid, dlist)); - dentry->d_fsdata = NULL; } static int v9fs_lookup_revalidate(struct dentry *dentry, unsigned int flags) -- 2.44.0

11 months, 2 weeks

2
6
0 0

[PATCH stable 5.4 0/3] net: bcmgenet: protect contended accesses

by Doug Berger

Some registers may be modified by parallel execution contexts and require protections to prevent corruption. A review of the driver revealed the need for these additional protections. Doug Berger (3): net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() net: bcmgenet: synchronize UMAC_CMD access drivers/net/ethernet/broadcom/genet/bcmgenet.c | 14 +++++++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 ++ drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 6 ++++++ drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 ++++ 4 files changed, 25 insertions(+), 1 deletion(-) -- These commits are dependent on the previously submitted: [PATCH stable 5.4 0/2] net: bcmgenet: revisit MAC reset 2.34.1

11 months, 2 weeks

2
4
0 0

[PATCH stable 5.4 0/2] net: bcmgenet: revisit MAC reset

by Doug Berger

Commit 3a55402c9387 ("net: bcmgenet: use RGMII loopback for MAC reset") was intended to resolve issues with reseting the UniMAC core within the GENET block by providing better control over the clocks used by the UniMAC core. Unfortunately, it is not compatible with all of the supported system configurations so an alternative method must be applied. This commit set provides such an alternative. The first commit reverts the previous change and the second commit provides the alternative reset sequence that addresses the concerns observed with the previous implementation. This replacement implementation should be applied to the stable branches wherever commit 3a55402c9387 ("net: bcmgenet: use RGMII loopback for MAC reset") has been applied. Unfortunately, reverting that commit may conflict with some restructuring changes introduced by commit 4f8d81b77e66 ("net: bcmgenet: Refactor register access in bcmgenet_mii_config"). The first commit in this set has been manually edited to resolve the conflict on stable/linux-5.4.y. Doug Berger (2): Revert "net: bcmgenet: use RGMII loopback for MAC reset" net: bcmgenet: keep MAC in reset until PHY is up .../net/ethernet/broadcom/genet/bcmgenet.c | 10 ++--- .../ethernet/broadcom/genet/bcmgenet_wol.c | 6 ++- drivers/net/ethernet/broadcom/genet/bcmmii.c | 39 +++---------------- 3 files changed, 16 insertions(+), 39 deletions(-) -- 2.34.1

11 months, 2 weeks

2
3
0 0

[PATCH RESEND 6.6.y] kselftest: Add a ksft_perror() helper

by Edward Liaw

From: Mark Brown <broonie(a)kernel.org> [ Upstream commit 907f33028871fa7c9a3db1efd467b78ef82cce20 ] The standard library perror() function provides a convenient way to print an error message based on the current errno but this doesn't play nicely with KTAP output. Provide a helper which does an equivalent thing in a KTAP compatible format. nolibc doesn't have a strerror() and adding the table of strings required doesn't seem like a good fit for what it's trying to do so when we're using that only print the errno. Signed-off-by: Mark Brown <broonie(a)kernel.org> Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Stable-dep-of: 071af0c9e582 ("selftests: timers: Convert posix_timers test to generate KTAP output") Signed-off-by: Edward Liaw <edliaw(a)google.com> --- tools/testing/selftests/kselftest.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index e8eecbc83a60..ad7b97e16f37 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -48,6 +48,7 @@ #include <stdlib.h> #include <unistd.h> #include <stdarg.h> +#include <string.h> #include <stdio.h> #include <sys/utsname.h> #endif @@ -156,6 +157,19 @@ static inline void ksft_print_msg(const char *msg, ...) va_end(args); } +static inline void ksft_perror(const char *msg) +{ +#ifndef NOLIBC + ksft_print_msg("%s: %s (%d)\n", msg, strerror(errno), errno); +#else + /* + * nolibc doesn't provide strerror() and it seems + * inappropriate to add one, just print the errno. + */ + ksft_print_msg("%s: %d)\n", msg, errno); +#endif +} + static inline void ksft_test_result_pass(const char *msg, ...) { int saved_errno = errno; -- 2.45.0.215.g3402c0e53f-goog

11 months, 2 weeks

2
1
0 0

[PATCH 6.1 01/24] xfs: write page faults in iomap are not buffered writes

by Leah Rumancik

From: Dave Chinner <dchinner(a)redhat.com> [ Upstream commit 118e021b4b66f758f8e8f21dc0e5e0a4c721e69e ] When we reserve a delalloc region in xfs_buffered_write_iomap_begin, we mark the iomap as IOMAP_F_NEW so that the the write context understands that it allocated the delalloc region. If we then fail that buffered write, xfs_buffered_write_iomap_end() checks for the IOMAP_F_NEW flag and if it is set, it punches out the unused delalloc region that was allocated for the write. The assumption this code makes is that all buffered write operations that can allocate space are run under an exclusive lock (i_rwsem). This is an invalid assumption: page faults in mmap()d regions call through this same function pair to map the file range being faulted and this runs only holding the inode->i_mapping->invalidate_lock in shared mode. IOWs, we can have races between page faults and write() calls that fail the nested page cache write operation that result in data loss. That is, the failing iomap_end call will punch out the data that the other racing iomap iteration brought into the page cache. This can be reproduced with generic/34[46] if we arbitrarily fail page cache copy-in operations from write() syscalls. Code analysis tells us that the iomap_page_mkwrite() function holds the already instantiated and uptodate folio locked across the iomap mapping iterations. Hence the folio cannot be removed from memory whilst we are mapping the range it covers, and as such we do not care if the mapping changes state underneath the iomap iteration loop: 1. if the folio is not already dirty, there is no writeback races possible. 2. if we allocated the mapping (delalloc or unwritten), the folio cannot already be dirty. See #1. 3. If the folio is already dirty, it must be up to date. As we hold it locked, it cannot be reclaimed from memory. Hence we always have valid data in the page cache while iterating the mapping. 4. Valid data in the page cache can exist when the underlying mapping is DELALLOC, UNWRITTEN or WRITTEN. Having the mapping change from DELALLOC->UNWRITTEN or UNWRITTEN->WRITTEN does not change the data in the page - it only affects actions if we are initialising a new page. Hence #3 applies and we don't care about these extent map transitions racing with iomap_page_mkwrite(). 5. iomap_page_mkwrite() checks for page invalidation races (truncate, hole punch, etc) after it locks the folio. We also hold the mapping->invalidation_lock here, and hence the mapping cannot change due to extent removal operations while we are iterating the folio. As such, filesystems that don't use bufferheads will never fail the iomap_folio_mkwrite_iter() operation on the current mapping, regardless of whether the iomap should be considered stale. Further, the range we are asked to iterate is limited to the range inside EOF that the folio spans. Hence, for XFS, we will only map the exact range we are asked for, and we will only do speculative preallocation with delalloc if we are mapping a hole at the EOF page. The iterator will consume the entire range of the folio that is within EOF, and anything beyond the EOF block cannot be accessed. We never need to truncate this post-EOF speculative prealloc away in the context of the iomap_page_mkwrite() iterator because if it remains unused we'll remove it when the last reference to the inode goes away. Hence we don't actually need an .iomap_end() cleanup/error handling path at all for iomap_page_mkwrite() for XFS. This means we can separate the page fault processing from the complexity of the .iomap_end() processing in the buffered write path. This also means that the buffered write path will also be able to take the mapping->invalidate_lock as necessary. Signed-off-by: Dave Chinner <dchinner(a)redhat.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Leah Rumancik <leah.rumancik(a)gmail.com> Acked-by: Darrick J. Wong <djwong(a)kernel.org> --- fs/xfs/xfs_file.c | 2 +- fs/xfs/xfs_iomap.c | 9 +++++++++ fs/xfs/xfs_iomap.h | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index e462d39c840e..595a5bcf46b9 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -1325,7 +1325,7 @@ __xfs_filemap_fault( if (write_fault) { xfs_ilock(XFS_I(inode), XFS_MMAPLOCK_SHARED); ret = iomap_page_mkwrite(vmf, - &xfs_buffered_write_iomap_ops); + &xfs_page_mkwrite_iomap_ops); xfs_iunlock(XFS_I(inode), XFS_MMAPLOCK_SHARED); } else { ret = filemap_fault(vmf); diff --git a/fs/xfs/xfs_iomap.c b/fs/xfs/xfs_iomap.c index 07da03976ec1..5cea069a38b4 100644 --- a/fs/xfs/xfs_iomap.c +++ b/fs/xfs/xfs_iomap.c @@ -1187,6 +1187,15 @@ const struct iomap_ops xfs_buffered_write_iomap_ops = { .iomap_end = xfs_buffered_write_iomap_end, }; +/* + * iomap_page_mkwrite() will never fail in a way that requires delalloc extents + * that it allocated to be revoked. Hence we do not need an .iomap_end method + * for this operation. + */ +const struct iomap_ops xfs_page_mkwrite_iomap_ops = { + .iomap_begin = xfs_buffered_write_iomap_begin, +}; + static int xfs_read_iomap_begin( struct inode *inode, diff --git a/fs/xfs/xfs_iomap.h b/fs/xfs/xfs_iomap.h index c782e8c0479c..0f62ab633040 100644 --- a/fs/xfs/xfs_iomap.h +++ b/fs/xfs/xfs_iomap.h @@ -47,6 +47,7 @@ xfs_aligned_fsb_count( } extern const struct iomap_ops xfs_buffered_write_iomap_ops; +extern const struct iomap_ops xfs_page_mkwrite_iomap_ops; extern const struct iomap_ops xfs_direct_write_iomap_ops; extern const struct iomap_ops xfs_read_iomap_ops; extern const struct iomap_ops xfs_seek_iomap_ops; -- 2.45.0.rc1.225.g2a3ae87e7f-goog

11 months, 2 weeks

3
30
0 0

Re: 回复: 回复: backport a patch for Linux kernel-5.15 kernel-6.1 kenrel-6.6 stable tree

by Greg KH

On Thu, May 23, 2024 at 08:21:23AM +0000, Lin Gui (桂林) wrote: > Dear @Greg KH<mailto:gregkh@linuxfoundation.org>, > > > I don't understand, why does this qualify as a stable patch? The > > changes says this is "optional", which means the device should work just > > fine without it, right? > > [MTK] > > If without this patch, some emmc devices may cause unstable operation and report CRC errors. > > > > Is this a regression fix from something that previously used to work > > properly? > [MTK] > Yes Ok, thanks. But you need to provide a working, and tested, version of it for 5.15.y as it obviously does not even work there (which means you did not test that?) greg k-h

11 months, 2 weeks

1
0
0 0

[PATCH net] net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe()

by Romain Gantois

In the prueth_probe() function, if one of the calls to emac_phy_connect() fails due to of_phy_connect() returning NULL, then the subsequent call to phy_attached_info() will dereference a NULL pointer. Check the return code of emac_phy_connect and fail cleanly if there is an error. Fixes: 128d5874c082 ("net: ti: icssg-prueth: Add ICSSG ethernet driver") Cc: stable(a)vger.kernel.org Signed-off-by: Romain Gantois <romain.gantois(a)bootlin.com> --- Hello everyone, There is a possible NULL pointer dereference in the prueth_probe() function of the icssg_prueth driver. I discovered this while testing a platform with one PRUETH MAC enabled out of the two available. These are the requirements to reproduce the bug: prueth_probe() is called either eth0_node or eth1_node is not NULL in emac_phy_connect: of_phy_connect() returns NULL Then, the following leads to the NULL pointer dereference: prueth->emac[PRUETH_MAC0]->ndev->phydev is set to NULL prueth->emac[PRUETH_MAC0]->ndev->phydev is passed to phy_attached_info() -> phy_attached_print() dereferences phydev which is NULL This series provides a fix by checking the return code of emac_phy_connect(). Best Regards, Romain --- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/ti/icssg/icssg_prueth.c b/drivers/net/ethernet/ti/icssg/icssg_prueth.c index 7c9e9518f555a..1ea3fbd5e954e 100644 --- a/drivers/net/ethernet/ti/icssg/icssg_prueth.c +++ b/drivers/net/ethernet/ti/icssg/icssg_prueth.c @@ -1039,7 +1039,12 @@ static int prueth_probe(struct platform_device *pdev) prueth->registered_netdevs[PRUETH_MAC0] = prueth->emac[PRUETH_MAC0]->ndev; - emac_phy_connect(prueth->emac[PRUETH_MAC0]); + ret = emac_phy_connect(prueth->emac[PRUETH_MAC0]); + if (ret) { + dev_err(dev, + "can't connect to MII0 PHY, error -%d", ret); + goto netdev_unregister; + } phy_attached_info(prueth->emac[PRUETH_MAC0]->ndev->phydev); } @@ -1051,7 +1056,12 @@ static int prueth_probe(struct platform_device *pdev) } prueth->registered_netdevs[PRUETH_MAC1] = prueth->emac[PRUETH_MAC1]->ndev; - emac_phy_connect(prueth->emac[PRUETH_MAC1]); + ret = emac_phy_connect(prueth->emac[PRUETH_MAC1]); + if (ret) { + dev_err(dev, + "can't connect to MII1 PHY, error %d", ret); + goto netdev_unregister; + } phy_attached_info(prueth->emac[PRUETH_MAC1]->ndev->phydev); } --- base-commit: e4a87abf588536d1cdfb128595e6e680af5cf3ed change-id: 20240521-icssg-prueth-fix-03b03064c5ce Best regards, -- Romain Gantois <romain.gantois(a)bootlin.com>

11 months, 2 weeks

4
3
0 0

[PATCH] wifi: cfg80211: validate HE operation element parsing

by Johannes Berg

From: Johannes Berg <johannes.berg(a)intel.com> Validate that the HE operation element has the correct length before parsing it. Cc: stable(a)vger.kernel.org Fixes: 645f3d85129d ("wifi: cfg80211: handle UHB AP and STA power type") Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit(a)intel.com> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> --- net/wireless/scan.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/wireless/scan.c b/net/wireless/scan.c index 127853877a0a..8daed8232b05 100644 --- a/net/wireless/scan.c +++ b/net/wireless/scan.c @@ -2128,7 +2128,8 @@ static bool cfg80211_6ghz_power_type_valid(const u8 *ie, size_t ielen, struct ieee80211_he_operation *he_oper; tmp = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ie, ielen); - if (tmp && tmp->datalen >= sizeof(*he_oper) + 1) { + if (tmp && tmp->datalen >= sizeof(*he_oper) + 1 && + tmp->datalen >= ieee80211_he_oper_size(tmp->data + 1)) { const struct ieee80211_he_6ghz_oper *he_6ghz_oper; he_oper = (void *)&tmp->data[1]; -- 2.45.1

11 months, 2 weeks

1
0
0 0

[PATCH net] sock_map: avoid race between sock_map_close and sk_psock_put

by Thadeu Lima de Souza Cascardo

sk_psock_get will return NULL if the refcount of psock has gone to 0, which will happen when the last call of sk_psock_put is done. However, sk_psock_drop may not have finished yet, so the close callback will still point to sock_map_close despite psock being NULL. This can be reproduced with a thread deleting an element from the sock map, while the second one creates a socket, adds it to the map and closes it. That will trigger the WARN_ON_ONCE: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7220 at net/core/sock_map.c:1701 sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701 Modules linked in: CPU: 1 PID: 7220 Comm: syz-executor380 Not tainted 6.9.0-syzkaller-07726-g3c999d1ae3c7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701 Code: df e8 92 29 88 f8 48 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 79 29 88 f8 4c 8b 23 eb 89 e8 4f 15 23 f8 90 <0f> 0b 90 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 13 26 3d 02 RSP: 0018:ffffc9000441fda8 EFLAGS: 00010293 RAX: ffffffff89731ae1 RBX: ffffffff94b87540 RCX: ffff888029470000 RDX: 0000000000000000 RSI: ffffffff8bcab5c0 RDI: ffffffff8c1faba0 RBP: 0000000000000000 R08: ffffffff92f9b61f R09: 1ffffffff25f36c3 R10: dffffc0000000000 R11: fffffbfff25f36c4 R12: ffffffff89731840 R13: ffff88804b587000 R14: ffff88804b587000 R15: ffffffff89731870 FS: 000055555e080380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000207d4000 CR4: 0000000000350ef0 Call Trace: <TASK> unix_release+0x87/0xc0 net/unix/af_unix.c:1048 __sock_release net/socket.c:659 [inline] sock_close+0xbe/0x240 net/socket.c:1421 __fput+0x42b/0x8a0 fs/file_table.c:422 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1541 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb37d618070 Code: 00 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d4 e8 10 2c 00 00 80 3d 31 f0 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c RSP: 002b:00007ffcd4a525d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fb37d618070 RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000100000000 R09: 0000000100000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Use sk_psock, which will only check that the pointer is not been set to NULL yet, which should only happen after the callbacks are restored. If, then, a reference can still be gotten, we may call sk_psock_stop and cancel psock->work. After that change, the reproducer does not trigger the WARN_ON_ONCE anymore. Reported-by: syzbot+07a2e4a1a57118ef7355(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=07a2e4a1a57118ef7355 Fixes: aadb2bb83ff7 ("sock_map: Fix a potential use-after-free in sock_map_close()") Fixes: 5b4a79ba65a1 ("bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself") Cc: stable(a)vger.kernel.org Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> --- net/core/sock_map.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 9402889840bf..13267e667a4c 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -1680,19 +1680,23 @@ void sock_map_close(struct sock *sk, long timeout) lock_sock(sk); rcu_read_lock(); - psock = sk_psock_get(sk); + psock = sk_psock(sk); if (unlikely(!psock)) { + saved_close = READ_ONCE(sk->sk_prot)->close; rcu_read_unlock(); release_sock(sk); - saved_close = READ_ONCE(sk->sk_prot)->close; } else { saved_close = psock->saved_close; sock_map_remove_links(sk, psock); + psock = sk_psock_get(sk); rcu_read_unlock(); - sk_psock_stop(psock); + if (psock) + sk_psock_stop(psock); release_sock(sk); - cancel_delayed_work_sync(&psock->work); - sk_psock_put(sk, psock); + if (psock) { + cancel_delayed_work_sync(&psock->work); + sk_psock_put(sk, psock); + } } /* Make sure we do not recurse. This is a bug. -- 2.34.1

11 months, 2 weeks

3
3
0 0

FAILED: patch "[PATCH] Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 4d7b41c0e43995b0e992b9f8903109275744b658 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052327-heap-jumble-2f4f@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 4d7b41c0e439 ("Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d7b41c0e43995b0e992b9f8903109275744b658 Mon Sep 17 00:00:00 2001 From: Sungwoo Kim <iam(a)sung-woo.kim> Date: Tue, 30 Apr 2024 02:32:10 -0400 Subject: [PATCH] Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect ┌ mutex_lock(&conn->chan_lock); │ chan = pchan->ops->new_connection(pchan); <- alloc chan │ __l2cap_chan_add(conn, chan); │ l2cap_chan_hold(chan); │ list_add(&chan->list, &conn->chan_l); ... (1) └ mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del ┌ mutex_lock(&conn->chan_lock); │ foreach chan in conn->chan_l: ... (2) │ l2cap_chan_put(chan); │ l2cap_chan_destroy │ kfree(chan) ... (3) <- chan freed └ mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311 Fixes: 73ffa904b782 ("Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan") Signed-off-by: Sungwoo Kim <iam(a)sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 84fc70862d78..868a370a16aa 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -3902,13 +3902,12 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, return 0; } -static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, - struct l2cap_cmd_hdr *cmd, - u8 *data, u8 rsp_code, u8 amp_id) +static void l2cap_connect(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, + u8 *data, u8 rsp_code, u8 amp_id) { struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; struct l2cap_conn_rsp rsp; - struct l2cap_chan *chan = NULL, *pchan; + struct l2cap_chan *chan = NULL, *pchan = NULL; int result, status = L2CAP_CS_NO_INFO; u16 dcid = 0, scid = __le16_to_cpu(req->scid); @@ -3921,7 +3920,7 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, &conn->hcon->dst, ACL_LINK); if (!pchan) { result = L2CAP_CR_BAD_PSM; - goto sendresp; + goto response; } mutex_lock(&conn->chan_lock); @@ -4008,17 +4007,15 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, } response: - l2cap_chan_unlock(pchan); - mutex_unlock(&conn->chan_lock); - l2cap_chan_put(pchan); - -sendresp: rsp.scid = cpu_to_le16(scid); rsp.dcid = cpu_to_le16(dcid); rsp.result = cpu_to_le16(result); rsp.status = cpu_to_le16(status); l2cap_send_cmd(conn, cmd->ident, rsp_code, sizeof(rsp), &rsp); + if (!pchan) + return; + if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) { struct l2cap_info_req info; info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK); @@ -4041,7 +4038,9 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, chan->num_conf_req++; } - return chan; + l2cap_chan_unlock(pchan); + mutex_unlock(&conn->chan_lock); + l2cap_chan_put(pchan); } static int l2cap_connect_req(struct l2cap_conn *conn,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 4d7b41c0e43995b0e992b9f8903109275744b658 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052326-overthrow-unveiled-8f66@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 4d7b41c0e439 ("Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d7b41c0e43995b0e992b9f8903109275744b658 Mon Sep 17 00:00:00 2001 From: Sungwoo Kim <iam(a)sung-woo.kim> Date: Tue, 30 Apr 2024 02:32:10 -0400 Subject: [PATCH] Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect ┌ mutex_lock(&conn->chan_lock); │ chan = pchan->ops->new_connection(pchan); <- alloc chan │ __l2cap_chan_add(conn, chan); │ l2cap_chan_hold(chan); │ list_add(&chan->list, &conn->chan_l); ... (1) └ mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del ┌ mutex_lock(&conn->chan_lock); │ foreach chan in conn->chan_l: ... (2) │ l2cap_chan_put(chan); │ l2cap_chan_destroy │ kfree(chan) ... (3) <- chan freed └ mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311 Fixes: 73ffa904b782 ("Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan") Signed-off-by: Sungwoo Kim <iam(a)sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 84fc70862d78..868a370a16aa 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -3902,13 +3902,12 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, return 0; } -static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, - struct l2cap_cmd_hdr *cmd, - u8 *data, u8 rsp_code, u8 amp_id) +static void l2cap_connect(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, + u8 *data, u8 rsp_code, u8 amp_id) { struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; struct l2cap_conn_rsp rsp; - struct l2cap_chan *chan = NULL, *pchan; + struct l2cap_chan *chan = NULL, *pchan = NULL; int result, status = L2CAP_CS_NO_INFO; u16 dcid = 0, scid = __le16_to_cpu(req->scid); @@ -3921,7 +3920,7 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, &conn->hcon->dst, ACL_LINK); if (!pchan) { result = L2CAP_CR_BAD_PSM; - goto sendresp; + goto response; } mutex_lock(&conn->chan_lock); @@ -4008,17 +4007,15 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, } response: - l2cap_chan_unlock(pchan); - mutex_unlock(&conn->chan_lock); - l2cap_chan_put(pchan); - -sendresp: rsp.scid = cpu_to_le16(scid); rsp.dcid = cpu_to_le16(dcid); rsp.result = cpu_to_le16(result); rsp.status = cpu_to_le16(status); l2cap_send_cmd(conn, cmd->ident, rsp_code, sizeof(rsp), &rsp); + if (!pchan) + return; + if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) { struct l2cap_info_req info; info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK); @@ -4041,7 +4038,9 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, chan->num_conf_req++; } - return chan; + l2cap_chan_unlock(pchan); + mutex_unlock(&conn->chan_lock); + l2cap_chan_put(pchan); } static int l2cap_connect_req(struct l2cap_conn *conn,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4d7b41c0e43995b0e992b9f8903109275744b658 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052324-onlooker-removal-e3ba@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 4d7b41c0e439 ("Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d7b41c0e43995b0e992b9f8903109275744b658 Mon Sep 17 00:00:00 2001 From: Sungwoo Kim <iam(a)sung-woo.kim> Date: Tue, 30 Apr 2024 02:32:10 -0400 Subject: [PATCH] Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect ┌ mutex_lock(&conn->chan_lock); │ chan = pchan->ops->new_connection(pchan); <- alloc chan │ __l2cap_chan_add(conn, chan); │ l2cap_chan_hold(chan); │ list_add(&chan->list, &conn->chan_l); ... (1) └ mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del ┌ mutex_lock(&conn->chan_lock); │ foreach chan in conn->chan_l: ... (2) │ l2cap_chan_put(chan); │ l2cap_chan_destroy │ kfree(chan) ... (3) <- chan freed └ mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311 Fixes: 73ffa904b782 ("Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan") Signed-off-by: Sungwoo Kim <iam(a)sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 84fc70862d78..868a370a16aa 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -3902,13 +3902,12 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, return 0; } -static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, - struct l2cap_cmd_hdr *cmd, - u8 *data, u8 rsp_code, u8 amp_id) +static void l2cap_connect(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, + u8 *data, u8 rsp_code, u8 amp_id) { struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; struct l2cap_conn_rsp rsp; - struct l2cap_chan *chan = NULL, *pchan; + struct l2cap_chan *chan = NULL, *pchan = NULL; int result, status = L2CAP_CS_NO_INFO; u16 dcid = 0, scid = __le16_to_cpu(req->scid); @@ -3921,7 +3920,7 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, &conn->hcon->dst, ACL_LINK); if (!pchan) { result = L2CAP_CR_BAD_PSM; - goto sendresp; + goto response; } mutex_lock(&conn->chan_lock); @@ -4008,17 +4007,15 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, } response: - l2cap_chan_unlock(pchan); - mutex_unlock(&conn->chan_lock); - l2cap_chan_put(pchan); - -sendresp: rsp.scid = cpu_to_le16(scid); rsp.dcid = cpu_to_le16(dcid); rsp.result = cpu_to_le16(result); rsp.status = cpu_to_le16(status); l2cap_send_cmd(conn, cmd->ident, rsp_code, sizeof(rsp), &rsp); + if (!pchan) + return; + if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) { struct l2cap_info_req info; info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK); @@ -4041,7 +4038,9 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, chan->num_conf_req++; } - return chan; + l2cap_chan_unlock(pchan); + mutex_unlock(&conn->chan_lock); + l2cap_chan_put(pchan); } static int l2cap_connect_req(struct l2cap_conn *conn,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4d7b41c0e43995b0e992b9f8903109275744b658 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052323-settle-unhealthy-57bc@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 4d7b41c0e439 ("Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d7b41c0e43995b0e992b9f8903109275744b658 Mon Sep 17 00:00:00 2001 From: Sungwoo Kim <iam(a)sung-woo.kim> Date: Tue, 30 Apr 2024 02:32:10 -0400 Subject: [PATCH] Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect ┌ mutex_lock(&conn->chan_lock); │ chan = pchan->ops->new_connection(pchan); <- alloc chan │ __l2cap_chan_add(conn, chan); │ l2cap_chan_hold(chan); │ list_add(&chan->list, &conn->chan_l); ... (1) └ mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del ┌ mutex_lock(&conn->chan_lock); │ foreach chan in conn->chan_l: ... (2) │ l2cap_chan_put(chan); │ l2cap_chan_destroy │ kfree(chan) ... (3) <- chan freed └ mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311 Fixes: 73ffa904b782 ("Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan") Signed-off-by: Sungwoo Kim <iam(a)sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 84fc70862d78..868a370a16aa 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -3902,13 +3902,12 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, return 0; } -static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, - struct l2cap_cmd_hdr *cmd, - u8 *data, u8 rsp_code, u8 amp_id) +static void l2cap_connect(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, + u8 *data, u8 rsp_code, u8 amp_id) { struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; struct l2cap_conn_rsp rsp; - struct l2cap_chan *chan = NULL, *pchan; + struct l2cap_chan *chan = NULL, *pchan = NULL; int result, status = L2CAP_CS_NO_INFO; u16 dcid = 0, scid = __le16_to_cpu(req->scid); @@ -3921,7 +3920,7 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, &conn->hcon->dst, ACL_LINK); if (!pchan) { result = L2CAP_CR_BAD_PSM; - goto sendresp; + goto response; } mutex_lock(&conn->chan_lock); @@ -4008,17 +4007,15 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, } response: - l2cap_chan_unlock(pchan); - mutex_unlock(&conn->chan_lock); - l2cap_chan_put(pchan); - -sendresp: rsp.scid = cpu_to_le16(scid); rsp.dcid = cpu_to_le16(dcid); rsp.result = cpu_to_le16(result); rsp.status = cpu_to_le16(status); l2cap_send_cmd(conn, cmd->ident, rsp_code, sizeof(rsp), &rsp); + if (!pchan) + return; + if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) { struct l2cap_info_req info; info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK); @@ -4041,7 +4038,9 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, chan->num_conf_req++; } - return chan; + l2cap_chan_unlock(pchan); + mutex_unlock(&conn->chan_lock); + l2cap_chan_put(pchan); } static int l2cap_connect_req(struct l2cap_conn *conn,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4d7b41c0e43995b0e992b9f8903109275744b658 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052322-dictation-starting-993c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 4d7b41c0e439 ("Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d7b41c0e43995b0e992b9f8903109275744b658 Mon Sep 17 00:00:00 2001 From: Sungwoo Kim <iam(a)sung-woo.kim> Date: Tue, 30 Apr 2024 02:32:10 -0400 Subject: [PATCH] Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack summary: [use] l2cap_bredr_sig_cmd l2cap_connect ┌ mutex_lock(&conn->chan_lock); │ chan = pchan->ops->new_connection(pchan); <- alloc chan │ __l2cap_chan_add(conn, chan); │ l2cap_chan_hold(chan); │ list_add(&chan->list, &conn->chan_l); ... (1) └ mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free [free] l2cap_conn_del ┌ mutex_lock(&conn->chan_lock); │ foreach chan in conn->chan_l: ... (2) │ l2cap_chan_put(chan); │ l2cap_chan_destroy │ kfree(chan) ... (3) <- chan freed └ mutex_unlock(&conn->chan_lock); ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0 net/bluetooth/l2cap_core.c:4260 Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311 Fixes: 73ffa904b782 ("Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan") Signed-off-by: Sungwoo Kim <iam(a)sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 84fc70862d78..868a370a16aa 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -3902,13 +3902,12 @@ static inline int l2cap_command_rej(struct l2cap_conn *conn, return 0; } -static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, - struct l2cap_cmd_hdr *cmd, - u8 *data, u8 rsp_code, u8 amp_id) +static void l2cap_connect(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, + u8 *data, u8 rsp_code, u8 amp_id) { struct l2cap_conn_req *req = (struct l2cap_conn_req *) data; struct l2cap_conn_rsp rsp; - struct l2cap_chan *chan = NULL, *pchan; + struct l2cap_chan *chan = NULL, *pchan = NULL; int result, status = L2CAP_CS_NO_INFO; u16 dcid = 0, scid = __le16_to_cpu(req->scid); @@ -3921,7 +3920,7 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, &conn->hcon->dst, ACL_LINK); if (!pchan) { result = L2CAP_CR_BAD_PSM; - goto sendresp; + goto response; } mutex_lock(&conn->chan_lock); @@ -4008,17 +4007,15 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, } response: - l2cap_chan_unlock(pchan); - mutex_unlock(&conn->chan_lock); - l2cap_chan_put(pchan); - -sendresp: rsp.scid = cpu_to_le16(scid); rsp.dcid = cpu_to_le16(dcid); rsp.result = cpu_to_le16(result); rsp.status = cpu_to_le16(status); l2cap_send_cmd(conn, cmd->ident, rsp_code, sizeof(rsp), &rsp); + if (!pchan) + return; + if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) { struct l2cap_info_req info; info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK); @@ -4041,7 +4038,9 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, chan->num_conf_req++; } - return chan; + l2cap_chan_unlock(pchan); + mutex_unlock(&conn->chan_lock); + l2cap_chan_put(pchan); } static int l2cap_connect_req(struct l2cap_conn *conn,

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x a5b862c6a221459d54e494e88965b48dcfa6cc44 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052306-disobey-lived-7913@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5b862c6a221459d54e494e88965b48dcfa6cc44 Mon Sep 17 00:00:00 2001 From: Sungwoo Kim <iam(a)sung-woo.kim> Date: Sat, 4 May 2024 15:23:29 -0400 Subject: [PATCH] Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to validate MTU and stop the connection process earlier if MTU is invalid. Also, add a missing validation in read_buffer_size() and make it return an error value if the validation fails. Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a kzalloc failure and invalid MTU value. divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci0 hci_rx_work RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547 Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c 89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42 RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246 RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084 R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000 FS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline] l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline] l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809 l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506 hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline] hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335 worker_thread+0x926/0xe70 kernel/workqueue.c:3416 kthread+0x2e3/0x380 kernel/kthread.c:388 ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- Fixes: 6ed58ec520ad ("Bluetooth: Use LE buffers for LE traffic") Suggested-by: Luiz Augusto von Dentz <luiz.dentz(a)gmail.com> Signed-off-by: Sungwoo Kim <iam(a)sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index 21ebd70f3dcc..de530262d824 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -1665,6 +1665,15 @@ struct hci_cp_le_set_event_mask { __u8 mask[8]; } __packed; +/* BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 4, Part E + * 7.8.2 LE Read Buffer Size command + * MAX_LE_MTU is 0xffff. + * 0 is also valid. It means that no dedicated LE Buffer exists. + * It should use the HCI_Read_Buffer_Size command and mtu is shared + * between BR/EDR and LE. + */ +#define HCI_MIN_LE_MTU 0x001b + #define HCI_OP_LE_READ_BUFFER_SIZE 0x2002 struct hci_rp_le_read_buffer_size { __u8 status; diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 2283d12ee358..be012f393bcb 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -706,6 +706,7 @@ struct hci_conn { __u16 handle; __u16 sync_handle; __u16 state; + __u16 mtu; __u8 mode; __u8 type; __u8 role; diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index b7f8e99001dd..f21e7c73021d 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -904,11 +904,37 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, { struct hci_conn *conn; + switch (type) { + case ACL_LINK: + if (!hdev->acl_mtu) + return ERR_PTR(-ECONNREFUSED); + break; + case ISO_LINK: + if (hdev->iso_mtu) + /* Dedicated ISO Buffer exists */ + break; + fallthrough; + case LE_LINK: + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return ERR_PTR(-ECONNREFUSED); + if (!hdev->le_mtu && hdev->acl_mtu < HCI_MIN_LE_MTU) + return ERR_PTR(-ECONNREFUSED); + break; + case SCO_LINK: + case ESCO_LINK: + if (!hdev->sco_pkts) + /* Controller does not support SCO or eSCO over HCI */ + return ERR_PTR(-ECONNREFUSED); + break; + default: + return ERR_PTR(-ECONNREFUSED); + } + bt_dev_dbg(hdev, "dst %pMR handle 0x%4.4x", dst, handle); conn = kzalloc(sizeof(*conn), GFP_KERNEL); if (!conn) - return NULL; + return ERR_PTR(-ENOMEM); bacpy(&conn->dst, dst); bacpy(&conn->src, &hdev->bdaddr); @@ -939,10 +965,12 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, switch (type) { case ACL_LINK: conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; + conn->mtu = hdev->acl_mtu; break; case LE_LINK: /* conn->src should reflect the local identity address */ hci_copy_identity_address(hdev, &conn->src, &conn->src_type); + conn->mtu = hdev->le_mtu ? hdev->le_mtu : hdev->acl_mtu; break; case ISO_LINK: /* conn->src should reflect the local identity address */ @@ -954,6 +982,8 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, else if (conn->role == HCI_ROLE_MASTER) conn->cleanup = cis_cleanup; + conn->mtu = hdev->iso_mtu ? hdev->iso_mtu : + hdev->le_mtu ? hdev->le_mtu : hdev->acl_mtu; break; case SCO_LINK: if (lmp_esco_capable(hdev)) @@ -961,9 +991,12 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, (hdev->esco_type & EDR_ESCO_MASK); else conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; + + conn->mtu = hdev->sco_mtu; break; case ESCO_LINK: conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; + conn->mtu = hdev->sco_mtu; break; } @@ -1006,7 +1039,7 @@ struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, handle = hci_conn_hash_alloc_unset(hdev); if (unlikely(handle < 0)) - return NULL; + return ERR_PTR(-ECONNREFUSED); return hci_conn_add(hdev, type, dst, role, handle); } @@ -1312,8 +1345,8 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, bacpy(&conn->dst, dst); } else { conn = hci_conn_add_unset(hdev, LE_LINK, dst, role); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; hci_conn_hold(conn); conn->pending_sec_level = sec_level; } @@ -1489,8 +1522,8 @@ static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst, return ERR_PTR(-EADDRINUSE); conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; conn->state = BT_CONNECT; @@ -1533,8 +1566,8 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, BT_DBG("requesting refresh of dst_addr"); conn = hci_conn_add_unset(hdev, LE_LINK, dst, HCI_ROLE_MASTER); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) { hci_conn_del(conn); @@ -1581,8 +1614,8 @@ struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); if (!acl) { acl = hci_conn_add_unset(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); - if (!acl) - return ERR_PTR(-ENOMEM); + if (IS_ERR(acl)) + return acl; } hci_conn_hold(acl); @@ -1650,9 +1683,9 @@ struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, sco = hci_conn_hash_lookup_ba(hdev, type, dst); if (!sco) { sco = hci_conn_add_unset(hdev, type, dst, HCI_ROLE_MASTER); - if (!sco) { + if (IS_ERR(sco)) { hci_conn_drop(acl); - return ERR_PTR(-ENOMEM); + return sco; } } @@ -1841,8 +1874,8 @@ struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst, qos->ucast.cis); if (!cis) { cis = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); - if (!cis) - return ERR_PTR(-ENOMEM); + if (IS_ERR(cis)) + return cis; cis->cleanup = cis_cleanup; cis->dst_type = dst_type; cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET; @@ -1977,14 +2010,8 @@ static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn, struct bt_iso_io_qos *qos, __u8 phy) { /* Only set MTU if PHY is enabled */ - if (!qos->sdu && qos->phy) { - if (hdev->iso_mtu > 0) - qos->sdu = hdev->iso_mtu; - else if (hdev->le_mtu > 0) - qos->sdu = hdev->le_mtu; - else - qos->sdu = hdev->acl_mtu; - } + if (!qos->sdu && qos->phy) + qos->sdu = conn->mtu; /* Use the same PHY as ACL if set to any */ if (qos->phy == BT_ISO_PHY_ANY) @@ -2065,8 +2092,8 @@ struct hci_conn *hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, return ERR_PTR(-EBUSY); conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_SLAVE); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; conn->iso_qos = *qos; conn->state = BT_LISTEN; diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 122a6a9092e0..97c6f34ba640 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -954,6 +954,9 @@ static u8 hci_cc_read_buffer_size(struct hci_dev *hdev, void *data, BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu, hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts); + if (!hdev->acl_mtu || !hdev->acl_pkts) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -1263,6 +1266,9 @@ static u8 hci_cc_le_read_buffer_size(struct hci_dev *hdev, void *data, BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts); + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -2341,8 +2347,8 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) if (!conn) { conn = hci_conn_add_unset(hdev, ACL_LINK, &cp->bdaddr, HCI_ROLE_MASTER); - if (!conn) - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); } } @@ -3153,8 +3159,8 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, void *data, BDADDR_BREDR)) { conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, HCI_ROLE_SLAVE); - if (!conn) { - bt_dev_err(hdev, "no memory for new conn"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } } else { @@ -3342,8 +3348,8 @@ static void hci_conn_request_evt(struct hci_dev *hdev, void *data, if (!conn) { conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, HCI_ROLE_SLAVE); - if (!conn) { - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } } @@ -3820,6 +3826,9 @@ static u8 hci_cc_le_read_buffer_size_v2(struct hci_dev *hdev, void *data, BT_DBG("%s acl mtu %d:%d iso mtu %d:%d", hdev->name, hdev->acl_mtu, hdev->acl_pkts, hdev->iso_mtu, hdev->iso_pkts); + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -5768,8 +5777,8 @@ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status, goto unlock; conn = hci_conn_add_unset(hdev, LE_LINK, bdaddr, role); - if (!conn) { - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } @@ -6497,7 +6506,7 @@ static void hci_le_pa_sync_estabilished_evt(struct hci_dev *hdev, void *data, pa_sync = hci_conn_add_unset(hdev, ISO_LINK, BDADDR_ANY, HCI_ROLE_SLAVE); - if (!pa_sync) + if (IS_ERR(pa_sync)) goto unlock; pa_sync->sync_handle = le16_to_cpu(ev->handle); @@ -6921,7 +6930,7 @@ static void hci_le_cis_req_evt(struct hci_dev *hdev, void *data, if (!cis) { cis = hci_conn_add(hdev, ISO_LINK, &acl->dst, HCI_ROLE_SLAVE, cis_handle); - if (!cis) { + if (IS_ERR(cis)) { hci_le_reject_cis(hdev, ev->cis_handle); goto unlock; } @@ -7030,7 +7039,7 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data, if (!bis) { bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY, HCI_ROLE_SLAVE, handle); - if (!bis) + if (IS_ERR(bis)) continue; } diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index d0ef7290e5b7..00c0d8413c63 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -1258,7 +1258,7 @@ static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, return -ENOTCONN; } - mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu; + mtu = iso_pi(sk)->conn->hcon->mtu; release_sock(sk); diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 443423538a4c..adc8f990f13e 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -6264,7 +6264,7 @@ static int l2cap_finish_move(struct l2cap_chan *chan) BT_DBG("chan %p", chan); chan->rx_state = L2CAP_RX_STATE_RECV; - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; + chan->conn->mtu = chan->conn->hcon->mtu; return l2cap_resegment(chan); } @@ -6331,7 +6331,7 @@ static int l2cap_rx_state_wait_f(struct l2cap_chan *chan, */ chan->next_tx_seq = control->reqseq; chan->unacked_frames = 0; - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; + chan->conn->mtu = chan->conn->hcon->mtu; err = l2cap_resegment(chan); @@ -6889,18 +6889,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon) BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); - switch (hcon->type) { - case LE_LINK: - if (hcon->hdev->le_mtu) { - conn->mtu = hcon->hdev->le_mtu; - break; - } - fallthrough; - default: - conn->mtu = hcon->hdev->acl_mtu; - break; - } - + conn->mtu = hcon->mtu; conn->feat_mask = 0; conn->local_fixed_chan = L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS; diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index e0ad30862ee4..71d36582d4ef 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c @@ -126,7 +126,6 @@ static void sco_sock_clear_timer(struct sock *sk) /* ---- SCO connections ---- */ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) { - struct hci_dev *hdev = hcon->hdev; struct sco_conn *conn = hcon->sco_data; if (conn) { @@ -144,9 +143,10 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) hcon->sco_data = conn; conn->hcon = hcon; + conn->mtu = hcon->mtu; - if (hdev->sco_mtu > 0) - conn->mtu = hdev->sco_mtu; + if (hcon->mtu > 0) + conn->mtu = hcon->mtu; else conn->mtu = 60;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a5b862c6a221459d54e494e88965b48dcfa6cc44 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052304-unpleased-roast-6595@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5b862c6a221459d54e494e88965b48dcfa6cc44 Mon Sep 17 00:00:00 2001 From: Sungwoo Kim <iam(a)sung-woo.kim> Date: Sat, 4 May 2024 15:23:29 -0400 Subject: [PATCH] Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to validate MTU and stop the connection process earlier if MTU is invalid. Also, add a missing validation in read_buffer_size() and make it return an error value if the validation fails. Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a kzalloc failure and invalid MTU value. divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci0 hci_rx_work RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547 Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c 89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42 RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246 RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084 R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000 FS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline] l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline] l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809 l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506 hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline] hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335 worker_thread+0x926/0xe70 kernel/workqueue.c:3416 kthread+0x2e3/0x380 kernel/kthread.c:388 ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- Fixes: 6ed58ec520ad ("Bluetooth: Use LE buffers for LE traffic") Suggested-by: Luiz Augusto von Dentz <luiz.dentz(a)gmail.com> Signed-off-by: Sungwoo Kim <iam(a)sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index 21ebd70f3dcc..de530262d824 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -1665,6 +1665,15 @@ struct hci_cp_le_set_event_mask { __u8 mask[8]; } __packed; +/* BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 4, Part E + * 7.8.2 LE Read Buffer Size command + * MAX_LE_MTU is 0xffff. + * 0 is also valid. It means that no dedicated LE Buffer exists. + * It should use the HCI_Read_Buffer_Size command and mtu is shared + * between BR/EDR and LE. + */ +#define HCI_MIN_LE_MTU 0x001b + #define HCI_OP_LE_READ_BUFFER_SIZE 0x2002 struct hci_rp_le_read_buffer_size { __u8 status; diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 2283d12ee358..be012f393bcb 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -706,6 +706,7 @@ struct hci_conn { __u16 handle; __u16 sync_handle; __u16 state; + __u16 mtu; __u8 mode; __u8 type; __u8 role; diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index b7f8e99001dd..f21e7c73021d 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -904,11 +904,37 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, { struct hci_conn *conn; + switch (type) { + case ACL_LINK: + if (!hdev->acl_mtu) + return ERR_PTR(-ECONNREFUSED); + break; + case ISO_LINK: + if (hdev->iso_mtu) + /* Dedicated ISO Buffer exists */ + break; + fallthrough; + case LE_LINK: + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return ERR_PTR(-ECONNREFUSED); + if (!hdev->le_mtu && hdev->acl_mtu < HCI_MIN_LE_MTU) + return ERR_PTR(-ECONNREFUSED); + break; + case SCO_LINK: + case ESCO_LINK: + if (!hdev->sco_pkts) + /* Controller does not support SCO or eSCO over HCI */ + return ERR_PTR(-ECONNREFUSED); + break; + default: + return ERR_PTR(-ECONNREFUSED); + } + bt_dev_dbg(hdev, "dst %pMR handle 0x%4.4x", dst, handle); conn = kzalloc(sizeof(*conn), GFP_KERNEL); if (!conn) - return NULL; + return ERR_PTR(-ENOMEM); bacpy(&conn->dst, dst); bacpy(&conn->src, &hdev->bdaddr); @@ -939,10 +965,12 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, switch (type) { case ACL_LINK: conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; + conn->mtu = hdev->acl_mtu; break; case LE_LINK: /* conn->src should reflect the local identity address */ hci_copy_identity_address(hdev, &conn->src, &conn->src_type); + conn->mtu = hdev->le_mtu ? hdev->le_mtu : hdev->acl_mtu; break; case ISO_LINK: /* conn->src should reflect the local identity address */ @@ -954,6 +982,8 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, else if (conn->role == HCI_ROLE_MASTER) conn->cleanup = cis_cleanup; + conn->mtu = hdev->iso_mtu ? hdev->iso_mtu : + hdev->le_mtu ? hdev->le_mtu : hdev->acl_mtu; break; case SCO_LINK: if (lmp_esco_capable(hdev)) @@ -961,9 +991,12 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, (hdev->esco_type & EDR_ESCO_MASK); else conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; + + conn->mtu = hdev->sco_mtu; break; case ESCO_LINK: conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; + conn->mtu = hdev->sco_mtu; break; } @@ -1006,7 +1039,7 @@ struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, handle = hci_conn_hash_alloc_unset(hdev); if (unlikely(handle < 0)) - return NULL; + return ERR_PTR(-ECONNREFUSED); return hci_conn_add(hdev, type, dst, role, handle); } @@ -1312,8 +1345,8 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, bacpy(&conn->dst, dst); } else { conn = hci_conn_add_unset(hdev, LE_LINK, dst, role); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; hci_conn_hold(conn); conn->pending_sec_level = sec_level; } @@ -1489,8 +1522,8 @@ static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst, return ERR_PTR(-EADDRINUSE); conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; conn->state = BT_CONNECT; @@ -1533,8 +1566,8 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, BT_DBG("requesting refresh of dst_addr"); conn = hci_conn_add_unset(hdev, LE_LINK, dst, HCI_ROLE_MASTER); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) { hci_conn_del(conn); @@ -1581,8 +1614,8 @@ struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); if (!acl) { acl = hci_conn_add_unset(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); - if (!acl) - return ERR_PTR(-ENOMEM); + if (IS_ERR(acl)) + return acl; } hci_conn_hold(acl); @@ -1650,9 +1683,9 @@ struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, sco = hci_conn_hash_lookup_ba(hdev, type, dst); if (!sco) { sco = hci_conn_add_unset(hdev, type, dst, HCI_ROLE_MASTER); - if (!sco) { + if (IS_ERR(sco)) { hci_conn_drop(acl); - return ERR_PTR(-ENOMEM); + return sco; } } @@ -1841,8 +1874,8 @@ struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst, qos->ucast.cis); if (!cis) { cis = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); - if (!cis) - return ERR_PTR(-ENOMEM); + if (IS_ERR(cis)) + return cis; cis->cleanup = cis_cleanup; cis->dst_type = dst_type; cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET; @@ -1977,14 +2010,8 @@ static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn, struct bt_iso_io_qos *qos, __u8 phy) { /* Only set MTU if PHY is enabled */ - if (!qos->sdu && qos->phy) { - if (hdev->iso_mtu > 0) - qos->sdu = hdev->iso_mtu; - else if (hdev->le_mtu > 0) - qos->sdu = hdev->le_mtu; - else - qos->sdu = hdev->acl_mtu; - } + if (!qos->sdu && qos->phy) + qos->sdu = conn->mtu; /* Use the same PHY as ACL if set to any */ if (qos->phy == BT_ISO_PHY_ANY) @@ -2065,8 +2092,8 @@ struct hci_conn *hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, return ERR_PTR(-EBUSY); conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_SLAVE); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; conn->iso_qos = *qos; conn->state = BT_LISTEN; diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 122a6a9092e0..97c6f34ba640 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -954,6 +954,9 @@ static u8 hci_cc_read_buffer_size(struct hci_dev *hdev, void *data, BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu, hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts); + if (!hdev->acl_mtu || !hdev->acl_pkts) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -1263,6 +1266,9 @@ static u8 hci_cc_le_read_buffer_size(struct hci_dev *hdev, void *data, BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts); + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -2341,8 +2347,8 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) if (!conn) { conn = hci_conn_add_unset(hdev, ACL_LINK, &cp->bdaddr, HCI_ROLE_MASTER); - if (!conn) - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); } } @@ -3153,8 +3159,8 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, void *data, BDADDR_BREDR)) { conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, HCI_ROLE_SLAVE); - if (!conn) { - bt_dev_err(hdev, "no memory for new conn"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } } else { @@ -3342,8 +3348,8 @@ static void hci_conn_request_evt(struct hci_dev *hdev, void *data, if (!conn) { conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, HCI_ROLE_SLAVE); - if (!conn) { - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } } @@ -3820,6 +3826,9 @@ static u8 hci_cc_le_read_buffer_size_v2(struct hci_dev *hdev, void *data, BT_DBG("%s acl mtu %d:%d iso mtu %d:%d", hdev->name, hdev->acl_mtu, hdev->acl_pkts, hdev->iso_mtu, hdev->iso_pkts); + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -5768,8 +5777,8 @@ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status, goto unlock; conn = hci_conn_add_unset(hdev, LE_LINK, bdaddr, role); - if (!conn) { - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } @@ -6497,7 +6506,7 @@ static void hci_le_pa_sync_estabilished_evt(struct hci_dev *hdev, void *data, pa_sync = hci_conn_add_unset(hdev, ISO_LINK, BDADDR_ANY, HCI_ROLE_SLAVE); - if (!pa_sync) + if (IS_ERR(pa_sync)) goto unlock; pa_sync->sync_handle = le16_to_cpu(ev->handle); @@ -6921,7 +6930,7 @@ static void hci_le_cis_req_evt(struct hci_dev *hdev, void *data, if (!cis) { cis = hci_conn_add(hdev, ISO_LINK, &acl->dst, HCI_ROLE_SLAVE, cis_handle); - if (!cis) { + if (IS_ERR(cis)) { hci_le_reject_cis(hdev, ev->cis_handle); goto unlock; } @@ -7030,7 +7039,7 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data, if (!bis) { bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY, HCI_ROLE_SLAVE, handle); - if (!bis) + if (IS_ERR(bis)) continue; } diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index d0ef7290e5b7..00c0d8413c63 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -1258,7 +1258,7 @@ static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, return -ENOTCONN; } - mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu; + mtu = iso_pi(sk)->conn->hcon->mtu; release_sock(sk); diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 443423538a4c..adc8f990f13e 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -6264,7 +6264,7 @@ static int l2cap_finish_move(struct l2cap_chan *chan) BT_DBG("chan %p", chan); chan->rx_state = L2CAP_RX_STATE_RECV; - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; + chan->conn->mtu = chan->conn->hcon->mtu; return l2cap_resegment(chan); } @@ -6331,7 +6331,7 @@ static int l2cap_rx_state_wait_f(struct l2cap_chan *chan, */ chan->next_tx_seq = control->reqseq; chan->unacked_frames = 0; - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; + chan->conn->mtu = chan->conn->hcon->mtu; err = l2cap_resegment(chan); @@ -6889,18 +6889,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon) BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); - switch (hcon->type) { - case LE_LINK: - if (hcon->hdev->le_mtu) { - conn->mtu = hcon->hdev->le_mtu; - break; - } - fallthrough; - default: - conn->mtu = hcon->hdev->acl_mtu; - break; - } - + conn->mtu = hcon->mtu; conn->feat_mask = 0; conn->local_fixed_chan = L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS; diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index e0ad30862ee4..71d36582d4ef 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c @@ -126,7 +126,6 @@ static void sco_sock_clear_timer(struct sock *sk) /* ---- SCO connections ---- */ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) { - struct hci_dev *hdev = hcon->hdev; struct sco_conn *conn = hcon->sco_data; if (conn) { @@ -144,9 +143,10 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) hcon->sco_data = conn; conn->hcon = hcon; + conn->mtu = hcon->mtu; - if (hdev->sco_mtu > 0) - conn->mtu = hdev->sco_mtu; + if (hcon->mtu > 0) + conn->mtu = hcon->mtu; else conn->mtu = 60;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a5b862c6a221459d54e494e88965b48dcfa6cc44 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052303-riverbed-thong-ca91@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5b862c6a221459d54e494e88965b48dcfa6cc44 Mon Sep 17 00:00:00 2001 From: Sungwoo Kim <iam(a)sung-woo.kim> Date: Sat, 4 May 2024 15:23:29 -0400 Subject: [PATCH] Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to validate MTU and stop the connection process earlier if MTU is invalid. Also, add a missing validation in read_buffer_size() and make it return an error value if the validation fails. Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a kzalloc failure and invalid MTU value. divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci0 hci_rx_work RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547 Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c 89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42 RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246 RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084 R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000 FS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline] l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline] l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809 l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506 hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline] hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335 worker_thread+0x926/0xe70 kernel/workqueue.c:3416 kthread+0x2e3/0x380 kernel/kthread.c:388 ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- Fixes: 6ed58ec520ad ("Bluetooth: Use LE buffers for LE traffic") Suggested-by: Luiz Augusto von Dentz <luiz.dentz(a)gmail.com> Signed-off-by: Sungwoo Kim <iam(a)sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index 21ebd70f3dcc..de530262d824 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -1665,6 +1665,15 @@ struct hci_cp_le_set_event_mask { __u8 mask[8]; } __packed; +/* BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 4, Part E + * 7.8.2 LE Read Buffer Size command + * MAX_LE_MTU is 0xffff. + * 0 is also valid. It means that no dedicated LE Buffer exists. + * It should use the HCI_Read_Buffer_Size command and mtu is shared + * between BR/EDR and LE. + */ +#define HCI_MIN_LE_MTU 0x001b + #define HCI_OP_LE_READ_BUFFER_SIZE 0x2002 struct hci_rp_le_read_buffer_size { __u8 status; diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 2283d12ee358..be012f393bcb 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -706,6 +706,7 @@ struct hci_conn { __u16 handle; __u16 sync_handle; __u16 state; + __u16 mtu; __u8 mode; __u8 type; __u8 role; diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index b7f8e99001dd..f21e7c73021d 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -904,11 +904,37 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, { struct hci_conn *conn; + switch (type) { + case ACL_LINK: + if (!hdev->acl_mtu) + return ERR_PTR(-ECONNREFUSED); + break; + case ISO_LINK: + if (hdev->iso_mtu) + /* Dedicated ISO Buffer exists */ + break; + fallthrough; + case LE_LINK: + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return ERR_PTR(-ECONNREFUSED); + if (!hdev->le_mtu && hdev->acl_mtu < HCI_MIN_LE_MTU) + return ERR_PTR(-ECONNREFUSED); + break; + case SCO_LINK: + case ESCO_LINK: + if (!hdev->sco_pkts) + /* Controller does not support SCO or eSCO over HCI */ + return ERR_PTR(-ECONNREFUSED); + break; + default: + return ERR_PTR(-ECONNREFUSED); + } + bt_dev_dbg(hdev, "dst %pMR handle 0x%4.4x", dst, handle); conn = kzalloc(sizeof(*conn), GFP_KERNEL); if (!conn) - return NULL; + return ERR_PTR(-ENOMEM); bacpy(&conn->dst, dst); bacpy(&conn->src, &hdev->bdaddr); @@ -939,10 +965,12 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, switch (type) { case ACL_LINK: conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; + conn->mtu = hdev->acl_mtu; break; case LE_LINK: /* conn->src should reflect the local identity address */ hci_copy_identity_address(hdev, &conn->src, &conn->src_type); + conn->mtu = hdev->le_mtu ? hdev->le_mtu : hdev->acl_mtu; break; case ISO_LINK: /* conn->src should reflect the local identity address */ @@ -954,6 +982,8 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, else if (conn->role == HCI_ROLE_MASTER) conn->cleanup = cis_cleanup; + conn->mtu = hdev->iso_mtu ? hdev->iso_mtu : + hdev->le_mtu ? hdev->le_mtu : hdev->acl_mtu; break; case SCO_LINK: if (lmp_esco_capable(hdev)) @@ -961,9 +991,12 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, (hdev->esco_type & EDR_ESCO_MASK); else conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; + + conn->mtu = hdev->sco_mtu; break; case ESCO_LINK: conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; + conn->mtu = hdev->sco_mtu; break; } @@ -1006,7 +1039,7 @@ struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, handle = hci_conn_hash_alloc_unset(hdev); if (unlikely(handle < 0)) - return NULL; + return ERR_PTR(-ECONNREFUSED); return hci_conn_add(hdev, type, dst, role, handle); } @@ -1312,8 +1345,8 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, bacpy(&conn->dst, dst); } else { conn = hci_conn_add_unset(hdev, LE_LINK, dst, role); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; hci_conn_hold(conn); conn->pending_sec_level = sec_level; } @@ -1489,8 +1522,8 @@ static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst, return ERR_PTR(-EADDRINUSE); conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; conn->state = BT_CONNECT; @@ -1533,8 +1566,8 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, BT_DBG("requesting refresh of dst_addr"); conn = hci_conn_add_unset(hdev, LE_LINK, dst, HCI_ROLE_MASTER); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) { hci_conn_del(conn); @@ -1581,8 +1614,8 @@ struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); if (!acl) { acl = hci_conn_add_unset(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); - if (!acl) - return ERR_PTR(-ENOMEM); + if (IS_ERR(acl)) + return acl; } hci_conn_hold(acl); @@ -1650,9 +1683,9 @@ struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, sco = hci_conn_hash_lookup_ba(hdev, type, dst); if (!sco) { sco = hci_conn_add_unset(hdev, type, dst, HCI_ROLE_MASTER); - if (!sco) { + if (IS_ERR(sco)) { hci_conn_drop(acl); - return ERR_PTR(-ENOMEM); + return sco; } } @@ -1841,8 +1874,8 @@ struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst, qos->ucast.cis); if (!cis) { cis = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); - if (!cis) - return ERR_PTR(-ENOMEM); + if (IS_ERR(cis)) + return cis; cis->cleanup = cis_cleanup; cis->dst_type = dst_type; cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET; @@ -1977,14 +2010,8 @@ static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn, struct bt_iso_io_qos *qos, __u8 phy) { /* Only set MTU if PHY is enabled */ - if (!qos->sdu && qos->phy) { - if (hdev->iso_mtu > 0) - qos->sdu = hdev->iso_mtu; - else if (hdev->le_mtu > 0) - qos->sdu = hdev->le_mtu; - else - qos->sdu = hdev->acl_mtu; - } + if (!qos->sdu && qos->phy) + qos->sdu = conn->mtu; /* Use the same PHY as ACL if set to any */ if (qos->phy == BT_ISO_PHY_ANY) @@ -2065,8 +2092,8 @@ struct hci_conn *hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, return ERR_PTR(-EBUSY); conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_SLAVE); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; conn->iso_qos = *qos; conn->state = BT_LISTEN; diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 122a6a9092e0..97c6f34ba640 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -954,6 +954,9 @@ static u8 hci_cc_read_buffer_size(struct hci_dev *hdev, void *data, BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu, hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts); + if (!hdev->acl_mtu || !hdev->acl_pkts) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -1263,6 +1266,9 @@ static u8 hci_cc_le_read_buffer_size(struct hci_dev *hdev, void *data, BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts); + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -2341,8 +2347,8 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) if (!conn) { conn = hci_conn_add_unset(hdev, ACL_LINK, &cp->bdaddr, HCI_ROLE_MASTER); - if (!conn) - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); } } @@ -3153,8 +3159,8 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, void *data, BDADDR_BREDR)) { conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, HCI_ROLE_SLAVE); - if (!conn) { - bt_dev_err(hdev, "no memory for new conn"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } } else { @@ -3342,8 +3348,8 @@ static void hci_conn_request_evt(struct hci_dev *hdev, void *data, if (!conn) { conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, HCI_ROLE_SLAVE); - if (!conn) { - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } } @@ -3820,6 +3826,9 @@ static u8 hci_cc_le_read_buffer_size_v2(struct hci_dev *hdev, void *data, BT_DBG("%s acl mtu %d:%d iso mtu %d:%d", hdev->name, hdev->acl_mtu, hdev->acl_pkts, hdev->iso_mtu, hdev->iso_pkts); + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -5768,8 +5777,8 @@ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status, goto unlock; conn = hci_conn_add_unset(hdev, LE_LINK, bdaddr, role); - if (!conn) { - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } @@ -6497,7 +6506,7 @@ static void hci_le_pa_sync_estabilished_evt(struct hci_dev *hdev, void *data, pa_sync = hci_conn_add_unset(hdev, ISO_LINK, BDADDR_ANY, HCI_ROLE_SLAVE); - if (!pa_sync) + if (IS_ERR(pa_sync)) goto unlock; pa_sync->sync_handle = le16_to_cpu(ev->handle); @@ -6921,7 +6930,7 @@ static void hci_le_cis_req_evt(struct hci_dev *hdev, void *data, if (!cis) { cis = hci_conn_add(hdev, ISO_LINK, &acl->dst, HCI_ROLE_SLAVE, cis_handle); - if (!cis) { + if (IS_ERR(cis)) { hci_le_reject_cis(hdev, ev->cis_handle); goto unlock; } @@ -7030,7 +7039,7 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data, if (!bis) { bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY, HCI_ROLE_SLAVE, handle); - if (!bis) + if (IS_ERR(bis)) continue; } diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index d0ef7290e5b7..00c0d8413c63 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -1258,7 +1258,7 @@ static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, return -ENOTCONN; } - mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu; + mtu = iso_pi(sk)->conn->hcon->mtu; release_sock(sk); diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 443423538a4c..adc8f990f13e 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -6264,7 +6264,7 @@ static int l2cap_finish_move(struct l2cap_chan *chan) BT_DBG("chan %p", chan); chan->rx_state = L2CAP_RX_STATE_RECV; - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; + chan->conn->mtu = chan->conn->hcon->mtu; return l2cap_resegment(chan); } @@ -6331,7 +6331,7 @@ static int l2cap_rx_state_wait_f(struct l2cap_chan *chan, */ chan->next_tx_seq = control->reqseq; chan->unacked_frames = 0; - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; + chan->conn->mtu = chan->conn->hcon->mtu; err = l2cap_resegment(chan); @@ -6889,18 +6889,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon) BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); - switch (hcon->type) { - case LE_LINK: - if (hcon->hdev->le_mtu) { - conn->mtu = hcon->hdev->le_mtu; - break; - } - fallthrough; - default: - conn->mtu = hcon->hdev->acl_mtu; - break; - } - + conn->mtu = hcon->mtu; conn->feat_mask = 0; conn->local_fixed_chan = L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS; diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index e0ad30862ee4..71d36582d4ef 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c @@ -126,7 +126,6 @@ static void sco_sock_clear_timer(struct sock *sk) /* ---- SCO connections ---- */ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) { - struct hci_dev *hdev = hcon->hdev; struct sco_conn *conn = hcon->sco_data; if (conn) { @@ -144,9 +143,10 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) hcon->sco_data = conn; conn->hcon = hcon; + conn->mtu = hcon->mtu; - if (hdev->sco_mtu > 0) - conn->mtu = hdev->sco_mtu; + if (hcon->mtu > 0) + conn->mtu = hcon->mtu; else conn->mtu = 60;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a5b862c6a221459d54e494e88965b48dcfa6cc44 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052302-extruding-handwrite-a645@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5b862c6a221459d54e494e88965b48dcfa6cc44 Mon Sep 17 00:00:00 2001 From: Sungwoo Kim <iam(a)sung-woo.kim> Date: Sat, 4 May 2024 15:23:29 -0400 Subject: [PATCH] Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to validate MTU and stop the connection process earlier if MTU is invalid. Also, add a missing validation in read_buffer_size() and make it return an error value if the validation fails. Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a kzalloc failure and invalid MTU value. divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci0 hci_rx_work RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547 Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c 89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42 RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246 RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084 R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000 FS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline] l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline] l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809 l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506 hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline] hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335 worker_thread+0x926/0xe70 kernel/workqueue.c:3416 kthread+0x2e3/0x380 kernel/kthread.c:388 ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- Fixes: 6ed58ec520ad ("Bluetooth: Use LE buffers for LE traffic") Suggested-by: Luiz Augusto von Dentz <luiz.dentz(a)gmail.com> Signed-off-by: Sungwoo Kim <iam(a)sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index 21ebd70f3dcc..de530262d824 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -1665,6 +1665,15 @@ struct hci_cp_le_set_event_mask { __u8 mask[8]; } __packed; +/* BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 4, Part E + * 7.8.2 LE Read Buffer Size command + * MAX_LE_MTU is 0xffff. + * 0 is also valid. It means that no dedicated LE Buffer exists. + * It should use the HCI_Read_Buffer_Size command and mtu is shared + * between BR/EDR and LE. + */ +#define HCI_MIN_LE_MTU 0x001b + #define HCI_OP_LE_READ_BUFFER_SIZE 0x2002 struct hci_rp_le_read_buffer_size { __u8 status; diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 2283d12ee358..be012f393bcb 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -706,6 +706,7 @@ struct hci_conn { __u16 handle; __u16 sync_handle; __u16 state; + __u16 mtu; __u8 mode; __u8 type; __u8 role; diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index b7f8e99001dd..f21e7c73021d 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -904,11 +904,37 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, { struct hci_conn *conn; + switch (type) { + case ACL_LINK: + if (!hdev->acl_mtu) + return ERR_PTR(-ECONNREFUSED); + break; + case ISO_LINK: + if (hdev->iso_mtu) + /* Dedicated ISO Buffer exists */ + break; + fallthrough; + case LE_LINK: + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return ERR_PTR(-ECONNREFUSED); + if (!hdev->le_mtu && hdev->acl_mtu < HCI_MIN_LE_MTU) + return ERR_PTR(-ECONNREFUSED); + break; + case SCO_LINK: + case ESCO_LINK: + if (!hdev->sco_pkts) + /* Controller does not support SCO or eSCO over HCI */ + return ERR_PTR(-ECONNREFUSED); + break; + default: + return ERR_PTR(-ECONNREFUSED); + } + bt_dev_dbg(hdev, "dst %pMR handle 0x%4.4x", dst, handle); conn = kzalloc(sizeof(*conn), GFP_KERNEL); if (!conn) - return NULL; + return ERR_PTR(-ENOMEM); bacpy(&conn->dst, dst); bacpy(&conn->src, &hdev->bdaddr); @@ -939,10 +965,12 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, switch (type) { case ACL_LINK: conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; + conn->mtu = hdev->acl_mtu; break; case LE_LINK: /* conn->src should reflect the local identity address */ hci_copy_identity_address(hdev, &conn->src, &conn->src_type); + conn->mtu = hdev->le_mtu ? hdev->le_mtu : hdev->acl_mtu; break; case ISO_LINK: /* conn->src should reflect the local identity address */ @@ -954,6 +982,8 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, else if (conn->role == HCI_ROLE_MASTER) conn->cleanup = cis_cleanup; + conn->mtu = hdev->iso_mtu ? hdev->iso_mtu : + hdev->le_mtu ? hdev->le_mtu : hdev->acl_mtu; break; case SCO_LINK: if (lmp_esco_capable(hdev)) @@ -961,9 +991,12 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, (hdev->esco_type & EDR_ESCO_MASK); else conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; + + conn->mtu = hdev->sco_mtu; break; case ESCO_LINK: conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; + conn->mtu = hdev->sco_mtu; break; } @@ -1006,7 +1039,7 @@ struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, handle = hci_conn_hash_alloc_unset(hdev); if (unlikely(handle < 0)) - return NULL; + return ERR_PTR(-ECONNREFUSED); return hci_conn_add(hdev, type, dst, role, handle); } @@ -1312,8 +1345,8 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, bacpy(&conn->dst, dst); } else { conn = hci_conn_add_unset(hdev, LE_LINK, dst, role); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; hci_conn_hold(conn); conn->pending_sec_level = sec_level; } @@ -1489,8 +1522,8 @@ static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst, return ERR_PTR(-EADDRINUSE); conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; conn->state = BT_CONNECT; @@ -1533,8 +1566,8 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, BT_DBG("requesting refresh of dst_addr"); conn = hci_conn_add_unset(hdev, LE_LINK, dst, HCI_ROLE_MASTER); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) { hci_conn_del(conn); @@ -1581,8 +1614,8 @@ struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); if (!acl) { acl = hci_conn_add_unset(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); - if (!acl) - return ERR_PTR(-ENOMEM); + if (IS_ERR(acl)) + return acl; } hci_conn_hold(acl); @@ -1650,9 +1683,9 @@ struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, sco = hci_conn_hash_lookup_ba(hdev, type, dst); if (!sco) { sco = hci_conn_add_unset(hdev, type, dst, HCI_ROLE_MASTER); - if (!sco) { + if (IS_ERR(sco)) { hci_conn_drop(acl); - return ERR_PTR(-ENOMEM); + return sco; } } @@ -1841,8 +1874,8 @@ struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst, qos->ucast.cis); if (!cis) { cis = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); - if (!cis) - return ERR_PTR(-ENOMEM); + if (IS_ERR(cis)) + return cis; cis->cleanup = cis_cleanup; cis->dst_type = dst_type; cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET; @@ -1977,14 +2010,8 @@ static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn, struct bt_iso_io_qos *qos, __u8 phy) { /* Only set MTU if PHY is enabled */ - if (!qos->sdu && qos->phy) { - if (hdev->iso_mtu > 0) - qos->sdu = hdev->iso_mtu; - else if (hdev->le_mtu > 0) - qos->sdu = hdev->le_mtu; - else - qos->sdu = hdev->acl_mtu; - } + if (!qos->sdu && qos->phy) + qos->sdu = conn->mtu; /* Use the same PHY as ACL if set to any */ if (qos->phy == BT_ISO_PHY_ANY) @@ -2065,8 +2092,8 @@ struct hci_conn *hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, return ERR_PTR(-EBUSY); conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_SLAVE); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; conn->iso_qos = *qos; conn->state = BT_LISTEN; diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 122a6a9092e0..97c6f34ba640 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -954,6 +954,9 @@ static u8 hci_cc_read_buffer_size(struct hci_dev *hdev, void *data, BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu, hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts); + if (!hdev->acl_mtu || !hdev->acl_pkts) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -1263,6 +1266,9 @@ static u8 hci_cc_le_read_buffer_size(struct hci_dev *hdev, void *data, BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts); + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -2341,8 +2347,8 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) if (!conn) { conn = hci_conn_add_unset(hdev, ACL_LINK, &cp->bdaddr, HCI_ROLE_MASTER); - if (!conn) - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); } } @@ -3153,8 +3159,8 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, void *data, BDADDR_BREDR)) { conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, HCI_ROLE_SLAVE); - if (!conn) { - bt_dev_err(hdev, "no memory for new conn"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } } else { @@ -3342,8 +3348,8 @@ static void hci_conn_request_evt(struct hci_dev *hdev, void *data, if (!conn) { conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, HCI_ROLE_SLAVE); - if (!conn) { - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } } @@ -3820,6 +3826,9 @@ static u8 hci_cc_le_read_buffer_size_v2(struct hci_dev *hdev, void *data, BT_DBG("%s acl mtu %d:%d iso mtu %d:%d", hdev->name, hdev->acl_mtu, hdev->acl_pkts, hdev->iso_mtu, hdev->iso_pkts); + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -5768,8 +5777,8 @@ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status, goto unlock; conn = hci_conn_add_unset(hdev, LE_LINK, bdaddr, role); - if (!conn) { - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } @@ -6497,7 +6506,7 @@ static void hci_le_pa_sync_estabilished_evt(struct hci_dev *hdev, void *data, pa_sync = hci_conn_add_unset(hdev, ISO_LINK, BDADDR_ANY, HCI_ROLE_SLAVE); - if (!pa_sync) + if (IS_ERR(pa_sync)) goto unlock; pa_sync->sync_handle = le16_to_cpu(ev->handle); @@ -6921,7 +6930,7 @@ static void hci_le_cis_req_evt(struct hci_dev *hdev, void *data, if (!cis) { cis = hci_conn_add(hdev, ISO_LINK, &acl->dst, HCI_ROLE_SLAVE, cis_handle); - if (!cis) { + if (IS_ERR(cis)) { hci_le_reject_cis(hdev, ev->cis_handle); goto unlock; } @@ -7030,7 +7039,7 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data, if (!bis) { bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY, HCI_ROLE_SLAVE, handle); - if (!bis) + if (IS_ERR(bis)) continue; } diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index d0ef7290e5b7..00c0d8413c63 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -1258,7 +1258,7 @@ static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, return -ENOTCONN; } - mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu; + mtu = iso_pi(sk)->conn->hcon->mtu; release_sock(sk); diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 443423538a4c..adc8f990f13e 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -6264,7 +6264,7 @@ static int l2cap_finish_move(struct l2cap_chan *chan) BT_DBG("chan %p", chan); chan->rx_state = L2CAP_RX_STATE_RECV; - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; + chan->conn->mtu = chan->conn->hcon->mtu; return l2cap_resegment(chan); } @@ -6331,7 +6331,7 @@ static int l2cap_rx_state_wait_f(struct l2cap_chan *chan, */ chan->next_tx_seq = control->reqseq; chan->unacked_frames = 0; - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; + chan->conn->mtu = chan->conn->hcon->mtu; err = l2cap_resegment(chan); @@ -6889,18 +6889,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon) BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); - switch (hcon->type) { - case LE_LINK: - if (hcon->hdev->le_mtu) { - conn->mtu = hcon->hdev->le_mtu; - break; - } - fallthrough; - default: - conn->mtu = hcon->hdev->acl_mtu; - break; - } - + conn->mtu = hcon->mtu; conn->feat_mask = 0; conn->local_fixed_chan = L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS; diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index e0ad30862ee4..71d36582d4ef 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c @@ -126,7 +126,6 @@ static void sco_sock_clear_timer(struct sock *sk) /* ---- SCO connections ---- */ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) { - struct hci_dev *hdev = hcon->hdev; struct sco_conn *conn = hcon->sco_data; if (conn) { @@ -144,9 +143,10 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) hcon->sco_data = conn; conn->hcon = hcon; + conn->mtu = hcon->mtu; - if (hdev->sco_mtu > 0) - conn->mtu = hdev->sco_mtu; + if (hcon->mtu > 0) + conn->mtu = hcon->mtu; else conn->mtu = 60;

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a5b862c6a221459d54e494e88965b48dcfa6cc44 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052300-result-carpool-a71a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a5b862c6a221459d54e494e88965b48dcfa6cc44 Mon Sep 17 00:00:00 2001 From: Sungwoo Kim <iam(a)sung-woo.kim> Date: Sat, 4 May 2024 15:23:29 -0400 Subject: [PATCH] Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to validate MTU and stop the connection process earlier if MTU is invalid. Also, add a missing validation in read_buffer_size() and make it return an error value if the validation fails. Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a kzalloc failure and invalid MTU value. divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci0 hci_rx_work RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547 Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c 89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42 RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246 RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084 R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000 FS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline] l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline] l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline] l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809 l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506 hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline] hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335 worker_thread+0x926/0xe70 kernel/workqueue.c:3416 kthread+0x2e3/0x380 kernel/kthread.c:388 ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- Fixes: 6ed58ec520ad ("Bluetooth: Use LE buffers for LE traffic") Suggested-by: Luiz Augusto von Dentz <luiz.dentz(a)gmail.com> Signed-off-by: Sungwoo Kim <iam(a)sung-woo.kim> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index 21ebd70f3dcc..de530262d824 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -1665,6 +1665,15 @@ struct hci_cp_le_set_event_mask { __u8 mask[8]; } __packed; +/* BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 4, Part E + * 7.8.2 LE Read Buffer Size command + * MAX_LE_MTU is 0xffff. + * 0 is also valid. It means that no dedicated LE Buffer exists. + * It should use the HCI_Read_Buffer_Size command and mtu is shared + * between BR/EDR and LE. + */ +#define HCI_MIN_LE_MTU 0x001b + #define HCI_OP_LE_READ_BUFFER_SIZE 0x2002 struct hci_rp_le_read_buffer_size { __u8 status; diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 2283d12ee358..be012f393bcb 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -706,6 +706,7 @@ struct hci_conn { __u16 handle; __u16 sync_handle; __u16 state; + __u16 mtu; __u8 mode; __u8 type; __u8 role; diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index b7f8e99001dd..f21e7c73021d 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -904,11 +904,37 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, { struct hci_conn *conn; + switch (type) { + case ACL_LINK: + if (!hdev->acl_mtu) + return ERR_PTR(-ECONNREFUSED); + break; + case ISO_LINK: + if (hdev->iso_mtu) + /* Dedicated ISO Buffer exists */ + break; + fallthrough; + case LE_LINK: + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return ERR_PTR(-ECONNREFUSED); + if (!hdev->le_mtu && hdev->acl_mtu < HCI_MIN_LE_MTU) + return ERR_PTR(-ECONNREFUSED); + break; + case SCO_LINK: + case ESCO_LINK: + if (!hdev->sco_pkts) + /* Controller does not support SCO or eSCO over HCI */ + return ERR_PTR(-ECONNREFUSED); + break; + default: + return ERR_PTR(-ECONNREFUSED); + } + bt_dev_dbg(hdev, "dst %pMR handle 0x%4.4x", dst, handle); conn = kzalloc(sizeof(*conn), GFP_KERNEL); if (!conn) - return NULL; + return ERR_PTR(-ENOMEM); bacpy(&conn->dst, dst); bacpy(&conn->src, &hdev->bdaddr); @@ -939,10 +965,12 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, switch (type) { case ACL_LINK: conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK; + conn->mtu = hdev->acl_mtu; break; case LE_LINK: /* conn->src should reflect the local identity address */ hci_copy_identity_address(hdev, &conn->src, &conn->src_type); + conn->mtu = hdev->le_mtu ? hdev->le_mtu : hdev->acl_mtu; break; case ISO_LINK: /* conn->src should reflect the local identity address */ @@ -954,6 +982,8 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, else if (conn->role == HCI_ROLE_MASTER) conn->cleanup = cis_cleanup; + conn->mtu = hdev->iso_mtu ? hdev->iso_mtu : + hdev->le_mtu ? hdev->le_mtu : hdev->acl_mtu; break; case SCO_LINK: if (lmp_esco_capable(hdev)) @@ -961,9 +991,12 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst, (hdev->esco_type & EDR_ESCO_MASK); else conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK; + + conn->mtu = hdev->sco_mtu; break; case ESCO_LINK: conn->pkt_type = hdev->esco_type & ~EDR_ESCO_MASK; + conn->mtu = hdev->sco_mtu; break; } @@ -1006,7 +1039,7 @@ struct hci_conn *hci_conn_add_unset(struct hci_dev *hdev, int type, handle = hci_conn_hash_alloc_unset(hdev); if (unlikely(handle < 0)) - return NULL; + return ERR_PTR(-ECONNREFUSED); return hci_conn_add(hdev, type, dst, role, handle); } @@ -1312,8 +1345,8 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, bacpy(&conn->dst, dst); } else { conn = hci_conn_add_unset(hdev, LE_LINK, dst, role); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; hci_conn_hold(conn); conn->pending_sec_level = sec_level; } @@ -1489,8 +1522,8 @@ static struct hci_conn *hci_add_bis(struct hci_dev *hdev, bdaddr_t *dst, return ERR_PTR(-EADDRINUSE); conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; conn->state = BT_CONNECT; @@ -1533,8 +1566,8 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, BT_DBG("requesting refresh of dst_addr"); conn = hci_conn_add_unset(hdev, LE_LINK, dst, HCI_ROLE_MASTER); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; if (hci_explicit_conn_params_set(hdev, dst, dst_type) < 0) { hci_conn_del(conn); @@ -1581,8 +1614,8 @@ struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); if (!acl) { acl = hci_conn_add_unset(hdev, ACL_LINK, dst, HCI_ROLE_MASTER); - if (!acl) - return ERR_PTR(-ENOMEM); + if (IS_ERR(acl)) + return acl; } hci_conn_hold(acl); @@ -1650,9 +1683,9 @@ struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, sco = hci_conn_hash_lookup_ba(hdev, type, dst); if (!sco) { sco = hci_conn_add_unset(hdev, type, dst, HCI_ROLE_MASTER); - if (!sco) { + if (IS_ERR(sco)) { hci_conn_drop(acl); - return ERR_PTR(-ENOMEM); + return sco; } } @@ -1841,8 +1874,8 @@ struct hci_conn *hci_bind_cis(struct hci_dev *hdev, bdaddr_t *dst, qos->ucast.cis); if (!cis) { cis = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_MASTER); - if (!cis) - return ERR_PTR(-ENOMEM); + if (IS_ERR(cis)) + return cis; cis->cleanup = cis_cleanup; cis->dst_type = dst_type; cis->iso_qos.ucast.cig = BT_ISO_QOS_CIG_UNSET; @@ -1977,14 +2010,8 @@ static void hci_iso_qos_setup(struct hci_dev *hdev, struct hci_conn *conn, struct bt_iso_io_qos *qos, __u8 phy) { /* Only set MTU if PHY is enabled */ - if (!qos->sdu && qos->phy) { - if (hdev->iso_mtu > 0) - qos->sdu = hdev->iso_mtu; - else if (hdev->le_mtu > 0) - qos->sdu = hdev->le_mtu; - else - qos->sdu = hdev->acl_mtu; - } + if (!qos->sdu && qos->phy) + qos->sdu = conn->mtu; /* Use the same PHY as ACL if set to any */ if (qos->phy == BT_ISO_PHY_ANY) @@ -2065,8 +2092,8 @@ struct hci_conn *hci_pa_create_sync(struct hci_dev *hdev, bdaddr_t *dst, return ERR_PTR(-EBUSY); conn = hci_conn_add_unset(hdev, ISO_LINK, dst, HCI_ROLE_SLAVE); - if (!conn) - return ERR_PTR(-ENOMEM); + if (IS_ERR(conn)) + return conn; conn->iso_qos = *qos; conn->state = BT_LISTEN; diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 122a6a9092e0..97c6f34ba640 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -954,6 +954,9 @@ static u8 hci_cc_read_buffer_size(struct hci_dev *hdev, void *data, BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu, hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts); + if (!hdev->acl_mtu || !hdev->acl_pkts) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -1263,6 +1266,9 @@ static u8 hci_cc_le_read_buffer_size(struct hci_dev *hdev, void *data, BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts); + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -2341,8 +2347,8 @@ static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status) if (!conn) { conn = hci_conn_add_unset(hdev, ACL_LINK, &cp->bdaddr, HCI_ROLE_MASTER); - if (!conn) - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); } } @@ -3153,8 +3159,8 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, void *data, BDADDR_BREDR)) { conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, HCI_ROLE_SLAVE); - if (!conn) { - bt_dev_err(hdev, "no memory for new conn"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } } else { @@ -3342,8 +3348,8 @@ static void hci_conn_request_evt(struct hci_dev *hdev, void *data, if (!conn) { conn = hci_conn_add_unset(hdev, ev->link_type, &ev->bdaddr, HCI_ROLE_SLAVE); - if (!conn) { - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } } @@ -3820,6 +3826,9 @@ static u8 hci_cc_le_read_buffer_size_v2(struct hci_dev *hdev, void *data, BT_DBG("%s acl mtu %d:%d iso mtu %d:%d", hdev->name, hdev->acl_mtu, hdev->acl_pkts, hdev->iso_mtu, hdev->iso_pkts); + if (hdev->le_mtu && hdev->le_mtu < HCI_MIN_LE_MTU) + return HCI_ERROR_INVALID_PARAMETERS; + return rp->status; } @@ -5768,8 +5777,8 @@ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status, goto unlock; conn = hci_conn_add_unset(hdev, LE_LINK, bdaddr, role); - if (!conn) { - bt_dev_err(hdev, "no memory for new connection"); + if (IS_ERR(conn)) { + bt_dev_err(hdev, "connection err: %ld", PTR_ERR(conn)); goto unlock; } @@ -6497,7 +6506,7 @@ static void hci_le_pa_sync_estabilished_evt(struct hci_dev *hdev, void *data, pa_sync = hci_conn_add_unset(hdev, ISO_LINK, BDADDR_ANY, HCI_ROLE_SLAVE); - if (!pa_sync) + if (IS_ERR(pa_sync)) goto unlock; pa_sync->sync_handle = le16_to_cpu(ev->handle); @@ -6921,7 +6930,7 @@ static void hci_le_cis_req_evt(struct hci_dev *hdev, void *data, if (!cis) { cis = hci_conn_add(hdev, ISO_LINK, &acl->dst, HCI_ROLE_SLAVE, cis_handle); - if (!cis) { + if (IS_ERR(cis)) { hci_le_reject_cis(hdev, ev->cis_handle); goto unlock; } @@ -7030,7 +7039,7 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data, if (!bis) { bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY, HCI_ROLE_SLAVE, handle); - if (!bis) + if (IS_ERR(bis)) continue; } diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index d0ef7290e5b7..00c0d8413c63 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -1258,7 +1258,7 @@ static int iso_sock_sendmsg(struct socket *sock, struct msghdr *msg, return -ENOTCONN; } - mtu = iso_pi(sk)->conn->hcon->hdev->iso_mtu; + mtu = iso_pi(sk)->conn->hcon->mtu; release_sock(sk); diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 443423538a4c..adc8f990f13e 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -6264,7 +6264,7 @@ static int l2cap_finish_move(struct l2cap_chan *chan) BT_DBG("chan %p", chan); chan->rx_state = L2CAP_RX_STATE_RECV; - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; + chan->conn->mtu = chan->conn->hcon->mtu; return l2cap_resegment(chan); } @@ -6331,7 +6331,7 @@ static int l2cap_rx_state_wait_f(struct l2cap_chan *chan, */ chan->next_tx_seq = control->reqseq; chan->unacked_frames = 0; - chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu; + chan->conn->mtu = chan->conn->hcon->mtu; err = l2cap_resegment(chan); @@ -6889,18 +6889,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon) BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); - switch (hcon->type) { - case LE_LINK: - if (hcon->hdev->le_mtu) { - conn->mtu = hcon->hdev->le_mtu; - break; - } - fallthrough; - default: - conn->mtu = hcon->hdev->acl_mtu; - break; - } - + conn->mtu = hcon->mtu; conn->feat_mask = 0; conn->local_fixed_chan = L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS; diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c index e0ad30862ee4..71d36582d4ef 100644 --- a/net/bluetooth/sco.c +++ b/net/bluetooth/sco.c @@ -126,7 +126,6 @@ static void sco_sock_clear_timer(struct sock *sk) /* ---- SCO connections ---- */ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) { - struct hci_dev *hdev = hcon->hdev; struct sco_conn *conn = hcon->sco_data; if (conn) { @@ -144,9 +143,10 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon) hcon->sco_data = conn; conn->hcon = hcon; + conn->mtu = hcon->mtu; - if (hdev->sco_mtu > 0) - conn->mtu = hdev->sco_mtu; + if (hcon->mtu > 0) + conn->mtu = hcon->mtu; else conn->mtu = 60;

11 months, 2 weeks

1
0
0 0

Re: 回复: backport a patch for Linux kernel-5.15 kernel-6.1 kenrel-6.6 stable tree

by Greg KH

On Thu, May 23, 2024 at 06:41:04AM +0000, Lin Gui (桂林) wrote: > Dear @Greg KH<mailto:gregkh@linuxfoundation.org>, > > > What is the git id of it in Linus's tree? > [MTK] > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/d… > > > author Mengqi Zhang <mengqi.zhang(a)mediatek.com> 2023-12-25 17:38:40 +0800 > committer Ulf Hansson <ulf.hansson(a)linaro.org> 2024-01-02 17:54:05 +0100 > commit 77e01b49e35f24ebd1659096d5fc5c3b75975545 (patch) > tree 02a13063666685bc7061b46183fc45298b2dc9f4 /drivers/mmc/core/mmc.c > parent 09f164d393a6671e5ff8342ba6b3cb7fe3f20208 (diff) > download linux-77e01b49e35f24ebd1659096d5fc5c3b75975545.tar.gz > mmc: core: Add HS400 tuning in HS400es initialization > During the initialization to HS400es stage, add a HS400 tuning flow as an > optional process. For Mediatek IP, the HS400es mode requires a specific > tuning to ensure the correct HS400 timing setting. > > Signed-off-by: Mengqi Zhang <mengqi.zhang(a)mediatek.com> > Link: https://lore.kernel.org/r/20231225093839.22931-2-mengqi.zhang@mediatek.com > Signed-off-by: Ulf Hansson ulf.hansson(a)linaro.org<mailto:ulf.hansson@linaro.org> I don't understand, why does this qualify as a stable patch? The changes says this is "optional", which means the device should work just fine without it, right? Is this a regression fix from something that previously used to work properly? You have read: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html right? thanks, greg k-h

11 months, 2 weeks

1
0
0 0

[PATCH 5.10] x86/xen: Drop USERGS_SYSRET64 paravirt call

by Pawan Gupta

From: Juergen Gross <jgross(a)suse.com> commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as there is no sysret PV hypercall defined. So instead of testing all the prerequisites for doing a sysret and then mangling the stack for Xen PV again for doing an iret just use the iret exit from the beginning. This can easily be done via an ALTERNATIVE like it is done for the sysenter compat case already. It should be noted that this drops the optimization in Xen for not restoring a few registers when returning to user mode, but it seems as if the saved instructions in the kernel more than compensate for this drop (a kernel build in a Xen PV guest was slightly faster with this patch applied). While at it remove the stale sysret32 remnants. [ pawan: Brad Spengler and Salvatore Bonaccorso <carnil(a)debian.org> reported a problem with the 5.10 backport commit edc702b4a820 ("x86/entry_64: Add VERW just before userspace transition"). When CONFIG_PARAVIRT_XXL=y, CLEAR_CPU_BUFFERS is not executed in syscall_return_via_sysret path as USERGS_SYSRET64 is runtime patched to: .cpu_usergs_sysret64 = { 0x0f, 0x01, 0xf8, 0x48, 0x0f, 0x07 }, // swapgs; sysretq which is missing CLEAR_CPU_BUFFERS. It turns out dropping USERGS_SYSRET64 simplifies the code, allowing CLEAR_CPU_BUFFERS to be explicitly added to syscall_return_via_sysret path. Below is with CONFIG_PARAVIRT_XXL=y and this patch applied: syscall_return_via_sysret: ... <+342>: swapgs <+345>: xchg %ax,%ax <+347>: verw -0x1a2(%rip) <------ <+354>: sysretq ] Signed-off-by: Juergen Gross <jgross(a)suse.com> Signed-off-by: Borislav Petkov <bp(a)suse.de> Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lkml.kernel.org/r/20210120135555.32594-6-jgross@suse.com --- arch/x86/entry/entry_64.S | 17 ++++++++--------- arch/x86/include/asm/irqflags.h | 7 ------- arch/x86/include/asm/paravirt.h | 5 ----- arch/x86/include/asm/paravirt_types.h | 8 -------- arch/x86/kernel/asm-offsets_64.c | 2 -- arch/x86/kernel/paravirt.c | 5 +---- arch/x86/kernel/paravirt_patch.c | 4 ---- arch/x86/xen/enlighten_pv.c | 1 - arch/x86/xen/xen-asm.S | 21 --------------------- arch/x86/xen/xen-ops.h | 2 -- 10 files changed, 9 insertions(+), 63 deletions(-) diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index 1631a9a1566e..bd785386d629 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -46,14 +46,6 @@ .code64 .section .entry.text, "ax" -#ifdef CONFIG_PARAVIRT_XXL -SYM_CODE_START(native_usergs_sysret64) - UNWIND_HINT_EMPTY - swapgs - sysretq -SYM_CODE_END(native_usergs_sysret64) -#endif /* CONFIG_PARAVIRT_XXL */ - /* * 64-bit SYSCALL instruction entry. Up to 6 arguments in registers. * @@ -128,7 +120,12 @@ SYM_INNER_LABEL(entry_SYSCALL_64_after_hwframe, SYM_L_GLOBAL) * Try to use SYSRET instead of IRET if we're returning to * a completely clean 64-bit userspace context. If we're not, * go to the slow exit path. + * In the Xen PV case we must use iret anyway. */ + + ALTERNATIVE "", "jmp swapgs_restore_regs_and_return_to_usermode", \ + X86_FEATURE_XENPV + movq RCX(%rsp), %rcx movq RIP(%rsp), %r11 @@ -220,7 +217,9 @@ syscall_return_via_sysret: popq %rdi popq %rsp - USERGS_SYSRET64 + swapgs + CLEAR_CPU_BUFFERS + sysretq SYM_CODE_END(entry_SYSCALL_64) /* diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index f40dea50dfbf..e585a4705b8d 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -132,13 +132,6 @@ static __always_inline unsigned long arch_local_irq_save(void) #endif #define INTERRUPT_RETURN jmp native_iret -#define USERGS_SYSRET64 \ - swapgs; \ - CLEAR_CPU_BUFFERS; \ - sysretq; -#define USERGS_SYSRET32 \ - swapgs; \ - sysretl #else #define INTERRUPT_RETURN iret diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index 4a32b0d34376..3c89c1f64871 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -776,11 +776,6 @@ extern void default_banner(void); #ifdef CONFIG_X86_64 #ifdef CONFIG_PARAVIRT_XXL -#define USERGS_SYSRET64 \ - PARA_SITE(PARA_PATCH(PV_CPU_usergs_sysret64), \ - ANNOTATE_RETPOLINE_SAFE; \ - jmp PARA_INDIRECT(pv_ops+PV_CPU_usergs_sysret64);) - #ifdef CONFIG_DEBUG_ENTRY #define SAVE_FLAGS(clobbers) \ PARA_SITE(PARA_PATCH(PV_IRQ_save_fl), \ diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index 903d71884fa2..55d8b7950e61 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -157,14 +157,6 @@ struct pv_cpu_ops { u64 (*read_pmc)(int counter); - /* - * Switch to usermode gs and return to 64-bit usermode using - * sysret. Only used in 64-bit kernels to return to 64-bit - * processes. Usermode register state, including %rsp, must - * already be restored. - */ - void (*usergs_sysret64)(void); - /* Normal iret. Jump to this with the standard iret stack frame set up. */ void (*iret)(void); diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c index 1354bc30614d..b14533af7676 100644 --- a/arch/x86/kernel/asm-offsets_64.c +++ b/arch/x86/kernel/asm-offsets_64.c @@ -13,8 +13,6 @@ int main(void) { #ifdef CONFIG_PARAVIRT #ifdef CONFIG_PARAVIRT_XXL - OFFSET(PV_CPU_usergs_sysret64, paravirt_patch_template, - cpu.usergs_sysret64); #ifdef CONFIG_DEBUG_ENTRY OFFSET(PV_IRQ_save_fl, paravirt_patch_template, irq.save_fl); #endif diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index f0e4ad8595ca..9d91061b862c 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -124,8 +124,7 @@ unsigned paravirt_patch_default(u8 type, void *insn_buff, else if (opfunc == _paravirt_ident_64) ret = paravirt_patch_ident_64(insn_buff, len); - else if (type == PARAVIRT_PATCH(cpu.iret) || - type == PARAVIRT_PATCH(cpu.usergs_sysret64)) + else if (type == PARAVIRT_PATCH(cpu.iret)) /* If operation requires a jmp, then jmp */ ret = paravirt_patch_jmp(insn_buff, opfunc, addr, len); #endif @@ -159,7 +158,6 @@ static u64 native_steal_clock(int cpu) /* These are in entry.S */ extern void native_iret(void); -extern void native_usergs_sysret64(void); static struct resource reserve_ioports = { .start = 0, @@ -299,7 +297,6 @@ struct paravirt_patch_template pv_ops = { .cpu.load_sp0 = native_load_sp0, - .cpu.usergs_sysret64 = native_usergs_sysret64, .cpu.iret = native_iret, #ifdef CONFIG_X86_IOPL_IOPERM diff --git a/arch/x86/kernel/paravirt_patch.c b/arch/x86/kernel/paravirt_patch.c index 7c518b08aa3c..2fada2c347c9 100644 --- a/arch/x86/kernel/paravirt_patch.c +++ b/arch/x86/kernel/paravirt_patch.c @@ -27,7 +27,6 @@ struct patch_xxl { const unsigned char mmu_write_cr3[3]; const unsigned char irq_restore_fl[2]; const unsigned char cpu_wbinvd[2]; - const unsigned char cpu_usergs_sysret64[6]; const unsigned char mov64[3]; }; @@ -40,8 +39,6 @@ static const struct patch_xxl patch_data_xxl = { .mmu_write_cr3 = { 0x0f, 0x22, 0xdf }, // mov %rdi, %cr3 .irq_restore_fl = { 0x57, 0x9d }, // push %rdi; popfq .cpu_wbinvd = { 0x0f, 0x09 }, // wbinvd - .cpu_usergs_sysret64 = { 0x0f, 0x01, 0xf8, - 0x48, 0x0f, 0x07 }, // swapgs; sysretq .mov64 = { 0x48, 0x89, 0xf8 }, // mov %rdi, %rax }; @@ -83,7 +80,6 @@ unsigned int native_patch(u8 type, void *insn_buff, unsigned long addr, PATCH_CASE(mmu, read_cr3, xxl, insn_buff, len); PATCH_CASE(mmu, write_cr3, xxl, insn_buff, len); - PATCH_CASE(cpu, usergs_sysret64, xxl, insn_buff, len); PATCH_CASE(cpu, wbinvd, xxl, insn_buff, len); #endif diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c index 94804670caab..b1efc4b4f42a 100644 --- a/arch/x86/xen/enlighten_pv.c +++ b/arch/x86/xen/enlighten_pv.c @@ -1059,7 +1059,6 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = { .read_pmc = xen_read_pmc, .iret = xen_iret, - .usergs_sysret64 = xen_sysret64, .load_tr_desc = paravirt_nop, .set_ldt = xen_set_ldt, diff --git a/arch/x86/xen/xen-asm.S b/arch/x86/xen/xen-asm.S index e3031afcb103..3a33713cf449 100644 --- a/arch/x86/xen/xen-asm.S +++ b/arch/x86/xen/xen-asm.S @@ -220,27 +220,6 @@ SYM_CODE_START(xen_iret) jmp hypercall_iret SYM_CODE_END(xen_iret) -SYM_CODE_START(xen_sysret64) - UNWIND_HINT_EMPTY - /* - * We're already on the usermode stack at this point, but - * still with the kernel gs, so we can easily switch back. - * - * tss.sp2 is scratch space. - */ - movq %rsp, PER_CPU_VAR(cpu_tss_rw + TSS_sp2) - movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp - - pushq $__USER_DS - pushq PER_CPU_VAR(cpu_tss_rw + TSS_sp2) - pushq %r11 - pushq $__USER_CS - pushq %rcx - - pushq $VGCF_in_syscall - jmp hypercall_iret -SYM_CODE_END(xen_sysret64) - /* * XEN pv doesn't use trampoline stack, PER_CPU_VAR(cpu_tss_rw + TSS_sp0) is * also the kernel stack. Reusing swapgs_restore_regs_and_return_to_usermode() diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h index 8695809b88f0..98242430d07e 100644 --- a/arch/x86/xen/xen-ops.h +++ b/arch/x86/xen/xen-ops.h @@ -138,8 +138,6 @@ __visible unsigned long xen_read_cr2_direct(void); /* These are not functions, and cannot be called normally */ __visible void xen_iret(void); -__visible void xen_sysret32(void); -__visible void xen_sysret64(void); extern int xen_panic_handler_init(void); --- base-commit: ce3838dbefdccfb95a63f81fe6cf77592ae9138c change-id: 20240522-verw-xen-pv-fix-e638729ac3ca Best regards, -- Thanks, Pawan

11 months, 2 weeks

2
1
0 0

backport a patch for Linux kernel-5.10 and 6.6 stable tree

by Lin Gui (桂林)

Hi reviewers, I suggest to backport a commit to Linux kernel-5.10 and 6.6 stable tree. 　　https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/d… author Lin Gui lin.gui(a)mediatek.com 2023-12-19 07:05:32 +0800 committer Ulf Hansson ulf.hansson(a)linaro.org 2024-01-02 17:54:05 +0100 commit e4df56ad0bf3506c5189abb9be83f3bea05a4c4f (patch) tree a5db3a85f44b29dd773c5c65c3340d50b74b6687 /drivers/mmc/core/mmc.c parent b062136d0d6f46d7ad5c88219cbd75f90cb18e81 (diff) download linux-e4df56ad0bf3506c5189abb9be83f3bea05a4c4f.tar.gz mmc: core: Add wp_grp_size sysfs node The eMMC card can be set into write-protected mode to prevent data from being accidentally modified or deleted. Wp_grp_size (Write Protect Group Size) refers to an attribute of the eMMC card, used to manage write protection and is the CSD register [36:32] of the eMMC device. Wp_grp_size (Write Protect Group Size) indicates how many eMMC blocks are contained in each write protection group on the eMMC card. To allow userspace easy access of the CSD register bits, let's add sysfs node "wp_grp_size". Signed-off-by: Lin Gui lin.gui(a)mediatek.com Signed-off-by: Bo Ye bo.ye(a)mediatek.com Reviewed-by: AngeloGioacchino Del Regno angelogioacchino.delregno(a)collabora.com Link: https://lore.kernel.org/r/20231218230532.82427-1-bo.ye@mediatek.com Signed-off-by: Ulf Hansson ulf.hansson(a)linaro.org ------------------------------------ Best Regards ！ Guilin ===================================== MediaTek(ChengDu)Inc. Email: mailto:lin.gui@mediatek.com tel:+86-28-85939000-67009 Fax:+86-28-85929875 ==============================================

11 months, 2 weeks

3
5
0 0

[PATCH] drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)

by Jacek Lawrynowicz

From: "Wachowski, Karol" <karol.wachowski(a)intel.com> Lack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap allows users to call mmap with PROT_WRITE and MAP_PRIVATE flag causing a kernel panic due to BUG_ON in vmf_insert_pfn_prot: BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags)); Return -EINVAL early if COW mapping is detected. This bug affects all drm drivers using default shmem helpers. It can be reproduced by this simple example: void *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset); ptr[0] = 0; Fixes: 2194a63a818d ("drm: Add library for shmem backed GEM objects") Cc: Noralf Trønnes <noralf(a)tronnes.org> Cc: Eric Anholt <eric(a)anholt.net> Cc: Rob Herring <robh(a)kernel.org> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.2+ Signed-off-by: Wachowski, Karol <karol.wachowski(a)intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/gpu/drm/drm_gem_shmem_helper.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c index 177773bcdbfd..885a62c2e1be 100644 --- a/drivers/gpu/drm/drm_gem_shmem_helper.c +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c @@ -611,6 +611,9 @@ int drm_gem_shmem_mmap(struct drm_gem_shmem_object *shmem, struct vm_area_struct return ret; } + if (is_cow_mapping(vma->vm_flags)) + return -EINVAL; + dma_resv_lock(shmem->base.resv, NULL); ret = drm_gem_shmem_get_pages(shmem); dma_resv_unlock(shmem->base.resv); -- 2.45.1

11 months, 2 weeks

2
3
0 0

[PATCH v2 4/4] tracefs: Clear EVENT_INODE flag in tracefs_drop_inode()

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> When the inode is being dropped from the dentry, the TRACEFS_EVENT_INODE flag needs to be cleared to prevent a remount from calling eventfs_remount() on the tracefs_inode private data. There's a race between the inode is dropped (and the dentry freed) to where the inode is actually freed. If a remount happens between the two, the eventfs_inode could be accessed after it is freed (only the dentry keeps a ref count on it). Currently the TRACEFS_EVENT_INODE flag is cleared from the dentry iput() function. But this is incorrect, as it is possible that the inode has another reference to it. The flag should only be cleared when the inode is really being dropped and has no more references. That happens in the drop_inode callback of the inode, as that gets called when the last reference of the inode is released. Remove the tracefs_d_iput() function and move its logic to the more appropriate tracefs_drop_inode() callback function. Cc: stable(a)vger.kernel.org Fixes: baa23a8d4360d ("tracefs: Reset permissions on remount if permissions are options") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/inode.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index 9252e0d78ea2..7c29f4afc23d 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -426,10 +426,26 @@ static int tracefs_show_options(struct seq_file *m, struct dentry *root) return 0; } +static int tracefs_drop_inode(struct inode *inode) +{ + struct tracefs_inode *ti = get_tracefs(inode); + + /* + * This inode is being freed and cannot be used for + * eventfs. Clear the flag so that it doesn't call into + * eventfs during the remount flag updates. The eventfs_inode + * gets freed after an RCU cycle, so the content will still + * be safe if the iteration is going on now. + */ + ti->flags &= ~TRACEFS_EVENT_INODE; + + return 1; +} + static const struct super_operations tracefs_super_operations = { .alloc_inode = tracefs_alloc_inode, .free_inode = tracefs_free_inode, - .drop_inode = generic_delete_inode, + .drop_inode = tracefs_drop_inode, .statfs = simple_statfs, .show_options = tracefs_show_options, }; @@ -455,22 +471,7 @@ static int tracefs_d_revalidate(struct dentry *dentry, unsigned int flags) return !(ei && ei->is_freed); } -static void tracefs_d_iput(struct dentry *dentry, struct inode *inode) -{ - struct tracefs_inode *ti = get_tracefs(inode); - - /* - * This inode is being freed and cannot be used for - * eventfs. Clear the flag so that it doesn't call into - * eventfs during the remount flag updates. The eventfs_inode - * gets freed after an RCU cycle, so the content will still - * be safe if the iteration is going on now. - */ - ti->flags &= ~TRACEFS_EVENT_INODE; -} - static const struct dentry_operations tracefs_dentry_operations = { - .d_iput = tracefs_d_iput, .d_revalidate = tracefs_d_revalidate, .d_release = tracefs_d_release, }; -- 2.43.0

11 months, 2 weeks

1
0
0 0

[PATCH v2 3/4] eventfs: Update all the eventfs_inodes from the events descriptor

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The change to update the permissions of the eventfs_inode had the misconception that using the tracefs_inode would find all the eventfs_inodes that have been updated and reset them on remount. The problem with this approach is that the eventfs_inodes are freed when they are no longer used (basically the reason the eventfs system exists). When they are freed, the updated eventfs_inodes are not reset on a remount because their tracefs_inodes have been freed. Instead, since the events directory eventfs_inode always has a tracefs_inode pointing to it (it is not freed when finished), and the events directory has a link to all its children, have the eventfs_remount() function only operate on the events eventfs_inode and have it descend into its children updating their uid and gids. Link: https://lore.kernel.org/all/CAK7LNARXgaWw3kH9JgrnH4vK6fr8LDkNKf3wq8NhMWJrVw… Cc: stable(a)vger.kernel.org Fixes: baa23a8d4360d ("tracefs: Reset permissions on remount if permissions are options") Reported-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 44 ++++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 5dfb1ccd56ea..129d0f54ba62 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -305,27 +305,27 @@ static const struct file_operations eventfs_file_operations = { .llseek = generic_file_llseek, }; -/* - * On a remount of tracefs, if UID or GID options are set, then - * the mount point inode permissions should be used. - * Reset the saved permission flags appropriately. - */ -void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) +static void eventfs_set_attrs(struct eventfs_inode *ei, bool update_uid, kuid_t uid, + bool update_gid, kgid_t gid, int level) { - struct eventfs_inode *ei = ti->private; + struct eventfs_inode *ei_child; - if (!ei) + /* Update events/<system>/<event> */ + if (WARN_ON_ONCE(level > 3)) return; if (update_uid) { ei->attr.mode &= ~EVENTFS_SAVE_UID; - ei->attr.uid = ti->vfs_inode.i_uid; + ei->attr.uid = uid; } - if (update_gid) { ei->attr.mode &= ~EVENTFS_SAVE_GID; - ei->attr.gid = ti->vfs_inode.i_gid; + ei->attr.gid = gid; + } + + list_for_each_entry(ei_child, &ei->children, list) { + eventfs_set_attrs(ei_child, update_uid, uid, update_gid, gid, level + 1); } if (!ei->entry_attrs) @@ -334,13 +334,31 @@ void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) for (int i = 0; i < ei->nr_entries; i++) { if (update_uid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; - ei->entry_attrs[i].uid = ti->vfs_inode.i_uid; + ei->entry_attrs[i].uid = uid; } if (update_gid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; - ei->entry_attrs[i].gid = ti->vfs_inode.i_gid; + ei->entry_attrs[i].gid = gid; } } + +} + +/* + * On a remount of tracefs, if UID or GID options are set, then + * the mount point inode permissions should be used. + * Reset the saved permission flags appropriately. + */ +void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) +{ + struct eventfs_inode *ei = ti->private; + + /* Only the events directory does the updates */ + if (!ei || !ei->is_events || ei->is_freed) + return; + + eventfs_set_attrs(ei, update_uid, ti->vfs_inode.i_uid, + update_gid, ti->vfs_inode.i_gid, 0); } /* Return the evenfs_inode of the "events" directory */ -- 2.43.0

11 months, 2 weeks

1
0
0 0

[PATCH v2 2/4] tracefs: Update inode permissions on remount

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> When a remount happens, if a gid or uid is specified update the inodes to have the same gid and uid. This will allow the simplification of the permissions logic for the dynamically created files and directories. Cc: stable(a)vger.kernel.org Fixes: baa23a8d4360d ("tracefs: Reset permissions on remount if permissions are options") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 17 +++++++++++++---- fs/tracefs/inode.c | 15 ++++++++++++--- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 55a40a730b10..5dfb1ccd56ea 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -317,20 +317,29 @@ void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) if (!ei) return; - if (update_uid) + if (update_uid) { ei->attr.mode &= ~EVENTFS_SAVE_UID; + ei->attr.uid = ti->vfs_inode.i_uid; + } + - if (update_gid) + if (update_gid) { ei->attr.mode &= ~EVENTFS_SAVE_GID; + ei->attr.gid = ti->vfs_inode.i_gid; + } if (!ei->entry_attrs) return; for (int i = 0; i < ei->nr_entries; i++) { - if (update_uid) + if (update_uid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; - if (update_gid) + ei->entry_attrs[i].uid = ti->vfs_inode.i_uid; + } + if (update_gid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; + ei->entry_attrs[i].gid = ti->vfs_inode.i_gid; + } } } diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index a827f6a716c4..9252e0d78ea2 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -373,12 +373,21 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) rcu_read_lock(); list_for_each_entry_rcu(ti, &tracefs_inodes, list) { - if (update_uid) + if (update_uid) { ti->flags &= ~TRACEFS_UID_PERM_SET; + ti->vfs_inode.i_uid = fsi->uid; + } - if (update_gid) + if (update_gid) { ti->flags &= ~TRACEFS_GID_PERM_SET; - + ti->vfs_inode.i_gid = fsi->gid; + } + + /* + * Note, the above ti->vfs_inode updates are + * used in eventfs_remount() so they must come + * before calling it. + */ if (ti->flags & TRACEFS_EVENT_INODE) eventfs_remount(ti, update_uid, update_gid); } -- 2.43.0

11 months, 2 weeks

1
0
0 0

[PATCH v2 1/4] eventfs: Keep the directories from having the same inode number as files

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The directories require unique inode numbers but all the eventfs files have the same inode number. Prevent the directories from having the same inode numbers as the files as that can confuse some tooling. Cc: stable(a)vger.kernel.org Fixes: 834bf76add3e6 ("eventfs: Save directory inodes in the eventfs_inode structure") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 0256afdd4acf..55a40a730b10 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -50,8 +50,12 @@ static struct eventfs_root_inode *get_root_inode(struct eventfs_inode *ei) /* Just try to make something consistent and unique */ static int eventfs_dir_ino(struct eventfs_inode *ei) { - if (!ei->ino) + if (!ei->ino) { ei->ino = get_next_ino(); + /* Must not have the file inode number */ + if (ei->ino == EVENTFS_FILE_INODE_INO) + ei->ino = get_next_ino(); + } return ei->ino; } -- 2.43.0

11 months, 2 weeks

1
0
0 0

Re: [REGRESSION] Thunderbolt Host Reset Change Causes eGPU Disconnection from 6.8.7=>6.8.8

by Linux regression tracking (Thorsten Leemhuis)

[CCing Mario, who asked for the two suspected commits to be backported] On 06.05.24 14:24, Gia wrote: > Hello, from 6.8.7=>6.8.8 I run into a similar problem with my Caldigit > TS3 Plus Thunderbolt 3 dock. > > After the update I see this message on boot "xHCI host controller not > responding, assume dead" and the dock is not working anymore. Kernel > 6.8.7 works great. Thx for the report. Could you make the kernel log (journalctl -k/dmesg) accessible somewhere? And have you looked into the other stuff that Mario suggested in the other thread? See the following mail and the reply to it for details: https://lore.kernel.org/all/1eb96465-0a81-4187-b8e7-607d85617d5f@gmail.com/… Ciao, Thorsten P.S.: To be sure the issue doesn't fall through the cracks unnoticed, I'm adding it to regzbot, the Linux kernel regression tracking bot: #regzbot ^introduced v6.8.7..v6.8.8 #regzbot title thunderbolt: TB3 dock problems, xHCI host controller not responding, assume dead

11 months, 2 weeks

7
25
0 0

RE: [PATCH v2] net: usb: ax88179_178a: avoid writing the mac address before first reading

by Isaac Ganoung

Hello, I am using a TP-Link UE306 USB Ethernet adapter. The kernel detects it as an ASIX AX88179A USB Ethernet adapter. When using a different MAC address than the adapter's own (i.e. MAC address randomization), I am unable to send or receive packets unless set to promiscuous mode. I am using NetworkManager to manage my connections. When I set 802-3-ethernet.cloned-mac-address to the device's MAC address in the connection settings (i.e. `nmcli con edit), the device works as expected. When that property is not set (null value), the device is only able to receive packets when set to promiscuous mode. uname -a output: Linux hostname 6.8.8-arch1-1 #1 SMP PREEMPT_DYNAMIC Sun, 28 Apr 2024 18:53:26 +0000 x86_64 GNU/Linux This is Arch Linux's kernel. The patches applied are here: <https://github.com/archlinux/linux/releases/tag/v6.8.8-arch1> dmesg: [37988.917741] usb 2-2: new SuperSpeed USB device number 4 using xhci_hcd [37989.208722] usb 2-2: New USB device found, idVendor=0b95, idProduct=1790, bcdDevice= 2.00 [37989.208744] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [37989.208753] usb 2-2: Product: AX88179A [37989.208760] usb 2-2: Manufacturer: ASIX [37989.208766] usb 2-2: SerialNumber: 0003B40D [37989.481930] cdc_ncm 2-2:2.0: MAC-Address: <removed> [37989.481949] cdc_ncm 2-2:2.0: setting rx_max = 16384 [37989.494646] cdc_ncm 2-2:2.0: setting tx_max = 16384 [37989.506072] cdc_ncm 2-2:2.0 eth1: register 'cdc_ncm' at usb-0000:00:14.0-2, CDC NCM (NO ZLP), <removed> journalctl (from when not in promiscuous mode): Apr 29 17:34:47 hostname kernel: usb 2-1: new SuperSpeed USB device number 5 using xhci_hcd Apr 29 17:34:48 hostname kernel: usb 2-1: New USB device found, idVendor=0b95, idProduct=1790, bcdDevice= 2.00 Apr 29 17:34:48 hostname kernel: usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Apr 29 17:34:48 hostname kernel: usb 2-1: Product: AX88179A Apr 29 17:34:48 hostname kernel: usb 2-1: Manufacturer: ASIX Apr 29 17:34:48 hostname kernel: usb 2-1: SerialNumber: 0003B40D Apr 29 17:34:48 hostname kernel: cdc_ncm 2-1:2.0: MAC-Address: <removed> Apr 29 17:34:48 hostname kernel: cdc_ncm 2-1:2.0: setting rx_max = 16384 Apr 29 17:34:48 hostname kernel: cdc_ncm 2-1:2.0: setting tx_max = 16384 Apr 29 17:34:48 hostname kernel: cdc_ncm 2-1:2.0 eth1: register 'cdc_ncm' at usb-0000:00:14.0-1, CDC NCM (NO ZLP), <removed> Apr 29 17:34:48 hostname NetworkManager[5652]: <info> [1714430088.5005] manager: (eth1): new Ethernet device (/org/freedesktop/NetworkManager/Devices/14) Apr 29 17:34:48 hostname mtp-probe[6423]: checking bus 2, device 5: "/sys/devices/pci0000:00/0000:00:14.0/usb2/2-1" Apr 29 17:34:48 hostname mtp-probe[6423]: bus: 2, device: 5 was not an MTP device Apr 29 17:34:49 hostname (udev-worker)[6422]: Network interface NamePolicy= disabled on kernel command line. Apr 29 17:34:49 hostname NetworkManager[5652]: <info> [1714430089.1558] device (eth1): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external') Apr 29 17:34:49 hostname mtp-probe[6456]: checking bus 2, device 5: "/sys/devices/pci0000:00/0000:00:14.0/usb2/2-1" Apr 29 17:34:49 hostname mtp-probe[6456]: bus: 2, device: 5 was not an MTP device Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.2247] device (eth1): carrier: link connected Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.2255] device (eth1): state change: unavailable -> disconnected (reason 'carrier-changed', sys-iface-state: 'managed') Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.2275] policy: auto-activating connection 'Wired connection 2' (e1106b48-8695-3ed4-b512-a0909ddaa247) Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.2279] device (eth1): Activation: starting connection 'Wired connection 2' (e1106b48-8695-3ed4-b512-a0909ddaa247) Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.2280] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.2282] manager: NetworkManager state is now CONNECTING Apr 29 17:34:51 hostname NetworkManager[5652]: <warn> [1714430091.2284] platform-linux: do-change-link[9]: failure 16 (Device or resource busy) Apr 29 17:34:51 hostname systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully. Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.3634] device (eth1): set-hw-addr: set-cloned MAC address to 6A:0D:A2:E2:9D:A6 (random) Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.3646] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.3729] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.3740] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.3791] dhcp4 (eth1): dhclient started with pid 6459 Apr 29 17:34:51 hostname dhclient[6459]: DHCPREQUEST for 192.168.1.169 on eth1 to 255.255.255.255 port 67 Apr 29 17:34:51 hostname dhclient[6459]: DHCPNAK from 192.168.1.1 Apr 29 17:34:51 hostname NetworkManager[5652]: <info> [1714430091.4578] dhcp4 (eth1): state changed no lease Thanks, Isaac Ganoung

11 months, 2 weeks

4
9
0 0

[for-linus][PATCH 3/4] tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test

by Steven Rostedt

From: Jeff Johnson <quic_jjohnson(a)quicinc.com> Fix the 'make W=1' warning: WARNING: modpost: missing MODULE_DESCRIPTION() in kernel/trace/preemptirq_delay_test.o Link: https://lore.kernel.org/linux-trace-kernel/20240518-md-preemptirq_delay_tes… Cc: stable(a)vger.kernel.org Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: f96e8577da10 ("lib: Add module for testing preemptoff/irqsoff latency tracers") Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Jeff Johnson <quic_jjohnson(a)quicinc.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/preemptirq_delay_test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/trace/preemptirq_delay_test.c b/kernel/trace/preemptirq_delay_test.c index 8c4ffd076162..cb0871fbdb07 100644 --- a/kernel/trace/preemptirq_delay_test.c +++ b/kernel/trace/preemptirq_delay_test.c @@ -215,4 +215,5 @@ static void __exit preemptirq_delay_exit(void) module_init(preemptirq_delay_init) module_exit(preemptirq_delay_exit) +MODULE_DESCRIPTION("Preempt / IRQ disable delay thread to test latency tracers"); MODULE_LICENSE("GPL v2"); -- 2.43.0

11 months, 2 weeks

1
0
0 0

[for-linus][PATCH 2/4] ring-buffer: Fix a race between readers and resize checks

by Steven Rostedt

From: Petr Pavlu <petr.pavlu(a)suse.com> The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following that, if the operation is successful, old->list.next->prev gets updated too. This means the underlying doubly-linked list is temporarily inconsistent, page->prev->next or page->next->prev might not be equal back to page for some page in the ring buffer. The resize operation in ring_buffer_resize() can be invoked in parallel. It calls rb_check_pages() which can detect the described inconsistency and stop further tracing: [ 190.271762] ------------[ cut here ]------------ [ 190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0 [ 190.271789] Modules linked in: [...] [ 190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1 [ 190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G E 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f [ 190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014 [ 190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0 [ 190.272023] Code: [...] [ 190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206 [ 190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80 [ 190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700 [ 190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000 [ 190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720 [ 190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000 [ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000 [ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0 [ 190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 190.272077] Call Trace: [ 190.272098] <TASK> [ 190.272189] ring_buffer_resize+0x2ab/0x460 [ 190.272199] __tracing_resize_ring_buffer.part.0+0x23/0xa0 [ 190.272206] tracing_resize_ring_buffer+0x65/0x90 [ 190.272216] tracing_entries_write+0x74/0xc0 [ 190.272225] vfs_write+0xf5/0x420 [ 190.272248] ksys_write+0x67/0xe0 [ 190.272256] do_syscall_64+0x82/0x170 [ 190.272363] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 190.272373] RIP: 0033:0x7f1bd657d263 [ 190.272381] Code: [...] [ 190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263 [ 190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001 [ 190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000 [ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500 [ 190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002 [ 190.272412] </TASK> [ 190.272414] ---[ end trace 0000000000000000 ]--- Note that ring_buffer_resize() calls rb_check_pages() only if the parent trace_buffer has recording disabled. Recent commit d78ab792705c ("tracing: Stop current tracer when resizing buffer") causes that it is now always the case which makes it more likely to experience this issue. The window to hit this race is nonetheless very small. To help reproducing it, one can add a delay loop in rb_get_reader_page(): ret = rb_head_page_replace(reader, cpu_buffer->reader_page); if (!ret) goto spin; for (unsigned i = 0; i < 1U << 26; i++) /* inserted delay loop */ __asm__ __volatile__ ("" : : : "memory"); rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list; .. and then run the following commands on the target system: echo 1 > /sys/kernel/tracing/events/sched/sched_switch/enable while true; do echo 16 > /sys/kernel/tracing/buffer_size_kb; sleep 0.1 echo 8 > /sys/kernel/tracing/buffer_size_kb; sleep 0.1 done & while true; do for i in /sys/kernel/tracing/per_cpu/*; do timeout 0.1 cat $i/trace_pipe; sleep 0.2 done done To fix the problem, make sure ring_buffer_resize() doesn't invoke rb_check_pages() concurrently with a reader operating on the same ring_buffer_per_cpu by taking its cpu_buffer->reader_lock. Link: https://lore.kernel.org/linux-trace-kernel/20240517134008.24529-3-petr.pavl… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 659f451ff213 ("ring-buffer: Add integrity check at end of iter read") Signed-off-by: Petr Pavlu <petr.pavlu(a)suse.com> [ Fixed whitespace ] Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ring_buffer.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 42227727a49d..28853966aa9a 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1460,6 +1460,11 @@ static void rb_check_bpage(struct ring_buffer_per_cpu *cpu_buffer, * * As a safety measure we check to make sure the data pages have not * been corrupted. + * + * Callers of this function need to guarantee that the list of pages doesn't get + * modified during the check. In particular, if it's possible that the function + * is invoked with concurrent readers which can swap in a new reader page then + * the caller should take cpu_buffer->reader_lock. */ static void rb_check_pages(struct ring_buffer_per_cpu *cpu_buffer) { @@ -2210,8 +2215,12 @@ int ring_buffer_resize(struct trace_buffer *buffer, unsigned long size, */ synchronize_rcu(); for_each_buffer_cpu(buffer, cpu) { + unsigned long flags; + cpu_buffer = buffer->buffers[cpu]; + raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags); rb_check_pages(cpu_buffer); + raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags); } atomic_dec(&buffer->record_disabled); } -- 2.43.0

11 months, 2 weeks

1
0
0 0

Fix Intel's ice driver in stable

by Ahmed Zaki

Hello, Upstream commit 11fbb1bfb5bc8c98b2d7db9da332b5e568f4aaab ("ice: use relative VSI index for VFs VSIs") was applied to stable 6.1, 6.6 and 6.8: 6.1: 5693dd6d3d01f0eea24401f815c98b64cb315b67 6.6: c926393dc3442c38fdcab17d040837cf4acad1c3 6.8: d3da0d4d9fb472ad7dccb784f3d9de40d0c2f6a9 However, it was a part of a series submitted to net-next [1]. Applying this one patch on its own broke the VF devices created with the ice as a PF: # [ 307.688237] iavf: Intel(R) Ethernet Adaptive Virtual Function Network Driver # [ 307.688241] Copyright (c) 2013 - 2018 Intel Corporation. # [ 307.688424] iavf 0000:af:01.0: enabling device (0000 -> 0002) # [ 307.758860] iavf 0000:af:01.0: Invalid MAC address 00:00:00:00:00:00, using random # [ 307.759628] iavf 0000:af:01.0: Multiqueue Enabled: Queue pair count = 16 # [ 307.759683] iavf 0000:af:01.0: MAC address: 6a:46:83:88:c2:26 # [ 307.759688] iavf 0000:af:01.0: GRO is enabled # [ 307.790937] iavf 0000:af:01.0 ens802f0v0: renamed from eth0 # [ 307.896041] iavf 0000:af:01.0: PF returned error -5 (IAVF_ERR_PARAM) to our request 6 # [ 307.916967] iavf 0000:af:01.0: PF returned error -5 (IAVF_ERR_PARAM) to our request 8 The VF initialization fails and the VF device is completely unusable. This can be fixed either by: 1 - Reverting the above mentioned commit (upstream 11fbb1bfb5bc8c98b2d7db9da332b5e568f4aaab) Or, 2 - applying the following upstream commits (part of the series): a) a21605993dd5dfd15edfa7f06705ede17b519026 ("ice: pass VSI pointer into ice_vc_isvalid_q_id") b) 363f689600dd010703ce6391bcfc729a97d21840 ("ice: remove unnecessary duplicate checks for VF VSI ID") Thanks, Ahmed [1]: https://www.spinics.net/lists/netdev/msg979289.html

11 months, 2 weeks

5
7
0 0

[PATCH] dma-buf: handle testing kthreads creation failure

by Fedor Pchelkin

kthread creation may possibly fail inside race_signal_callback(). In such case stop the already started threads and return with error code. Found by Linux Verification Center (linuxtesting.org). Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/dma-buf/st-dma-fence.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c index b7c6f7ea9e0c..ab1ec4631578 100644 --- a/drivers/dma-buf/st-dma-fence.c +++ b/drivers/dma-buf/st-dma-fence.c @@ -540,6 +540,12 @@ static int race_signal_callback(void *arg) t[i].before = pass; t[i].task = kthread_run(thread_signal_callback, &t[i], "dma-fence:%d", i); + if (IS_ERR(t[i].task)) { + ret = PTR_ERR(t[i].task); + while (--i >= 0) + kthread_stop(t[i].task); + return ret; + } get_task_struct(t[i].task); } -- 2.39.2

11 months, 2 weeks

2
1
0 0

[PATCH 2/2] tracefs: Update inode permissions on remount

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> When a remount happens, if a gid or uid is specified update the inodes to have the same gid and uid. This will allow the simplification of the permissions logic for the dynamically created files and directories. Cc: stable(a)vger.kernel.org Fixes: baa23a8d4360d ("tracefs: Reset permissions on remount if permissions are options") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 17 +++++++++++++---- fs/tracefs/inode.c | 15 ++++++++++++--- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 55a40a730b10..5dfb1ccd56ea 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -317,20 +317,29 @@ void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) if (!ei) return; - if (update_uid) + if (update_uid) { ei->attr.mode &= ~EVENTFS_SAVE_UID; + ei->attr.uid = ti->vfs_inode.i_uid; + } + - if (update_gid) + if (update_gid) { ei->attr.mode &= ~EVENTFS_SAVE_GID; + ei->attr.gid = ti->vfs_inode.i_gid; + } if (!ei->entry_attrs) return; for (int i = 0; i < ei->nr_entries; i++) { - if (update_uid) + if (update_uid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; - if (update_gid) + ei->entry_attrs[i].uid = ti->vfs_inode.i_uid; + } + if (update_gid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; + ei->entry_attrs[i].gid = ti->vfs_inode.i_gid; + } } } diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index a827f6a716c4..9252e0d78ea2 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -373,12 +373,21 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) rcu_read_lock(); list_for_each_entry_rcu(ti, &tracefs_inodes, list) { - if (update_uid) + if (update_uid) { ti->flags &= ~TRACEFS_UID_PERM_SET; + ti->vfs_inode.i_uid = fsi->uid; + } - if (update_gid) + if (update_gid) { ti->flags &= ~TRACEFS_GID_PERM_SET; - + ti->vfs_inode.i_gid = fsi->gid; + } + + /* + * Note, the above ti->vfs_inode updates are + * used in eventfs_remount() so they must come + * before calling it. + */ if (ti->flags & TRACEFS_EVENT_INODE) eventfs_remount(ti, update_uid, update_gid); } -- 2.43.0

11 months, 2 weeks

1
0
0 0

[PATCH 1/2] eventfs: Keep the directories from having the same inode number as files

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> The directories require unique inode numbers but all the eventfs files have the same inode number. Prevent the directories from having the same inode numbers as the files as that can confuse some tooling. Cc: stable(a)vger.kernel.org Fixes: 834bf76add3e6 ("eventfs: Save directory inodes in the eventfs_inode structure") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 0256afdd4acf..55a40a730b10 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -50,8 +50,12 @@ static struct eventfs_root_inode *get_root_inode(struct eventfs_inode *ei) /* Just try to make something consistent and unique */ static int eventfs_dir_ino(struct eventfs_inode *ei) { - if (!ei->ino) + if (!ei->ino) { ei->ino = get_next_ino(); + /* Must not have the file inode number */ + if (ei->ino == EVENTFS_FILE_INODE_INO) + ei->ino = get_next_ino(); + } return ei->ino; } -- 2.43.0

11 months, 2 weeks

1
0
0 0

[PATCH RESEND 5.4.y] ext4: fix bug_on in __es_tree_search

by Guilherme G. Piccoli

From: Baokun Li <libaokun1(a)huawei.com> commit d36f6ed761b53933b0b4126486c10d3da7751e7f upstream. Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/extents_status.c:199! [...] RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 [...] Call Trace: ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561 ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964 ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384 ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567 ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980 ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031 ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257 v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63 v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82 vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368 dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490 ext4_quota_enable fs/ext4/super.c:6137 [inline] ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163 ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754 mount_bdev+0x2e9/0x3b0 fs/super.c:1158 mount_fs+0x4b/0x1e4 fs/super.c:1261 [...] ================================================================== Above issue may happen as follows: ------------------------------------- ext4_fill_super ext4_enable_quotas ext4_quota_enable ext4_iget __ext4_iget ext4_ext_check_inode ext4_ext_check __ext4_ext_check ext4_valid_extent_entries Check for overlapping extents does't take effect dquot_enable vfs_load_quota_inode v2_check_quota_file v2_read_header ext4_quota_read ext4_bread ext4_getblk ext4_map_blocks ext4_ext_map_blocks ext4_find_extent ext4_cache_extents ext4_es_cache_extent ext4_es_cache_extent __es_tree_search ext4_es_end BUG_ON(es->es_lblk + es->es_len < es->es_lblk) The error ext4 extents is as follows: 0af3 0300 0400 0000 00000000 extent_header 00000000 0100 0000 12000000 extent1 00000000 0100 0000 18000000 extent2 02000000 0400 0000 14000000 extent3 In the ext4_valid_extent_entries function, if prev is 0, no error is returned even if lblock<=prev. This was intended to skip the check on the first extent, but in the error image above, prev=0+1-1=0 when checking the second extent, so even though lblock<=prev, the function does not return an error. As a result, bug_ON occurs in __es_tree_search and the system panics. To solve this problem, we only need to check that: 1. The lblock of the first extent is not less than 0. 2. The lblock of the next extent is not less than the next block of the previous extent. The same applies to extent_idx. Cc: stable(a)kernel.org Fixes: 5946d089379a ("ext4: check for overlapping extents in ext4_valid_extent_entries()") Reported-by: Hulk Robot <hulkci(a)huawei.com> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20220518120816.1541863-1-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reported-by: syzbot+2a58d88f0fb315c85363(a)syzkaller.appspotmail.com [gpiccoli: Manual backport due to unrelated missing patches.] Signed-off-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> --- Hey folks, this one should have been backported but due to merge issues [0], it ended-up not being on 5.4.y . So here is a working version! Cheers, Guilherme [0] https://lore.kernel.org/stable/165451751147179@kroah.com/ fs/ext4/extents.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 98e1b1ddb4ec..90b12c7c0f20 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -409,7 +409,7 @@ static int ext4_valid_extent_entries(struct inode *inode, { unsigned short entries; ext4_lblk_t lblock = 0; - ext4_lblk_t prev = 0; + ext4_lblk_t cur = 0; if (eh->eh_entries == 0) return 1; @@ -435,12 +435,12 @@ static int ext4_valid_extent_entries(struct inode *inode, /* Check for overlapping extents */ lblock = le32_to_cpu(ext->ee_block); - if ((lblock <= prev) && prev) { + if (lblock < cur) { pblock = ext4_ext_pblock(ext); es->s_last_error_block = cpu_to_le64(pblock); return 0; } - prev = lblock + ext4_ext_get_actual_len(ext) - 1; + cur = lblock + ext4_ext_get_actual_len(ext); ext++; entries--; } @@ -460,13 +460,13 @@ static int ext4_valid_extent_entries(struct inode *inode, /* Check for overlapping index extents */ lblock = le32_to_cpu(ext_idx->ei_block); - if ((lblock <= prev) && prev) { + if (lblock < cur) { *pblk = ext4_idx_pblock(ext_idx); return 0; } ext_idx++; entries--; - prev = lblock; + cur = lblock + 1; } } return 1; -- 2.43.2

11 months, 2 weeks

2
1
0 0

[PATCH v5.15.y] nfsd: don't allow nfsd threads to be signalled.

by cel＠kernel.org

From: NeilBrown <neilb(a)suse.de> [ Upstream commit 3903902401451b1cd9d797a8c79769eb26ac7fe5 ] The original implementation of nfsd used signals to stop threads during shutdown. In Linux 2.3.46pre5 nfsd gained the ability to shutdown threads internally it if was asked to run "0" threads. After this user-space transitioned to using "rpc.nfsd 0" to stop nfsd and sending signals to threads was no longer an important part of the API. In commit 3ebdbe5203a8 ("SUNRPC: discard svo_setup and rename svc_set_num_threads_sync()") (v5.17-rc1~75^2~41) we finally removed the use of signals for stopping threads, using kthread_stop() instead. This patch makes the "obvious" next step and removes the ability to signal nfsd threads - or any svc threads. nfsd stops allowing signals and we don't check for their delivery any more. This will allow for some simplification in later patches. A change worth noting is in nfsd4_ssc_setup_dul(). There was previously a signal_pending() check which would only succeed when the thread was being shut down. It should really have tested kthread_should_stop() as well. Now it just does the latter, not the former. Signed-off-by: NeilBrown <neilb(a)suse.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- fs/nfs/callback.c | 9 +-------- fs/nfsd/nfs4proc.c | 5 ++--- fs/nfsd/nfssvc.c | 12 ------------ net/sunrpc/svc_xprt.c | 16 ++++++---------- 4 files changed, 9 insertions(+), 33 deletions(-) diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index 456af7d230cf..46a0a2d6962e 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -80,9 +80,6 @@ nfs4_callback_svc(void *vrqstp) set_freezable(); while (!kthread_freezable_should_stop(NULL)) { - - if (signal_pending(current)) - flush_signals(current); /* * Listen for a request on the socket */ @@ -112,11 +109,7 @@ nfs41_callback_svc(void *vrqstp) set_freezable(); while (!kthread_freezable_should_stop(NULL)) { - - if (signal_pending(current)) - flush_signals(current); - - prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE); + prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_IDLE); spin_lock_bh(&serv->sv_cb_lock); if (!list_empty(&serv->sv_cb_list)) { req = list_first_entry(&serv->sv_cb_list, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index c14f5ac1484c..6779291efca9 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1317,12 +1317,11 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr, /* found a match */ if (ni->nsui_busy) { /* wait - and try again */ - prepare_to_wait(&nn->nfsd_ssc_waitq, &wait, - TASK_INTERRUPTIBLE); + prepare_to_wait(&nn->nfsd_ssc_waitq, &wait, TASK_IDLE); spin_unlock(&nn->nfsd_ssc_lock); /* allow 20secs for mount/unmount for now - revisit */ - if (signal_pending(current) || + if (kthread_should_stop() || (schedule_timeout(20*HZ) == 0)) { finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c index 4c1a0a1623e5..3d4fd40c987b 100644 --- a/fs/nfsd/nfssvc.c +++ b/fs/nfsd/nfssvc.c @@ -938,15 +938,6 @@ nfsd(void *vrqstp) current->fs->umask = 0; - /* - * thread is spawned with all signals set to SIG_IGN, re-enable - * the ones that will bring down the thread - */ - allow_signal(SIGKILL); - allow_signal(SIGHUP); - allow_signal(SIGINT); - allow_signal(SIGQUIT); - atomic_inc(&nfsdstats.th_cnt); set_freezable(); @@ -971,9 +962,6 @@ nfsd(void *vrqstp) validate_process_creds(); } - /* Clear signals before calling svc_exit_thread() */ - flush_signals(current); - atomic_dec(&nfsdstats.th_cnt); out: diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index 67ccf1a6459a..b19592673eef 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -700,8 +700,8 @@ static int svc_alloc_arg(struct svc_rqst *rqstp) /* Made progress, don't sleep yet */ continue; - set_current_state(TASK_INTERRUPTIBLE); - if (signalled() || kthread_should_stop()) { + set_current_state(TASK_IDLE); + if (kthread_should_stop()) { set_current_state(TASK_RUNNING); return -EINTR; } @@ -736,7 +736,7 @@ rqst_should_sleep(struct svc_rqst *rqstp) return false; /* are we shutting down? */ - if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) return false; /* are we freezing? */ @@ -758,11 +758,7 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) if (rqstp->rq_xprt) goto out_found; - /* - * We have to be able to interrupt this wait - * to bring down the daemons ... - */ - set_current_state(TASK_INTERRUPTIBLE); + set_current_state(TASK_IDLE); smp_mb__before_atomic(); clear_bit(SP_CONGESTED, &pool->sp_flags); clear_bit(RQ_BUSY, &rqstp->rq_flags); @@ -784,7 +780,7 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) if (!time_left) atomic_long_inc(&pool->sp_stats.threads_timedout); - if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) return ERR_PTR(-EINTR); return ERR_PTR(-EAGAIN); out_found: @@ -882,7 +878,7 @@ int svc_recv(struct svc_rqst *rqstp, long timeout) try_to_freeze(); cond_resched(); err = -EINTR; - if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) goto out; xprt = svc_get_next_xprt(rqstp, timeout); base-commit: b925f60c6ee7ec871d2d48575d0fde3872129c20 -- 2.44.0

11 months, 2 weeks

3
2
0 0

Pickup commit "mfd: stpmic1: Fix swapped mask/unmask in irq chip" for stable kernel?

by Yoann Congal

Hello, Please pickup commit c79e387389d5add7cb967d2f7622c3bf5550927b ("mfd: stpmic1: Fix swapped mask/unmask in irq chip") for inclusion in stable kernel 6.1.y. This fixes this warning at boot: stpmic1 [...]: mask_base and unmask_base are inverted, please fix it It also avoid to invert masks later in IRQ framework so regression risks should be minimal. Thanks! -- Yoann Congal Smile ECS - Tech Expert

11 months, 2 weeks

2
1
0 0

Backport request

by Hemdan, Hagar Gamal Halim

Hi, Please backport commit: ecfe9a015d3e ("pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin()") to stable trees 5.4.y, 5.10.y, 5.15.y, 6.1.y. This commit fixes error handling of radix_tree_insert(). This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Thanks, Hagar Hemdan Amazon Web Services Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

11 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 317a215d4932 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052216-jaws-pester-a65d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 317a215d493230da361028ea8a4675de334bfa1a Mon Sep 17 00:00:00 2001 From: Ronald Wahl <ronald.wahl(a)raritan.com> Date: Mon, 13 May 2024 16:39:22 +0200 Subject: [PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag handling Under some circumstances it may happen that the ks8851 Ethernet driver stops sending data. Currently the interrupt handler resets the interrupt status flags in the hardware after handling TX. With this approach we may lose interrupts in the time window between handling the TX interrupt and resetting the TX interrupt status bit. When all of the three following conditions are true then transmitting data stops: - TX queue is stopped to wait for room in the hardware TX buffer - no queued SKBs in the driver (txq) that wait for being written to hw - hardware TX buffer is empty and the last TX interrupt was lost This is because reenabling the TX queue happens when handling the TX interrupt status but if the TX status bit has already been cleared then this interrupt will never come. With this commit the interrupt status flags will be cleared before they are handled. That way we stop losing interrupts. The wrong handling of the ISR flags was there from the beginning but with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") the issue becomes apparent. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 502518cdb461..6453c92f0fa7 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -328,7 +328,6 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) { struct ks8851_net *ks = _ks; struct sk_buff_head rxq; - unsigned handled = 0; unsigned long flags; unsigned int status; struct sk_buff *skb; @@ -336,24 +335,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) ks8851_lock(ks, &flags); status = ks8851_rdreg16(ks, KS_ISR); + ks8851_wrreg16(ks, KS_ISR, status); netif_dbg(ks, intr, ks->netdev, "%s: status 0x%04x\n", __func__, status); - if (status & IRQ_LCI) - handled |= IRQ_LCI; - if (status & IRQ_LDI) { u16 pmecr = ks8851_rdreg16(ks, KS_PMECR); pmecr &= ~PMECR_WKEVT_MASK; ks8851_wrreg16(ks, KS_PMECR, pmecr | PMECR_WKEVT_LINK); - - handled |= IRQ_LDI; } - if (status & IRQ_RXPSI) - handled |= IRQ_RXPSI; - if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); @@ -365,20 +357,12 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); spin_unlock(&ks->statelock); - - handled |= IRQ_TXI; } - if (status & IRQ_RXI) - handled |= IRQ_RXI; - if (status & IRQ_SPIBEI) { netdev_err(ks->netdev, "%s: spi bus error\n", __func__); - handled |= IRQ_SPIBEI; } - ks8851_wrreg16(ks, KS_ISR, handled); - if (status & IRQ_RXI) { /* the datasheet says to disable the rx interrupt during * packet read-out, however we're masking the interrupt

11 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 317a215d4932 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052215-epidemic-outpour-6c88@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 317a215d493230da361028ea8a4675de334bfa1a Mon Sep 17 00:00:00 2001 From: Ronald Wahl <ronald.wahl(a)raritan.com> Date: Mon, 13 May 2024 16:39:22 +0200 Subject: [PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag handling Under some circumstances it may happen that the ks8851 Ethernet driver stops sending data. Currently the interrupt handler resets the interrupt status flags in the hardware after handling TX. With this approach we may lose interrupts in the time window between handling the TX interrupt and resetting the TX interrupt status bit. When all of the three following conditions are true then transmitting data stops: - TX queue is stopped to wait for room in the hardware TX buffer - no queued SKBs in the driver (txq) that wait for being written to hw - hardware TX buffer is empty and the last TX interrupt was lost This is because reenabling the TX queue happens when handling the TX interrupt status but if the TX status bit has already been cleared then this interrupt will never come. With this commit the interrupt status flags will be cleared before they are handled. That way we stop losing interrupts. The wrong handling of the ISR flags was there from the beginning but with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") the issue becomes apparent. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 502518cdb461..6453c92f0fa7 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -328,7 +328,6 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) { struct ks8851_net *ks = _ks; struct sk_buff_head rxq; - unsigned handled = 0; unsigned long flags; unsigned int status; struct sk_buff *skb; @@ -336,24 +335,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) ks8851_lock(ks, &flags); status = ks8851_rdreg16(ks, KS_ISR); + ks8851_wrreg16(ks, KS_ISR, status); netif_dbg(ks, intr, ks->netdev, "%s: status 0x%04x\n", __func__, status); - if (status & IRQ_LCI) - handled |= IRQ_LCI; - if (status & IRQ_LDI) { u16 pmecr = ks8851_rdreg16(ks, KS_PMECR); pmecr &= ~PMECR_WKEVT_MASK; ks8851_wrreg16(ks, KS_PMECR, pmecr | PMECR_WKEVT_LINK); - - handled |= IRQ_LDI; } - if (status & IRQ_RXPSI) - handled |= IRQ_RXPSI; - if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); @@ -365,20 +357,12 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); spin_unlock(&ks->statelock); - - handled |= IRQ_TXI; } - if (status & IRQ_RXI) - handled |= IRQ_RXI; - if (status & IRQ_SPIBEI) { netdev_err(ks->netdev, "%s: spi bus error\n", __func__); - handled |= IRQ_SPIBEI; } - ks8851_wrreg16(ks, KS_ISR, handled); - if (status & IRQ_RXI) { /* the datasheet says to disable the rx interrupt during * packet read-out, however we're masking the interrupt

11 months, 2 weeks

1
0
0 0

DSC divide by zero solution

by Limonciello, Mario

Hi, In some monitors with DSC a divide by zero has been reported and fixed in 6.10 by this commit. 130afc8a8861 ("drm/amd/display: Fix division by zero in setup_dsc_config") Can you please bring it back to 5.15.y+? Thanks,

11 months, 2 weeks

2
1
0 0

[PATCH AUTOSEL 5.10 1/9] ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating

by Sasha Levin

From: Derek Fang <derek.fang(a)realtek.com> [ Upstream commit 103abab975087e1f01b76fcb54c91dbb65dbc249 ] The codec leaves tie combo jack's sleeve/ring2 to floating status default. It would cause electric noise while connecting the active speaker jack during boot or shutdown. This patch requests a gpio to control the additional jack circuit to tie the contacts to the ground or floating. Signed-off-by: Derek Fang <derek.fang(a)realtek.com> Link: https://msgid.link/r/20240408091057.14165-1-derek.fang@realtek.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/rt5645.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c index 5db63ef33f1a2..ac403827a2290 100644 --- a/sound/soc/codecs/rt5645.c +++ b/sound/soc/codecs/rt5645.c @@ -414,6 +414,7 @@ struct rt5645_priv { struct regmap *regmap; struct i2c_client *i2c; struct gpio_desc *gpiod_hp_det; + struct gpio_desc *gpiod_cbj_sleeve; struct snd_soc_jack *hp_jack; struct snd_soc_jack *mic_jack; struct snd_soc_jack *btn_jack; @@ -3169,6 +3170,9 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse regmap_update_bits(rt5645->regmap, RT5645_IN1_CTRL2, RT5645_CBJ_MN_JD, 0); + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 1); + msleep(600); regmap_read(rt5645->regmap, RT5645_IN1_CTRL3, &val); val &= 0x7; @@ -3185,6 +3189,8 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse snd_soc_dapm_disable_pin(dapm, "Mic Det Power"); snd_soc_dapm_sync(dapm); rt5645->jack_type = SND_JACK_HEADPHONE; + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } if (rt5645->pdata.level_trigger_irq) regmap_update_bits(rt5645->regmap, RT5645_IRQ_CTRL2, @@ -3210,6 +3216,9 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse if (rt5645->pdata.level_trigger_irq) regmap_update_bits(rt5645->regmap, RT5645_IRQ_CTRL2, RT5645_JD_1_1_MASK, RT5645_JD_1_1_INV); + + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } return rt5645->jack_type; @@ -3882,6 +3891,16 @@ static int rt5645_i2c_probe(struct i2c_client *i2c, return ret; } + rt5645->gpiod_cbj_sleeve = devm_gpiod_get_optional(&i2c->dev, "cbj-sleeve", + GPIOD_OUT_LOW); + + if (IS_ERR(rt5645->gpiod_cbj_sleeve)) { + ret = PTR_ERR(rt5645->gpiod_cbj_sleeve); + dev_info(&i2c->dev, "failed to initialize gpiod, ret=%d\n", ret); + if (ret != -ENOENT) + return ret; + } + for (i = 0; i < ARRAY_SIZE(rt5645->supplies); i++) rt5645->supplies[i].supply = rt5645_supply_names[i]; @@ -4125,6 +4144,9 @@ static int rt5645_i2c_remove(struct i2c_client *i2c) cancel_delayed_work_sync(&rt5645->jack_detect_work); cancel_delayed_work_sync(&rt5645->rcclock_work); + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); + regulator_bulk_disable(ARRAY_SIZE(rt5645->supplies), rt5645->supplies); return 0; @@ -4142,6 +4164,9 @@ static void rt5645_i2c_shutdown(struct i2c_client *i2c) 0); msleep(20); regmap_write(rt5645->regmap, RT5645_RESET, 0); + + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } static struct i2c_driver rt5645_i2c_driver = { -- 2.43.0

11 months, 2 weeks

3
11
0 0

[PATCH 2/2] riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context

by Nam Cao

__kernel_map_pages() is a debug function which clears the valid bit in page table entry for deallocated pages to detect illegal memory accesses to freed pages. This function set/clear the valid bit using __set_memory(). __set_memory() acquires init_mm's semaphore, and this operation may sleep. This is problematic, because __kernel_map_pages() can be called in atomic context, and thus is illegal to sleep. An example warning that this causes: BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd preempt_count: 2, expected: 0 CPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37 Hardware name: riscv-virtio,qemu (DT) Call Trace: [<ffffffff800060dc>] dump_backtrace+0x1c/0x24 [<ffffffff8091ef6e>] show_stack+0x2c/0x38 [<ffffffff8092baf8>] dump_stack_lvl+0x5a/0x72 [<ffffffff8092bb24>] dump_stack+0x14/0x1c [<ffffffff8003b7ac>] __might_resched+0x104/0x10e [<ffffffff8003b7f4>] __might_sleep+0x3e/0x62 [<ffffffff8093276a>] down_write+0x20/0x72 [<ffffffff8000cf00>] __set_memory+0x82/0x2fa [<ffffffff8000d324>] __kernel_map_pages+0x5a/0xd4 [<ffffffff80196cca>] __alloc_pages_bulk+0x3b2/0x43a [<ffffffff8018ee82>] __vmalloc_node_range+0x196/0x6ba [<ffffffff80011904>] copy_process+0x72c/0x17ec [<ffffffff80012ab4>] kernel_clone+0x60/0x2fe [<ffffffff80012f62>] kernel_thread+0x82/0xa0 [<ffffffff8003552c>] kthreadd+0x14a/0x1be [<ffffffff809357de>] ret_from_fork+0xe/0x1c Rewrite this function with apply_to_existing_page_range(). It is fine to not have any locking, because __kernel_map_pages() works with pages being allocated/deallocated and those pages are not changed by anyone else in the meantime. Fixes: 5fde3db5eb02 ("riscv: add ARCH_SUPPORTS_DEBUG_PAGEALLOC support") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- arch/riscv/mm/pageattr.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/arch/riscv/mm/pageattr.c b/arch/riscv/mm/pageattr.c index 410056a50aa9..271d01a5ba4d 100644 --- a/arch/riscv/mm/pageattr.c +++ b/arch/riscv/mm/pageattr.c @@ -387,17 +387,33 @@ int set_direct_map_default_noflush(struct page *page) } #ifdef CONFIG_DEBUG_PAGEALLOC +static int debug_pagealloc_set_page(pte_t *pte, unsigned long addr, void *data) +{ + int enable = *(int *)data; + + unsigned long val = pte_val(ptep_get(pte)); + + if (enable) + val |= _PAGE_PRESENT; + else + val &= ~_PAGE_PRESENT; + + set_pte(pte, __pte(val)); + + return 0; +} + void __kernel_map_pages(struct page *page, int numpages, int enable) { if (!debug_pagealloc_enabled()) return; - if (enable) - __set_memory((unsigned long)page_address(page), numpages, - __pgprot(_PAGE_PRESENT), __pgprot(0)); - else - __set_memory((unsigned long)page_address(page), numpages, - __pgprot(0), __pgprot(_PAGE_PRESENT)); + unsigned long start = (unsigned long)page_address(page); + unsigned long size = PAGE_SIZE * numpages; + + apply_to_existing_page_range(&init_mm, start, size, debug_pagealloc_set_page, &enable); + + flush_tlb_kernel_range(start, start + size); } #endif -- 2.39.2

11 months, 2 weeks

2
1
0 0

[PATCH 1/2] riscv: force PAGE_SIZE linear mapping if debug_pagealloc is enabled

by Nam Cao

debug_pagealloc is a debug feature which clears the valid bit in page table entry for freed pages to detect illegal accesses to freed memory. For this feature to work, virtual mapping must have PAGE_SIZE resolution. (No, we cannot map with huge pages and split them only when needed; because pages can be allocated/freed in atomic context and page splitting cannot be done in atomic context) Force linear mapping to use small pages if debug_pagealloc is enabled. Note that it is not necessary to force the entire linear mapping, but only those that are given to memory allocator. Some parts of memory can keep using huge page mapping (for example, kernel's executable code). But these parts are minority, so keep it simple. This is just a debug feature, some extra overhead should be acceptable. Fixes: 5fde3db5eb02 ("riscv: add ARCH_SUPPORTS_DEBUG_PAGEALLOC support") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- Interestingly this feature somehow still worked when first introduced. My guess is that back then only 2MB page size is used. When a 4KB page is freed, the entire 2MB will be (incorrectly) invalidated by this feature. But 2MB is quite small, so no one else happen to use other 4KB pages in this 2MB area. In other words, it used to work by luck. Now larger page sizes are used, so this feature invalidate large chunk of memory, and the probability that someone else access this chunk and trigger a page fault is much higher. arch/riscv/mm/init.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index 2574f6a3b0e7..73914afa3aba 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -682,6 +682,9 @@ void __init create_pgd_mapping(pgd_t *pgdp, static uintptr_t __init best_map_size(phys_addr_t pa, uintptr_t va, phys_addr_t size) { + if (debug_pagealloc_enabled()) + return PAGE_SIZE; + if (pgtable_l5_enabled && !(pa & (P4D_SIZE - 1)) && !(va & (P4D_SIZE - 1)) && size >= P4D_SIZE) return P4D_SIZE; -- 2.39.2

11 months, 2 weeks

2
1
0 0

[PATCH V2 net] net: mana: Fix the extra HZ in mana_hwc_send_request

by Souradeep Chakrabarti

Commit 62c1bff593b7 added an extra HZ along with msecs_to_jiffies. This patch fixes that. Cc: stable(a)vger.kernel.org Fixes: 62c1bff593b7 ("net: mana: Configure hwc timeout from hardware") Signed-off-by: Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> Reviewed-by: Brett Creeley <brett.creeley(a)amd.com> Reviewed-by: Dexuan Cui <decui(a)microsoft.com> --- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/microsoft/mana/hw_channel.c b/drivers/net/ethernet/microsoft/mana/hw_channel.c index 2729a2c5acf9..ca814fe8a775 100644 --- a/drivers/net/ethernet/microsoft/mana/hw_channel.c +++ b/drivers/net/ethernet/microsoft/mana/hw_channel.c @@ -848,7 +848,7 @@ int mana_hwc_send_request(struct hw_channel_context *hwc, u32 req_len, } if (!wait_for_completion_timeout(&ctx->comp_event, - (msecs_to_jiffies(hwc->hwc_timeout) * HZ))) { + (msecs_to_jiffies(hwc->hwc_timeout)))) { dev_err(hwc->dev, "HWC: Request timed out!\n"); err = -ETIMEDOUT; goto out; -- 2.34.1

11 months, 2 weeks

2
1
0 0

[PATCH v2 0/4] LoongArch: Bootloader interface fixes

by Jiaxun Yang

Hi all, This series fixed some issues on bootloader - kernel interface. The first two fixed booting with devicetree, the last two enhanced kernel's tolerance on different bootloader implementation. Please review. Thanks Signed-off-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> --- Changes in v2: - Enhance PATCH 3-4 based on off list discussions with Huacai & co. - Link to v1: https://lore.kernel.org/r/20240521-loongarch-booting-fixes-v1-0-659c201c037… --- Jiaxun Yang (4): LoongArch: Fix built-in DTB detection LoongArch: smp: Add all CPUs enabled by fdt to NUMA node 0 LoongArch: Fix entry point in image header LoongArch: Override higher address bits in JUMP_VIRT_ADDR arch/loongarch/include/asm/stackframe.h | 2 +- arch/loongarch/kernel/head.S | 2 +- arch/loongarch/kernel/setup.c | 6 ++++-- arch/loongarch/kernel/smp.c | 5 ++++- drivers/firmware/efi/libstub/loongarch.c | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) --- base-commit: 124cfbcd6d185d4f50be02d5f5afe61578916773 change-id: 20240521-loongarch-booting-fixes-366e13e7ca55 Best regards, -- Jiaxun Yang <jiaxun.yang(a)flygoat.com>

11 months, 2 weeks

2
7
0 0

[PATCH v2] crypto: arm64: use simd_skcipher_create() when registering aes internal algs

by Liam Kearney

The arm64 crypto drivers duplicate driver names when adding simd variants, which after backported commit 27016f75f5ed ("crypto: api - Disallow identical driver names"), causes an error that leads to the aes algs not being installed. On weaker processors this results in hangs due to falling back to SW crypto. Use simd_skcipher_create() as it will properly namespace the new algs. This issue does not exist in mainline/latest (and stable v6.1+) as the driver has been refactored to remove the simd algs from this code path. Fixes: 27016f75f5ed ("crypto: api - Disallow identical driver names") Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: stable(a)vger.kernel.org Signed-off-by: Liam Kearney <liam.kearney(a)canonical.com> --- v2: - No changes --- arch/arm64/crypto/aes-glue.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/arm64/crypto/aes-glue.c b/arch/arm64/crypto/aes-glue.c index aa13344a3a5e..af862e52a36b 100644 --- a/arch/arm64/crypto/aes-glue.c +++ b/arch/arm64/crypto/aes-glue.c @@ -1028,7 +1028,6 @@ static int __init aes_init(void) struct simd_skcipher_alg *simd; const char *basename; const char *algname; - const char *drvname; int err; int i; @@ -1045,9 +1044,8 @@ static int __init aes_init(void) continue; algname = aes_algs[i].base.cra_name + 2; - drvname = aes_algs[i].base.cra_driver_name + 2; basename = aes_algs[i].base.cra_driver_name; - simd = simd_skcipher_create_compat(algname, drvname, basename); + simd = simd_skcipher_create(algname, basename); err = PTR_ERR(simd); if (IS_ERR(simd)) goto unregister_simds; -- 2.40.1

11 months, 2 weeks

2
2
0 0

+ nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: fix potential hang in nilfs_detach_log_writer() has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix potential hang in nilfs_detach_log_writer() Date: Mon, 20 May 2024 22:26:21 +0900 Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount. Analysis revealed that this is because nilfs_segctor_sync(), which synchronizes with the log writer thread, can be called after nilfs_segctor_destroy() terminates that thread, as shown in the call trace below: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --> Shut down log writer thread flush_work nilfs_iput_work_func nilfs_dispose_list iput nilfs_evict_inode nilfs_transaction_commit nilfs_construct_segment (if inode needs sync) nilfs_segctor_sync --> Attempt to synchronize with log writer thread *** DEADLOCK *** Fix this issue by changing nilfs_segctor_sync() so that the log writer thread returns normally without synchronizing after it terminates, and by forcing tasks that are already waiting to complete once after the thread terminates. The skipped inode metadata flushout will then be processed together in the subsequent cleanup work in nilfs_segctor_destroy(). Link: https://lkml.kernel.org/r/20240520132621.4054-4-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+e3973c409251e136fdd0(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=e3973c409251e136fdd0 Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Cc: "Bai, Shuangpeng" <sjb7183(a)psu.edu> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/segment.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) --- a/fs/nilfs2/segment.c~nilfs2-fix-potential-hang-in-nilfs_detach_log_writer +++ a/fs/nilfs2/segment.c @@ -2190,6 +2190,14 @@ static int nilfs_segctor_sync(struct nil for (;;) { set_current_state(TASK_INTERRUPTIBLE); + /* + * Synchronize only while the log writer thread is alive. + * Leave flushing out after the log writer thread exits to + * the cleanup work in nilfs_segctor_destroy(). + */ + if (!sci->sc_task) + break; + if (atomic_read(&wait_req.done)) { err = wait_req.err; break; @@ -2205,7 +2213,7 @@ static int nilfs_segctor_sync(struct nil return err; } -static void nilfs_segctor_wakeup(struct nilfs_sc_info *sci, int err) +static void nilfs_segctor_wakeup(struct nilfs_sc_info *sci, int err, bool force) { struct nilfs_segctor_wait_request *wrq, *n; unsigned long flags; @@ -2213,7 +2221,7 @@ static void nilfs_segctor_wakeup(struct spin_lock_irqsave(&sci->sc_wait_request.lock, flags); list_for_each_entry_safe(wrq, n, &sci->sc_wait_request.head, wq.entry) { if (!atomic_read(&wrq->done) && - nilfs_cnt32_ge(sci->sc_seq_done, wrq->seq)) { + (force || nilfs_cnt32_ge(sci->sc_seq_done, wrq->seq))) { wrq->err = err; atomic_set(&wrq->done, 1); } @@ -2362,7 +2370,7 @@ static void nilfs_segctor_notify(struct if (mode == SC_LSEG_SR) { sci->sc_state &= ~NILFS_SEGCTOR_COMMIT; sci->sc_seq_done = sci->sc_seq_accepted; - nilfs_segctor_wakeup(sci, err); + nilfs_segctor_wakeup(sci, err, false); sci->sc_flush_request = 0; } else { if (mode == SC_FLUSH_FILE) @@ -2746,6 +2754,13 @@ static void nilfs_segctor_destroy(struct || sci->sc_seq_request != sci->sc_seq_done); spin_unlock(&sci->sc_state_lock); + /* + * Forcibly wake up tasks waiting in nilfs_segctor_sync(), which can + * be called from delayed iput() via nilfs_evict_inode() and can race + * with the above log writer thread termination. + */ + nilfs_segctor_wakeup(sci, 0, true); + if (flush_work(&sci->sc_iput_work)) flag = true; _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch

11 months, 2 weeks

1
0
0 0

+ nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: fix unexpected freezing of nilfs_segctor_sync() has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix unexpected freezing of nilfs_segctor_sync() Date: Mon, 20 May 2024 22:26:20 +0900 A potential and reproducible race issue has been identified where nilfs_segctor_sync() would block even after the log writer thread writes a checkpoint, unless there is an interrupt or other trigger to resume log writing. This turned out to be because, depending on the execution timing of the log writer thread running in parallel, the log writer thread may skip responding to nilfs_segctor_sync(), which causes a call to schedule() waiting for completion within nilfs_segctor_sync() to lose the opportunity to wake up. The reason why waking up the task waiting in nilfs_segctor_sync() may be skipped is that updating the request generation issued using a shared sequence counter and adding an wait queue entry to the request wait queue to the log writer, are not done atomically. There is a possibility that log writing and request completion notification by nilfs_segctor_wakeup() may occur between the two operations, and in that case, the wait queue entry is not yet visible to nilfs_segctor_wakeup() and the wake-up of nilfs_segctor_sync() will be carried over until the next request occurs. Fix this issue by performing these two operations simultaneously within the lock section of sc_state_lock. Also, following the memory barrier guidelines for event waiting loops, move the call to set_current_state() in the same location into the event waiting loop to ensure that a memory barrier is inserted just before the event condition determination. Link: https://lkml.kernel.org/r/20240520132621.4054-3-konishi.ryusuke@gmail.com Fixes: 9ff05123e3bf ("nilfs2: segment constructor") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Cc: "Bai, Shuangpeng" <sjb7183(a)psu.edu> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/segment.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) --- a/fs/nilfs2/segment.c~nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync +++ a/fs/nilfs2/segment.c @@ -2168,19 +2168,28 @@ static int nilfs_segctor_sync(struct nil struct nilfs_segctor_wait_request wait_req; int err = 0; - spin_lock(&sci->sc_state_lock); init_wait(&wait_req.wq); wait_req.err = 0; atomic_set(&wait_req.done, 0); + init_waitqueue_entry(&wait_req.wq, current); + + /* + * To prevent a race issue where completion notifications from the + * log writer thread are missed, increment the request sequence count + * "sc_seq_request" and insert a wait queue entry using the current + * sequence number into the "sc_wait_request" queue at the same time + * within the lock section of "sc_state_lock". + */ + spin_lock(&sci->sc_state_lock); wait_req.seq = ++sci->sc_seq_request; + add_wait_queue(&sci->sc_wait_request, &wait_req.wq); spin_unlock(&sci->sc_state_lock); - init_waitqueue_entry(&wait_req.wq, current); - add_wait_queue(&sci->sc_wait_request, &wait_req.wq); - set_current_state(TASK_INTERRUPTIBLE); wake_up(&sci->sc_wait_daemon); for (;;) { + set_current_state(TASK_INTERRUPTIBLE); + if (atomic_read(&wait_req.done)) { err = wait_req.err; break; _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch

11 months, 2 weeks

1
0
0 0

+ nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: fix use-after-free of timer for log writer thread has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix use-after-free of timer for log writer thread Date: Mon, 20 May 2024 22:26:19 +0900 Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported regarding the timer sc_timer on the nilfs_sc_info structure. The problem is that even though it is used to wake up a sleeping log writer thread, sc_timer is not shut down until the nilfs_sc_info structure is about to be freed, and is used regardless of the thread's lifetime. Fix this issue by limiting the use of sc_timer only while the log writer thread is alive. Link: https://lkml.kernel.org/r/20240520132621.4054-1-konishi.ryusuke@gmail.com Link: https://lkml.kernel.org/r/20240520132621.4054-2-konishi.ryusuke@gmail.com Fixes: fdce895ea5dd ("nilfs2: change sc_timer from a pointer to an embedded one in struct nilfs_sc_info") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: "Bai, Shuangpeng" <sjb7183(a)psu.edu> Closes: https://groups.google.com/g/syzkaller/c/MK_LYqtt8ko/m/8rgdWeseAwAJ Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/segment.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) --- a/fs/nilfs2/segment.c~nilfs2-fix-use-after-free-of-timer-for-log-writer-thread +++ a/fs/nilfs2/segment.c @@ -2118,8 +2118,10 @@ static void nilfs_segctor_start_timer(st { spin_lock(&sci->sc_state_lock); if (!(sci->sc_state & NILFS_SEGCTOR_COMMIT)) { - sci->sc_timer.expires = jiffies + sci->sc_interval; - add_timer(&sci->sc_timer); + if (sci->sc_task) { + sci->sc_timer.expires = jiffies + sci->sc_interval; + add_timer(&sci->sc_timer); + } sci->sc_state |= NILFS_SEGCTOR_COMMIT; } spin_unlock(&sci->sc_state_lock); @@ -2320,10 +2322,21 @@ int nilfs_construct_dsync_segment(struct */ static void nilfs_segctor_accept(struct nilfs_sc_info *sci) { + bool thread_is_alive; + spin_lock(&sci->sc_state_lock); sci->sc_seq_accepted = sci->sc_seq_request; + thread_is_alive = (bool)sci->sc_task; spin_unlock(&sci->sc_state_lock); - del_timer_sync(&sci->sc_timer); + + /* + * This function does not race with the log writer thread's + * termination. Therefore, deleting sc_timer, which should not be + * done after the log writer thread exits, can be done safely outside + * the area protected by sc_state_lock. + */ + if (thread_is_alive) + del_timer_sync(&sci->sc_timer); } /** @@ -2349,7 +2362,7 @@ static void nilfs_segctor_notify(struct sci->sc_flush_request &= ~FLUSH_DAT_BIT; /* re-enable timer if checkpoint creation was not done */ - if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && + if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && sci->sc_task && time_before(jiffies, sci->sc_timer.expires)) add_timer(&sci->sc_timer); } @@ -2539,6 +2552,7 @@ static int nilfs_segctor_thread(void *ar int timeout = 0; sci->sc_timer_task = current; + timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); /* start sync. */ sci->sc_task = current; @@ -2606,6 +2620,7 @@ static int nilfs_segctor_thread(void *ar end_thread: /* end sync. */ sci->sc_task = NULL; + timer_shutdown_sync(&sci->sc_timer); wake_up(&sci->sc_wait_task); /* for nilfs_segctor_kill_thread() */ spin_unlock(&sci->sc_state_lock); return 0; @@ -2669,7 +2684,6 @@ static struct nilfs_sc_info *nilfs_segct INIT_LIST_HEAD(&sci->sc_gc_inodes); INIT_LIST_HEAD(&sci->sc_iput_queue); INIT_WORK(&sci->sc_iput_work, nilfs_iput_work_func); - timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); sci->sc_interval = HZ * NILFS_SC_DEFAULT_TIMEOUT; sci->sc_mjcp_freq = HZ * NILFS_SC_DEFAULT_SR_FREQ; @@ -2748,7 +2762,6 @@ static void nilfs_segctor_destroy(struct down_write(&nilfs->ns_segctor_sem); - timer_shutdown_sync(&sci->sc_timer); kfree(sci); } _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch

11 months, 2 weeks

1
0
0 0

+ selftests-mm-fix-build-warnings-on-ppc64.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix build warnings on ppc64 has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-build-warnings-on-ppc64.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Michael Ellerman <mpe(a)ellerman.id.au> Subject: selftests/mm: fix build warnings on ppc64 Date: Tue, 21 May 2024 13:02:19 +1000 Fix warnings like: In file included from uffd-unit-tests.c:8: uffd-unit-tests.c: In function `uffd_poison_handle_fault': uffd-common.h:45:33: warning: format `%llu' expects argument of type `long long unsigned int', but argument 3 has type `__u64' {aka `long unsigned int'} [-Wformat=] By switching to unsigned long long for u64 for ppc64 builds. Link: https://lkml.kernel.org/r/20240521030219.57439-1-mpe@ellerman.id.au Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Shuah Khan <skhan(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/gup_test.c | 1 + tools/testing/selftests/mm/uffd-common.h | 1 + 2 files changed, 2 insertions(+) --- a/tools/testing/selftests/mm/gup_test.c~selftests-mm-fix-build-warnings-on-ppc64 +++ a/tools/testing/selftests/mm/gup_test.c @@ -1,3 +1,4 @@ +#define __SANE_USERSPACE_TYPES__ // Use ll64 #include <fcntl.h> #include <errno.h> #include <stdio.h> --- a/tools/testing/selftests/mm/uffd-common.h~selftests-mm-fix-build-warnings-on-ppc64 +++ a/tools/testing/selftests/mm/uffd-common.h @@ -8,6 +8,7 @@ #define __UFFD_COMMON_H__ #define _GNU_SOURCE +#define __SANE_USERSPACE_TYPES__ // Use ll64 #include <stdio.h> #include <errno.h> #include <unistd.h> _ Patches currently in -mm which might be from mpe(a)ellerman.id.au are selftests-mm-fix-build-warnings-on-ppc64.patch

11 months, 2 weeks

1
0
0 0

+ selftests-mm-compaction_test-fix-bogus-test-success-and-reduce-probability-of-oom-killer-invocation.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: compaction_test: fix bogus test success and reduce probability of OOM-killer invocation has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-compaction_test-fix-bogus-test-success-and-reduce-probability-of-oom-killer-invocation.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Dev Jain <dev.jain(a)arm.com> Subject: selftests/mm: compaction_test: fix bogus test success and reduce probability of OOM-killer invocation Date: Tue, 21 May 2024 13:13:58 +0530 Reset nr_hugepages to zero before the start of the test. If a non-zero number of hugepages is already set before the start of the test, the following problems arise: - The probability of the test getting OOM-killed increases. Proof: The test wants to run on 80% of available memory to prevent OOM-killing (see original code comments). Let the value of mem_free at the start of the test, when nr_hugepages = 0, be x. In the other case, when nr_hugepages > 0, let the memory consumed by hugepages be y. In the former case, the test operates on 0.8 * x of memory. In the latter, the test operates on 0.8 * (x - y) of memory, with y already filled, hence, memory consumed is y + 0.8 * (x - y) = 0.8 * x + 0.2 * y > 0.8 * x. Q.E.D - The probability of a bogus test success increases. Proof: Let the memory consumed by hugepages be greater than 25% of x, with x and y defined as above. The definition of compaction_index is c_index = (x - y)/z where z is the memory consumed by hugepages after trying to increase them again. In check_compaction(), we set the number of hugepages to zero, and then increase them back; the probability that they will be set back to consume at least y amount of memory again is very high (since there is not much delay between the two attempts of changing nr_hugepages). Hence, z >= y > (x/4) (by the 25% assumption). Therefore, c_index = (x - y)/z <= (x - y)/y = x/y - 1 < 4 - 1 = 3 hence, c_index can always be forced to be less than 3, thereby the test succeeding always. Q.E.D Link: https://lkml.kernel.org/r/20240521074358.675031-4-dev.jain@arm.com Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Signed-off-by: Dev Jain <dev.jain(a)arm.com> Cc: <stable(a)vger.kernel.org> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Sri Jayaramappa <sjayaram(a)akamai.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/compaction_test.c | 71 +++++++++++------ 1 file changed, 49 insertions(+), 22 deletions(-) --- a/tools/testing/selftests/mm/compaction_test.c~selftests-mm-compaction_test-fix-bogus-test-success-and-reduce-probability-of-oom-killer-invocation +++ a/tools/testing/selftests/mm/compaction_test.c @@ -82,13 +82,16 @@ int prereq(void) return -1; } -int check_compaction(unsigned long mem_free, unsigned long hugepage_size) +int check_compaction(unsigned long mem_free, unsigned long hugepage_size, + unsigned long initial_nr_hugepages) { unsigned long nr_hugepages_ul; int fd, ret = -1; int compaction_index = 0; - char initial_nr_hugepages[20] = {0}; char nr_hugepages[20] = {0}; + char init_nr_hugepages[20] = {0}; + + sprintf(init_nr_hugepages, "%lu", initial_nr_hugepages); /* We want to test with 80% of available memory. Else, OOM killer comes in to play */ @@ -102,23 +105,6 @@ int check_compaction(unsigned long mem_f goto out; } - if (read(fd, initial_nr_hugepages, sizeof(initial_nr_hugepages)) <= 0) { - ksft_print_msg("Failed to read from /proc/sys/vm/nr_hugepages: %s\n", - strerror(errno)); - goto close_fd; - } - - lseek(fd, 0, SEEK_SET); - - /* Start with the initial condition of 0 huge pages*/ - if (write(fd, "0", sizeof(char)) != sizeof(char)) { - ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", - strerror(errno)); - goto close_fd; - } - - lseek(fd, 0, SEEK_SET); - /* Request a large number of huge pages. The Kernel will allocate as much as it can */ if (write(fd, "100000", (6*sizeof(char))) != (6*sizeof(char))) { @@ -146,8 +132,8 @@ int check_compaction(unsigned long mem_f lseek(fd, 0, SEEK_SET); - if (write(fd, initial_nr_hugepages, strlen(initial_nr_hugepages)) - != strlen(initial_nr_hugepages)) { + if (write(fd, init_nr_hugepages, strlen(init_nr_hugepages)) + != strlen(init_nr_hugepages)) { ksft_print_msg("Failed to write value to /proc/sys/vm/nr_hugepages: %s\n", strerror(errno)); goto close_fd; @@ -171,6 +157,41 @@ int check_compaction(unsigned long mem_f return ret; } +int set_zero_hugepages(unsigned long *initial_nr_hugepages) +{ + int fd, ret = -1; + char nr_hugepages[20] = {0}; + + fd = open("/proc/sys/vm/nr_hugepages", O_RDWR | O_NONBLOCK); + if (fd < 0) { + ksft_print_msg("Failed to open /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto out; + } + if (read(fd, nr_hugepages, sizeof(nr_hugepages)) <= 0) { + ksft_print_msg("Failed to read from /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto close_fd; + } + + lseek(fd, 0, SEEK_SET); + + /* Start with the initial condition of 0 huge pages */ + if (write(fd, "0", sizeof(char)) != sizeof(char)) { + ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto close_fd; + } + + *initial_nr_hugepages = strtoul(nr_hugepages, NULL, 10); + ret = 0; + + close_fd: + close(fd); + + out: + return ret; +} int main(int argc, char **argv) { @@ -181,6 +202,7 @@ int main(int argc, char **argv) unsigned long mem_free = 0; unsigned long hugepage_size = 0; long mem_fragmentable_MB = 0; + unsigned long initial_nr_hugepages; ksft_print_header(); @@ -189,6 +211,10 @@ int main(int argc, char **argv) ksft_set_plan(1); + /* Start the test without hugepages reducing mem_free */ + if (set_zero_hugepages(&initial_nr_hugepages)) + ksft_exit_fail(); + lim.rlim_cur = RLIM_INFINITY; lim.rlim_max = RLIM_INFINITY; if (setrlimit(RLIMIT_MEMLOCK, &lim)) @@ -232,7 +258,8 @@ int main(int argc, char **argv) entry = entry->next; } - if (check_compaction(mem_free, hugepage_size) == 0) + if (check_compaction(mem_free, hugepage_size, + initial_nr_hugepages) == 0) ksft_exit_pass(); ksft_exit_fail(); _ Patches currently in -mm which might be from dev.jain(a)arm.com are selftests-mm-compaction_test-fix-bogus-test-success-on-aarch64.patch selftests-mm-compaction_test-fix-incorrect-write-of-zero-to-nr_hugepages.patch selftests-mm-compaction_test-fix-bogus-test-success-and-reduce-probability-of-oom-killer-invocation.patch

11 months, 2 weeks

1
0
0 0

+ selftests-mm-compaction_test-fix-incorrect-write-of-zero-to-nr_hugepages.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-compaction_test-fix-incorrect-write-of-zero-to-nr_hugepages.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Dev Jain <dev.jain(a)arm.com> Subject: selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Date: Tue, 21 May 2024 13:13:57 +0530 Currently, the test tries to set nr_hugepages to zero, but that is not actually done because the file offset is not reset after read(). Fix that using lseek(). Link: https://lkml.kernel.org/r/20240521074358.675031-3-dev.jain@arm.com Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Signed-off-by: Dev Jain <dev.jain(a)arm.com> Cc: <stable(a)vger.kernel.org> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Sri Jayaramappa <sjayaram(a)akamai.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/compaction_test.c | 2 ++ 1 file changed, 2 insertions(+) --- a/tools/testing/selftests/mm/compaction_test.c~selftests-mm-compaction_test-fix-incorrect-write-of-zero-to-nr_hugepages +++ a/tools/testing/selftests/mm/compaction_test.c @@ -108,6 +108,8 @@ int check_compaction(unsigned long mem_f goto close_fd; } + lseek(fd, 0, SEEK_SET); + /* Start with the initial condition of 0 huge pages*/ if (write(fd, "0", sizeof(char)) != sizeof(char)) { ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", _ Patches currently in -mm which might be from dev.jain(a)arm.com are selftests-mm-compaction_test-fix-bogus-test-success-on-aarch64.patch selftests-mm-compaction_test-fix-incorrect-write-of-zero-to-nr_hugepages.patch selftests-mm-compaction_test-fix-bogus-test-success-and-reduce-probability-of-oom-killer-invocation.patch

11 months, 2 weeks

1
0
0 0

+ selftests-mm-compaction_test-fix-bogus-test-success-on-aarch64.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: compaction_test: fix bogus test success on Aarch64 has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-compaction_test-fix-bogus-test-success-on-aarch64.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Dev Jain <dev.jain(a)arm.com> Subject: selftests/mm: compaction_test: fix bogus test success on Aarch64 Date: Tue, 21 May 2024 13:13:56 +0530 Patch series "Fixes for compaction_test", v2. The compaction_test memory selftest introduces fragmentation in memory and then tries to allocate as many hugepages as possible. This series addresses some problems. On Aarch64, if nr_hugepages == 0, then the test trivially succeeds since compaction_index becomes 0, which is less than 3, due to no division by zero exception being raised. We fix that by checking for division by zero. Secondly, correctly set the number of hugepages to zero before trying to set a large number of them. Now, consider a situation in which, at the start of the test, a non-zero number of hugepages have been already set (while running the entire selftests/mm suite, or manually by the admin). The test operates on 80% of memory to avoid OOM-killer invocation, and because some memory is already blocked by hugepages, it would increase the chance of OOM-killing. Also, since mem_free used in check_compaction() is the value before we set nr_hugepages to zero, the chance that the compaction_index will be small is very high if the preset nr_hugepages was high, leading to a bogus test success. This patch (of 3): Currently, if at runtime we are not able to allocate a huge page, the test will trivially pass on Aarch64 due to no exception being raised on division by zero while computing compaction_index. Fix that by checking for nr_hugepages == 0. Anyways, in general, avoid a division by zero by exiting the program beforehand. While at it, fix a typo, and handle the case where the number of hugepages may overflow an integer. Link: https://lkml.kernel.org/r/20240521074358.675031-1-dev.jain@arm.com Link: https://lkml.kernel.org/r/20240521074358.675031-2-dev.jain@arm.com Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Signed-off-by: Dev Jain <dev.jain(a)arm.com> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Sri Jayaramappa <sjayaram(a)akamai.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/compaction_test.c | 20 +++++++++++------ 1 file changed, 13 insertions(+), 7 deletions(-) --- a/tools/testing/selftests/mm/compaction_test.c~selftests-mm-compaction_test-fix-bogus-test-success-on-aarch64 +++ a/tools/testing/selftests/mm/compaction_test.c @@ -82,12 +82,13 @@ int prereq(void) return -1; } -int check_compaction(unsigned long mem_free, unsigned int hugepage_size) +int check_compaction(unsigned long mem_free, unsigned long hugepage_size) { + unsigned long nr_hugepages_ul; int fd, ret = -1; int compaction_index = 0; - char initial_nr_hugepages[10] = {0}; - char nr_hugepages[10] = {0}; + char initial_nr_hugepages[20] = {0}; + char nr_hugepages[20] = {0}; /* We want to test with 80% of available memory. Else, OOM killer comes in to play */ @@ -134,7 +135,12 @@ int check_compaction(unsigned long mem_f /* We should have been able to request at least 1/3 rd of the memory in huge pages */ - compaction_index = mem_free/(atoi(nr_hugepages) * hugepage_size); + nr_hugepages_ul = strtoul(nr_hugepages, NULL, 10); + if (!nr_hugepages_ul) { + ksft_print_msg("ERROR: No memory is available as huge pages\n"); + goto close_fd; + } + compaction_index = mem_free/(nr_hugepages_ul * hugepage_size); lseek(fd, 0, SEEK_SET); @@ -145,11 +151,11 @@ int check_compaction(unsigned long mem_f goto close_fd; } - ksft_print_msg("Number of huge pages allocated = %d\n", - atoi(nr_hugepages)); + ksft_print_msg("Number of huge pages allocated = %lu\n", + nr_hugepages_ul); if (compaction_index > 3) { - ksft_print_msg("ERROR: Less that 1/%d of memory is available\n" + ksft_print_msg("ERROR: Less than 1/%d of memory is available\n" "as huge pages\n", compaction_index); goto close_fd; } _ Patches currently in -mm which might be from dev.jain(a)arm.com are selftests-mm-compaction_test-fix-bogus-test-success-on-aarch64.patch selftests-mm-compaction_test-fix-incorrect-write-of-zero-to-nr_hugepages.patch selftests-mm-compaction_test-fix-bogus-test-success-and-reduce-probability-of-oom-killer-invocation.patch

11 months, 2 weeks

1
0
0 0

[PATCH] net: mdio: meson-gxl set 28th bit in eth_reg2

by Da Xue

This bit is necessary to enable packets on the interface. Without this bit set, ethernet behaves as if it is working but no activity occurs. The vendor SDK sets this bit along with the PHY_ID bits. u-boot will set this bit as well but if u-boot is not compiled with networking, the interface will not work. Fixes: 9a24e1ff4326 ("net: mdio: add amlogic gxl mdio mux support"); Signed-off-by: Da Xue <da(a)libre.computer> --- drivers/net/mdio/mdio-mux-meson-gxl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/mdio/mdio-mux-meson-gxl.c b/drivers/net/mdio/mdio-mux-meson-gxl.c index 89554021b5cc..b2bd57f54034 100644 --- a/drivers/net/mdio/mdio-mux-meson-gxl.c +++ b/drivers/net/mdio/mdio-mux-meson-gxl.c @@ -17,6 +17,7 @@ #define REG2_LEDACT GENMASK(23, 22) #define REG2_LEDLINK GENMASK(25, 24) #define REG2_DIV4SEL BIT(27) +#define REG2_RESERVED_28 BIT(28) #define REG2_ADCBYPASS BIT(30) #define REG2_CLKINSEL BIT(31) #define ETH_REG3 0x4 @@ -65,7 +66,7 @@ static void gxl_enable_internal_mdio(struct gxl_mdio_mux *priv) * The only constraint is that it must match the one in * drivers/net/phy/meson-gxl.c to properly match the PHY. */ - writel(FIELD_PREP(REG2_PHYID, EPHY_GXL_ID), + writel(REG2_RESERVED_28 | FIELD_PREP(REG2_PHYID, EPHY_GXL_ID), priv->regs + ETH_REG2); /* Enable the internal phy */ -- 2.39.2

11 months, 2 weeks

4
4
0 0

[PATCH] drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2

by Wayne Lin

[Why] Commit: - commit 5aa1dfcdf0a4 ("drm/mst: Refactor the flow for payload allocation/removement") accidently overwrite the commit - commit 54d217406afe ("drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2") which cause regression. [How] Recover the original NULL fix and remove the unnecessary input parameter 'state' for drm_dp_add_payload_part2(). Fixes: 5aa1dfcdf0a4 ("drm/mst: Refactor the flow for payload allocation/removement") Reported-by: Leon Weiß <leon.weiss(a)ruhr-uni-bochum.de> Link: https://lore.kernel.org/r/38c253ea42072cc825dc969ac4e6b9b600371cc8.camel@ru… Cc: lyude(a)redhat.com Cc: imre.deak(a)intel.com Cc: stable(a)vger.kernel.org Cc: regressions(a)lists.linux.dev Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 2 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 +--- drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 +- drivers/gpu/drm/nouveau/dispnv50/disp.c | 2 +- include/drm/display/drm_dp_mst_helper.h | 1 - 5 files changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c index c27063305a13..2c36f3d00ca2 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c @@ -363,7 +363,7 @@ void dm_helpers_dp_mst_send_payload_allocation( mst_state = to_drm_dp_mst_topology_state(mst_mgr->base.state); new_payload = drm_atomic_get_mst_payload_state(mst_state, aconnector->mst_output_port); - ret = drm_dp_add_payload_part2(mst_mgr, mst_state->base.state, new_payload); + ret = drm_dp_add_payload_part2(mst_mgr, new_payload); if (ret) { amdgpu_dm_set_mst_status(&aconnector->mst_status, diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c index 03d528209426..95fd18f24e94 100644 --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c @@ -3421,7 +3421,6 @@ EXPORT_SYMBOL(drm_dp_remove_payload_part2); /** * drm_dp_add_payload_part2() - Execute payload update part 2 * @mgr: Manager to use. - * @state: The global atomic state * @payload: The payload to update * * If @payload was successfully assigned a starting time slot by drm_dp_add_payload_part1(), this @@ -3430,14 +3429,13 @@ EXPORT_SYMBOL(drm_dp_remove_payload_part2); * Returns: 0 on success, negative error code on failure. */ int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr, - struct drm_atomic_state *state, struct drm_dp_mst_atomic_payload *payload) { int ret = 0; /* Skip failed payloads */ if (payload->payload_allocation_status != DRM_DP_MST_PAYLOAD_ALLOCATION_DFP) { - drm_dbg_kms(state->dev, "Part 1 of payload creation for %s failed, skipping part 2\n", + drm_dbg_kms(mgr->dev, "Part 1 of payload creation for %s failed, skipping part 2\n", payload->port->connector->name); return -EIO; } diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index 53aec023ce92..2fba66aec038 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -1160,7 +1160,7 @@ static void intel_mst_enable_dp(struct intel_atomic_state *state, if (first_mst_stream) intel_ddi_wait_for_fec_status(encoder, pipe_config, true); - drm_dp_add_payload_part2(&intel_dp->mst_mgr, &state->base, + drm_dp_add_payload_part2(&intel_dp->mst_mgr, drm_atomic_get_mst_payload_state(mst_state, connector->port)); if (DISPLAY_VER(dev_priv) >= 12) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 0c3d88ad0b0e..88728a0b2c25 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -915,7 +915,7 @@ nv50_msto_cleanup(struct drm_atomic_state *state, msto->disabled = false; drm_dp_remove_payload_part2(mgr, new_mst_state, old_payload, new_payload); } else if (msto->enabled) { - drm_dp_add_payload_part2(mgr, state, new_payload); + drm_dp_add_payload_part2(mgr, new_payload); msto->enabled = false; } } diff --git a/include/drm/display/drm_dp_mst_helper.h b/include/drm/display/drm_dp_mst_helper.h index 9b19d8bd520a..6c9145abc7e2 100644 --- a/include/drm/display/drm_dp_mst_helper.h +++ b/include/drm/display/drm_dp_mst_helper.h @@ -851,7 +851,6 @@ int drm_dp_add_payload_part1(struct drm_dp_mst_topology_mgr *mgr, struct drm_dp_mst_topology_state *mst_state, struct drm_dp_mst_atomic_payload *payload); int drm_dp_add_payload_part2(struct drm_dp_mst_topology_mgr *mgr, - struct drm_atomic_state *state, struct drm_dp_mst_atomic_payload *payload); void drm_dp_remove_payload_part1(struct drm_dp_mst_topology_mgr *mgr, struct drm_dp_mst_topology_state *mst_state, -- 2.37.3

11 months, 2 weeks

8
10
0 0

[PATCH v2 bpf 1/5] bpf: fix multi-uprobe PID filtering logic

by Andrii Nakryiko

Current implementation of PID filtering logic for multi-uprobes in uprobe_prog_run() is filtering down to exact *thread*, while the intent for PID filtering it to filter by *process* instead. The check in uprobe_prog_run() also differs from the analogous one in uprobe_multi_link_filter() for some reason. The latter is correct, checking task->mm, not the task itself. Fix the check in uprobe_prog_run() to perform the same task->mm check. While doing this, we also update get_pid_task() use to use PIDTYPE_TGID type of lookup, given the intent is to get a representative task of an entire process. This doesn't change behavior, but seems more logical. It would hold task group leader task now, not any random thread task. Last but not least, given multi-uprobe support is half-broken due to this PID filtering logic (depending on whether PID filtering is important or not), we need to make it easy for user space consumers (including libbpf) to easily detect whether PID filtering logic was already fixed. We do it here by adding an early check on passed pid parameter. If it's negative (and so has no chance of being a valid PID), we return -EINVAL. Previous behavior would eventually return -ESRCH ("No process found"), given there can't be any process with negative PID. This subtle change won't make any practical change in behavior, but will allow applications to detect PID filtering fixes easily. Libbpf fixes take advantage of this in the next patch. Cc: stable(a)vger.kernel.org Acked-by: Jiri Olsa <jolsa(a)kernel.org> Fixes: b733eeade420 ("bpf: Add pid filter support for uprobe_multi link") Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> --- kernel/trace/bpf_trace.c | 8 ++++---- .../testing/selftests/bpf/prog_tests/uprobe_multi_test.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index f5154c051d2c..1baaeb9ca205 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -3295,7 +3295,7 @@ static int uprobe_prog_run(struct bpf_uprobe *uprobe, struct bpf_run_ctx *old_run_ctx; int err = 0; - if (link->task && current != link->task) + if (link->task && current->mm != link->task->mm) return 0; if (sleepable) @@ -3396,8 +3396,9 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr upath = u64_to_user_ptr(attr->link_create.uprobe_multi.path); uoffsets = u64_to_user_ptr(attr->link_create.uprobe_multi.offsets); cnt = attr->link_create.uprobe_multi.cnt; + pid = attr->link_create.uprobe_multi.pid; - if (!upath || !uoffsets || !cnt) + if (!upath || !uoffsets || !cnt || pid < 0) return -EINVAL; if (cnt > MAX_UPROBE_MULTI_CNT) return -E2BIG; @@ -3421,10 +3422,9 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr goto error_path_put; } - pid = attr->link_create.uprobe_multi.pid; if (pid) { rcu_read_lock(); - task = get_pid_task(find_vpid(pid), PIDTYPE_PID); + task = get_pid_task(find_vpid(pid), PIDTYPE_TGID); rcu_read_unlock(); if (!task) { err = -ESRCH; diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c index 8269cdee33ae..38fda42fd70f 100644 --- a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c +++ b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c @@ -397,7 +397,7 @@ static void test_attach_api_fails(void) link_fd = bpf_link_create(prog_fd, 0, BPF_TRACE_UPROBE_MULTI, &opts); if (!ASSERT_ERR(link_fd, "link_fd")) goto cleanup; - ASSERT_EQ(link_fd, -ESRCH, "pid_is_wrong"); + ASSERT_EQ(link_fd, -EINVAL, "pid_is_wrong"); cleanup: if (link_fd >= 0) -- 2.43.0

11 months, 2 weeks

1
0
0 0

Railway Interchange Expo

by Deanne Walton

Hi There, Would you be interested in acquiring an attendees list of Railway Interchange Expo? No. of Attendees: 8,500 Date : May 20th to 22nd Location: Indianapolis, USA List Contains - Attendee name, Job Title, Business Name, Web Address, Physical Address, Phone Number, Official Email address, etc., Interested? I will send you more details and cost. Regards, Deanne Walton |Demand Generation Executive

11 months, 2 weeks

1
0
0 0

[REGRESSION] ETXTBSY when running Yarn (Node) since af5d68f

by Andrew Udvare

#regzbot introduced: v6.8..v6.9-rc1 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… Since the above commit present in 6.9+, Node running a Yarn installation that executes a subprocess always shows the following: /test # yarn --offline install yarn install v1.22.22 warning package.json: "test" is also the name of a node core module warning test(a)1.0.0: "test" is also the name of a node core module [1/4] Resolving packages... [2/4] Fetching packages... [3/4] Linking dependencies... [4/4] Building fresh packages... error /test/node_modules/snyk: Command failed. Exit code: 126 Command: node wrapper_dist/bootstrap.js exec Arguments: Directory: /test/node_modules/snyk Output: /bin/sh: node: Text file busy The commit was found by bisection with a simple initramfs that just runs 'yarn --offline install' with a test project and cached Yarn packages. To reproduce: npm install -g yarn mkdir test cd test cat > package.json <<EOF { "name": "test", "version": "1.0.0", "main": "index.js", "license": "MIT", "dependencies": { "snyk": "^1.1291.0" } } EOF yarn install Modern Yarn will give the same result but with slightly different output. This also appears to affect node-gyp: https://github.com/nodejs/node/issues/53051 See also: https://bugs.gentoo.org/931942 -- Andrew

11 months, 2 weeks

1
0
0 0

[PATCH 6.1.y] net: tls: handle backlogging of crypto requests

by Srish Srinivasan

From: Jakub Kicinski <kuba(a)kernel.org> commit 8590541473188741055d27b955db0777569438e3 upstream Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0. Compared to Sabrina's original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical. Fixes: a54667f6728c ("tls: Add support for encryption using async offload accelerator") Fixes: 94524d8fc965 ("net/tls: Add support for async decryption of tls records") Co-developed-by: Sabrina Dubroca <sd(a)queasysnail.net> Signed-off-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://lore.kernel.org/netdev/9681d1febfec295449a62300938ed2ae66983f28.169… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Reviewed-by: Simon Horman <horms(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Srish: fixed merge-conflict in stable branch linux-6.1.y, needs to go on top of https://lore.kernel.org/stable/20240307155930.913525-1-lee@kernel.org/] Signed-off-by: Srish Srinivasan <srish.srinivasan(a)broadcom.com> --- net/tls/tls_sw.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 2bd27b777..61b01dfc6 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -195,6 +195,17 @@ static void tls_decrypt_done(crypto_completion_data_t *data, int err) struct sock *sk; int aead_size; + /* If requests get too backlogged crypto API returns -EBUSY and calls + * ->complete(-EINPROGRESS) immediately followed by ->complete(0) + * to make waiting for backlog to flush with crypto_wait_req() easier. + * First wait converts -EBUSY -> -EINPROGRESS, and the second one + * -EINPROGRESS -> 0. + * We have a single struct crypto_async_request per direction, this + * scheme doesn't help us, so just ignore the first ->complete(). + */ + if (err == -EINPROGRESS) + return; + aead_size = sizeof(*aead_req) + crypto_aead_reqsize(aead); aead_size = ALIGN(aead_size, __alignof__(*dctx)); dctx = (void *)((u8 *)aead_req + aead_size); @@ -268,6 +279,10 @@ static int tls_do_decryption(struct sock *sk, } ret = crypto_aead_decrypt(aead_req); + if (ret == -EBUSY) { + ret = tls_decrypt_async_wait(ctx); + ret = ret ?: -EINPROGRESS; + } if (ret == -EINPROGRESS) { if (darg->async) return 0; @@ -452,6 +467,9 @@ static void tls_encrypt_done(crypto_completion_data_t *data, int err) bool ready = false; struct sock *sk; + if (err == -EINPROGRESS) /* see the comment in tls_decrypt_done() */ + return; + rec = container_of(aead_req, struct tls_rec, aead_req); msg_en = &rec->msg_encrypted; @@ -560,6 +578,10 @@ static int tls_do_encryption(struct sock *sk, atomic_inc(&ctx->encrypt_pending); rc = crypto_aead_encrypt(aead_req); + if (rc == -EBUSY) { + rc = tls_encrypt_async_wait(ctx); + rc = rc ?: -EINPROGRESS; + } if (!rc || rc != -EINPROGRESS) { atomic_dec(&ctx->encrypt_pending); sge->offset -= prot->prepend_size; -- 2.34.1

11 months, 2 weeks

3
7
0 0

[PATCH] usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state

by Kyle Tso

Similar to what fixed in Commit a6fe37f428c1 ("usb: typec: tcpm: Skip hard reset when in error recovery"), the handling of the received Hard Reset has to be skipped during TOGGLING state. [ 4086.021288] VBUS off [ 4086.021295] pending state change SNK_READY -> SNK_UNATTACHED @ 650 ms [rev2 NONE_AMS] [ 4086.022113] VBUS VSAFE0V [ 4086.022117] state change SNK_READY -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.022447] VBUS off [ 4086.022450] state change SNK_UNATTACHED -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.023060] VBUS VSAFE0V [ 4086.023064] state change SNK_UNATTACHED -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.023070] disable BIST MODE TESTDATA [ 4086.023766] disable vbus discharge ret:0 [ 4086.023911] Setting usb_comm capable false [ 4086.028874] Setting voltage/current limit 0 mV 0 mA [ 4086.028888] polarity 0 [ 4086.030305] Requesting mux state 0, usb-role 0, orientation 0 [ 4086.033539] Start toggling [ 4086.038496] state change SNK_UNATTACHED -> TOGGLING [rev2 NONE_AMS] // This Hard Reset is unexpected [ 4086.038499] Received hard reset [ 4086.038501] state change TOGGLING -> HARD_RESET_START [rev2 HARD_RESET] Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 8a1af08f71b6..9c1cb8c11bd6 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -6172,6 +6172,7 @@ static void _tcpm_pd_hard_reset(struct tcpm_port *port) port->tcpc->set_bist_data(port->tcpc, false); switch (port->state) { + case TOGGLING: case ERROR_RECOVERY: case PORT_RESET: case PORT_RESET_WAIT_OFF: -- 2.45.0.rc1.225.g2a3ae87e7f-goog

11 months, 2 weeks

2
1
0 0

[PATCH v1] usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps

by Amit Sunil Dhamne

There could be a potential use-after-free case in tcpm_register_source_caps(). This could happen when: * new (say invalid) source caps are advertised * the existing source caps are unregistered * tcpm_register_source_caps() returns with an error as usb_power_delivery_register_capabilities() fails This causes port->partner_source_caps to hold on to the now freed source caps. Reset port->partner_source_caps value to NULL after unregistering existing source caps. Fixes: 230ecdf71a64 ("usb: typec: tcpm: unregister existing source caps before re-registration") Cc: stable(a)vger.kernel.org Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 8a1af08f71b6..be4127ef84e9 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -3014,8 +3014,10 @@ static int tcpm_register_source_caps(struct tcpm_port *port) memcpy(caps.pdo, port->source_caps, sizeof(u32) * port->nr_source_caps); caps.role = TYPEC_SOURCE; - if (cap) + if (cap) { usb_power_delivery_unregister_capabilities(cap); + port->partner_source_caps = NULL; + } cap = usb_power_delivery_register_capabilities(port->partner_pd, &caps); if (IS_ERR(cap)) base-commit: 51474ab44abf907023a8a875e799b07de461e466 -- 2.45.0.rc1.225.g2a3ae87e7f-goog

11 months, 2 weeks

4
3
0 0

[PATCH] btrfs: re-introduce 'norecovery' mount option

by Qu Wenruo

Although 'norecovery' mount option is marked deprecated for a long time and a warning message is introduced during the deprecation window, it's still actively utilized by several projects that need a safely way to mount a btrfs without any writes. Furthermore this 'norecovery' mount option is supported by most major filesystems, which makes it harder to validate our motivation. This patch would re-introduce the 'norecovery' mount option, and output a message to recommend 'rescue=nologreplay' option. Link: https://lore.kernel.org/linux-btrfs/ZkxZT0J-z0GYvfy8@gardel-login/#t Link: https://github.com/systemd/systemd/pull/32892 Link: https://bugzilla.suse.com/show_bug.cgi?id=1222429 Reported-by: Lennart Poettering <lennart(a)poettering.net> Reported-by: Jiri Slaby <jslaby(a)suse.com> Fixes: a1912f712188 ("btrfs: remove code for inode_cache and recovery mount options") Cc: stable(a)vger.kernel.org # 6.8+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/super.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 2dbc930a20f7..f05cce7c8b8d 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -119,6 +119,7 @@ enum { Opt_thread_pool, Opt_treelog, Opt_user_subvol_rm_allowed, + Opt_norecovery, /* Rescue options */ Opt_rescue, @@ -245,6 +246,8 @@ static const struct fs_parameter_spec btrfs_fs_parameters[] = { __fsparam(NULL, "nologreplay", Opt_nologreplay, fs_param_deprecated, NULL), /* Deprecated, with alias rescue=usebackuproot */ __fsparam(NULL, "usebackuproot", Opt_usebackuproot, fs_param_deprecated, NULL), + /* For compatibility only, alias for "rescue=nologreplay". */ + fsparam_flag("norecovery", Opt_norecovery), /* Debugging options. */ fsparam_flag_no("enospc_debug", Opt_enospc_debug), @@ -438,6 +441,11 @@ static int btrfs_parse_param(struct fs_context *fc, struct fs_parameter *param) "'nologreplay' is deprecated, use 'rescue=nologreplay' instead"); btrfs_set_opt(ctx->mount_opt, NOLOGREPLAY); break; + case Opt_norecovery: + btrfs_info(NULL, +"'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'"); + btrfs_set_opt(ctx->mount_opt, NOLOGREPLAY); + break; case Opt_flushoncommit: if (result.negated) btrfs_clear_opt(ctx->mount_opt, FLUSHONCOMMIT); -- 2.45.1

11 months, 2 weeks

4
4
0 0

[tip: x86/urgent] x86/topology: Handle bogus ACPI tables correctly

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 9d22c96316ac59ed38e80920c698fed38717b91b Gitweb: https://git.kernel.org/tip/9d22c96316ac59ed38e80920c698fed38717b91b Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Fri, 17 May 2024 16:40:36 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Tue, 21 May 2024 14:52:35 +02:00 x86/topology: Handle bogus ACPI tables correctly The ACPI specification clearly states how the processors should be enumerated in the MADT: "To ensure that the boot processor is supported post initialization, two guidelines should be followed. The first is that OSPM should initialize processors in the order that they appear in the MADT. The second is that platform firmware should list the boot processor as the first processor entry in the MADT. ... Failure of OSPM implementations and platform firmware to abide by these guidelines can result in both unpredictable and non optimal platform operation." The kernel relies on that ordering to detect the real BSP on crash kernels which is important to avoid sending a INIT IPI to it as that would cause a full machine reset. On a Dell XPS 16 9640 the BIOS ignores this rule and enumerates the CPUs in the wrong order. As a consequence the kernel falsely detects a crash kernel and disables the corresponding CPU. Prevent this by checking the IA32_APICBASE MSR for the BSP bit on the boot CPU. If that bit is set, then the MADT based BSP detection can be safely ignored. If the kernel detects a mismatch between the BSP bit and the first enumerated MADT entry then emit a firmware bug message. This obviously also has to be taken into account when the boot APIC ID and the first enumerated APIC ID match. If the boot CPU does not have the BSP bit set in the APICBASE MSR then there is no way for the boot CPU to determine which of the CPUs is the real BSP. Sending an INIT to the real BSP would reset the machine so the only sane way to deal with that is to limit the number of CPUs to one and emit a corresponding warning message. Fixes: 5c5682b9f87a ("x86/cpu: Detect real BSP on crash kernels") Reported-by: Carsten Tolkmit <ctolkmit(a)ennit.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Carsten Tolkmit <ctolkmit(a)ennit.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/87le48jycb.ffs@tglx Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218837 --- arch/x86/kernel/cpu/topology.c | 53 +++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/topology.c b/arch/x86/kernel/cpu/topology.c index d17c9b7..621a151 100644 --- a/arch/x86/kernel/cpu/topology.c +++ b/arch/x86/kernel/cpu/topology.c @@ -128,6 +128,9 @@ static void topo_set_cpuids(unsigned int cpu, u32 apic_id, u32 acpi_id) static __init bool check_for_real_bsp(u32 apic_id) { + bool is_bsp = false, has_apic_base = boot_cpu_data.x86 >= 6; + u64 msr; + /* * There is no real good way to detect whether this a kdump() * kernel, but except on the Voyager SMP monstrosity which is not @@ -144,17 +147,61 @@ static __init bool check_for_real_bsp(u32 apic_id) if (topo_info.real_bsp_apic_id != BAD_APICID) return false; + /* + * Check whether the enumeration order is broken by evaluating the + * BSP bit in the APICBASE MSR. If the CPU does not have the + * APICBASE MSR then the BSP detection is not possible and the + * kernel must rely on the firmware enumeration order. + */ + if (has_apic_base) { + rdmsrl(MSR_IA32_APICBASE, msr); + is_bsp = !!(msr & MSR_IA32_APICBASE_BSP); + } + if (apic_id == topo_info.boot_cpu_apic_id) { - topo_info.real_bsp_apic_id = apic_id; - return false; + /* + * If the boot CPU has the APIC BSP bit set then the + * firmware enumeration is agreeing. If the CPU does not + * have the APICBASE MSR then the only choice is to trust + * the enumeration order. + */ + if (is_bsp || !has_apic_base) { + topo_info.real_bsp_apic_id = apic_id; + return false; + } + /* + * If the boot APIC is enumerated first, but the APICBASE + * MSR does not have the BSP bit set, then there is no way + * to discover the real BSP here. Assume a crash kernel and + * limit the number of CPUs to 1 as an INIT to the real BSP + * would reset the machine. + */ + pr_warn("Enumerated BSP APIC %x is not marked in APICBASE MSR\n", apic_id); + pr_warn("Assuming crash kernel. Limiting to one CPU to prevent machine INIT\n"); + set_nr_cpu_ids(1); + goto fwbug; } - pr_warn("Boot CPU APIC ID not the first enumerated APIC ID: %x > %x\n", + pr_warn("Boot CPU APIC ID not the first enumerated APIC ID: %x != %x\n", topo_info.boot_cpu_apic_id, apic_id); + + if (is_bsp) { + /* + * The boot CPU has the APIC BSP bit set. Use it and complain + * about the broken firmware enumeration. + */ + topo_info.real_bsp_apic_id = topo_info.boot_cpu_apic_id; + goto fwbug; + } + pr_warn("Crash kernel detected. Disabling real BSP to prevent machine INIT\n"); topo_info.real_bsp_apic_id = apic_id; return true; + +fwbug: + pr_warn(FW_BUG "APIC enumeration order not specification compliant\n"); + return false; } static unsigned int topo_unit_count(u32 lvlid, enum x86_topology_domains at_level,

11 months, 2 weeks

1
0
0 0

[PATCH v2 3/3] selftests/mm: compaction_test: Fix bogus test success and reduce probability of OOM-killer invocation

by Dev Jain

Reset nr_hugepages to zero before the start of the test. If a non-zero number of hugepages is already set before the start of the test, the following problems arise: - The probability of the test getting OOM-killed increases. Proof: The test wants to run on 80% of available memory to prevent OOM-killing (see original code comments). Let the value of mem_free at the start of the test, when nr_hugepages = 0, be x. In the other case, when nr_hugepages > 0, let the memory consumed by hugepages be y. In the former case, the test operates on 0.8 * x of memory. In the latter, the test operates on 0.8 * (x - y) of memory, with y already filled, hence, memory consumed is y + 0.8 * (x - y) = 0.8 * x + 0.2 * y > 0.8 * x. Q.E.D - The probability of a bogus test success increases. Proof: Let the memory consumed by hugepages be greater than 25% of x, with x and y defined as above. The definition of compaction_index is c_index = (x - y)/z where z is the memory consumed by hugepages after trying to increase them again. In check_compaction(), we set the number of hugepages to zero, and then increase them back; the probability that they will be set back to consume at least y amount of memory again is very high (since there is not much delay between the two attempts of changing nr_hugepages). Hence, z >= y > (x/4) (by the 25% assumption). Therefore, c_index = (x - y)/z <= (x - y)/y = x/y - 1 < 4 - 1 = 3 hence, c_index can always be forced to be less than 3, thereby the test succeeding always. Q.E.D Changes in v2: - Handle unsigned long number of hugepages v1: - https://lore.kernel.org/all/20240515093633.54814-3-dev.jain@arm.com/ NOTE: This patch depends on the previous one. Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Cc: stable(a)vger.kernel.org Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- tools/testing/selftests/mm/compaction_test.c | 71 ++++++++++++++------ 1 file changed, 49 insertions(+), 22 deletions(-) diff --git a/tools/testing/selftests/mm/compaction_test.c b/tools/testing/selftests/mm/compaction_test.c index 5e9bd1da9370..e140558e6f53 100644 --- a/tools/testing/selftests/mm/compaction_test.c +++ b/tools/testing/selftests/mm/compaction_test.c @@ -82,13 +82,16 @@ int prereq(void) return -1; } -int check_compaction(unsigned long mem_free, unsigned long hugepage_size) +int check_compaction(unsigned long mem_free, unsigned long hugepage_size, + unsigned long initial_nr_hugepages) { unsigned long nr_hugepages_ul; int fd, ret = -1; int compaction_index = 0; - char initial_nr_hugepages[20] = {0}; char nr_hugepages[20] = {0}; + char init_nr_hugepages[20] = {0}; + + sprintf(init_nr_hugepages, "%lu", initial_nr_hugepages); /* We want to test with 80% of available memory. Else, OOM killer comes in to play */ @@ -102,23 +105,6 @@ int check_compaction(unsigned long mem_free, unsigned long hugepage_size) goto out; } - if (read(fd, initial_nr_hugepages, sizeof(initial_nr_hugepages)) <= 0) { - ksft_print_msg("Failed to read from /proc/sys/vm/nr_hugepages: %s\n", - strerror(errno)); - goto close_fd; - } - - lseek(fd, 0, SEEK_SET); - - /* Start with the initial condition of 0 huge pages*/ - if (write(fd, "0", sizeof(char)) != sizeof(char)) { - ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", - strerror(errno)); - goto close_fd; - } - - lseek(fd, 0, SEEK_SET); - /* Request a large number of huge pages. The Kernel will allocate as much as it can */ if (write(fd, "100000", (6*sizeof(char))) != (6*sizeof(char))) { @@ -146,8 +132,8 @@ int check_compaction(unsigned long mem_free, unsigned long hugepage_size) lseek(fd, 0, SEEK_SET); - if (write(fd, initial_nr_hugepages, strlen(initial_nr_hugepages)) - != strlen(initial_nr_hugepages)) { + if (write(fd, init_nr_hugepages, strlen(init_nr_hugepages)) + != strlen(init_nr_hugepages)) { ksft_print_msg("Failed to write value to /proc/sys/vm/nr_hugepages: %s\n", strerror(errno)); goto close_fd; @@ -171,6 +157,41 @@ int check_compaction(unsigned long mem_free, unsigned long hugepage_size) return ret; } +int set_zero_hugepages(unsigned long *initial_nr_hugepages) +{ + int fd, ret = -1; + char nr_hugepages[20] = {0}; + + fd = open("/proc/sys/vm/nr_hugepages", O_RDWR | O_NONBLOCK); + if (fd < 0) { + ksft_print_msg("Failed to open /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto out; + } + if (read(fd, nr_hugepages, sizeof(nr_hugepages)) <= 0) { + ksft_print_msg("Failed to read from /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto close_fd; + } + + lseek(fd, 0, SEEK_SET); + + /* Start with the initial condition of 0 huge pages */ + if (write(fd, "0", sizeof(char)) != sizeof(char)) { + ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto close_fd; + } + + *initial_nr_hugepages = strtoul(nr_hugepages, NULL, 10); + ret = 0; + + close_fd: + close(fd); + + out: + return ret; +} int main(int argc, char **argv) { @@ -181,6 +202,7 @@ int main(int argc, char **argv) unsigned long mem_free = 0; unsigned long hugepage_size = 0; long mem_fragmentable_MB = 0; + unsigned long initial_nr_hugepages; ksft_print_header(); @@ -189,6 +211,10 @@ int main(int argc, char **argv) ksft_set_plan(1); + /* Start the test without hugepages reducing mem_free */ + if (set_zero_hugepages(&initial_nr_hugepages)) + ksft_exit_fail(); + lim.rlim_cur = RLIM_INFINITY; lim.rlim_max = RLIM_INFINITY; if (setrlimit(RLIMIT_MEMLOCK, &lim)) @@ -232,7 +258,8 @@ int main(int argc, char **argv) entry = entry->next; } - if (check_compaction(mem_free, hugepage_size) == 0) + if (check_compaction(mem_free, hugepage_size, + initial_nr_hugepages) == 0) ksft_exit_pass(); ksft_exit_fail(); -- 2.34.1

11 months, 2 weeks

1
0
0 0

[PATCH v2 2/3] selftests/mm: compaction_test: Fix incorrect write of zero to nr_hugepages

by Dev Jain

Currently, the test tries to set nr_hugepages to zero, but that is not actually done because the file offset is not reset after read(). Fix that using lseek(). Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Cc: stable(a)vger.kernel.org Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- tools/testing/selftests/mm/compaction_test.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/mm/compaction_test.c b/tools/testing/selftests/mm/compaction_test.c index 0b249a06a60b..5e9bd1da9370 100644 --- a/tools/testing/selftests/mm/compaction_test.c +++ b/tools/testing/selftests/mm/compaction_test.c @@ -108,6 +108,8 @@ int check_compaction(unsigned long mem_free, unsigned long hugepage_size) goto close_fd; } + lseek(fd, 0, SEEK_SET); + /* Start with the initial condition of 0 huge pages*/ if (write(fd, "0", sizeof(char)) != sizeof(char)) { ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", -- 2.34.1

11 months, 2 weeks

1
0
0 0

[PATCH v2 1/3] selftests/mm: compaction_test: Fix bogus test success on Aarch64

by Dev Jain

Currently, if at runtime we are not able to allocate a huge page, the test will trivially pass on Aarch64 due to no exception being raised on division by zero while computing compaction_index. Fix that by checking for nr_hugepages == 0. Anyways, in general, avoid a division by zero by exiting the program beforehand. While at it, fix a typo, and handle the case where the number of hugepages may overflow an integer. Changes in v2: - Combine with this series, handle unsigned long number of hugepages v1: - https://lore.kernel.org/all/20240513082842.4117782-1-dev.jain@arm.com/ Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Cc: stable(a)vger.kernel.org Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- tools/testing/selftests/mm/compaction_test.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/mm/compaction_test.c b/tools/testing/selftests/mm/compaction_test.c index 4f42eb7d7636..0b249a06a60b 100644 --- a/tools/testing/selftests/mm/compaction_test.c +++ b/tools/testing/selftests/mm/compaction_test.c @@ -82,12 +82,13 @@ int prereq(void) return -1; } -int check_compaction(unsigned long mem_free, unsigned int hugepage_size) +int check_compaction(unsigned long mem_free, unsigned long hugepage_size) { + unsigned long nr_hugepages_ul; int fd, ret = -1; int compaction_index = 0; - char initial_nr_hugepages[10] = {0}; - char nr_hugepages[10] = {0}; + char initial_nr_hugepages[20] = {0}; + char nr_hugepages[20] = {0}; /* We want to test with 80% of available memory. Else, OOM killer comes in to play */ @@ -134,7 +135,12 @@ int check_compaction(unsigned long mem_free, unsigned int hugepage_size) /* We should have been able to request at least 1/3 rd of the memory in huge pages */ - compaction_index = mem_free/(atoi(nr_hugepages) * hugepage_size); + nr_hugepages_ul = strtoul(nr_hugepages, NULL, 10); + if (!nr_hugepages_ul) { + ksft_print_msg("ERROR: No memory is available as huge pages\n"); + goto close_fd; + } + compaction_index = mem_free/(nr_hugepages_ul * hugepage_size); lseek(fd, 0, SEEK_SET); @@ -145,11 +151,11 @@ int check_compaction(unsigned long mem_free, unsigned int hugepage_size) goto close_fd; } - ksft_print_msg("Number of huge pages allocated = %d\n", - atoi(nr_hugepages)); + ksft_print_msg("Number of huge pages allocated = %lu\n", + nr_hugepages_ul); if (compaction_index > 3) { - ksft_print_msg("ERROR: Less that 1/%d of memory is available\n" + ksft_print_msg("ERROR: Less than 1/%d of memory is available\n" "as huge pages\n", compaction_index); goto close_fd; } -- 2.34.1

11 months, 2 weeks

1
0
0 0

[PATCH 6.6.y 1/2] erofs: get rid of erofs_fs_context

by Gao Xiang

From: Baokun Li <libaokun1(a)huawei.com> commit 07abe43a28b2c660f726d66f5470f7f114f9643a upstream. Instead of allocating the erofs_sb_info in fill_super() allocate it during erofs_init_fs_context() and ensure that erofs can always have the info available during erofs_kill_sb(). After this erofs_fs_context is no longer needed, replace ctx with sbi, no functional changes. Suggested-by: Jingbo Xu <jefflexu(a)linux.alibaba.com> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jingbo Xu <jefflexu(a)linux.alibaba.com> Reviewed-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Link: https://lore.kernel.org/r/20240419123611.947084-2-libaokun1@huawei.com [ Gao Xiang: trivial conflict due to a warning message. ] Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- fs/erofs/internal.h | 7 --- fs/erofs/super.c | 116 ++++++++++++++++++++------------------------ 2 files changed, 53 insertions(+), 70 deletions(-) diff --git a/fs/erofs/internal.h b/fs/erofs/internal.h index 1a4fe9f60295..787cc9ff9029 100644 --- a/fs/erofs/internal.h +++ b/fs/erofs/internal.h @@ -82,13 +82,6 @@ struct erofs_dev_context { bool flatdev; }; -struct erofs_fs_context { - struct erofs_mount_opts opt; - struct erofs_dev_context *devs; - char *fsid; - char *domain_id; -}; - /* all filesystem-wide lz4 configurations */ struct erofs_sb_lz4_info { /* # of pages needed for EROFS lz4 rolling decompression */ diff --git a/fs/erofs/super.c b/fs/erofs/super.c index c9f9a43197db..ea9bb0ad2a7c 100644 --- a/fs/erofs/super.c +++ b/fs/erofs/super.c @@ -367,18 +367,18 @@ static int erofs_read_superblock(struct super_block *sb) return ret; } -static void erofs_default_options(struct erofs_fs_context *ctx) +static void erofs_default_options(struct erofs_sb_info *sbi) { #ifdef CONFIG_EROFS_FS_ZIP - ctx->opt.cache_strategy = EROFS_ZIP_CACHE_READAROUND; - ctx->opt.max_sync_decompress_pages = 3; - ctx->opt.sync_decompress = EROFS_SYNC_DECOMPRESS_AUTO; + sbi->opt.cache_strategy = EROFS_ZIP_CACHE_READAROUND; + sbi->opt.max_sync_decompress_pages = 3; + sbi->opt.sync_decompress = EROFS_SYNC_DECOMPRESS_AUTO; #endif #ifdef CONFIG_EROFS_FS_XATTR - set_opt(&ctx->opt, XATTR_USER); + set_opt(&sbi->opt, XATTR_USER); #endif #ifdef CONFIG_EROFS_FS_POSIX_ACL - set_opt(&ctx->opt, POSIX_ACL); + set_opt(&sbi->opt, POSIX_ACL); #endif } @@ -423,17 +423,17 @@ static const struct fs_parameter_spec erofs_fs_parameters[] = { static bool erofs_fc_set_dax_mode(struct fs_context *fc, unsigned int mode) { #ifdef CONFIG_FS_DAX - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *sbi = fc->s_fs_info; switch (mode) { case EROFS_MOUNT_DAX_ALWAYS: warnfc(fc, "DAX enabled. Warning: EXPERIMENTAL, use at your own risk"); - set_opt(&ctx->opt, DAX_ALWAYS); - clear_opt(&ctx->opt, DAX_NEVER); + set_opt(&sbi->opt, DAX_ALWAYS); + clear_opt(&sbi->opt, DAX_NEVER); return true; case EROFS_MOUNT_DAX_NEVER: - set_opt(&ctx->opt, DAX_NEVER); - clear_opt(&ctx->opt, DAX_ALWAYS); + set_opt(&sbi->opt, DAX_NEVER); + clear_opt(&sbi->opt, DAX_ALWAYS); return true; default: DBG_BUGON(1); @@ -448,7 +448,7 @@ static bool erofs_fc_set_dax_mode(struct fs_context *fc, unsigned int mode) static int erofs_fc_parse_param(struct fs_context *fc, struct fs_parameter *param) { - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *sbi = fc->s_fs_info; struct fs_parse_result result; struct erofs_device_info *dif; int opt, ret; @@ -461,9 +461,9 @@ static int erofs_fc_parse_param(struct fs_context *fc, case Opt_user_xattr: #ifdef CONFIG_EROFS_FS_XATTR if (result.boolean) - set_opt(&ctx->opt, XATTR_USER); + set_opt(&sbi->opt, XATTR_USER); else - clear_opt(&ctx->opt, XATTR_USER); + clear_opt(&sbi->opt, XATTR_USER); #else errorfc(fc, "{,no}user_xattr options not supported"); #endif @@ -471,16 +471,16 @@ static int erofs_fc_parse_param(struct fs_context *fc, case Opt_acl: #ifdef CONFIG_EROFS_FS_POSIX_ACL if (result.boolean) - set_opt(&ctx->opt, POSIX_ACL); + set_opt(&sbi->opt, POSIX_ACL); else - clear_opt(&ctx->opt, POSIX_ACL); + clear_opt(&sbi->opt, POSIX_ACL); #else errorfc(fc, "{,no}acl options not supported"); #endif break; case Opt_cache_strategy: #ifdef CONFIG_EROFS_FS_ZIP - ctx->opt.cache_strategy = result.uint_32; + sbi->opt.cache_strategy = result.uint_32; #else errorfc(fc, "compression not supported, cache_strategy ignored"); #endif @@ -502,27 +502,27 @@ static int erofs_fc_parse_param(struct fs_context *fc, kfree(dif); return -ENOMEM; } - down_write(&ctx->devs->rwsem); - ret = idr_alloc(&ctx->devs->tree, dif, 0, 0, GFP_KERNEL); - up_write(&ctx->devs->rwsem); + down_write(&sbi->devs->rwsem); + ret = idr_alloc(&sbi->devs->tree, dif, 0, 0, GFP_KERNEL); + up_write(&sbi->devs->rwsem); if (ret < 0) { kfree(dif->path); kfree(dif); return ret; } - ++ctx->devs->extra_devices; + ++sbi->devs->extra_devices; break; #ifdef CONFIG_EROFS_FS_ONDEMAND case Opt_fsid: - kfree(ctx->fsid); - ctx->fsid = kstrdup(param->string, GFP_KERNEL); - if (!ctx->fsid) + kfree(sbi->fsid); + sbi->fsid = kstrdup(param->string, GFP_KERNEL); + if (!sbi->fsid) return -ENOMEM; break; case Opt_domain_id: - kfree(ctx->domain_id); - ctx->domain_id = kstrdup(param->string, GFP_KERNEL); - if (!ctx->domain_id) + kfree(sbi->domain_id); + sbi->domain_id = kstrdup(param->string, GFP_KERNEL); + if (!sbi->domain_id) return -ENOMEM; break; #else @@ -578,8 +578,7 @@ static const struct export_operations erofs_export_ops = { static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc) { struct inode *inode; - struct erofs_sb_info *sbi; - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *sbi = EROFS_SB(sb); int err; sb->s_magic = EROFS_SUPER_MAGIC; @@ -587,19 +586,6 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc) sb->s_maxbytes = MAX_LFS_FILESIZE; sb->s_op = &erofs_sops; - sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); - if (!sbi) - return -ENOMEM; - - sb->s_fs_info = sbi; - sbi->opt = ctx->opt; - sbi->devs = ctx->devs; - ctx->devs = NULL; - sbi->fsid = ctx->fsid; - ctx->fsid = NULL; - sbi->domain_id = ctx->domain_id; - ctx->domain_id = NULL; - sbi->blkszbits = PAGE_SHIFT; if (erofs_is_fscache_mode(sb)) { sb->s_blocksize = PAGE_SIZE; @@ -703,9 +689,9 @@ static int erofs_fc_fill_super(struct super_block *sb, struct fs_context *fc) static int erofs_fc_get_tree(struct fs_context *fc) { - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *sbi = fc->s_fs_info; - if (IS_ENABLED(CONFIG_EROFS_FS_ONDEMAND) && ctx->fsid) + if (IS_ENABLED(CONFIG_EROFS_FS_ONDEMAND) && sbi->fsid) return get_tree_nodev(fc, erofs_fc_fill_super); return get_tree_bdev(fc, erofs_fc_fill_super); @@ -715,19 +701,19 @@ static int erofs_fc_reconfigure(struct fs_context *fc) { struct super_block *sb = fc->root->d_sb; struct erofs_sb_info *sbi = EROFS_SB(sb); - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *new_sbi = fc->s_fs_info; DBG_BUGON(!sb_rdonly(sb)); - if (ctx->fsid || ctx->domain_id) + if (new_sbi->fsid || new_sbi->domain_id) erofs_info(sb, "ignoring reconfiguration for fsid|domain_id."); - if (test_opt(&ctx->opt, POSIX_ACL)) + if (test_opt(&new_sbi->opt, POSIX_ACL)) fc->sb_flags |= SB_POSIXACL; else fc->sb_flags &= ~SB_POSIXACL; - sbi->opt = ctx->opt; + sbi->opt = new_sbi->opt; fc->sb_flags |= SB_RDONLY; return 0; @@ -758,12 +744,15 @@ static void erofs_free_dev_context(struct erofs_dev_context *devs) static void erofs_fc_free(struct fs_context *fc) { - struct erofs_fs_context *ctx = fc->fs_private; + struct erofs_sb_info *sbi = fc->s_fs_info; + + if (!sbi) + return; - erofs_free_dev_context(ctx->devs); - kfree(ctx->fsid); - kfree(ctx->domain_id); - kfree(ctx); + erofs_free_dev_context(sbi->devs); + kfree(sbi->fsid); + kfree(sbi->domain_id); + kfree(sbi); } static const struct fs_context_operations erofs_context_ops = { @@ -775,21 +764,22 @@ static const struct fs_context_operations erofs_context_ops = { static int erofs_init_fs_context(struct fs_context *fc) { - struct erofs_fs_context *ctx; + struct erofs_sb_info *sbi; - ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); - if (!ctx) + sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); + if (!sbi) return -ENOMEM; - ctx->devs = kzalloc(sizeof(struct erofs_dev_context), GFP_KERNEL); - if (!ctx->devs) { - kfree(ctx); + + sbi->devs = kzalloc(sizeof(struct erofs_dev_context), GFP_KERNEL); + if (!sbi->devs) { + kfree(sbi); return -ENOMEM; } - fc->fs_private = ctx; + fc->s_fs_info = sbi; - idr_init(&ctx->devs->tree); - init_rwsem(&ctx->devs->rwsem); - erofs_default_options(ctx); + idr_init(&sbi->devs->tree); + init_rwsem(&sbi->devs->rwsem); + erofs_default_options(sbi); fc->ops = &erofs_context_ops; return 0; } -- 2.39.3

11 months, 2 weeks

1
1
0 0

[PATCH v2 1/3] selftests/mm: compaction_test: Fix bogus test success on Aarch64

by Dev Jain

Currently, if at runtime we are not able to allocate a huge page, the test will trivially pass on Aarch64 due to no exception being raised on division by zero while computing compaction_index. Fix that by checking for nr_hugepages == 0. Anyways, in general, avoid a division by zero by exiting the program beforehand. While at it, fix a typo. Changes in v2: - Combine with this series, handle unsigned long number of hugepages Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Cc: stable(a)vger.kernel.org Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- tools/testing/selftests/mm/compaction_test.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/mm/compaction_test.c b/tools/testing/selftests/mm/compaction_test.c index 4f42eb7d7636..0b249a06a60b 100644 --- a/tools/testing/selftests/mm/compaction_test.c +++ b/tools/testing/selftests/mm/compaction_test.c @@ -82,12 +82,13 @@ int prereq(void) return -1; } -int check_compaction(unsigned long mem_free, unsigned int hugepage_size) +int check_compaction(unsigned long mem_free, unsigned long hugepage_size) { + unsigned long nr_hugepages_ul; int fd, ret = -1; int compaction_index = 0; - char initial_nr_hugepages[10] = {0}; - char nr_hugepages[10] = {0}; + char initial_nr_hugepages[20] = {0}; + char nr_hugepages[20] = {0}; /* We want to test with 80% of available memory. Else, OOM killer comes in to play */ @@ -134,7 +135,12 @@ int check_compaction(unsigned long mem_free, unsigned int hugepage_size) /* We should have been able to request at least 1/3 rd of the memory in huge pages */ - compaction_index = mem_free/(atoi(nr_hugepages) * hugepage_size); + nr_hugepages_ul = strtoul(nr_hugepages, NULL, 10); + if (!nr_hugepages_ul) { + ksft_print_msg("ERROR: No memory is available as huge pages\n"); + goto close_fd; + } + compaction_index = mem_free/(nr_hugepages_ul * hugepage_size); lseek(fd, 0, SEEK_SET); @@ -145,11 +151,11 @@ int check_compaction(unsigned long mem_free, unsigned int hugepage_size) goto close_fd; } - ksft_print_msg("Number of huge pages allocated = %d\n", - atoi(nr_hugepages)); + ksft_print_msg("Number of huge pages allocated = %lu\n", + nr_hugepages_ul); if (compaction_index > 3) { - ksft_print_msg("ERROR: Less that 1/%d of memory is available\n" + ksft_print_msg("ERROR: Less than 1/%d of memory is available\n" "as huge pages\n", compaction_index); goto close_fd; } -- 2.34.1

11 months, 2 weeks

1
1
0 0

Payment Advice Bank Transfer/Wire REF: {SCB/ 817#/B}

by Standard Chartered Bank

11 months, 2 weeks

1
0
0 0

[PATCH] drm/i915/dpt: Make DPT object unshrinkable

by Vidya Srinivas

In some scenarios, the DPT object gets shrunk but the actual framebuffer did not and thus its still there on the DPT's vm->bound_list. Then it tries to rewrite the PTEs via a stale CPU mapping. This causes panic. Credits-to: Ville Syrjala <ville.syrjala(a)linux.intel.com> Shawn Lee <shawn.c.lee(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 0dc987b699ce ("drm/i915/display: Add smem fallback allocation for dpt") Signed-off-by: Vidya Srinivas <vidya.srinivas(a)intel.com> --- drivers/gpu/drm/i915/gem/i915_gem_object.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gem/i915_gem_object.h b/drivers/gpu/drm/i915/gem/i915_gem_object.h index 3560a062d287..e6b485fc54d4 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_object.h +++ b/drivers/gpu/drm/i915/gem/i915_gem_object.h @@ -284,7 +284,8 @@ bool i915_gem_object_has_iomem(const struct drm_i915_gem_object *obj); static inline bool i915_gem_object_is_shrinkable(const struct drm_i915_gem_object *obj) { - return i915_gem_object_type_has(obj, I915_GEM_OBJECT_IS_SHRINKABLE); + return i915_gem_object_type_has(obj, I915_GEM_OBJECT_IS_SHRINKABLE) && + !obj->is_dpt; } static inline bool -- 2.34.1

11 months, 2 weeks

3
2
0 0

[PATCH] md: fix kmemleak of rdev->serial

by Jeremy Bongio

From: Li Nan <linan122(a)huawei.com> commit 6cf350658736681b9d6b0b6e58c5c76b235bb4c4 upstream. If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 backport change: mddev_destroy_serial_pool third parameter was removed in mainline, where there is no need to suspend within this function anymore. Fixes: 963c555e75b0 ("md: introduce mddev_create/destroy_wb_pool for the change of member device") Signed-off-by: Li Nan <linan122(a)huawei.com> Signed-off-by: Song Liu <song(a)kernel.org> Link: https://lore.kernel.org/r/20240208085556.2412922-1-linan666@huaweicloud.com Signed-off-by: Jeremy Bongio <jbongio(a)google.com> --- This backport is tested on LTS 5.10, 6.1, 6.6 drivers/md/md.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/md.c b/drivers/md/md.c index 09c7f52156f3f..67ceab4573be4 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -2532,6 +2532,7 @@ static int bind_rdev_to_array(struct md_rdev *rdev, struct mddev *mddev) fail: pr_warn("md: failed to register dev-%s for %s\n", b, mdname(mddev)); + mddev_destroy_serial_pool(mddev, rdev, false); return err; } -- 2.45.0.118.g7fe29c98d7-goog

11 months, 2 weeks

3
4
0 0

[PATCH v2 2/2] KEYS: trusted: Do not use WARN when encode fails

by Jarkko Sakkinen

When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index c6882f5d094f..8b7dd73d94c1 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -84,8 +84,9 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) { + if (IS_ERR(work1)) { ret = PTR_ERR(work1); + pr_err("BUG: ASN.1 encoder failed with %d\n", ret); goto err; } -- 2.45.1

11 months, 2 weeks

1
0
0 0

[PATCH v2 1/2] KEYS: trusted: Fix memory leak in tpm2_key_encode()

by Jarkko Sakkinen

'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case. Cc: stable(a)vger.kernel.org # +v5.13 Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 24 +++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index dfeec06301ce..c6882f5d094f 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -57,8 +58,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, unsigned char bool[3], *w = bool; /* tag 0 is emptyAuth */ w = asn1_encode_boolean(w, w + sizeof(bool), true); - if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) - return PTR_ERR(w); + if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) { + ret = PTR_ERR(w); + goto err; + } work = asn1_encode_tag(work, end_work, 0, bool, w - bool); } @@ -69,8 +72,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, * trigger, so if it does there's something nefarious going on */ if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE, - "BUG: scratch buffer is too small")) - return -EINVAL; + "BUG: scratch buffer is too small")) { + ret = -EINVAL; + goto err; + } work = asn1_encode_integer(work, end_work, options->keyhandle); work = asn1_encode_octet_string(work, end_work, pub, pub_len); @@ -79,10 +84,17 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) { + ret = PTR_ERR(work1); + goto err; + } + kfree(scratch); return work1 - payload->blob; + +err: + kfree(scratch); + return ret; } struct tpm2_key_context { -- 2.45.1

11 months, 2 weeks

1
0
0 0

[PATCH] erofs: avoid allocating DEFLATE streams before mounting

by Gao Xiang

Currently, each DEFLATE stream takes one 32 KiB permanent internal window buffer even if there is no running instance which uses DEFLATE algorithm. It's unexpected and wasteful on embedded devices with limited resources and servers with hundreds of CPU cores if DEFLATE is enabled but unused. Fixes: ffa09b3bd024 ("erofs: DEFLATE compression support") Cc: <stable(a)vger.kernel.org> # 6.6+ Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- fs/erofs/decompressor_deflate.c | 55 +++++++++++++++++---------------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/fs/erofs/decompressor_deflate.c b/fs/erofs/decompressor_deflate.c index 81e65c453ef0..3a3461561a3c 100644 --- a/fs/erofs/decompressor_deflate.c +++ b/fs/erofs/decompressor_deflate.c @@ -46,39 +46,15 @@ int __init z_erofs_deflate_init(void) /* by default, use # of possible CPUs instead */ if (!z_erofs_deflate_nstrms) z_erofs_deflate_nstrms = num_possible_cpus(); - - for (; z_erofs_deflate_avail_strms < z_erofs_deflate_nstrms; - ++z_erofs_deflate_avail_strms) { - struct z_erofs_deflate *strm; - - strm = kzalloc(sizeof(*strm), GFP_KERNEL); - if (!strm) - goto out_failed; - - /* XXX: in-kernel zlib cannot shrink windowbits currently */ - strm->z.workspace = vmalloc(zlib_inflate_workspacesize()); - if (!strm->z.workspace) { - kfree(strm); - goto out_failed; - } - - spin_lock(&z_erofs_deflate_lock); - strm->next = z_erofs_deflate_head; - z_erofs_deflate_head = strm; - spin_unlock(&z_erofs_deflate_lock); - } return 0; - -out_failed: - erofs_err(NULL, "failed to allocate zlib workspace"); - z_erofs_deflate_exit(); - return -ENOMEM; } int z_erofs_load_deflate_config(struct super_block *sb, struct erofs_super_block *dsb, void *data, int size) { struct z_erofs_deflate_cfgs *dfl = data; + static DEFINE_MUTEX(deflate_resize_mutex); + static bool inited; if (!dfl || size < sizeof(struct z_erofs_deflate_cfgs)) { erofs_err(sb, "invalid deflate cfgs, size=%u", size); @@ -89,9 +65,36 @@ int z_erofs_load_deflate_config(struct super_block *sb, erofs_err(sb, "unsupported windowbits %u", dfl->windowbits); return -EOPNOTSUPP; } + mutex_lock(&deflate_resize_mutex); + if (!inited) { + for (; z_erofs_deflate_avail_strms < z_erofs_deflate_nstrms; + ++z_erofs_deflate_avail_strms) { + struct z_erofs_deflate *strm; + + strm = kzalloc(sizeof(*strm), GFP_KERNEL); + if (!strm) + goto failed; + /* XXX: in-kernel zlib cannot customize windowbits */ + strm->z.workspace = vmalloc(zlib_inflate_workspacesize()); + if (!strm->z.workspace) { + kfree(strm); + goto failed; + } + spin_lock(&z_erofs_deflate_lock); + strm->next = z_erofs_deflate_head; + z_erofs_deflate_head = strm; + spin_unlock(&z_erofs_deflate_lock); + } + inited = true; + } + mutex_unlock(&deflate_resize_mutex); erofs_info(sb, "EXPERIMENTAL DEFLATE feature in use. Use at your own risk!"); return 0; +failed: + mutex_unlock(&deflate_resize_mutex); + z_erofs_deflate_exit(); + return -ENOMEM; } int z_erofs_deflate_decompress(struct z_erofs_decompress_req *rq, -- 2.39.3

11 months, 2 weeks

2
1
0 0

[PATCH 5/5] nbd: Fix signal handling

by Bart Van Assche

Both nbd_send_cmd() and nbd_handle_cmd() return either a negative error number or a positive blk_status_t value. nbd_queue_rq() converts these return values into a blk_status_t value. There is a bug in the conversion code: if nbd_send_cmd() returns BLK_STS_RESOURCE, nbd_queue_rq() should return BLK_STS_RESOURCE instead of BLK_STS_OK. Fix this, move the conversion code into nbd_handle_cmd() and fix the remaining sparse warnings. This patch fixes the following sparse warnings: drivers/block/nbd.c:673:32: warning: incorrect type in return expression (different base types) drivers/block/nbd.c:673:32: expected int drivers/block/nbd.c:673:32: got restricted blk_status_t [usertype] drivers/block/nbd.c:714:48: warning: incorrect type in return expression (different base types) drivers/block/nbd.c:714:48: expected int drivers/block/nbd.c:714:48: got restricted blk_status_t [usertype] drivers/block/nbd.c:1120:21: warning: incorrect type in assignment (different base types) drivers/block/nbd.c:1120:21: expected int [assigned] ret drivers/block/nbd.c:1120:21: got restricted blk_status_t [usertype] drivers/block/nbd.c:1125:16: warning: incorrect type in return expression (different base types) drivers/block/nbd.c:1125:16: expected restricted blk_status_t drivers/block/nbd.c:1125:16: got int [assigned] ret Cc: Christoph Hellwig <hch(a)lst.de> Cc: Josef Bacik <jbacik(a)fb.com> Cc: Yu Kuai <yukuai3(a)huawei.com> Cc: Markus Pargmann <mpa(a)pengutronix.de> Fixes: fc17b6534eb8 ("blk-mq: switch ->queue_rq return value to blk_status_t") Cc: stable(a)vger.kernel.org Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/block/nbd.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index 29e43ab1650c..22a79a62cc4e 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -588,6 +588,10 @@ static inline int was_interrupted(int result) return result == -ERESTARTSYS || result == -EINTR; } +/* + * Returns BLK_STS_RESOURCE if the caller should retry after a delay. Returns + * -EAGAIN if the caller should requeue @cmd. Returns -EIO if sending failed. + */ static int nbd_send_cmd(struct nbd_device *nbd, struct nbd_cmd *cmd, int index) { struct request *req = blk_mq_rq_from_pdu(cmd); @@ -670,7 +674,7 @@ static int nbd_send_cmd(struct nbd_device *nbd, struct nbd_cmd *cmd, int index) nsock->sent = sent; } set_bit(NBD_CMD_REQUEUED, &cmd->flags); - return BLK_STS_RESOURCE; + return (__force int)BLK_STS_RESOURCE; } dev_err_ratelimited(disk_to_dev(nbd->disk), "Send control failed (result %d)\n", result); @@ -711,7 +715,7 @@ static int nbd_send_cmd(struct nbd_device *nbd, struct nbd_cmd *cmd, int index) nsock->pending = req; nsock->sent = sent; set_bit(NBD_CMD_REQUEUED, &cmd->flags); - return BLK_STS_RESOURCE; + return (__force int)BLK_STS_RESOURCE; } dev_err(disk_to_dev(nbd->disk), "Send data failed (result %d)\n", @@ -1008,7 +1012,7 @@ static int wait_for_reconnect(struct nbd_device *nbd) return !test_bit(NBD_RT_DISCONNECTED, &config->runtime_flags); } -static int nbd_handle_cmd(struct nbd_cmd *cmd, int index) +static blk_status_t nbd_handle_cmd(struct nbd_cmd *cmd, int index) { struct request *req = blk_mq_rq_from_pdu(cmd); struct nbd_device *nbd = cmd->nbd; @@ -1022,14 +1026,14 @@ static int nbd_handle_cmd(struct nbd_cmd *cmd, int index) if (!config) { dev_err_ratelimited(disk_to_dev(nbd->disk), "Socks array is empty\n"); - return -EINVAL; + return BLK_STS_IOERR; } if (index >= config->num_connections) { dev_err_ratelimited(disk_to_dev(nbd->disk), "Attempted send on invalid socket\n"); nbd_config_put(nbd); - return -EINVAL; + return BLK_STS_IOERR; } cmd->status = BLK_STS_OK; again: @@ -1052,7 +1056,7 @@ static int nbd_handle_cmd(struct nbd_cmd *cmd, int index) */ sock_shutdown(nbd); nbd_config_put(nbd); - return -EIO; + return BLK_STS_IOERR; } goto again; } @@ -1065,7 +1069,7 @@ static int nbd_handle_cmd(struct nbd_cmd *cmd, int index) blk_mq_start_request(req); if (unlikely(nsock->pending && nsock->pending != req)) { nbd_requeue_cmd(cmd); - ret = 0; + ret = BLK_STS_OK; goto out; } /* @@ -1084,19 +1088,19 @@ static int nbd_handle_cmd(struct nbd_cmd *cmd, int index) "Request send failed, requeueing\n"); nbd_mark_nsock_dead(nbd, nsock, 1); nbd_requeue_cmd(cmd); - ret = 0; + ret = BLK_STS_OK; } out: mutex_unlock(&nsock->tx_lock); nbd_config_put(nbd); - return ret; + return ret < 0 ? BLK_STS_IOERR : (__force blk_status_t)ret; } static blk_status_t nbd_queue_rq(struct blk_mq_hw_ctx *hctx, const struct blk_mq_queue_data *bd) { struct nbd_cmd *cmd = blk_mq_rq_to_pdu(bd->rq); - int ret; + blk_status_t ret; /* * Since we look at the bio's to send the request over the network we @@ -1116,10 +1120,6 @@ static blk_status_t nbd_queue_rq(struct blk_mq_hw_ctx *hctx, * appropriate. */ ret = nbd_handle_cmd(cmd, hctx->queue_num); - if (ret < 0) - ret = BLK_STS_IOERR; - else if (!ret) - ret = BLK_STS_OK; mutex_unlock(&cmd->lock); return ret;

11 months, 2 weeks

2
2
0 0

[PATCH v2 4/7] HID: i2c-hid: elan: fix reset suspend current leakage

by Johan Hovold

The Elan eKTH5015M touch controller found on the Lenovo ThinkPad X13s shares the VCC33 supply with other peripherals that may remain powered during suspend (e.g. when enabled as wakeup sources). The reset line is also wired so that it can be left deasserted when the supply is off. This is important as it avoids holding the controller in reset for extended periods of time when it remains powered, which can lead to increased power consumption, and also avoids leaking current through the X13s reset circuitry during suspend (and after driver unbind). Use the new 'no-reset-on-power-off' devicetree property to determine when reset needs to be asserted on power down. Notably this also avoids wasting power on machine variants without a touchscreen for which the driver would otherwise exit probe with reset asserted. Fixes: bd3cba00dcc6 ("HID: i2c-hid: elan: Add support for Elan eKTH6915 i2c-hid touchscreens") Cc: stable(a)vger.kernel.org # 6.0 Cc: Douglas Anderson <dianders(a)chromium.org> Tested-by: Steev Klimaszewski <steev(a)kali.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/hid/i2c-hid/i2c-hid-of-elan.c | 59 +++++++++++++++++++++------ 1 file changed, 47 insertions(+), 12 deletions(-) diff --git a/drivers/hid/i2c-hid/i2c-hid-of-elan.c b/drivers/hid/i2c-hid/i2c-hid-of-elan.c index 5b91fb106cfc..091e37933225 100644 --- a/drivers/hid/i2c-hid/i2c-hid-of-elan.c +++ b/drivers/hid/i2c-hid/i2c-hid-of-elan.c @@ -31,6 +31,7 @@ struct i2c_hid_of_elan { struct regulator *vcc33; struct regulator *vccio; struct gpio_desc *reset_gpio; + bool no_reset_on_power_off; const struct elan_i2c_hid_chip_data *chip_data; }; @@ -40,17 +41,17 @@ static int elan_i2c_hid_power_up(struct i2chid_ops *ops) container_of(ops, struct i2c_hid_of_elan, ops); int ret; + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + if (ihid_elan->vcc33) { ret = regulator_enable(ihid_elan->vcc33); if (ret) - return ret; + goto err_deassert_reset; } ret = regulator_enable(ihid_elan->vccio); - if (ret) { - regulator_disable(ihid_elan->vcc33); - return ret; - } + if (ret) + goto err_disable_vcc33; if (ihid_elan->chip_data->post_power_delay_ms) msleep(ihid_elan->chip_data->post_power_delay_ms); @@ -60,6 +61,15 @@ static int elan_i2c_hid_power_up(struct i2chid_ops *ops) msleep(ihid_elan->chip_data->post_gpio_reset_on_delay_ms); return 0; + +err_disable_vcc33: + if (ihid_elan->vcc33) + regulator_disable(ihid_elan->vcc33); +err_deassert_reset: + if (ihid_elan->no_reset_on_power_off) + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 0); + + return ret; } static void elan_i2c_hid_power_down(struct i2chid_ops *ops) @@ -67,7 +77,14 @@ static void elan_i2c_hid_power_down(struct i2chid_ops *ops) struct i2c_hid_of_elan *ihid_elan = container_of(ops, struct i2c_hid_of_elan, ops); - gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + /* + * Do not assert reset when the hardware allows for it to remain + * deasserted regardless of the state of the (shared) power supply to + * avoid wasting power when the supply is left on. + */ + if (!ihid_elan->no_reset_on_power_off) + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 1); + if (ihid_elan->chip_data->post_gpio_reset_off_delay_ms) msleep(ihid_elan->chip_data->post_gpio_reset_off_delay_ms); @@ -79,6 +96,7 @@ static void elan_i2c_hid_power_down(struct i2chid_ops *ops) static int i2c_hid_of_elan_probe(struct i2c_client *client) { struct i2c_hid_of_elan *ihid_elan; + int ret; ihid_elan = devm_kzalloc(&client->dev, sizeof(*ihid_elan), GFP_KERNEL); if (!ihid_elan) @@ -93,21 +111,38 @@ static int i2c_hid_of_elan_probe(struct i2c_client *client) if (IS_ERR(ihid_elan->reset_gpio)) return PTR_ERR(ihid_elan->reset_gpio); + ihid_elan->no_reset_on_power_off = of_property_read_bool(client->dev.of_node, + "no-reset-on-power-off"); + ihid_elan->vccio = devm_regulator_get(&client->dev, "vccio"); - if (IS_ERR(ihid_elan->vccio)) - return PTR_ERR(ihid_elan->vccio); + if (IS_ERR(ihid_elan->vccio)) { + ret = PTR_ERR(ihid_elan->vccio); + goto err_deassert_reset; + } ihid_elan->chip_data = device_get_match_data(&client->dev); if (ihid_elan->chip_data->main_supply_name) { ihid_elan->vcc33 = devm_regulator_get(&client->dev, ihid_elan->chip_data->main_supply_name); - if (IS_ERR(ihid_elan->vcc33)) - return PTR_ERR(ihid_elan->vcc33); + if (IS_ERR(ihid_elan->vcc33)) { + ret = PTR_ERR(ihid_elan->vcc33); + goto err_deassert_reset; + } } - return i2c_hid_core_probe(client, &ihid_elan->ops, - ihid_elan->chip_data->hid_descriptor_address, 0); + ret = i2c_hid_core_probe(client, &ihid_elan->ops, + ihid_elan->chip_data->hid_descriptor_address, 0); + if (ret) + goto err_deassert_reset; + + return 0; + +err_deassert_reset: + if (ihid_elan->no_reset_on_power_off) + gpiod_set_value_cansleep(ihid_elan->reset_gpio, 0); + + return ret; } static const struct elan_i2c_hid_chip_data elan_ekth6915_chip_data = { -- 2.43.2

11 months, 2 weeks

3
4
0 0

[PATCH] wifi: ath10k: fix QCOM_RPROC_COMMON dependency

by Dmitry Baryshkov

If ath10k_snoc is built-in, while Qualcomm remoteprocs are built as modules, compilation fails with: /usr/bin/aarch64-linux-gnu-ld: drivers/net/wireless/ath/ath10k/snoc.o: in function `ath10k_modem_init': drivers/net/wireless/ath/ath10k/snoc.c:1534: undefined reference to `qcom_register_ssr_notifier' /usr/bin/aarch64-linux-gnu-ld: drivers/net/wireless/ath/ath10k/snoc.o: in function `ath10k_modem_deinit': drivers/net/wireless/ath/ath10k/snoc.c:1551: undefined reference to `qcom_unregister_ssr_notifier' Add corresponding dependency to ATH10K_SNOC Kconfig entry so that it's built as module if QCOM_RPROC_COMMON is built as module too. Fixes: 747ff7d3d742 ("ath10k: Don't always treat modem stop events as crashes") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- drivers/net/wireless/ath/ath10k/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireless/ath/ath10k/Kconfig b/drivers/net/wireless/ath/ath10k/Kconfig index e6ea884cafc1..4f385f4a8cef 100644 --- a/drivers/net/wireless/ath/ath10k/Kconfig +++ b/drivers/net/wireless/ath/ath10k/Kconfig @@ -45,6 +45,7 @@ config ATH10K_SNOC depends on ATH10K depends on ARCH_QCOM || COMPILE_TEST depends on QCOM_SMEM + depends on QCOM_RPROC_COMMON || QCOM_RPROC_COMMON=n select QCOM_SCM select QCOM_QMI_HELPERS help --- base-commit: 75fa778d74b786a1608d55d655d42b480a6fa8bd change-id: 20240511-ath10k-snoc-dep-862a9da2e6bb Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

11 months, 2 weeks

5
7
0 0

[PATCH 2/2] selftests/mm: compaction_test: Fix trivial test success and reduce probability of OOM-killer invocation

by Dev Jain

Reset nr_hugepages to zero before the start of the test. If a non-zero number of hugepages is already set before the start of the test, the following problems arise: - The probability of the test getting OOM-killed increases. Proof: The test wants to run on 80% of available memory to prevent OOM-killing (see original code comments). Let the value of mem_free at the start of the test, when nr_hugepages = 0, be x. In the other case, when nr_hugepages > 0, let the memory consumed by hugepages be y. In the former case, the test operates on 0.8 * x of memory. In the latter, the test operates on 0.8 * (x - y) of memory, with y already filled, hence, memory consumed is y + 0.8 * (x - y) = 0.8 * x + 0.2 * y > 0.8 * x. Q.E.D - The probability of a bogus test success increases. Proof: Let the memory consumed by hugepages be greater than 25% of x, with x and y defined as above. The definition of compaction_index is c_index = (x - y)/z where z is the memory consumed by hugepages after trying to increase them again. In check_compaction(), we set the number of hugepages to zero, and then increase them back; the probability that they will be set back to consume at least y amount of memory again is very high (since there is not much delay between the two attempts of changing nr_hugepages). Hence, z >= y > (x/4) (by the 25% assumption). Therefore, c_index = (x - y)/z <= (x - y)/y = x/y - 1 < 4 - 1 = 3 hence, c_index can always be forced to be less than 3, thereby the test succeeding always. Q.E.D NOTE: This patch depends on the previous one. Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Cc: stable(a)vger.kernel.org Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- tools/testing/selftests/mm/compaction_test.c | 72 ++++++++++++++------ 1 file changed, 50 insertions(+), 22 deletions(-) diff --git a/tools/testing/selftests/mm/compaction_test.c b/tools/testing/selftests/mm/compaction_test.c index c5be395f8363..2ae059989771 100644 --- a/tools/testing/selftests/mm/compaction_test.c +++ b/tools/testing/selftests/mm/compaction_test.c @@ -82,12 +82,15 @@ int prereq(void) return -1; } -int check_compaction(unsigned long mem_free, unsigned int hugepage_size) +int check_compaction(unsigned long mem_free, unsigned int hugepage_size, + int initial_nr_hugepages) { int fd, ret = -1; int compaction_index = 0; - char initial_nr_hugepages[10] = {0}; char nr_hugepages[10] = {0}; + char init_nr_hugepages[10] = {0}; + + sprintf(init_nr_hugepages, "%d", initial_nr_hugepages); /* We want to test with 80% of available memory. Else, OOM killer comes in to play */ @@ -101,23 +104,6 @@ int check_compaction(unsigned long mem_free, unsigned int hugepage_size) goto out; } - if (read(fd, initial_nr_hugepages, sizeof(initial_nr_hugepages)) <= 0) { - ksft_print_msg("Failed to read from /proc/sys/vm/nr_hugepages: %s\n", - strerror(errno)); - goto close_fd; - } - - lseek(fd, 0, SEEK_SET); - - /* Start with the initial condition of 0 huge pages*/ - if (write(fd, "0", sizeof(char)) != sizeof(char)) { - ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", - strerror(errno)); - goto close_fd; - } - - lseek(fd, 0, SEEK_SET); - /* Request a large number of huge pages. The Kernel will allocate as much as it can */ if (write(fd, "100000", (6*sizeof(char))) != (6*sizeof(char))) { @@ -140,8 +126,8 @@ int check_compaction(unsigned long mem_free, unsigned int hugepage_size) lseek(fd, 0, SEEK_SET); - if (write(fd, initial_nr_hugepages, strlen(initial_nr_hugepages)) - != strlen(initial_nr_hugepages)) { + if (write(fd, init_nr_hugepages, strlen(init_nr_hugepages)) + != strlen(init_nr_hugepages)) { ksft_print_msg("Failed to write value to /proc/sys/vm/nr_hugepages: %s\n", strerror(errno)); goto close_fd; @@ -165,6 +151,42 @@ int check_compaction(unsigned long mem_free, unsigned int hugepage_size) return ret; } +int set_zero_hugepages(int *initial_nr_hugepages) +{ + int fd, ret = -1; + char nr_hugepages[10] = {0}; + + fd = open("/proc/sys/vm/nr_hugepages", O_RDWR | O_NONBLOCK); + if (fd < 0) { + ksft_print_msg("Failed to open /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto out; + } + + if (read(fd, nr_hugepages, sizeof(nr_hugepages)) <= 0) { + ksft_print_msg("Failed to read from /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto close_fd; + } + + lseek(fd, 0, SEEK_SET); + + /* Start with the initial condition of 0 huge pages */ + if (write(fd, "0", sizeof(char)) != sizeof(char)) { + ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", + strerror(errno)); + goto close_fd; + } + + *initial_nr_hugepages = atoi(nr_hugepages); + ret = 0; + + close_fd: + close(fd); + + out: + return ret; +} int main(int argc, char **argv) { @@ -175,6 +197,7 @@ int main(int argc, char **argv) unsigned long mem_free = 0; unsigned long hugepage_size = 0; long mem_fragmentable_MB = 0; + int initial_nr_hugepages; ksft_print_header(); @@ -183,6 +206,10 @@ int main(int argc, char **argv) ksft_set_plan(1); + /* start the test without hugepages reducing mem_free */ + if (set_zero_hugepages(&initial_nr_hugepages)) + return ksft_exit_fail(); + lim.rlim_cur = RLIM_INFINITY; lim.rlim_max = RLIM_INFINITY; if (setrlimit(RLIMIT_MEMLOCK, &lim)) @@ -226,7 +253,8 @@ int main(int argc, char **argv) entry = entry->next; } - if (check_compaction(mem_free, hugepage_size) == 0) + if (check_compaction(mem_free, hugepage_size, + initial_nr_hugepages) == 0) return ksft_exit_pass(); return ksft_exit_fail(); -- 2.30.2

11 months, 2 weeks

2
2
0 0

[PATCH 1/2] selftests/mm: compaction_test: Fix incorrect write of zero to nr_hugepages

by Dev Jain

nr_hugepages is not set to zero because the file offset has not been reset after read(). Fix that using lseek(). Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Cc: stable(a)vger.kernel.org Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- Merge dependency: https://lore.kernel.org/all/20240513082842.4117782-1-dev.jain@arm.com/ Andrew, does it sound reasonable to have the fixes tag in the above patch too, along with this series? tools/testing/selftests/mm/compaction_test.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/mm/compaction_test.c b/tools/testing/selftests/mm/compaction_test.c index 533999b6c284..c5be395f8363 100644 --- a/tools/testing/selftests/mm/compaction_test.c +++ b/tools/testing/selftests/mm/compaction_test.c @@ -107,6 +107,8 @@ int check_compaction(unsigned long mem_free, unsigned int hugepage_size) goto close_fd; } + lseek(fd, 0, SEEK_SET); + /* Start with the initial condition of 0 huge pages*/ if (write(fd, "0", sizeof(char)) != sizeof(char)) { ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", -- 2.30.2

11 months, 2 weeks

2
2
0 0

[PATCH 3/3] KEYS: trusted: Do not use WARN when encode fails

by Jarkko Sakkinen

When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index c6882f5d094f..8b7dd73d94c1 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -84,8 +84,9 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) { + if (IS_ERR(work1)) { ret = PTR_ERR(work1); + pr_err("BUG: ASN.1 encoder failed with %d\n", ret); goto err; } -- 2.45.1

11 months, 2 weeks

1
0
0 0

[PATCH 2/3] KEYS: trusted: Fix memory leak in tpm2_key_encode()

by Jarkko Sakkinen

'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case. Cc: stable(a)vger.kernel.org # +v5.13 Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 24 +++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index dfeec06301ce..c6882f5d094f 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -57,8 +58,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, unsigned char bool[3], *w = bool; /* tag 0 is emptyAuth */ w = asn1_encode_boolean(w, w + sizeof(bool), true); - if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) - return PTR_ERR(w); + if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) { + ret = PTR_ERR(w); + goto err; + } work = asn1_encode_tag(work, end_work, 0, bool, w - bool); } @@ -69,8 +72,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, * trigger, so if it does there's something nefarious going on */ if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE, - "BUG: scratch buffer is too small")) - return -EINVAL; + "BUG: scratch buffer is too small")) { + ret = -EINVAL; + goto err; + } work = asn1_encode_integer(work, end_work, options->keyhandle); work = asn1_encode_octet_string(work, end_work, pub, pub_len); @@ -79,10 +84,17 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) { + ret = PTR_ERR(work1); + goto err; + } + kfree(scratch); return work1 - payload->blob; + +err: + kfree(scratch); + return ret; } struct tpm2_key_context { -- 2.45.1

11 months, 2 weeks

1
0
0 0

+ mm-huge_memory-dont-unpoison-huge_zero_folio.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: don't unpoison huge_zero_folio has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-dont-unpoison-huge_zero_folio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/huge_memory: don't unpoison huge_zero_folio Date: Thu, 16 May 2024 20:26:08 +0800 When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_folio without increasing the folio refcnt. But then unpoison_memory() will decrease the folio refcnt unexpectedly as it appears like a successfully hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_folio. Skip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. We're not prepared to unpoison huge_zero_folio yet. Link: https://lkml.kernel.org/r/20240516122608.22610-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Yang Shi <shy828301(a)gmail.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/mm/memory-failure.c~mm-huge_memory-dont-unpoison-huge_zero_folio +++ a/mm/memory-failure.c @@ -2546,6 +2546,13 @@ int unpoison_memory(unsigned long pfn) goto unlock_mutex; } + if (is_huge_zero_folio(folio)) { + unpoison_pr_info("Unpoison: huge zero page is not supported %#lx\n", + pfn, &unpoison_rs); + ret = -EOPNOTSUPP; + goto unlock_mutex; + } + if (!PageHWPoison(p)) { unpoison_pr_info("Unpoison: Page was already unpoisoned %#lx\n", pfn, &unpoison_rs); _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-huge_memory-dont-unpoison-huge_zero_folio.patch

11 months, 2 weeks

1
0
0 0

[PATCH v2] serial: core: only stop transmit when HW fifo is empty

by Jonas Gorski

If the circular buffer is empty, it just means we fit all characters to send into the HW fifo, but not that the hardware finished transmitting them. So if we immediately call stop_tx() after that, this may abort any pending characters in the HW fifo, and cause dropped characters on the console. Fix this by only stopping tx when the tx HW fifo is actually empty. Fixes: 8275b48b2780 ("tty: serial: introduce transmit helpers") Cc: stable(a)vger.kernel.org Signed-off-by: Jonas Gorski <jonas.gorski(a)gmail.com> --- (this is v2 of the bcm63xx-uart fix attempt) v1 -> v2 * replace workaround with fix for core issue * add Cc: for stable I'm somewhat confident this is the core issue causing the broken output with bcm63xx-uart, and there is no actual need for the UART_TX_NOSTOP. I wouldn't be surprised if this also fixes mxs-uart for which UART_TX_NOSTOP was introduced. If it does, there is no need for the flag anymore. include/linux/serial_core.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/serial_core.h b/include/linux/serial_core.h index 55b1f3ba48ac..bb0f2d4ac62f 100644 --- a/include/linux/serial_core.h +++ b/include/linux/serial_core.h @@ -786,7 +786,8 @@ enum UART_TX_FLAGS { if (pending < WAKEUP_CHARS) { \ uart_write_wakeup(__port); \ \ - if (!((flags) & UART_TX_NOSTOP) && pending == 0) \ + if (!((flags) & UART_TX_NOSTOP) && pending == 0 && \ + __port->ops->tx_empty(__port)) \ __port->ops->stop_tx(__port); \ } \ \ -- 2.34.1

11 months, 3 weeks

2
2
0 0

Re: [PATCH] cpufreq: amd-pstate: fix the highest frequency issue which limit performance

by Thomas Weißschuh

Hi stable team, Please backport the mainline commit bf202e654bfa ("cpufreq: amd-pstate: fix the highest frequency issue which limits performance") to the 6.9 stable series. It fixes a performance regression on AMD Phoenix platforms. It was meant to get into the 6.9 release or the stable branch shortly after, but apparently that didn't happen. On 2024-05-08 13:47:03+0000, Perry Yuan wrote: > To address the performance drop issue, an optimization has been > implemented. The incorrect highest performance value previously set by the > low-level power firmware for AMD CPUs with Family ID 0x19 and Model ID > ranging from 0x70 to 0x7F series has been identified as the cause. > > To resolve this, a check has been implemented to accurately determine the > CPU family and model ID. The correct highest performance value is now set > and the performance drop caused by the incorrect highest performance value > are eliminated. > > Before the fix, the highest frequency was set to 4200MHz, now it is set > to 4971MHz which is correct. > > CPU NODE SOCKET CORE L1d:L1i:L2:L3 ONLINE MAXMHZ MINMHZ MHZ > 0 0 0 0 0:0:0:0 yes 4971.0000 400.0000 400.0000 > 1 0 0 0 0:0:0:0 yes 4971.0000 400.0000 400.0000 > 2 0 0 1 1:1:1:0 yes 4971.0000 400.0000 4865.8140 > 3 0 0 1 1:1:1:0 yes 4971.0000 400.0000 400.0000 > > v1->v2: > * add test by flag from Gaha Bana > > Fixes: f3a052391822 ("cpufreq: amd-pstate: Enable amd-pstate preferred core support") > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218759 > Signed-off-by: Perry Yuan <perry.yuan(a)amd.com> > Co-developed-by: Mario Limonciello <mario.limonciello(a)amd.com> > Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> > Tested-by: Gaha Bana <gahabana(a)gmail.com> > --- > drivers/cpufreq/amd-pstate.c | 22 +++++++++++++++++++--- > 1 file changed, 19 insertions(+), 3 deletions(-) > > diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c > index 2db095867d03..6a342b0c0140 100644 > --- a/drivers/cpufreq/amd-pstate.c > +++ b/drivers/cpufreq/amd-pstate.c > @@ -50,7 +50,8 @@ > > #define AMD_PSTATE_TRANSITION_LATENCY 20000 > #define AMD_PSTATE_TRANSITION_DELAY 1000 > -#define AMD_PSTATE_PREFCORE_THRESHOLD 166 > +#define CPPC_HIGHEST_PERF_PERFORMANCE 196 > +#define CPPC_HIGHEST_PERF_DEFAULT 166 > > /* > * TODO: We need more time to fine tune processors with shared memory solution > @@ -326,6 +327,21 @@ static inline int amd_pstate_enable(bool enable) > return static_call(amd_pstate_enable)(enable); > } > > +static u32 amd_pstate_highest_perf_set(struct amd_cpudata *cpudata) > +{ > + struct cpuinfo_x86 *c = &cpu_data(0); > + > + /* > + * For AMD CPUs with Family ID 19H and Model ID range 0x70 to 0x7f, > + * the highest performance level is set to 196. > + * https://bugzilla.kernel.org/show_bug.cgi?id=218759 > + */ > + if (c->x86 == 0x19 && (c->x86_model >= 0x70 && c->x86_model <= 0x7f)) > + return CPPC_HIGHEST_PERF_PERFORMANCE; > + > + return CPPC_HIGHEST_PERF_DEFAULT; > +} > + > static int pstate_init_perf(struct amd_cpudata *cpudata) > { > u64 cap1; > @@ -342,7 +358,7 @@ static int pstate_init_perf(struct amd_cpudata *cpudata) > * the default max perf. > */ > if (cpudata->hw_prefcore) > - highest_perf = AMD_PSTATE_PREFCORE_THRESHOLD; > + highest_perf = amd_pstate_highest_perf_set(cpudata); > else > highest_perf = AMD_CPPC_HIGHEST_PERF(cap1); > > @@ -366,7 +382,7 @@ static int cppc_init_perf(struct amd_cpudata *cpudata) > return ret; > > if (cpudata->hw_prefcore) > - highest_perf = AMD_PSTATE_PREFCORE_THRESHOLD; > + highest_perf = amd_pstate_highest_perf_set(cpudata); > else > highest_perf = cppc_perf.highest_perf; > > -- > 2.34.1 >

11 months, 3 weeks

2
1
0 0

[PATCH RFC v2 3/5] KEYS: trusted: Do not use WARN when encode fails

by Jarkko Sakkinen

When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index dfeec06301ce..dbdd6a318b8b 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -79,8 +80,11 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (IS_ERR(work1)) { + ret = PTR_ERR(work1); + pr_err("ASN.1 encode error %d\n", ret); + return ret; + } return work1 - payload->blob; } -- 2.45.1

11 months, 3 weeks

1
0
0 0

[PATCH RFC 3/5] KEYS: trusted: Do not use WARN when encode fails

by Jarkko Sakkinen

When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index dfeec06301ce..dbdd6a318b8b 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -79,8 +80,11 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (IS_ERR(work1)) { + ret = PTR_ERR(work1); + pr_err("ASN.1 encode error %d\n", ret); + return ret; + } return work1 - payload->blob; } -- 2.45.1

11 months, 3 weeks

1
0
0 0

From Financial Crimes Enforcement Network

by Financial Crimes Enforcement Network

Notice... Your fund that was stopped from completion has been released and ready to be transferred indicate if this email id is active for more details Regards Mr. Rowland Cole

11 months, 3 weeks

1
0
0 0

[PATCH 5.15] nfsd: don't allow nfsd threads to be signalled.

by cel＠kernel.org

From: NeilBrown <neilb(a)suse.de> [ Upstream commit 3903902401451b1cd9d797a8c79769eb26ac7fe5 ] The original implementation of nfsd used signals to stop threads during shutdown. In Linux 2.3.46pre5 nfsd gained the ability to shutdown threads internally it if was asked to run "0" threads. After this user-space transitioned to using "rpc.nfsd 0" to stop nfsd and sending signals to threads was no longer an important part of the API. In commit 3ebdbe5203a8 ("SUNRPC: discard svo_setup and rename svc_set_num_threads_sync()") (v5.17-rc1~75^2~41) we finally removed the use of signals for stopping threads, using kthread_stop() instead. This patch makes the "obvious" next step and removes the ability to signal nfsd threads - or any svc threads. nfsd stops allowing signals and we don't check for their delivery any more. This will allow for some simplification in later patches. A change worth noting is in nfsd4_ssc_setup_dul(). There was previously a signal_pending() check which would only succeed when the thread was being shut down. It should really have tested kthread_should_stop() as well. Now it just does the latter, not the former. Signed-off-by: NeilBrown <neilb(a)suse.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- fs/nfs/callback.c | 9 +-------- fs/nfsd/nfs4proc.c | 5 ++--- fs/nfsd/nfssvc.c | 12 ------------ net/sunrpc/svc_xprt.c | 16 ++++++---------- 4 files changed, 9 insertions(+), 33 deletions(-) Greg, Sasha - This is the third resend for this fix. Why isn't it applied to origin/linux-5.15.y yet? diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index 456af7d230cf..46a0a2d6962e 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -80,9 +80,6 @@ nfs4_callback_svc(void *vrqstp) set_freezable(); while (!kthread_freezable_should_stop(NULL)) { - - if (signal_pending(current)) - flush_signals(current); /* * Listen for a request on the socket */ @@ -112,11 +109,7 @@ nfs41_callback_svc(void *vrqstp) set_freezable(); while (!kthread_freezable_should_stop(NULL)) { - - if (signal_pending(current)) - flush_signals(current); - - prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE); + prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_IDLE); spin_lock_bh(&serv->sv_cb_lock); if (!list_empty(&serv->sv_cb_list)) { req = list_first_entry(&serv->sv_cb_list, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index c14f5ac1484c..6779291efca9 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1317,12 +1317,11 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr, /* found a match */ if (ni->nsui_busy) { /* wait - and try again */ - prepare_to_wait(&nn->nfsd_ssc_waitq, &wait, - TASK_INTERRUPTIBLE); + prepare_to_wait(&nn->nfsd_ssc_waitq, &wait, TASK_IDLE); spin_unlock(&nn->nfsd_ssc_lock); /* allow 20secs for mount/unmount for now - revisit */ - if (signal_pending(current) || + if (kthread_should_stop() || (schedule_timeout(20*HZ) == 0)) { finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c index 4c1a0a1623e5..3d4fd40c987b 100644 --- a/fs/nfsd/nfssvc.c +++ b/fs/nfsd/nfssvc.c @@ -938,15 +938,6 @@ nfsd(void *vrqstp) current->fs->umask = 0; - /* - * thread is spawned with all signals set to SIG_IGN, re-enable - * the ones that will bring down the thread - */ - allow_signal(SIGKILL); - allow_signal(SIGHUP); - allow_signal(SIGINT); - allow_signal(SIGQUIT); - atomic_inc(&nfsdstats.th_cnt); set_freezable(); @@ -971,9 +962,6 @@ nfsd(void *vrqstp) validate_process_creds(); } - /* Clear signals before calling svc_exit_thread() */ - flush_signals(current); - atomic_dec(&nfsdstats.th_cnt); out: diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index 67ccf1a6459a..b19592673eef 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -700,8 +700,8 @@ static int svc_alloc_arg(struct svc_rqst *rqstp) /* Made progress, don't sleep yet */ continue; - set_current_state(TASK_INTERRUPTIBLE); - if (signalled() || kthread_should_stop()) { + set_current_state(TASK_IDLE); + if (kthread_should_stop()) { set_current_state(TASK_RUNNING); return -EINTR; } @@ -736,7 +736,7 @@ rqst_should_sleep(struct svc_rqst *rqstp) return false; /* are we shutting down? */ - if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) return false; /* are we freezing? */ @@ -758,11 +758,7 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) if (rqstp->rq_xprt) goto out_found; - /* - * We have to be able to interrupt this wait - * to bring down the daemons ... - */ - set_current_state(TASK_INTERRUPTIBLE); + set_current_state(TASK_IDLE); smp_mb__before_atomic(); clear_bit(SP_CONGESTED, &pool->sp_flags); clear_bit(RQ_BUSY, &rqstp->rq_flags); @@ -784,7 +780,7 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) if (!time_left) atomic_long_inc(&pool->sp_stats.threads_timedout); - if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) return ERR_PTR(-EINTR); return ERR_PTR(-EAGAIN); out_found: @@ -882,7 +878,7 @@ int svc_recv(struct svc_rqst *rqstp, long timeout) try_to_freeze(); cond_resched(); err = -EINTR; - if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) goto out; xprt = svc_get_next_xprt(rqstp, timeout); base-commit: 284087d4f7d57502b5a41b423b771f16cc6d157a -- 2.44.0

11 months, 3 weeks

3
2
0 0

[BUG] Linux 6.8.10 NPE

by Chris Rankin

Hi, I am using vanilla Linux 6.8.10, and I've just noticed this BUG in my dmesg log. I have no idea what triggered it, and especially since I have not even mounted any NFS filesystems?! Cheers, Chris [ 9114.607417] BUG: kernel NULL pointer dereference, address: 0000000000000068 [ 9114.613082] #PF: supervisor read access in kernel mode [ 9114.616929] #PF: error_code(0x0000) - not-present page [ 9114.620775] PGD 0 P4D 0 [ 9114.622013] Oops: 0000 [#16] PREEMPT SMP PTI [ 9114.624987] CPU: 2 PID: 16501 Comm: sadc Tainted: G D I 6.8.10 #1 [ 9114.630993] Hardware name: Gigabyte Technology Co., Ltd. EX58-UD3R/EX58-UD3R, BIOS FB 05/04/2009 [ 9114.638561] RIP: 0010:nfsd_show+0x39/0x18e [nfsd] [ 9114.642026] Code: fb 48 83 ec 10 48 8b 47 70 8b 2d 34 9b 03 00 48 8b 80 b0 00 00 00 4c 8b a0 60 02 00 00 e8 99 84 f2 df 49 8b 84 24 f8 0b 00 00 <48> 8b 2c e8 e8 6d c0 f2 df 48 8d bd 00 03 00 00 e8 8f ff ff ff 48 [ 9114.659472] RSP: 0018:ffffc9000b1afcf8 EFLAGS: 00010202 [ 9114.663405] RAX: 0000000000000000 RBX: ffff88810cd5de80 RCX: 0000000000001000 [ 9114.669239] RDX: ffff88813f45b900 RSI: 0000000000000001 RDI: ffff88810cd5de80 [ 9114.675069] RBP: 000000000000000d R08: 0000000000400cc0 R09: 00000000ffffffff [ 9114.680905] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa11e51e0 [ 9114.686737] R13: ffffc9000b1afef8 R14: ffff88810cd5de80 R15: ffffffff81a2a520 [ 9114.692586] FS: 00007f3637e49740(0000) GS:ffff888343c80000(0000) knlGS:0000000000000000 [ 9114.699370] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9114.703809] CR2: 0000000000000068 CR3: 000000027a18c000 CR4: 00000000000006f0 [ 9114.709642] Call Trace: [ 9114.710798] <TASK> [ 9114.711602] ? __die_body+0x1a/0x5c [ 9114.713802] ? page_fault_oops+0x321/0x36e [ 9114.716636] ? exc_page_fault+0x105/0x117 [ 9114.719348] ? asm_exc_page_fault+0x22/0x30 [ 9114.722237] ? nfsd_show+0x39/0x18e [nfsd] [ 9114.725103] ? nfsd_show+0x31/0x18e [nfsd] [ 9114.727954] seq_read_iter+0x171/0x353 [ 9114.730410] seq_read+0xe0/0x108 [ 9114.732350] ? startup_64+0x1/0x60 [ 9114.734458] proc_reg_read+0x8c/0xa7 [ 9114.736746] vfs_read+0xa6/0x1bf [ 9114.738685] ? __do_sys_newfstat+0x34/0x5c [ 9114.741486] ksys_read+0x74/0xc0 [ 9114.743418] do_syscall_64+0x6c/0xdc [ 9114.745695] entry_SYSCALL_64_after_hwframe+0x60/0x68 [ 9114.749449] RIP: 0033:0x7f3638039cc1 [ 9114.751752] Code: 00 48 8b 15 59 81 0d 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8 b0 aa 01 00 f3 0f 1e fa 80 3d 85 03 0e 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec [ 9114.769198] RSP: 002b:00007ffec523c288 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 9114.775499] RAX: ffffffffffffffda RBX: 000055619e0982e0 RCX: 00007f3638039cc1 [ 9114.781332] RDX: 0000000000000400 RSI: 000055619e0a3b70 RDI: 0000000000000004 [ 9114.787166] RBP: 00007ffec523c2c0 R08: 0000000000000001 R09: 0000000000000000 [ 9114.792997] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3638111050 [ 9114.798830] R13: 00007f3638110f00 R14: 0000000000000000 R15: 000055619e0982e0 [ 9114.804668] </TASK> [ 9114.805559] Modules linked in: udf usb_storage snd_seq_dummy rpcrdma rdma_cm iw_cm ib_cm ib_core nf_nat_ftp nf_conntrack_ftp cfg80211 af_packet nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables it87 hwmon_vid bnep binfmt_misc snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel uvcvideo btusb uvc btintel btbcm videobuf2_vmalloc snd_intel_dspcfg videobuf2_memops bluetooth videobuf2_v4l2 snd_hda_codec videodev snd_usb_audio intel_powerclamp coretemp snd_virtuoso snd_hda_core kvm_intel snd_oxygen_lib videobuf2_common ecdh_generic snd_usbmidi_lib snd_mpu401_uart snd_hwdep mc snd_rawmidi [ 9114.805644] input_leds joydev led_class snd_seq rfkill kvm ecc snd_seq_device gpio_ich pktcdvd snd_pcm iTCO_wdt r8169 irqbypass i2c_i801 snd_hrtimer realtek snd_timer mdio_devres intel_cstate snd libphy acpi_cpufreq i2c_smbus pcspkr intel_uncore psmouse lpc_ich i7core_edac mxm_wmi soundcore tiny_power_button button nfsd auth_rpcgss nfs_acl lockd grace sunrpc dm_mod loop fuse dax configfs nfnetlink zram zsmalloc ext4 crc32c_generic crc16 mbcache jbd2 amdgpu video amdxcp i2c_algo_bit mfd_core drm_ttm_helper ttm hid_microsoft drm_exec gpu_sched drm_suballoc_helper drm_buddy drm_display_helper sr_mod usbhid sd_mod cdrom drm_kms_helper ahci pata_jmicron libahci drm uhci_hcd libata ehci_pci ehci_hcd xhci_pci firewire_ohci xhci_hcd firewire_core scsi_mod crc32c_intel sha512_ssse3 usbcore drm_panel_orientation_quirks sha256_ssse3 cec serio_raw sha1_ssse3 rc_core crc_itu_t bsg usb_common scsi_common wmi msr [last unloaded: sg] [ 9114.974386] CR2: 0000000000000068 [ 9114.976469] ---[ end trace 0000000000000000 ]--- [ 9114.979859] RIP: 0010:nfsd_show+0x39/0x18e [nfsd] [ 9114.983413] Code: fb 48 83 ec 10 48 8b 47 70 8b 2d 34 9b 03 00 48 8b 80 b0 00 00 00 4c 8b a0 60 02 00 00 e8 99 84 f2 df 49 8b 84 24 f8 0b 00 00 <48> 8b 2c e8 e8 6d c0 f2 df 48 8d bd 00 03 00 00 e8 8f ff ff ff 48 [ 9115.000909] RSP: 0018:ffffc90002edfcf8 EFLAGS: 00010202 [ 9115.004850] RAX: 0000000000000000 RBX: ffff88813fee9780 RCX: 0000000000001000 [ 9115.010725] RDX: ffff88810b474740 RSI: 0000000000000001 RDI: ffff88813fee9780 [ 9115.016621] RBP: 000000000000000d R08: 0000000000400cc0 R09: 00000000ffffffff [ 9115.022507] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa11e51e0 [ 9115.028414] R13: ffffc90002edfef8 R14: ffff88813fee9780 R15: ffffffff81a2a520 [ 9115.034338] FS: 00007f3637e49740(0000) GS:ffff888343c00000(0000) knlGS:0000000000000000 [ 9115.041191] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9115.045739] CR2: 00007f7171a17ef0 CR3: 000000027a18c000 CR4: 00000000000006f0

11 months, 3 weeks

1
0
0 0

[PATCH stable] block/mq-deadline: fix different priority request on the same zone

by Wu Bo

Zoned devices request sequential writing on the same zone. That means if 2 requests on the saem zone, the lower pos request need to dispatch to device first. While different priority has it's own tree & list, request with high priority will be disptch first. So if requestA & requestB are on the same zone. RequestA is BE and pos is X+0. ReqeustB is RT and pos is X+1. RequestB will be disptched before requestA, which got an ERROR from zoned device. This is found in a practice scenario when using F2FS on zoned device. And it is very easy to reproduce: 1. Use fsstress to run 8 test processes 2. Use ionice to change 4/8 processes to RT priority Fixes: c807ab520fc3 ("block/mq-deadline: Add I/O priority support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Wu Bo <bo.wu(a)vivo.com> --- block/mq-deadline.c | 31 +++++++++++++++++++++++++++++++ include/linux/blk-mq.h | 15 +++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/block/mq-deadline.c b/block/mq-deadline.c index 02a916ba62ee..6a05dd86e8ca 100644 --- a/block/mq-deadline.c +++ b/block/mq-deadline.c @@ -539,6 +539,37 @@ static struct request *__dd_dispatch_request(struct deadline_data *dd, if (started_after(dd, rq, latest_start)) return NULL; + if (!blk_rq_is_seq_zoned_write(rq)) + goto skip_check; + /* + * To ensure sequential writing, check the lower priority class to see + * if there is a request on the same zone and need to be dispatched + * first + */ + ioprio_class = dd_rq_ioclass(rq); + prio = ioprio_class_to_prio[ioprio_class]; + prio++; + for (; prio <= DD_PRIO_MAX; prio++) { + struct request *temp_rq; + unsigned long flags; + bool can_dispatch; + + if (!dd_queued(dd, prio)) + continue; + + temp_rq = deadline_from_pos(&dd->per_prio[prio], data_dir, blk_rq_pos(rq)); + if (temp_rq && blk_req_zone_in_one(temp_rq, rq) && + blk_rq_pos(temp_rq) < blk_rq_pos(rq)) { + spin_lock_irqsave(&dd->zone_lock, flags); + can_dispatch = blk_req_can_dispatch_to_zone(temp_rq); + spin_unlock_irqrestore(&dd->zone_lock, flags); + if (!can_dispatch) + return NULL; + rq = temp_rq; + per_prio = &dd->per_prio[prio]; + } + } +skip_check: /* * rq is the selected appropriate request. */ diff --git a/include/linux/blk-mq.h b/include/linux/blk-mq.h index d3d8fd8e229b..bca1e639e0f3 100644 --- a/include/linux/blk-mq.h +++ b/include/linux/blk-mq.h @@ -1202,6 +1202,15 @@ static inline bool blk_req_can_dispatch_to_zone(struct request *rq) return true; return !blk_req_zone_is_write_locked(rq); } + +static inline bool blk_req_zone_in_one(struct request *rq_a, + struct request *rq_b) +{ + unsigned int zone_sectors = rq_a->q->limits.chunk_sectors; + + return round_down(blk_rq_pos(rq_a), zone_sectors) == + round_down(blk_rq_pos(rq_b), zone_sectors); +} #else /* CONFIG_BLK_DEV_ZONED */ static inline bool blk_rq_is_seq_zoned_write(struct request *rq) { @@ -1229,6 +1238,12 @@ static inline bool blk_req_can_dispatch_to_zone(struct request *rq) { return true; } + +static inline bool blk_req_zone_in_one(struct request *rq_a, + struct request *rq_b) +{ + return false; +} #endif /* CONFIG_BLK_DEV_ZONED */ #endif /* BLK_MQ_H */ -- 2.35.3

11 months, 3 weeks

3
5
0 0

[PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag handling

by Ronald Wahl

From: Ronald Wahl <ronald.wahl(a)raritan.com> Under some circumstances it may happen that the ks8851 Ethernet driver stops sending data. Currently the interrupt handler resets the interrupt status flags in the hardware after handling TX. With this approach we may lose interrupts in the time window between handling the TX interrupt and resetting the TX interrupt status bit. When all of the three following conditions are true then transmitting data stops: - TX queue is stopped to wait for room in the hardware TX buffer - no queued SKBs in the driver (txq) that wait for being written to hw - hardware TX buffer is empty and the last TX interrupt was lost This is because reenabling the TX queue happens when handling the TX interrupt status but if the TX status bit has already been cleared then this interrupt will never come. With this commit the interrupt status flags will be cleared before they are handled. That way we stop losing interrupts. The wrong handling of the ISR flags was there from the beginning but with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") the issue becomes apparent. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> --- drivers/net/ethernet/micrel/ks8851_common.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 502518cdb461..6453c92f0fa7 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -328,7 +328,6 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) { struct ks8851_net *ks = _ks; struct sk_buff_head rxq; - unsigned handled = 0; unsigned long flags; unsigned int status; struct sk_buff *skb; @@ -336,24 +335,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) ks8851_lock(ks, &flags); status = ks8851_rdreg16(ks, KS_ISR); + ks8851_wrreg16(ks, KS_ISR, status); netif_dbg(ks, intr, ks->netdev, "%s: status 0x%04x\n", __func__, status); - if (status & IRQ_LCI) - handled |= IRQ_LCI; - if (status & IRQ_LDI) { u16 pmecr = ks8851_rdreg16(ks, KS_PMECR); pmecr &= ~PMECR_WKEVT_MASK; ks8851_wrreg16(ks, KS_PMECR, pmecr | PMECR_WKEVT_LINK); - - handled |= IRQ_LDI; } - if (status & IRQ_RXPSI) - handled |= IRQ_RXPSI; - if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); @@ -365,20 +357,12 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); spin_unlock(&ks->statelock); - - handled |= IRQ_TXI; } - if (status & IRQ_RXI) - handled |= IRQ_RXI; - if (status & IRQ_SPIBEI) { netdev_err(ks->netdev, "%s: spi bus error\n", __func__); - handled |= IRQ_SPIBEI; } - ks8851_wrreg16(ks, KS_ISR, handled); - if (status & IRQ_RXI) { /* the datasheet says to disable the rx interrupt during * packet read-out, however we're masking the interrupt -- 2.45.0

11 months, 3 weeks

3
2
0 0

[PATCH v1 1/1] x86/cpu: Fix boot on Intel Quark X1000

by Andy Shevchenko

The initial change to set x86_virt_bits to the correct value straight away broke boot on Intel Quark X1000 CPUs (which are family 5, model 9, stepping 0) With deeper investigation it appears that the Quark doesn't have the bit 19 set in 0x01 CPUID leaf, which means it doesn't provide any clflush instructions and hence the cache alignment is set to 0. The actual cache line size is 16 bytes, hence we may set the alignment accordingly. At the same time the physical and virtual address bits are retrieved via 0x80000008 CPUID leaf. Note, we don't really care about the value of x86_clflush_size as it is either used with a proper check for the instruction to be present, or, like in PCI case, it assumes 32 bytes for all supported 32-bit CPUs that have actually smaller cache line sizes and don't advertise it. The commit fbf6449f84bf ("x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach") basically revealed the issue that has been present from day 1 of introducing the Quark support. Fixes: aece118e487a ("x86: Add cpu_detect_cache_sizes to init_intel() add Quark legacy_cache()") Cc: stable(a)vger.kernel.org Signed-off-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> --- arch/x86/kernel/cpu/intel.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index be30d7fa2e66..2bffae158dd5 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -321,6 +321,15 @@ static void early_init_intel(struct cpuinfo_x86 *c) #ifdef CONFIG_X86_64 set_cpu_cap(c, X86_FEATURE_SYSENTER32); #else + /* + * The Quark doesn't have bit 19 set in 0x01 CPUID leaf, which means + * it doesn't provide any clflush instructions and hence the cache + * alignment is set to 0. The actual cache line size is 16 bytes, + * hence set the alignment accordingly. At the same time the physical + * and virtual address bits are retrieved via 0x80000008 CPUID leaf. + */ + if (c->x86 == 5 && c->x86_model == 9) + c->x86_cache_alignment = 16; /* Netburst reports 64 bytes clflush size, but does IO in 128 bytes */ if (c->x86 == 15 && c->x86_cache_alignment == 64) c->x86_cache_alignment = 128; -- 2.43.0.rc1.1336.g36b5255a03ac

11 months, 3 weeks

2
2
0 0

Re: [PATCH 6.9 0/5] 6.9.1-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

11 months, 3 weeks

1
0
0 0

Linux 6.9.1

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.1 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/dma/idxd/cdev.c | 77 +++++++++++++++++++++++ drivers/dma/idxd/idxd.h | 3 drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 drivers/dma/idxd/sysfs.c | 27 +++++++- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 4 + drivers/vfio/pci/vfio_pci.c | 2 include/linux/pci_ids.h | 2 security/keys/key.c | 3 10 files changed, 120 insertions(+), 7 deletions(-) Arjan van de Ven (2): VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist dmaengine: idxd: add a new security check to deal with a hardware erratum Ben Greear (1): wifi: mt76: mt7915: add missing chanctx ops Greg Kroah-Hartman (1): Linux 6.9.1 Nikhil Rao (1): dmaengine: idxd: add a write() method for applications to submit work Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation

11 months, 3 weeks

1
1
0 0

Linux 6.8.10

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.10 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/iio/health/maxim,max30102.yaml | 2 Documentation/devicetree/bindings/net/mediatek,net.yaml | 22 - Documentation/netlink/specs/rt_link.yaml | 6 Makefile | 2 arch/arm/kernel/sleep.S | 4 arch/arm/net/bpf_jit_32.c | 56 ++- arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-pico6.dts | 3 arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 - arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 arch/arm64/net/bpf_jit_comp.c | 6 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 arch/mips/kernel/scall32-o32.S | 23 - arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 - arch/powerpc/crypto/chacha-p10-glue.c | 8 arch/powerpc/include/asm/plpks.h | 5 arch/powerpc/platforms/pseries/iommu.c | 8 arch/powerpc/platforms/pseries/plpks.c | 10 arch/riscv/net/bpf_jit_comp64.c | 6 arch/s390/include/asm/dwarf.h | 1 arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 arch/x86/kernel/apic/apic.c | 16 arch/xtensa/include/asm/processor.h | 8 arch/xtensa/include/asm/ptrace.h | 2 arch/xtensa/kernel/process.c | 5 arch/xtensa/kernel/stacktrace.c | 3 block/blk-iocost.c | 14 block/ioctl.c | 5 drivers/accel/ivpu/ivpu_drv.c | 20 - drivers/accel/ivpu/ivpu_drv.h | 3 drivers/accel/ivpu/ivpu_hw_37xx.c | 4 drivers/accel/ivpu/ivpu_mmu.c | 8 drivers/accel/ivpu/ivpu_pm.c | 9 drivers/ata/sata_gemini.c | 5 drivers/base/regmap/regmap.c | 37 ++ drivers/bluetooth/btqca.c | 138 ++++++- drivers/bluetooth/btqca.h | 3 drivers/bluetooth/hci_qca.c | 2 drivers/clk/clk.c | 12 drivers/clk/qcom/clk-smd-rpm.c | 1 drivers/clk/samsung/clk-exynos-clkout.c | 13 drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 - drivers/clk/sunxi-ng/ccu_common.c | 19 + drivers/clk/sunxi-ng/ccu_common.h | 3 drivers/dma/idxd/cdev.c | 77 ++++ drivers/dma/idxd/idxd.h | 3 drivers/dma/idxd/init.c | 4 drivers/dma/idxd/registers.h | 3 drivers/dma/idxd/sysfs.c | 27 + drivers/edac/versal_edac.c | 4 drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 14 drivers/firmware/efi/unaccepted_memory.c | 4 drivers/firmware/microchip/mpfs-auto-update.c | 2 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-lpc32xx.c | 1 drivers/gpio/gpio-wcove.c | 2 drivers/gpio/gpiolib-cdev.c | 16 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 26 - drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 52 +- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 33 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 27 + drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 8 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 drivers/gpu/drm/drm_connector.c | 2 drivers/gpu/drm/i915/display/intel_audio.c | 113 ------ drivers/gpu/drm/i915/display/intel_bios.c | 19 - drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 drivers/gpu/drm/imagination/pvr_fw_mips.h | 5 drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 +-- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 drivers/gpu/drm/nouveau/nouveau_dp.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 79 ++-- drivers/gpu/drm/panel/Kconfig | 2 drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 drivers/gpu/drm/qxl/qxl_release.c | 50 -- drivers/gpu/drm/radeon/pptable.h | 10 drivers/gpu/drm/ttm/ttm_tt.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/drm/xe/compat-i915-headers/i915_drv.h | 3 drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 drivers/gpu/drm/xe/xe_lrc.c | 25 - drivers/gpu/drm/xe/xe_migrate.c | 8 drivers/gpu/host1x/bus.c | 8 drivers/hv/channel.c | 29 + drivers/hv/connection.c | 29 + drivers/hwmon/corsair-cpro.c | 45 +- drivers/hwmon/pmbus/ucd9000.c | 6 drivers/iio/accel/mxc4005.c | 92 ++++ drivers/iio/imu/adis16475.c | 4 drivers/iio/pressure/bmp280-core.c | 1 drivers/iio/pressure/bmp280-spi.c | 13 drivers/iio/pressure/bmp280.h | 1 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/amd/iommu.c | 4 drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c | 4 drivers/iommu/mtk_iommu.c | 1 drivers/iommu/mtk_iommu_v1.c | 1 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/pvpanic/pvpanic-pci.c | 4 drivers/net/dsa/mv88e6xxx/chip.c | 20 - drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 + drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 +- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 - drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 drivers/net/ethernet/intel/e1000e/phy.c | 8 drivers/net/ethernet/intel/ice/ice_debugfs.c | 8 drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 drivers/net/ethernet/micrel/ks8851_common.c | 16 drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 drivers/net/hyperv/netvsc.c | 7 drivers/net/usb/qmi_wwan.c | 1 drivers/net/vxlan/vxlan_core.c | 49 +- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 drivers/nvme/host/core.c | 2 drivers/nvme/host/nvme.h | 5 drivers/nvme/host/pci.c | 14 drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 - drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/intel/pinctrl-baytrail.c | 74 ++-- drivers/pinctrl/intel/pinctrl-intel.h | 4 drivers/pinctrl/mediatek/pinctrl-paris.c | 40 -- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 drivers/platform/x86/acer-wmi.c | 9 drivers/platform/x86/amd/pmf/acpi.c | 2 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 1 drivers/power/supply/mt6360_charger.c | 2 drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 - drivers/regulator/mt6360-regulator.c | 32 + drivers/regulator/tps65132-regulator.c | 7 drivers/s390/cio/cio_inject.c | 2 drivers/s390/net/qeth_core_main.c | 61 +-- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 drivers/scsi/libsas/sas_expander.c | 2 drivers/scsi/lpfc/lpfc.h | 2 drivers/scsi/lpfc/lpfc_attr.c | 4 drivers/scsi/lpfc/lpfc_bsg.c | 20 - drivers/scsi/lpfc/lpfc_debugfs.c | 12 drivers/scsi/lpfc/lpfc_els.c | 20 - drivers/scsi/lpfc/lpfc_hbadisc.c | 5 drivers/scsi/lpfc/lpfc_init.c | 5 drivers/scsi/lpfc/lpfc_nvme.c | 4 drivers/scsi/lpfc/lpfc_scsi.c | 13 drivers/scsi/lpfc/lpfc_sli.c | 34 - drivers/scsi/lpfc/lpfc_vport.c | 8 drivers/scsi/mpi3mr/mpi3mr_app.c | 2 drivers/slimbus/qcom-ngd-ctrl.c | 6 drivers/spi/spi-axi-spi-engine.c | 19 - drivers/spi/spi-hisi-kunpeng.c | 2 drivers/spi/spi-microchip-core-qspi.c | 1 drivers/spi/spi.c | 1 drivers/target/target_core_configfs.c | 12 drivers/thermal/thermal_debugfs.c | 59 ++- drivers/ufs/core/ufs-mcq.c | 2 drivers/ufs/core/ufshcd.c | 9 drivers/uio/uio_hv_generic.c | 12 drivers/usb/core/hub.c | 5 drivers/usb/core/port.c | 8 drivers/usb/dwc3/core.c | 90 ++-- drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 27 + drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 9 drivers/usb/gadget/function/uvc_configfs.c | 4 drivers/usb/host/ohci-hcd.c | 8 drivers/usb/host/xhci-plat.h | 4 drivers/usb/host/xhci-rzv2m.c | 1 drivers/usb/typec/tcpm/tcpm.c | 36 + drivers/usb/typec/ucsi/ucsi.c | 12 drivers/vfio/pci/vfio_pci.c | 2 fs/9p/fid.h | 3 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 23 - fs/9p/vfs_super.c | 1 fs/btrfs/inode.c | 2 fs/btrfs/ordered-data.c | 1 fs/btrfs/qgroup.c | 2 fs/btrfs/transaction.c | 2 fs/btrfs/tree-checker.c | 30 - fs/btrfs/tree-checker.h | 1 fs/btrfs/volumes.c | 18 fs/exfat/file.c | 7 fs/gfs2/bmap.c | 5 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 fs/nfsd/cache.h | 2 fs/nfsd/netns.h | 21 - fs/nfsd/nfs4callback.c | 97 +++++ fs/nfsd/nfs4proc.c | 6 fs/nfsd/nfs4state.c | 3 fs/nfsd/nfs4xdr.c | 2 fs/nfsd/nfscache.c | 40 -- fs/nfsd/nfsctl.c | 14 fs/nfsd/nfsfh.c | 3 fs/nfsd/state.h | 14 fs/nfsd/stats.c | 43 -- fs/nfsd/stats.h | 62 +-- fs/nfsd/vfs.c | 6 fs/nfsd/xdr4cb.h | 18 fs/proc/task_mmu.c | 24 - fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 8 fs/smb/client/fs_context.c | 21 + fs/smb/client/fs_context.h | 2 fs/smb/client/misc.c | 1 fs/smb/client/smb2pdu.c | 11 fs/smb/server/oplock.c | 35 + fs/smb/server/transport_tcp.c | 4 fs/tracefs/event_inode.c | 45 +- fs/tracefs/inode.c | 92 ++++ fs/tracefs/internal.h | 7 fs/userfaultfd.c | 4 fs/vboxsf/file.c | 1 include/linux/compiler_types.h | 11 include/linux/dma-fence.h | 7 include/linux/gfp_types.h | 2 include/linux/hyperv.h | 1 include/linux/pci_ids.h | 2 include/linux/regmap.h | 8 include/linux/regulator/consumer.h | 4 include/linux/skbuff.h | 15 include/linux/skmsg.h | 2 include/linux/slab.h | 4 include/linux/sockptr.h | 25 + include/linux/sunrpc/clnt.h | 1 include/net/gro.h | 9 include/net/xfrm.h | 3 include/sound/emu10k1.h | 3 include/trace/events/rxrpc.h | 2 include/uapi/linux/kfd_ioctl.h | 17 include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 kernel/bpf/bloom_filter.c | 13 kernel/bpf/verifier.c | 3 kernel/dma/swiotlb.c | 1 kernel/workqueue.c | 8 lib/Kconfig.debug | 5 lib/dynamic_debug.c | 6 lib/maple_tree.c | 16 lib/scatterlist.c | 2 mm/readahead.c | 4 mm/slub.c | 52 +- net/8021q/vlan_core.c | 2 net/bluetooth/hci_core.c | 3 net/bluetooth/hci_event.c | 2 net/bluetooth/l2cap_core.c | 3 net/bluetooth/msft.c | 2 net/bluetooth/msft.h | 4 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/bridge/br_netlink.c | 3 net/core/filter.c | 42 +- net/core/gro.c | 1 net/core/link_watch.c | 4 net/core/net-sysfs.c | 4 net/core/net_namespace.c | 13 net/core/rtnetlink.c | 6 net/core/skbuff.c | 27 + net/core/skmsg.c | 5 net/core/sock.c | 4 net/hsr/hsr_device.c | 31 - net/ipv4/af_inet.c | 1 net/ipv4/ip_output.c | 2 net/ipv4/raw.c | 3 net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/udp.c | 3 net/ipv4/udp_offload.c | 15 net/ipv4/xfrm4_input.c | 6 net/ipv6/addrconf.c | 11 net/ipv6/fib6_rules.c | 6 net/ipv6/ip6_input.c | 4 net/ipv6/ip6_offload.c | 1 net/ipv6/ip6_output.c | 4 net/ipv6/udp.c | 3 net/ipv6/udp_offload.c | 3 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/mac80211/mlme.c | 5 net/mptcp/ctrl.c | 39 ++ net/mptcp/protocol.c | 3 net/nfc/llcp_sock.c | 12 net/nfc/nci/core.c | 1 net/nsh/nsh.c | 14 net/phonet/pn_netlink.c | 2 net/rxrpc/ar-internal.h | 2 net/rxrpc/call_object.c | 7 net/rxrpc/conn_event.c | 16 net/rxrpc/conn_object.c | 9 net/rxrpc/input.c | 71 ++- net/rxrpc/output.c | 14 net/rxrpc/protocol.h | 6 net/smc/smc_ib.c | 19 - net/sunrpc/clnt.c | 5 net/sunrpc/xprtsock.c | 1 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 rust/macros/module.rs | 185 ++++++---- scripts/Makefile.modfinal | 2 security/keys/key.c | 3 sound/hda/intel-sdw-acpi.c | 2 sound/oss/dmasound/dmasound_paula.c | 8 sound/pci/emu10k1/emu10k1.c | 3 sound/pci/emu10k1/emu10k1_main.c | 139 ++++--- sound/pci/hda/patch_realtek.c | 25 + sound/soc/codecs/es8326.c | 30 - sound/soc/codecs/es8326.h | 2 sound/soc/codecs/wsa881x.c | 1 sound/soc/intel/avs/topology.c | 2 sound/soc/meson/Kconfig | 1 sound/soc/meson/axg-card.c | 1 sound/soc/meson/axg-fifo.c | 52 +- sound/soc/meson/axg-fifo.h | 12 sound/soc/meson/axg-frddr.c | 5 sound/soc/meson/axg-tdm-interface.c | 34 + sound/soc/meson/axg-toddr.c | 22 - sound/soc/sof/intel/hda-dsp.c | 20 - sound/soc/sof/intel/pci-lnl.c | 3 sound/soc/tegra/tegra186_dspk.c | 7 sound/soc/ti/davinci-mcasp.c | 12 sound/usb/line6/driver.c | 6 tools/include/linux/kernel.h | 1 tools/include/linux/mm.h | 5 tools/include/linux/panic.h | 19 + tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 159 ++++++-- tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 6 tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 2 tools/testing/selftests/mm/Makefile | 6 tools/testing/selftests/net/test_bridge_neigh_suppress.sh | 14 tools/testing/selftests/timers/valid-adjtimex.c | 73 +-- 377 files changed, 3360 insertions(+), 1832 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Adam Skladowski (1): clk: qcom: smd-rpm: Restore msm8976 num_clk Al Viro (1): qibfs: fix dentry leak Alan Stern (2): usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device USB: core: Fix access violation during port device removal Aleksa Savic (3): hwmon: (corsair-cpro) Use a separate buffer for sending commands hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Alex Deucher (2): drm/radeon: silence UBSAN warning (v3) drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alex Hung (1): drm/amd/display: Skip on writeback when it's not applicable Alexander Potapenko (1): kmsan: compiler_types: declare __no_sanitize_or_inline Alexander Usyskin (1): mei: me: add lunar lake point M DID Alexandra Winter (1): s390/qeth: Fix kernel panic after setting hsuid Amadeusz Sławiński (1): ASoC: Intel: avs: Set name of control as in topology Aman Dhoot (1): ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Amit Sunil Dhamne (1): usb: typec: tcpm: unregister existing source caps before re-registration Anand Jain (1): btrfs: return accurate error code on open failure in open_fs_devices() Andi Shyti (1): drm/i915/gt: Automate CCS Mode setting during engine resets Andrei Matei (1): bpf: Check bloom filter map value size Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andrii Nakryiko (1): bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition André Apitzsch (1): regulator: tps65132: Add of_match table Andy Shevchenko (5): drm/panel: ili9341: Correct use of device property APIs drm/panel: ili9341: Respect deferred probe drm/panel: ili9341: Use predefined error codes gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently AngeloGioacchino Del Regno (2): power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator regulator: mt6360: De-capitalize devicetree regulator subnodes Anton Protopopov (1): bpf: Fix a verifier verbose message Arjan van de Ven (2): VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist dmaengine: idxd: add a new security check to deal with a hardware erratum Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asbjørn Sloth Tønnesen (4): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_actions() Ashutosh Dixit (1): drm/xe: Label RING_CONTEXT_CONTROL as masked Badhri Jagan Sridharan (1): usb: typec: tcpm: Check for port partner validity before consuming it Benjamin Berg (1): wifi: iwlwifi: mvm: guard against invalid STA ID on removal Benno Lossin (1): rust: macros: fix soundness issue in `module!` macro Bernhard Rosenkränzer (1): platform/x86: acer-wmi: Add support for Acer PH18-71 Billy Tsai (1): pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Borislav Petkov (AMD) (1): kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Boy.Wu (1): ARM: 9381/1: kasan: clear stale stack poison Bui Quang Minh (4): ice: ensure the copied buf is NUL terminated bna: ensure the copied buf is NUL terminated octeontx2-af: avoid off-by-one read from userspace s390/cio: Ensure the copied buf is NUL terminated Chaitanya Kumar Borah (1): drm/i915/audio: Fix audio time stamp programming for DP Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen Yu (2): efi/unaccepted: touch soft lockup during memory accept tools/power turbostat: Do not print negative LPI residency Chen-Yu Tsai (3): pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE arm64: dts: mediatek: mt8183-pico6: Fix bluetooth node Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Christian A. Ehrhardt (2): usb: typec: ucsi: Check for notifications after init usb: typec: ucsi: Fix connector check on init Christian König (1): drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Chuck Lever (1): NFSD: Fix nfsd4_encode_fattr4() crasher Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Conor Dooley (2): firmware: microchip: don't unconditionally print validation success spi: microchip-core-qspi: fix setting spi bus clock rate Dai Ngo (1): NFSD: add support for CB_GETATTR callback Dan Carpenter (2): pinctrl: core: delete incorrect free in pinctrl_enable() mm/slab: make __free(kfree) accept error pointers Daniel Golle (1): dt-bindings: net: mediatek: remove wrongly added clocks and SerDes Dave Airlie (1): Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" David Bauer (1): net l2tp: drop flow hash on forward David Howells (4): Fix a potential infinite loop in extract_user_to_sg() rxrpc: Fix the names of the fields in the ACK trailer struct rxrpc: Fix congestion control algorithm rxrpc: Only transmit one ACK per jumbo packet received David Lechner (2): spi: axi-spi-engine: use common AXI macros spi: axi-spi-engine: fix version format string Devyn Liu (1): spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Donald Hunter (1): netlink: specs: Add missing bridge linkinfo attrs Doug Berger (3): net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() net: bcmgenet: synchronize UMAC_CMD access Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Douglas Anderson (1): drm/connector: Add \n to message about demoting connector force-probes Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (8): net: add copy_safe_from_sockptr() helper nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() net-sysfs: convert dev->operstate reads to lockless ones ipv6: annotate data-races around cnf.disable_ipv6 ipv6: prevent NULL dereference in ip6_output() Eric Van Hensbergen (2): fs/9p: fix uninitialized values during inode evict fs/9p: remove erroneous nlink init from legacy stat2inode Felix Fietkau (3): net: bridge: fix multicast-to-unicast with fraglist GSO net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix corrupted ethernet header on multicast-to-unicast Frank Oltmanns (2): clk: sunxi-ng: common: Support minimum and maximum rate clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Gabe Teeger (1): drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Gaurav Batra (1): powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE George Shen (1): drm/amd/display: Handle Y carry-over in VCP X.Y calculation Greg Kroah-Hartman (1): Linux 6.8.10 Gregory Detal (1): mptcp: only allow set existing scheduler for net.mptcp.scheduler Guenter Roeck (1): usb: ohci: Prevent missed ohci interrupts Guillaume Nault (3): vxlan: Fix racy device stats updates. vxlan: Add missing VNI filter counter update in arp_reduce(). vxlan: Pull inner IP header in vxlan_rcv(). Hans de Goede (3): pinctrl: baytrail: Fix selecting gpio pinctrl state iio: accel: mxc4005: Interrupt handling fixes iio: accel: mxc4005: Reset chip on probe() and resume() Hersen Wu (1): drm/amd/display: Fix incorrect DSC instance for MST Himal Prasad Ghimiray (1): drm/xe/xe_migrate: Cast to output precision before multiplying operands Ian Forbes (1): drm/vmwgfx: Fix Legacy Display Unit Ido Schimmel (1): selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Ivan Avdeev (1): usb: gadget: uvc: use correct buffer size when parsing configfs lists Jacek Lawrynowicz (2): accel/ivpu: Remove d3hot_after_power_off WA accel/ivpu: Fix missed error message after VPU rename Jan Dakinevich (1): pinctrl/meson: fix typo in PDM's pin name Jason Gunthorpe (1): iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() Jason Xing (1): bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Javier Carrasco (1): dt-bindings: iio: health: maxim,max30102: fix compatible check Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (2): vboxsf: explicitly deny setlease attempts 9p: explicitly deny setlease attempts Jeffrey Altman (1): rxrpc: Clients must accept conn from any address Jens Remus (1): s390/vdso: Add CFI for RA register to asm macro vdso_func Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jerome Brunet (7): ASoC: meson: axg-fifo: use FIELD helpers ASoC: meson: axg-fifo: use threaded irq to check periods ASoC: meson: axg-card: make links nonatomic ASoC: meson: axg-tdm-interface: manage formatters in trigger ASoC: meson: cards: select SND_DYNAMIC_MINORS drm/meson: dw-hdmi: power up phy on device init drm/meson: dw-hdmi: add bandgap setting for g12 Jian Shen (1): net: hns3: direct return when receive a unknown mailbox message Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (4): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: fix the cache always being enabled on files with qid flags fs/9p: drop inodes immediately on non-.L too Joao Paulo Goncalves (1): ASoC: ti: davinci-mcasp: Fix race condition during probe Johan Hovold (9): regulator: core: fix debugfs creation regression Bluetooth: qca: fix invalid device address check Bluetooth: qca: fix wcn3991 device address check Bluetooth: qca: add missing firmware sanity checks Bluetooth: qca: fix NVM configuration parsing Bluetooth: qca: generalise device address check Bluetooth: qca: fix info leak when fetching board id Bluetooth: qca: fix info leak when fetching fw build id Bluetooth: qca: fix firmware check error path Johannes Berg (3): wifi: nl80211: don't free NULL coalescing rule wifi: mac80211: fix prep_connection error path wifi: iwlwifi: read txq->read_ptr under lock John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jonathan Kim (1): drm/amdkfd: range check cp bad op exception interrupts Josef Bacik (7): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace nfsd: rename NFSD_NET_* to NFSD_STATS_* nfsd: expose /proc/net/sunrpc/nfsd in net namespaces nfsd: make all of the nfsd stats per-network namespace btrfs: make sure that WRITTEN is set on all metadata blocks Justin Ernst (1): tools/power/turbostat: Fix uncore frequency file string Justin Tee (6): scsi: lpfc: Move NPIV's transport unregistration to after resource clean up scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() scsi: lpfc: Use a dedicated lock for ras_fwlog state Karthikeyan Ramasubramanian (1): drm/i915/bios: Fix parsing backlight BDB data Kees Cook (1): nouveau/gsp: Avoid addressing beyond end of rpc->entries Kefeng Wang (1): mm: use memalloc_nofs_save() in page_cache_ra_order() Kenneth Feng (1): drm/amd/pm: fix the high voltage issue after unload Kent Gibson (1): gpiolib: cdev: fix uninitialised kfifo Krzysztof Kozlowski (2): iommu: mtk: fix module autoloading gpio: lpc32xx: fix module autoloading Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Lakshmi Yadlapati (1): hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Len Brown (2): tools/power turbostat: Expand probe_intel_uncore_frequency() tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Li Ma (1): drm/amd/display: add DCN 351 version for microcode load Li Nan (2): block: fix overflow in blk_ioctl_discard() blk-iocost: do not WARN if iocg was already offlined Liam R. Howlett (1): maple_tree: fix mas_empty_area_rev() null pointer dereference Lijo Lazar (2): drm/amdgpu: Refine IB schedule error logging drm/amdgpu: Fix VCN allocation in CPX partition Linus Torvalds (1): Reapply "drm/qxl: simplify qxl_fence_wait" Lucas De Marchi (2): drm/xe/display: Fix ADL-N detection drm/xe: Fix END redefinition Lukasz Majewski (1): hsr: Simplify code for announcing HSR nodes timer setup Lyude Paul (3): drm/nouveau/dp: Don't probe eDP ports twice harder drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 Mans Rullgard (1): spi: fix null pointer dereference within spi_sync Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Marek Szyprowski (1): clk: samsung: Revert "clk: Use device_get_match_data()" Marek Vasut (1): net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Mario Limonciello (2): platform/x86/amd: pmf: Decrease error message to debug dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Mark Rutland (1): selftests/ftrace: Fix event filter target_func selection Matt Coster (1): drm/imagination: Ensure PVR_MIPS_PT_PAGE_COUNT is never zero Matti Vaittinen (2): regulator: change stubbed devm_regulator_get_enable to return Ok regulator: change devm_regulator_get_enable_optional() stub to return Ok Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Max Filippov (1): xtensa: fix MAKE_PC_FROM_RA second argument Michael Ellerman (2): powerpc/crypto/chacha-p10: Fix failure on non Power10 selftests/mm: fix powerpc ARCH check Michael Kelley (1): Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Michel Dänzer (1): drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Mukul Joshi (1): drm/amdkfd: Check cgroup when returning DMABuf info Namjae Jeon (3): ksmbd: off ipv6only for both ipv4/ipv6 binding ksmbd: avoid to send duplicate lease break notifications ksmbd: do not grant v2 lease if parent lease key and epoch are not set Nayna Jain (1): powerpc/pseries: make max polling consistent for longer H_CALLs Nicholas Kazlauskas (1): drm/amd/display: Fix idle optimization checks for multi-display and dual eDP Nicolas Bouchinet (1): mm/slub: avoid zeroing outside-object freepointer for single free Nikhil Rao (1): dmaengine: idxd: add a write() method for applications to submit work Olga Kornievskaia (1): SUNRPC: add a missing rpc_stat for TCP TLS Oliver Upton (1): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Oswald Buddenhagen (4): ALSA: emu10k1: fix E-MU card dock presence monitoring ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() ALSA: emu10k1: move the whole GPIO event handling to the workqueue ALSA: emu10k1: fix E-MU dock initialization Paolo Abeni (2): mptcp: ensure snd_nxt is properly initialized on connect tipc: fix UAF in error path Patryk Wlazlyn (1): tools/power turbostat: Print ucode revision only if valid Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Peiyang Wang (4): net: hns3: using user configure after hardware reset net: hns3: change type of numa_node_mask as nodemask_t net: hns3: release PTP resources if pf initialization failed net: hns3: use appropriate barrier function after setting a bit value Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Peter Ujfalusi (1): ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Peter Wang (2): scsi: ufs: core: WLUN suspend dev/link state error recovery scsi: ufs: core: Fix MCQ mode dev command timeout Peter Xu (1): mm/userfaultfd: reset ptes when close() for wr-protected ones Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Pierre-Louis Bossart (2): ASoC: SOF: Intel: add default firmware library path for LNL ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Puranjay Mohan (1): arm32, bpf: Reimplement sign-extension mov instruction Qu Wenruo (2): btrfs: set correct ram_bytes when splitting ordered extent btrfs: qgroup: do not check qgroup inherit if qgroup is disabled RD Babiera (1): usb: typec: tcpm: clear pd_event queue in PORT_RESET Rafael J. Wysocki (3): thermal/debugfs: Free all thermal zone debug memory on zone removal thermal/debugfs: Fix two locking issues with thermal zone debug thermal/debugfs: Prevent use-after-free from occurring after cdev removal Ramona Gradinariu (1): iio:imu: adis16475: Fix sync mode setting Richard Fitzgerald (1): regmap: Add regmap_read_bypassed() Richard Gobert (2): net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb net: gro: add flush check in udp_gro_receive_segment Rick Edgecombe (4): Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl hv_netvsc: Don't free decrypted memory uio_hv_generic: Don't free decrypted memory Rik van Riel (1): blk-iocost: avoid out of bounds shift Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Rohit Ner (1): scsi: ufs: core: Fix MCQ MAC configuration Ryan Roberts (2): fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Sameer Pujar (1): ASoC: tegra: Fix DSPK 16-bit playback Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Sean Anderson (1): nvme-pci: Add quirk for broken MSIs Sebastian Andrzej Siewior (1): cxgb4: Properly lock TX queue for the selftest. Shashank Sharma (1): drm/amdgpu: fix doorbell regression Shigeru Yoshida (2): ipv4: Fix uninit-value access in __ip_make_skb() ipv6: Fix potential uninit-value access in __ip6_make_skb() Shin'ichiro Kawasaki (1): scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Shubhrajyoti Datta (1): EDAC/versal: Do not log total error counts Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation Srinivas Kandagatla (1): ASoC: codecs: wsa881x: set clk_stop_mode1 flag Srinivas Pandruvada (1): platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Steffen Bätz (1): net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Steve French (1): smb3: fix broken reconnect when password changing on the server by allowing password rotation Steven Rostedt (Google) (3): tracefs: Reset permissions on remount if permissions are options tracefs: Still use mount point as default permissions for instances eventfs: Do not treat events directory different than other directories Sungwoo Kim (2): Bluetooth: msft: fix slab-use-after-free in msft_do_close() Bluetooth: HCI: Fix potential null-ptr-deref Sven Schnelle (1): workqueue: Fix selection of wake_cpu in kick_pool() Takashi Iwai (2): ALSA: line6: Zero-initialize message buffers ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models Takashi Sakamoto (1): firewire: ohci: fulfill timestamp for some local asynchronous transaction Tao Zhou (1): drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Tetsuo Handa (1): nfc: nci: Fix kcov check in nci_rx_work() Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Thinh Nguyen (2): usb: xhci-plat: Don't include xhci.h usb: dwc3: core: Prevent phy suspend during init Thomas Bertschinger (1): rust: module: place generated init_module() function in .init.text Thomas Gleixner (1): x86/apic: Don't access the APIC when disabling x2APIC Thomas Weißschuh (1): misc/pvpanic-pci: register attributes via pci_driver Toke Høiland-Jørgensen (1): xdp: use flags field to disambiguate broadcast redirect Uwe Kleine-König (1): OSS: dmasound/paula: Mark driver struct with __refdata to prevent section mismatch Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vasant Hegde (1): iommu/amd: Enhance def_domain_type to handle untrusted device Vasileios Amoiridis (2): iio: pressure: Fixes BME280 SPI driver data iio: pressure: Fixes SPI support for BMP3xx devices Viken Dadhaniya (1): slimbus: qcom-ngd-ctrl: Add timeout for wait operation Vitaly Lifshits (1): e1000e: change usleep_range to udelay in PHY mdic access Volodymyr Babchuk (1): arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Wachowski, Karol (1): accel/ivpu: Improve clarity of MMU error messages Wei Yang (3): memblock tests: fix undefined reference to `early_pfn_to_nid' memblock tests: fix undefined reference to `panic' memblock tests: fix undefined reference to `BIT' Wen Gu (1): net/smc: fix neighbour and rtable leak in smc_ib_find_route() Wesley Cheng (1): usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Will Deacon (1): swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Wyes Karny (1): tools/power turbostat: Increase the limit for fd opened Xiang Chen (1): scsi: hisi_sas: Handle the NCQ error returned by D2H frame Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Xu Kuohai (2): bpf, arm64: Fix incorrect runtime stats riscv, bpf: Fix incorrect runtime stats Yi Zhang (1): nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Yifan Zhang (1): drm/amdgpu: add smu 14.0.1 discovery support Yihang Li (1): scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Yonglong Liu (2): net: hns3: fix port vlan filter not disabled issue net: hns3: fix kernel crash when devlink reload during initialization Yuezhang Mo (1): exfat: fix timing of synchronizing bitmap and inode Zack Rusin (2): drm/ttm: Print the memory decryption status just once drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() Zhang Yi (2): ASoC: codecs: ES8326: Solve error interruption issue ASoC: codecs: ES8326: modify clock table Zhigang Luo (1): amd/amdkfd: sync all devices to wait all processes being evicted Zhongqiu Han (1): gpiolib: cdev: Fix use after free in lineinfo_changed_notify linke li (1): net: mark racy access on sk->sk_rcvbuf

11 months, 3 weeks

1
1
0 0

Linux 6.6.31

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.31 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/iio/health/maxim,max30102.yaml | 2 Documentation/devicetree/bindings/net/mediatek,net.yaml | 22 Makefile | 2 arch/arm/kernel/sleep.S | 4 arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 arch/arm64/net/bpf_jit_comp.c | 6 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 arch/mips/kernel/scall32-o32.S | 23 arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 arch/powerpc/crypto/chacha-p10-glue.c | 8 arch/powerpc/include/asm/plpks.h | 5 arch/powerpc/platforms/pseries/iommu.c | 8 arch/powerpc/platforms/pseries/plpks.c | 10 arch/riscv/net/bpf_jit_comp64.c | 6 arch/s390/include/asm/dwarf.h | 1 arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 arch/x86/kernel/apic/apic.c | 16 arch/xtensa/include/asm/processor.h | 8 arch/xtensa/include/asm/ptrace.h | 2 arch/xtensa/kernel/process.c | 5 arch/xtensa/kernel/stacktrace.c | 3 block/blk-iocost.c | 14 block/ioctl.c | 5 drivers/ata/sata_gemini.c | 5 drivers/base/regmap/regmap.c | 37 + drivers/bluetooth/btqca.c | 206 +++++- drivers/bluetooth/btqca.h | 8 drivers/bluetooth/hci_qca.c | 13 drivers/clk/clk.c | 12 drivers/clk/qcom/clk-smd-rpm.c | 1 drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 drivers/clk/sunxi-ng/ccu_common.c | 19 drivers/clk/sunxi-ng/ccu_common.h | 3 drivers/dma/idxd/cdev.c | 77 ++ drivers/dma/idxd/idxd.h | 3 drivers/dma/idxd/init.c | 4 drivers/dma/idxd/registers.h | 3 drivers/dma/idxd/sysfs.c | 27 drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 14 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-lpc32xx.c | 1 drivers/gpio/gpio-wcove.c | 2 drivers/gpio/gpiolib-cdev.c | 181 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 52 - drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 + drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 drivers/gpu/drm/drm_connector.c | 2 drivers/gpu/drm/i915/display/intel_audio.c | 113 --- drivers/gpu/drm/i915/display/intel_bios.c | 19 drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 -- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 drivers/gpu/drm/panel/Kconfig | 2 drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 drivers/gpu/drm/qxl/qxl_release.c | 50 - drivers/gpu/drm/radeon/pptable.h | 10 drivers/gpu/drm/ttm/ttm_tt.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/host1x/bus.c | 8 drivers/hv/channel.c | 29 drivers/hv/connection.c | 29 drivers/hwmon/corsair-cpro.c | 45 - drivers/hwmon/pmbus/ucd9000.c | 6 drivers/iio/accel/mxc4005.c | 24 drivers/iio/imu/adis16475.c | 4 drivers/iio/pressure/bmp280-spi.c | 4 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/mtk_iommu.c | 1 drivers/iommu/mtk_iommu_v1.c | 1 drivers/md/md.c | 1 drivers/misc/eeprom/at24.c | 47 + drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mtd/mtdcore.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 20 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 - drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 drivers/net/ethernet/intel/e1000e/phy.c | 8 drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 drivers/net/ethernet/micrel/ks8851_common.c | 16 drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 drivers/net/hyperv/netvsc.c | 7 drivers/net/usb/qmi_wwan.c | 1 drivers/net/vxlan/vxlan_core.c | 49 + drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 drivers/nvme/host/core.c | 2 drivers/nvme/host/nvme.h | 5 drivers/nvme/host/pci.c | 14 drivers/nvmem/apple-efuses.c | 1 drivers/nvmem/core.c | 8 drivers/nvmem/imx-ocotp-scu.c | 1 drivers/nvmem/imx-ocotp.c | 1 drivers/nvmem/meson-efuse.c | 1 drivers/nvmem/meson-mx-efuse.c | 1 drivers/nvmem/microchip-otpc.c | 1 drivers/nvmem/mtk-efuse.c | 1 drivers/nvmem/qcom-spmi-sdam.c | 1 drivers/nvmem/qfprom.c | 1 drivers/nvmem/rave-sp-eeprom.c | 1 drivers/nvmem/rockchip-efuse.c | 1 drivers/nvmem/sc27xx-efuse.c | 1 drivers/nvmem/sec-qfprom.c | 1 drivers/nvmem/sprd-efuse.c | 1 drivers/nvmem/stm32-romem.c | 1 drivers/nvmem/sunplus-ocotp.c | 1 drivers/nvmem/sunxi_sid.c | 1 drivers/nvmem/uniphier-efuse.c | 1 drivers/nvmem/zynqmp_nvmem.c | 1 drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 - drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +- drivers/pinctrl/intel/pinctrl-intel.h | 4 drivers/pinctrl/mediatek/pinctrl-paris.c | 40 - drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 1 drivers/power/supply/mt6360_charger.c | 2 drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 drivers/regulator/mt6360-regulator.c | 32 drivers/regulator/tps65132-regulator.c | 7 drivers/rtc/nvmem.c | 1 drivers/s390/cio/cio_inject.c | 2 drivers/s390/net/qeth_core_main.c | 61 - drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 drivers/scsi/libsas/sas_expander.c | 2 drivers/scsi/lpfc/lpfc.h | 2 drivers/scsi/lpfc/lpfc_attr.c | 4 drivers/scsi/lpfc/lpfc_bsg.c | 20 drivers/scsi/lpfc/lpfc_debugfs.c | 12 drivers/scsi/lpfc/lpfc_els.c | 20 drivers/scsi/lpfc/lpfc_hbadisc.c | 5 drivers/scsi/lpfc/lpfc_init.c | 5 drivers/scsi/lpfc/lpfc_nvme.c | 4 drivers/scsi/lpfc/lpfc_scsi.c | 13 drivers/scsi/lpfc/lpfc_sli.c | 34 - drivers/scsi/lpfc/lpfc_vport.c | 8 drivers/scsi/mpi3mr/mpi3mr_app.c | 2 drivers/slimbus/qcom-ngd-ctrl.c | 6 drivers/spi/spi-axi-spi-engine.c | 227 +++--- drivers/spi/spi-hisi-kunpeng.c | 2 drivers/spi/spi-microchip-core-qspi.c | 1 drivers/spi/spi.c | 1 drivers/target/target_core_configfs.c | 12 drivers/ufs/core/ufs-mcq.c | 2 drivers/ufs/core/ufshcd.c | 9 drivers/uio/uio_hv_generic.c | 12 drivers/usb/core/hub.c | 5 drivers/usb/core/port.c | 8 drivers/usb/dwc3/core.c | 90 +- drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 27 drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 9 drivers/usb/gadget/function/uvc_configfs.c | 4 drivers/usb/host/ohci-hcd.c | 8 drivers/usb/host/xhci-plat.h | 4 drivers/usb/host/xhci-rzv2m.c | 1 drivers/usb/typec/tcpm/tcpm.c | 36 - drivers/usb/typec/ucsi/ucsi.c | 12 drivers/vfio/pci/vfio_pci.c | 2 drivers/w1/slaves/w1_ds250x.c | 1 fs/9p/fid.h | 3 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 fs/9p/vfs_super.c | 1 fs/btrfs/extent_io.c | 14 fs/btrfs/inode.c | 2 fs/btrfs/ordered-data.c | 1 fs/btrfs/send.c | 4 fs/btrfs/transaction.c | 2 fs/btrfs/volumes.c | 18 fs/gfs2/bmap.c | 5 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 8 fs/smb/client/fs_context.c | 21 fs/smb/client/fs_context.h | 2 fs/smb/client/misc.c | 1 fs/smb/client/smb2pdu.c | 11 fs/smb/server/oplock.c | 35 - fs/smb/server/transport_tcp.c | 4 fs/tracefs/event_inode.c | 45 - fs/tracefs/inode.c | 92 ++ fs/tracefs/internal.h | 7 fs/userfaultfd.c | 4 fs/vboxsf/file.c | 1 include/linux/compiler_types.h | 11 include/linux/dma-fence.h | 7 include/linux/gfp_types.h | 2 include/linux/hyperv.h | 1 include/linux/nvmem-provider.h | 2 include/linux/pci_ids.h | 2 include/linux/regmap.h | 8 include/linux/regulator/consumer.h | 4 include/linux/skbuff.h | 15 include/linux/skmsg.h | 2 include/linux/slab.h | 2 include/linux/sunrpc/clnt.h | 1 include/net/gro.h | 9 include/net/xfrm.h | 3 include/sound/emu10k1.h | 3 include/sound/sof.h | 7 include/trace/events/rxrpc.h | 2 include/uapi/linux/kfd_ioctl.h | 17 include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 kernel/bpf/bloom_filter.c | 13 kernel/bpf/verifier.c | 3 kernel/dma/swiotlb.c | 1 kernel/workqueue.c | 8 lib/Kconfig.debug | 5 lib/dynamic_debug.c | 6 lib/maple_tree.c | 16 lib/scatterlist.c | 2 mm/hugetlb.c | 4 mm/readahead.c | 4 net/8021q/vlan_core.c | 2 net/bluetooth/hci_core.c | 3 net/bluetooth/hci_event.c | 2 net/bluetooth/l2cap_core.c | 3 net/bluetooth/msft.c | 2 net/bluetooth/msft.h | 4 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/bridge/br_netlink.c | 3 net/core/filter.c | 42 - net/core/gro.c | 1 net/core/link_watch.c | 4 net/core/net-sysfs.c | 4 net/core/net_namespace.c | 13 net/core/rtnetlink.c | 6 net/core/skbuff.c | 27 net/core/skmsg.c | 5 net/core/sock.c | 4 net/hsr/hsr_device.c | 31 net/ipv4/af_inet.c | 1 net/ipv4/ip_output.c | 2 net/ipv4/raw.c | 3 net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/udp.c | 3 net/ipv4/udp_offload.c | 15 net/ipv4/xfrm4_input.c | 6 net/ipv6/addrconf.c | 11 net/ipv6/fib6_rules.c | 6 net/ipv6/ip6_input.c | 4 net/ipv6/ip6_offload.c | 52 + net/ipv6/ip6_output.c | 4 net/ipv6/udp.c | 3 net/ipv6/udp_offload.c | 3 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/mac80211/mlme.c | 5 net/mptcp/ctrl.c | 39 + net/mptcp/protocol.c | 3 net/nfc/nci/core.c | 1 net/nsh/nsh.c | 14 net/phonet/pn_netlink.c | 2 net/rxrpc/ar-internal.h | 2 net/rxrpc/call_object.c | 7 net/rxrpc/conn_event.c | 16 net/rxrpc/conn_object.c | 9 net/rxrpc/input.c | 71 +- net/rxrpc/output.c | 14 net/rxrpc/protocol.h | 6 net/smc/smc_ib.c | 19 net/sunrpc/clnt.c | 5 net/sunrpc/xprtsock.c | 1 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 rust/kernel/lib.rs | 2 rust/macros/module.rs | 185 +++-- scripts/Makefile.modfinal | 2 security/keys/key.c | 3 sound/hda/intel-sdw-acpi.c | 2 sound/pci/emu10k1/emu10k1.c | 3 sound/pci/emu10k1/emu10k1_main.c | 139 ++-- sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/wsa881x.c | 1 sound/soc/intel/avs/topology.c | 2 sound/soc/meson/Kconfig | 1 sound/soc/meson/axg-card.c | 1 sound/soc/meson/axg-fifo.c | 52 - sound/soc/meson/axg-fifo.h | 12 sound/soc/meson/axg-frddr.c | 5 sound/soc/meson/axg-tdm-interface.c | 34 - sound/soc/meson/axg-toddr.c | 22 sound/soc/sof/intel/hda-dsp.c | 20 sound/soc/sof/intel/pci-lnl.c | 3 sound/soc/tegra/tegra186_dspk.c | 7 sound/soc/ti/davinci-mcasp.c | 12 sound/usb/line6/driver.c | 6 tools/include/linux/kernel.h | 1 tools/include/linux/mm.h | 5 tools/include/linux/panic.h | 19 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 45 + tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 6 tools/testing/selftests/bpf/prog_tests/tc_redirect.c | 52 - tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 2 tools/testing/selftests/mm/Makefile | 6 tools/testing/selftests/net/test_bridge_neigh_suppress.sh | 333 ++++------ tools/testing/selftests/timers/valid-adjtimex.c | 73 +- 350 files changed, 3141 insertions(+), 1836 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Adam Skladowski (1): clk: qcom: smd-rpm: Restore msm8976 num_clk Al Viro (1): qibfs: fix dentry leak Alan Stern (2): usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device USB: core: Fix access violation during port device removal Aleksa Savic (3): hwmon: (corsair-cpro) Use a separate buffer for sending commands hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Alex Deucher (2): drm/radeon: silence UBSAN warning (v3) drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alex Hung (1): drm/amd/display: Skip on writeback when it's not applicable Alexander Potapenko (1): kmsan: compiler_types: declare __no_sanitize_or_inline Alexander Usyskin (1): mei: me: add lunar lake point M DID Alexandra Winter (1): s390/qeth: Fix kernel panic after setting hsuid Amadeusz Sławiński (1): ASoC: Intel: avs: Set name of control as in topology Aman Dhoot (1): ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Amit Sunil Dhamne (1): usb: typec: tcpm: unregister existing source caps before re-registration Anand Jain (1): btrfs: return accurate error code on open failure in open_fs_devices() Andi Shyti (1): drm/i915/gt: Automate CCS Mode setting during engine resets Andrei Matei (1): bpf: Check bloom filter map value size Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andrii Nakryiko (1): bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition André Apitzsch (1): regulator: tps65132: Add of_match table Andy Shevchenko (5): drm/panel: ili9341: Correct use of device property APIs drm/panel: ili9341: Respect deferred probe drm/panel: ili9341: Use predefined error codes gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently AngeloGioacchino Del Regno (2): power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator regulator: mt6360: De-capitalize devicetree regulator subnodes Anton Protopopov (1): bpf: Fix a verifier verbose message Arjan van de Ven (2): VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist dmaengine: idxd: add a new security check to deal with a hardware erratum Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asbjørn Sloth Tønnesen (4): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_actions() Badhri Jagan Sridharan (1): usb: typec: tcpm: Check for port partner validity before consuming it Benjamin Berg (1): wifi: iwlwifi: mvm: guard against invalid STA ID on removal Benno Lossin (1): rust: macros: fix soundness issue in `module!` macro Billy Tsai (1): pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Borislav Petkov (AMD) (1): kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Boy.Wu (1): ARM: 9381/1: kasan: clear stale stack poison Bui Quang Minh (3): bna: ensure the copied buf is NUL terminated octeontx2-af: avoid off-by-one read from userspace s390/cio: Ensure the copied buf is NUL terminated Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chaitanya Kumar Borah (1): drm/i915/audio: Fix audio time stamp programming for DP Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen-Yu Tsai (2): pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Christian A. Ehrhardt (2): usb: typec: ucsi: Check for notifications after init usb: typec: ucsi: Fix connector check on init Christian König (1): drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Christian Marangi (1): mtd: limit OTP NVMEM cell parse to non-NAND devices Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Conor Dooley (1): spi: microchip-core-qspi: fix setting spi bus clock rate Dan Carpenter (2): pinctrl: core: delete incorrect free in pinctrl_enable() mm/slab: make __free(kfree) accept error pointers Daniel Golle (1): dt-bindings: net: mediatek: remove wrongly added clocks and SerDes Daniel Okazaki (1): eeprom: at24: fix memory corruption race condition Dave Airlie (1): Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" David Bauer (1): net l2tp: drop flow hash on forward David Howells (4): Fix a potential infinite loop in extract_user_to_sg() rxrpc: Fix the names of the fields in the ACK trailer struct rxrpc: Fix congestion control algorithm rxrpc: Only transmit one ACK per jumbo packet received David Lechner (5): spi: axi-spi-engine: simplify driver data allocation spi: axi-spi-engine: use devm_spi_alloc_host() spi: axi-spi-engine: move msg state to new struct spi: axi-spi-engine: use common AXI macros spi: axi-spi-engine: fix version format string Devyn Liu (1): spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Dmitry Antipov (1): btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Doug Berger (3): net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() net: bcmgenet: synchronize UMAC_CMD access Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Douglas Anderson (1): drm/connector: Add \n to message about demoting connector force-probes Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (6): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() net-sysfs: convert dev->operstate reads to lockless ones ipv6: annotate data-races around cnf.disable_ipv6 ipv6: prevent NULL dereference in ip6_output() Felix Fietkau (3): net: bridge: fix multicast-to-unicast with fraglist GSO net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix corrupted ethernet header on multicast-to-unicast Frank Oltmanns (2): clk: sunxi-ng: common: Support minimum and maximum rate clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Gabe Teeger (1): drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Gaurav Batra (1): powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE George Shen (1): drm/amd/display: Handle Y carry-over in VCP X.Y calculation Greg Kroah-Hartman (1): Linux 6.6.31 Gregory Detal (1): mptcp: only allow set existing scheduler for net.mptcp.scheduler Guenter Roeck (1): usb: ohci: Prevent missed ohci interrupts Guillaume Nault (3): vxlan: Fix racy device stats updates. vxlan: Add missing VNI filter counter update in arp_reduce(). vxlan: Pull inner IP header in vxlan_rcv(). Hangbin Liu (1): selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace Hans de Goede (2): pinctrl: baytrail: Fix selecting gpio pinctrl state iio: accel: mxc4005: Interrupt handling fixes Heiner Kallweit (1): eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Hersen Wu (1): drm/amd/display: Fix incorrect DSC instance for MST Ian Forbes (1): drm/vmwgfx: Fix Legacy Display Unit Ido Schimmel (1): selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Ivan Avdeev (1): usb: gadget: uvc: use correct buffer size when parsing configfs lists Jan Dakinevich (1): pinctrl/meson: fix typo in PDM's pin name Jason Xing (1): bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Javier Carrasco (1): dt-bindings: iio: health: maxim,max30102: fix compatible check Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (2): vboxsf: explicitly deny setlease attempts 9p: explicitly deny setlease attempts Jeffrey Altman (1): rxrpc: Clients must accept conn from any address Jens Remus (1): s390/vdso: Add CFI for RA register to asm macro vdso_func Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jerome Brunet (7): ASoC: meson: axg-fifo: use FIELD helpers ASoC: meson: axg-fifo: use threaded irq to check periods ASoC: meson: axg-card: make links nonatomic ASoC: meson: axg-tdm-interface: manage formatters in trigger ASoC: meson: cards: select SND_DYNAMIC_MINORS drm/meson: dw-hdmi: power up phy on device init drm/meson: dw-hdmi: add bandgap setting for g12 Jian Shen (1): net: hns3: direct return when receive a unknown mailbox message Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (4): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: fix the cache always being enabled on files with qid flags fs/9p: drop inodes immediately on non-.L too Joao Paulo Goncalves (1): ASoC: ti: davinci-mcasp: Fix race condition during probe Johan Hovold (9): regulator: core: fix debugfs creation regression Bluetooth: qca: fix invalid device address check Bluetooth: qca: fix wcn3991 device address check Bluetooth: qca: add missing firmware sanity checks Bluetooth: qca: fix NVM configuration parsing Bluetooth: qca: generalise device address check Bluetooth: qca: fix info leak when fetching board id Bluetooth: qca: fix info leak when fetching fw build id Bluetooth: qca: fix firmware check error path Johannes Berg (3): wifi: nl80211: don't free NULL coalescing rule wifi: mac80211: fix prep_connection error path wifi: iwlwifi: read txq->read_ptr under lock John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jonathan Kim (1): drm/amdkfd: range check cp bad op exception interrupts Josef Bacik (3): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace Justin Ernst (1): tools/power/turbostat: Fix uncore frequency file string Justin Tee (6): scsi: lpfc: Move NPIV's transport unregistration to after resource clean up scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() scsi: lpfc: Use a dedicated lock for ras_fwlog state Karthikeyan Ramasubramanian (1): drm/i915/bios: Fix parsing backlight BDB data Kefeng Wang (1): mm: use memalloc_nofs_save() in page_cache_ra_order() Kent Gibson (2): gpiolib: cdev: relocate debounce_period_us from struct gpio_desc gpiolib: cdev: fix uninitialised kfifo Krzysztof Kozlowski (2): iommu: mtk: fix module autoloading gpio: lpc32xx: fix module autoloading Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Lakshmi Yadlapati (1): hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Len Brown (1): tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Li Nan (3): block: fix overflow in blk_ioctl_discard() blk-iocost: do not WARN if iocg was already offlined md: fix kmemleak of rdev->serial Li Zetao (1): spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Liam R. Howlett (1): maple_tree: fix mas_empty_area_rev() null pointer dereference Lijo Lazar (2): drm/amdgpu: Refine IB schedule error logging drm/amdgpu: Fix VCN allocation in CPX partition Linus Torvalds (1): Reapply "drm/qxl: simplify qxl_fence_wait" Lukasz Majewski (1): hsr: Simplify code for announcing HSR nodes timer setup Lyude Paul (2): drm/nouveau/dp: Don't probe eDP ports twice harder drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Mans Rullgard (1): spi: fix null pointer dereference within spi_sync Marc Zyngier (1): KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Marek Vasut (1): net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Mario Limonciello (1): dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Mark Rutland (1): selftests/ftrace: Fix event filter target_func selection Matti Vaittinen (2): regulator: change stubbed devm_regulator_get_enable to return Ok regulator: change devm_regulator_get_enable_optional() stub to return Ok Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Max Filippov (1): xtensa: fix MAKE_PC_FROM_RA second argument Miaohe Lin (1): mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Michael Ellerman (2): powerpc/crypto/chacha-p10: Fix failure on non Power10 selftests/mm: fix powerpc ARCH check Michael Kelley (1): Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Michel Dänzer (1): drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Mukul Joshi (1): drm/amdkfd: Check cgroup when returning DMABuf info Namjae Jeon (3): ksmbd: off ipv6only for both ipv4/ipv6 binding ksmbd: avoid to send duplicate lease break notifications ksmbd: do not grant v2 lease if parent lease key and epoch are not set Nayna Jain (1): powerpc/pseries: make max polling consistent for longer H_CALLs Nikhil Rao (1): dmaengine: idxd: add a write() method for applications to submit work Olga Kornievskaia (1): SUNRPC: add a missing rpc_stat for TCP TLS Oliver Upton (1): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Oswald Buddenhagen (4): ALSA: emu10k1: fix E-MU card dock presence monitoring ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() ALSA: emu10k1: move the whole GPIO event handling to the workqueue ALSA: emu10k1: fix E-MU dock initialization Paolo Abeni (2): mptcp: ensure snd_nxt is properly initialized on connect tipc: fix UAF in error path Patryk Wlazlyn (1): tools/power turbostat: Print ucode revision only if valid Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Pei Xiao (1): Revert "selftests/bpf: Add netkit to tc_redirect selftest" Peiyang Wang (4): net: hns3: using user configure after hardware reset net: hns3: change type of numa_node_mask as nodemask_t net: hns3: release PTP resources if pf initialization failed net: hns3: use appropriate barrier function after setting a bit value Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Peter Ujfalusi (2): ASoC: SOF: Introduce generic names for IPC types ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Peter Wang (2): scsi: ufs: core: WLUN suspend dev/link state error recovery scsi: ufs: core: Fix MCQ mode dev command timeout Peter Xu (1): mm/userfaultfd: reset ptes when close() for wr-protected ones Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Pierre-Louis Bossart (2): ASoC: SOF: Intel: add default firmware library path for LNL ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Qu Wenruo (2): btrfs: set correct ram_bytes when splitting ordered extent btrfs: do not wait for short bulk allocation RD Babiera (1): usb: typec: tcpm: clear pd_event queue in PORT_RESET Rafał Miłecki (1): nvmem: add explicit config option to read old syntax fixed OF cells Ramona Gradinariu (1): iio:imu: adis16475: Fix sync mode setting Richard Fitzgerald (1): regmap: Add regmap_read_bypassed() Richard Gobert (3): net: gro: parse ipv6 ext headers without frag0 invalidation net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb net: gro: add flush check in udp_gro_receive_segment Rick Edgecombe (4): Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl hv_netvsc: Don't free decrypted memory uio_hv_generic: Don't free decrypted memory Rik van Riel (1): blk-iocost: avoid out of bounds shift Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Rohit Ner (1): scsi: ufs: core: Fix MCQ MAC configuration Sameer Pujar (1): ASoC: tegra: Fix DSPK 16-bit playback Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Sean Anderson (1): nvme-pci: Add quirk for broken MSIs Sebastian Andrzej Siewior (1): cxgb4: Properly lock TX queue for the selftest. Shashank Sharma (1): drm/amdgpu: fix doorbell regression Shigeru Yoshida (2): ipv4: Fix uninit-value access in __ip_make_skb() ipv6: Fix potential uninit-value access in __ip6_make_skb() Shin'ichiro Kawasaki (1): scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation Srinivas Kandagatla (1): ASoC: codecs: wsa881x: set clk_stop_mode1 flag Srinivas Pandruvada (1): platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Steffen Bätz (1): net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Steve French (1): smb3: fix broken reconnect when password changing on the server by allowing password rotation Steven Rostedt (Google) (3): tracefs: Reset permissions on remount if permissions are options tracefs: Still use mount point as default permissions for instances eventfs: Do not treat events directory different than other directories Sungwoo Kim (2): Bluetooth: msft: fix slab-use-after-free in msft_do_close() Bluetooth: HCI: Fix potential null-ptr-deref Sven Schnelle (1): workqueue: Fix selection of wake_cpu in kick_pool() Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Takashi Sakamoto (1): firewire: ohci: fulfill timestamp for some local asynchronous transaction Tao Zhou (1): drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Tetsuo Handa (1): nfc: nci: Fix kcov check in nci_rx_work() Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Thinh Nguyen (2): usb: xhci-plat: Don't include xhci.h usb: dwc3: core: Prevent phy suspend during init Thomas Bertschinger (1): rust: module: place generated init_module() function in .init.text Thomas Gleixner (1): x86/apic: Don't access the APIC when disabling x2APIC Tim Jiang (1): Bluetooth: qca: add support for QCA2066 Toke Høiland-Jørgensen (1): xdp: use flags field to disambiguate broadcast redirect Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vasileios Amoiridis (1): iio: pressure: Fixes BME280 SPI driver data Viken Dadhaniya (1): slimbus: qcom-ngd-ctrl: Add timeout for wait operation Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Vitaly Lifshits (1): e1000e: change usleep_range to udelay in PHY mdic access Volodymyr Babchuk (1): arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Wedson Almeida Filho (1): rust: kernel: require `Send` for `Module` implementations Wei Yang (3): memblock tests: fix undefined reference to `early_pfn_to_nid' memblock tests: fix undefined reference to `panic' memblock tests: fix undefined reference to `BIT' Wen Gu (1): net/smc: fix neighbour and rtable leak in smc_ib_find_route() Wesley Cheng (1): usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Will Deacon (1): swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Wyes Karny (1): tools/power turbostat: Increase the limit for fd opened Xiang Chen (1): scsi: hisi_sas: Handle the NCQ error returned by D2H frame Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Xu Kuohai (2): bpf, arm64: Fix incorrect runtime stats riscv, bpf: Fix incorrect runtime stats Yi Zhang (1): nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Yihang Li (1): scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Yonglong Liu (2): net: hns3: fix port vlan filter not disabled issue net: hns3: fix kernel crash when devlink reload during initialization Zack Rusin (2): drm/ttm: Print the memory decryption status just once drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() Zhigang Luo (1): amd/amdkfd: sync all devices to wait all processes being evicted Zhongqiu Han (1): gpiolib: cdev: Fix use after free in lineinfo_changed_notify linke li (1): net: mark racy access on sk->sk_rcvbuf

11 months, 3 weeks

1
1
0 0

Linux 6.1.91

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.91 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/iio/health/maxim,max30102.yaml | 2 MAINTAINERS | 1 Makefile | 2 arch/arm/kernel/sleep.S | 4 arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 arch/arm64/net/bpf_jit_comp.c | 6 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 arch/mips/kernel/scall32-o32.S | 23 arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 - arch/powerpc/platforms/pseries/iommu.c | 8 arch/powerpc/platforms/pseries/plpks.c | 62 -- arch/powerpc/platforms/pseries/plpks.h | 35 + arch/s390/include/asm/dwarf.h | 1 arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 block/blk-iocost.c | 7 block/ioctl.c | 5 drivers/ata/sata_gemini.c | 5 drivers/bluetooth/btqca.c | 160 +++++ drivers/bluetooth/btqca.h | 6 drivers/bluetooth/hci_qca.c | 11 drivers/char/tpm/tpm-dev-common.c | 4 drivers/clk/clk.c | 12 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 drivers/dma/idxd/cdev.c | 77 ++ drivers/dma/idxd/idxd.h | 3 drivers/dma/idxd/init.c | 4 drivers/dma/idxd/registers.h | 3 drivers/dma/idxd/sysfs.c | 27 drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 6 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-wcove.c | 2 drivers/gpio/gpiolib-cdev.c | 183 +++++- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 48 - drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 drivers/gpu/drm/drm_connector.c | 2 drivers/gpu/drm/i915/display/intel_bios.c | 19 drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 +- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 drivers/gpu/drm/qxl/qxl_release.c | 50 - drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/host1x/bus.c | 8 drivers/hv/channel.c | 29 - drivers/hwmon/corsair-cpro.c | 45 + drivers/hwmon/pmbus/ucd9000.c | 6 drivers/iio/accel/mxc4005.c | 24 drivers/iio/imu/adis16475.c | 4 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/mtk_iommu.c | 1 drivers/iommu/mtk_iommu_v1.c | 1 drivers/md/md.c | 1 drivers/misc/eeprom/at24.c | 46 + drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 - drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 drivers/net/ethernet/broadcom/genet/bcmmii.c | 25 drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 + drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 drivers/net/ethernet/micrel/ks8851_common.c | 16 drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 drivers/net/usb/qmi_wwan.c | 1 drivers/net/vxlan/vxlan_core.c | 19 drivers/nvme/host/core.c | 2 drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 - drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +- drivers/pinctrl/intel/pinctrl-intel.c | 6 drivers/pinctrl/intel/pinctrl-intel.h | 17 drivers/pinctrl/mediatek/pinctrl-paris.c | 40 - drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 drivers/power/supply/mt6360_charger.c | 2 drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 drivers/regulator/mt6360-regulator.c | 32 - drivers/s390/cio/cio_inject.c | 2 drivers/s390/net/qeth_core_main.c | 61 -- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_els.c | 20 drivers/scsi/lpfc/lpfc_hbadisc.c | 5 drivers/scsi/lpfc/lpfc_nvme.c | 4 drivers/scsi/lpfc/lpfc_scsi.c | 13 drivers/scsi/lpfc/lpfc_sli.c | 14 drivers/scsi/lpfc/lpfc_vport.c | 8 drivers/scsi/mpi3mr/mpi3mr_app.c | 2 drivers/slimbus/qcom-ngd-ctrl.c | 6 drivers/spi/spi-axi-spi-engine.c | 273 +++++----- drivers/spi/spi-hisi-kunpeng.c | 2 drivers/spi/spi-microchip-core-qspi.c | 1 drivers/spi/spi.c | 12 drivers/staging/wlan-ng/hfa384x_usb.c | 4 drivers/staging/wlan-ng/prism2usb.c | 6 drivers/target/target_core_configfs.c | 12 drivers/ufs/core/ufshcd.c | 5 drivers/uio/uio_hv_generic.c | 12 drivers/usb/core/hub.c | 5 drivers/usb/core/port.c | 8 drivers/usb/dwc3/core.c | 90 +-- drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 27 drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 2 drivers/usb/host/ohci-hcd.c | 8 drivers/usb/host/xhci-plat.h | 4 drivers/usb/typec/tcpm/tcpm.c | 35 - drivers/usb/typec/ucsi/ucsi.c | 12 drivers/vfio/pci/vfio_pci.c | 2 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 fs/9p/vfs_super.c | 1 fs/btrfs/extent_io.c | 19 fs/btrfs/inode.c | 2 fs/btrfs/send.c | 4 fs/btrfs/transaction.c | 2 fs/btrfs/volumes.c | 18 fs/gfs2/bmap.c | 5 fs/hugetlbfs/inode.c | 8 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 fs/smb/client/transport.c | 37 + fs/smb/server/oplock.c | 35 - fs/smb/server/transport_tcp.c | 4 include/linux/compiler_types.h | 11 include/linux/dma-fence.h | 7 include/linux/gfp_types.h | 2 include/linux/hugetlb.h | 53 + include/linux/hugetlb_cgroup.h | 69 +- include/linux/hyperv.h | 1 include/linux/mm_types.h | 14 include/linux/pci_ids.h | 2 include/linux/pinctrl/pinctrl.h | 20 include/linux/regulator/consumer.h | 4 include/linux/skbuff.h | 15 include/linux/skmsg.h | 2 include/linux/slab.h | 2 include/linux/spi/spi.h | 51 + include/linux/sunrpc/clnt.h | 1 include/linux/swapops.h | 105 +-- include/linux/timer.h | 15 include/net/xfrm.h | 3 include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 kernel/bpf/bloom_filter.c | 13 kernel/bpf/verifier.c | 3 kernel/time/timer.c | 8 lib/Kconfig.debug | 5 lib/dynamic_debug.c | 6 mm/hugetlb.c | 55 +- mm/hugetlb_cgroup.c | 34 - mm/migrate.c | 2 mm/readahead.c | 4 net/bluetooth/hci_core.c | 3 net/bluetooth/l2cap_core.c | 3 net/bluetooth/msft.c | 2 net/bluetooth/msft.h | 4 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/bridge/br_netlink.c | 3 net/core/filter.c | 42 + net/core/link_watch.c | 4 net/core/net-sysfs.c | 4 net/core/net_namespace.c | 13 net/core/rtnetlink.c | 6 net/core/skbuff.c | 27 net/core/skmsg.c | 5 net/core/sock.c | 4 net/hsr/hsr_device.c | 31 - net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/udp_offload.c | 12 net/ipv4/xfrm4_input.c | 6 net/ipv6/addrconf.c | 11 net/ipv6/fib6_rules.c | 6 net/ipv6/ip6_input.c | 4 net/ipv6/ip6_output.c | 2 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/mptcp/protocol.c | 3 net/nsh/nsh.c | 14 net/phonet/pn_netlink.c | 2 net/smc/smc_ib.c | 19 net/sunrpc/clnt.c | 5 net/sunrpc/xprt.c | 2 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 rust/Makefile | 11 rust/kernel/error.rs | 2 rust/kernel/lib.rs | 2 rust/macros/module.rs | 185 ++++-- scripts/Makefile.build | 17 scripts/Makefile.host | 27 scripts/Makefile.modfinal | 4 scripts/is_rust_module.sh | 16 security/keys/key.c | 3 sound/hda/intel-sdw-acpi.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/meson/Kconfig | 1 sound/soc/meson/axg-card.c | 1 sound/soc/meson/axg-fifo.c | 52 + sound/soc/meson/axg-fifo.h | 12 sound/soc/meson/axg-frddr.c | 5 sound/soc/meson/axg-tdm-interface.c | 34 - sound/soc/meson/axg-toddr.c | 22 sound/soc/tegra/tegra186_dspk.c | 7 sound/soc/ti/davinci-mcasp.c | 12 sound/usb/line6/driver.c | 6 tools/include/linux/kernel.h | 1 tools/include/linux/mm.h | 5 tools/include/linux/panic.h | 19 tools/perf/util/unwind-libdw.c | 21 tools/perf/util/unwind-libunwind-local.c | 2 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 30 - tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 6 tools/testing/selftests/timers/valid-adjtimex.c | 73 +- 247 files changed, 2505 insertions(+), 1391 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Al Viro (1): qibfs: fix dentry leak Alan Stern (2): usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device USB: core: Fix access violation during port device removal Aleksa Savic (3): hwmon: (corsair-cpro) Use a separate buffer for sending commands hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Alex Deucher (1): drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alexander Potapenko (1): kmsan: compiler_types: declare __no_sanitize_or_inline Alexander Stein (1): eeprom: at24: Use dev_err_probe for nvmem register failure Alexander Usyskin (1): mei: me: add lunar lake point M DID Alexandra Winter (1): s390/qeth: Fix kernel panic after setting hsuid Aman Dhoot (1): ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Amit Sunil Dhamne (1): usb: typec: tcpm: unregister existing source caps before re-registration Anand Jain (1): btrfs: return accurate error code on open failure in open_fs_devices() Andrea Righi (2): rust: fix regexp in scripts/is_rust_module.sh btf, scripts: rust: drop is_rust_module.sh Andrei Matei (1): bpf: Check bloom filter map value size Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andrii Nakryiko (1): bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Andy Shevchenko (7): pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro pinctrl: intel: Make use of struct pinfunction and PINCTRL_PINFUNCTION() drm/panel: ili9341: Respect deferred probe drm/panel: ili9341: Use predefined error codes gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently gpiolib: cdev: Add missing header(s) AngeloGioacchino Del Regno (2): power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator regulator: mt6360: De-capitalize devicetree regulator subnodes Anton Protopopov (1): bpf: Fix a verifier verbose message Arjan van de Ven (2): VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist dmaengine: idxd: add a new security check to deal with a hardware erratum Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asahi Lina (1): rust: error: Rename to_kernel_errno() -> to_errno() Asbjørn Sloth Tønnesen (4): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_actions() Badhri Jagan Sridharan (1): usb: typec: tcpm: Check for port partner validity before consuming it Benno Lossin (1): rust: macros: fix soundness issue in `module!` macro Billy Tsai (1): pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Borislav Petkov (AMD) (1): kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Boy.Wu (1): ARM: 9381/1: kasan: clear stale stack poison Bui Quang Minh (3): bna: ensure the copied buf is NUL terminated octeontx2-af: avoid off-by-one read from userspace s390/cio: Ensure the copied buf is NUL terminated Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen-Yu Tsai (2): pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Christian A. Ehrhardt (2): usb: typec: ucsi: Check for notifications after init usb: typec: ucsi: Fix connector check on init Christian König (1): drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Conor Dooley (1): spi: microchip-core-qspi: fix setting spi bus clock rate Dan Carpenter (2): pinctrl: core: delete incorrect free in pinctrl_enable() mm/slab: make __free(kfree) accept error pointers Daniel Okazaki (1): eeprom: at24: fix memory corruption race condition David Bauer (1): net l2tp: drop flow hash on forward David Lechner (5): spi: axi-spi-engine: simplify driver data allocation spi: axi-spi-engine: use devm_spi_alloc_host() spi: axi-spi-engine: move msg state to new struct spi: axi-spi-engine: use common AXI macros spi: axi-spi-engine: fix version format string Devyn Liu (1): spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Dmitry Antipov (1): btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Doug Berger (3): net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() net: bcmgenet: synchronize UMAC_CMD access Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Douglas Anderson (1): drm/connector: Add \n to message about demoting connector force-probes Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (6): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() net-sysfs: convert dev->operstate reads to lockless ones ipv6: annotate data-races around cnf.disable_ipv6 ipv6: prevent NULL dereference in ip6_output() Felix Fietkau (3): net: bridge: fix multicast-to-unicast with fraglist GSO net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix corrupted ethernet header on multicast-to-unicast Florian Fainelli (1): net: bcmgenet: Clear RGMII_LINK upon link down Gabe Teeger (1): drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Gaurav Batra (1): powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Geert Uytterhoeven (1): spi: Merge spi_controller.{slave,target}_abort() George Shen (1): drm/amd/display: Handle Y carry-over in VCP X.Y calculation Greg Kroah-Hartman (1): Linux 6.1.91 Guenter Roeck (1): usb: ohci: Prevent missed ohci interrupts Guillaume Nault (1): vxlan: Pull inner IP header in vxlan_rcv(). Hans de Goede (2): pinctrl: baytrail: Fix selecting gpio pinctrl state iio: accel: mxc4005: Interrupt handling fixes Heiner Kallweit (1): eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Jan Dakinevich (1): pinctrl/meson: fix typo in PDM's pin name Jason Xing (1): bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Javier Carrasco (1): dt-bindings: iio: health: maxim,max30102: fix compatible check Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (1): 9p: explicitly deny setlease attempts Jens Remus (1): s390/vdso: Add CFI for RA register to asm macro vdso_func Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jerome Brunet (7): ASoC: meson: axg-fifo: use FIELD helpers ASoC: meson: axg-fifo: use threaded irq to check periods ASoC: meson: axg-card: make links nonatomic ASoC: meson: axg-tdm-interface: manage formatters in trigger ASoC: meson: cards: select SND_DYNAMIC_MINORS drm/meson: dw-hdmi: power up phy on device init drm/meson: dw-hdmi: add bandgap setting for g12 Jian Shen (1): net: hns3: direct return when receive a unknown mailbox message Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (3): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: drop inodes immediately on non-.L too Joao Paulo Goncalves (1): ASoC: ti: davinci-mcasp: Fix race condition during probe Johan Hovold (6): regulator: core: fix debugfs creation regression Bluetooth: qca: add missing firmware sanity checks Bluetooth: qca: fix NVM configuration parsing Bluetooth: qca: fix info leak when fetching board id Bluetooth: qca: fix info leak when fetching fw build id Bluetooth: qca: fix firmware check error path Johannes Berg (1): wifi: nl80211: don't free NULL coalescing rule John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Josef Bacik (3): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace Justin Ernst (1): tools/power/turbostat: Fix uncore frequency file string Justin Tee (4): scsi: lpfc: Move NPIV's transport unregistration to after resource clean up scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Karthikeyan Ramasubramanian (1): drm/i915/bios: Fix parsing backlight BDB data Kefeng Wang (1): mm: use memalloc_nofs_save() in page_cache_ra_order() Kent Gibson (2): gpiolib: cdev: relocate debounce_period_us from struct gpio_desc gpiolib: cdev: fix uninitialised kfifo Krzysztof Kozlowski (1): iommu: mtk: fix module autoloading Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Lakshmi Yadlapati (1): hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Leah Rumancik (1): MAINTAINERS: add leah to 6.1 MAINTAINERS file Li Nan (2): block: fix overflow in blk_ioctl_discard() md: fix kmemleak of rdev->serial Li Zetao (1): spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Lijo Lazar (1): drm/amdgpu: Refine IB schedule error logging Linus Torvalds (1): Reapply "drm/qxl: simplify qxl_fence_wait" Lukasz Majewski (1): hsr: Simplify code for announcing HSR nodes timer setup Lyude Paul (1): drm/nouveau/dp: Don't probe eDP ports twice harder Mans Rullgard (1): spi: fix null pointer dereference within spi_sync Marc Zyngier (1): KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Marek Vasut (1): net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Mario Limonciello (1): dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Masahiro Yamada (2): kbuild: refactor host*_flags kbuild: specify output names separately for each emission type from rustc Matti Vaittinen (2): regulator: change stubbed devm_regulator_get_enable to return Ok regulator: change devm_regulator_get_enable_optional() stub to return Ok Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Miaohe Lin (1): mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Michael Kelley (1): Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Miguel Ojeda (1): kbuild: rust: avoid creating temporary files Namhyung Kim (2): perf unwind-libunwind: Fix base address for .eh_frame perf unwind-libdw: Handle JIT-generated DSOs properly Namjae Jeon (3): ksmbd: off ipv6only for both ipv4/ipv6 binding ksmbd: avoid to send duplicate lease break notifications ksmbd: do not grant v2 lease if parent lease key and epoch are not set Nayna Jain (2): powerpc/pseries: replace kmalloc with kzalloc in PLPKS driver powerpc/pseries: make max polling consistent for longer H_CALLs Nikhil Rao (1): dmaengine: idxd: add a write() method for applications to submit work Oliver Upton (1): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Oscar Salvador (1): mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Paolo Abeni (2): mptcp: ensure snd_nxt is properly initialized on connect tipc: fix UAF in error path Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Peiyang Wang (4): net: hns3: using user configure after hardware reset net: hns3: change type of numa_node_mask as nodemask_t net: hns3: release PTP resources if pf initialization failed net: hns3: use appropriate barrier function after setting a bit value Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Peter Wang (1): scsi: ufs: core: WLUN suspend dev/link state error recovery Peter Xu (1): mm/hugetlb: fix missing hugetlb_lock for resv uncharge Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Pierre-Louis Bossart (1): ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Qu Wenruo (1): btrfs: do not wait for short bulk allocation Ramona Gradinariu (1): iio:imu: adis16475: Fix sync mode setting Richard Gobert (1): net: gro: add flush check in udp_gro_receive_segment Rick Edgecombe (2): Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl uio_hv_generic: Don't free decrypted memory Rik van Riel (1): blk-iocost: avoid out of bounds shift Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Russell Currey (1): powerpc/pseries: Move PLPKS constants to header file Sameer Pujar (1): ASoC: tegra: Fix DSPK 16-bit playback Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Sebastian Andrzej Siewior (1): cxgb4: Properly lock TX queue for the selftest. Shin'ichiro Kawasaki (1): scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Shyam Prasad N (1): cifs: use the least loaded channel for sending requests Sidhartha Kumar (8): mm/hugetlb: add folio support to hugetlb specific flag macros mm: add private field of first tail to struct page and struct folio mm/hugetlb: add hugetlb_folio_subpool() helpers mm/hugetlb: add folio_hstate() mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios mm/hugetlb: convert free_huge_page to folios mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Steve French (1): smb3: missing lock when picking channel Sungwoo Kim (1): Bluetooth: msft: fix slab-use-after-free in msft_do_close() Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Thinh Nguyen (2): usb: xhci-plat: Don't include xhci.h usb: dwc3: core: Prevent phy suspend during init Thomas Bertschinger (1): rust: module: place generated init_module() function in .init.text Thomas Gleixner (2): timers: Get rid of del_singleshot_timer_sync() timers: Rename del_timer() to timer_delete() Tim Jiang (1): Bluetooth: qca: add support for QCA2066 Toke Høiland-Jørgensen (1): xdp: use flags field to disambiguate broadcast redirect Uwe Kleine-König (1): spi: axi-spi-engine: Convert to platform remove callback returning void Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Viken Dadhaniya (1): slimbus: qcom-ngd-ctrl: Add timeout for wait operation Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Wedson Almeida Filho (1): rust: kernel: require `Send` for `Module` implementations Wei Yang (3): memblock tests: fix undefined reference to `early_pfn_to_nid' memblock tests: fix undefined reference to `panic' memblock tests: fix undefined reference to `BIT' Wen Gu (1): net/smc: fix neighbour and rtable leak in smc_ib_find_route() Wyes Karny (1): tools/power turbostat: Increase the limit for fd opened Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Xu Kuohai (1): bpf, arm64: Fix incorrect runtime stats Yang Yingliang (2): spi: introduce new helpers with using modern naming spi: spi-axi-spi-engine: switch to use modern name Yi Zhang (1): nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Yonglong Liu (2): net: hns3: fix port vlan filter not disabled issue net: hns3: fix kernel crash when devlink reload during initialization Zack Rusin (1): drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() linke li (1): net: mark racy access on sk->sk_rcvbuf

11 months, 3 weeks

1
1
0 0

Linux 5.15.159

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.159 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/iio/health/maxim,max30102.yaml | 2 Makefile | 2 arch/arm/kernel/sleep.S | 4 arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 arch/mips/kernel/scall32-o32.S | 23 arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 arch/s390/include/asm/dwarf.h | 1 arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 block/blk-iocost.c | 7 drivers/acpi/cppc_acpi.c | 67 + drivers/ata/sata_gemini.c | 5 drivers/bluetooth/btqca.c | 62 + drivers/clk/clk.c | 12 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 6 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-wcove.c | 2 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 drivers/gpu/drm/drm_connector.c | 2 drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 - drivers/gpu/drm/nouveau/nouveau_dp.c | 13 drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 drivers/gpu/drm/qxl/qxl_release.c | 50 - drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/host1x/bus.c | 8 drivers/hwmon/corsair-cpro.c | 45 drivers/hwmon/pmbus/ucd9000.c | 6 drivers/iio/accel/mxc4005.c | 24 drivers/iio/imu/adis16475.c | 4 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/mtk_iommu.c | 1 drivers/iommu/mtk_iommu_v1.c | 1 drivers/md/md.c | 1 drivers/misc/eeprom/at24.c | 46 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 20 drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 drivers/net/ethernet/hisilicon/hns3/Makefile | 18 drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h | 15 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 3 drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_cmd.c | 259 +++++ drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_cmd.h | 121 ++ drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/Makefile | 12 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c | 311 ------ drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h | 85 - drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 215 ++-- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 17 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 486 +++++++--- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3vf/Makefile | 10 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 10 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 drivers/net/usb/qmi_wwan.c | 1 drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/mediatek/pinctrl-paris.c | 180 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 drivers/power/supply/mt6360_charger.c | 2 drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 drivers/regulator/mt6360-regulator.c | 32 drivers/s390/cio/cio_inject.c | 2 drivers/s390/net/qeth_core.h | 1 drivers/s390/net/qeth_core_main.c | 78 - drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_nvme.c | 4 drivers/scsi/lpfc/lpfc_scsi.c | 13 drivers/scsi/lpfc/lpfc_vport.c | 8 drivers/slimbus/qcom-ngd-ctrl.c | 6 drivers/spi/spi-hisi-kunpeng.c | 2 drivers/target/target_core_configfs.c | 12 drivers/usb/core/hub.c | 5 drivers/usb/dwc3/core.c | 90 - drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 27 drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 2 drivers/usb/host/ohci-hcd.c | 8 drivers/usb/host/xhci-plat.h | 4 drivers/usb/typec/ucsi/ucsi.c | 12 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 fs/9p/vfs_super.c | 1 fs/btrfs/inode.c | 2 fs/btrfs/send.c | 4 fs/btrfs/transaction.c | 2 fs/btrfs/volumes.c | 18 fs/gfs2/bmap.c | 5 fs/ksmbd/server.c | 13 fs/ksmbd/smb2pdu.c | 4 fs/ksmbd/vfs.c | 5 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 include/linux/bpf.h | 20 include/linux/dma-fence.h | 7 include/linux/filter.h | 4 include/linux/skbuff.h | 15 include/linux/skmsg.h | 5 include/linux/sunrpc/clnt.h | 1 include/net/xfrm.h | 3 kernel/bpf/cpumap.c | 8 kernel/bpf/devmap.c | 32 kernel/bpf/verifier.c | 3 lib/Kconfig.debug | 5 lib/dynamic_debug.c | 6 net/bluetooth/l2cap_core.c | 3 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/core/filter.c | 115 +- net/core/net_namespace.c | 13 net/core/rtnetlink.c | 2 net/core/skbuff.c | 27 net/core/skmsg.c | 53 - net/core/sock.c | 4 net/core/sock_map.c | 3 net/ipv4/tcp.c | 4 net/ipv4/tcp_bpf.c | 51 + net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/udp_offload.c | 12 net/ipv4/xfrm4_input.c | 6 net/ipv6/fib6_rules.c | 6 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/mptcp/protocol.c | 3 net/nsh/nsh.c | 14 net/phonet/pn_netlink.c | 2 net/sunrpc/clnt.c | 5 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 scripts/Makefile.modfinal | 2 security/keys/key.c | 3 sound/hda/intel-sdw-acpi.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/meson/Kconfig | 1 sound/soc/meson/axg-card.c | 1 sound/soc/meson/axg-fifo.c | 52 - sound/soc/meson/axg-fifo.h | 12 sound/soc/meson/axg-frddr.c | 5 sound/soc/meson/axg-tdm-interface.c | 26 sound/soc/meson/axg-toddr.c | 22 sound/soc/tegra/tegra186_dspk.c | 7 sound/soc/ti/davinci-mcasp.c | 12 sound/usb/line6/driver.c | 6 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 7 tools/testing/selftests/timers/valid-adjtimex.c | 73 - 173 files changed, 2214 insertions(+), 1413 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Al Viro (1): qibfs: fix dentry leak Alan Stern (1): usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Aleksa Savic (3): hwmon: (corsair-cpro) Use a separate buffer for sending commands hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Alexander Stein (1): eeprom: at24: Use dev_err_probe for nvmem register failure Alexander Usyskin (1): mei: me: add lunar lake point M DID Alexandra Winter (1): s390/qeth: Fix kernel panic after setting hsuid Aman Dhoot (1): ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Anand Jain (1): btrfs: return accurate error code on open failure in open_fs_devices() Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andrii Nakryiko (1): bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Andy Shevchenko (4): drm/panel: ili9341: Respect deferred probe drm/panel: ili9341: Use predefined error codes gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently AngeloGioacchino Del Regno (2): power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator regulator: mt6360: De-capitalize devicetree regulator subnodes Anton Protopopov (1): bpf: Fix a verifier verbose message Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asbjørn Sloth Tønnesen (4): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_actions() Billy Tsai (1): pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Borislav Petkov (AMD) (1): kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Boy.Wu (1): ARM: 9381/1: kasan: clear stale stack poison Bui Quang Minh (3): bna: ensure the copied buf is NUL terminated octeontx2-af: avoid off-by-one read from userspace s390/cio: Ensure the copied buf is NUL terminated Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen-Yu Tsai (3): pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Christian A. Ehrhardt (2): usb: typec: ucsi: Check for notifications after init usb: typec: ucsi: Fix connector check on init Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Dan Carpenter (1): pinctrl: core: delete incorrect free in pinctrl_enable() Daniel Okazaki (1): eeprom: at24: fix memory corruption race condition David Bauer (1): net l2tp: drop flow hash on forward Devyn Liu (1): spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Dmitry Antipov (1): btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Doug Berger (1): net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Douglas Anderson (1): drm/connector: Add \n to message about demoting connector force-probes Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Easwar Hariharan (1): Revert "Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses"" Eric Dumazet (3): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau (3): net: bridge: fix multicast-to-unicast with fraglist GSO net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix corrupted ethernet header on multicast-to-unicast Gabe Teeger (1): drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Greg Kroah-Hartman (1): Linux 5.15.159 Guangbin Huang (2): net: hns3: PF support get unicast MAC address space assigned by firmware net: hns3: add query vf ring and vector map relation Guenter Roeck (1): usb: ohci: Prevent missed ohci interrupts Hans de Goede (1): iio: accel: mxc4005: Interrupt handling fixes Hao Lan (1): net: hns3: refactor function hclge_mbx_handler() Heiner Kallweit (1): eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Jan Dakinevich (1): pinctrl/meson: fix typo in PDM's pin name Jarred White (1): ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Jason Xing (1): bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Javier Carrasco (1): dt-bindings: iio: health: maxim,max30102: fix compatible check Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (1): 9p: explicitly deny setlease attempts Jens Remus (1): s390/vdso: Add CFI for RA register to asm macro vdso_func Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jerome Brunet (7): ASoC: meson: axg-fifo: use FIELD helpers ASoC: meson: axg-fifo: use threaded irq to check periods ASoC: meson: axg-card: make links nonatomic ASoC: meson: axg-tdm-interface: manage formatters in trigger ASoC: meson: cards: select SND_DYNAMIC_MINORS drm/meson: dw-hdmi: power up phy on device init drm/meson: dw-hdmi: add bandgap setting for g12 Jian Shen (2): net: hns3: direct return when receive a unknown mailbox message net: hns3: split function hclge_init_vlan_config() Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jie Wang (4): net: hns3: refactor hns3 makefile to support hns3_common module net: hns3: create new cmdq hardware description structure hclge_comm_hw net: hns3: create new set of unified hclge_comm_cmd_send APIs net: hns3: refactor hclge_cmd_send with new hclge_comm_cmd_send API Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (3): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: drop inodes immediately on non-.L too Joao Paulo Goncalves (1): ASoC: ti: davinci-mcasp: Fix race condition during probe Johan Hovold (4): regulator: core: fix debugfs creation regression Bluetooth: qca: add missing firmware sanity checks Bluetooth: qca: fix NVM configuration parsing Bluetooth: qca: fix firmware check error path Johannes Berg (1): wifi: nl80211: don't free NULL coalescing rule John Fastabend (5): bpf, sockmap: TCP data stall on recv before accept bpf, sockmap: Handle fin correctly bpf, sockmap: Convert schedule_work into delayed_work bpf, sockmap: Reschedule is now done through backlog bpf, sockmap: Improved check for empty queue John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Josef Bacik (3): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace Julian Wiedmann (1): s390/qeth: don't keep track of Input Queue count Justin Tee (3): scsi: lpfc: Move NPIV's transport unregistration to after resource clean up scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Krzysztof Kozlowski (1): iommu: mtk: fix module autoloading Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Lakshmi Yadlapati (1): hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Li Nan (1): md: fix kmemleak of rdev->serial Linus Torvalds (1): Reapply "drm/qxl: simplify qxl_fence_wait" Lyude Paul (1): drm/nouveau/dp: Don't probe eDP ports twice harder Marc Zyngier (1): KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Marios Makassikis (1): ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Namjae Jeon (2): ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Oliver Upton (1): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Paolo Abeni (2): mptcp: ensure snd_nxt is properly initialized on connect tipc: fix UAF in error path Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Peiyang Wang (3): net: hns3: using user configure after hardware reset net: hns3: change type of numa_node_mask as nodemask_t net: hns3: use appropriate barrier function after setting a bit value Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Pierre-Louis Bossart (1): ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Ramona Gradinariu (1): iio:imu: adis16475: Fix sync mode setting Richard Gobert (1): net: gro: add flush check in udp_gro_receive_segment Rik van Riel (1): blk-iocost: avoid out of bounds shift Rob Herring (1): arm64: dts: qcom: Fix 'interrupt-map' parent address cells Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Sameer Pujar (1): ASoC: tegra: Fix DSPK 16-bit playback Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Sebastian Andrzej Siewior (1): cxgb4: Properly lock TX queue for the selftest. Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Thinh Nguyen (2): usb: xhci-plat: Don't include xhci.h usb: dwc3: core: Prevent phy suspend during init Toke Høiland-Jørgensen (3): xdp: Move conversion to xdp_frame out of map functions xdp: Add xdp_do_redirect_frame() for pre-computed xdp_frames xdp: use flags field to disambiguate broadcast redirect Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vanshidhar Konda (1): ACPI: CPPC: Fix access width used for PCC registers Viken Dadhaniya (1): slimbus: qcom-ngd-ctrl: Add timeout for wait operation Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Yonglong Liu (1): net: hns3: fix port vlan filter not disabled issue Yufeng Mo (1): net: hns3: add log for workqueue scheduled late Zack Rusin (1): drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() linke li (1): net: mark racy access on sk->sk_rcvbuf

11 months, 3 weeks

1
1
0 0

Linux 5.10.217

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.217 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 - arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 - arch/mips/kernel/scall32-o32.S | 23 + arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 +- arch/s390/include/asm/dwarf.h | 1 arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 block/blk-iocost.c | 7 drivers/ata/sata_gemini.c | 5 drivers/clk/clk.c | 12 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 + drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 6 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-wcove.c | 2 drivers/gpu/drm/nouveau/nouveau_dp.c | 13 - drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/host1x/bus.c | 8 drivers/hwmon/corsair-cpro.c | 45 ++- drivers/hwmon/pmbus/ucd9000.c | 6 drivers/iio/accel/mxc4005.c | 24 + drivers/iio/imu/adis16475.c | 4 drivers/md/md.c | 1 drivers/misc/eeprom/at24.c | 46 ++- drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 20 + drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 3 drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 - drivers/net/usb/qmi_wwan.c | 1 drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +- drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/mediatek/pinctrl-paris.c | 180 +++++--------- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_scsi.c | 13 - drivers/target/target_core_configfs.c | 12 drivers/usb/core/hub.c | 5 drivers/usb/dwc3/core.c | 90 ++----- drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 2 drivers/usb/host/ohci-hcd.c | 8 drivers/usb/host/xhci-plat.h | 4 drivers/usb/typec/ucsi/ucsi.c | 12 drivers/usb/usbip/usbip_common.h | 1 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 fs/9p/vfs_super.c | 1 fs/btrfs/inode.c | 2 fs/btrfs/send.c | 4 fs/btrfs/transaction.c | 2 fs/btrfs/volumes.c | 17 - fs/gfs2/bmap.c | 5 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 - fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 include/linux/kcov.h | 1 include/linux/sched.h | 1 include/linux/skbuff.h | 15 + include/linux/sunrpc/clnt.h | 1 include/net/xfrm.h | 3 lib/dynamic_debug.c | 6 net/bluetooth/l2cap_core.c | 3 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/core/net_namespace.c | 13 - net/core/rtnetlink.c | 2 net/core/skbuff.c | 28 +- net/core/sock.c | 4 net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/udp_offload.c | 12 net/ipv4/xfrm4_input.c | 6 net/ipv6/fib6_rules.c | 6 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/mac80211/iface.c | 1 net/mac80211/rx.c | 1 net/nsh/nsh.c | 14 - net/phonet/pn_netlink.c | 2 net/sunrpc/clnt.c | 5 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 security/keys/key.c | 3 sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/Kconfig | 18 - sound/soc/generic/Kconfig | 2 sound/soc/intel/boards/Kconfig | 2 sound/soc/meson/Kconfig | 3 sound/soc/pxa/Kconfig | 14 - sound/soc/tegra/tegra186_dspk.c | 7 sound/usb/line6/driver.c | 6 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 7 tools/testing/selftests/timers/valid-adjtimex.c | 73 ++--- 122 files changed, 757 insertions(+), 510 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Alan Stern (1): usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Aleksa Savic (3): hwmon: (corsair-cpro) Use a separate buffer for sending commands hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Alexander Stein (1): eeprom: at24: Use dev_err_probe for nvmem register failure Alexander Usyskin (1): mei: me: add lunar lake point M DID Aman Dhoot (1): ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Anand Jain (1): btrfs: return accurate error code on open failure in open_fs_devices() Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andy Shevchenko (2): gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently AngeloGioacchino Del Regno (1): regulator: mt6360: De-capitalize devicetree regulator subnodes Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asbjørn Sloth Tønnesen (4): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_actions() Billy Tsai (1): pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Bui Quang Minh (2): bna: ensure the copied buf is NUL terminated octeontx2-af: avoid off-by-one read from userspace Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen-Yu Tsai (3): pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Christian A. Ehrhardt (2): usb: typec: ucsi: Check for notifications after init usb: typec: ucsi: Fix connector check on init Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Dan Carpenter (1): pinctrl: core: delete incorrect free in pinctrl_enable() Daniel Okazaki (1): eeprom: at24: fix memory corruption race condition David Bauer (1): net l2tp: drop flow hash on forward Dmitry Antipov (1): btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Doug Berger (1): net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (3): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau (3): net: bridge: fix multicast-to-unicast with fraglist GSO net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix corrupted ethernet header on multicast-to-unicast Geert Uytterhoeven (1): ASoC: Fix 7/8 spaces indentation in Kconfig Greg Kroah-Hartman (1): Linux 5.10.217 Guenter Roeck (1): usb: ohci: Prevent missed ohci interrupts Hans de Goede (1): iio: accel: mxc4005: Interrupt handling fixes Heiner Kallweit (1): eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Jan Dakinevich (1): pinctrl/meson: fix typo in PDM's pin name Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (1): 9p: explicitly deny setlease attempts Jens Remus (1): s390/vdso: Add CFI for RA register to asm macro vdso_func Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jerome Brunet (1): ASoC: meson: cards: select SND_DYNAMIC_MINORS Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (3): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: drop inodes immediately on non-.L too Johan Hovold (1): regulator: core: fix debugfs creation regression Johannes Berg (1): wifi: nl80211: don't free NULL coalescing rule John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Josef Bacik (3): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace Justin Tee (1): scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Lakshmi Yadlapati (1): hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Li Nan (1): md: fix kmemleak of rdev->serial Lyude Paul (1): drm/nouveau/dp: Don't probe eDP ports twice harder Marc Zyngier (1): KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Oliver Upton (1): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Paolo Abeni (1): tipc: fix UAF in error path Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Peiyang Wang (1): net: hns3: use appropriate barrier function after setting a bit value Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Ramona Gradinariu (1): iio:imu: adis16475: Fix sync mode setting Richard Gobert (1): net: gro: add flush check in udp_gro_receive_segment Rik van Riel (1): blk-iocost: avoid out of bounds shift Rob Herring (1): arm64: dts: qcom: Fix 'interrupt-map' parent address cells Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Sameer Pujar (1): ASoC: tegra: Fix DSPK 16-bit playback Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Sebastian Andrzej Siewior (2): cxgb4: Properly lock TX queue for the selftest. kcov: Remove kcov include from sched.h and move it to its users. Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Thinh Nguyen (2): usb: xhci-plat: Don't include xhci.h usb: dwc3: core: Prevent phy suspend during init Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Zack Rusin (1): drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() linke li (1): net: mark racy access on sk->sk_rcvbuf

11 months, 3 weeks

1
1
0 0

Linux 5.4.276

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.276 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 - arch/mips/kernel/scall32-o32.S | 23 + arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 +- arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 drivers/ata/sata_gemini.c | 5 drivers/clk/clk.c | 12 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 + drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 6 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-wcove.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/host1x/bus.c | 8 drivers/net/dsa/mv88e6xxx/chip.c | 29 ++ drivers/net/dsa/mv88e6xxx/chip.h | 6 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 16 - drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/qlogic/qede/qede_filter.c | 15 - drivers/net/usb/qmi_wwan.c | 1 drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/mediatek/pinctrl-mt6765.c | 11 drivers/pinctrl/mediatek/pinctrl-mt8183.c | 7 drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 268 +++++++++++++++++++++ drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.h | 16 + drivers/pinctrl/mediatek/pinctrl-paris.c | 281 +++++++++-------------- drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 +- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_scsi.c | 13 - drivers/target/target_core_configfs.c | 12 drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 2 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 fs/9p/vfs_super.c | 1 fs/btrfs/inode.c | 2 fs/btrfs/transaction.c | 2 fs/gfs2/bmap.c | 5 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 - fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 include/linux/skbuff.h | 15 + include/linux/sunrpc/clnt.h | 1 include/net/xfrm.h | 3 lib/dynamic_debug.c | 6 net/bluetooth/l2cap_core.c | 3 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/core/net_namespace.c | 13 - net/core/rtnetlink.c | 2 net/core/sock.c | 4 net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/xfrm4_input.c | 6 net/ipv6/fib6_rules.c | 6 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/nsh/nsh.c | 14 - net/phonet/pn_netlink.c | 2 net/sunrpc/clnt.c | 5 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 sound/usb/line6/driver.c | 6 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 7 tools/testing/selftests/timers/valid-adjtimex.c | 73 ++--- 80 files changed, 762 insertions(+), 394 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Andrew Lunn (1): net: dsa: mv88e6xxx: Add number of MACs in the ATU Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andy Shevchenko (2): gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asbjørn Sloth Tønnesen (3): net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Bui Quang Minh (1): bna: ensure the copied buf is NUL terminated Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen-Yu Tsai (4): pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Dan Carpenter (2): pinctrl: core: delete incorrect free in pinctrl_enable() pinctrl: mediatek: Fix some off by one bugs David Bauer (1): net l2tp: drop flow hash on forward Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (3): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau (2): net: bridge: fix multicast-to-unicast with fraglist GSO net: bridge: fix corrupted ethernet header on multicast-to-unicast Greg Kroah-Hartman (1): Linux 5.4.276 Hsin-Yi Wang (2): pinctrl: mediatek: Fix fallback call path pinctrl: mediatek: Fix fallback behavior for bias_set_combo Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (1): 9p: explicitly deny setlease attempts Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (3): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: drop inodes immediately on non-.L too Johan Hovold (1): regulator: core: fix debugfs creation regression Johannes Berg (1): wifi: nl80211: don't free NULL coalescing rule John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Josef Bacik (3): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace Justin Tee (1): scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Light Hsieh (6): pinctrl: mediatek: Check gpio pin number and use binary search in mtk_hw_pin_field_lookup() pinctrl: mediatek: Supporting driving setting without mapping current to register value pinctrl: mediatek: Refine mtk_pinconf_get() and mtk_pinconf_set() pinctrl: mediatek: Refine mtk_pinconf_get() pinctrl: mediatek: Backward compatible to previous Mediatek's bias-pull usage pinctrl: mediatek: remove shadow variable declaration Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Paolo Abeni (1): tipc: fix UAF in error path Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Xin Long (1): tipc: fix a possible memleak in tipc_buf_append YueHaibing (1): pinctrl: mediatek: remove set but not used variable 'e' Zack Rusin (1): drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() linke li (1): net: mark racy access on sk->sk_rcvbuf

11 months, 3 weeks

1
1
0 0

Linux 4.19.314

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.314 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 drivers/ata/sata_gemini.c | 5 - drivers/firewire/nosy.c | 6 - drivers/firewire/ohci.c | 6 + drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-wcove.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 100 +++++++++++++---------- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 29 ++++++ drivers/net/dsa/mv88e6xxx/chip.h | 6 + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 16 ++- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/usb/qmi_wwan.c | 1 drivers/pinctrl/core.c | 8 - drivers/pinctrl/devicetree.c | 10 +- drivers/power/supply/rt9455_charger.c | 2 drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_scsi.c | 13 -- drivers/target/target_core_configfs.c | 12 ++ drivers/usb/gadget/composite.c | 6 - drivers/usb/gadget/function/f_fs.c | 2 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 - fs/9p/vfs_super.c | 1 fs/btrfs/inode.c | 2 fs/btrfs/transaction.c | 2 fs/gfs2/bmap.c | 5 - include/linux/etherdevice.h | 46 ++++++++++ include/net/af_unix.h | 5 - lib/dynamic_debug.c | 6 + net/bluetooth/l2cap_core.c | 3 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 +- net/core/net_namespace.c | 13 ++ net/core/rtnetlink.c | 2 net/core/sock.c | 4 net/ethernet/eth.c | 10 -- net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 + net/ipv4/tcp_output.c | 11 +- net/ipv6/fib6_rules.c | 6 + net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/nsh/nsh.c | 14 +-- net/phonet/pn_netlink.c | 2 net/tipc/msg.c | 8 + net/unix/af_unix.c | 4 net/unix/garbage.c | 35 +++++--- net/unix/scm.c | 8 + net/wireless/nl80211.c | 2 sound/usb/line6/driver.c | 6 - tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 7 - tools/testing/selftests/timers/valid-adjtimex.c | 73 ++++++++-------- 58 files changed, 369 insertions(+), 190 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Andrew Lunn (1): net: dsa: mv88e6xxx: Add number of MACs in the ATU Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andy Shevchenko (2): gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Bui Quang Minh (1): bna: ensure the copied buf is NUL terminated Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Colin Ian King (1): tcp: remove redundant check on tskb Dan Carpenter (1): pinctrl: core: delete incorrect free in pinctrl_enable() David Bauer (1): net l2tp: drop flow hash on forward Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (3): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Eric Huang (1): drm/amdkfd: change system memory overcommit limit Felix Fietkau (2): net: bridge: fix multicast-to-unicast with fraglist GSO net: bridge: fix corrupted ethernet header on multicast-to-unicast Greg Kroah-Hartman (1): Linux 4.19.314 Jakub Kicinski (1): ethernet: add a helper for assigning port addresses Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (1): 9p: explicitly deny setlease attempts Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (3): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: drop inodes immediately on non-.L too Johannes Berg (1): wifi: nl80211: don't free NULL coalescing rule John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Justin Tee (1): scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Kuniyuki Iwashima (4): nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). af_unix: Do not use atomic ops for unix_sk(sk)->inflight. af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Li RongQing (1): net: slightly optimize eth_type_trans Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Michal Luczaj (1): af_unix: Fix garbage collector racing against connect() Mukul Joshi (1): drm/amdgpu: Fix leak when GPU memory allocation fails Paolo Abeni (1): tipc: fix UAF in error path Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Rahul Rameshbabu (1): ethernet: Add helper for assigning packet type when dest address does not match device address Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Zack Rusin (1): drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() linke li (1): net: mark racy access on sk->sk_rcvbuf

11 months, 3 weeks

1
1
0 0

[PATCH] USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected

by John Ernberg

If no other USB HCDs are selected when compiling a small pure virutal machine, the Xen HCD driver cannot be built. Fix it by traversing down host/ if CONFIG_USB_XEN_HCD is selected. Fixes: 494ed3997d75 ("usb: Introduce Xen pvUSB frontend (xen hcd)") Cc: stable(a)vger.kernel.org # v5.17+ Signed-off-by: John Ernberg <john.ernberg(a)actia.se> --- drivers/usb/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/Makefile b/drivers/usb/Makefile index 3a9a0dd4be70..949eca0adebe 100644 --- a/drivers/usb/Makefile +++ b/drivers/usb/Makefile @@ -35,6 +35,7 @@ obj-$(CONFIG_USB_R8A66597_HCD) += host/ obj-$(CONFIG_USB_FSL_USB2) += host/ obj-$(CONFIG_USB_FOTG210_HCD) += host/ obj-$(CONFIG_USB_MAX3421_HCD) += host/ +obj-$(CONFIG_USB_XEN_HCD) += host/ obj-$(CONFIG_USB_C67X00_HCD) += c67x00/ -- 2.45.0

11 months, 3 weeks

1
0
0 0

[PATCH v3] PCI: dw-rockchip: Fix initial PERST# GPIO value

by Niklas Cassel

PERST# is active low according to the PCIe specification. However, the existing pcie-dw-rockchip.c driver does: gpiod_set_value(..., 0); msleep(100); gpiod_set_value(..., 1); When asserting + deasserting PERST#. This is of course wrong, but because all the device trees for this compatible string have also incorrectly marked this GPIO as ACTIVE_HIGH: $ git grep -B 10 reset-gpios arch/arm64/boot/dts/rockchip/rk3568* $ git grep -B 10 reset-gpios arch/arm64/boot/dts/rockchip/rk3588* The actual toggling of PERST# is correct. (And we cannot change it anyway, since that would break device tree compatibility.) However, this driver does request the GPIO to be initialized as GPIOD_OUT_HIGH, which does cause a silly sequence where PERST# gets toggled back and forth for no good reason. Fix this by requesting the GPIO to be initialized as GPIOD_OUT_LOW (which for this driver means PERST# asserted). This will avoid an unnecessary signal change where PERST# gets deasserted (by devm_gpiod_get_optional()) and then gets asserted (by rockchip_pcie_start_link()) just a few instructions later. Before patch, debug prints on EP side, when booting RC: [ 845.606810] pci: PERST# asserted by host! [ 852.483985] pci: PERST# de-asserted by host! [ 852.503041] pci: PERST# asserted by host! [ 852.610318] pci: PERST# de-asserted by host! After patch, debug prints on EP side, when booting RC: [ 125.107921] pci: PERST# asserted by host! [ 132.111429] pci: PERST# de-asserted by host! This extra, very short, PERST# assertion + deassertion has been reported to cause issues with certain WLAN controllers, e.g. RTL8822CE. Fixes: 0e898eb8df4e ("PCI: rockchip-dwc: Add Rockchip RK356X host controller driver") Tested-by: Jianfeng Liu <liujianfeng1994(a)gmail.com> Tested-by: Heiko Stuebner <heiko(a)sntech.de> Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org # 5.15+ --- Changes since v2: -Picked up tag from Heiko. -Change subject (Bjorn). -s/PERST/PERST#/ (Bjorn). drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/controller/dwc/pcie-dw-rockchip.c b/drivers/pci/controller/dwc/pcie-dw-rockchip.c index d6842141d384..a909e42b4273 100644 --- a/drivers/pci/controller/dwc/pcie-dw-rockchip.c +++ b/drivers/pci/controller/dwc/pcie-dw-rockchip.c @@ -240,7 +240,7 @@ static int rockchip_pcie_resource_get(struct platform_device *pdev, return PTR_ERR(rockchip->apb_base); rockchip->rst_gpio = devm_gpiod_get_optional(&pdev->dev, "reset", - GPIOD_OUT_HIGH); + GPIOD_OUT_LOW); if (IS_ERR(rockchip->rst_gpio)) return PTR_ERR(rockchip->rst_gpio); -- 2.44.0

11 months, 3 weeks

4
3
0 0

[PATCH] PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio

by Manivannan Sadhasivam

Rockchip platforms use 'GPIO_ACTIVE_HIGH' flag in the devicetree definition for ep_gpio. This means, whatever the logical value set by the driver for the ep_gpio, physical line will output the same logic level. For instance, gpiod_set_value_cansleep(rockchip->ep_gpio, 0); --> Level low gpiod_set_value_cansleep(rockchip->ep_gpio, 1); --> Level high But while requesting the ep_gpio, GPIOD_OUT_HIGH flag is currently used. Now, this also causes the physical line to output 'high' creating trouble for endpoint devices during host reboot. When host reboot happens, the ep_gpio will initially output 'low' due to the GPIO getting reset to its POR value. Then during host controller probe, it will output 'high' due to GPIOD_OUT_HIGH flag. Then during rockchip_pcie_host_init_port(), it will first output 'low' and then 'high' indicating the completion of controller initialization. On the endpoint side, each output 'low' of ep_gpio is accounted for PERST# assert and 'high' for PERST# deassert. With the above mentioned flow during host reboot, endpoint will witness below state changes for PERST#: (1) PERST# assert - GPIO POR state (2) PERST# deassert - GPIOD_OUT_HIGH while requesting GPIO (3) PERST# assert - rockchip_pcie_host_init_port() (4) PERST# deassert - rockchip_pcie_host_init_port() Now the time interval between (2) and (3) is very short as both happen during the driver probe(), and this results in a race in the endpoint. Because, before completing the PERST# deassertion in (2), endpoint got another PERST# assert in (3). A proper way to fix this issue is to change the GPIOD_OUT_HIGH flag in (2) to GPIOD_OUT_LOW. Because the usual convention is to request the GPIO with a state corresponding to its 'initial/default' value and let the driver change the state of the GPIO when required. As per that, the ep_gpio should be requested with GPIOD_OUT_LOW as it corresponds to the POR value of '0' (PERST# assert in the endpoint). Then the driver can change the state of the ep_gpio later in rockchip_pcie_host_init_port() as per the initialization sequence. This fixes the firmware crash issue in Qcom based modems connected to Rockpro64 based board. Cc: <stable(a)vger.kernel.org> # 4.9 Reported-by: Slark Xiao <slark_xiao(a)163.com> Closes: https://lore.kernel.org/mhi/20240402045647.GG2933@thinkpad/ Fixes: e77f847df54c ("PCI: rockchip: Add Rockchip PCIe controller support") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- drivers/pci/controller/pcie-rockchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/controller/pcie-rockchip.c b/drivers/pci/controller/pcie-rockchip.c index 0ef2e622d36e..c07d7129f1c7 100644 --- a/drivers/pci/controller/pcie-rockchip.c +++ b/drivers/pci/controller/pcie-rockchip.c @@ -121,7 +121,7 @@ int rockchip_pcie_parse_dt(struct rockchip_pcie *rockchip) if (rockchip->is_rc) { rockchip->ep_gpio = devm_gpiod_get_optional(dev, "ep", - GPIOD_OUT_HIGH); + GPIOD_OUT_LOW); if (IS_ERR(rockchip->ep_gpio)) return dev_err_probe(dev, PTR_ERR(rockchip->ep_gpio), "failed to get ep GPIO\n"); --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240416-pci-rockchip-perst-fix-88c922621d9a Best regards, -- Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>

11 months, 3 weeks

4
4
0 0

[PATCH] PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id

by Rick Wertenbroek

Remove wrong mask on subsys_vendor_id. Both the Vendor ID and Subsystem Vendor ID are u16 variables and are written to a u32 register of the controller. The Subsystem Vendor ID was always 0 because the u16 value was masked incorrectly with GENMASK(31,16) resulting in all lower 16 bits being set to 0 prior to the shift. Remove both masks as they are unnecessary and set the register correctly i.e., the lower 16-bits are the Vendor ID and the upper 16-bits are the Subsystem Vendor ID. This is documented in the RK3399 TRM section 17.6.7.1.17 Fixes: cf590b078391 ("PCI: rockchip: Add EP driver for Rockchip PCIe controller") Signed-off-by: Rick Wertenbroek <rick.wertenbroek(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/pci/controller/pcie-rockchip-ep.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/pci/controller/pcie-rockchip-ep.c b/drivers/pci/controller/pcie-rockchip-ep.c index c9046e97a1d2..37d4bcb8bd5b 100644 --- a/drivers/pci/controller/pcie-rockchip-ep.c +++ b/drivers/pci/controller/pcie-rockchip-ep.c @@ -98,10 +98,9 @@ static int rockchip_pcie_ep_write_header(struct pci_epc *epc, u8 fn, u8 vfn, /* All functions share the same vendor ID with function 0 */ if (fn == 0) { - u32 vid_regs = (hdr->vendorid & GENMASK(15, 0)) | - (hdr->subsys_vendor_id & GENMASK(31, 16)) << 16; - - rockchip_pcie_write(rockchip, vid_regs, + rockchip_pcie_write(rockchip, + hdr->vendorid | + hdr->subsys_vendor_id << 16, PCIE_CORE_CONFIG_VENDOR); } -- 2.25.1

11 months, 3 weeks

4
5
0 0

[PATCH v3 1/2] x86/sgx: Resolve EAUG race where losing thread returns SIGBUS

by Dmitrii Kuvaiskii

Imagine an mmap()'d file. Two threads touch the same address at the same time and fault. Both allocate a physical page and race to install a PTE for that page. Only one will win the race. The loser frees its page, but still continues handling the fault as a success and returns VM_FAULT_NOPAGE from the fault handler. The same race can happen with SGX. But there's a bug: the loser in the SGX steers into a failure path. The loser EREMOVE's the winner's EPC page, then returns SIGBUS, likely killing the app. Fix the SGX loser's behavior. Change the return code to VM_FAULT_NOPAGE to avoid SIGBUS and call sgx_free_epc_page() which avoids EREMOVE'ing the winner's page and only frees the page that the loser allocated. The race can be illustrated as follows: /* /* * Fault on CPU1 * Fault on CPU2 * on enclave page X * on enclave page X */ */ sgx_vma_fault() { sgx_vma_fault() { xa_load(&encl->page_array) xa_load(&encl->page_array) == NULL --> == NULL --> sgx_encl_eaug_page() { sgx_encl_eaug_page() { ... ... /* /* * alloc encl_page * alloc encl_page */ */ mutex_lock(&encl->lock); /* * alloc EPC page */ epc_page = sgx_alloc_epc_page(...); /* * add page to enclave's xarray */ xa_insert(&encl->page_array, ...); /* * add page to enclave via EAUG * (page is in pending state) */ /* * add PTE entry */ vmf_insert_pfn(...); mutex_unlock(&encl->lock); return VM_FAULT_NOPAGE; } } /* * All good up to here: enclave page * successfully added to enclave, * ready for EACCEPT from user space */ mutex_lock(&encl->lock); /* * alloc EPC page */ epc_page = sgx_alloc_epc_page(...); /* * add page to enclave's xarray, * this fails with -EBUSY as this * page was already added by CPU2 */ xa_insert(&encl->page_array, ...); err_out_shrink: sgx_encl_free_epc_page(epc_page) { /* * remove page via EREMOVE * * *BUG*: page added by CPU2 is * yanked from enclave while it * remains accessible from OS * perspective (PTE installed) */ /* * free EPC page */ sgx_free_epc_page(epc_page); } mutex_unlock(&encl->lock); /* * *BUG*: SIGBUS is returned * for a valid enclave page */ return VM_FAULT_SIGBUS; } } Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") Cc: stable(a)vger.kernel.org Reported-by: Marcelina Kościelnicka <mwk(a)invisiblethingslab.com> Suggested-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> Reviewed-by: Haitao Huang <haitao.huang(a)linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko(a)kernel.org> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..41f14b1a3025 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -382,8 +382,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, * If ret == -EBUSY then page was created in another flow while * running without encl->lock */ - if (ret) + if (ret) { + if (ret == -EBUSY) + vmret = VM_FAULT_NOPAGE; goto err_out_shrink; + } pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page); pginfo.addr = encl_page->desc & PAGE_MASK; @@ -419,7 +422,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, err_out_shrink: sgx_encl_shrink(encl, va_page); err_out_epc: - sgx_encl_free_epc_page(epc_page); + sgx_free_epc_page(epc_page); err_out_unlock: mutex_unlock(&encl->lock); kfree(encl_page); -- 2.34.1

11 months, 3 weeks

1
0
0 0

[PATCH 6.1 000/244] 6.1.91-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.91 release. There are 244 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 18 May 2024 09:11:43 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.91-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.91-rc3 Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Florian Fainelli <f.fainelli(a)gmail.com> net: bcmgenet: Clear RGMII_LINK upon link down Li Nan <linan122(a)huawei.com> md: fix kmemleak of rdev->serial Oscar Salvador <osalvador(a)suse.de> mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Qu Wenruo <wqu(a)suse.com> btrfs: do not wait for short bulk allocation Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Andrea Righi <andrea.righi(a)canonical.com> btf, scripts: rust: drop is_rust_module.sh Andrea Righi <andrea.righi(a)canonical.com> rust: fix regexp in scripts/is_rust_module.sh Asahi Lina <lina(a)asahilina.net> rust: error: Rename to_kernel_errno() -> to_errno() Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Leah Rumancik <leah.rumancik(a)gmail.com> MAINTAINERS: add leah to 6.1 MAINTAINERS file Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: cdev: Add missing header(s) Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer() to timer_delete() Thomas Gleixner <tglx(a)linutronix.de> timers: Get rid of del_singleshot_timer_sync() Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Namhyung Kim <namhyung(a)kernel.org> perf unwind-libdw: Handle JIT-generated DSOs properly Namhyung Kim <namhyung(a)kernel.org> perf unwind-libunwind: Fix base address for .eh_frame Geert Uytterhoeven <geert+renesas(a)glider.be> spi: Merge spi_controller.{slave,target}_abort() Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust: avoid creating temporary files Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Move PLPKS constants to header file Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: replace kmalloc with kzalloc in PLPKS driver Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Yang Yingliang <yangyingliang(a)huawei.com> spi: spi-axi-spi-engine: switch to use modern name Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: axi-spi-engine: Convert to platform remove callback returning void Yang Yingliang <yangyingliang(a)huawei.com> spi: introduce new helpers with using modern naming Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Make use of struct pinfunction and PINCTRL_PINFUNCTION() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Steve French <stfrench(a)microsoft.com> smb3: missing lock when picking channel Shyam Prasad N <sprasad(a)microsoft.com> cifs: use the least loaded channel for sending requests Masahiro Yamada <masahiroy(a)kernel.org> kbuild: specify output names separately for each emission type from rustc Masahiro Yamada <masahiroy(a)kernel.org> kbuild: refactor host*_flags Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix missing hugetlb_lock for resv uncharge Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: convert free_huge_page to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio_hstate() Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add hugetlb_folio_subpool() helpers Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm: add private field of first tail to struct page and struct folio Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio support to hugetlb specific flag macros Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- MAINTAINERS | 1 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +-- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 62 ++--- arch/powerpc/platforms/pseries/plpks.h | 35 ++- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/bluetooth/btqca.c | 162 +++++++++++- drivers/bluetooth/btqca.h | 6 +- drivers/bluetooth/hci_qca.c | 11 + drivers/char/tpm/tpm-dev-common.c | 4 +- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/dma/idxd/cdev.c | 77 ++++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 183 ++++++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 52 ++-- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 +++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 ++- drivers/hwmon/corsair-cpro.c | 43 +++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/md/md.c | 1 + drivers/misc/eeprom/at24.c | 46 +++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 25 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 19 +- drivers/nvme/host/core.c | 2 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++--- drivers/pinctrl/intel/pinctrl-intel.c | 6 +- drivers/pinctrl/intel/pinctrl-intel.h | 17 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 ++- drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 +++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 14 +- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 275 +++++++++++---------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 12 + drivers/staging/wlan-ng/hfa384x_usb.c | 4 +- drivers/staging/wlan-ng/prism2usb.c | 6 +- drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufshcd.c | 5 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++---- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/tcpm/tcpm.c | 35 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/extent_io.c | 19 +- fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/hugetlbfs/inode.c | 8 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/transport.c | 37 ++- fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hugetlb.h | 53 +++- include/linux/hugetlb_cgroup.h | 69 +++--- include/linux/hyperv.h | 1 + include/linux/mm_types.h | 14 ++ include/linux/pci_ids.h | 2 + include/linux/pinctrl/pinctrl.h | 20 ++ include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/spi/spi.h | 51 +++- include/linux/sunrpc/clnt.h | 1 + include/linux/swapops.h | 105 ++++---- include/linux/timer.h | 15 +- include/net/xfrm.h | 3 + include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/time/timer.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- mm/hugetlb.c | 55 +++-- mm/hugetlb_cgroup.c | 34 +-- mm/migrate.c | 2 +- mm/readahead.c | 4 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++- net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_output.c | 2 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mptcp/protocol.c | 3 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprt.c | 2 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/Makefile | 11 +- rust/kernel/error.rs | 2 +- rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 ++++++++------ scripts/Makefile.build | 17 +- scripts/Makefile.host | 27 +- scripts/Makefile.modfinal | 4 +- scripts/is_rust_module.sh | 16 -- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 +++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 +-- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/perf/util/unwind-libdw.c | 21 +- tools/perf/util/unwind-libunwind-local.c | 2 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 30 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + tools/testing/selftests/timers/valid-adjtimex.c | 73 +++--- 247 files changed, 2515 insertions(+), 1401 deletions(-)

11 months, 3 weeks

10
10
0 0

three commits you might or might not want to pick up for 6.9.y

by Thorsten Leemhuis

Hi Greg. Here are three reports for regressions introduced during the 6.9 cycle that were not fixed for 6.9 for one reason or another, but are fixed in mainline now. So they might be good candidates to pick up early for 6.9.y -- or maybe not, not sure. You are the better judge here. I just thought you might wanted to know about them. * net: Bluetooth: firmware loading problems with older firmware: https://lore.kernel.org/lkml/20240401144424.1714-1-mike@fireburn.co.uk/ Fixed by 958cd6beab693f ("Bluetooth: btusb: Fix the patch for MT7920 the affected to MT7921") – which likely should have gone into 6.9, but did not due to lack of fixes: an stable tags: https://lore.kernel.org/all/CABBYNZK1QWNHpmXUyne1Vmqqvy7csmivL7q7N2Mu=2fmrU… * leds/iwlwifi: hangs on boot: https://lore.kernel.org/lkml/30f757e3-73c5-5473-c1f8-328bab98fd7d@candelate… Fixed by 3d913719df14c2 ("wifi: iwlwifi: Use request_module_nowait") – not sure if that one is worth it, the regression might be an exotic corner case. * Ryzen 7840HS CPU single core never boosts to max frequency: https://bugzilla.kernel.org/show_bug.cgi?id=218759 Fixed by bf202e654bfa57 ("cpufreq: amd-pstate: fix the highest frequency issue which limits performance") – which was broken out of a patch-set by the developers to send it in for 6.9, but then was only merged for 6.10 by the maintainer. Ciao, Thorsten

11 months, 3 weeks

2
2
0 0

[PATCH 6.6 000/308] 6.6.31-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.31 release. There are 308 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 18 May 2024 12:12:33 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.31-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.31-rc3 Li Nan <linan122(a)huawei.com> md: fix kmemleak of rdev->serial Pei Xiao <xiaopei01(a)kylinos.cn> Revert "selftests/bpf: Add netkit to tc_redirect selftest" Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Qu Wenruo <wqu(a)suse.com> btrfs: do not wait for short bulk allocation Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Richard Gobert <richardbgobert(a)gmail.com> net: gro: parse ipv6 ext headers without frag0 invalidation Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce generic names for IPC types Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Christian Marangi <ansuelsmth(a)gmail.com> mtd: limit OTP NVMEM cell parse to non-NAND devices Rafał Miłecki <rafal(a)milecki.pl> nvmem: add explicit config option to read old syntax fixed OF cells Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +- Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++ drivers/bluetooth/btqca.c | 208 ++++++++++++- drivers/bluetooth/btqca.h | 8 +- drivers/bluetooth/hci_qca.c | 13 +- drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/clk/sunxi-ng/ccu_common.c | 19 ++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/dma/idxd/cdev.c | 77 +++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 181 +++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++-- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 + .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +- drivers/hv/connection.c | 29 +- drivers/hwmon/corsair-cpro.c | 43 ++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-spi.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/md/md.c | 1 + drivers/misc/eeprom/at24.c | 47 ++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mtd/mtdcore.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 20 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/nvmem/apple-efuses.c | 1 + drivers/nvmem/core.c | 8 +- drivers/nvmem/imx-ocotp-scu.c | 1 + drivers/nvmem/imx-ocotp.c | 1 + drivers/nvmem/meson-efuse.c | 1 + drivers/nvmem/meson-mx-efuse.c | 1 + drivers/nvmem/microchip-otpc.c | 1 + drivers/nvmem/mtk-efuse.c | 1 + drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/nvmem/qfprom.c | 1 + drivers/nvmem/rave-sp-eeprom.c | 1 + drivers/nvmem/rockchip-efuse.c | 1 + drivers/nvmem/sc27xx-efuse.c | 1 + drivers/nvmem/sec-qfprom.c | 1 + drivers/nvmem/sprd-efuse.c | 1 + drivers/nvmem/stm32-romem.c | 1 + drivers/nvmem/sunplus-ocotp.c | 1 + drivers/nvmem/sunxi_sid.c | 1 + drivers/nvmem/uniphier-efuse.c | 1 + drivers/nvmem/zynqmp_nvmem.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 ++--- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/regulator/tps65132-regulator.c | 7 + drivers/rtc/nvmem.c | 1 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 +-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 229 +++++++------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++--- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + drivers/w1/slaves/w1_ds250x.c | 1 + fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/extent_io.c | 14 +- fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 ++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 + fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 45 ++- fs/tracefs/inode.c | 92 +++++- fs/tracefs/internal.h | 7 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/nvmem-provider.h | 2 + include/linux/pci_ids.h | 2 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 + include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/sound/sof.h | 7 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/hugetlb.c | 4 +- mm/readahead.c | 4 + net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 ++- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 +- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 52 +++- net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++- net/mptcp/protocol.c | 3 + net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++-- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 +++++++----- scripts/Makefile.modfinal | 2 +- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++---- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/sof/intel/hda-dsp.c | 20 +- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 45 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../testing/selftests/bpf/prog_tests/tc_redirect.c | 52 ---- .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 333 ++++++++++----------- tools/testing/selftests/timers/valid-adjtimex.c | 73 +++-- 350 files changed, 3151 insertions(+), 1846 deletions(-)

11 months, 3 weeks

9
9
0 0

[PATCH v1] wifi: mwifiex: Fix interface type change

by Francesco Dolcini

From: Rafael Beims <rafael.beims(a)toradex.com> When changing the interface type we also need to update the bss_num, the driver private data is searched based on a unique (bss_type, bss_num) tuple, therefore every time bss_type changes, bss_num must also change. This fixes for example an issue in which, after the mode changed, a wireless scan on the changed interface would not finish, leading to repeated -EBUSY messages to userspace when other scan requests were sent. Fixes: c606008b7062 ("mwifiex: Properly initialize private structure on interface type changes") Cc: stable(a)vger.kernel.org Signed-off-by: Rafael Beims <rafael.beims(a)toradex.com> Reviewed-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> Signed-off-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> --- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c index b909a7665e9c..155eb0fab12a 100644 --- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c +++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c @@ -926,6 +926,8 @@ mwifiex_init_new_priv_params(struct mwifiex_private *priv, return -EOPNOTSUPP; } + priv->bss_num = mwifiex_get_unused_bss_num(adapter, priv->bss_type); + spin_lock_irqsave(&adapter->main_proc_lock, flags); adapter->main_locked = false; spin_unlock_irqrestore(&adapter->main_proc_lock, flags); -- 2.39.2

11 months, 3 weeks

2
4
0 0

[PATCH 6.9 0/5] 6.9.1-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.1 release. There are 5 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 17 May 2024 08:23:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.1-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.1-rc1 Ben Greear <greearb(a)candelatech.com> wifi: mt76: mt7915: add missing chanctx ops Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist ------------- Diffstat: Makefile | 4 +- drivers/dma/idxd/cdev.c | 77 ++++++++++++++++++++++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 ++ drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 ++++++++- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 4 ++ drivers/vfio/pci/vfio_pci.c | 2 + include/linux/pci_ids.h | 2 + security/keys/key.c | 3 +- 10 files changed, 121 insertions(+), 8 deletions(-)

11 months, 3 weeks

8
12
0 0

[PATCH 6.8 000/339] 6.8.10-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.10 release. There are 339 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 18 May 2024 12:12:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.10-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.10-rc3 Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Enhance def_domain_type to handle untrusted device Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Thomas Weißschuh <linux(a)weissschuh.net> misc/pvpanic-pci: register attributes via pci_driver Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Lyude Paul <lyude(a)redhat.com> drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Fix idle optimization checks for multi-display and dual eDP Matt Coster <matt.coster(a)imgtec.com> drm/imagination: Ensure PVR_MIPS_PT_PAGE_COUNT is never zero Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Marek Szyprowski <m.szyprowski(a)samsung.com> clk: samsung: Revert "clk: Use device_get_match_data()" Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Reset chip on probe() and resume() Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes SPI support for BMP3xx devices Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Josef Bacik <josef(a)toxicpanda.com> btrfs: make sure that WRITTEN is set on all metadata blocks Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: do not check qgroup inherit if qgroup is disabled Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> mm/slub: avoid zeroing outside-object freepointer for single free Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Donald Hunter <donald.hunter(a)gmail.com> netlink: specs: Add missing bridge linkinfo attrs Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-pico6: Fix bluetooth node Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmf: Decrease error message to debug Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: remove erroneous nlink init from legacy stat2inode Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe: Label RING_CONTEXT_CONTROL as masked Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe/xe_migrate: Cast to output precision before multiplying operands Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: fix the high voltage issue after unload Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: add smu 14.0.1 discovery support Li Ma <li.ma(a)amd.com> drm/amd/display: add DCN 351 version for microcode load Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Eric Dumazet <edumazet(a)google.com> nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies Eric Dumazet <edumazet(a)google.com> net: add copy_safe_from_sockptr() helper Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Bernhard Rosenkränzer <bero(a)baylibre.com> platform/x86: acer-wmi: Add support for Acer PH18-71 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix missed error message after VPU rename Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Improve clarity of MMU error messages Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Remove d3hot_after_power_off WA Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Kees Cook <keescook(a)chromium.org> nouveau/gsp: Avoid addressing beyond end of rpc->entries Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Len Brown <len.brown(a)intel.com> tools/power turbostat: Expand probe_intel_uncore_frequency() Chen Yu <yu.c.chen(a)intel.com> tools/power turbostat: Do not print negative LPI residency Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: modify clock table Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: Solve error interruption issue Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> OSS: dmasound/paula: Mark driver struct with __refdata to prevent section mismatch André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix END redefinition linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: fix uninitialized values during inode evict Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Conor Dooley <conor.dooley(a)microchip.com> firmware: microchip: don't unconditionally print validation success Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix timing of synchronizing bitmap and inode Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/versal: Do not log total error counts Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/display: Fix ADL-N detection Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Prevent use-after-free from occurring after cdev removal David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Fix two locking issues with thermal zone debug Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Free all thermal zone debug memory on zone removal Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> ice: ensure the copied buf is NUL terminated Chen Yu <yu.c.chen(a)intel.com> efi/unaccepted: touch soft lockup during memory accept Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Puranjay Mohan <puranjay(a)kernel.org> arm32, bpf: Reimplement sign-extension mov instruction Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_encode_fattr4() crasher Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for CB_GETATTR callback Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +-- Documentation/netlink/specs/rt_link.yaml | 6 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm/net/bpf_jit_32.c | 56 +++++-- .../dts/mediatek/mt8183-kukui-jacuzzi-pico6.dts | 3 +- arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 ++-- arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +-- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 ++-- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/accel/ivpu/ivpu_drv.c | 20 +-- drivers/accel/ivpu/ivpu_drv.h | 3 +- drivers/accel/ivpu/ivpu_hw_37xx.c | 4 +- drivers/accel/ivpu/ivpu_mmu.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 9 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++++ drivers/bluetooth/btqca.c | 140 ++++++++++++++-- drivers/bluetooth/btqca.h | 3 +- drivers/bluetooth/hci_qca.c | 2 - drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/samsung/clk-exynos-clkout.c | 13 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 ++- drivers/clk/sunxi-ng/ccu_common.c | 19 +++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/dma/idxd/cdev.c | 77 +++++++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 ++- drivers/edac/versal_edac.c | 4 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/firmware/efi/unaccepted_memory.c | 4 + drivers/firmware/microchip/mpfs-auto-update.c | 2 + drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 26 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++++--- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++++-- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 33 +++- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 27 ++- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 8 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +-- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/imagination/pvr_fw_mips.h | 5 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++++---- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 +- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 81 +++++---- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +----- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/drm/xe/compat-i915-headers/i915_drv.h | 3 +- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 +- drivers/gpu/drm/xe/xe_lrc.c | 25 ++- drivers/gpu/drm/xe/xe_migrate.c | 8 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +++- drivers/hv/connection.c | 29 +++- drivers/hwmon/corsair-cpro.c | 43 +++-- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 92 +++++++++- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-core.c | 1 + drivers/iio/pressure/bmp280-spi.c | 13 +- drivers/iio/pressure/bmp280.h | 1 + drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 4 + drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c | 4 +- drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/pvpanic/pvpanic-pci.c | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 20 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 +++--- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +-- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- drivers/net/ethernet/intel/ice/ice_debugfs.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++++-- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 ++-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++++---- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 ++--- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/platform/x86/acer-wmi.c | 9 + drivers/platform/x86/amd/pmf/acpi.c | 2 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +-- drivers/regulator/mt6360-regulator.c | 32 ++-- drivers/regulator/tps65132-regulator.c | 7 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++++---- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +-- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +-- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 ++-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 19 +-- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 ++ drivers/thermal/thermal_debugfs.c | 59 +++++-- drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++++----- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 +++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 +++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 23 ++- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/qgroup.c | 2 + fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-checker.c | 30 ++-- fs/btrfs/tree-checker.h | 1 + fs/btrfs/volumes.c | 18 +- fs/exfat/file.c | 9 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/nfsd/cache.h | 2 - fs/nfsd/netns.h | 21 ++- fs/nfsd/nfs4callback.c | 97 ++++++++++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfs4state.c | 3 +- fs/nfsd/nfs4xdr.c | 2 +- fs/nfsd/nfscache.c | 40 +---- fs/nfsd/nfsctl.c | 14 +- fs/nfsd/nfsfh.c | 3 +- fs/nfsd/state.h | 14 ++ fs/nfsd/stats.c | 43 ++--- fs/nfsd/stats.h | 62 +++---- fs/nfsd/vfs.c | 6 +- fs/nfsd/xdr4cb.h | 18 ++ fs/proc/task_mmu.c | 24 +-- fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 +++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 ++ fs/smb/server/oplock.c | 35 ++-- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 45 +++-- fs/tracefs/inode.c | 92 +++++++++- fs/tracefs/internal.h | 7 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 ++ include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/pci_ids.h | 2 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 4 +- include/linux/sockptr.h | 25 +++ include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 ++ kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/readahead.c | 4 + mm/slub.c | 52 +++--- net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++-- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 ++- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++-- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++++- net/mptcp/protocol.c | 3 + net/nfc/llcp_sock.c | 12 +- net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++++--- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 ++- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/macros/module.rs | 185 +++++++++++++-------- scripts/Makefile.modfinal | 2 +- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/oss/dmasound/dmasound_paula.c | 8 +- sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++++++------- sound/pci/hda/patch_realtek.c | 25 ++- sound/soc/codecs/es8326.c | 30 ++-- sound/soc/codecs/es8326.h | 2 +- sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++++--- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++-- sound/soc/meson/axg-toddr.c | 22 ++- sound/soc/sof/intel/hda-dsp.c | 20 ++- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 +++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 163 +++++++++++++----- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 14 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++++---- 377 files changed, 3373 insertions(+), 1845 deletions(-)

11 months, 3 weeks

9
8
0 0

[PATCH 5.10 000/111] 5.10.217-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.217 release. There are 111 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.217-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.217-rc1 Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Rob Herring <robh(a)kernel.org> arm64: dts: qcom: Fix 'interrupt-map' parent address cells Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> kcov: Remove kcov include from sched.h and move it to its users. Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-tdm-interface: Fix formatters in trigger" Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-card: Fix nonatomic links Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Geert Uytterhoeven <geert(a)linux-m68k.org> ASoC: Fix 7/8 spaces indentation in Kconfig Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +-- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 ++-- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- drivers/ata/sata_gemini.c | 5 +- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 ++- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hwmon/corsair-cpro.c | 43 +++-- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 ++- drivers/iio/imu/adis16475.c | 4 +- drivers/misc/eeprom/at24.c | 46 +++++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 20 ++- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 3 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 ++-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 180 +++++++++------------ drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 ++-- drivers/regulator/mt6360-regulator.c | 32 ++-- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/target/target_core_configfs.c | 12 ++ drivers/usb/core/hub.c | 5 +- drivers/usb/dwc3/core.c | 90 +++++------ drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/usb/usbip/usbip_common.h | 1 + fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 17 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + include/linux/kcov.h | 1 + include/linux/sched.h | 1 - include/linux/skbuff.h | 15 ++ include/linux/sunrpc/clnt.h | 1 + include/net/xfrm.h | 3 + lib/dynamic_debug.c | 6 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 2 +- net/core/skbuff.c | 28 +++- net/core/sock.c | 4 +- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/iface.c | 1 + net/mac80211/rx.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/sunrpc/clnt.c | 5 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/Kconfig | 18 +-- sound/soc/generic/Kconfig | 2 +- sound/soc/intel/boards/Kconfig | 2 +- sound/soc/meson/Kconfig | 3 +- sound/soc/pxa/Kconfig | 14 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/usb/line6/driver.c | 6 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 7 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 +++++---- 120 files changed, 754 insertions(+), 509 deletions(-)

11 months, 3 weeks

6
119
0 0

[PATCH 6.8 000/340] 6.8.10-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.10 release. There are 340 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 17 May 2024 08:23:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.10-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.10-rc2 Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not differentiate the toplevel events directory Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Enhance def_domain_type to handle untrusted device Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Thomas Weißschuh <linux(a)weissschuh.net> misc/pvpanic-pci: register attributes via pci_driver Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Lyude Paul <lyude(a)redhat.com> drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Fix idle optimization checks for multi-display and dual eDP Matt Coster <matt.coster(a)imgtec.com> drm/imagination: Ensure PVR_MIPS_PT_PAGE_COUNT is never zero Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Marek Szyprowski <m.szyprowski(a)samsung.com> clk: samsung: Revert "clk: Use device_get_match_data()" Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Reset chip on probe() and resume() Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes SPI support for BMP3xx devices Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Josef Bacik <josef(a)toxicpanda.com> btrfs: make sure that WRITTEN is set on all metadata blocks Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: do not check qgroup inherit if qgroup is disabled Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> mm/slub: avoid zeroing outside-object freepointer for single free Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Donald Hunter <donald.hunter(a)gmail.com> netlink: specs: Add missing bridge linkinfo attrs Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-pico6: Fix bluetooth node Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmf: Decrease error message to debug Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: remove erroneous nlink init from legacy stat2inode Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe: Label RING_CONTEXT_CONTROL as masked Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe/xe_migrate: Cast to output precision before multiplying operands Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: fix the high voltage issue after unload Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: add smu 14.0.1 discovery support Li Ma <li.ma(a)amd.com> drm/amd/display: add DCN 351 version for microcode load Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Eric Dumazet <edumazet(a)google.com> nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies Eric Dumazet <edumazet(a)google.com> net: add copy_safe_from_sockptr() helper Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Bernhard Rosenkränzer <bero(a)baylibre.com> platform/x86: acer-wmi: Add support for Acer PH18-71 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix missed error message after VPU rename Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Improve clarity of MMU error messages Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Remove d3hot_after_power_off WA Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Kees Cook <keescook(a)chromium.org> nouveau/gsp: Avoid addressing beyond end of rpc->entries Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Len Brown <len.brown(a)intel.com> tools/power turbostat: Expand probe_intel_uncore_frequency() Chen Yu <yu.c.chen(a)intel.com> tools/power turbostat: Do not print negative LPI residency Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: modify clock table Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: Solve error interruption issue Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> OSS: dmasound/paula: Mark driver struct with __refdata to prevent section mismatch André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix END redefinition linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: fix uninitialized values during inode evict Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Conor Dooley <conor.dooley(a)microchip.com> firmware: microchip: don't unconditionally print validation success Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix timing of synchronizing bitmap and inode Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/versal: Do not log total error counts Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/display: Fix ADL-N detection Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Prevent use-after-free from occurring after cdev removal David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Fix two locking issues with thermal zone debug Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Free all thermal zone debug memory on zone removal Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> ice: ensure the copied buf is NUL terminated Chen Yu <yu.c.chen(a)intel.com> efi/unaccepted: touch soft lockup during memory accept Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Puranjay Mohan <puranjay(a)kernel.org> arm32, bpf: Reimplement sign-extension mov instruction Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_encode_fattr4() crasher Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for CB_GETATTR callback Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +-- Documentation/netlink/specs/rt_link.yaml | 6 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm/net/bpf_jit_32.c | 56 +++++-- .../dts/mediatek/mt8183-kukui-jacuzzi-pico6.dts | 3 +- arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 ++-- arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +-- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 ++-- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/accel/ivpu/ivpu_drv.c | 20 +-- drivers/accel/ivpu/ivpu_drv.h | 3 +- drivers/accel/ivpu/ivpu_hw_37xx.c | 4 +- drivers/accel/ivpu/ivpu_mmu.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 9 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++++ drivers/bluetooth/btqca.c | 140 ++++++++++++++-- drivers/bluetooth/btqca.h | 3 +- drivers/bluetooth/hci_qca.c | 2 - drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/samsung/clk-exynos-clkout.c | 13 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 ++- drivers/clk/sunxi-ng/ccu_common.c | 19 +++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/dma/idxd/cdev.c | 77 +++++++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 ++- drivers/edac/versal_edac.c | 4 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/firmware/efi/unaccepted_memory.c | 4 + drivers/firmware/microchip/mpfs-auto-update.c | 2 + drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 26 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++++--- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++++-- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 33 +++- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 27 ++- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 8 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +-- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/imagination/pvr_fw_mips.h | 5 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++++---- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 +- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 81 +++++---- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +----- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/drm/xe/compat-i915-headers/i915_drv.h | 3 +- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 +- drivers/gpu/drm/xe/xe_lrc.c | 25 ++- drivers/gpu/drm/xe/xe_migrate.c | 8 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +++- drivers/hv/connection.c | 29 +++- drivers/hwmon/corsair-cpro.c | 43 +++-- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 92 +++++++++- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-core.c | 1 + drivers/iio/pressure/bmp280-spi.c | 13 +- drivers/iio/pressure/bmp280.h | 1 + drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 4 + drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c | 4 +- drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/pvpanic/pvpanic-pci.c | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 20 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 +++--- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +-- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- drivers/net/ethernet/intel/ice/ice_debugfs.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++++-- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 ++-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++++---- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 ++--- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/platform/x86/acer-wmi.c | 9 + drivers/platform/x86/amd/pmf/acpi.c | 2 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +-- drivers/regulator/mt6360-regulator.c | 32 ++-- drivers/regulator/tps65132-regulator.c | 7 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++++---- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +-- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +-- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 ++-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 19 +-- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 ++ drivers/thermal/thermal_debugfs.c | 59 +++++-- drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++++----- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 +++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 +++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 23 ++- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/qgroup.c | 2 + fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-checker.c | 30 ++-- fs/btrfs/tree-checker.h | 1 + fs/btrfs/volumes.c | 18 +- fs/exfat/file.c | 9 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/nfsd/cache.h | 2 - fs/nfsd/netns.h | 21 ++- fs/nfsd/nfs4callback.c | 97 ++++++++++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfs4state.c | 3 +- fs/nfsd/nfs4xdr.c | 2 +- fs/nfsd/nfscache.c | 40 +---- fs/nfsd/nfsctl.c | 14 +- fs/nfsd/nfsfh.c | 3 +- fs/nfsd/state.h | 14 ++ fs/nfsd/stats.c | 43 ++--- fs/nfsd/stats.h | 62 +++---- fs/nfsd/vfs.c | 6 +- fs/nfsd/xdr4cb.h | 18 ++ fs/proc/task_mmu.c | 24 +-- fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 +++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 ++ fs/smb/server/oplock.c | 35 ++-- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 74 +++++---- fs/tracefs/inode.c | 92 +++++++++- fs/tracefs/internal.h | 14 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 ++ include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/pci_ids.h | 2 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 4 +- include/linux/sockptr.h | 25 +++ include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 ++ kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/readahead.c | 4 + mm/slub.c | 52 +++--- net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++-- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 ++- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++-- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++++- net/mptcp/protocol.c | 3 + net/nfc/llcp_sock.c | 12 +- net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++++--- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 ++- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/macros/module.rs | 185 +++++++++++++-------- scripts/Makefile.modfinal | 2 +- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/oss/dmasound/dmasound_paula.c | 8 +- sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++++++------- sound/pci/hda/patch_realtek.c | 25 ++- sound/soc/codecs/es8326.c | 30 ++-- sound/soc/codecs/es8326.h | 2 +- sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++++--- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++-- sound/soc/meson/axg-toddr.c | 22 ++- sound/soc/sof/intel/hda-dsp.c | 20 ++- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 +++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 163 +++++++++++++----- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 14 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++++---- 377 files changed, 3384 insertions(+), 1870 deletions(-)

11 months, 3 weeks

9
11
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize UMAC_CMD access" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0d5e2a82232605b337972fb2c7d0cbc46898aca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051356-partly-sizzle-f63e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0d5e2a822326 ("net: bcmgenet: synchronize UMAC_CMD access") a9f31047baca ("net: bcmgenet: Fix EEE implementation") 53243d412ec5 ("net: use bool values to pass bool param of phy_init_eee()") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") b82f8c3f1409 ("net: fec: add eee mode tx lpi support") 40b5d2f15c09 ("net: dsa: mt7530: Add support for EEE features") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d5e2a82232605b337972fb2c7d0cbc46898aca1 Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:21 -0700 Subject: [PATCH] net: bcmgenet: synchronize UMAC_CMD access The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev,

11 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d85cf67a339685beae1d0aee27b7f61da95455be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051347-buddhism-hunting-5c42@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: d85cf67a3396 ("net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access") 696450c05181 ("net: bcmgenet: Clear RGMII_LINK upon link down") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d85cf67a339685beae1d0aee27b7f61da95455be Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:19 -0700 Subject: [PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name);

11 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize UMAC_CMD access" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0d5e2a82232605b337972fb2c7d0cbc46898aca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051352-twins-rumor-dcc9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0d5e2a822326 ("net: bcmgenet: synchronize UMAC_CMD access") a9f31047baca ("net: bcmgenet: Fix EEE implementation") 53243d412ec5 ("net: use bool values to pass bool param of phy_init_eee()") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d5e2a82232605b337972fb2c7d0cbc46898aca1 Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:21 -0700 Subject: [PATCH] net: bcmgenet: synchronize UMAC_CMD access The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev,

11 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d85cf67a339685beae1d0aee27b7f61da95455be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051343-casket-astride-c192@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d85cf67a3396 ("net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access") 696450c05181 ("net: bcmgenet: Clear RGMII_LINK upon link down") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d85cf67a339685beae1d0aee27b7f61da95455be Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:19 -0700 Subject: [PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name);

11 months, 3 weeks

2
1
0 0

[PATCH 5.4 00/84] 5.4.276-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.276 release. There are 84 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.276-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.276-rc1 Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback YueHaibing <yuehaibing(a)huawei.com> pinctrl: mediatek: remove set but not used variable 'e' Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: mediatek: Fix some off by one bugs Hsin-Yi Wang <hsinyi(a)chromium.org> pinctrl: mediatek: Fix fallback behavior for bias_set_combo Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-tdm-interface: Fix formatters in trigger" Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-card: Fix nonatomic links Hsin-Yi Wang <hsinyi(a)chromium.org> pinctrl: mediatek: Fix fallback call path Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Add number of MACs in the ATU Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: remove shadow variable declaration Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: Backward compatible to previous Mediatek's bias-pull usage Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: Refine mtk_pinconf_get() Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: Refine mtk_pinconf_get() and mtk_pinconf_set() Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: Supporting driving setting without mapping current to register value Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: Check gpio pin number and use binary search in mtk_hw_pin_field_lookup() Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: Makefile | 4 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +-- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- drivers/ata/sata_gemini.c | 5 +- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/net/dsa/mv88e6xxx/chip.c | 29 ++- drivers/net/dsa/mv88e6xxx/chip.h | 6 + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 16 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 15 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/mediatek/pinctrl-mt6765.c | 11 +- drivers/pinctrl/mediatek/pinctrl-mt8183.c | 7 +- drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 268 ++++++++++++++++++++- drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.h | 16 ++ drivers/pinctrl/mediatek/pinctrl-paris.c | 281 +++++++++-------------- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 ++- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/target/target_core_configfs.c | 12 + drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/transaction.c | 2 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + include/linux/skbuff.h | 15 ++ include/linux/sunrpc/clnt.h | 1 + include/net/xfrm.h | 3 + lib/dynamic_debug.c | 6 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 2 +- net/core/sock.c | 4 +- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/sunrpc/clnt.c | 5 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + sound/usb/line6/driver.c | 6 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 7 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 +++--- 80 files changed, 763 insertions(+), 395 deletions(-)

11 months, 3 weeks

7
90
0 0

[PATCH 5.15 000/168] 5.15.159-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.159 release. There are 168 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 17 May 2024 08:23:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.159-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.159-rc2 Li Nan <linan122(a)huawei.com> md: fix kmemleak of rdev->serial Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Rob Herring <robh(a)kernel.org> arm64: dts: qcom: Fix 'interrupt-map' parent address cells Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> ACPI: CPPC: Fix access width used for PCC registers Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Easwar Hariharan <eahariha(a)linux.microsoft.com> Revert "Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses"" Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Jian Shen <shenjian15(a)huawei.com> net: hns3: split function hclge_init_vlan_config() Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jie Wang <wangjie125(a)huawei.com> net: hns3: refactor hclge_cmd_send with new hclge_comm_cmd_send API Jie Wang <wangjie125(a)huawei.com> net: hns3: create new set of unified hclge_comm_cmd_send APIs Jie Wang <wangjie125(a)huawei.com> net: hns3: create new cmdq hardware description structure hclge_comm_hw Jie Wang <wangjie125(a)huawei.com> net: hns3: refactor hns3 makefile to support hns3_common module Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Hao Lan <lanhao(a)huawei.com> net: hns3: refactor function hclge_mbx_handler() Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: add query vf ring and vector map relation Yufeng Mo <moyufeng(a)huawei.com> net: hns3: add log for workqueue scheduled late Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: PF support get unicast MAC address space assigned by firmware Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Improved check for empty queue John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Reschedule is now done through backlog John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Convert schedule_work into delayed_work John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Handle fin correctly John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: TCP data stall on recv before accept Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't keep track of Input Queue count Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: Add xdp_do_redirect_frame() for pre-computed xdp_frames Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: Move conversion to xdp_frame out of map functions Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- drivers/acpi/cppc_acpi.c | 67 ++- drivers/ata/sata_gemini.c | 5 +- drivers/bluetooth/btqca.c | 62 ++- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +-- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hwmon/corsair-cpro.c | 43 +- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/md/md.c | 1 + drivers/misc/eeprom/at24.c | 46 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 20 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/Makefile | 18 +- drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h | 15 + drivers/net/ethernet/hisilicon/hns3/hnae3.h | 3 +- .../hisilicon/hns3/hns3_common/hclge_comm_cmd.c | 259 +++++++++++ .../hisilicon/hns3/hns3_common/hclge_comm_cmd.h | 121 +++++ drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 + .../net/ethernet/hisilicon/hns3/hns3pf/Makefile | 12 - .../net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c | 311 ++----------- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h | 85 +--- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 221 +++++---- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 17 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 494 +++++++++++++++------ .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 4 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3vf/Makefile | 10 - .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 10 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 180 +++----- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core.h | 1 - drivers/s390/net/qeth_core_main.c | 78 ++-- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/target/target_core_configfs.c | 12 + drivers/usb/core/hub.c | 5 +- drivers/usb/dwc3/core.c | 90 ++-- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/ucsi/ucsi.c | 12 +- fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/ksmbd/server.c | 13 +- fs/ksmbd/smb2pdu.c | 4 + fs/ksmbd/vfs.c | 5 + fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + include/linux/bpf.h | 20 +- include/linux/dma-fence.h | 7 - include/linux/filter.h | 4 + include/linux/skbuff.h | 15 + include/linux/skmsg.h | 5 +- include/linux/sunrpc/clnt.h | 1 + include/net/xfrm.h | 3 + kernel/bpf/cpumap.c | 8 +- kernel/bpf/devmap.c | 32 +- kernel/bpf/verifier.c | 3 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/core/filter.c | 117 ++++- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 2 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 53 +-- net/core/sock.c | 4 +- net/core/sock_map.c | 3 +- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_bpf.c | 51 +++ net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mptcp/protocol.c | 3 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/sunrpc/clnt.c | 5 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + scripts/Makefile.modfinal | 2 +- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 26 +- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 7 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++- 173 files changed, 2224 insertions(+), 1423 deletions(-)

11 months, 3 weeks

9
8
0 0

[PATCH 17/24] drm/amd/display: Remove redundant idle optimization check

by Roman.Li＠amd.com

From: Roman Li <roman.li(a)amd.com> [Why] Disable idle optimization for each atomic commit is unnecessary, and can lead to a potential race condition. [How] Remove idle optimization check from amdgpu_dm_atomic_commit_tail() Fixes: 196107eb1e15 ("drm/amd/display: Add IPS checks before dcn register access") Cc: stable(a)vger.kernel.org Reviewed-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Acked-by: Roman Li <roman.li(a)amd.com> Signed-off-by: Roman Li <roman.li(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 53dc4c75fb75..328db84e3d44 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -9395,9 +9395,6 @@ static void amdgpu_dm_atomic_commit_tail(struct drm_atomic_state *state) trace_amdgpu_dm_atomic_commit_tail_begin(state); - if (dm->dc->caps.ips_support && dm->dc->idle_optimizations_allowed) - dc_allow_idle_optimizations(dm->dc, false); - drm_atomic_helper_update_legacy_modeset_state(dev, state); drm_dp_mst_atomic_wait_for_dependencies(state); -- 2.34.1

11 months, 3 weeks

1
0
0 0

[PATCH] x86/efistub: Omit physical KASLR when memory reservations exist

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> The legacy decompressor has elaborate logic to ensure that the randomized physical placement of the decompressed kernel image does not conflict with any memory reservations, including ones specified on the command line using mem=, memmap=, efi_fake_mem= or hugepages=, which are taken into account by the kernel proper at a later stage. When booting in EFI mode, it is the firmware's job to ensure that the chosen range does not conflict with any memory reservations that it knows about, and this is trivially achieved by using the firmware's memory allocation APIs. That leaves reservations specified on the command line, though, which the firmware knows nothing about, as these regions have no other special significance to the platform. Since commit a1b87d54f4e4 ("x86/efistub: Avoid legacy decompressor when doing EFI boot") these reservations are not taken into account when randomizing the physical placement, which may result in conflicts where the memory cannot be reserved by the kernel proper because its own executable image resides there. To avoid having to duplicate or reuse the existing complicated logic, disable physical KASLR entirely when such overrides are specified. These are mostly diagnostic tools or niche features, and physical KASLR (as opposed to virtual KASLR, which is much more important as it affects the memory addresses observed by code executing in the kernel) is something we can live without. Closes: https://lkml.kernel.org/r/FA5F6719-8824-4B04-803E-82990E65E627%40akamai.com Reported-by: Ben Chaney <bchaney(a)akamai.com> Fixes: a1b87d54f4e4 ("x86/efistub: Avoid legacy decompressor when doing EFI boot") Cc: <stable(a)vger.kernel.org> # v6.1+ Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- drivers/firmware/efi/libstub/x86-stub.c | 28 +++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index d5a8182cf2e1..1983fd3bf392 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -776,6 +776,26 @@ static void error(char *str) efi_warn("Decompression failed: %s\n", str); } +static const char *cmdline_memmap_override; + +static efi_status_t parse_options(const char *cmdline) +{ + static const char opts[][14] = { + "mem=", "memmap=", "efi_fake_mem=", "hugepages=" + }; + + for (int i = 0; i < ARRAY_SIZE(opts); i++) { + const char *p = strstr(cmdline, opts[i]); + + if (p == cmdline || (p > cmdline && isspace(p[-1]))) { + cmdline_memmap_override = opts[i]; + break; + } + } + + return efi_parse_options(cmdline); +} + static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry) { unsigned long virt_addr = LOAD_PHYSICAL_ADDR; @@ -807,6 +827,10 @@ static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry) !memcmp(efistub_fw_vendor(), ami, sizeof(ami))) { efi_debug("AMI firmware v2.0 or older detected - disabling physical KASLR\n"); seed[0] = 0; + } else if (cmdline_memmap_override) { + efi_info("%s detected on the kernel command line - disabling physical KASLR\n", + cmdline_memmap_override); + seed[0] = 0; } boot_params_ptr->hdr.loadflags |= KASLR_FLAG; @@ -883,7 +907,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, } #ifdef CONFIG_CMDLINE_BOOL - status = efi_parse_options(CONFIG_CMDLINE); + status = parse_options(CONFIG_CMDLINE); if (status != EFI_SUCCESS) { efi_err("Failed to parse options\n"); goto fail; @@ -892,7 +916,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, if (!IS_ENABLED(CONFIG_CMDLINE_OVERRIDE)) { unsigned long cmdline_paddr = ((u64)hdr->cmd_line_ptr | ((u64)boot_params->ext_cmd_line_ptr << 32)); - status = efi_parse_options((char *)cmdline_paddr); + status = parse_options((char *)cmdline_paddr); if (status != EFI_SUCCESS) { efi_err("Failed to parse options\n"); goto fail; -- 2.45.0.rc1.225.g2a3ae87e7f-goog

11 months, 3 weeks

4
5
0 0

[PATCH v1 1/2] landlock: Fix d_parent walk

by Mickaël Salaün

The canary in collect_domain_accesses() can be triggered when trying to link a root mount point. This cannot work in practice because this directory is mounted, but the VFS check is done after the call to security_path_link(). Do not use source directory's d_parent when the source directory is the mount point. Add tests to check error codes when renaming or linking a mount root directory. This previously triggered a kernel warning. The linux/mount.h file is not sorted with other headers to ease backport to Linux 6.1 . Cc: Günther Noack <gnoack(a)google.com> Cc: Paul Moore <paul(a)paul-moore.com> Cc: stable(a)vger.kernel.org Reported-by: syzbot+bf4903dc7e12b18ebc87(a)syzkaller.appspotmail.com Fixes: b91c3e4ea756 ("landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER") Closes: https://lore.kernel.org/r/000000000000553d3f0618198200@google.com Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20240516181935.1645983-2-mic@digikod.net --- security/landlock/fs.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 22d8b7c28074..7877a64cc6b8 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1110,6 +1110,7 @@ static int current_check_refer_path(struct dentry *const old_dentry, bool allow_parent1, allow_parent2; access_mask_t access_request_parent1, access_request_parent2; struct path mnt_dir; + struct dentry *old_parent; layer_mask_t layer_masks_parent1[LANDLOCK_NUM_ACCESS_FS] = {}, layer_masks_parent2[LANDLOCK_NUM_ACCESS_FS] = {}; @@ -1157,9 +1158,17 @@ static int current_check_refer_path(struct dentry *const old_dentry, mnt_dir.mnt = new_dir->mnt; mnt_dir.dentry = new_dir->mnt->mnt_root; + /* + * old_dentry may be the root of the common mount point and + * !IS_ROOT(old_dentry) at the same time (e.g. with open_tree() and + * OPEN_TREE_CLONE). We do not need to call dget(old_parent) because + * we keep a reference to old_dentry. + */ + old_parent = (old_dentry == mnt_dir.dentry) ? old_dentry : + old_dentry->d_parent; + /* new_dir->dentry is equal to new_dentry->d_parent */ - allow_parent1 = collect_domain_accesses(dom, mnt_dir.dentry, - old_dentry->d_parent, + allow_parent1 = collect_domain_accesses(dom, mnt_dir.dentry, old_parent, &layer_masks_parent1); allow_parent2 = collect_domain_accesses( dom, mnt_dir.dentry, new_dir->dentry, &layer_masks_parent2); -- 2.45.0

11 months, 3 weeks

1
0
0 0

Regression in 6.1.81: Missing memory in pmem device

by Chaney, Ben

Hello, I encountered an issue when upgrading to 6.1.89 from 6.1.77. This upgrade caused a breakage in emulated persistent memory. Significant amounts of memory are missing from a pmem device: fdisk -l /dev/pmem* Disk /dev/pmem0: 355.9 GiB, 382117871616 bytes, 746323968 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk /dev/pmem1: 25.38 GiB, 27246198784 bytes, 53215232 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes The memmap parameter that created these pmem devices is “memmap=364416M!28672M,367488M!419840M”, which should cause a much larger amount of memory to be allocated to /dev/pmem1. The amount of missing memory and the device it is missing from is randomized on each reboot. There is some amount of memory missing in almost all cases, but not 100% of the time. Notably, the memory that is missing from these devices is not reclaimed by the system for general use. This system in question has 768GB of memory split evenly across two NUMA nodes. When the error occurs, there are also the following error messages showing up in dmesg: [ 5.318317] nd_pmem namespace1.0: [mem 0x5c2042c000-0x5ff7ffffff flags 0x200] misaligned, unable to map [ 5.335073] nd_pmem: probe of namespace1.0 failed with error -95 Bisection implicates 2dfaeac3f38e4e550d215204eedd97a061fdc118 as the patch that first caused the issue. I believe the cause of the issue is that the EFI stub is randomizing the location of the decompressed kernel without accounting for the memory map, and it is clobbering some of the memory that has been reserved for pmem. Thank you, Ben Chaney

11 months, 3 weeks

3
4
0 0

[PATCH] net: mana: Fix the extra HZ in mana_hwc_send_request

by Souradeep Chakrabarti

Commit 62c1bff593b7 added an extra HZ along with msecs_to_jiffies. This patch fixes that. Cc: stable(a)vger.kernel.org Fixes: 62c1bff593b7 ("net: mana: Configure hwc timeout from hardware") Signed-off-by: Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> --- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/microsoft/mana/hw_channel.c b/drivers/net/ethernet/microsoft/mana/hw_channel.c index 2729a2c5acf9..ca814fe8a775 100644 --- a/drivers/net/ethernet/microsoft/mana/hw_channel.c +++ b/drivers/net/ethernet/microsoft/mana/hw_channel.c @@ -848,7 +848,7 @@ int mana_hwc_send_request(struct hw_channel_context *hwc, u32 req_len, } if (!wait_for_completion_timeout(&ctx->comp_event, - (msecs_to_jiffies(hwc->hwc_timeout) * HZ))) { + (msecs_to_jiffies(hwc->hwc_timeout)))) { dev_err(hwc->dev, "HWC: Request timed out!\n"); err = -ETIMEDOUT; goto out; -- 2.34.1

11 months, 3 weeks

4
3
0 0

[PATCH 4.19 00/63] 4.19.314-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.314 release. There are 63 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.314-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.314-rc1 Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Colin Ian King <colin.king(a)canonical.com> tcp: remove redundant check on tskb Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-tdm-interface: Fix formatters in trigger" Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Add number of MACs in the ATU Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Jakub Kicinski <kuba(a)kernel.org> ethernet: add a helper for assigning port addresses Li RongQing <lirongqing(a)baidu.com> net: slightly optimize eth_type_trans Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Eric Huang <JinhuiEric.Huang(a)amd.com> drm/amdkfd: change system memory overcommit limit Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: Makefile | 4 +- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- drivers/ata/sata_gemini.c | 5 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 100 +++++++++++++---------- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 29 ++++++- drivers/net/dsa/mv88e6xxx/chip.h | 6 ++ drivers/net/ethernet/broadcom/genet/bcmgenet.c | 16 +++- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 ++- drivers/power/supply/rt9455_charger.c | 2 + drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 +-- drivers/target/target_core_configfs.c | 12 +++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/transaction.c | 2 +- fs/gfs2/bmap.c | 5 +- include/linux/etherdevice.h | 46 +++++++++++ include/net/af_unix.h | 5 +- lib/dynamic_debug.c | 6 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/core/net_namespace.c | 13 ++- net/core/rtnetlink.c | 2 +- net/core/sock.c | 4 +- net/ethernet/eth.c | 10 +-- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 11 ++- net/ipv6/fib6_rules.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/nsh/nsh.c | 14 ++-- net/phonet/pn_netlink.c | 2 +- net/tipc/msg.c | 8 +- net/unix/af_unix.c | 4 +- net/unix/garbage.c | 35 +++++--- net/unix/scm.c | 8 +- net/wireless/nl80211.c | 2 + sound/usb/line6/driver.c | 6 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 7 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++++++++--------- 58 files changed, 370 insertions(+), 191 deletions(-)

11 months, 3 weeks

6
70
0 0

[PATCH 6.6 000/309] 6.6.31-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.31 release. There are 309 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 17 May 2024 08:23:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.31-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.31-rc2 Li Nan <linan122(a)huawei.com> md: fix kmemleak of rdev->serial Pei Xiao <xiaopei01(a)kylinos.cn> Revert "selftests/bpf: Add netkit to tc_redirect selftest" Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Qu Wenruo <wqu(a)suse.com> btrfs: do not wait for short bulk allocation Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not differentiate the toplevel events directory Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Richard Gobert <richardbgobert(a)gmail.com> net: gro: parse ipv6 ext headers without frag0 invalidation Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce generic names for IPC types Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Christian Marangi <ansuelsmth(a)gmail.com> mtd: limit OTP NVMEM cell parse to non-NAND devices Rafał Miłecki <rafal(a)milecki.pl> nvmem: add explicit config option to read old syntax fixed OF cells Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +- Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++ drivers/bluetooth/btqca.c | 208 ++++++++++++- drivers/bluetooth/btqca.h | 8 +- drivers/bluetooth/hci_qca.c | 13 +- drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/clk/sunxi-ng/ccu_common.c | 19 ++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/dma/idxd/cdev.c | 77 +++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 181 +++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++-- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 + .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +- drivers/hv/connection.c | 29 +- drivers/hwmon/corsair-cpro.c | 43 ++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-spi.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/md/md.c | 1 + drivers/misc/eeprom/at24.c | 47 ++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mtd/mtdcore.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 20 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/nvmem/apple-efuses.c | 1 + drivers/nvmem/core.c | 8 +- drivers/nvmem/imx-ocotp-scu.c | 1 + drivers/nvmem/imx-ocotp.c | 1 + drivers/nvmem/meson-efuse.c | 1 + drivers/nvmem/meson-mx-efuse.c | 1 + drivers/nvmem/microchip-otpc.c | 1 + drivers/nvmem/mtk-efuse.c | 1 + drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/nvmem/qfprom.c | 1 + drivers/nvmem/rave-sp-eeprom.c | 1 + drivers/nvmem/rockchip-efuse.c | 1 + drivers/nvmem/sc27xx-efuse.c | 1 + drivers/nvmem/sec-qfprom.c | 1 + drivers/nvmem/sprd-efuse.c | 1 + drivers/nvmem/stm32-romem.c | 1 + drivers/nvmem/sunplus-ocotp.c | 1 + drivers/nvmem/sunxi_sid.c | 1 + drivers/nvmem/uniphier-efuse.c | 1 + drivers/nvmem/zynqmp_nvmem.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 ++--- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/regulator/tps65132-regulator.c | 7 + drivers/rtc/nvmem.c | 1 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 +-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 229 +++++++------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++--- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + drivers/w1/slaves/w1_ds250x.c | 1 + fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/extent_io.c | 14 +- fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 ++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 + fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 74 ++--- fs/tracefs/inode.c | 92 +++++- fs/tracefs/internal.h | 14 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/nvmem-provider.h | 2 + include/linux/pci_ids.h | 2 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 + include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/sound/sof.h | 7 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/hugetlb.c | 4 +- mm/readahead.c | 4 + net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 ++- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 +- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 52 +++- net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++- net/mptcp/protocol.c | 3 + net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++-- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 +++++++----- scripts/Makefile.modfinal | 2 +- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++---- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/sof/intel/hda-dsp.c | 20 +- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 45 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../testing/selftests/bpf/prog_tests/tc_redirect.c | 52 ---- .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 333 ++++++++++----------- tools/testing/selftests/timers/valid-adjtimex.c | 73 +++-- 350 files changed, 3162 insertions(+), 1871 deletions(-)

11 months, 3 weeks

8
7
0 0

[PATCH] fs/ntfs3: Break dir enumeration if directory contents error

by Konstantin Komarov

Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Cc: stable(a)vger.kernel.org --- fs/ntfs3/dir.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ntfs3/dir.c b/fs/ntfs3/dir.c index 5cf3d9decf64..45e556fd7c54 100644 --- a/fs/ntfs3/dir.c +++ b/fs/ntfs3/dir.c @@ -475,6 +475,7 @@ static int ntfs_readdir(struct file *file, struct dir_context *ctx) vbo = (u64)bit << index_bits; if (vbo >= i_size) { ntfs_inode_err(dir, "Looks like your dir is corrupt"); + ctx->pos = eod; err = -EINVAL; goto out; } -- 2.34.1

11 months, 3 weeks

1
1
0 0

FAILED: patch "[PATCH] eventfs: Do not differentiate the toplevel events directory" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x d53891d348ac3eceaf48f4732a1f4f5c0e0a55ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051624-efficient-jingle-fc71@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: d53891d348ac ("eventfs: Do not differentiate the toplevel events directory") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d53891d348ac3eceaf48f4732a1f4f5c0e0a55ce Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:25 -0400 Subject: [PATCH] eventfs: Do not differentiate the toplevel events directory The toplevel events directory is really no different than the events directory of instances. Having the two be different caused inconsistencies and made it harder to fix the permissions bugs. Make all events directories act the same. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.846448710@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 15a2a9c3c62b..9dacf65c0b6e 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -68,7 +68,6 @@ enum { EVENTFS_SAVE_MODE = BIT(16), EVENTFS_SAVE_UID = BIT(17), EVENTFS_SAVE_GID = BIT(18), - EVENTFS_TOPLEVEL = BIT(19), }; #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) @@ -239,14 +238,10 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, return ret; } -static void update_top_events_attr(struct eventfs_inode *ei, struct super_block *sb) +static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { struct inode *root; - /* Only update if the "events" was on the top level */ - if (!ei || !(ei->attr.mode & EVENTFS_TOPLEVEL)) - return; - /* Get the tracefs root inode. */ root = d_inode(sb->s_root); ei->attr.uid = root->i_uid; @@ -259,10 +254,10 @@ static void set_top_events_ownership(struct inode *inode) struct eventfs_inode *ei = ti->private; /* The top events directory doesn't get automatically updated */ - if (!ei || !ei->is_events || !(ei->attr.mode & EVENTFS_TOPLEVEL)) + if (!ei || !ei->is_events) return; - update_top_events_attr(ei, inode->i_sb); + update_events_attr(ei, inode->i_sb); if (!(ei->attr.mode & EVENTFS_SAVE_UID)) inode->i_uid = ei->attr.uid; @@ -291,7 +286,7 @@ static int eventfs_permission(struct mnt_idmap *idmap, return generic_permission(idmap, inode, mask); } -static const struct inode_operations eventfs_root_dir_inode_operations = { +static const struct inode_operations eventfs_dir_inode_operations = { .lookup = eventfs_root_lookup, .setattr = eventfs_set_attr, .getattr = eventfs_get_attr, @@ -359,7 +354,7 @@ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) // Walk upwards until you find the events inode } while (!ei->is_events); - update_top_events_attr(ei, dentry->d_sb); + update_events_attr(ei, dentry->d_sb); return ei; } @@ -465,7 +460,7 @@ static struct dentry *lookup_dir_entry(struct dentry *dentry, update_inode_attr(dentry, inode, &ei->attr, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; /* All directories will have the same inode number */ @@ -845,14 +840,6 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* - * If the events directory is of the top instance, then parent - * is NULL. Set the attr.mode to reflect this and its permissions will - * default to the tracefs root dentry. - */ - if (!parent) - ei->attr.mode = EVENTFS_TOPLEVEL; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; @@ -861,13 +848,13 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry INIT_LIST_HEAD(&ei->list); ti = get_tracefs(inode); - ti->flags |= TRACEFS_EVENT_INODE | TRACEFS_EVENT_TOP_INODE; + ti->flags |= TRACEFS_EVENT_INODE; ti->private = ei; inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; inode->i_uid = uid; inode->i_gid = gid; - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; dentry->d_fsdata = get_ei(ei); diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 29f0c999975b..f704d8348357 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -4,10 +4,9 @@ enum { TRACEFS_EVENT_INODE = BIT(1), - TRACEFS_EVENT_TOP_INODE = BIT(2), - TRACEFS_GID_PERM_SET = BIT(3), - TRACEFS_UID_PERM_SET = BIT(4), - TRACEFS_INSTANCE_INODE = BIT(5), + TRACEFS_GID_PERM_SET = BIT(2), + TRACEFS_UID_PERM_SET = BIT(3), + TRACEFS_INSTANCE_INODE = BIT(4), }; struct tracefs_inode {

11 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] eventfs: Do not differentiate the toplevel events directory" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d53891d348ac3eceaf48f4732a1f4f5c0e0a55ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051627-armoire-sleep-3906@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d53891d348ac ("eventfs: Do not differentiate the toplevel events directory") 99c001cb617d ("tracefs: Avoid using the ei->dentry pointer unnecessarily") 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") ad579864637a ("tracefs: Check for dentry->d_inode exists in set_gid()") 7e8358edf503 ("eventfs: Fix file and directory uid and gid ownership") 0dfc852b6fe3 ("eventfs: Have event files and directories default to parent uid and gid") 28e12c09f5aa ("eventfs: Save ownership and mode") db3a397209b0 ("eventfs: Have a free_ei() that just frees the eventfs_inode") f2f496370afc ("eventfs: Remove "is_freed" union with rcu head") 29e06c10702e ("eventfs: Fix typo in eventfs_inode union comment") 5790b1fb3d67 ("eventfs: Remove eventfs_file and just use eventfs_inode") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d53891d348ac3eceaf48f4732a1f4f5c0e0a55ce Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:25 -0400 Subject: [PATCH] eventfs: Do not differentiate the toplevel events directory The toplevel events directory is really no different than the events directory of instances. Having the two be different caused inconsistencies and made it harder to fix the permissions bugs. Make all events directories act the same. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.846448710@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 15a2a9c3c62b..9dacf65c0b6e 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -68,7 +68,6 @@ enum { EVENTFS_SAVE_MODE = BIT(16), EVENTFS_SAVE_UID = BIT(17), EVENTFS_SAVE_GID = BIT(18), - EVENTFS_TOPLEVEL = BIT(19), }; #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) @@ -239,14 +238,10 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, return ret; } -static void update_top_events_attr(struct eventfs_inode *ei, struct super_block *sb) +static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { struct inode *root; - /* Only update if the "events" was on the top level */ - if (!ei || !(ei->attr.mode & EVENTFS_TOPLEVEL)) - return; - /* Get the tracefs root inode. */ root = d_inode(sb->s_root); ei->attr.uid = root->i_uid; @@ -259,10 +254,10 @@ static void set_top_events_ownership(struct inode *inode) struct eventfs_inode *ei = ti->private; /* The top events directory doesn't get automatically updated */ - if (!ei || !ei->is_events || !(ei->attr.mode & EVENTFS_TOPLEVEL)) + if (!ei || !ei->is_events) return; - update_top_events_attr(ei, inode->i_sb); + update_events_attr(ei, inode->i_sb); if (!(ei->attr.mode & EVENTFS_SAVE_UID)) inode->i_uid = ei->attr.uid; @@ -291,7 +286,7 @@ static int eventfs_permission(struct mnt_idmap *idmap, return generic_permission(idmap, inode, mask); } -static const struct inode_operations eventfs_root_dir_inode_operations = { +static const struct inode_operations eventfs_dir_inode_operations = { .lookup = eventfs_root_lookup, .setattr = eventfs_set_attr, .getattr = eventfs_get_attr, @@ -359,7 +354,7 @@ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) // Walk upwards until you find the events inode } while (!ei->is_events); - update_top_events_attr(ei, dentry->d_sb); + update_events_attr(ei, dentry->d_sb); return ei; } @@ -465,7 +460,7 @@ static struct dentry *lookup_dir_entry(struct dentry *dentry, update_inode_attr(dentry, inode, &ei->attr, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; /* All directories will have the same inode number */ @@ -845,14 +840,6 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* - * If the events directory is of the top instance, then parent - * is NULL. Set the attr.mode to reflect this and its permissions will - * default to the tracefs root dentry. - */ - if (!parent) - ei->attr.mode = EVENTFS_TOPLEVEL; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; @@ -861,13 +848,13 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry INIT_LIST_HEAD(&ei->list); ti = get_tracefs(inode); - ti->flags |= TRACEFS_EVENT_INODE | TRACEFS_EVENT_TOP_INODE; + ti->flags |= TRACEFS_EVENT_INODE; ti->private = ei; inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; inode->i_uid = uid; inode->i_gid = gid; - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; dentry->d_fsdata = get_ei(ei); diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 29f0c999975b..f704d8348357 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -4,10 +4,9 @@ enum { TRACEFS_EVENT_INODE = BIT(1), - TRACEFS_EVENT_TOP_INODE = BIT(2), - TRACEFS_GID_PERM_SET = BIT(3), - TRACEFS_UID_PERM_SET = BIT(4), - TRACEFS_INSTANCE_INODE = BIT(5), + TRACEFS_GID_PERM_SET = BIT(2), + TRACEFS_UID_PERM_SET = BIT(3), + TRACEFS_INSTANCE_INODE = BIT(4), }; struct tracefs_inode {

11 months, 3 weeks

1
0
0 0

Re: Rtnetlink GETADDR request for 1 specific interface only (by ID)

by Greg KH

On Thu, May 16, 2024 at 04:50:34AM -0700, Alexander Sergeev wrote: > Good afternoon! > > Thank you for your advice! Unfortunately, I couldn't find any way or > form for reporting issues in netlink, so I decided to use a bug > reporting guide for kernel in general. Could you please let me know > where could I forward this information? How could I contact netlink > development team? The NETWORKING section of the MAINTAINERS file lists: netdev(a)vger.kernel.org as the proper place to go. greg k-h

11 months, 3 weeks

1
0
0 0

[PATCH] fs/ntfs3: Fix case when index is reused during tree transformation

by Konstantin Komarov

Fixes: 82cae269cfa95 ("fs/ntfs3: Add initialization of super block") Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Cc: stable(a)vger.kernel.org --- fs/ntfs3/index.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c index daabaad63aaf..14284f0ed46a 100644 --- a/fs/ntfs3/index.c +++ b/fs/ntfs3/index.c @@ -1533,6 +1533,11 @@ static int indx_add_allocate(struct ntfs_index *indx, struct ntfs_inode *ni, goto out1; } + if (data_size <= le64_to_cpu(alloc->nres.data_size)) { + /* Reuse index. */ + goto out; + } + /* Increase allocation. */ err = attr_set_size(ni, ATTR_ALLOC, in->name, in->name_len, &indx->alloc_run, data_size, &data_size, true, @@ -1546,6 +1551,7 @@ static int indx_add_allocate(struct ntfs_index *indx, struct ntfs_inode *ni, if (in->name == I30_NAME) i_size_write(&ni->vfs_inode, data_size); +out: *vbn = bit << indx->idx2vbn_bits; return 0; -- 2.34.1

11 months, 3 weeks

2
2
0 0

Rtnetlink GETADDR request for 1 specific interface only (by ID)

by Alexander Sergeev

Good morning! Recently, I have found an issue with `rtnetlink` library that seems to be not intended and/or documented. I have asked about it several times, including here and it was also reported here. Neither in related RFC document nor in rtnetlink manuals the issue is described or mentioned. In a few words, the issue is: for some reason, rtnetlink GETADDR request works only with NLM_F_ROOT or NLM_F_DUMP flags. Consequently, for instance, filtering by ifa_index field, that would *theoretically* according to docs, allow us to receive address info for 1 specific interface only (by ID) , is not possible. For comparison, similar functionality to GETLINK request (getting information about exactly 1 link by index) is indeed very possible. Instead of the expected output (information about 1 interface only), what is returned is an error message with errno -95, which, as I suppose, can be read as "operation not permitted". To this email, I attach a small C file illustrating my issue. Feel free to change IFACE_ID define for ID of any network interface present in your system. It illustrates the error. Please, let me know what you think about this issue. Am I missing something or does it really needs fixing or at least documenting? Best regards, Aleksandr Sergeev. P.S. I have been told that this issue probably won't be addressed, because it "can easily be fixed in user space", however I believe in Linux kernel maintainers team dedication for clear, well-documented and bug-free code; so if this issue is not hard to fix, I would suggest addressing it at least in docs. If it can be useful, I would be more than grateful to provide my help with it.

11 months, 3 weeks

2
1
0 0

[PATCH 6.1 000/243] 6.1.91-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.91 release. There are 243 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 17 May 2024 08:23:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.91-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.91-rc2 Li Nan <linan122(a)huawei.com> md: fix kmemleak of rdev->serial Oscar Salvador <osalvador(a)suse.de> mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Qu Wenruo <wqu(a)suse.com> btrfs: do not wait for short bulk allocation Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Andrea Righi <andrea.righi(a)canonical.com> btf, scripts: rust: drop is_rust_module.sh Andrea Righi <andrea.righi(a)canonical.com> rust: fix regexp in scripts/is_rust_module.sh Asahi Lina <lina(a)asahilina.net> rust: error: Rename to_kernel_errno() -> to_errno() Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Leah Rumancik <leah.rumancik(a)gmail.com> MAINTAINERS: add leah to 6.1 MAINTAINERS file Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: cdev: Add missing header(s) Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer() to timer_delete() Thomas Gleixner <tglx(a)linutronix.de> timers: Get rid of del_singleshot_timer_sync() Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Namhyung Kim <namhyung(a)kernel.org> perf unwind-libdw: Handle JIT-generated DSOs properly Namhyung Kim <namhyung(a)kernel.org> perf unwind-libunwind: Fix base address for .eh_frame Geert Uytterhoeven <geert+renesas(a)glider.be> spi: Merge spi_controller.{slave,target}_abort() Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust: avoid creating temporary files Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Move PLPKS constants to header file Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: replace kmalloc with kzalloc in PLPKS driver Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Yang Yingliang <yangyingliang(a)huawei.com> spi: spi-axi-spi-engine: switch to use modern name Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: axi-spi-engine: Convert to platform remove callback returning void Yang Yingliang <yangyingliang(a)huawei.com> spi: introduce new helpers with using modern naming Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Make use of struct pinfunction and PINCTRL_PINFUNCTION() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Steve French <stfrench(a)microsoft.com> smb3: missing lock when picking channel Shyam Prasad N <sprasad(a)microsoft.com> cifs: use the least loaded channel for sending requests Masahiro Yamada <masahiroy(a)kernel.org> kbuild: specify output names separately for each emission type from rustc Masahiro Yamada <masahiroy(a)kernel.org> kbuild: refactor host*_flags Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix missing hugetlb_lock for resv uncharge Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: convert free_huge_page to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio_hstate() Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add hugetlb_folio_subpool() helpers Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm: add private field of first tail to struct page and struct folio Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio support to hugetlb specific flag macros Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- MAINTAINERS | 1 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +-- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 62 ++--- arch/powerpc/platforms/pseries/plpks.h | 35 ++- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/bluetooth/btqca.c | 162 +++++++++++- drivers/bluetooth/btqca.h | 6 +- drivers/bluetooth/hci_qca.c | 11 + drivers/char/tpm/tpm-dev-common.c | 4 +- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/dma/idxd/cdev.c | 77 ++++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 183 ++++++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 52 ++-- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 +++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 ++- drivers/hwmon/corsair-cpro.c | 43 +++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/md/md.c | 1 + drivers/misc/eeprom/at24.c | 46 +++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 19 +- drivers/nvme/host/core.c | 2 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++--- drivers/pinctrl/intel/pinctrl-intel.c | 6 +- drivers/pinctrl/intel/pinctrl-intel.h | 17 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 ++- drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 +++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 14 +- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 275 +++++++++++---------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 12 + drivers/staging/wlan-ng/hfa384x_usb.c | 4 +- drivers/staging/wlan-ng/prism2usb.c | 6 +- drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufshcd.c | 5 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++---- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/tcpm/tcpm.c | 35 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/extent_io.c | 19 +- fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/hugetlbfs/inode.c | 8 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/transport.c | 37 ++- fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hugetlb.h | 53 +++- include/linux/hugetlb_cgroup.h | 69 +++--- include/linux/hyperv.h | 1 + include/linux/mm_types.h | 14 ++ include/linux/pci_ids.h | 2 + include/linux/pinctrl/pinctrl.h | 20 ++ include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/spi/spi.h | 51 +++- include/linux/sunrpc/clnt.h | 1 + include/linux/swapops.h | 105 ++++---- include/linux/timer.h | 15 +- include/net/xfrm.h | 3 + include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/time/timer.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- mm/hugetlb.c | 55 +++-- mm/hugetlb_cgroup.c | 34 +-- mm/migrate.c | 2 +- mm/readahead.c | 4 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++- net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_output.c | 2 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mptcp/protocol.c | 3 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprt.c | 2 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/Makefile | 11 +- rust/kernel/error.rs | 2 +- rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 ++++++++------ scripts/Makefile.build | 17 +- scripts/Makefile.host | 27 +- scripts/Makefile.modfinal | 4 +- scripts/is_rust_module.sh | 16 -- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 +++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 +-- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/perf/util/unwind-libdw.c | 21 +- tools/perf/util/unwind-libunwind-local.c | 2 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 30 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + tools/testing/selftests/timers/valid-adjtimex.c | 73 +++--- 247 files changed, 2501 insertions(+), 1396 deletions(-)

11 months, 3 weeks

9
17
0 0

[PATCH net v2] net: lan966x: remove debugfs directory in probe() error path

by Herve Codina

A debugfs directory entry is create early during probe(). This entry is not removed on error path leading to some "already present" issues in case of EPROBE_DEFER. Create this entry later in the probe() code to avoid the need to change many 'return' in 'goto' and add the removal in the already present error path. Fixes: 942814840127 ("net: lan966x: Add VCAP debugFS support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> --- drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/microchip/lan966x/lan966x_main.c b/drivers/net/ethernet/microchip/lan966x/lan966x_main.c index 2635ef8958c8..61d88207eed4 100644 --- a/drivers/net/ethernet/microchip/lan966x/lan966x_main.c +++ b/drivers/net/ethernet/microchip/lan966x/lan966x_main.c @@ -1087,8 +1087,6 @@ static int lan966x_probe(struct platform_device *pdev) platform_set_drvdata(pdev, lan966x); lan966x->dev = &pdev->dev; - lan966x->debugfs_root = debugfs_create_dir("lan966x", NULL); - if (!device_get_mac_address(&pdev->dev, mac_addr)) { ether_addr_copy(lan966x->base_mac, mac_addr); } else { @@ -1179,6 +1177,8 @@ static int lan966x_probe(struct platform_device *pdev) return dev_err_probe(&pdev->dev, -ENODEV, "no ethernet-ports child found\n"); + lan966x->debugfs_root = debugfs_create_dir("lan966x", NULL); + /* init switch */ lan966x_init(lan966x); lan966x_stats_init(lan966x); @@ -1257,6 +1257,8 @@ static int lan966x_probe(struct platform_device *pdev) destroy_workqueue(lan966x->stats_queue); mutex_destroy(&lan966x->stats_lock); + debugfs_remove_recursive(lan966x->debugfs_root); + return err; } -- This patch was previously sent as part of a bigger series: https://lore.kernel.org/lkml/20240430083730.134918-9-herve.codina@bootlin.c… As it is a simple fix, this v2 is the patch extracted from the series and sent alone to net. Changes v1 -> v2 Add 'Reviewed-by: Andrew Lunn <andrew(a)lunn.ch>' 2.44.0

11 months, 3 weeks

3
2
0 0

[PATCH 2/2] mtd: rawnand: Bypass a couple of sanity checks during NAND identification

by Miquel Raynal

Early during NAND identification, mtd_info fields have not yet been initialized (namely, writesize and oobsize) and thus cannot be used for sanity checks yet. Of course if there is a misuse of nand_change_read_column_op() so early we won't be warned, but there is anyway no actual check to perform at this stage as we do not yet know the NAND geometry. So, if the fields are empty, especially mtd->writesize which is *always* set quite rapidly after identification, let's skip the sanity checks. nand_change_read_column_op() is subject to be used early for ONFI/JEDEC identification in the very unlikely case of: - bitflips appearing in the parameter page, - the controller driver not supporting simple DATA_IN cycles. Fixes: c27842e7e11f ("mtd: rawnand: onfi: Adapt the parameter page read to constraint controllers") Fixes: daca31765e8b ("mtd: rawnand: jedec: Adapt the parameter page read to constraint controllers") Cc: stable(a)vger.kernel.org Reported-by: Alexander Dahl <ada(a)thorsis.com> Closes: https://lore.kernel.org/linux-mtd/20240306-shaky-bunion-d28b65ea97d7@thorsi… Reported-by: Steven Seeger <steven.seeger(a)flightsystems.net> Closes: https://lore.kernel.org/linux-mtd/DM6PR05MB4506554457CF95191A670BDEF7062@DM… Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/raw/nand_base.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index 248e654ecefd..a66e73cd68cb 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -1440,12 +1440,14 @@ int nand_change_read_column_op(struct nand_chip *chip, if (len && !buf) return -EINVAL; - if (offset_in_page + len > mtd->writesize + mtd->oobsize) - return -EINVAL; + if (mtd->writesize) { + if ((offset_in_page + len > mtd->writesize + mtd->oobsize)) + return -EINVAL; - /* Small page NANDs do not support column change. */ - if (mtd->writesize <= 512) - return -ENOTSUPP; + /* Small page NANDs do not support column change. */ + if (mtd->writesize <= 512) + return -ENOTSUPP; + } if (nand_has_exec_op(chip)) { const struct nand_interface_config *conf = -- 2.40.1

11 months, 3 weeks

4
5
0 0

[git:media_tree/master] Revert "media: v4l2-ctrls: show all owned controls in log_status"

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: Revert "media: v4l2-ctrls: show all owned controls in log_status" Author: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Date: Fri May 10 09:11:46 2024 +0200 This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. This patch introduced a potential deadlock scenario: [Wed May 8 10:02:06 2024] Possible unsafe locking scenario: [Wed May 8 10:02:06 2024] CPU0 CPU1 [Wed May 8 10:02:06 2024] ---- ---- [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); For now just revert. Fixes: 9801b5b28c69 ("media: v4l2-ctrls: show all owned controls in log_status") Cc: stable(a)vger.kernel.org Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drivers/media/v4l2-core/v4l2-ctrls-core.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) --- diff --git a/drivers/media/v4l2-core/v4l2-ctrls-core.c b/drivers/media/v4l2-core/v4l2-ctrls-core.c index c59dd691f79f..eeab6a5eb7ba 100644 --- a/drivers/media/v4l2-core/v4l2-ctrls-core.c +++ b/drivers/media/v4l2-core/v4l2-ctrls-core.c @@ -2507,8 +2507,7 @@ int v4l2_ctrl_handler_setup(struct v4l2_ctrl_handler *hdl) EXPORT_SYMBOL(v4l2_ctrl_handler_setup); /* Log the control name and value */ -static void log_ctrl(const struct v4l2_ctrl_handler *hdl, - struct v4l2_ctrl *ctrl, +static void log_ctrl(const struct v4l2_ctrl *ctrl, const char *prefix, const char *colon) { if (ctrl->flags & (V4L2_CTRL_FLAG_DISABLED | V4L2_CTRL_FLAG_WRITE_ONLY)) @@ -2518,11 +2517,7 @@ static void log_ctrl(const struct v4l2_ctrl_handler *hdl, pr_info("%s%s%s: ", prefix, colon, ctrl->name); - if (ctrl->handler != hdl) - v4l2_ctrl_lock(ctrl); ctrl->type_ops->log(ctrl); - if (ctrl->handler != hdl) - v4l2_ctrl_unlock(ctrl); if (ctrl->flags & (V4L2_CTRL_FLAG_INACTIVE | V4L2_CTRL_FLAG_GRABBED | @@ -2541,7 +2536,7 @@ static void log_ctrl(const struct v4l2_ctrl_handler *hdl, void v4l2_ctrl_handler_log_status(struct v4l2_ctrl_handler *hdl, const char *prefix) { - struct v4l2_ctrl_ref *ref; + struct v4l2_ctrl *ctrl; const char *colon = ""; int len; @@ -2553,12 +2548,9 @@ void v4l2_ctrl_handler_log_status(struct v4l2_ctrl_handler *hdl, if (len && prefix[len - 1] != ' ') colon = ": "; mutex_lock(hdl->lock); - list_for_each_entry(ref, &hdl->ctrl_refs, node) { - if (ref->from_other_dev || - (ref->ctrl->flags & V4L2_CTRL_FLAG_DISABLED)) - continue; - log_ctrl(hdl, ref->ctrl, prefix, colon); - } + list_for_each_entry(ctrl, &hdl->ctrls, node) + if (!(ctrl->flags & V4L2_CTRL_FLAG_DISABLED)) + log_ctrl(ctrl, prefix, colon); mutex_unlock(hdl->lock); } EXPORT_SYMBOL(v4l2_ctrl_handler_log_status);

11 months, 3 weeks

1
0
0 0

[git:media_tree/master] media: mxl5xx: Move xpt structures off stack

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: mxl5xx: Move xpt structures off stack Author: Nathan Chancellor <nathan(a)kernel.org> Date: Fri Jan 12 00:40:36 2024 +0000 When building for LoongArch with clang 18.0.0, the stack usage of probe() is larger than the allowed 2048 bytes: drivers/media/dvb-frontends/mxl5xx.c:1698:12: warning: stack frame size (2368) exceeds limit (2048) in 'probe' [-Wframe-larger-than] 1698 | static int probe(struct mxl *state, struct mxl5xx_cfg *cfg) | ^ 1 warning generated. This is the result of the linked LLVM commit, which changes how the arrays of structures in config_ts() get handled with CONFIG_INIT_STACK_ZERO and CONFIG_INIT_STACK_PATTERN, which causes the above warning in combination with inlining, as config_ts() gets inlined into probe(). This warning can be easily fixed by moving the array of structures off of the stackvia 'static const', which is a better location for these variables anyways because they are static data that is only ever read from, never modified, so allocating the stack space is wasteful. This drops the stack usage from 2368 bytes to 256 bytes with the same compiler and configuration. Link: https://lore.kernel.org/linux-media/20240111-dvb-mxl5xx-move-structs-off-st… Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/1977 Link: https://github.com/llvm/llvm-project/commit/afe8b93ffdfef5d8879e1894b9d7dda… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Miguel Ojeda <ojeda(a)kernel.org> Tested-by: Miguel Ojeda <ojeda(a)kernel.org> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> drivers/media/dvb-frontends/mxl5xx.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) --- diff --git a/drivers/media/dvb-frontends/mxl5xx.c b/drivers/media/dvb-frontends/mxl5xx.c index 4ebbcf05cc09..91e9c378397c 100644 --- a/drivers/media/dvb-frontends/mxl5xx.c +++ b/drivers/media/dvb-frontends/mxl5xx.c @@ -1381,57 +1381,57 @@ static int config_ts(struct mxl *state, enum MXL_HYDRA_DEMOD_ID_E demod_id, u32 nco_count_min = 0; u32 clk_type = 0; - struct MXL_REG_FIELD_T xpt_sync_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_sync_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 8, 1}, {0x90700010, 9, 1}, {0x90700010, 10, 1}, {0x90700010, 11, 1}, {0x90700010, 12, 1}, {0x90700010, 13, 1}, {0x90700010, 14, 1}, {0x90700010, 15, 1} }; - struct MXL_REG_FIELD_T xpt_clock_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_clock_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 16, 1}, {0x90700010, 17, 1}, {0x90700010, 18, 1}, {0x90700010, 19, 1}, {0x90700010, 20, 1}, {0x90700010, 21, 1}, {0x90700010, 22, 1}, {0x90700010, 23, 1} }; - struct MXL_REG_FIELD_T xpt_valid_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_valid_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700014, 0, 1}, {0x90700014, 1, 1}, {0x90700014, 2, 1}, {0x90700014, 3, 1}, {0x90700014, 4, 1}, {0x90700014, 5, 1}, {0x90700014, 6, 1}, {0x90700014, 7, 1} }; - struct MXL_REG_FIELD_T xpt_ts_clock_phase[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_ts_clock_phase[MXL_HYDRA_DEMOD_MAX] = { {0x90700018, 0, 3}, {0x90700018, 4, 3}, {0x90700018, 8, 3}, {0x90700018, 12, 3}, {0x90700018, 16, 3}, {0x90700018, 20, 3}, {0x90700018, 24, 3}, {0x90700018, 28, 3} }; - struct MXL_REG_FIELD_T xpt_lsb_first[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_lsb_first[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 16, 1}, {0x9070000C, 17, 1}, {0x9070000C, 18, 1}, {0x9070000C, 19, 1}, {0x9070000C, 20, 1}, {0x9070000C, 21, 1}, {0x9070000C, 22, 1}, {0x9070000C, 23, 1} }; - struct MXL_REG_FIELD_T xpt_sync_byte[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_sync_byte[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 0, 1}, {0x90700010, 1, 1}, {0x90700010, 2, 1}, {0x90700010, 3, 1}, {0x90700010, 4, 1}, {0x90700010, 5, 1}, {0x90700010, 6, 1}, {0x90700010, 7, 1} }; - struct MXL_REG_FIELD_T xpt_enable_output[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_enable_output[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 0, 1}, {0x9070000C, 1, 1}, {0x9070000C, 2, 1}, {0x9070000C, 3, 1}, {0x9070000C, 4, 1}, {0x9070000C, 5, 1}, {0x9070000C, 6, 1}, {0x9070000C, 7, 1} }; - struct MXL_REG_FIELD_T xpt_err_replace_sync[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_err_replace_sync[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 24, 1}, {0x9070000C, 25, 1}, {0x9070000C, 26, 1}, {0x9070000C, 27, 1}, {0x9070000C, 28, 1}, {0x9070000C, 29, 1}, {0x9070000C, 30, 1}, {0x9070000C, 31, 1} }; - struct MXL_REG_FIELD_T xpt_err_replace_valid[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_err_replace_valid[MXL_HYDRA_DEMOD_MAX] = { {0x90700014, 8, 1}, {0x90700014, 9, 1}, {0x90700014, 10, 1}, {0x90700014, 11, 1}, {0x90700014, 12, 1}, {0x90700014, 13, 1}, {0x90700014, 14, 1}, {0x90700014, 15, 1} }; - struct MXL_REG_FIELD_T xpt_continuous_clock[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_continuous_clock[MXL_HYDRA_DEMOD_MAX] = { {0x907001D4, 0, 1}, {0x907001D4, 1, 1}, {0x907001D4, 2, 1}, {0x907001D4, 3, 1}, {0x907001D4, 4, 1}, {0x907001D4, 5, 1}, {0x907001D4, 6, 1}, {0x907001D4, 7, 1} }; - struct MXL_REG_FIELD_T xpt_nco_clock_rate[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_nco_clock_rate[MXL_HYDRA_DEMOD_MAX] = { {0x90700044, 16, 80}, {0x90700044, 16, 81}, {0x90700044, 16, 82}, {0x90700044, 16, 83}, {0x90700044, 16, 84}, {0x90700044, 16, 85},

11 months, 3 weeks

1
0
0 0

[PATCH v2 1/2] x86/sgx: Resolve EAUG race where losing thread returns SIGBUS

by Dmitrii Kuvaiskii

Two enclave threads may try to access the same non-present enclave page simultaneously (e.g., if the SGX runtime supports lazy allocation). The threads will end up in sgx_encl_eaug_page(), racing to acquire the enclave lock. The winning thread will perform EAUG, set up the page table entry, and insert the page into encl->page_array. The losing thread will then get -EBUSY on xa_insert(&encl->page_array) and proceed to error handling path. This race condition can be illustrated as follows: /* /* * Fault on CPU1 * Fault on CPU2 * on enclave page X * on enclave page X */ */ sgx_vma_fault() { sgx_vma_fault() { xa_load(&encl->page_array) xa_load(&encl->page_array) == NULL --> == NULL --> sgx_encl_eaug_page() { sgx_encl_eaug_page() { ... ... /* /* * alloc encl_page * alloc encl_page */ */ mutex_lock(&encl->lock); /* * alloc EPC page */ epc_page = sgx_alloc_epc_page(...); /* * add page to enclave's xarray */ xa_insert(&encl->page_array, ...); /* * add page to enclave via EAUG * (page is in pending state) */ /* * add PTE entry */ vmf_insert_pfn(...); mutex_unlock(&encl->lock); return VM_FAULT_NOPAGE; } } /* * All good up to here: enclave page * successfully added to enclave, * ready for EACCEPT from user space */ mutex_lock(&encl->lock); /* * alloc EPC page */ epc_page = sgx_alloc_epc_page(...); /* * add page to enclave's xarray, * this fails with -EBUSY as this * page was already added by CPU2 */ xa_insert(&encl->page_array, ...); err_out_shrink: sgx_encl_free_epc_page(epc_page) { /* * remove page via EREMOVE * * *BUG*: page added by CPU2 is * yanked from enclave while it * remains accessible from OS * perspective (PTE installed) */ /* * free EPC page */ sgx_free_epc_page(epc_page); } mutex_unlock(&encl->lock); /* * *BUG*: SIGBUS is returned * for a valid enclave page */ return VM_FAULT_SIGBUS; } } The err_out_shrink error handling path contains two bugs: (1) function sgx_encl_free_epc_page() is called that performs EREMOVE even though the enclave page was never intended to be removed, and (2) SIGBUS is sent to userspace even though the enclave page is correctly installed by another thread. The first bug renders the enclave page perpetually inaccessible (until another SGX_IOC_ENCLAVE_REMOVE_PAGES ioctl). This is because the page is marked accessible in the PTE entry but is not EAUGed, and any subsequent access to this page raises a fault: with the kernel believing there to be a valid VMA, the unlikely error code X86_PF_SGX encountered by code path do_user_addr_fault() -> access_error() causes the SGX driver's sgx_vma_fault() to be skipped and user space receives a SIGSEGV instead. The userspace SIGSEGV handler cannot perform EACCEPT because the page was not EAUGed. Thus, the user space is stuck with the inaccessible page. The second bug is less severe: a spurious SIGBUS signal is unnecessarily sent to user space. Fix these two bugs (1) by returning VM_FAULT_NOPAGE to the generic Linux fault handler so that no signal is sent to userspace, and (2) by replacing sgx_encl_free_epc_page() with sgx_free_epc_page() so that no EREMOVE is performed. Note that sgx_encl_free_epc_page() performs an additional WARN_ON_ONCE check in comparison to sgx_free_epc_page(): whether the EPC page is being reclaimer tracked. However, the EPC page is allocated in sgx_encl_eaug_page() and has zeroed-out flags in all error handling paths. In other words, the page is marked as reclaimable only in the happy path of sgx_encl_eaug_page(). Therefore, in the particular code path affected in this commit, the "page reclaimer tracked" condition is always false and the warning is never printed. Thus, it is safe to replace sgx_encl_free_epc_page() with sgx_free_epc_page(). Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") Cc: stable(a)vger.kernel.org Reported-by: Marcelina Kościelnicka <mwk(a)invisiblethingslab.com> Suggested-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..41f14b1a3025 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -382,8 +382,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, * If ret == -EBUSY then page was created in another flow while * running without encl->lock */ - if (ret) + if (ret) { + if (ret == -EBUSY) + vmret = VM_FAULT_NOPAGE; goto err_out_shrink; + } pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page); pginfo.addr = encl_page->desc & PAGE_MASK; @@ -419,7 +422,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, err_out_shrink: sgx_encl_shrink(encl, va_page); err_out_epc: - sgx_encl_free_epc_page(epc_page); + sgx_free_epc_page(epc_page); err_out_unlock: mutex_unlock(&encl->lock); kfree(encl_page); -- 2.34.1

11 months, 3 weeks

5
7
0 0

[PATCH v2 2/2] x86/sgx: Resolve EREMOVE page vs EAUG page data race

by Dmitrii Kuvaiskii

Two enclave threads may try to add and remove the same enclave page simultaneously (e.g., if the SGX runtime supports both lazy allocation and MADV_DONTNEED semantics). Consider some enclave page added to the enclave. User space decides to temporarily remove this page (e.g., emulating the MADV_DONTNEED semantics) on CPU1. At the same time, user space performs a memory access on the same page on CPU2, which results in a #PF and ultimately in sgx_vma_fault(). Scenario proceeds as follows: /* * CPU1: User space performs * ioctl(SGX_IOC_ENCLAVE_REMOVE_PAGES) * on enclave page X */ sgx_encl_remove_pages() { mutex_lock(&encl->lock); entry = sgx_encl_load_page(encl); /* * verify that page is * trimmed and accepted */ mutex_unlock(&encl->lock); /* * remove PTE entry; cannot * be performed under lock */ sgx_zap_enclave_ptes(encl); /* * Fault on CPU2 on same page X */ sgx_vma_fault() { /* * PTE entry was removed, but the * page is still in enclave's xarray */ xa_load(&encl->page_array) != NULL -> /* * SGX driver thinks that this page * was swapped out and loads it */ mutex_lock(&encl->lock); /* * this is effectively a no-op */ entry = sgx_encl_load_page_in_vma(); /* * add PTE entry * * *BUG*: a PTE is installed for a * page in process of being removed */ vmf_insert_pfn(...); mutex_unlock(&encl->lock); return VM_FAULT_NOPAGE; } /* * continue with page removal */ mutex_lock(&encl->lock); sgx_encl_free_epc_page(epc_page) { /* * remove page via EREMOVE */ /* * free EPC page */ sgx_free_epc_page(epc_page); } xa_erase(&encl->page_array); mutex_unlock(&encl->lock); } Here, CPU1 removed the page. However CPU2 installed the PTE entry on the same page. This enclave page becomes perpetually inaccessible (until another SGX_IOC_ENCLAVE_REMOVE_PAGES ioctl). This is because the page is marked accessible in the PTE entry but is not EAUGed, and any subsequent access to this page raises a fault: with the kernel believing there to be a valid VMA, the unlikely error code X86_PF_SGX encountered by code path do_user_addr_fault() -> access_error() causes the SGX driver's sgx_vma_fault() to be skipped and user space receives a SIGSEGV instead. The userspace SIGSEGV handler cannot perform EACCEPT because the page was not EAUGed. Thus, the user space is stuck with the inaccessible page. Fix this race by forcing the fault handler on CPU2 to back off if the page is currently being removed (on CPU1). This is achieved by introducing a new flag SGX_ENCL_PAGE_BEING_REMOVED, which is unset by default and set only right-before the first mutex_unlock() in sgx_encl_remove_pages(). Upon loading the page, CPU2 checks whether this page is being removed, and if yes then CPU2 backs off and waits until the page is completely removed. After that, any memory access to this page results in a normal "allocate and EAUG a page on #PF" flow. Fixes: 9849bb27152c ("x86/sgx: Support complete page removal") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 3 ++- arch/x86/kernel/cpu/sgx/encl.h | 3 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 41f14b1a3025..7ccd8b2fce5f 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -257,7 +257,8 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, /* Entry successfully located. */ if (entry->epc_page) { - if (entry->desc & SGX_ENCL_PAGE_BEING_RECLAIMED) + if (entry->desc & (SGX_ENCL_PAGE_BEING_RECLAIMED | + SGX_ENCL_PAGE_BEING_REMOVED)) return ERR_PTR(-EBUSY); return entry; diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h index f94ff14c9486..fff5f2293ae7 100644 --- a/arch/x86/kernel/cpu/sgx/encl.h +++ b/arch/x86/kernel/cpu/sgx/encl.h @@ -25,6 +25,9 @@ /* 'desc' bit marking that the page is being reclaimed. */ #define SGX_ENCL_PAGE_BEING_RECLAIMED BIT(3) +/* 'desc' bit marking that the page is being removed. */ +#define SGX_ENCL_PAGE_BEING_REMOVED BIT(2) + struct sgx_encl_page { unsigned long desc; unsigned long vm_max_prot_bits:8; diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index b65ab214bdf5..c542d4dd3e64 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -1142,6 +1142,7 @@ static long sgx_encl_remove_pages(struct sgx_encl *encl, * Do not keep encl->lock because of dependency on * mmap_lock acquired in sgx_zap_enclave_ptes(). */ + entry->desc |= SGX_ENCL_PAGE_BEING_REMOVED; mutex_unlock(&encl->lock); sgx_zap_enclave_ptes(encl, addr); -- 2.34.1

11 months, 3 weeks

4
3
0 0

[PATCH v2 0/3] Bluetooth: hci_bcm4377 fixes

by Sven Peter via B4 Relay

Hi, There are just two minor fixes from Hector that we've been carrying downstream for a while now. One increases the timeout while waiting for the firmware to boot which is optional for the controller already supported upstream but required for a newer 4388 board for which we'll also submit support soon. It also fixes the units for the timeouts which is why I've already included it here. The other one fixes a call to bitmap_release_region where we only wanted to release a single bit but are actually releasing much more. Best, Sven To: Hector Martin <marcan(a)marcan.st> To: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> To: Marcel Holtmann <marcel(a)holtmann.org> To: Luiz Augusto von Dentz <luiz.dentz(a)gmail.com> Cc: asahi(a)lists.linux.dev Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-bluetooth(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Sven Peter <sven(a)svenpeter.dev> Changes in v2: - split the timeout commit into two - collect Neal's tag - Link to v1: https://lore.kernel.org/r/20240512-btfix-msgid-v1-0-ab1bd938a7f4@svenpeter.… --- Hector Martin (2): Bluetooth: hci_bcm4377: Increase boot timeout Bluetooth: hci_bcm4377: Fix msgid release Sven Peter (1): Bluetooth: hci_bcm4377: Use correct unit for timeouts drivers/bluetooth/hci_bcm4377.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- base-commit: cf87f46fd34d6c19283d9625a7822f20d90b64a4 change-id: 20240512-btfix-msgid-d76029a7d917 Best regards, -- Sven Peter <sven(a)svenpeter.dev>

11 months, 3 weeks

2
2
0 0

[PATCH] Bluetooth: Add quirk to ignore reserved PHY bits in LE Extended Adv Report

by Sven Peter via B4 Relay

From: Sven Peter <sven(a)svenpeter.dev> Some Broadcom controllers found on Apple Silicon machines abuse the reserved bits inside the PHY fields of LE Extended Advertising Report events for additional flags. Add a quirk to drop these and correctly extract the Primary/Secondary_PHY field. The following excerpt from a btmon trace shows a report received with "Reserved" for "Primary PHY" on a 4388 controller: > HCI Event: LE Meta Event (0x3e) plen 26 LE Extended Advertising Report (0x0d) Num reports: 1 Entry 0 Event type: 0x2515 Props: 0x0015 Connectable Directed Use legacy advertising PDUs Data status: Complete Reserved (0x2500) Legacy PDU Type: Reserved (0x2515) Address type: Random (0x01) Address: 00:00:00:00:00:00 (Static) Primary PHY: Reserved Secondary PHY: No packets SID: no ADI field (0xff) TX power: 127 dBm RSSI: -60 dBm (0xc4) Periodic advertising interval: 0.00 msec (0x0000) Direct address type: Public (0x00) Direct address: 00:00:00:00:00:00 (Apple, Inc.) Data length: 0x00 Cc: stable(a)vger.kernel.org Fixes: 2e7ed5f5e69b ("Bluetooth: hci_sync: Use advertised PHYs on hci_le_ext_create_conn_sync") Reported-by: Janne Grunau <j(a)jannau.net> Closes: https://lore.kernel.org/all/Zjz0atzRhFykROM9@robin Tested-by: Janne Grunau <j(a)jannau.net> Signed-off-by: Sven Peter <sven(a)svenpeter.dev> --- drivers/bluetooth/hci_bcm4377.c | 8 ++++++++ include/net/bluetooth/hci.h | 11 +++++++++++ net/bluetooth/hci_event.c | 7 +++++++ 3 files changed, 26 insertions(+) diff --git a/drivers/bluetooth/hci_bcm4377.c b/drivers/bluetooth/hci_bcm4377.c index 9a7243d5db71..55109ad45115 100644 --- a/drivers/bluetooth/hci_bcm4377.c +++ b/drivers/bluetooth/hci_bcm4377.c @@ -495,6 +495,10 @@ struct bcm4377_data; * extended scanning * broken_mws_transport_config: Set to true if the chip erroneously claims to * support MWS Transport Configuration + * broken_le_ext_adv_report_phy: Set to true if this chip stuffs flags inside + * reserved bits of Primary/Secondary_PHY inside + * LE Extended Advertising Report events which + * have to be ignored * send_calibration: Optional callback to send calibration data * send_ptb: Callback to send "PTB" regulatory/calibration data */ @@ -513,6 +517,7 @@ struct bcm4377_hw { unsigned long broken_ext_scan : 1; unsigned long broken_mws_transport_config : 1; unsigned long broken_le_coded : 1; + unsigned long broken_le_ext_adv_report_phy : 1; int (*send_calibration)(struct bcm4377_data *bcm4377); int (*send_ptb)(struct bcm4377_data *bcm4377, @@ -2374,6 +2379,8 @@ static int bcm4377_probe(struct pci_dev *pdev, const struct pci_device_id *id) set_bit(HCI_QUIRK_BROKEN_EXT_SCAN, &hdev->quirks); if (bcm4377->hw->broken_le_coded) set_bit(HCI_QUIRK_BROKEN_LE_CODED, &hdev->quirks); + if (bcm4377->hw->broken_le_ext_adv_report_phy) + set_bit(HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_PHY, &hdev->quirks); pci_set_drvdata(pdev, bcm4377); hci_set_drvdata(hdev, bcm4377); @@ -2478,6 +2485,7 @@ static const struct bcm4377_hw bcm4377_hw_variants[] = { .clear_pciecfg_subsystem_ctrl_bit19 = true, .broken_mws_transport_config = true, .broken_le_coded = true, + .broken_le_ext_adv_report_phy = true, .send_calibration = bcm4387_send_calibration, .send_ptb = bcm4378_send_ptb, }, diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index 5c12761cbc0e..342aab86dad6 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -347,6 +347,17 @@ enum { * claim to support it. */ HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE, + + /* + * When this quirk is set, the reserved bits of Primary/Secondary_PHY + * inside the LE Extended Advertising Report events are discarded. + * This is required for some Apple/Broadcom controllers which + * abuse these reserved bits for unrelated flags. + * + * This quirk can be set before hci_register_dev is called or + * during the hdev->setup vendor callback. + */ + HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_PHY, }; /* HCI device flags */ diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index d72d238c1656..01d3a8d343f1 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -6446,6 +6446,13 @@ static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, void *data, evt_type = __le16_to_cpu(info->type) & LE_EXT_ADV_EVT_TYPE_MASK; legacy_evt_type = ext_evt_type_to_legacy(hdev, evt_type); + + if (test_bit(HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_PHY, + &hdev->quirks)) { + info->primary_phy &= 0x1f; + info->secondary_phy &= 0x1f; + } + if (legacy_evt_type != LE_ADV_INVALID) { process_adv_report(hdev, legacy_evt_type, &info->bdaddr, info->bdaddr_type, NULL, 0, --- base-commit: a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 change-id: 20240512-btfix-95c10c456f17 Best regards, -- Sven Peter <sven(a)svenpeter.dev>

11 months, 3 weeks

2
1
0 0

Re: [syzbot] [ntfs3?] kernel BUG at fs/ntfs/aops.c:LINE!

by syzbot

syzbot suspects this issue was fixed by commit: commit 6f861765464f43a71462d52026fbddfc858239a5 Author: Jan Kara <jack(a)suse.cz> Date: Wed Nov 1 17:43:10 2023 +0000 fs: Block writes to mounted block devices bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=134d0268980000 start commit: ceb6a6f023fd Linux 6.7-rc6 git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=e5751b3a2226135d dashboard link: https://syzkaller.appspot.com/bug?extid=6a5a7672f663cce8b156 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172458d6e80000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120d8026e80000 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: fs: Block writes to mounted block devices For information about bisection process see: https://goo.gl/tpsmEJ#bisection

11 months, 3 weeks

1
0
0 0

[PATCH v3] x86/tools: fix line number reported for malformed lines

by Valentin Obst

Commit 35039eb6b199 ("x86: Show symbol name if insn decoder test failed") included symbol lines in the post-processed objdump output consumed by the insn decoder test. This broke the `instuction lines == total lines` property that `insn_decoder_test.c` relied upon to print the offending line's number in error messages. This has the consequence that the line number reported on a test failure is unreated to, and much smaller than, the line that actually caused the problem. Add a new variable that counts the combined (insn+symbol) line count and report this in the error message. Fixes: 35039eb6b199 ("x86: Show symbol name if insn decoder test failed") Cc: stable(a)vger.kernel.org Reviewed-by: Miguel Ojeda <ojeda(a)kernel.org> Tested-by: Miguel Ojeda <ojeda(a)kernel.org> Reported-by: John Baublitz <john.m.baublitz(a)gmail.com> Debugged-by: John Baublitz <john.m.baublitz(a)gmail.com> Signed-off-by: Valentin Obst <kernel(a)valentinobst.de> --- See v2's commit message and [1] for context why this bug made debugging a test failure harder than necessary. [1]: https://rust-for-linux.zulipchat.com/#narrow/stream/291565-Help/topic/insn_… Changes in v3: - Add Cc stable tag in sign-off area. - Make commit message less verbose. - Link to v2: https://lore.kernel.org/r/20240223-x86-insn-decoder-line-fix-v2-1-cde49c69f… Changes in v2: - Added tags 'Reviewed-by', 'Tested-by', 'Reported-by', 'Debugged-by', 'Link', and 'Fixes'. - Explain why this patch fixes the commit mentioned in the 'Fixes' tag. - CCed the stable list and sent to all x86 maintainers. - Link to v1: https://lore.kernel.org/r/20240221-x86-insn-decoder-line-fix-v1-1-47cd5a171… --- arch/x86/tools/insn_decoder_test.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/tools/insn_decoder_test.c b/arch/x86/tools/insn_decoder_test.c index 472540aeabc2..727017a3c3c7 100644 --- a/arch/x86/tools/insn_decoder_test.c +++ b/arch/x86/tools/insn_decoder_test.c @@ -114,6 +114,7 @@ int main(int argc, char **argv) unsigned char insn_buff[16]; struct insn insn; int insns = 0; + int lines = 0; int warnings = 0; parse_args(argc, argv); @@ -123,6 +124,8 @@ int main(int argc, char **argv) int nb = 0, ret; unsigned int b; + lines++; + if (line[0] == '<') { /* Symbol line */ strcpy(sym, line); @@ -134,12 +137,12 @@ int main(int argc, char **argv) strcpy(copy, line); tab1 = strchr(copy, '\t'); if (!tab1) - malformed_line(line, insns); + malformed_line(line, lines); s = tab1 + 1; s += strspn(s, " "); tab2 = strchr(s, '\t'); if (!tab2) - malformed_line(line, insns); + malformed_line(line, lines); *tab2 = '\0'; /* Characters beyond tab2 aren't examined */ while (s < tab2) { if (sscanf(s, "%x", &b) == 1) { --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240221-x86-insn-decoder-line-fix-7b1f2e1732ff Best regards, -- Valentin Obst <kernel(a)valentinobst.de>

11 months, 3 weeks

2
2
0 0

[PATCH v5] can: mcp251xfd: fix infinite loop when xmit fails

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application. Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16 [ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3). ... and repeat forever. The issue can be triggered when multiple devices share the same SPI interface. And there is concurrent access to the bus. The problem occurs because tx_ring->head increments even if mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX package while still expecting a response in mcp251xfd_handle_tefif_one(). This patch resolves the issue by starting a workqueue to write the tx obj synchronously if err = -EBUSY. In case of another error, it decrements tx_ring->head, removes skb from the echo stack, and drops the message. Fixes: 55e5b97f003e ("can: mcp25xxfd: add driver for Microchip MCP25xxFD SPI CAN") Cc: stable(a)vger.kernel.org Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- V4->V5: - Start a workqueue to write tx obj with spi_sync() when spi_async() == -EBUSY. V3->V4: - Leave can_put_echo_skb() and stop the queue if needed, before mcp251xfd_tx_obj_write(). - Re-sync head and remove echo skb if mcp251xfd_tx_obj_write() fails. - Revert -> return NETDEV_TX_BUSY if mcp251xfd_tx_obj_write() == -EBUSY. V2->V3: - Add tx_dropped stats. - netdev_sent_queue() only if can_put_echo_skb() succeed. V1->V2: - Return NETDEV_TX_BUSY if mcp251xfd_tx_obj_write() == -EBUSY. - Rework the commit message to address the change above. - Change can_put_echo_skb() to be called after mcp251xfd_tx_obj_write() succeed. Otherwise, we get Kernel NULL pointer dereference error. .../net/can/spi/mcp251xfd/mcp251xfd-core.c | 13 ++++- drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 51 ++++++++++++++++--- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 5 ++ 3 files changed, 60 insertions(+), 9 deletions(-) diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c index 1d9057dc44f2..6cca853f2b1e 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c @@ -2141,15 +2141,25 @@ static int mcp251xfd_probe(struct spi_device *spi) if (err) goto out_free_candev; + priv->tx_work_obj = NULL; + priv->wq = alloc_workqueue("mcp251xfd_wq", WQ_FREEZABLE, 0); + if (!priv->wq) { + err = -ENOMEM; + goto out_can_rx_offload_del; + } + INIT_WORK(&priv->tx_work, mcp251xfd_tx_obj_write_sync); + err = mcp251xfd_register(priv); if (err) { dev_err_probe(&spi->dev, err, "Failed to detect %s.\n", mcp251xfd_get_model_str(priv)); - goto out_can_rx_offload_del; + goto out_can_free_wq; } return 0; + out_can_free_wq: + destroy_workqueue(priv->wq); out_can_rx_offload_del: can_rx_offload_del(&priv->offload); out_free_candev: @@ -2165,6 +2175,7 @@ static void mcp251xfd_remove(struct spi_device *spi) struct mcp251xfd_priv *priv = spi_get_drvdata(spi); struct net_device *ndev = priv->ndev; + destroy_workqueue(priv->wq); can_rx_offload_del(&priv->offload); mcp251xfd_unregister(priv); spi->max_speed_hz = priv->spi_max_speed_hz_orig; diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c index 160528d3cc26..1e7ddf316643 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c @@ -131,6 +131,41 @@ mcp251xfd_tx_obj_from_skb(const struct mcp251xfd_priv *priv, tx_obj->xfer[0].len = len; } +static void mcp251xfd_tx_failure_drop(const struct mcp251xfd_priv *priv, + struct mcp251xfd_tx_ring *tx_ring, + int err) +{ + struct net_device *ndev = priv->ndev; + struct net_device_stats *stats = &ndev->stats; + unsigned int frame_len = 0; + u8 tx_head; + + tx_ring->head--; + stats->tx_dropped++; + tx_head = mcp251xfd_get_tx_head(tx_ring); + can_free_echo_skb(ndev, tx_head, &frame_len); + netdev_completed_queue(ndev, 1, frame_len); + netif_wake_queue(ndev); + + if (net_ratelimit()) + netdev_err(priv->ndev, "ERROR in %s: %d\n", __func__, err); +} + +void mcp251xfd_tx_obj_write_sync(struct work_struct *ws) +{ + struct mcp251xfd_priv *priv = container_of(ws, struct mcp251xfd_priv, + tx_work); + struct mcp251xfd_tx_obj *tx_obj = priv->tx_work_obj; + struct mcp251xfd_tx_ring *tx_ring = priv->tx; + int err; + + err = spi_sync(priv->spi, &tx_obj->msg); + if (err) + mcp251xfd_tx_failure_drop(priv, tx_ring, err); + + priv->tx_work_obj = NULL; +} + static int mcp251xfd_tx_obj_write(const struct mcp251xfd_priv *priv, struct mcp251xfd_tx_obj *tx_obj) { @@ -175,7 +210,7 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, if (can_dev_dropped_skb(ndev, skb)) return NETDEV_TX_OK; - if (mcp251xfd_tx_busy(priv, tx_ring)) + if (mcp251xfd_tx_busy(priv, tx_ring) || priv->tx_work_obj) return NETDEV_TX_BUSY; tx_obj = mcp251xfd_get_tx_obj_next(tx_ring); @@ -193,13 +228,13 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, netdev_sent_queue(priv->ndev, frame_len); err = mcp251xfd_tx_obj_write(priv, tx_obj); - if (err) - goto out_err; - - return NETDEV_TX_OK; - - out_err: - netdev_err(priv->ndev, "ERROR in %s: %d\n", __func__, err); + if (err == -EBUSY) { + priv->tx_work_obj = tx_obj; + netif_stop_queue(ndev); + queue_work(priv->wq, &priv->tx_work); + } else if (err) { + mcp251xfd_tx_failure_drop(priv, tx_ring, err); + } return NETDEV_TX_OK; } diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd.h b/drivers/net/can/spi/mcp251xfd/mcp251xfd.h index 24510b3b8020..4e27a33f4030 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd.h +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd.h @@ -633,6 +633,10 @@ struct mcp251xfd_priv { struct mcp251xfd_rx_ring *rx[MCP251XFD_FIFO_RX_NUM]; struct mcp251xfd_tx_ring tx[MCP251XFD_FIFO_TX_NUM]; + struct workqueue_struct *wq; + struct work_struct tx_work; + struct mcp251xfd_tx_obj *tx_work_obj; + DECLARE_BITMAP(flags, __MCP251XFD_FLAGS_SIZE__); u8 rx_ring_num; @@ -952,6 +956,7 @@ void mcp251xfd_skb_set_timestamp(const struct mcp251xfd_priv *priv, void mcp251xfd_timestamp_init(struct mcp251xfd_priv *priv); void mcp251xfd_timestamp_stop(struct mcp251xfd_priv *priv); +void mcp251xfd_tx_obj_write_sync(struct work_struct *ws); netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, struct net_device *ndev); -- 2.34.1

11 months, 3 weeks

2
4
0 0

[PATCH 5.15 000/168] 5.15.159-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.159 release. There are 168 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.159-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.159-rc1 Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Rob Herring <robh(a)kernel.org> arm64: dts: qcom: Fix 'interrupt-map' parent address cells Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> ACPI: CPPC: Fix access width used for PCC registers Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Easwar Hariharan <eahariha(a)linux.microsoft.com> Revert "Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses"" Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Jian Shen <shenjian15(a)huawei.com> net: hns3: split function hclge_init_vlan_config() Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jie Wang <wangjie125(a)huawei.com> net: hns3: refactor hclge_cmd_send with new hclge_comm_cmd_send API Jie Wang <wangjie125(a)huawei.com> net: hns3: create new set of unified hclge_comm_cmd_send APIs Jie Wang <wangjie125(a)huawei.com> net: hns3: create new cmdq hardware description structure hclge_comm_hw Jie Wang <wangjie125(a)huawei.com> net: hns3: refactor hns3 makefile to support hns3_common module Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Hao Lan <lanhao(a)huawei.com> net: hns3: refactor function hclge_mbx_handler() Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: add query vf ring and vector map relation Yufeng Mo <moyufeng(a)huawei.com> net: hns3: add log for workqueue scheduled late Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: PF support get unicast MAC address space assigned by firmware Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-tdm-interface: Fix formatters in trigger" Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-card: Fix nonatomic links John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Improved check for empty queue John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Reschedule is now done through backlog John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Convert schedule_work into delayed_work John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Handle fin correctly John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: TCP data stall on recv before accept Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't keep track of Input Queue count Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: Add xdp_do_redirect_frame() for pre-computed xdp_frames Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: Move conversion to xdp_frame out of map functions Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- drivers/acpi/cppc_acpi.c | 67 ++- drivers/ata/sata_gemini.c | 5 +- drivers/bluetooth/btqca.c | 62 ++- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +-- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hwmon/corsair-cpro.c | 43 +- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/eeprom/at24.c | 46 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 20 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/Makefile | 18 +- drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h | 15 + drivers/net/ethernet/hisilicon/hns3/hnae3.h | 3 +- .../hisilicon/hns3/hns3_common/hclge_comm_cmd.c | 259 +++++++++++ .../hisilicon/hns3/hns3_common/hclge_comm_cmd.h | 121 +++++ drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 + .../net/ethernet/hisilicon/hns3/hns3pf/Makefile | 12 - .../net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c | 311 ++----------- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h | 85 +--- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 221 +++++---- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 17 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 494 +++++++++++++++------ .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 4 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3vf/Makefile | 10 - .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 10 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 180 +++----- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core.h | 1 - drivers/s390/net/qeth_core_main.c | 78 ++-- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/target/target_core_configfs.c | 12 + drivers/usb/core/hub.c | 5 +- drivers/usb/dwc3/core.c | 90 ++-- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/ucsi/ucsi.c | 12 +- fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/ksmbd/server.c | 13 +- fs/ksmbd/smb2pdu.c | 4 + fs/ksmbd/vfs.c | 5 + fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + include/linux/bpf.h | 20 +- include/linux/dma-fence.h | 7 - include/linux/filter.h | 4 + include/linux/skbuff.h | 15 + include/linux/skmsg.h | 5 +- include/linux/sunrpc/clnt.h | 1 + include/net/xfrm.h | 3 + kernel/bpf/cpumap.c | 8 +- kernel/bpf/devmap.c | 32 +- kernel/bpf/verifier.c | 3 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/core/filter.c | 117 ++++- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 2 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 53 +-- net/core/sock.c | 4 +- net/core/sock_map.c | 3 +- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_bpf.c | 51 +++ net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mptcp/protocol.c | 3 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/sunrpc/clnt.c | 5 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + scripts/Makefile.modfinal | 2 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-fifo.c | 56 ++- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 7 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++- 169 files changed, 2199 insertions(+), 1417 deletions(-)

11 months, 3 weeks

6
176
0 0

[PATCH 6.1 000/236] 6.1.91-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.91 release. There are 236 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.91-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.91-rc1 Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Andrea Righi <andrea.righi(a)canonical.com> btf, scripts: rust: drop is_rust_module.sh Andrea Righi <andrea.righi(a)canonical.com> rust: fix regexp in scripts/is_rust_module.sh Asahi Lina <lina(a)asahilina.net> rust: error: Rename to_kernel_errno() -> to_errno() Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Leah Rumancik <leah.rumancik(a)gmail.com> MAINTAINERS: add leah to 6.1 MAINTAINERS file Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: cdev: Add missing header(s) Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer() to timer_delete() Thomas Gleixner <tglx(a)linutronix.de> timers: Get rid of del_singleshot_timer_sync() Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Namhyung Kim <namhyung(a)kernel.org> perf unwind-libdw: Handle JIT-generated DSOs properly Namhyung Kim <namhyung(a)kernel.org> perf unwind-libunwind: Fix base address for .eh_frame Geert Uytterhoeven <geert+renesas(a)glider.be> spi: Merge spi_controller.{slave,target}_abort() Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust: avoid creating temporary files Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: Implement signed update for PLPKS objects Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Move PLPKS constants to header file Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: replace kmalloc with kzalloc in PLPKS driver Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Yang Yingliang <yangyingliang(a)huawei.com> spi: spi-axi-spi-engine: switch to use modern name Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: axi-spi-engine: Convert to platform remove callback returning void Yang Yingliang <yangyingliang(a)huawei.com> spi: introduce new helpers with using modern naming Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Make use of struct pinfunction and PINCTRL_PINFUNCTION() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Steve French <stfrench(a)microsoft.com> smb3: missing lock when picking channel Shyam Prasad N <sprasad(a)microsoft.com> cifs: use the least loaded channel for sending requests Masahiro Yamada <masahiroy(a)kernel.org> kbuild: specify output names separately for each emission type from rustc Masahiro Yamada <masahiroy(a)kernel.org> kbuild: refactor host*_flags Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix missing hugetlb_lock for resv uncharge Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: convert free_huge_page to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio_hstate() Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add hugetlb_folio_subpool() helpers Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm: add private field of first tail to struct page and struct folio Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio support to hugetlb specific flag macros Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- MAINTAINERS | 1 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +-- arch/powerpc/include/asm/hvcall.h | 1 + arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 135 ++++++---- arch/powerpc/platforms/pseries/plpks.h | 40 ++- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/bluetooth/btqca.c | 162 +++++++++++- drivers/bluetooth/btqca.h | 6 +- drivers/bluetooth/hci_qca.c | 11 + drivers/char/tpm/tpm-dev-common.c | 4 +- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 183 ++++++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 52 ++-- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 +++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 ++- drivers/hwmon/corsair-cpro.c | 43 +++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/eeprom/at24.c | 46 +++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 19 +- drivers/nvme/host/core.c | 2 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++--- drivers/pinctrl/intel/pinctrl-intel.c | 6 +- drivers/pinctrl/intel/pinctrl-intel.h | 17 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 ++- drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 +++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 14 +- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 275 +++++++++++---------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 12 + drivers/staging/wlan-ng/hfa384x_usb.c | 4 +- drivers/staging/wlan-ng/prism2usb.c | 6 +- drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufshcd.c | 5 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++---- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/tcpm/tcpm.c | 35 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/hugetlbfs/inode.c | 8 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/transport.c | 37 ++- fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hugetlb.h | 53 +++- include/linux/hugetlb_cgroup.h | 69 +++--- include/linux/hyperv.h | 1 + include/linux/mm_types.h | 14 ++ include/linux/pinctrl/pinctrl.h | 20 ++ include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/spi/spi.h | 51 +++- include/linux/sunrpc/clnt.h | 1 + include/linux/timer.h | 15 +- include/net/xfrm.h | 3 + include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/time/timer.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- mm/hugetlb.c | 52 ++-- mm/hugetlb_cgroup.c | 34 +-- mm/migrate.c | 2 +- mm/readahead.c | 4 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++- net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_output.c | 2 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mptcp/protocol.c | 3 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprt.c | 2 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/Makefile | 11 +- rust/kernel/error.rs | 2 +- rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 ++++++++------ scripts/Makefile.build | 17 +- scripts/Makefile.host | 27 +- scripts/Makefile.modfinal | 4 +- scripts/is_rust_module.sh | 16 -- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 +++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 +-- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/perf/util/unwind-libdw.c | 21 +- tools/perf/util/unwind-libunwind-local.c | 2 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 30 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + tools/testing/selftests/timers/valid-adjtimex.c | 73 +++--- 237 files changed, 2399 insertions(+), 1328 deletions(-)

11 months, 3 weeks

7
243
0 0

[PATCH 6.8 000/336] 6.8.10-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.10 release. There are 336 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.10-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.10-rc1 Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not differentiate the toplevel events directory Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Enhance def_domain_type to handle untrusted device Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Thomas Weißschuh <linux(a)weissschuh.net> misc/pvpanic-pci: register attributes via pci_driver Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Lyude Paul <lyude(a)redhat.com> drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Fix idle optimization checks for multi-display and dual eDP Matt Coster <matt.coster(a)imgtec.com> drm/imagination: Ensure PVR_MIPS_PT_PAGE_COUNT is never zero Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Marek Szyprowski <m.szyprowski(a)samsung.com> clk: samsung: Revert "clk: Use device_get_match_data()" Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Reset chip on probe() and resume() Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes SPI support for BMP3xx devices Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Josef Bacik <josef(a)toxicpanda.com> btrfs: make sure that WRITTEN is set on all metadata blocks Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: do not check qgroup inherit if qgroup is disabled Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> mm/slub: avoid zeroing outside-object freepointer for single free Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Donald Hunter <donald.hunter(a)gmail.com> netlink: specs: Add missing bridge linkinfo attrs Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-pico6: Fix bluetooth node Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmf: Decrease error message to debug Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: remove erroneous nlink init from legacy stat2inode Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe: Label RING_CONTEXT_CONTROL as masked Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe/xe_migrate: Cast to output precision before multiplying operands Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: fix the high voltage issue after unload Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: add smu 14.0.1 discovery support Li Ma <li.ma(a)amd.com> drm/amd/display: add DCN 351 version for microcode load Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Eric Dumazet <edumazet(a)google.com> nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies Eric Dumazet <edumazet(a)google.com> net: add copy_safe_from_sockptr() helper Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Bernhard Rosenkränzer <bero(a)baylibre.com> platform/x86: acer-wmi: Add support for Acer PH18-71 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix missed error message after VPU rename Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Improve clarity of MMU error messages Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Remove d3hot_after_power_off WA Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Kees Cook <keescook(a)chromium.org> nouveau/gsp: Avoid addressing beyond end of rpc->entries Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Len Brown <len.brown(a)intel.com> tools/power turbostat: Expand probe_intel_uncore_frequency() Chen Yu <yu.c.chen(a)intel.com> tools/power turbostat: Do not print negative LPI residency Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: modify clock table Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: Solve error interruption issue Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> OSS: dmasound/paula: Mark driver struct with __refdata to prevent section mismatch André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix END redefinition linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: fix uninitialized values during inode evict Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Conor Dooley <conor.dooley(a)microchip.com> firmware: microchip: don't unconditionally print validation success Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix timing of synchronizing bitmap and inode Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/versal: Do not log total error counts Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/display: Fix ADL-N detection Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Prevent use-after-free from occurring after cdev removal David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Fix two locking issues with thermal zone debug Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Free all thermal zone debug memory on zone removal Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> ice: ensure the copied buf is NUL terminated Chen Yu <yu.c.chen(a)intel.com> efi/unaccepted: touch soft lockup during memory accept Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Puranjay Mohan <puranjay(a)kernel.org> arm32, bpf: Reimplement sign-extension mov instruction Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_encode_fattr4() crasher Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for CB_GETATTR callback Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +-- Documentation/netlink/specs/rt_link.yaml | 6 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm/net/bpf_jit_32.c | 56 +++++-- .../dts/mediatek/mt8183-kukui-jacuzzi-pico6.dts | 3 +- arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 ++-- arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +-- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 ++-- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/accel/ivpu/ivpu_drv.c | 20 +-- drivers/accel/ivpu/ivpu_drv.h | 3 +- drivers/accel/ivpu/ivpu_hw_37xx.c | 4 +- drivers/accel/ivpu/ivpu_mmu.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 9 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++++ drivers/bluetooth/btqca.c | 140 ++++++++++++++-- drivers/bluetooth/btqca.h | 3 +- drivers/bluetooth/hci_qca.c | 2 - drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/samsung/clk-exynos-clkout.c | 13 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 ++- drivers/clk/sunxi-ng/ccu_common.c | 19 +++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/edac/versal_edac.c | 4 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/firmware/efi/unaccepted_memory.c | 4 + drivers/firmware/microchip/mpfs-auto-update.c | 2 + drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 26 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++++--- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++++-- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 33 +++- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 27 ++- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 8 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +-- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/imagination/pvr_fw_mips.h | 5 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++++---- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 +- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 81 +++++---- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +----- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/drm/xe/compat-i915-headers/i915_drv.h | 3 +- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 +- drivers/gpu/drm/xe/xe_lrc.c | 25 ++- drivers/gpu/drm/xe/xe_migrate.c | 8 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +++- drivers/hv/connection.c | 29 +++- drivers/hwmon/corsair-cpro.c | 43 +++-- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 92 +++++++++- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-core.c | 1 + drivers/iio/pressure/bmp280-spi.c | 13 +- drivers/iio/pressure/bmp280.h | 1 + drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 4 + drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c | 4 +- drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/pvpanic/pvpanic-pci.c | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 20 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 +++--- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +-- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- drivers/net/ethernet/intel/ice/ice_debugfs.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++++-- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 ++-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++++---- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 ++--- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/platform/x86/acer-wmi.c | 9 + drivers/platform/x86/amd/pmf/acpi.c | 2 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +-- drivers/regulator/mt6360-regulator.c | 32 ++-- drivers/regulator/tps65132-regulator.c | 7 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++++---- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +-- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +-- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 ++-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 19 +-- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 ++ drivers/thermal/thermal_debugfs.c | 59 +++++-- drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++++----- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 +++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 +++- drivers/usb/typec/ucsi/ucsi.c | 12 +- fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 23 ++- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/qgroup.c | 2 + fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-checker.c | 30 ++-- fs/btrfs/tree-checker.h | 1 + fs/btrfs/volumes.c | 18 +- fs/exfat/file.c | 9 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/nfsd/cache.h | 2 - fs/nfsd/netns.h | 21 ++- fs/nfsd/nfs4callback.c | 97 ++++++++++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfs4state.c | 3 +- fs/nfsd/nfs4xdr.c | 2 +- fs/nfsd/nfscache.c | 40 +---- fs/nfsd/nfsctl.c | 14 +- fs/nfsd/nfsfh.c | 3 +- fs/nfsd/state.h | 14 ++ fs/nfsd/stats.c | 43 ++--- fs/nfsd/stats.h | 62 +++---- fs/nfsd/vfs.c | 6 +- fs/nfsd/xdr4cb.h | 18 ++ fs/proc/task_mmu.c | 24 +-- fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 +++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 ++ fs/smb/server/oplock.c | 35 ++-- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 74 +++++---- fs/tracefs/inode.c | 92 +++++++++- fs/tracefs/internal.h | 14 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 ++ include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 4 +- include/linux/sockptr.h | 25 +++ include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 ++ kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/readahead.c | 4 + mm/slub.c | 52 +++--- net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++-- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 ++- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++-- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++++- net/mptcp/protocol.c | 3 + net/nfc/llcp_sock.c | 12 +- net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++++--- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 ++- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/macros/module.rs | 185 +++++++++++++-------- scripts/Makefile.modfinal | 2 +- sound/hda/intel-sdw-acpi.c | 2 + sound/oss/dmasound/dmasound_paula.c | 8 +- sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++++++------- sound/pci/hda/patch_realtek.c | 25 ++- sound/soc/codecs/es8326.c | 30 ++-- sound/soc/codecs/es8326.h | 2 +- sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++++--- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++-- sound/soc/meson/axg-toddr.c | 22 ++- sound/soc/sof/intel/hda-dsp.c | 20 ++- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 +++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 163 +++++++++++++----- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 14 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++++---- 369 files changed, 3269 insertions(+), 1864 deletions(-)

11 months, 3 weeks

6
341
0 0

[PATCHv4 3/4] x86/tdx: Dynamically disable SEPT violations from causing #VEs

by Kirill A. Shutemov

Memory access #VE's are hard for Linux to handle in contexts like the entry code or NMIs. But other OSes need them for functionality. There's a static (pre-guest-boot) way for a VMM to choose one or the other. But VMMs don't always know which OS they are booting, so they choose to deliver those #VE's so the "other" OSes will work. That, unfortunately has left us in the lurch and exposed to these hard-to-handle #VEs. The TDX module has introduced a new feature. Even if the static configuration is "send nasty #VE's", the kernel can dynamically request that they be disabled. Check if the feature is available and disable SEPT #VE if possible. If the TD allowed to disable/enable SEPT #VEs, the ATTR_SEPT_VE_DISABLE attribute is no longer reliable. It reflects the initial state of the control for the TD, but it will not be updated if someone (e.g. bootloader) changes it before the kernel starts. Kernel must check TDCS_TD_CTLS bit to determine if SEPT #VEs are enabled or disabled. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Fixes: 373e715e31bf ("x86/tdx: Panic on bad configs that #VE on "private" memory access") Cc: stable(a)vger.kernel.org --- arch/x86/coco/tdx/tdx.c | 88 +++++++++++++++++++++++++------ arch/x86/include/asm/shared/tdx.h | 11 +++- 2 files changed, 83 insertions(+), 16 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 1ff571cb9177..ba37f4306f4e 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -77,6 +77,20 @@ static inline void tdcall(u64 fn, struct tdx_module_args *args) panic("TDCALL %lld failed (Buggy TDX module!)\n", fn); } +/* Read TD-scoped metadata */ +static inline u64 tdg_vm_rd(u64 field, u64 *value) +{ + struct tdx_module_args args = { + .rdx = field, + }; + u64 ret; + + ret = __tdcall_ret(TDG_VM_RD, &args); + *value = args.r8; + + return ret; +} + /* Write TD-scoped metadata */ static inline u64 tdg_vm_wr(u64 field, u64 value, u64 mask) { @@ -179,6 +193,62 @@ static void __noreturn tdx_panic(const char *msg) __tdx_hypercall(&args); } +/* + * The kernel cannot handle #VEs when accessing normal kernel memory. Ensure + * that no #VE will be delivered for accesses to TD-private memory. + * + * TDX 1.0 does not allow the guest to disable SEPT #VE on its own. The VMM + * controls if the guest will receive such #VE with TD attribute + * ATTR_SEPT_VE_DISABLE. + * + * Newer TDX module allows the guest to control if it wants to receive SEPT + * violation #VEs. + * + * Check if the feature is available and disable SEPT #VE if possible. + * + * If the TD allowed to disable/enable SEPT #VEs, the ATTR_SEPT_VE_DISABLE + * attribute is no longer reliable. It reflects the initial state of the + * control for the TD, but it will not be updated if someone (e.g. bootloader) + * changes it before the kernel starts. Kernel must check TDCS_TD_CTLS bit to + * determine if SEPT #VEs are enabled or disabled. + */ +static void disable_sept_ve(u64 td_attr) +{ + const char *msg = "TD misconfiguration: SEPT #VE has to be disabled"; + bool debug = td_attr & ATTR_DEBUG; + u64 config, controls; + + /* Is this TD allowed to disable SEPT #VE */ + tdg_vm_rd(TDCS_CONFIG_FLAGS, &config); + if (!(config & TDCS_CONFIG_FLEXIBLE_PENDING_VE)) { + /* No SEPT #VE controls for the guest: check the attribute */ + if (td_attr & ATTR_SEPT_VE_DISABLE) + return; + + /* Relax SEPT_VE_DISABLE check for debug TD for backtraces */ + if (debug) + pr_warn("%s\n", msg); + else + tdx_panic(msg); + return; + } + + /* Check if SEPT #VE has been disabled before us */ + tdg_vm_rd(TDCS_TD_CTLS, &controls); + if (controls & TD_CTLS_PENDING_VE_DISABLE) + return; + + /* Keep #VEs enabled for splats in debugging environments */ + if (debug) + return; + + /* Disable SEPT #VEs */ + tdg_vm_wr(TDCS_TD_CTLS, TD_CTLS_PENDING_VE_DISABLE, + TD_CTLS_PENDING_VE_DISABLE); + + return; +} + static void tdx_setup(u64 *cc_mask) { struct tdx_module_args args = {}; @@ -204,24 +274,12 @@ static void tdx_setup(u64 *cc_mask) gpa_width = args.rcx & GENMASK(5, 0); *cc_mask = BIT_ULL(gpa_width - 1); + td_attr = args.rdx; + /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); - /* - * The kernel can not handle #VE's when accessing normal kernel - * memory. Ensure that no #VE will be delivered for accesses to - * TD-private memory. Only VMM-shared memory (MMIO) will #VE. - */ - td_attr = args.rdx; - if (!(td_attr & ATTR_SEPT_VE_DISABLE)) { - const char *msg = "TD misconfiguration: SEPT_VE_DISABLE attribute must be set."; - - /* Relax SEPT_VE_DISABLE check for debug TD. */ - if (td_attr & ATTR_DEBUG) - pr_warn("%s\n", msg); - else - tdx_panic(msg); - } + disable_sept_ve(td_attr); } /* diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h index fdfd41511b02..fecb2a6e864b 100644 --- a/arch/x86/include/asm/shared/tdx.h +++ b/arch/x86/include/asm/shared/tdx.h @@ -16,11 +16,20 @@ #define TDG_VP_VEINFO_GET 3 #define TDG_MR_REPORT 4 #define TDG_MEM_PAGE_ACCEPT 6 +#define TDG_VM_RD 7 #define TDG_VM_WR 8 -/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */ +/* TDX TD-Scope Metadata. To be used by TDG.VM.WR and TDG.VM.RD */ +#define TDCS_CONFIG_FLAGS 0x1110000300000016 +#define TDCS_TD_CTLS 0x1110000300000017 #define TDCS_NOTIFY_ENABLES 0x9100000000000010 +/* TDCS_CONFIG_FLAGS bits */ +#define TDCS_CONFIG_FLEXIBLE_PENDING_VE BIT_ULL(1) + +/* TDCS_TD_CTLS bits */ +#define TD_CTLS_PENDING_VE_DISABLE BIT_ULL(0) + /* TDX hypercall Leaf IDs */ #define TDVMCALL_MAP_GPA 0x10001 #define TDVMCALL_GET_QUOTE 0x10002 -- 2.43.0

11 months, 3 weeks

3
5
0 0

[PATCH] x86/percpu: Use __force to cast from __percpu address space

by Uros Bizjak

commit a55c1fdad5f61b4bfe42319694b23671a758cb28 upstream. Fix Sparse warning when casting from __percpu address space by using __force in the cast. x86 named address spaces are not considered to be subspaces of the generic (flat) address space, so explicit casts are required to convert pointers between these address spaces and the generic address space (the application should cast to uintptr_t and apply the segment base offset). The cast to uintptr_t removes __percpu address space tag and Sparse reports: warning: cast removes address space '__percpu' of expression Use __force to inform Sparse that the cast is intentional. The patch deviates from upstream commit due to the unification of arch_raw_cpu_ptr() defines in the commit: 4e5b0e8003df ("x86/percpu: Unify arch_raw_cpu_ptr() defines"). Fixes: 9a462b9eafa6 ("x86/percpu: Use compiler segment prefix qualifier") Reported-by: Charlemagne Lasse <charlemagnelasse(a)gmail.com> Closes: https://lore.kernel.org/lkml/CAFGhKbzev7W4aHwhFPWwMZQEHenVgZUj7=aunFieVqZg3… Cc: stable(a)vger.kernel.org # v6.8 Link: https://lore.kernel.org/r/20240402175058.52649-1-ubizjak@gmail.com Signed-off-by: Uros Bizjak <ubizjak(a)gmail.com> --- arch/x86/include/asm/percpu.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/percpu.h b/arch/x86/include/asm/percpu.h index 44958ebaf626..66ed36b8cdb4 100644 --- a/arch/x86/include/asm/percpu.h +++ b/arch/x86/include/asm/percpu.h @@ -70,7 +70,7 @@ unsigned long tcp_ptr__; \ tcp_ptr__ = __raw_cpu_read(, this_cpu_off); \ \ - tcp_ptr__ += (unsigned long)(ptr); \ + tcp_ptr__ += (__force unsigned long)(ptr); \ (typeof(*(ptr)) __kernel __force *)tcp_ptr__; \ }) #else /* CONFIG_USE_X86_SEG_SUPPORT */ @@ -85,7 +85,7 @@ : "=r" (tcp_ptr__) \ : "m" (__my_cpu_var(this_cpu_off))); \ \ - tcp_ptr__ += (unsigned long)(ptr); \ + tcp_ptr__ += (__force unsigned long)(ptr); \ (typeof(*(ptr)) __kernel __force *)tcp_ptr__; \ }) #endif /* CONFIG_USE_X86_SEG_SUPPORT */ @@ -102,8 +102,8 @@ #endif /* CONFIG_SMP */ #define __my_cpu_type(var) typeof(var) __percpu_seg_override -#define __my_cpu_ptr(ptr) (__my_cpu_type(*ptr) *)(uintptr_t)(ptr) -#define __my_cpu_var(var) (*__my_cpu_ptr(&var)) +#define __my_cpu_ptr(ptr) (__my_cpu_type(*(ptr))*)(__force uintptr_t)(ptr) +#define __my_cpu_var(var) (*__my_cpu_ptr(&(var))) #define __percpu_arg(x) __percpu_prefix "%" #x #define __force_percpu_arg(x) __force_percpu_prefix "%" #x -- 2.45.0

11 months, 3 weeks

2
3
0 0

Regression fix e100e: change usleep_range to udelay in PHY mdic

by James Dutton

Hi, Please can you add this regression fix to kernel 6.9.1. Feel free to add a: Tested-by: James Courtier-Dutton <james.dutton(a)gmail.com> It has been tested by many others also, as listed in the commit, so don't feel the need to add my name if it delays adding it to kernel 6.9.1. Without this fix, the network card in my HP laptop does not work. Here is the summary with links: - [net] e1000e: change usleep_range to udelay in PHY mdic access https://git.kernel.org/netdev/net/c/387f295cb215 Kind Regards James

11 months, 3 weeks

3
3
0 0

[PATCH stable, 6.1 0/2] Fix for sockmap causing data stalls

by John Fastabend

The attached two patches fix an issue with running BPF sockmap on TCP sockets where applications error out due to sender doing a send for each scatter gather element in the msg. The other 6.x stable and longterm kernels have this fix so we don't see it there and the issue was introduced in 6.1 by converting to the read_skb() interface. The 5.15 stable kernels use the read_sock() interface which doesn't have this issue. We missed adding the fixes tag to the original series because the work was a code improvement and wasn't originally identified as a bugfix. The first patch applies cleanly, the second patch does not because it touches smc, espintcp, and siw which do not apply because that code does not use sendmsg() yet on 6.1. I remove those chunks of the patch because they don't apply here. I added a Fixes tag to the patches to point at the patch introducing the issue. Originally I sent something similar to this as a single patch where I incorrectly merged the two patches. Greg asked me to do this as two patches. Thanks. David Howells (2): tcp_bpf: Inline do_tcp_sendpages as it's now a wrapper around tcp_sendmsg tcp_bpf, smc, tls, espintcp, siw: Reduce MSG_SENDPAGE_NOTLAST usage net/ipv4/tcp_bpf.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) -- 2.33.0

11 months, 3 weeks

2
3
0 0

FAILED: patch "[PATCH] mm,swapops: update check in is_pfn_swap_entry for hwpoison" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 07a57a338adb6ec9e766d6a6790f76527f45ceb5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042309-rural-overlying-190b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 07a57a338adb ("mm,swapops: update check in is_pfn_swap_entry for hwpoison entries") d027122d8363 ("mm/hwpoison: move definitions of num_poisoned_pages_* to memory-failure.c") e591ef7d96d6 ("mm,hwpoison,hugetlb,memory_hotplug: hotremove memory section with hwpoisoned hugepage") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07a57a338adb6ec9e766d6a6790f76527f45ceb5 Mon Sep 17 00:00:00 2001 From: Oscar Salvador <osalvador(a)suse.de> Date: Sun, 7 Apr 2024 15:05:37 +0200 Subject: [PATCH] mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Tony reported that the Machine check recovery was broken in v6.9-rc1, as he was hitting a VM_BUG_ON when injecting uncorrectable memory errors to DRAM. After some more digging and debugging on his side, he realized that this went back to v6.1, with the introduction of 'commit 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry")'. That commit, among other things, introduced swp_offset_pfn(), replacing hwpoison_entry_to_pfn() in its favour. The patch also introduced a VM_BUG_ON() check for is_pfn_swap_entry(), but is_pfn_swap_entry() never got updated to cover hwpoison entries, which means that we would hit the VM_BUG_ON whenever we would call swp_offset_pfn() for such entries on environments with CONFIG_DEBUG_VM set. Fix this by updating the check to cover hwpoison entries as well, and update the comment while we are it. Link: https://lkml.kernel.org/r/20240407130537.16977-1-osalvador@suse.de Fixes: 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry") Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Reported-by: Tony Luck <tony.luck(a)intel.com> Closes: https://lore.kernel.org/all/Zg8kLSl2yAlA3o5D@agluck-desk3/ Tested-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.1.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/swapops.h b/include/linux/swapops.h index 48b700ba1d18..a5c560a2f8c2 100644 --- a/include/linux/swapops.h +++ b/include/linux/swapops.h @@ -390,6 +390,35 @@ static inline bool is_migration_entry_dirty(swp_entry_t entry) } #endif /* CONFIG_MIGRATION */ +#ifdef CONFIG_MEMORY_FAILURE + +/* + * Support for hardware poisoned pages + */ +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + BUG_ON(!PageLocked(page)); + return swp_entry(SWP_HWPOISON, page_to_pfn(page)); +} + +static inline int is_hwpoison_entry(swp_entry_t entry) +{ + return swp_type(entry) == SWP_HWPOISON; +} + +#else + +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + return swp_entry(0, 0); +} + +static inline int is_hwpoison_entry(swp_entry_t swp) +{ + return 0; +} +#endif + typedef unsigned long pte_marker; #define PTE_MARKER_UFFD_WP BIT(0) @@ -483,8 +512,9 @@ static inline struct folio *pfn_swap_entry_folio(swp_entry_t entry) /* * A pfn swap entry is a special type of swap entry that always has a pfn stored - * in the swap offset. They are used to represent unaddressable device memory - * and to restrict access to a page undergoing migration. + * in the swap offset. They can either be used to represent unaddressable device + * memory, to restrict access to a page undergoing migration or to represent a + * pfn which has been hwpoisoned and unmapped. */ static inline bool is_pfn_swap_entry(swp_entry_t entry) { @@ -492,7 +522,7 @@ static inline bool is_pfn_swap_entry(swp_entry_t entry) BUILD_BUG_ON(SWP_TYPE_SHIFT < SWP_PFN_BITS); return is_migration_entry(entry) || is_device_private_entry(entry) || - is_device_exclusive_entry(entry); + is_device_exclusive_entry(entry) || is_hwpoison_entry(entry); } struct page_vma_mapped_walk; @@ -561,35 +591,6 @@ static inline int is_pmd_migration_entry(pmd_t pmd) } #endif /* CONFIG_ARCH_ENABLE_THP_MIGRATION */ -#ifdef CONFIG_MEMORY_FAILURE - -/* - * Support for hardware poisoned pages - */ -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - BUG_ON(!PageLocked(page)); - return swp_entry(SWP_HWPOISON, page_to_pfn(page)); -} - -static inline int is_hwpoison_entry(swp_entry_t entry) -{ - return swp_type(entry) == SWP_HWPOISON; -} - -#else - -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - return swp_entry(0, 0); -} - -static inline int is_hwpoison_entry(swp_entry_t swp) -{ - return 0; -} -#endif - static inline int non_swap_entry(swp_entry_t entry) { return swp_type(entry) >= MAX_SWAPFILES;

11 months, 3 weeks

3
2
0 0

[PATCH 6.6.y] kselftest: Add a ksft_perror() helper

by Edward Liaw

From: Mark Brown <broonie(a)kernel.org> [ Upstream commit 907f33028871fa7c9a3db1efd467b78ef82cce20 ] The standard library perror() function provides a convenient way to print an error message based on the current errno but this doesn't play nicely with KTAP output. Provide a helper which does an equivalent thing in a KTAP compatible format. nolibc doesn't have a strerror() and adding the table of strings required doesn't seem like a good fit for what it's trying to do so when we're using that only print the errno. Signed-off-by: Mark Brown <broonie(a)kernel.org> Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Stable-dep-of: 071af0c9e582 ("selftests: timers: Convert posix_timers test to generate KTAP output") Signed-off-by: Edward Liaw <edliaw(a)google.com> --- tools/testing/selftests/kselftest.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index e8eecbc83a60..ad7b97e16f37 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -48,6 +48,7 @@ #include <stdlib.h> #include <unistd.h> #include <stdarg.h> +#include <string.h> #include <stdio.h> #include <sys/utsname.h> #endif @@ -156,6 +157,19 @@ static inline void ksft_print_msg(const char *msg, ...) va_end(args); } +static inline void ksft_perror(const char *msg) +{ +#ifndef NOLIBC + ksft_print_msg("%s: %s (%d)\n", msg, strerror(errno), errno); +#else + /* + * nolibc doesn't provide strerror() and it seems + * inappropriate to add one, just print the errno. + */ + ksft_print_msg("%s: %d)\n", msg, errno); +#endif +} + static inline void ksft_test_result_pass(const char *msg, ...) { int saved_errno = errno; -- 2.44.0.769.g3c40516874-goog

11 months, 3 weeks

3
4
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 52ccdde16b6540abe43b6f8d8e1e1ec90b0983af # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042912-visibly-carpool-70bd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 52ccdde16b65 ("mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()") 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") d6ef19e25df2 ("mm/hugetlb: convert update_and_free_page() to folios") cfd5082b5147 ("mm/hugetlb: convert remove_hugetlb_page() to folios") 1a7cdab59b22 ("mm/hugetlb: convert dissolve_free_huge_page() to folios") 911565b82853 ("mm/hugetlb: convert destroy_compound_gigantic_page() to folios") cb67f4282bf9 ("mm,thp,rmap: simplify compound page mapcount handling") dad6a5eb5556 ("mm,hugetlb: use folio fields in second tail page") 0356c4b96f68 ("mm/hugetlb: convert free_huge_page to folios") de656ed376c4 ("mm/hugetlb_cgroup: convert set_hugetlb_cgroup*() to folios") f074732d599e ("mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios") a098c977722c ("mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios") 4781593d5dba ("mm/hugetlb: unify clearing of RestoreReserve for private pages") 149562f75094 ("mm/hugetlb: add hugetlb_folio_subpool() helpers") d340625f4849 ("mm: add private field of first tail to struct page and struct folio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52ccdde16b6540abe43b6f8d8e1e1ec90b0983af Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Fri, 19 Apr 2024 16:58:19 +0800 Subject: [PATCH] mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() When I did memory failure tests recently, below warning occurs: DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0 Modules linked in: mce_inject hwpoison_inject CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:__lock_acquire+0xccb/0x1ca0 RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082 RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0 RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10 R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004 FS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0 Call Trace: <TASK> lock_acquire+0xbe/0x2d0 _raw_spin_lock_irqsave+0x3a/0x60 hugepage_subpool_put_pages.part.0+0xe/0xc0 free_huge_folio+0x253/0x3f0 dissolve_free_huge_page+0x147/0x210 __page_handle_poison+0x9/0x70 memory_failure+0x4e6/0x8c0 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xbc/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff9f3114887 RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887 RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001 RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00 </TASK> Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> panic+0x326/0x350 check_panic_on_warn+0x4f/0x50 __warn+0x98/0x190 report_bug+0x18e/0x1a0 handle_bug+0x3d/0x70 exc_invalid_op+0x18/0x70 asm_exc_invalid_op+0x1a/0x20 RIP: 0010:__lock_acquire+0xccb/0x1ca0 RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082 RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0 RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10 R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004 lock_acquire+0xbe/0x2d0 _raw_spin_lock_irqsave+0x3a/0x60 hugepage_subpool_put_pages.part.0+0xe/0xc0 free_huge_folio+0x253/0x3f0 dissolve_free_huge_page+0x147/0x210 __page_handle_poison+0x9/0x70 memory_failure+0x4e6/0x8c0 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xbc/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff9f3114887 RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887 RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001 RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00 </TASK> After git bisecting and digging into the code, I believe the root cause is that _deferred_list field of folio is unioned with _hugetlb_subpool field. In __update_and_free_hugetlb_folio(), folio->_deferred_list is initialized leading to corrupted folio->_hugetlb_subpool when folio is hugetlb. Later free_huge_folio() will use _hugetlb_subpool and above warning happens. But it is assumed hugetlb flag must have been cleared when calling folio_put() in update_and_free_hugetlb_folio(). This assumption is broken due to below race: CPU1 CPU2 dissolve_free_huge_page update_and_free_pages_bulk update_and_free_hugetlb_folio hugetlb_vmemmap_restore_folios folio_clear_hugetlb_vmemmap_optimized clear_flag = folio_test_hugetlb_vmemmap_optimized if (clear_flag) <-- False, it's already cleared. __folio_clear_hugetlb(folio) <-- Hugetlb is not cleared. folio_put free_huge_folio <-- free_the_page is expected. list_for_each_entry() __folio_clear_hugetlb <-- Too late. Fix this issue by checking whether folio is hugetlb directly instead of checking clear_flag to close the race window. Link: https://lkml.kernel.org/r/20240419085819.1901645-1-linmiaohe@huawei.com Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 05371bf54f96..ce7be5c24442 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1781,7 +1781,7 @@ static void __update_and_free_hugetlb_folio(struct hstate *h, * If vmemmap pages were allocated above, then we need to clear the * hugetlb destructor under the hugetlb lock. */ - if (clear_dtor) { + if (folio_test_hugetlb(folio)) { spin_lock_irq(&hugetlb_lock); __clear_hugetlb_destructor(h, folio); spin_unlock_irq(&hugetlb_lock);

11 months, 3 weeks

4
5
0 0

[PATCH 6.6.x] btrfs: do not wait for short bulk allocation

by David Sterba

From: Qu Wenruo <wqu(a)suse.com> commit 1db7959aacd905e6487d0478ac01d89f86eb1e51 upstream. [BUG] There is a recent report that when memory pressure is high (including cached pages), btrfs can spend most of its time on memory allocation in btrfs_alloc_page_array() for compressed read/write. [CAUSE] For btrfs_alloc_page_array() we always go alloc_pages_bulk_array(), and even if the bulk allocation failed (fell back to single page allocation) we still retry but with extra memalloc_retry_wait(). If the bulk alloc only returned one page a time, we would spend a lot of time on the retry wait. The behavior was introduced in commit 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations"). [FIX] Although the commit mentioned that other filesystems do the wait, it's not the case at least nowadays. All the mainlined filesystems only call memalloc_retry_wait() if they failed to allocate any page (not only for bulk allocation). If there is any progress, they won't call memalloc_retry_wait() at all. For example, xfs_buf_alloc_pages() would only call memalloc_retry_wait() if there is no allocation progress at all, and the call is not for metadata readahead. So I don't believe we should call memalloc_retry_wait() unconditionally for short allocation. Call memalloc_retry_wait() if it fails to allocate any page for tree block allocation (which goes with __GFP_NOFAIL and may not need the special handling anyway), and reduce the latency for btrfs_alloc_page_array(). Reported-by: Julian Taylor <julian.taylor(a)1und1.de> Tested-by: Julian Taylor <julian.taylor(a)1und1.de> Link: https://lore.kernel.org/all/8966c095-cbe7-4d22-9784-a647d1bf27c3@1und1.de/ Fixes: 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/extent_io.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 5acb2cb79d4b..9fbffd84b16c 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -686,24 +686,14 @@ int btrfs_alloc_page_array(unsigned int nr_pages, struct page **page_array) unsigned int last = allocated; allocated = alloc_pages_bulk_array(GFP_NOFS, nr_pages, page_array); - - if (allocated == nr_pages) - return 0; - - /* - * During this iteration, no page could be allocated, even - * though alloc_pages_bulk_array() falls back to alloc_page() - * if it could not bulk-allocate. So we must be out of memory. - */ - if (allocated == last) { + if (unlikely(allocated == last)) { + /* No progress, fail and do cleanup. */ for (int i = 0; i < allocated; i++) { __free_page(page_array[i]); page_array[i] = NULL; } return -ENOMEM; } - - memalloc_retry_wait(GFP_NOFS); } return 0; } -- 2.45.0

11 months, 3 weeks

2
1
0 0

[alternative-merged] mm-huge_memory-mark-huge_zero_page-reserved.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/huge_memory: mark huge_zero_page reserved has been removed from the -mm tree. Its filename was mm-huge_memory-mark-huge_zero_page-reserved.patch This patch was dropped because an alternative patch was or shall be merged ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/huge_memory: mark huge_zero_page reserved Date: Sat, 11 May 2024 11:54:35 +0800 When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_page without increasing the page refcnt. But then unpoison_memory() will decrease the page refcnt unexpectly as it appears like a successfully hwpoisoned page leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_page. Fix this issue by marking huge_zero_page reserved. So unpoison_memory() will skip this page. This will make it consistent with ZERO_PAGE case too. Link: https://lkml.kernel.org/r/20240511035435.1477004-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/huge_memory.c~mm-huge_memory-mark-huge_zero_page-reserved +++ a/mm/huge_memory.c @@ -212,6 +212,7 @@ retry: folio_put(zero_folio); goto retry; } + __SetPageReserved(zero_page); WRITE_ONCE(huge_zero_pfn, folio_pfn(zero_folio)); /* We take additional reference here. It will be put back by shrinker */ @@ -264,6 +265,7 @@ static unsigned long shrink_huge_zero_pa struct folio *zero_folio = xchg(&huge_zero_folio, NULL); BUG_ON(zero_folio == NULL); WRITE_ONCE(huge_zero_pfn, ~0UL); + __ClearPageReserved(zero_page); folio_put(zero_folio); return HPAGE_PMD_NR; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are

11 months, 3 weeks

1
0
0 0

+ mm-huge_memory-mark-huge_zero_page-reserved.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: mark huge_zero_page reserved has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-mark-huge_zero_page-reserved.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/huge_memory: mark huge_zero_page reserved Date: Sat, 11 May 2024 11:54:35 +0800 When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_page without increasing the page refcnt. But then unpoison_memory() will decrease the page refcnt unexpectly as it appears like a successfully hwpoisoned page leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_page. Fix this issue by marking huge_zero_page reserved. So unpoison_memory() will skip this page. This will make it consistent with ZERO_PAGE case too. Link: https://lkml.kernel.org/r/20240511035435.1477004-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/huge_memory.c~mm-huge_memory-mark-huge_zero_page-reserved +++ a/mm/huge_memory.c @@ -208,6 +208,7 @@ retry: __free_pages(zero_page, compound_order(zero_page)); goto retry; } + __SetPageReserved(zero_page); WRITE_ONCE(huge_zero_pfn, page_to_pfn(zero_page)); /* We take additional reference here. It will be put back by shrinker */ @@ -260,6 +261,7 @@ static unsigned long shrink_huge_zero_pa struct page *zero_page = xchg(&huge_zero_page, NULL); BUG_ON(zero_page == NULL); WRITE_ONCE(huge_zero_pfn, ~0UL); + __ClearPageReserved(zero_page); __free_pages(zero_page, compound_order(zero_page)); return HPAGE_PMD_NR; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-huge_memory-mark-huge_zero_page-reserved.patch

11 months, 3 weeks

1
0
0 0

+ mm-huge_memory-mark-huge_zero_page-reserved.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: mark huge_zero_page reserved has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-mark-huge_zero_page-reserved.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/huge_memory: mark huge_zero_page reserved Date: Sat, 11 May 2024 11:54:35 +0800 When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_page without increasing the page refcnt. But then unpoison_memory() will decrease the page refcnt unexpectly as it appears like a successfully hwpoisoned page leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_page. Fix this issue by marking huge_zero_page reserved. So unpoison_memory() will skip this page. This will make it consistent with ZERO_PAGE case too. Link: https://lkml.kernel.org/r/20240511035435.1477004-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/huge_memory.c~mm-huge_memory-mark-huge_zero_page-reserved +++ a/mm/huge_memory.c @@ -208,6 +208,7 @@ retry: __free_pages(zero_page, compound_order(zero_page)); goto retry; } + __SetPageReserved(zero_page); WRITE_ONCE(huge_zero_pfn, page_to_pfn(zero_page)); /* We take additional reference here. It will be put back by shrinker */ @@ -260,6 +261,7 @@ static unsigned long shrink_huge_zero_pa struct page *zero_page = xchg(&huge_zero_page, NULL); BUG_ON(zero_page == NULL); WRITE_ONCE(huge_zero_pfn, ~0UL); + __ClearPageReserved(zero_page); __free_pages(zero_page, compound_order(zero_page)); return HPAGE_PMD_NR; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-huge_memory-mark-huge_zero_page-reserved.patch

11 months, 3 weeks

1
0
0 0

[PATCH 6.1.x] btrfs: do not wait for short bulk allocation

by David Sterba

From: Qu Wenruo <wqu(a)suse.com> commit 1db7959aacd905e6487d0478ac01d89f86eb1e51 upstream. [BUG] There is a recent report that when memory pressure is high (including cached pages), btrfs can spend most of its time on memory allocation in btrfs_alloc_page_array() for compressed read/write. [CAUSE] For btrfs_alloc_page_array() we always go alloc_pages_bulk_array(), and even if the bulk allocation failed (fell back to single page allocation) we still retry but with extra memalloc_retry_wait(). If the bulk alloc only returned one page a time, we would spend a lot of time on the retry wait. The behavior was introduced in commit 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations"). [FIX] Although the commit mentioned that other filesystems do the wait, it's not the case at least nowadays. All the mainlined filesystems only call memalloc_retry_wait() if they failed to allocate any page (not only for bulk allocation). If there is any progress, they won't call memalloc_retry_wait() at all. For example, xfs_buf_alloc_pages() would only call memalloc_retry_wait() if there is no allocation progress at all, and the call is not for metadata readahead. So I don't believe we should call memalloc_retry_wait() unconditionally for short allocation. Call memalloc_retry_wait() if it fails to allocate any page for tree block allocation (which goes with __GFP_NOFAIL and may not need the special handling anyway), and reduce the latency for btrfs_alloc_page_array(). Reported-by: Julian Taylor <julian.taylor(a)1und1.de> Tested-by: Julian Taylor <julian.taylor(a)1und1.de> Link: https://lore.kernel.org/all/8966c095-cbe7-4d22-9784-a647d1bf27c3@1und1.de/ Fixes: 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/extent_io.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 539bc9bdcb93..5f923c9b773e 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1324,19 +1324,14 @@ int btrfs_alloc_page_array(unsigned int nr_pages, struct page **page_array) unsigned int last = allocated; allocated = alloc_pages_bulk_array(GFP_NOFS, nr_pages, page_array); - - if (allocated == nr_pages) - return 0; - - /* - * During this iteration, no page could be allocated, even - * though alloc_pages_bulk_array() falls back to alloc_page() - * if it could not bulk-allocate. So we must be out of memory. - */ - if (allocated == last) + if (unlikely(allocated == last)) { + /* No progress, fail and do cleanup. */ + for (int i = 0; i < allocated; i++) { + __free_page(page_array[i]); + page_array[i] = NULL; + } return -ENOMEM; - - memalloc_retry_wait(GFP_NOFS); + } } return 0; } -- 2.45.0

11 months, 3 weeks

1
0
0 0

[for-next][PATCH 7/7] eventfs: Fix a possible null pointer dereference in eventfs_find_events()

by Steven Rostedt

From: Hao Ge <gehao(a)kylinos.cn> In function eventfs_find_events,there is a potential null pointer that may be caused by calling update_events_attr which will perform some operations on the members of the ei struct when ei is NULL. Hence,When ei->is_freed is set,return NULL directly. Link: https://lore.kernel.org/linux-trace-kernel/20240513053338.63017-1-hao.ge@li… Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Hao Ge <gehao(a)kylinos.cn> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index a878cea70f4c..0256afdd4acf 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -345,10 +345,9 @@ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) * If the ei is being freed, the ownership of the children * doesn't matter. */ - if (ei->is_freed) { - ei = NULL; - break; - } + if (ei->is_freed) + return NULL; + // Walk upwards until you find the events inode } while (!ei->is_events); -- 2.43.0

11 months, 3 weeks

1
0
0 0

[for-next][PATCH 6/7] ftrace: Fix possible use-after-free issue in ftrace_location()

by Steven Rostedt

From: Zheng Yejian <zhengyejian1(a)huawei.com> KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem(). Link: https://lore.kernel.org/linux-trace-kernel/20240509192859.1273558-1-zhengye… Cc: stable(a)vger.kernel.org Cc: <mhiramat(a)kernel.org> Cc: <mark.rutland(a)arm.com> Cc: <mathieu.desnoyers(a)efficios.com> Fixes: ae6aa16fdc16 ("kprobes: introduce ftrace based optimization") Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 5a01d72f66db..2308c0a2fd29 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1595,12 +1595,15 @@ static struct dyn_ftrace *lookup_rec(unsigned long start, unsigned long end) unsigned long ftrace_location_range(unsigned long start, unsigned long end) { struct dyn_ftrace *rec; + unsigned long ip = 0; + rcu_read_lock(); rec = lookup_rec(start, end); if (rec) - return rec->ip; + ip = rec->ip; + rcu_read_unlock(); - return 0; + return ip; } /** @@ -1614,25 +1617,22 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) */ unsigned long ftrace_location(unsigned long ip) { - struct dyn_ftrace *rec; + unsigned long loc; unsigned long offset; unsigned long size; - rec = lookup_rec(ip, ip); - if (!rec) { + loc = ftrace_location_range(ip, ip); + if (!loc) { if (!kallsyms_lookup_size_offset(ip, &size, &offset)) goto out; /* map sym+0 to __fentry__ */ if (!offset) - rec = lookup_rec(ip, ip + size - 1); + loc = ftrace_location_range(ip, ip + size - 1); } - if (rec) - return rec->ip; - out: - return 0; + return loc; } /** @@ -6591,6 +6591,8 @@ static int ftrace_process_locs(struct module *mod, /* We should have used all pages unless we skipped some */ if (pg_unuse) { WARN_ON(!skipped); + /* Need to synchronize with ftrace_location_range() */ + synchronize_rcu(); ftrace_free_pages(pg_unuse); } return ret; @@ -6804,6 +6806,9 @@ void ftrace_release_mod(struct module *mod) out_unlock: mutex_unlock(&ftrace_lock); + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) + synchronize_rcu(); for (pg = tmp_page; pg; pg = tmp_page) { /* Needs to be called outside of ftrace_lock */ @@ -7137,6 +7142,7 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) unsigned long start = (unsigned long)(start_ptr); unsigned long end = (unsigned long)(end_ptr); struct ftrace_page **last_pg = &ftrace_pages_start; + struct ftrace_page *tmp_page = NULL; struct ftrace_page *pg; struct dyn_ftrace *rec; struct dyn_ftrace key; @@ -7178,12 +7184,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) ftrace_update_tot_cnt--; if (!pg->index) { *last_pg = pg->next; - if (pg->records) { - free_pages((unsigned long)pg->records, pg->order); - ftrace_number_of_pages -= 1 << pg->order; - } - ftrace_number_of_groups--; - kfree(pg); + pg->next = tmp_page; + tmp_page = pg; pg = container_of(last_pg, struct ftrace_page, next); if (!(*last_pg)) ftrace_pages = pg; @@ -7200,6 +7202,11 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) clear_func_from_hashes(func); kfree(func); } + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) { + synchronize_rcu(); + ftrace_free_pages(tmp_page); + } } void __init ftrace_free_init_mem(void) -- 2.43.0

11 months, 3 weeks

1
0
0 0

[PATCH 1/1] tty: n_tty: Fix buffer offsets when lookahead is used

by Ilpo Järvinen

When lookahead has "consumed" some characters (la_count > 0), n_tty_receive_buf_standard() and n_tty_receive_buf_closing() for characters beyond the la_count are given wrong cp/fp offsets which leads to duplicating and losing some characters. If la_count > 0, correct buffer pointers and make count consistent too (the latter is not strictly necessary to fix the issue but seems more logical to adjust all variables immediately to keep state consistent). Reported-by: Vadym Krevs <vkrevs(a)yahoo.com> Fixes: 6bb6fa6908eb ("tty: Implement lookahead to process XON/XOFF timely") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218834 Tested-by: Vadym Krevs <vkrevs(a)yahoo.com> Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/tty/n_tty.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c index f252d0b5a434..5e9ca4376d68 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -1619,15 +1619,25 @@ static void __receive_buf(struct tty_struct *tty, const u8 *cp, const u8 *fp, else if (ldata->raw || (L_EXTPROC(tty) && !preops)) n_tty_receive_buf_raw(tty, cp, fp, count); else if (tty->closing && !L_EXTPROC(tty)) { - if (la_count > 0) + if (la_count > 0) { n_tty_receive_buf_closing(tty, cp, fp, la_count, true); - if (count > la_count) - n_tty_receive_buf_closing(tty, cp, fp, count - la_count, false); + cp += la_count; + if (fp) + fp += la_count; + count -= la_count; + } + if (count > 0) + n_tty_receive_buf_closing(tty, cp, fp, count, false); } else { - if (la_count > 0) + if (la_count > 0) { n_tty_receive_buf_standard(tty, cp, fp, la_count, true); - if (count > la_count) - n_tty_receive_buf_standard(tty, cp, fp, count - la_count, false); + cp += la_count; + if (fp) + fp += la_count; + count -= la_count; + } + if (count > 0) + n_tty_receive_buf_standard(tty, cp, fp, count, false); flush_echoes(tty); if (tty->ops->flush_chars) -- 2.39.2

11 months, 3 weeks

1
0
0 0

commits for stable 2024-05-11

by Ronnie Sahlberg

Please find attached a report generated by keyword matching commits from upstream that may be suitable for stable and probably as CVEs as well. I exclude commits that are already tagged with CC stable in upstream and also commits already in stable/linux-rolling-stable. I can send these type of reports weekly if you want. I plan to add more keywords to check for. But let's start small. A question about commits that have a Fixes: tag. There are ~2000 of them since v6.8. As these are definitely bugfixes, do you want me to add commits that include a Fixes: tag in future reports/scans? Also let me know if/how I can change the format of the scan so that it is easier for you to parse in your tooling. regards ronnie sahlberg -- Ronnie Sahlberg [Principal Software Engineer, Linux] P 775 384 8203 | E [email] | W ciq.com

11 months, 3 weeks

2
4
0 0

[PATCH v2 0/3] QCM2290 LMH

by Konrad Dybcio

Wire up LMH on QCM2290 and fix a bad bug while at it. P1-2 for thermal, P3 for qcom Signed-off-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> --- Changes in v2: - Pick up tags - Fix a couple typos in commit messages - Drop stray msm8998 binding addition - Link to v1: https://lore.kernel.org/r/20240308-topic-rb1_lmh-v1-0-50c60ffe1130@linaro.o… --- Konrad Dybcio (2): dt-bindings: thermal: lmh: Add QCM2290 compatible thermal: qcom: lmh: Check for SCM availability at probe Loic Poulain (1): arm64: dts: qcom: qcm2290: Add LMH node Documentation/devicetree/bindings/thermal/qcom-lmh.yaml | 12 ++++++++---- arch/arm64/boot/dts/qcom/qcm2290.dtsi | 14 +++++++++++++- drivers/thermal/qcom/lmh.c | 3 +++ 3 files changed, 24 insertions(+), 5 deletions(-) --- base-commit: 8ffc8b1bbd505e27e2c8439d326b6059c906c9dd change-id: 20240308-topic-rb1_lmh-1e0f440c392a Best regards, -- Konrad Dybcio <konrad.dybcio(a)linaro.org>

11 months, 3 weeks

6
12
0 0

Bags

by Carrie Pan

11 months, 3 weeks

1
0
0 0

[PATCH] drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found

by Marek Szyprowski

When reading EDID fails and driver reports no modes available, the DRM core adds an artificial 1024x786 mode to the connector. Unfortunately some variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not able to drive such mode, so report a safe 640x480 mode instead of nothing in case of the EDID reading failure. This fixes the following issue observed on Trats2 board since commit 13d5b040363c ("drm/exynos: do not return negative values from .get_modes()"): [drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations exynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops) exynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops) exynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b) exynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops) exynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops) [drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1 exynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state panel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c exynos-mixer 12c10000.mixer: timeout waiting for VSYNC ------------[ cut here ]------------ WARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8 [CRTC:70:crtc-1] vblank wait timed out Modules linked in: CPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913 Hardware name: Samsung Exynos (Flattened Device Tree) Workqueue: events_unbound deferred_probe_work_func Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x68/0x88 dump_stack_lvl from __warn+0x7c/0x1c4 __warn from warn_slowpath_fmt+0x11c/0x1a8 warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8 drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184 commit_tail from drm_atomic_helper_commit+0x168/0x190 drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0 drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40 drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4 __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c drm_fb_helper_set_par from fbcon_init+0x3d8/0x550 fbcon_init from visual_init+0xc0/0x108 visual_init from do_bind_con_driver+0x1b8/0x3a4 do_bind_con_driver from do_take_over_console+0x140/0x1ec do_take_over_console from do_fbcon_takeover+0x70/0xd0 do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac fbcon_fb_registered from register_framebuffer+0x190/0x21c register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574 __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0 exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94 drm_client_register from exynos_drm_bind+0x160/0x190 exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8 try_to_bring_up_aggregate_device from __component_add+0xb0/0x170 __component_add from mixer_probe+0x74/0xcc mixer_probe from platform_probe+0x5c/0xb8 platform_probe from really_probe+0xe0/0x3d8 really_probe from __driver_probe_device+0x9c/0x1e4 __driver_probe_device from driver_probe_device+0x30/0xc0 driver_probe_device from __device_attach_driver+0xa8/0x120 __device_attach_driver from bus_for_each_drv+0x80/0xcc bus_for_each_drv from __device_attach+0xac/0x1fc __device_attach from bus_probe_device+0x8c/0x90 bus_probe_device from deferred_probe_work_func+0x98/0xe0 deferred_probe_work_func from process_one_work+0x240/0x6d0 process_one_work from worker_thread+0x1a0/0x3f4 worker_thread from kthread+0x104/0x138 kthread from ret_from_fork+0x14/0x28 Exception stack(0xf0895fb0 to 0xf0895ff8) ... irq event stamp: 82357 hardirqs last enabled at (82363): [<c01a96e8>] vprintk_emit+0x308/0x33c hardirqs last disabled at (82368): [<c01a969c>] vprintk_emit+0x2bc/0x33c softirqs last enabled at (81614): [<c0101644>] __do_softirq+0x320/0x500 softirqs last disabled at (81609): [<c012dfe0>] __irq_exit_rcu+0x130/0x184 ---[ end trace 0000000000000000 ]--- exynos-drm exynos-drm: [drm] *ERROR* flip_done timed out exynos-drm exynos-drm: [drm] *ERROR* [CRTC:70:crtc-1] commit wait timed out exynos-drm exynos-drm: [drm] *ERROR* flip_done timed out exynos-drm exynos-drm: [drm] *ERROR* [CONNECTOR:74:HDMI-A-1] commit wait timed out exynos-drm exynos-drm: [drm] *ERROR* flip_done timed out exynos-drm exynos-drm: [drm] *ERROR* [PLANE:56:plane-5] commit wait timed out exynos-mixer 12c10000.mixer: timeout waiting for VSYNC Cc: stable(a)vger.kernel.org Fixes: 13d5b040363c ("drm/exynos: do not return negative values from .get_modes()") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/gpu/drm/exynos/exynos_hdmi.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/exynos/exynos_hdmi.c b/drivers/gpu/drm/exynos/exynos_hdmi.c index 5fdeec8a3875..9d246db6ef2b 100644 --- a/drivers/gpu/drm/exynos/exynos_hdmi.c +++ b/drivers/gpu/drm/exynos/exynos_hdmi.c @@ -887,11 +887,11 @@ static int hdmi_get_modes(struct drm_connector *connector) int ret; if (!hdata->ddc_adpt) - return 0; + goto no_edid; edid = drm_get_edid(connector, hdata->ddc_adpt); if (!edid) - return 0; + goto no_edid; hdata->dvi_mode = !connector->display_info.is_hdmi; DRM_DEV_DEBUG_KMS(hdata->dev, "%s : width[%d] x height[%d]\n", @@ -906,6 +906,9 @@ static int hdmi_get_modes(struct drm_connector *connector) kfree(edid); return ret; + +no_edid: + return drm_add_modes_noedid(connector, 640, 480); } static int hdmi_find_phy_conf(struct hdmi_context *hdata, u32 pixel_clock) -- 2.34.1

11 months, 3 weeks

2
1
0 0

[PATCH 0/2] Bluetooth: hci_bcm4377 fixes

by Sven Peter via B4 Relay

Hi, There are just two minor fixes from Hector that we've been carrying downstream for a while now. One increases the timeout while waiting for the firmware to boot which is optional for the controller already supported upstream but required for a newer 4388 board for which we'll also submit support soon. It also fixes the units for the timeouts which is why I've already included it here. The other one fixes a call to bitmap_release_region where we only wanted to release a single bit but are actually releasing much more. Best, Sven Signed-off-by: Sven Peter <sven(a)svenpeter.dev> --- Hector Martin (2): Bluetooth: hci_bcm4377: Increase boot timeout Bluetooth: hci_bcm4377: Fix msgid release drivers/bluetooth/hci_bcm4377.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- base-commit: cf87f46fd34d6c19283d9625a7822f20d90b64a4 change-id: 20240512-btfix-msgid-d76029a7d917 Best regards, -- Sven Peter <sven(a)svenpeter.dev>

11 months, 3 weeks

2
2
0 0

[PATCH v2] KEYS: trusted: Do not use WARN when encode fails

by Jarkko Sakkinen

When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: Fix typos in the commit message --- security/keys/trusted-keys/trusted_tpm2.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index dfeec06301ce..dbdd6a318b8b 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -79,8 +80,11 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (IS_ERR(work1)) { + ret = PTR_ERR(work1); + pr_err("ASN.1 encode error %d\n", ret); + return ret; + } return work1 - payload->blob; } -- 2.45.0

11 months, 3 weeks

1
0
0 0

[PATCH] md: fix kmemleak of rdev->serial

by Jeremy Bongio

From: Li Nan <linan122(a)huawei.com> commit 6cf350658736681b9d6b0b6e58c5c76b235bb4c4 upstream. If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 backport change: mddev_destroy_serial_pool third parameter was removed in mainline, where there is no need to suspend within this function anymore. Fixes: 963c555e75b0 ("md: introduce mddev_create/destroy_wb_pool for the change of member device") Signed-off-by: Li Nan <linan122(a)huawei.com> Signed-off-by: Song Liu <song(a)kernel.org> Link: https://lore.kernel.org/r/20240208085556.2412922-1-linan666@huaweicloud.com Change-Id: Icc4960dcaffedc663797e2d8b18a24c23e201932 Signed-off-by: Jeremy Bongio <jbongio(a)google.com> --- drivers/md/md.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/md.c b/drivers/md/md.c index 09c7f52156f3f..67ceab4573be4 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -2532,6 +2532,7 @@ static int bind_rdev_to_array(struct md_rdev *rdev, struct mddev *mddev) fail: pr_warn("md: failed to register dev-%s for %s\n", b, mdname(mddev)); + mddev_destroy_serial_pool(mddev, rdev, false); return err; } -- 2.45.0.118.g7fe29c98d7-goog

11 months, 3 weeks

2
2
0 0

[PATCH] md: fix kmemleak of rdev->serial

by Jeremy Bongio

From: Li Nan <linan122(a)huawei.com> If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 Fixes: 963c555e75b0 ("md: introduce mddev_create/destroy_wb_pool for the change of member device") Signed-off-by: Li Nan <linan122(a)huawei.com> Signed-off-by: Song Liu <song(a)kernel.org> Link: https://lore.kernel.org/r/20240208085556.2412922-1-linan666@huaweicloud.com Change-Id: Icc4960dcaffedc663797e2d8b18a24c23e201932 --- drivers/md/md.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/md.c b/drivers/md/md.c index 09c7f52156f3f..67ceab4573be4 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -2532,6 +2532,7 @@ static int bind_rdev_to_array(struct md_rdev *rdev, struct mddev *mddev) fail: pr_warn("md: failed to register dev-%s for %s\n", b, mdname(mddev)); + mddev_destroy_serial_pool(mddev, rdev, false); return err; } -- 2.45.0.118.g7fe29c98d7-goog

11 months, 3 weeks

3
3
0 0

Re: [PATCH 5.4.y] ext4: fix bug_on in __es_tree_search

by Guilherme G. Piccoli

CCing the right stable ML address... Apologies! On 11/05/2024 18:10, Guilherme G. Piccoli wrote: > From: Baokun Li <libaokun1(a)huawei.com> > > commit d36f6ed761b53933b0b4126486c10d3da7751e7f upstream. > > Hulk Robot reported a BUG_ON: > ================================================================== > kernel BUG at fs/ext4/extents_status.c:199! > [...] > RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] > RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 > [...] > Call Trace: > ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 > ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561 > ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964 > ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384 > ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567 > ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980 > ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031 > ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257 > v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63 > v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82 > vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368 > dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490 > ext4_quota_enable fs/ext4/super.c:6137 [inline] > ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163 > ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754 > mount_bdev+0x2e9/0x3b0 fs/super.c:1158 > mount_fs+0x4b/0x1e4 fs/super.c:1261 > [...] > ================================================================== > > Above issue may happen as follows: > ------------------------------------- > ext4_fill_super > ext4_enable_quotas > ext4_quota_enable > ext4_iget > __ext4_iget > ext4_ext_check_inode > ext4_ext_check > __ext4_ext_check > ext4_valid_extent_entries > Check for overlapping extents does't take effect > dquot_enable > vfs_load_quota_inode > v2_check_quota_file > v2_read_header > ext4_quota_read > ext4_bread > ext4_getblk > ext4_map_blocks > ext4_ext_map_blocks > ext4_find_extent > ext4_cache_extents > ext4_es_cache_extent > ext4_es_cache_extent > __es_tree_search > ext4_es_end > BUG_ON(es->es_lblk + es->es_len < es->es_lblk) > > The error ext4 extents is as follows: > 0af3 0300 0400 0000 00000000 extent_header > 00000000 0100 0000 12000000 extent1 > 00000000 0100 0000 18000000 extent2 > 02000000 0400 0000 14000000 extent3 > > In the ext4_valid_extent_entries function, > if prev is 0, no error is returned even if lblock<=prev. > This was intended to skip the check on the first extent, but > in the error image above, prev=0+1-1=0 when checking the second extent, > so even though lblock<=prev, the function does not return an error. > As a result, bug_ON occurs in __es_tree_search and the system panics. > > To solve this problem, we only need to check that: > 1. The lblock of the first extent is not less than 0. > 2. The lblock of the next extent is not less than > the next block of the previous extent. > The same applies to extent_idx. > > Cc: stable(a)kernel.org > Fixes: 5946d089379a ("ext4: check for overlapping extents in ext4_valid_extent_entries()") > Reported-by: Hulk Robot <hulkci(a)huawei.com> > Signed-off-by: Baokun Li <libaokun1(a)huawei.com> > Reviewed-by: Jan Kara <jack(a)suse.cz> > Link: https://lore.kernel.org/r/20220518120816.1541863-1-libaokun1@huawei.com > Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> > Reported-by: syzbot+2a58d88f0fb315c85363(a)syzkaller.appspotmail.com > [gpiccoli: Manual backport due to unrelated missing patches.] > Signed-off-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> > --- > > > Hey folks, this one should have been backported but due to merge > issues [0], it ended-up not being on 5.4.y . So here is a working version! > Cheers, > > Guilherme > > [0] https://lore.kernel.org/stable/165451751147179@kroah.com/ > > > fs/ext4/extents.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c > index 98e1b1ddb4ec..90b12c7c0f20 100644 > --- a/fs/ext4/extents.c > +++ b/fs/ext4/extents.c > @@ -409,7 +409,7 @@ static int ext4_valid_extent_entries(struct inode *inode, > { > unsigned short entries; > ext4_lblk_t lblock = 0; > - ext4_lblk_t prev = 0; > + ext4_lblk_t cur = 0; > > if (eh->eh_entries == 0) > return 1; > @@ -435,12 +435,12 @@ static int ext4_valid_extent_entries(struct inode *inode, > > /* Check for overlapping extents */ > lblock = le32_to_cpu(ext->ee_block); > - if ((lblock <= prev) && prev) { > + if (lblock < cur) { > pblock = ext4_ext_pblock(ext); > es->s_last_error_block = cpu_to_le64(pblock); > return 0; > } > - prev = lblock + ext4_ext_get_actual_len(ext) - 1; > + cur = lblock + ext4_ext_get_actual_len(ext); > ext++; > entries--; > } > @@ -460,13 +460,13 @@ static int ext4_valid_extent_entries(struct inode *inode, > > /* Check for overlapping index extents */ > lblock = le32_to_cpu(ext_idx->ei_block); > - if ((lblock <= prev) && prev) { > + if (lblock < cur) { > *pblk = ext4_idx_pblock(ext_idx); > return 0; > } > ext_idx++; > entries--; > - prev = lblock; > + cur = lblock + 1; > } > } > return 1;

11 months, 3 weeks

2
2
0 0

[PATCH] md: fix kmemleak of rdev->serial

by Jeremy Bongio

From: Li Nan <linan122(a)huawei.com> If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 Fixes: 963c555e75b0 ("md: introduce mddev_create/destroy_wb_pool for the change of member device") Signed-off-by: Li Nan <linan122(a)huawei.com> Signed-off-by: Song Liu <song(a)kernel.org> Link: https://lore.kernel.org/r/20240208085556.2412922-1-linan666@huaweicloud.com Change-Id: Icc4960dcaffedc663797e2d8b18a24c23e201932 --- drivers/md/md.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/md.c b/drivers/md/md.c index 09c7f52156f3f..67ceab4573be4 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -2532,6 +2532,7 @@ static int bind_rdev_to_array(struct md_rdev *rdev, struct mddev *mddev) fail: pr_warn("md: failed to register dev-%s for %s\n", b, mdname(mddev)); + mddev_destroy_serial_pool(mddev, rdev, false); return err; } -- 2.45.0.118.g7fe29c98d7-goog

11 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] ext4: fix bug_on in __es_tree_search" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d36f6ed761b53933b0b4126486c10d3da7751e7f Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Wed, 18 May 2022 20:08:16 +0800 Subject: [PATCH] ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/extents_status.c:199! [...] RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 [...] Call Trace: ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561 ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964 ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384 ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567 ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980 ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031 ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257 v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63 v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82 vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368 dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490 ext4_quota_enable fs/ext4/super.c:6137 [inline] ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163 ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754 mount_bdev+0x2e9/0x3b0 fs/super.c:1158 mount_fs+0x4b/0x1e4 fs/super.c:1261 [...] ================================================================== Above issue may happen as follows: ------------------------------------- ext4_fill_super ext4_enable_quotas ext4_quota_enable ext4_iget __ext4_iget ext4_ext_check_inode ext4_ext_check __ext4_ext_check ext4_valid_extent_entries Check for overlapping extents does't take effect dquot_enable vfs_load_quota_inode v2_check_quota_file v2_read_header ext4_quota_read ext4_bread ext4_getblk ext4_map_blocks ext4_ext_map_blocks ext4_find_extent ext4_cache_extents ext4_es_cache_extent ext4_es_cache_extent __es_tree_search ext4_es_end BUG_ON(es->es_lblk + es->es_len < es->es_lblk) The error ext4 extents is as follows: 0af3 0300 0400 0000 00000000 extent_header 00000000 0100 0000 12000000 extent1 00000000 0100 0000 18000000 extent2 02000000 0400 0000 14000000 extent3 In the ext4_valid_extent_entries function, if prev is 0, no error is returned even if lblock<=prev. This was intended to skip the check on the first extent, but in the error image above, prev=0+1-1=0 when checking the second extent, so even though lblock<=prev, the function does not return an error. As a result, bug_ON occurs in __es_tree_search and the system panics. To solve this problem, we only need to check that: 1. The lblock of the first extent is not less than 0. 2. The lblock of the next extent is not less than the next block of the previous extent. The same applies to extent_idx. Cc: stable(a)kernel.org Fixes: 5946d089379a ("ext4: check for overlapping extents in ext4_valid_extent_entries()") Reported-by: Hulk Robot <hulkci(a)huawei.com> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20220518120816.1541863-1-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 474479ce76e0..c148bb97b527 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -372,7 +372,7 @@ static int ext4_valid_extent_entries(struct inode *inode, { unsigned short entries; ext4_lblk_t lblock = 0; - ext4_lblk_t prev = 0; + ext4_lblk_t cur = 0; if (eh->eh_entries == 0) return 1; @@ -396,11 +396,11 @@ static int ext4_valid_extent_entries(struct inode *inode, /* Check for overlapping extents */ lblock = le32_to_cpu(ext->ee_block); - if ((lblock <= prev) && prev) { + if (lblock < cur) { *pblk = ext4_ext_pblock(ext); return 0; } - prev = lblock + ext4_ext_get_actual_len(ext) - 1; + cur = lblock + ext4_ext_get_actual_len(ext); ext++; entries--; } @@ -420,13 +420,13 @@ static int ext4_valid_extent_entries(struct inode *inode, /* Check for overlapping index extents */ lblock = le32_to_cpu(ext_idx->ei_block); - if ((lblock <= prev) && prev) { + if (lblock < cur) { *pblk = ext4_idx_pblock(ext_idx); return 0; } ext_idx++; entries--; - prev = lblock; + cur = lblock + 1; } } return 1;

11 months, 3 weeks

2
1
0 0

[PATCH] KEYS: trusted: Do not use WARN when encode fails

by Jarkko Sakkinen

Error on asn1_encode_sequence() is handled with a WARN incorrectly because: 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location on known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is carefully considered rationale to use it, which is now non-existent. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information (and was not printed). Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index c8d8fdefbd8d..e31fe53822a1 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -39,6 +39,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -80,8 +81,11 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (IS_ERR(work1)) { + ret = PTR_ERR(work1); + pr_err("ASN.1 encode error %d\n", ret); + return ret; + } return work1 - payload->blob; } -- 2.45.0

11 months, 3 weeks

1
0
0 0

Security fix from mainline: CVE-2024-26900: md: fix kmemleak of rdev->serial

by Jeremy Bongio

Please backport this security fix. Subject: CVE-2024-26900: md: fix kmemleak of rdev->serial sha1: 6cf350658736681b9d6b0b6e58c5c76b235bb4c4 Why: This vulnerability exists in LTS kernels. kernel versions to apply: 5.10, 5.15, 6.1, 6.6

11 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix firmware check error path" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 40d442f969fb1e871da6fca73d3f8aef1f888558 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-refutable-qualified-fe5c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 40d442f969fb ("Bluetooth: qca: fix firmware check error path") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40d442f969fb1e871da6fca73d3f8aef1f888558 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 1 May 2024 08:37:40 +0200 Subject: [PATCH] Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. Fixes: f905ae0be4b7 ("Bluetooth: qca: add missing firmware sanity checks") Cc: stable(a)vger.kernel.org # 4.19 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 8d8a664620a3..638074992c82 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -605,7 +605,7 @@ static int qca_download_firmware(struct hci_dev *hdev, ret = qca_tlv_check_data(hdev, config, data, size, soc_type); if (ret) - return ret; + goto out; segment = data; remain = size;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix firmware check error path" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 40d442f969fb1e871da6fca73d3f8aef1f888558 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-festival-sprint-9288@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 40d442f969fb ("Bluetooth: qca: fix firmware check error path") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40d442f969fb1e871da6fca73d3f8aef1f888558 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 1 May 2024 08:37:40 +0200 Subject: [PATCH] Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. Fixes: f905ae0be4b7 ("Bluetooth: qca: add missing firmware sanity checks") Cc: stable(a)vger.kernel.org # 4.19 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 8d8a664620a3..638074992c82 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -605,7 +605,7 @@ static int qca_download_firmware(struct hci_dev *hdev, ret = qca_tlv_check_data(hdev, config, data, size, soc_type); if (ret) - return ret; + goto out; segment = data; remain = size;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix firmware check error path" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 40d442f969fb1e871da6fca73d3f8aef1f888558 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051320-majority-visiting-2bf1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 40d442f969fb ("Bluetooth: qca: fix firmware check error path") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40d442f969fb1e871da6fca73d3f8aef1f888558 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 1 May 2024 08:37:40 +0200 Subject: [PATCH] Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. Fixes: f905ae0be4b7 ("Bluetooth: qca: add missing firmware sanity checks") Cc: stable(a)vger.kernel.org # 4.19 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 8d8a664620a3..638074992c82 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -605,7 +605,7 @@ static int qca_download_firmware(struct hci_dev *hdev, ret = qca_tlv_check_data(hdev, config, data, size, soc_type); if (ret) - return ret; + goto out; segment = data; remain = size;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix info leak when fetching fw build id" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cda0d6a198e2a7ec6f176c36173a57bdd8af7af2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051300-commute-overall-7fed@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: cda0d6a198e2 ("Bluetooth: qca: fix info leak when fetching fw build id") a7f8dedb4be2 ("Bluetooth: qca: add support for QCA2066") 691d54d0f7cb ("Bluetooth: qca: use switch case for soc type behavior") f904feefe60c ("Bluetooth: btqca: Add WCN3988 support") 8153b738bc54 ("Bluetooth: btqca: use le32_to_cpu for ver.soc_id") 095327fede00 ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855") 44fac8a2fd2f ("Bluetooth: hci_qca: mark OF related data as maybe unused") 6845667146a2 ("Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cda0d6a198e2a7ec6f176c36173a57bdd8af7af2 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 1 May 2024 14:34:52 +0200 Subject: [PATCH] Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed. Fixes: c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") Cc: stable(a)vger.kernel.org # 5.12 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index c6b2dd4d1716..664db524b1dd 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -99,7 +99,8 @@ static int qca_read_fw_build_info(struct hci_dev *hdev) { struct sk_buff *skb; struct edl_event_hdr *edl; - char cmd, build_label[QCA_FW_BUILD_VER_LEN]; + char *build_label; + char cmd; int build_lbl_len, err = 0; bt_dev_dbg(hdev, "QCA read fw build info"); @@ -114,6 +115,11 @@ static int qca_read_fw_build_info(struct hci_dev *hdev) return err; } + if (skb->len < sizeof(*edl)) { + err = -EILSEQ; + goto out; + } + edl = (struct edl_event_hdr *)(skb->data); if (!edl) { bt_dev_err(hdev, "QCA read fw build info with no header"); @@ -129,14 +135,25 @@ static int qca_read_fw_build_info(struct hci_dev *hdev) goto out; } - build_lbl_len = edl->data[0]; - if (build_lbl_len <= QCA_FW_BUILD_VER_LEN - 1) { - memcpy(build_label, edl->data + 1, build_lbl_len); - *(build_label + build_lbl_len) = '\0'; + if (skb->len < sizeof(*edl) + 1) { + err = -EILSEQ; + goto out; } + build_lbl_len = edl->data[0]; + + if (skb->len < sizeof(*edl) + 1 + build_lbl_len) { + err = -EILSEQ; + goto out; + } + + build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL); + if (!build_label) + goto out; + hci_set_fw_info(hdev, "%s", build_label); + kfree(build_label); out: kfree_skb(skb); return err; diff --git a/drivers/bluetooth/btqca.h b/drivers/bluetooth/btqca.h index 49ad668d0d0b..215433fd76a1 100644 --- a/drivers/bluetooth/btqca.h +++ b/drivers/bluetooth/btqca.h @@ -48,7 +48,6 @@ #define get_soc_ver(soc_id, rom_ver) \ ((le32_to_cpu(soc_id) << 16) | (le16_to_cpu(rom_ver))) -#define QCA_FW_BUILD_VER_LEN 255 #define QCA_HSP_GF_SOC_ID 0x1200 #define QCA_HSP_GF_SOC_MASK 0x0000ff00

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix NVM configuration parsing" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x a112d3c72a227f2edbb6d8094472cc6e503e52af # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051301-untwist-vertical-ba65@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: a112d3c72a22 ("Bluetooth: qca: fix NVM configuration parsing") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a112d3c72a227f2edbb6d8094472cc6e503e52af Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:40 +0200 Subject: [PATCH] Bluetooth: qca: fix NVM configuration parsing The NVM configuration files used by WCN3988 and WCN3990/1/8 have two sets of configuration tags that are enclosed by a type-length header of type four which the current parser fails to account for. Instead the driver happily parses random data as if it were valid tags, something which can lead to the configuration data being corrupted if it ever encounters the words 0x0011 or 0x001b. As is clear from commit b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") the intention has always been to process the configuration data also for WCN3991 and WCN3998 which encodes the baud rate at a different offset. Fix the parser so that it can handle the WCN3xxx configuration files, which has an enclosing type-length header of type four and two sets of TLV tags enclosed by a type-length header of type two and three, respectively. Note that only the first set, which contains the tags the driver is currently looking for, will be parsed for now. With the parser fixed, the software in-band sleep bit will now be set for WCN3991 and WCN3998 (as it is for later controllers) and the default baud rate 3200000 may be updated by the driver also for WCN3xxx controllers. Notably the deep-sleep feature bit is already set by default in all configuration files in linux-firmware. Fixes: 4219d4686875 ("Bluetooth: btqca: Add wcn3990 firmware download support.") Cc: stable(a)vger.kernel.org # 4.19 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 6743b0a79d7a..f6c9f89a6311 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -281,6 +281,7 @@ static int qca_tlv_check_data(struct hci_dev *hdev, struct tlv_type_patch *tlv_patch; struct tlv_type_nvm *tlv_nvm; uint8_t nvm_baud_rate = config->user_baud_rate; + u8 type; config->dnld_mode = QCA_SKIP_EVT_NONE; config->dnld_type = QCA_SKIP_EVT_NONE; @@ -346,11 +347,30 @@ static int qca_tlv_check_data(struct hci_dev *hdev, tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); - length = (type_len >> 8) & 0x00ffffff; + length = type_len >> 8; + type = type_len & 0xff; - BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); + /* Some NVM files have more than one set of tags, only parse + * the first set when it has type 2 for now. When there is + * more than one set there is an enclosing header of type 4. + */ + if (type == 4) { + if (fw_size < 2 * sizeof(struct tlv_type_hdr)) + return -EINVAL; + + tlv++; + + type_len = le32_to_cpu(tlv->type_len); + length = type_len >> 8; + type = type_len & 0xff; + } + + BT_DBG("TLV Type\t\t : 0x%x", type); BT_DBG("Length\t\t : %d bytes", length); + if (type != 2) + break; + if (fw_size < length + (tlv->data - fw_data)) return -EINVAL;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix NVM configuration parsing" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a112d3c72a227f2edbb6d8094472cc6e503e52af # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051359-refueling-alienable-65c1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: a112d3c72a22 ("Bluetooth: qca: fix NVM configuration parsing") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a112d3c72a227f2edbb6d8094472cc6e503e52af Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:40 +0200 Subject: [PATCH] Bluetooth: qca: fix NVM configuration parsing The NVM configuration files used by WCN3988 and WCN3990/1/8 have two sets of configuration tags that are enclosed by a type-length header of type four which the current parser fails to account for. Instead the driver happily parses random data as if it were valid tags, something which can lead to the configuration data being corrupted if it ever encounters the words 0x0011 or 0x001b. As is clear from commit b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") the intention has always been to process the configuration data also for WCN3991 and WCN3998 which encodes the baud rate at a different offset. Fix the parser so that it can handle the WCN3xxx configuration files, which has an enclosing type-length header of type four and two sets of TLV tags enclosed by a type-length header of type two and three, respectively. Note that only the first set, which contains the tags the driver is currently looking for, will be parsed for now. With the parser fixed, the software in-band sleep bit will now be set for WCN3991 and WCN3998 (as it is for later controllers) and the default baud rate 3200000 may be updated by the driver also for WCN3xxx controllers. Notably the deep-sleep feature bit is already set by default in all configuration files in linux-firmware. Fixes: 4219d4686875 ("Bluetooth: btqca: Add wcn3990 firmware download support.") Cc: stable(a)vger.kernel.org # 4.19 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 6743b0a79d7a..f6c9f89a6311 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -281,6 +281,7 @@ static int qca_tlv_check_data(struct hci_dev *hdev, struct tlv_type_patch *tlv_patch; struct tlv_type_nvm *tlv_nvm; uint8_t nvm_baud_rate = config->user_baud_rate; + u8 type; config->dnld_mode = QCA_SKIP_EVT_NONE; config->dnld_type = QCA_SKIP_EVT_NONE; @@ -346,11 +347,30 @@ static int qca_tlv_check_data(struct hci_dev *hdev, tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); - length = (type_len >> 8) & 0x00ffffff; + length = type_len >> 8; + type = type_len & 0xff; - BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); + /* Some NVM files have more than one set of tags, only parse + * the first set when it has type 2 for now. When there is + * more than one set there is an enclosing header of type 4. + */ + if (type == 4) { + if (fw_size < 2 * sizeof(struct tlv_type_hdr)) + return -EINVAL; + + tlv++; + + type_len = le32_to_cpu(tlv->type_len); + length = type_len >> 8; + type = type_len & 0xff; + } + + BT_DBG("TLV Type\t\t : 0x%x", type); BT_DBG("Length\t\t : %d bytes", length); + if (type != 2) + break; + if (fw_size < length + (tlv->data - fw_data)) return -EINVAL;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix NVM configuration parsing" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a112d3c72a227f2edbb6d8094472cc6e503e52af # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051358-overplant-spent-f520@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: a112d3c72a22 ("Bluetooth: qca: fix NVM configuration parsing") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a112d3c72a227f2edbb6d8094472cc6e503e52af Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:40 +0200 Subject: [PATCH] Bluetooth: qca: fix NVM configuration parsing The NVM configuration files used by WCN3988 and WCN3990/1/8 have two sets of configuration tags that are enclosed by a type-length header of type four which the current parser fails to account for. Instead the driver happily parses random data as if it were valid tags, something which can lead to the configuration data being corrupted if it ever encounters the words 0x0011 or 0x001b. As is clear from commit b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") the intention has always been to process the configuration data also for WCN3991 and WCN3998 which encodes the baud rate at a different offset. Fix the parser so that it can handle the WCN3xxx configuration files, which has an enclosing type-length header of type four and two sets of TLV tags enclosed by a type-length header of type two and three, respectively. Note that only the first set, which contains the tags the driver is currently looking for, will be parsed for now. With the parser fixed, the software in-band sleep bit will now be set for WCN3991 and WCN3998 (as it is for later controllers) and the default baud rate 3200000 may be updated by the driver also for WCN3xxx controllers. Notably the deep-sleep feature bit is already set by default in all configuration files in linux-firmware. Fixes: 4219d4686875 ("Bluetooth: btqca: Add wcn3990 firmware download support.") Cc: stable(a)vger.kernel.org # 4.19 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 6743b0a79d7a..f6c9f89a6311 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -281,6 +281,7 @@ static int qca_tlv_check_data(struct hci_dev *hdev, struct tlv_type_patch *tlv_patch; struct tlv_type_nvm *tlv_nvm; uint8_t nvm_baud_rate = config->user_baud_rate; + u8 type; config->dnld_mode = QCA_SKIP_EVT_NONE; config->dnld_type = QCA_SKIP_EVT_NONE; @@ -346,11 +347,30 @@ static int qca_tlv_check_data(struct hci_dev *hdev, tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); - length = (type_len >> 8) & 0x00ffffff; + length = type_len >> 8; + type = type_len & 0xff; - BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); + /* Some NVM files have more than one set of tags, only parse + * the first set when it has type 2 for now. When there is + * more than one set there is an enclosing header of type 4. + */ + if (type == 4) { + if (fw_size < 2 * sizeof(struct tlv_type_hdr)) + return -EINVAL; + + tlv++; + + type_len = le32_to_cpu(tlv->type_len); + length = type_len >> 8; + type = type_len & 0xff; + } + + BT_DBG("TLV Type\t\t : 0x%x", type); BT_DBG("Length\t\t : %d bytes", length); + if (type != 2) + break; + if (fw_size < length + (tlv->data - fw_data)) return -EINVAL;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: add missing firmware sanity checks" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051339-establish-mollusk-f612@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") 5e6d8401ade9 ("Bluetooth: hci_qca: Add qca_power_on() API to support both wcn399x and Rome power up") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:39 +0200 Subject: [PATCH] Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. Fixes: 83e81961ff7e ("Bluetooth: btqca: Introduce generic QCA ROME support") Cc: stable(a)vger.kernel.org # 4.10 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index cfa71708397b..6743b0a79d7a 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -268,9 +268,10 @@ int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) } EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); -static void qca_tlv_check_data(struct hci_dev *hdev, +static int qca_tlv_check_data(struct hci_dev *hdev, struct qca_fw_config *config, - u8 *fw_data, enum qca_btsoc_type soc_type) + u8 *fw_data, size_t fw_size, + enum qca_btsoc_type soc_type) { const u8 *data; u32 type_len; @@ -286,6 +287,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, switch (config->type) { case ELF_TYPE_PATCH: + if (fw_size < 7) + return -EINVAL; + config->dnld_mode = QCA_SKIP_EVT_VSE_CC; config->dnld_type = QCA_SKIP_EVT_VSE_CC; @@ -294,6 +298,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); break; case TLV_TYPE_PATCH: + if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); tlv_patch = (struct tlv_type_patch *)tlv->data; @@ -333,6 +340,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case TLV_TYPE_NVM: + if (fw_size < sizeof(struct tlv_type_hdr)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); @@ -341,17 +351,26 @@ static void qca_tlv_check_data(struct hci_dev *hdev, BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); BT_DBG("Length\t\t : %d bytes", length); + if (fw_size < length + (tlv->data - fw_data)) + return -EINVAL; + idx = 0; data = tlv->data; - while (idx < length) { + while (idx < length - sizeof(struct tlv_type_nvm)) { tlv_nvm = (struct tlv_type_nvm *)(data + idx); tag_id = le16_to_cpu(tlv_nvm->tag_id); tag_len = le16_to_cpu(tlv_nvm->tag_len); + if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) + return -EINVAL; + /* Update NVM tags as needed */ switch (tag_id) { case EDL_TAG_ID_HCI: + if (tag_len < 3) + return -EINVAL; + /* HCI transport layer parameters * enabling software inband sleep * onto controller side. @@ -367,6 +386,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case EDL_TAG_ID_DEEP_SLEEP: + if (tag_len < 1) + return -EINVAL; + /* Sleep enable mask * enabling deep sleep feature on controller. */ @@ -375,14 +397,16 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; } - idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len); + idx += sizeof(struct tlv_type_nvm) + tag_len; } break; default: BT_ERR("Unknown TLV type %d", config->type); - break; + return -EINVAL; } + + return 0; } static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, @@ -532,7 +556,9 @@ static int qca_download_firmware(struct hci_dev *hdev, memcpy(data, fw->data, size); release_firmware(fw); - qca_tlv_check_data(hdev, config, data, soc_type); + ret = qca_tlv_check_data(hdev, config, data, size, soc_type); + if (ret) + return ret; segment = data; remain = size;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: add missing firmware sanity checks" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051338-imitate-encrust-796c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") 5e6d8401ade9 ("Bluetooth: hci_qca: Add qca_power_on() API to support both wcn399x and Rome power up") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:39 +0200 Subject: [PATCH] Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. Fixes: 83e81961ff7e ("Bluetooth: btqca: Introduce generic QCA ROME support") Cc: stable(a)vger.kernel.org # 4.10 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index cfa71708397b..6743b0a79d7a 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -268,9 +268,10 @@ int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) } EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); -static void qca_tlv_check_data(struct hci_dev *hdev, +static int qca_tlv_check_data(struct hci_dev *hdev, struct qca_fw_config *config, - u8 *fw_data, enum qca_btsoc_type soc_type) + u8 *fw_data, size_t fw_size, + enum qca_btsoc_type soc_type) { const u8 *data; u32 type_len; @@ -286,6 +287,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, switch (config->type) { case ELF_TYPE_PATCH: + if (fw_size < 7) + return -EINVAL; + config->dnld_mode = QCA_SKIP_EVT_VSE_CC; config->dnld_type = QCA_SKIP_EVT_VSE_CC; @@ -294,6 +298,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); break; case TLV_TYPE_PATCH: + if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); tlv_patch = (struct tlv_type_patch *)tlv->data; @@ -333,6 +340,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case TLV_TYPE_NVM: + if (fw_size < sizeof(struct tlv_type_hdr)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); @@ -341,17 +351,26 @@ static void qca_tlv_check_data(struct hci_dev *hdev, BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); BT_DBG("Length\t\t : %d bytes", length); + if (fw_size < length + (tlv->data - fw_data)) + return -EINVAL; + idx = 0; data = tlv->data; - while (idx < length) { + while (idx < length - sizeof(struct tlv_type_nvm)) { tlv_nvm = (struct tlv_type_nvm *)(data + idx); tag_id = le16_to_cpu(tlv_nvm->tag_id); tag_len = le16_to_cpu(tlv_nvm->tag_len); + if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) + return -EINVAL; + /* Update NVM tags as needed */ switch (tag_id) { case EDL_TAG_ID_HCI: + if (tag_len < 3) + return -EINVAL; + /* HCI transport layer parameters * enabling software inband sleep * onto controller side. @@ -367,6 +386,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case EDL_TAG_ID_DEEP_SLEEP: + if (tag_len < 1) + return -EINVAL; + /* Sleep enable mask * enabling deep sleep feature on controller. */ @@ -375,14 +397,16 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; } - idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len); + idx += sizeof(struct tlv_type_nvm) + tag_len; } break; default: BT_ERR("Unknown TLV type %d", config->type); - break; + return -EINVAL; } + + return 0; } static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, @@ -532,7 +556,9 @@ static int qca_download_firmware(struct hci_dev *hdev, memcpy(data, fw->data, size); release_firmware(fw); - qca_tlv_check_data(hdev, config, data, soc_type); + ret = qca_tlv_check_data(hdev, config, data, size, soc_type); + if (ret) + return ret; segment = data; remain = size;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: add missing firmware sanity checks" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051337-dislocate-sizably-eb10@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:39 +0200 Subject: [PATCH] Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. Fixes: 83e81961ff7e ("Bluetooth: btqca: Introduce generic QCA ROME support") Cc: stable(a)vger.kernel.org # 4.10 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index cfa71708397b..6743b0a79d7a 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -268,9 +268,10 @@ int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) } EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); -static void qca_tlv_check_data(struct hci_dev *hdev, +static int qca_tlv_check_data(struct hci_dev *hdev, struct qca_fw_config *config, - u8 *fw_data, enum qca_btsoc_type soc_type) + u8 *fw_data, size_t fw_size, + enum qca_btsoc_type soc_type) { const u8 *data; u32 type_len; @@ -286,6 +287,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, switch (config->type) { case ELF_TYPE_PATCH: + if (fw_size < 7) + return -EINVAL; + config->dnld_mode = QCA_SKIP_EVT_VSE_CC; config->dnld_type = QCA_SKIP_EVT_VSE_CC; @@ -294,6 +298,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); break; case TLV_TYPE_PATCH: + if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); tlv_patch = (struct tlv_type_patch *)tlv->data; @@ -333,6 +340,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case TLV_TYPE_NVM: + if (fw_size < sizeof(struct tlv_type_hdr)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); @@ -341,17 +351,26 @@ static void qca_tlv_check_data(struct hci_dev *hdev, BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); BT_DBG("Length\t\t : %d bytes", length); + if (fw_size < length + (tlv->data - fw_data)) + return -EINVAL; + idx = 0; data = tlv->data; - while (idx < length) { + while (idx < length - sizeof(struct tlv_type_nvm)) { tlv_nvm = (struct tlv_type_nvm *)(data + idx); tag_id = le16_to_cpu(tlv_nvm->tag_id); tag_len = le16_to_cpu(tlv_nvm->tag_len); + if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) + return -EINVAL; + /* Update NVM tags as needed */ switch (tag_id) { case EDL_TAG_ID_HCI: + if (tag_len < 3) + return -EINVAL; + /* HCI transport layer parameters * enabling software inband sleep * onto controller side. @@ -367,6 +386,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case EDL_TAG_ID_DEEP_SLEEP: + if (tag_len < 1) + return -EINVAL; + /* Sleep enable mask * enabling deep sleep feature on controller. */ @@ -375,14 +397,16 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; } - idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len); + idx += sizeof(struct tlv_type_nvm) + tag_len; } break; default: BT_ERR("Unknown TLV type %d", config->type); - break; + return -EINVAL; } + + return 0; } static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, @@ -532,7 +556,9 @@ static int qca_download_firmware(struct hci_dev *hdev, memcpy(data, fw->data, size); release_firmware(fw); - qca_tlv_check_data(hdev, config, data, soc_type); + ret = qca_tlv_check_data(hdev, config, data, size, soc_type); + if (ret) + return ret; segment = data; remain = size;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/userfaultfd: reset ptes when close() for wr-protected ones" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c88033efe9a391e72ba6b5df4b01d6e628f4e734 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051304-turkey-underfed-40fe@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c88033efe9a3 ("mm/userfaultfd: reset ptes when close() for wr-protected ones") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c88033efe9a391e72ba6b5df4b01d6e628f4e734 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Mon, 22 Apr 2024 09:33:11 -0400 Subject: [PATCH] mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover that too. This fixes a WARN trace. The only user visible side effect is the user can observe leftover wr-protect bits even if the user close()ed on an userfaultfd when releasing the last reference of it. However hopefully that should be harmless, and nothing bad should happen even if so. This change is now more important after the recent page-table-check patch we merged in mm-unstable (446dd9ad37d0 ("mm/page_table_check: support userfault wr-protect entries")), as we'll do sanity check on uffd-wp bits without vma context. So it's better if we can 100% guarantee no uffd-wp bit leftovers, to make sure each report will be valid. Link: https://lore.kernel.org/all/000000000000ca4df20616a0fe16@google.com/ Fixes: f369b07c8614 ("mm/uffd: reset write protection when unregister with wp-mode") Analyzed-by: David Hildenbrand <david(a)redhat.com> Link: https://lkml.kernel.org/r/20240422133311.2987675-1-peterx@redhat.com Reported-by: syzbot+d8426b591c36b21c750e(a)syzkaller.appspotmail.com Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Nadav Amit <nadav.amit(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 60dcfafdc11a..292f5fd50104 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -895,6 +895,10 @@ static int userfaultfd_release(struct inode *inode, struct file *file) prev = vma; continue; } + /* Reset ptes for the whole vma range if wr-protected */ + if (userfaultfd_wp(vma)) + uffd_wp_range(vma, vma->vm_start, + vma->vm_end - vma->vm_start, false); new_flags = vma->vm_flags & ~__VM_UFFD_FLAGS; vma = vma_modify_flags_uffd(&vmi, prev, vma, vma->vm_start, vma->vm_end, new_flags,

11 months, 3 weeks

1
0
0 0